A few months into COVID-19 and the defense sector teleworking, we already have a few lessons learned when it comes to cyber threats targeting the U.S. for information. While we move forward into the next few months and come to meet whatever normal looks like in any business environment, maintaining cybersecurity standards and enforcing information security protocols will be one of the top priorities.
ClearanceJobs sat down with Dr. Jason Edwards, the Principal of Information Security at USAA. With 20 years of IT/Cybersecurity experience in sectors of military/government, insurance, digital security, banking, and energy, he has a diverse perspective on what cyber hygiene and preventive care best practices defense contractors should be implementing. He is also a 22-year veteran of the U.S. Army as both an enlisted soldier and officer. He served in both combat arms (Armor & Cavalry) and as an IT/Cyber officer with multiple tours of duty in Iraq, Afghanistan, and other foreign destinations. During his service, he received the Defense Meritorious Service Medal and the Bronze Star.
Today we discussed cybersecurity compliance, information security governance, teleworking strategy, business protocols, and training.
Important things to be aware of while working from home:
- Companies are reporting an increase in scammers posing as legitimate agencies to trick people into sharing their account accesses or clicking on email attachments containing viruses.
- Zoom experienced unsecured audio and video recording with the increases traffic while people are working from home. Their cybersecurity infrastructure was not up to par beforehand, and unfortunately hindsight is 20/20. Be sure your video conferencing provider is secure.
- Using a personally-owned device to do your professional responsibilities puts both you, your company, and your agency at risk. Using the provided equipment, programs, and protocols is vital.
- Make sure you understand your companies policies and ask questions if there is any confusion. All devices connected to your company’s network most likely need to comply with these certain requirements.
- A Virtual Private Network (or VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks, as if their computing devices were directly connected to the private network. Your company’s VPN offers threat protection and enhanced security services for network traffic.