May 03 2017

4 Tips for Improving Federal Cybersecurity

What should federal IT security pros do to better protect their networks and systems?

In its roundup of lessons learned from the world’s largest data hacks and privacy abuses, research firm Forrester notes that government agencies accounted for 16 percent of all breached records in 2016.

That number trailed only the tech sector. Forrester offers four cybersecurity suggestions to government IT professionals:

  1. Realize data breaches don’t require bad actors. Leaving records open to the public constitutes a data breach even if it is unintentional, the firm notes. Even emailing personal information to the wrong person qualifies as a breach.
  2. Audit third parties. While sharing information can be beneficial, and even necessary, Forrester cautions that agencies should reserve the right to audit the security practices of third parties with whom they share their information.
  3. Establish configuration management with DevOps. Misconfiguration is a top application security risk. The best way to mitigate this is to establish secure deployment guidelines for DevOps processes, ensuring a repeatable process.
  4. Define a clear path of escalation for incident reporting. Many organizations, Forrester notes, lack defined channels for reporting data breaches. Ensure employees know whom to contact

For more on how agencies are changing their cybersecurity approaches, check out, "Agencies Adopt New Cybersecurity Tools in the Post-Snowden Era."


aaa 1