Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Big risk-taking at small agencies
Monday - 4/13/2009, 12:42pm EDT
Senior Internet Editor
When it comes to cybersecurity in institutions, size matters. According to a recent survey by Applied Research and Symantec human error and deliberate sabotage cause large amounts of data to be lost each year at small and mid-sized companies.
In terms of the federal government, "awkwardly enough," says Jim Russell, vice president of the Public Sector for Symantec, "some of those smaller agencies are really lax on their security and privacy."
Some of the simpler things that we take for granted in the security space, things like taking advantage of what's involved or already installed within your operating systems - things that lock down your computer when it's idle for a certain amount of time, locking down your laptops when you leave at night, and things like not leaving sticky-pads with your passwords on them, these are things that still exist within the small and mid-sized companies.
Cost doesn't have to be a factor, says Russell. "There are some things that, from a budget standpoint, are very manageable."
Russell says measures available to increase security can include:
- staying informed - there are internet security threat reports that companies publish on a regular basis. And then there are things like
- trusted solution providers that these independent agencies or these smaller agencies may be able to piggyback off of. And then the simple things like
- anti-virus software, firewalls, and security patch updates are not that expensive these days. It's more of a commodity from the stand point of what they're able to invest in.
- Piggyback off of existing comprehensive security policies that are in place.
"And then lastly, if all these things fail and they are vulnerable in the current state they're in, make sure that they're backing up all the software. Backing up in case there is a data breach or some type of catastrophic hard drive failure. These things are not taking place right now."
Despite being a violation of federal policy. Russell explains that with policy and standards: "unless they have teeth in them, what's the recourse if you violate any of the policies? And I think that's the challenge here."
On the Web:
Symantec - Small and Midsized Businesses Aware of Security Risks, But Not Doing All They Can to Protect Information (press release)
(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)