U.S. State Department Cyberattack – Proactive Planning Will Help Defend Against Attacks

It seems almost daily that we read about another cyber-attack, data breach, or violent event. Recently, the U.S. State Department was hit with a cyberattack that, by all reports, was a serious breach of their systems. Diligence and planning will win the day when it comes to the prevention of attacks. Here is more info about some practical steps to take to review storing and protecting critical information.

The proper safeguarding of classified information is critical in preventing serious and/or grave damage to national security. Education on proper access, handling, and safeguarding are critical in thwarting outside and insider threats. Potential attacks can be prevented by reviewing your safeguarding procedures in 3 ways:

Access – Who has access to the safe? How is the combination maintained? How often is the combination changed? Are steps in place in the event the combination is lost or forgotten? Are procedures in place in the event of an emergency? Is a need-to-know challenged when requesting access to classified information?

Handling – Are employees trained on their individual responsibilities when handling classified information? Do employees know who to report to in the event classified information is left unattended? Is misuse and handling of classified information reported to the proper security channels?

Safeguarding – Are end-of-day security checks being conducted and documented? How often is a review of your inventory conducted, and are records available for review upon assessment? What steps are taken when the classified information being held is no longer needed?

Facility Security Officers will also review how classified information is being received when conducting annual self-inspections. A new self-inspection handbook was recently released to industry. Per Defense Counterintelligence and Security Agency so be sure you’re using the latest template for your inspections.

While not required, we always recommend that our clients conduct a self-inspection and review of their insider threat program on a bi-annual basis. This is to ensure proper access, handling and safeguarding are being conducted throughout the year. The Discovery of gaps or potential threats in your security program is key in preventing the loss or compromise of our nation’s classified information. Continued education on your company safeguarding policy and procedures with staff shows the diligence of your security team in the prevention of future attacks against your organization and/or employees. Don’t let your company become a target.

David Touchton

David Touchton is the founder of FSO Services, and he can be reached at David t@fso-services.com.