Although investigative agencies’ primary role is to monitor behavior for impropriety and make recommendations on how to prevent it going forward, education can play a key role in preventing the bad behavior in the first place. Not only does this save money, it also improves lives; education prevents agency employees who had no intention of hurting anyone from being punished for accidental bad behavior.
A recent article from Federal News Radio quotes Mark Kneidlinger of the Department of Homeland Security’s Office of Cybersecurity and Communications on this topic. DHS has been working to educate agencies about the “soft cyber threat” of employees who don’t realize the value of the data they’re protecting, he says.
“You see a lot of folks that are joining the workforce focused on the here-and-now versus the future,” Kneidinger said. “When you think about the information that’s in front of you now, you want to share it, without necessarily understanding the implications it has. … Well, where is that information stored? What’s that connected to?”
There are also plenty of people who know it might be illegal on some level to share the information, but that it’s not worth going to a great deal of trouble to protect it because it’s a largely unfollowed, unprosecuted law. That’s why Kneidlinger says it’s critical to ensure people understand that these laws are important, and that the investigative office is working to ensure they are followed – and if they aren’t followed, there will be consequences.
“People will do what they’re rewarded to do. People will also not do what they’ve either experienced as a hand slap or seen others get punished for. Cybersecurity is everybody’s problem, everybody’s concern, everyone’s issue, but until we act on it as an organization, as an agency, we’ll have endless amounts of training with no ramification immediately seen,” Perkins said.
With so much news on government intrusions in the past few years, investigative offices are presented with plenty of opportunities to educate users about how damaging leaked information can be. A couple of examples: the 2015 OPM hack, which leaked private information of 21 million people connected to the federal government,or Rasputin, who has so far gained access to at least 60 federal agencies and universities. As unlikely as it may seem, even front line staff may be in a position to accidentally provide the one missing piece of information hackers like these need to gain full access to a system – often in the form of a single click in a phishing email. With the right education, investigative offices can prevent that from taking place!
To learn more about how CMTS can help your investigative team easily track and report its activities, call WingSwept at 919-500-5102 or email Team_CMTS@WingSwept.com