9 minute read
Cybersecurity: Reimagine Employee Training
CYBERSECURITY: REIMAGINE
EMPLOYEE TRAINING
Advertisement
Government employees are weary of cybersecurity. After countless attacks in 2021, agencies need innovations that can recharge their workers’ cybersecurity enthusiasm. Fresh ideas are the best way to re-engage teams, which in turn can revitalize agencies’ cybersecurity efforts.
ACKNOWLEDGE & ADDRESS CYBER FATIGUE
A barrage of agency emails, bulletins and news alerts inundate employees with reminders to stay vigilant. But information overload is a real concern.
“We as humans can only take a measured amount of that, so we have to be judicious, and we have to make sure that we don’t just make it so common and so easily ignorable,” said Christopher Rein, Chief Technology Officer for New Jersey. “It’s like that email you get every five minutes; pretty soon, you’re not going to even open them. You’re just going to click and delete. You don’t want that to happen with cybersecurity.” The stakes are high. Public trust is only as strong as a government’s ability to do what it says it will do, which includes protecting people’s private data.
“What we’re really selling is confidence to our citizens — confidence that we can protect their data, we can secure it, we can give them secure access to systems,” Rein said. Agencies must be intentional about when and how they communicate security-related issues with their workforces. “It’s a battle, and it needs to be fought every day,” Rein said. That battle will look different for every agency and employee, depending on their roles, but the key is helping employees view and treat cybersecurity as a core responsibility. Agencies should show their workers how to remain sharp when it comes to security habits and practices while ensuring that their message resonates and ties to understandable outcomes.
BRING FUN TO
CYBER AWARENESS TRAINING
We all know that employees are the first line of defense against cyberattacks but also the weakest link. So, what can agencies do? One idea: Make cybersecurity awareness training more interesting.
Every employee must be aware of and responsible for preventing security breaches. Managers and supervisors, in particular, should understand that each interaction with a computer system, even something as mundane as email, has a risk level.
Cybersecurity training intends to achieve all of this, but when training is tedious or punishing, it becomes a roadblock to people’s jobs and the intended
outcome doesn’t occur. It’s a delicate and often thankless balance that cybersecurity teams handle. Delaware struck a balance by providing Netflix series-type episodes on cyber awareness for employees to watch, learn from and even enjoy. In addition to the yearly mandatory training, these brief monthly videos engage viewers to be vigilant about their cyber hygiene.
“From a cybersecurity perspective, you hardly get great feedback on what you do. You just created another obstacle for people to overcome to do their jobs,” said Solomon Adote, the state’s Chief Security Officer. “But when they reach out and say, ‘I really enjoyed that series,’ or ‘[This character] is hilarious, I wouldn’t do what [they] did,’ you know you’re getting the message across.”
CREATE CYBERSECURITY LEARNING EXPERIENCES
Cybersecurity touches virtually the entire public sector. Although this ubiquity creates more risks for agencies, it also presents their employees with more potential educational breakthroughs.
For example, North Carolina recently came up with several basic messages to share with employees — such as how to configure a home network to comply with their agency’s requirements — and put them on rotating screensavers on end users’ devices.
Training has its purpose, but “you need to find other ways to help users think cyber first,” said Maria Thompson, North Carolina’s Chief Risk Officer.
Thompson added that high-profile incidents such as the cyberattack on the Colonial Pipeline can provide agencies with opportunities to highlight the dangers of risks like ransomware. In May 2021, a ransomware attack struck the oil pipeline, triggering fuel shortages in several Southeastern states.
“We can leverage this incident to “We can leverage this incident to further educate folks on how this further educate folks on how this happened, why this happened and happened, why this happened and what we can do to further secure our what we can do to further secure our-
selves,” selves,” Thompson said. Thompson said.
Sometimes, mandatory learning experiences can make an impact. Texas’s legislature recently passed a bill requiring security awareness training for all public employees, said Daniel Hankins, the state’s Cybersecurity Coordinator.
There is real risk “if your administrators are a little bit behind on the technologies or they don’t understand that something is critical,” Hankins said.
Everything you need to support secure hybrid work. All in one workspace solution.
citrix.com/government
STAY IN CONTROL OF UNEXPECTED WORK SCENARIOS
An interview with Ken Liska, Senior Manager, Pre-Sales Engineering, State and Local Government, Citrix
When it comes to describing the surge in remote work, saying it increased isn’t enough.
The capacity didn’t grow in single digits but tripled, quadrupled and even quintupled in size.
The state of Illinois, for example, drastically increased its remote work capacity, from a maximum of 4,500 workers to 30,000 within weeks.
“By leveraging cloud-based technologies and the skill sets they already had, they were able to rapidly and securely deploy those extra users,” said Ken Liska, Senior Manager of Pre-Sales Engineering at Citrix State and Local Government. Citrix is a digital workspace solutions provider.
The sudden surge may be over, but the challenge to manage remote work, its related technologies and other unexpected situations remains.
