Public agencies should ostensibly have the best security out there — after all, they’re protecting large volumes of confidential information. Nevertheless, there have been many high profile government security breaches lately, from the Secretary of State to the IRS. Here are a few of the major lessons that have been learned for both public and private sector organizations.
Insiders Are Always Your Number One Threat
Businesses spend so much time securing their networks from outside intrusion that they often forget that insiders are their number one threat. And that doesn’t just mean that data can be stolen by a malicious insider — employees can also simply be negligent or incompetent. An employee is more likely to give out their login information freely than a hacker is to be able to crack into a protected system. A thumb drive with confidential data can be more easily stolen from an office than a network can be accessed from outside.
Security Must Be Physical as Well as Digital
A hard drive can simply walk out the door with confidential and proprietary information still on it — and many devices are not entirely encrypted. Even if the device is password-protected and encrypted, stealing it gives a criminal the opportunity to hack it at their leisure. The best security in the world cannot protect an organization if a high-level employee has their work-connected smartphone stolen.
Legacy Systems Are a Tremendous Liability
Legacy systems are systems that are antiquated but are still used because they are either proprietary or simply required a large investment. Legacy systems are often no longer supported by their developer and have to be loosely integrated into other systems, sometimes even requiring the manual input of data from one system to another. Legacy systems are a liability because they generally don’t have high levels of modern security. Both small businesses and government organizations tend to rely upon legacy systems due to funding issues.
Complacency is Incredibly Dangerous
A data breach attack or other security event can occur at any time. Complacency regarding security protocols and maintenance are one of the largest issues that public organizations face. When security events aren’t occurring, security initiatives often get placed on the back burner. If security events haven’t occurred recently, public organizations are often very unlikely to invest in the maintenance and improvement of their security systems. Becoming complacent about security is one of the easiest ways to end up with an outdated security system that will eventually experience a data breach.
The cost of a single data breach can be tremendous. Data breach events often number in the millions in terms of damages and also come with a lasting impact — a loss of faith by the consumer. Public agencies have found themselves particularly vulnerable to data breach attack because of their outdated systems and lack of security initiatives and funding. Private organizations must also avoid these very common pitfalls.