The less secure nature of home networks has exposed local, county and state governments to new risks during the COVID-19 crisis, experts say, but those risks also set the stage for new opportunities for collaboration.
With so many government employees still working remotely, IT officials focused on cybersecurity and network safety say the new work environments have introduced new threats. But they've also introduced opportunities for training, awareness building and collaboration.
Effectively managing the safety of those endpoints — state laptops connected to home wireless networks, for example — can be aided with the help of technology, said Maria Thompson, state chief risk officer in the North Carolina Department of Information Technology.
“I will say this… It’s always been about the endpoint,” she said.
“Asset management, I keep saying that, but that is key. You can’t protect what you don’t know. You can’t protect what you don’t know that’s connected to your environment,” she added Sept. 2 during the North Carolina Virtual Digital Government Summit, organized by e.Republic.*
Thompson noted that one of the areas her agency has explored is an endpoint solution that will allow faster patching when a problem is discovered.
Cybersafety at the local, county and state levels has taken on new meaning since the start of the COVID-19 crisis transitioned so many workers to a remote working setup. Studies have shown, said moderator Teri Takai, co-director for the Center for Digital Government at e.Republic, that half of the employees working from home “admit that they’re cutting corners in cybersecurity.”
“The only thing that surprises me about that statistic being as high as it is is that that many people know they’re making mistakes,” said Jim Richberg, field chief information security officer at cybersecurity firm Fortinet.
“By and large, it’s people who are making mistakes. People who are trying to get the job done,” he added.
Meanwhile, compromised Web applications have been an easy entry point for bad actors, the experts say.
“While we were telling people you had to be working on the Internet, using external applications while you were in the office, we often had Web application filters that could help protect against some of the malicious activity. Not everyone has this at home,” said Richberg.
Responding to the cybersecurity needs of the COVID-19 crisis can also be helped through more collaboration, said Thompson.
“This is not a time for us to be in our little ‘silos of excellence,’” she remarked, noting the state has formed a “cyber task force” for other agencies like schools and local governments. “This is the time for us to build relationships, go outside of our lateral limits that we normally work in, and understand that we may not have the asset, but that person may have the asset.”
*The North Carolina Virtual Digital Government Summit was hosted by the Center for Digital Government, a part of e.Republic, Government Technology's parent company.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.