In the past two weeks, the media has inundated the public with articles and blogs which highlight the risks associated with social networking. If one of the highest ranking general officers, and the head of the top intelligence agency in the nation, was able to somehow lose sight of the critical nature of information security, where does that leave all the major departments within the federal government?
Even if no security breaches occurred as a result of former CIA Director David Petraeus’ extramarital affair his theoretical belief that he could keep the affair private – and use email exchanges to do so – exemplifies a lack of judgment. (It’s widely held in intelligence circles that having an affair isn’t necessarily a career ender – but trying to keep it private from your spouse and supervisors is certainly an issue).
The public should expect major increases in training, security briefings and more stringent criteria for security clearances following the scandal that has enthralled the country and captured the attention of every news outlet in the world.
Government security personnel, cyber security professionals, and policy makers may be looking for more effective ways to control or monitor the activities and email traffic of those employed by the government. Areas of the greatest concern involved agencies that deal with national security and intelligence, to include the Departments of Defense, State, and Homeland Security.
Those who currently have security clearances should take special care to make sure that they are not in danger of losing or compromising their clearances. So what can be done to ensure compliance with regulations and reduce serious security breaches? Increased awareness is only part of the solution.
Most government personnel are given mandatory annual security awareness training, but other key factors are largely associated with issues related to social networking security, to include misuse of email, social media or personal communication. A growing concern is the number of security breaches which aren’t meant to be malicious, but happen through ignorance.
Products which provide security monitoring and protection and screening of employee emails are on the rise. Inappropriate emails can be screened and identified in order to prevent or halt non-compliant activity. Some software can:
- Minimize legal risks resulting from illegal or offensive email content
- Aid compliance with HIPAA, IRS Circular 230, Gramm-Leach-Bliley Act, SEC, NASD, and others
- Avoid damage to reputation by preventing inappropriate emails
- Avoid confidential data loss by content checking emails and attachments
- Increase productivity by blocking spam, viruses and non-business emails
- Optimize network use by monitoring email usage and compressing attachments
It is important for employees at all levels to have awareness of their rights of privacy. The federal government email systems have a disclaimer which states that the agency has a right to monitor or view all electronic transmissions.
Increased education and vigilant implementation of current policies can be achieved, but will require an attitude and example of excellence from senior leadership on down. Security breaches and lack of adherence to security policies can’t be tolerated at any level.
Diana M. Rodriguez is a native Washingtonian who currently works as a professional writer, blogger, social media expert, commentator, editor and public affairs practitioner. Diana previously worked as an editor and senior communications analyst for the Department of Defense.
