Government agencies from around the world are often the first to make recommendations to individuals, groups, and companies about steps to take for the best cyber security. That advice is welcome and often can save users from falling prey to scams, hacks, and other cyber threats. In many situations, these agencies mandate levels of cybersecurity that must be achieved in industry, especially where the product or service is critical to the efficient functioning of daily life for a country. These include banking, power, and other municipal services.
There are examples of maximum security to be found, usually in the high-profile areas of national security, advanced research, and intelligence gathering. Those instances aside, an article in TechCrunch reported on the woeful status of cybersecurity within the US federal government. You can bet that governments everywhere are in the same situation.
The article covered a report from the US Office of Management and Budget (OMB) that said that nearly 75% of US federal agencies have cybersecurity programs either “at risk” or at “high risk.” That is pretty scary when you consider what kind of information they have on programs, individuals, companies, groups, and so forth.
What were the risk factors identified by the OMB report? The first one is a lack of understanding of the current threat environment and how to combat it. The second was a lack of standardized cybersecurity and IT processes/capabilities. Third, not being able to see what is happening on the network to identify issues. And fourth, the lack of standardized and agency-wide cybersecurity practices.
Even so, the risk may be mitigated by the fact that floppy disks are alive and well in the US federal government. Business Insider reported in 2015 that many federal agencies still reply on floppy disks for data storage and dissemination! To get information from one agency to another, documents are scanned, copied to a floppy disk, and then sent by courier to the receiving agency. I suppose that is rather hard to hack!
PC World reported, also in 2015, that in many cases, agencies are running Windows 3.1 or XP on hardware from the 80s and 90s with COBOL and Fortran powering mainframes dating back to the mid-1970s. Anyone remember writing programs on punch cards?
Okay, don’t kick at government agencies when they are down, IT-wise. Take this opportunity to learn and develop your own cybersecurity processes and capabilities.
- Start by combating the social engineering aspects of modern threats, those that try and trick you into revealing personal and financial info.
- Develop and use strong passwords but not like we have been told for years! Yes, you were right that these rules were dumb. The folks who created them have recently said, “Never mind. Do it this way now.” Check out the new rules here, a document only 74 pages long. Perfect for late night reading if you can’t get to sleep.
- Update your software regularly for all devices.
- Invest in a good anti-virus/anti-malware program and keep it updated.
When it comes to protecting your personal data, identity, and privacy in your online, trust the CRIP.TO Black and Shield solution. This unique combination of hardware, software, and block-chain powered stack pf services offers the highest level of end-to-end encryption currently available to individuals, groups, and companies. CRIP.TO is dedicated to giving its users the freedom to communicate fearlessly. The