Most agencies take great pains to use technology to combat cyber attacks, but few effectively prepare and reward their employees for keeping information secure, according to a new report by the IBM Center for the Business of Government.
The report -- "A Best Practices Guide to Information Security" -- notes that while technology is a major aspect of cyber defense, the greatest resource organizations have to protect information is their own staff.
Organizations should view their employees in a positive light, motivating and educating them to become protective stewards of information, the report states.
"Despite increased attention to cybersecurity, limited funding for employee training presents a major challenge to organizations, especially government organizations," the report states. "Much of the attention that is given to cybersecurity now focuses more on deterring detrimental actions by employees than on encouraging positive actions."
The report encourages agencies to move away from a negative approach to cybersecurity, instead encouraging positive behaviors from employees. The report also points to a number of best practices related to logging in/out, workspace security, email and Internet protection, document protection, reporting of security matters and electronic device security.
IBM also found that 46 percent of employees have never received formal education in security education, training and awareness, or SETA, from their organization. The report encourages agencies to develop a standard SETA curriculum that emphasizes the what, the how, and the why -- what security dangers are inside and outside the organization, how to deal with security threats, and the reasons why agencies are focusing on specific security efforts.
"Employees must believe that the suggested responses to threats are actually effective," the report states. "Without this perception, employees see no reason to engage in the suggested response other than 'because the boss told me so.'"
What are your perceptions of information security at your agency? Are you an employee considered critical to your agency's security efforts, or are more training, awareness and incentives needed?
Brittany Ballenstedt
Brittany Ballenstedt writes Nextgov's Wired Workplace blog, which delves into the issues facing employees who work in the federal information technology sector. Before joining Nextgov, Brittany covered federal pay and benefits issues as a staff correspondent for Government Executive and served as an associate editor for National Journal's Technology Daily. She holds a bachelor's degree in journalism from Mansfield University and originally hails from Pennsylvania. She currently lives near Travis Air Force Base, Calif., where her husband is stationed.
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.