Due to the vast amount of valuable private data stored in their systems, government organizations are often prime targets for cyber attacks. Recent targets included the City of Atlanta, Colorado Department of Transportation, and more locally Baltimore’s 9-1-1 dispatch system.
We often picture most data breaches resulting from cunning hackers breaking into systems with their technical skills or brute force. Most attackers prey on your employees by trying to trick them into leaving system doors open or opening malicious links at work. Numerous studies have proven that a lack of security awareness is a leading cybersecurity threat, especially in government, including:
- The Ponemon Institute’s State of Cybersecurity in Local, State, & Federal Government, which reported that 44% of IT professionals at federal organizations and 40% of IT professionals at state and local organizations listed naive insiders as their primary security threat.
- Verizon’s 2016 Data Breach Investigations Report, which found that two-thirds of public sector security incidents were caused by human error or inappropriate account privilege use.
- According to Privacy Rights Clearinghouse, 640 data breaches were reported by government organizations between 2007 and 2017, resulting in over 191 million compromised records. 54% (415) of those breaches and 60% (120 million) of those compromised records were the result of human error.
With the vast number of data breaches being traced back to mistakes or carelessness, it’s clear that providing security awareness training can be one of the most reliable methods to protect your data.
The good news is – with employee education and strong cyber policies, you can reduce your risk dramatically.
By increasing your employees’ awareness of likely threats, teaching them how to identify them, and providing them with the skills to avoid or combat them, your organization can thwart some of the most common and prevalent cybersecurity threats in existence today.
Implementing a comprehensive security awareness program is a relatively simple and efficient method to drastically improve the safety of your sensitive information. To successfully protect your organization, a thorough and complete employee security awareness program must meet certain criteria:
- Comprehensive – curriculum should cover all of the cybersecurity issues your staff is likely to face
- Specific – regulations and compliance issues unique to your industry, such as HIPAA or PCI, should be covered appropriately
- Understandable – lessons should take complicated topics and communicate them to your non-technical staff in a meaningful manner
- Motivating – employees should feel encouraged to change the
- Adaptable – new topics and issues that arise should be easily integrated into your program
While training programs developed in-house can be effective solutions, for many government organizations, this is just not a realistic option. Whether it’s due to lack of resources, staff, time, or experience in teaching others, many public organizations are unable to develop an effective awareness program on their own.
MACo members have a great resource available to them to help address this and other cybersecurity related issues: the Center for Internet Security (CIS). Through MACo’s partnership with CIS, members have access to a number of cost-effective resources to improve their employees’ security awareness, including industry-leading training programs from the SANS Institute, as well as social engineering and phishing exercises, and expert-led training seminars.
Or contact MACo Member Services Director, Virginia White, for more info.