Automation, education and reviews can help keep data secure
By Paul Christman
The Government Accountability Office recently published a report (http://www.gao.gov/new.items/d12137.pdf) on cyber breaches, such as infections from malicious code, policy violations and network intrusions. According to the findings, reported security incidents among federal agencies have increased by about 650 percent over the past five years.
The frequency and intensity of breaches in state and local governments also is alarming. To protect citizens’ personal information, federal agencies are collaborating with local governments through efforts including Criminal Justice Information Services, a division within the Federal Bureau of Investigation. One of the challenges of securing IT systems at the state and local levels is providing secure access for individuals both inside and outside the organization. Here are several best practices for making the most of identity and access management (IAM) programs and limiting the likelihood — and potential impact — of breaches:
Set dual controls and provide employees with the lowest privilege level necessary to properly perform their roles.This not only limits potential internal breaches, but also reduces the number of accounts through which a cyber criminal can access information. Highly sensitive information should be protected by dual controls to reduce the likelihood of accidental data breaches.
Establish regular security reviews to help managers remain aware of information access.As employees change roles within an organization, their levels of access must be adjusted accordingly. Regular reviews of system, process and personnel changes can help prevent unnecessary privileges from going unnoticed.
Automate security access.It can be difficult to manually track who is accessing different sets of data, especially as departments work together. Automating some of these tedious tasks is cost-efficient and eliminates the possibilities for manual error.
Educate employees on cybersecurity attacks and security basics.Employees who do not understand why security regulations are important may become susceptible to data leaks. Having regular educational sessions on cyber protection best practices can prevent avoidable breaches.
Continue to learn from federal government and industry best practices. While state and local governments deal with their own unique challenges, many security issues are the same for any organization. Federal government mandates and new technologies adopted by industry can help state and local departments find new methods for keeping sensitive data safe.
Cybersecurity is not just about technology; it’s also about leadership, people, processes and organizational agility. As cyber attacks become more sophisticated, public sector organizations need to look for inventive and flexible solutions that will help them secure information wherever it travels.
Paul Christman is an executive director at Quest Software — now a part of Dell — and leads the public sector subsidiary, covering the federal government, state and local governments, and higher education in the U.S. He can be reached at Paul.Christman@Quest.com.