To enable your technology to tackle a variety of workforce scenarios – such as an overnight expansion of remote work – Liska advised two best practices.
1. Ask industry partners: How will you solve my problem?
When searching for solutions, agencies tend to approach vendors with a feature-oriented perspective. They identify a problem, search for a single product that could solve that problem and compare vendors' feature matrices to pick the best match.
“What I recommend is they flip the
script,” Liska said. “Instead of going to
the vendors and asking for features, tell them what the outcomes are. Say, ‘We are trying to accomplish this, and these are our requirements.’”
With this approach, you ensure that you adopt the capabilities you need and create a more holistic, nonredundant technology stack.
It’s like going car shopping. Let’s say you’re perusing your options and realize this car has a cup holder and that car doesn’t. Suddenly, you can start making decisions based on features you don’t need.
“When you focus on your use cases, you make sure you’re lining up with what you’re trying to accomplish,” Liska said.
Another benefit of being outcome-focused is the insights you receive along the way. If you approach industry partners with your problem and allow them to identify how they would solve it, you receive their expertise and perhaps more information about related pain points as well. In the end, you’re more likely to arrive at a holistic solution.
2. Look for flexibility in your options.
Especially when it comes to cloud resources, keeping your options open helps guide success.
“If you’re buying point solutions, you have to make them all work together eventually,” Liska said. Solutions that are flexible don’t pigeonhole you into using one product for various needs. Maybe you want to use one cloud service today but another when a different scenario arises.
“At Citrix, one of our biggest values is choice,” Liska said. The goal is to help organizations accomplish the work they need to do with the best user experience without locking them into certain tools. Because the more options you have, the better positioned you are to pivot the way you want for the future.
Four Points Technology, a value-added reseller providing IT products and services to the federal government, partners with Amazon Web Services (AWS) to provide security at the heart of every offering to help you fully realize the speed and agility of the cloud. AWS integrates comprehensive security controls, superior scaling visibility, and automated security processes into its infrastructure to create a secure foundation on which you can build.
For More Information on AWS and Four Points Technologyʼs partnership visit: https://www.4points.com/it-solutions-partners/amazon-web-services-aws
Four Points Technology, LLC 14900 Conference Center Dr, Ste 100 Chantilly, VA 20151 703-657-6100 | sales@4points.com
3 TYPES OF EMPLOYEES WHO HELP CLOUD SUCCEED
An interview with Joel Lipkin, Chief Operating Officer, Four Points Technology LLC
To achieve success in any initiative, you must be selective about your tools. It’s like cooking a holiday meal. For a top-notch experience, using the bestquality ingredients – artisan cheeses, local meats, organic produce – will lead to a different experience than cooking with whatever is laying around.
The key to a delightful meal, however, isn’t necessarily the ingredients. Though the food may be the stars, the cooks drive success.
The same goes with cloud computing. Accelerated by the pandemic, the cloud has become a star technology for agencies delivering critical services and doing pioneering work. To continue to empower cloud success, Joel Lipkin, Chief Operating Officer at Four Points Technology, an IT solutions provider, identified the three types of employees who are key to the journey.
The Innovative Leader
“To take advantage of the cloud, you must have innovative leaders who love the possibilities of the technology in supporting the agency’s mission,” Lipkin said.
Many agencies made tremendous investments into their on-premise data centers only a decade or two ago. Think personnel, tools, training, processes and more. In this context, cloud technologies are relatively new. And if you consider the differences in governance and security, it’s a different beast, Lipkin said. The value of cloud
may be apparent, especially after the pandemic, but adoption still requires a trailblazer to catalyze sparks in the beginning.
The Brain Trust
Let’s say cloud buy-in gets rolling. Agencies with tens and sometimes hundreds of mission-critical applications face another challenge: No single person can understand all of these applications when it comes to migrating to the cloud. For instance, the AWS Marketplace, an online software store, provides thousands of tools through its cloud services, some of which have FedRAMP certifications.
“The best practice we’ve seen is a controlled access methodology, where the cloud program management office or center of excellence sets rules on what can be used in production vs. in
sandbox environments,” Lipkin said.
This core “brain trust” essentially owns the cloud and guides its overall journey from a bird’s-eye view. Though they may be supported by contractors, subjectmatter experts and systems integrators, they are knowledgeable and can make decisions based on the agency’s mission rather than on the latest technology.
The Next Generation
Because of cloud’s long-term value, agencies are migrating rapidly. For lasting success, the next generation is key. Agencies should invest time and resources to train in-house staff not just on cloud management, but DevSecOps and other processes that involve new starts in the cloud from day zero.
With expertise in contract management, full-scope hybrid and multicloud solutions, and partnerships with industry-leading providers, Four Points Technology helps innovative leaders, cloud owners and the upand-coming workforce use cloud computing to support their agency’s mission.
“I’m looking forward to how cloud will make huge differences in support for the mission,” Lipkin said.