We are committed to helping organizations everywhere stay connected and productive. Read more

Cyberattacks on government agencies, whether national, state, local, or tribal, can not only compromise private citizen information and cost money, they can also damage political careers, threaten national security, and erode citizens’ trust in government.

Cybercriminals can come in many sizes from nation state efforts to individual actors. Some may deploy sophisticated measures while others might operate through simple phishing scams and malicious URLs. And the threats are continually evolving.

What can you do?

Many of the security breaches that have been in the headlines—and the countless more that aren’t reported publicly—could have been significantly mitigated, if not entirely avoided with three key strategies. These recommended strategies don’t require significant financial outlay or human capital and they can go a long way toward helping your government agency protect its technology infrastructure:

  1. Organizational accountability

Clear lines of authority and responsibility should be established at the highest levels. Policy, strategy, and the execution of a robust security posture should reside within senior leadership.

  1. Identity management

Username and password are not enough. Security strategies that count on “hiding behind thick castle walls and deep moats” are doomed to failure. The security perimeter is ever evolving. Today’s reality requires new approaches to credential, authenticate, and manage resources within networks. Identity is the new firewall.

  1. Cyber hygiene

Patching critical systems and maintaining their health is vital to protecting agency information. It’s also crucial to move toward more standardized and automated backups including validation of backup processes. Finally, mitigating attacks requires training personnel on best practices—including how to work safely in email, on social media, or with outside systems. Often, employees (at all levels) in the public sector don’t recognize that they’re potentially compromising sensitive information. Devices are the new perimeter.

See how California is advancing its cybersecurity

In this video of a recent public hearing on cybersecurity in the state of California, top government leaders share some of the ways they’re implementing the above strategies. Many of them talk about how they’re using Microsoft cloud solutions to help them secure their technology infrastructure.

For example, about 38 minutes into the video, Department of Technology Director Amy Tong says: “help screen out or flag … these phishing emails.”

Around an hour and 21 minutes into the video, LTC. Jim Parsons of the Military Department Cyber Network Defense Team says: “Every user’s mailbox gains the protections from the Office 365 policies and security controls that are in place.” He goes on to explain why that’s so important given that the security perimeter has shifted and cybercriminals have learned that they just need to compromise a user in order to gain access to the data they want.

Toward the end of the video—an hour and 32 minutes in—Scott Howland, Chief Information Officer for the California Highway Patrol, shares several statistics demonstrating the state of California’s cybersecurity progress, including that while phishing attacks have increased, infections resulting from phishing have gone down.

Your partner in government cybersecurity

We’re here to help you advance your government agency’s cybersecurity strategies. Contact your Microsoft representative to learn how you can take advantage of our in-depth approach to security and regulatory compliance to help you protect your systems and data end to end—while keeping people productive. You might be surprised to learn how quickly you can start improving your cybersecurity posture with our trusted cloud solutions for Government.

You can also: