Taking a fresh look at security for the remote workforce
Chief information security officers are working diligently to ensure the productivity of temporarily homebound agency employees, while still adhering to the fundamentals of effective cybersecurity practices.
Because employees are connecting from home, often with their own equipment, there is an increased risk of an employee exposing agency networks to a whole host of security risks, says Wayne Lloyd, federal chief technology officer at RedSeal.
In a new podcast, he shares how network modeling solutions, with advanced automation capabilities, can help agencies to quickly identify what’s on their networks and where potential security risks exist.
Lloyd explains that in an environment where agency networks are connecting tens or potentially hundreds of thousands of devices and other technology, having automation capabilities to handle that kind of scale is essential, in this podcast, produced by FedScoop and underwritten by RedSeal:
Crucial steps should agencies take to fortify security
“There is going to be that need to have a better understanding of what their environment looks like. And one of the things that they can do for that is what we call network modeling, where you can model your on-premise network, you can model your cloud and software defined networking, and you can definitely identify all the VPN connections coming into your environment,” Lloyd says.
Types of risks remote workers are likely to create
“In the scramble to get VPN capacity enabled — for organizations that may not have a large telework workforce — is the inevitable misconfiguration of something on their network,” cautions Lloyd.
By way of example, Lloyd shares how the Department of Homeland Security is reportedly “looking at how they can improve their trusted internet connections to allow agencies to be able to connect without the VPN slowing them down, but [any] misconfiguration could expose sensitive their data.”
The importance of basic cyber hygiene practices
Lloyd stresses that federal agencies should be following NIST guidelines on the fundamentals of cyber-hygiene.
“It’s very easy for us as humans to misconfigure and expose the organization to some sort of threat, and my advice would be to learn to leverage that they already have as best as they can,” he says.
He references a report on the Equifax breach where it was discovered that the main cause of the incident was an out-of-date certification on one of the company’s security tools. Had that tool been up to date, the IT team would have known about the breach much sooner and maybe even have avoid the damage it caused.
Wayne Lloyd has worked in a variety of IT engineering, operations and consulting roles for Lockheed Martin, General Dynamics, Booz Allen Hamilton, Northrup Grumman and CSRA before joining RedSeal seven years ago, where he now serves as Federal CTO and Technical Director.
Listen to the podcast for the full conversation on reassessing cyber-hygiene practices in today’s telework environment. You can hear more coverage of “IT Security in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by FedScoop and underwritten by RedSeal.