State employees are on the front line of defense against information security threats. Those same employees may unwittingly be the source of vulnerability to security threats.
“Whether it’s clicking on a virus-infected email, not protecting your computer when away from your desk, or writing down passwords and placing them in a desk drawer, employees can quickly become the weakest link in the state’s information security chain,” said Kevin Iwersen, Statewide Cyber Security Coordinator, Idaho Department of Administration.
An awareness campaign encouraging state employees to be “security aware” will begin in early January. During the next four months, Iwersen and the state’s Information Technology Resource Management Council (ITRMC) will work to increase awareness of information-related security issues throughout the State of Idaho’s workforce, thereby limiting opportunities for people to deliberately or accidentally steal, damage, or misuse the data that is stored, processed or transmitted within state computer systems.
The majority of security incidents result from employees’ lack of knowledge, according to the SANS (SysAdmin, Audit, Network, Security) Institute.
“In this age of viruses, spam, spyware, phishing attacks, and other threats, our employees must continually be aware of their role in protecting the state’s information systems,” he said. “We are an ever-connected government, and our dependency upon this computing infrastructure is critical to our delivery of government services.”
While it is relatively simple (though costly) to protect critical servers with various security technologies, it is becoming exceedingly difficult to predict the behavior of a single employee who could have catastrophic effects on the state’s computing environment, Iwersen notes.
The awareness campaign will use a mix of communication tools, such as on-line training, e-mail messages, posters, fliers, “brown bag” lunch sessions, and various security presentations.
Forrest Anderson, ITD Information Services Manager, acts
as security coordinator and liaison with the ITRMC. For more information
on the campaign, or to offer feedback about information security concerns,
contact him at 334-8158 or Forrest.Anderson@itd.idaho.gov