I served as the Chief Operating Officer for OPM during what was at the time the nation’s largest cybersecurity breach. While this period was trying, the lessons learned were invaluable. A crucial component of every organization’s cybersecurity strategy is its people. Well-trained employees are our best defense against emerging cyber threats.
The federal government possesses a tremendous amount of valuable data that hackers would love to access. Strengthening our networks and securing our data often involves a push and pull of competing priorities. On one hand, there’s a desire to keep systems open in order to better reach our customers or to increase integration. On the other hand, we must also be mindful of security requirements that tighten control and access to our systems. It’s important to understand this interplay in order to secure our systems without negatively impacting or limiting our services.
While network security is critically important, it’s equally important to have well-trained employees who understand what cyber risks look like and how to respond. Hackers who seek access to our systems may use a variety of tactics, including phishing scams, to break through our security protocols. Continuously training our employees provides one of the best defensive measures to secure our networks and systems.
Federal agencies are stepping up cybersecurity and IT awareness training efforts. In the past, an employee would simply complete IT security training every year—and most employees did not think twice about it. Now, hackers are more sophisticated; it’s important to bring our training into the real world so employees can understand what these attacks look like, and how deceptive a hacker’s tactics may be. By seeing an actual, real-world hacking tactic, employees will be better able to identify one in the future.
Agencies can also deploy mock attacks that can help instruct employees about what to look for and steps they can take. You might be surprised how easy it is to fail these tests, and how many employees do. As the cybersecurity landscape continues to develop and evolve, we must ensure that our workforce is trained and prepared to recognize and respond accordingly.
For a deeper dive into this topic, join me September 7 at the Government Workforce Conference.
