Government Careers and Cybersecurity Practices: An Essential Guide to the Basics

Lottie is a freelance writer who contributes to a number of websites, writing about topics that are close to her heart. When she’s not sitting in front of her laptop, she enjoys spending time exploring the great outdoors with her husband, two daughters, and their German Shepherd.

Internet use plays a crucial role in any career, though it does come with risks. Both nationally and in DC Metro, nearly one in five government workers have experienced cybersecurity attacks, according to a 2023 survey commissioned by Google Cloud and conducted by Public Opinion Strategies. For U.S. public servants who handle sensitive information, a cybersecurity issue can result in the exposure of valuable data and reputational damage among other serious consequences. As such, a basic understanding of cybersecurity and its importance is a must, in addition to the implementation of solutions that involve simple yet smart everyday practices.

Common cybersecurity risks and prevalence of threats

The recognition of top cybersecurity risks and concerns are essential to take into account as an individual in a government career, as internet use is ubiquitous regardless of the role in question. These include social engineering attacks (phishing), data leaks, and malware — to highlight a few. One LinkedIn article by Locknet Managed IT further underlines common cybersecurity risks that can be found in a workplace. These range from simple mistakes such as failure to implement strong password practices to the use of unsecured WiFi networks, and even failure to update software. These can all leave a company vulnerable to serious risks, from malware that can compromise valuable data to unintentional data leaks. 

The prevalence of cyber threats throughout the United States can be a shock to many. Based on data collected by Network Assured, California had the highest number of reported data breaches with 1,338 incidents (up until 2022). New York and Texas follow, at 618 and 581 incidents, respectively. In an attempt to further underline the prevalence of such threats, data from the FBI’s 2023 Internet Crime Report, which analyzed the number of cyberattack victims per 100,000 people per state, revealed the unlikely. The results found that Alaska boasted the highest rate of cyberattack victims, with 318.8 per capita (followed by Nevada at 309.7 and Delaware at 260.4 per capita). The data not only sheds light on how common cyber threats are, though can help government employees bolster their relationship with cybersecurity endeavors on a personal basis.

Personal responsibility underlines simple solutions

As a U.S. public servant, personal responsibility is key to cybersecurity, especially with the ever present use of technologies such as email and mobile devices. First and foremost, it is crucial to refrain from the use of personal devices for the sake of work, especially when it comes to the access of sensitive information. This is particularly crucial in order to avoid malicious cybersecurity threats, such as ransomware. Ransomware typically involves the installation of a malicious piece of software — afterwards, it attacks a computer (or network), and encrypts its data. From there, cybercriminals (usually) demand an exorbitant amount of money in exchange for the data — a threat that can bear heavy consequences for those in government careers. 

In many cases, a work-issued device is already equipped with the right software needed in order to protect sensitive data, a key aspect that is generally not true for personal devices. Work-issued devices provide the opportunity for proper security controls, such as the requirement of multi-factor authentication, as well as the implementation of routine audits and updates. Additionally, the maintenance of a personal and work device (whether it be a laptop or smartphone) can work to define a clear separation between the two — should a personal device obtain a virus, there will be no need to worry about work data or accounts with sensitive information. 

In many cases, personal responsibility regarding cybersecurity can go a long way. Regular updates of software and devices, the use of multi-factor authentication, and strong passwords are all simple and easy solutions that have the potential to eliminate a myriad of risks from the get-go. Two-factor authentication, or 2FA, is a security system used in order to secure a device or online account through more than one process rather than a simple password. When a password or personal identification number (PIN) is entered, a code is then sent to the user’s smartphone (or another form of verification, such as fingerprint, is requested). Through the implementation of more than one process, sensitive data can become more secure through the limitation of access to those who are truly authorized. With that in mind, however, Investopedia notes that while 2FA does improve security, it isn’t foolproof — a fact that underlines the importance of other security precautions.

Two people in a tech environment. A woman holding a tablet displays a map with data points, and a man stands nearby looking at her and smiling. Multiple monitors with code and data are in the foreground, reflecting the shift towards remote working, and a larger world map is projected on the wall behind them.
A digital illustration of a shield with a keyhole in the center, symbolizing cybersecurity. The shield, composed of binary code (ones and zeros), is surrounded by a circular digital interface with various circuit-like lines extending outward—essential for secure remote working environments.

In addition to the basic precautions, it’s necessary to keep in mind that effective cybersecurity requires additional measures.

LOTTIE WESTFIELD

The power of basic cybersecurity practices

Email is an integral communication platform for many U.S. public servants, though it does come with risks. Phishing emails are just one cybersecurity concern, and can result in consequences that range from the exposure of personal information to theft. These scams are executed by cybercriminals that often pretend to be reputable companies or even those that you know in real life in order to entice victims to click on a link that leads to a phishing website. Thankfully, phishing scams can be avoided with a few smart considerations. 

The recognition of a phishing email is perhaps one of the smartest ways to avoid this type of scam. Microsoft notes that these emails typically involve an urgent call to action or even threats, which often stress the importance of an immediate action. First time, infrequent senders, or senders that are marked [External] are another sign of a phishing email, though other, more obvious signs can present themselves via poor spelling and grammar, generic greetings, and mismatched email domains. Unexpected attachments and suspicious links are another telltale sign, and should never be clicked. Should you suspect a phishing email, it’s important to report it before deletion.

Effective cybersecurity runs deeper

In addition to the basic precautions, it’s necessary to keep in mind that effective cybersecurity requires additional measures — especially if work becomes remote. One CNET article highlights different ways that one can secure a home WiFi network, which involves several key steps. In addition to the creation of a strong WiFi password (which should be changed often) as well as the change of default router login credentials, it’s important to turn on firewall and WiFi encryption in order to effectively protect your data. CNET goes on to explain that an upgrade to a WPA3 router is the latest security protocol, and should be standard for all new routers. Despite these precautions in place, however, it’s noted that security will never be a 100% guarantee. “As long as there is the internet, hackers and cybercriminals will find ways to exploit it.” 

The use of a virtual private network, or VPN, can provide extra protection for those who need to use a home network to check work email and perform other work-related tasks. A VPN is defined by Forbes Advisor as “a service that guards your online privacy” through the creation of “a sort of digital tunnel so that third parties cannot understand it.” This effectively limits access to personal information, as the VPN effectively encodes and reroutes it. Forbes goes on to highlight that the data is scrambled to the point that anyone who does attempt access will read gibberish instead — a measure that works to maintain privacy while online. Reputable VPNs are crucial, as third-party and foreign VPN services can be of concern. A 2019 letter highlights the concerns of two U.S. Senators, who noted that employees of the federal government “could be undermining the United States’ national security by using VPNs made by foreign companies,” notes Tripwire. As such, it’s critical to consult with a manager or employer before use of a VPN at home.

Cybersecurity is a must for those who work as a U.S. public servant, though it’s essential to remember that there are layers of precautions to take in order to prevent data leaks and other cybersecurity threats. This extends well beyond secure passwords, with solutions that range from secure WiFi networks to the practice of personal responsibility.

Want new articles before they get published? Subscribe to our Awesome Newsletter.

CAREER ADVICE

Advice from top Career specialists

GOV TALK

Articles about the Public Sector

TRENDS

Public Sector Trends
Accessibility

Pin It on Pinterest