January 2018,  OneVoice CSDA Newsletter

How Often do you Think about Security?

By Laura Roth, CGI

How often do you really think about security? A recent USA Today news article stated” “If you’re using Wi-Fi in a public place and you’re not getting hacked, it’s only because there’s nobody around bothering to do it.” Many, if not all of us, are lacking common sense and a protective nature when it comes to security. Hacking can affect your personal security as well as your agency and its customers. But hacking is not the only form of security breach we should be worrying about.

Hacking is just one example of how security affects each and every one of us. Think about some of these:

  1. What stops a worker from printing an email that contains FTI?
  2. What stops a worker from forwarding an email with FTI?
  3. What stops a worker from sharing information on a confidential case?
  4. How do you protect passwords?
  5. Do you have 2 factor authentications?
  6. Can workers place SSN’s or other FTI in spreadsheets, word docs, power points?
  7. Are attachments to emails allowed? Do you know what is being sent from your email account?
  8. Are the controls in your agency sufficient based on the confidential nature of the data you store?

Most agencies I would imagine have to answer no to those questions. Policies alone do not protect you. Tools exist that will help and insure your policies are adhered to.
What agency wants this headline in a local paper or a TV station leading story?
“Child Support agency is hacked; 1000’s of parents and children’s confidential information is compromised.” Or: “Caseworker forwards a spreadsheet with SSN’s- 1000’s of parents’ identities are compromised” The headlines in today’s news go on and on.

What does that compliance corrective action look like? What will your Board say? CAO or CEO? Your customers? Your employees?

Protect yourselves and your agency by considering a security assessment- identify your vulnerabilities, and then prioritize improvements to your systems. It doesn’t have to be expensive, or inhibit your productivity, but waiting until you have a security disaster is the wrong time to react. Consider what you can do now to limit liability and risk. If it can happen to Equifax, it can happen to anyone.

Agencies we work with to ensure security is tight include Federal defense agencies and contractors, state and local government service providers, day care centers and after school care, health providers and law enforcement. Any government agency entrusted to store sensitive, confidential data is vulnerable. Nationwide, security concerns tops the list of current issues facing government agencies, yet very little is spent on that concern until it’s too late. An assessment can point you to tools and services that will protect your organization and its data from theft, mishandling and mistakes. Very few breaches are malicious. Many are caused by carelessness or neglect of policies. You can protect your agency.

Keep your press releases for the good you do. Share accomplishments, not mandatory security breach disclosures.

Laura Roth, a former Child Support Director works for CGI. She can be reached at laura.roth@cgi.com.