|
Summary:
7,000 pages of sensitive information escaped an Australian Police Department. Taliban receives classified naval battle plans. How safe is your government office computer? You may not realize that you’re on the frontline of keeping your office and its sensitive information safe.
Many of us snigger over terms like "Homeland Security," "Military Intelligence" and "Government Security," and why not? Month after month, the government is a habitual offender of poor security practices. In the Fall of 2006, the Commerce Department revealed that 1,138 of its computers went missing (as well as discs and USBs) (1). Government Security doesn’t have to be laughed about if each employee takes responsibility for the computing tools provided to them. Access is like a Fingerprint:
When you show up for your first day at work, your supervisor or IT administrator determines what pieces of the network you should and shouldn’t have access to. Akin to your fingerprint or Social Security Number, your government computing access is unique. Access privileges are assigned are based on a person's specific job requirements. Your government position determines: - how your work computer is setup
- what applications you’ll use and are loaded onto the computer
- what network resources/folders you’ll have access to.
The only way your department can protect its electronic records and systems depends on access control measures; each person has to take the lead on ensuring security. Understanding each person’s role is important to protect against cyber-criminals, terrorists or even malicious co-workers.
Email Breaches a Real Threat:
While hacking and hardware theft/loss is greatly reported, your office email is also a security threat. Inevitably, a portion of your department’s data will be sent outside the network. Sharing unprotected electronic documents can open a window for a motivated hacker, threatening the security of sensitive files, your computer and network.
In Australia, the Victoria Police Department released 7,000 pages of sensitive information, including private information on 291 residents. The pages were emailed to an officer requesting just his employee file(2). While this example is extreme, think about the individual emails which cross your email inbox that have first and last names, phone numbers, social security numbers or project information that needs to be kept under lock and key. The possibility of setting this information free due to unprotected email can negate all the man-hours of work that go into completing your projects. Documents meant for a select group can easily and quickly enter the public sphere. Once released over email, the transmitting flood of data which was once meant only for your organization now has a life of its own. Email Anti-Theft Tools
Too many emails and attachments leave the bounds of a network unprotected. Email anti-theft tools can stem embarrassing and potentially dangerous situations. Watching who has access to your documents and email is just as important as watching over your computer passwords. The U.S. Navy was at risk when a known Taliban terrorist, Syed Talha Ahsan was emailed (then) classified plans of a naval battle group operating in the Straits of Hormuz, between Iran and the United Arab Emirates (3). The emails Ahsan obtained also discussed the Naval Group’s vulnerabilities to terrorist attack. Email anti-theft solutions enable you to establish who views, edits, prints and forwards your documents once they've left your computer. If the project is time-sensitive like deployment details the U.S. Navy had, you can not only restrict who views the email set a window for others to view it. Once that viewing window has expired, non-essential personnel to the project can’t see the email or attached files. Tips for the Average Person:
There are many things an "average user" can do to ensure that your workplace isn’t in the headlines. - Read, understand, and follow all related department computing policies and guidelines. If those aren't in your department handbook, ask your supervisor for them.
- Never use your work machine for any illegal, unauthorized, unethical or questionable acts – like offshore gambling or illegal file downloads.
- Protect and never share your password, computer accounts and access privileges. Remember that in the end, you are accountable for all activities associated with your account and machine.
- Your work machine is for work; restrict your use of your work computer systems, networks, email, and Internet privileges to authorized and appropriate uses.
- Always save sensitive information on the network server. Saving sensitive information on a desktop machine is not appropriate, nor is it safe.
Much of the material that passes your desk is sacrosanct government property. Protecting this information and your machine is also up to each government worker. While the ideal situation is that nothing leaves the network, today’s inner-connected digital realm makes that ideal impractical.
Government Security Isn't a Joke
Each time electronic data passes outside your government organization, it can open a hole in your department’s digital fortification. Proper security measures need to be understood and applied by each individual in the department.
Are you ready to be on the frontline of government security? Being a responsible user can involve things like keeping your work laptop safe and applying email anti-theft measures to encrypt emails and data. Using your work computer appropriately and responsibly can help stem many of those threats, and help make "Government Security" something to be taken seriously. - - - - - - - - - - End Notes: 1.) Commerce Department Press Release, "Commerce Department Announces Information From Reviews of Missing Department Laptops and Potential Breaches of Personal Identity Data," 21 September, 2006. http://www.commerce.gov 2.) Tanya Giles, "Damning report into privacy breach," 24 August, 2006. Herald Sun (Australia). 3.) Declan McCullagh and Anne Broache, "U.K. Webmaster accused of aiding terrorists," 20 July, 2006, CNET News.com - - - - - - - - - - About The Author:
Ms. Veniegas is part of the Marketing team at Essential Security Software, Inc., a leader in email anti-theft solutions software. She also serves as one of the ESS site editors for "I Want My ESS!" a stolen work and Small/Meduim Business (SMB) resource site.
Related Items:
|
