As government agencies comply with the COVID-19 quarantine guidelines and allow their employees to work from home, many IT and security leaders are uneasy. Unlike workers in other industries, most federal workers have largely conducted business within the four walls of their agency’s office under the close supervision of IT and security professionals. The pandemic ups the ante, as cyber criminals are not only trying to steal information and credentials, but they’re also deploying a dynamic mixture of attacks that spread misinformation and erode public trust.
With government agencies moving to remote work so quickly, it’s important to protect and support employees as much as possible through training, adoption and security initiatives. Rather than trying to deploy a comprehensive security strategy on the fly, government agencies should focus on three key areas: email-based attacks, malicious insiders and patch management.
Email is Cyber Criminals’ Favorite Channel
As federal, state and local agencies have become more reliant on email for day-to-day operations, cyber criminals have launched increasingly sophisticated attacks in this channel. Cyber criminals can impersonate high-ranking officials, business applications, third-party contractors or even charitable organizations to trick people into sharing credentials, delivering malware, or sending them money. Mailboxes are made vulnerable through risky behaviors, weak passwords, and a lack of multi-factor authentication.
Risky behaviors could include—but are not limited to—auto-forwarding to external email addresses, owning access rights to more than five other mailboxes, and accessing mailboxes of other departments. Monitoring employees’ mailbox practices can help IT and security teams better train employees and proactively secure sensitive information before anything bad happens. In addition, being aware of unusual email activity prevents targeted spam or social-engineering tactics common among today’s cybersecurity threats.
Threats Aren’t Just External
Data b ..
Support the originator by clicking the read the rest link below.
