Cybersecurity has become a huge problem for any organization that is operating networks and/or systems, but especially so for those in the government sector, particularly public-safety and justice agencies.
Increasingly, such entities are being attacked for a variety of reasons: most cyberattackers want to generate a payday for themselves by encrypting the agency’s data and holding it hostage until a ransom is paid; some just want to disrupt the agency’s mission-critical operations, often to generate headlines and/or gain notoriety; they also may want to steal the personal and sensitive data possessed by such entities for the purpose of selling it to other bad actors on the dark web. As if that wasn’t enough, a cybersecurity breach could create liability issues for public safety and justice agencies given the personal and sensitive data that they possess.
Any one of these is a bad outcome for any public-safety or justice agency. Making matters worse is that cyberattackers and the tactics they use are evolving constantly and becoming increasingly sophisticated.
Without question, this is a challenging environment in which to operate from a cybersecurity perspective. But all is not lost. There are things that every agency can do to reduce the likelihood of a cyberattack. The place to start is to launch a cybersecurity training program. The following are a few tips for doing so.
- Every employee should be required to participate in such a program, including leadership — no exceptions. Personnel at every level represent the first line of defense against cyberattacks.
- Such a program should recur on a regular basis, to keep up with the ongoing evolution of attack vectors — new threats emerge daily, if not hourly. We recommend that training occurs at least twice annually — quarterly is even better.
- It is important that training occurs at regular intervals. Lengthy gaps between training episodes, i.e., more than six months, should be avoided — the cybersecurity landscape changes at warp speed and lengthy gaps increase an agency’s risk dramatically.
- It’s not enough to conduct training only for new hires — “one and done” is not a good strategy.
- Make sure that you test personnel on what they learned during the training sessions. Do this a few weeks after training has been conducted — it’s important to assess what they retained and testing them immediately or shortly after training is not as effective as testing them after some time has passed. Be sure to include a few questions related to earlier training sessions.
- A good way to test their knowledge is to hire a third party to execute a fake phishing campaign. Phishing is one of the most popular and effective tactics that cyberattackers use to infiltrate networks and systems. Phishing exploits work so well because many employees, if not most employees, are unable to recognize a sophisticated campaign, and thus open texts, emails, and attachments that look legitimate by all appearances.
- Conduct remedial training with personnel whose test results indicate that they need it.
Within MCP’s lifecycle management services business are numerous cybersecurity subject-matter experts who can guide your effort to develop a cybersecurity training program. We recently launched an advanced cybersecurity training program for front-line employees and leaders—learn more here.
We also stand ready to help your agency with all its cybersecurity needs, from network and system vulnerability assessments, to network and system monitoring, to implementing solutions — e.g., our recently launched endpoint protection — to developing comprehensive strategic plans, to creating disaster-recovery and continuity-of-operations plans. Please reach out.
Mike Beagles is MCP’s platform and service product manager and a certified Cisco CyberOps associate. He has more than 13 years of information technology and cybersecurity experience. Mike can be emailed at MikeBeagles@MissionCriticalPartners.com