5 minute read
EO-Ready Best Practices for Cybersecurity
The Biden administration’s EO on cybersecurity may become a before-and-after moment in the history of government cybersecurity.
That does not mean the EO will not matter to everyday Americans. Across every layer of the nation’s public sector, government employees can make a difference in cybersecurity—that does not just benefit their agencies. Someday their cybersecurity contributions may aid the private sector and constituents, too.
Advertisement
The main takeaway governments should have from the new EO is that all their employees can play their part in safeguarding national cybersecurity. Whether an entry-level hire or an agency leader, no role is too small to lend a hand.
Here are eight ways — two for each category of government employee discussed here — to bolster U.S. cybersecurity from coast to coast. These tips are inspired by the federal, state and local thought leaders in this guide.
Rank-and-File Personnel
1. Embody skepticism.
With cybersecurity, every government employee can approach their work with more caution. No one wants to make their agency a cyberattack statistic, but the truth is even small security missteps can become big incidents.
As a result, all government workers should be wary of potential cybersecurity traps such as suspicious emails. Another place for constant vigilance is possible technology vulnerabilities. Whether these potential flaws reside in applications, IT networks or elsewhere, spotting them early can avoid costly security incidents. Ultimately, any employee can contribute toward better cybersecurity by avoiding suspicious links, email attachments and other possible pitfalls.
2. Stay informed.
Cybersecurity never stops morphing. Government employees who want to stay informed about this critical topic should consider every training available to them. Even basic lessons about topics the EO covers — like cloud security — can prevent painful experiences.
Although such cybersecurity education is useful, not every government employee has the energy, money or time for classes. One alternative is following cybersecurity news such as relevant EOs when the opportunity presents itself. Another solution is getting the gist of subjects like the latest cybersecurity EO from trusted coworkers. Ultimately, even novice cybersecurity knowledge is better than nothing at all.
Agency Management and Leadership
3. Promote cybersecurity learning.
Knowledge is power, but no cybersecurity insights can reach government workforces that remain unaware of them. Consequently, those in leadership positions should encourage cybersecurity learning options whenever possible.
Picture the supervisor of a close-knit team at an agency. Leading by example, this individual could enroll in cybersecurity training related to acts like the Biden administration’s cybersecurity EO and urge their teammates to do the same. Afterward, this leader can explain the training’s message to others who missed the event.
At a more macroscopic level, an agency’s leaders prioritize the way their talent pursues their mission. The people with leadership abilities should remember they can help steer their agency’s cybersecurity posture toward goals outlined in directives like EOs.
4. Think enterprisewide.
Speaking of the macroscopic, many organizations do not consider cybersecurity a business risk that endangers their entire enterprise. At these places, organizational leaders may treat cybersecurity as an IT issue, leaving other teams out of the loop about this pivotal topic.
Agency leaders and managers can avoid this shortcoming by erasing the silos that exist among their teams. Not only does this improve communication and information-sharing about threat intelligence, as like the recent cybersecurity EO recommends, it reminds everyone that they are in the same boat.
Positivity is another essential element. Federal, state or local, every agency’s leaders hold sway over a workforce’s morale. Praising successes, encouraging progress and avoiding negativity can all keep an agency’s talent optimistic about their enterprisewide cybersecurity.
IT Personnel
5. Show others the ropes.
Tools such as encryption and MFA may be commonplace across the private sector, but that does not mean these capabilities are equally widespread across the public sector.
How can agencies change this? One idea is more collaboration between IT personnel and their peers. By instructing their coworkers about how to use tools like encryption, IT personnel can ensure these security practices become entrenched agencywide.
This attitude could align agencies with the recent cybersecurity EO’s technological details. Ultimately, EO mandates such as MFA cannot become second nature if no one understands how to use them.
6. Remember no one is safe.
Recall the new cybersecurity EO’s emphasis on zero trust cybersecurity. One of zero trust cybersecurity’s foundational tenets is that security incidents are inevitable. For government IT personnel, internalizing this principle can drastically improve the quality of their work.
Let us start with preparedness. By assuming cyberattacks are a given, no agency’s IT talent will ever stop looking for them. This quality does not mean government IT teams expect failure; rather, it means they are always trying their best to prevent it.
Next, ponder responding to and remediating cybersecurity incidents. IT employees who expect successful attacks against their agencies also know how to respond while they are happening and how to recover from the fallout.
Procurement Officials
7. Bake security into the process.
The Biden administration’s recent EO covers everything from software supply chain security to cloud adoption. Procurement is one avenue any agency hoping to meet the EO’s standards can use to do so more quickly and easily.
Think about secure cloud adoption. By demanding that cloud vendors abide by FedRAMP’s security requirements, procurement officers can ensure their agency aligns with the EO. The same thinking can mold contracts related to the EO’s other details, like zero trust cybersecurity architectures.
The agencies that consider how the products and services they acquire will follow the EO’s guidelines will have a head start on living the document’s full intent every day.
8. Shop around.
Return to the national system for ranking software security that the Biden administration’s EO will create. Once fully realized, this system will become a detailed roadmap for evaluating, rating and purchasing secure software. When this apparatus becomes operational, procurement personnel should make referencing its rankings second nature.
Until then, there are several ways procurement teams can improve their agency’s security during contracting. Evaluating how well products and services comply with all applicable global, federal, state and local cybersecurity regulations is a sound first step. Another idea is avoiding long contracts that lock agencies into partnerships with vendors that do not meet their needs.
Accelerate Transformation
To meet the variety of missions you encounter every day, you need responsive IT. Dell Technologies offers federal agencies the technology expertise, end-to-end solutions and world-class service you need to be prepared for what comes next.
DellTechnologies.com/Federal
