2 minute read
How to Climb Your Agency’s Cybersecurity Mountain
An interview with Katie Hanahan, Vice President, Cybersecurity, ITsavvy
In the public sector, overthinking cybersecurity is almost as bad as not considering it enough. For many agencies, cybersecurity is like standing at the foot of a mountain without any idea how to scale it.
Advertisement
But the only way over a peak is one step at a time, and the same is true for cybersecurity. For agencies unsure about how to approach it, the answer is basic cyber hygiene.
Cyber hygiene covers the steps that computer users can take to protect their organization’s online security and system health. By mastering fundamental cyber hygiene, agencies can enable their employees to defend resources like data.
“The mission is not insurmountable, but it can feel that way sometimes,” Katie Hanahan, Vice President, Cybersecurity at ITsavvy, an IT solutions provider, said of cyber hygiene.
Hanahan shared three ways that agencies can elevate their cybersecurity by refining their cyber hygiene:
1. Transform training
Too often, agencies treat cybersecurity training as check-the-box training. When it comes to cybersecurity, however, the more practice workers have, the better. For example, agencies can conduct agencywide lessons quarterly rather than annually.
“We have to make sure we are doing this training with every level of employee,” Hanahan said.
Take email security. Hanahan recommended that agencies instruct everyone from leaders to HR employees about why suspicious email attachments should be avoided. The reason? Some suspicious email attachments may download malicious software onto agencies’ networks.
2. Avoid alert fatigue
Alert fatigue is when the amount of cybersecurity alerts exhausts the people addressing them. At agencies, alert fatigue can overwhelm cybersecurity teams that may already have small budgets or workforces.
Fortunately, agencies can reduce alert fatigue using security operation centers (SOCs). SOCs are centralized units that deal with security issues like cybersecurity on organizational and technical levels. After partnering with an external SOC or starting their own, agencies can shift some cybersecurity burdens away from their staff.
“The benefit is that you’re outsourcing this piece to someone else so that the IT people you have in your organization can focus on the work at hand,” Hanahan said.
3. Test cyberdefenses
The best armor is battle-tested often, and cyberdefenses are no exception. To avoid painful cybersecurity incidents, agencies can perform tests that detect security gaps without any lasting damage.
Take penetration tests evaluate IT security by letting researchers safely expose vulnerabilities. Another option is simulated cyberattacks, which let agencies practice how they might respond to real security incidents.
Although cybersecurity might seem daunting, providers like ITsavvy can give agencies the security assessments, assistance and training they need for mission wins.
“We have the right ecosystem of partnerships to help them achieve their goals,” Hanahan said of ITsavvy. “We can get through this and do this together.”