Promoting a Workplace Cybersecurity Culture

By Force 3

Cybersecurity awareness ranks high on the federal government’s agenda and rightly so. Data breaches at federal agencies affect not only the entity in question, but potentially countless U.S. citizens whose private information it might possess.

Earlier this year, a hack of the FBI and Department of Homeland Security resulted in the contact information of nearly 30,000 employees being posted to Twitter. How? Further investigation determined that the breach originated when a hacker gained access to a Department of Justice employee.

In another notable data breach, hackers penetrated the IRS’ “Get Transcript” program—which allows users to check their personal tax history online—and proceeded to steal an estimated 700,000 social security numbers and other sensitive information. Meanwhile, CNN reported last June that the Federal Reserve has experienced near-constant attacks for years—including incidents that were determined to be attempted espionage.

With relentlessly malicious attempts by increasingly industrious cyber criminals, it’s no surprise that federal agencies are adamant about educating employees about cybersecurity issues through webinars, videos and occasional training sessions.

But developing a truly effective cybersecurity culture, however, requires that agencies take a deeper look at how they promote and enforce cybersecurity policies among their employees. With that in mind, check out five tips for fostering a cyber-aware professional culture in this article from Force 3’s Greg Kushto, director of security and enterprise networking, for GovLoop.

While everyone from individual employees to top-level leaders plays a role in cybersecurity awareness, developing and reinforcing a meaningful strategy starts at the top and requires a culture that coincides with and embraces cybersecurity throughout. Fostering that kind of culture will set agencies up for success.

Greg Kushto, Force 3, director of security and enterprise networking