Eric Trexler, vice president of global governments and critical infrastructure team at Forcepoint, said federal agencies should provide cybersecurity training to employees, particularly information technology professionals responsible for dealing with cyber breaches, in accordance with the current administration’s executive order on cybersecurity.
Trexler wrote in an article posted Monday on Federal Times that agencies should not only have a playbook for responding to cyber incidents but also “pressure test it through rehearsals and practice sessions.”
“In addition to regular awareness training on phishing scams and ransomware attacks, agencies must run exercises to reinforce the proper security measures if an employee does succumb to an attack,” he added.
Trexler called on agencies to use playbooks to facilitate red teaming, update their policies on cloud and file sharing and educate personnel on such policies as they work to implement a hybrid-remote workplace.
“Agencies need to enable more dynamic file sharing policies without putting the organization at risk,” he wrote. “To do so, they must train employees on the risks of third-party cloud apps and what types of information sharing is okay within agency sanctioned apps.”
He also recommended that agencies train their staff how to detect and report their mistakes for the sake of security.
ExecutiveBiz, sister site of GovCon Wire and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.