In its roundup of lessons learned from the world’s largest data hacks and privacy abuses, research firm Forrester notes that government agencies accounted for 16 percent of all breached records in 2016.
That number trailed only the tech sector. Forrester offers four cybersecurity suggestions to government IT professionals:
- Realize data breaches don’t require bad actors. Leaving records open to the public constitutes a data breach even if it is unintentional, the firm notes. Even emailing personal information to the wrong person qualifies as a breach.
- Audit third parties. While sharing information can be beneficial, and even necessary, Forrester cautions that agencies should reserve the right to audit the security practices of third parties with whom they share their information.
- Establish configuration management with DevOps. Misconfiguration is a top application security risk. The best way to mitigate this is to establish secure deployment guidelines for DevOps processes, ensuring a repeatable process.
- Define a clear path of escalation for incident reporting. Many organizations, Forrester notes, lack defined channels for reporting data breaches. Ensure employees know whom to contact
For more on how agencies are changing their cybersecurity approaches, check out, "Agencies Adopt New Cybersecurity Tools in the Post-Snowden Era."