With the COVID crisis pushing federal employees to work from home, were seeing a first-of-its-kind test for the way modern government functions. Even as agencies take great pains to ensure the security of messages, shared documents, video calls and phone chats across offices and missions, outdated computer systems or reliance on common communications platforms outside central offices opens an opportunity for exposure that could put government data at risk.
Only about 40% of the countrys 2.1 million federal workers were authorized to work remotely as of 2017, yet the pandemic has pushed larger agencies such as the Department of Health and Human Services, the Securities and Exchange Commission and the Energy Department to take precautions to prepare employees for a remote shift.
A large majority of intelligence workers still must go into work in highly secure government facilities where stringent policies and procedures ensure robust cyber protection, but for the rest of remote government workers, this could be a make-or-break moment.
As with many in the private sector, the rapid pace at which security threats have evolved has forced agencies to update and secure dated systems piecemeal. A gradual, lagging response to updating systems has now become a top priority due to the coronavirus. This has caused an exponential increase in federal agencies adopting end-to-end encryption (E2EE) as the only way to truly be sure that every employee -- from those working in federal buildings, running missions overseas, to those working from their kitchen counters -- can communicate securely, safe from cybercriminals and nation-state attackers.
From situation room to spare bedroom
The country as a whole made drastic changes to limit the virus spread, and so too did government agencies. They urged employees to sign remote working agreements and to be ready to telework full-time if necessary. Even as Zoom made its meteoric rise as the work-from-home videoconferencing standard, many agencies, including NASA, eschewed the service over privacy and security concerns, adding more confusion around which departments could use what tools.
But like most of the American workforce, government employees have been making this telework shift with little guidance and amid misinformation that can leave data exposed despite the best intentions. For example, although Zoom initially boasted about its E2E capabilities, it was only after a slew of headlines around Zoombombing that it became clear the company was marketing its services as E2EE, when in fact information was only encrypted client-to-server. This lower-grade security was adequate when Zooms use was more limited and sensitive conversations could happen in person, but it couldnt withstand the extra pressure applied when teams went fully remote and cybercriminals began to take advantage of increased use. When adapting to new conditions in real time, organizations often trust tools and take their claims at face value, but as the nation moves toward more remote work, tools must be scrutinized beyond their marketing claims.
Although the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) released a checklist to help agencies make sure remote employees are operating as securely as possible, whats clear is that decades-old government computer services and networks cannot handle the massive remote access needed at the moment.
Nor can agencies control user behavior. Despite having the most powerful technology at their disposal, people are, more often than not, the cause of security breaches.
To stay secure, agencies must reduce human error, and that starts with educating every user on better practices, including the obvious warnings: Dont use public Wi-Fi; protect devices; use strong passwords and dont reuse them; back up all data; dont use work computers for personal matters; and attend regular security awareness training. Research shows that a third of all data breaches start with a user being fooled by a phishing scam into providing credentials or personal information, a technique thats become even more effective and popular with more reliance on email communication. IT staff should train all employees -- especially remote workers -- how to spot and thwart phishing emails and texts.
Another option is using a virtual private network, which provides a secure, private tunnel from the remote workers device to the network. Bad actors cannot easily access VPNs providing a secure connection -- especially those with E2EE -- even if the user is connecting over an unprotected public hotspot.
IT departments should also implement two-factor authentication for any work-from-home devices as an extra layer of protection for government devices and data, especially if passwords or other credentials are weak or leaked in a data breach. This extra step can involve email or text verification or fingerprint or face recognition depending on the importance of the data being protected.
Using essential encrypted communications
When it comes to the most sensitive data and communications, unauthorized access can be avoided via the use of the strongest E2EE.
Done correctly, E2EE gives electronic communication throughout agencies the same level of security and privacy as a face-to-face conversation, especially if the solution has ephemerality baked in. Messages or other communications are encrypted on a senders device, sent to the designated recipients device in an unreadable format, then automatically decoded for only the recipient.
No unencrypted data is stored on either device or on any third-party servers or networks. No individual or organization other than the intended recipient can decrypt messages, data or files, and users set message expiration times per the agencys data retention policies to meet all compliance standards.
There are several ways to ensure this degree of security, with varying levels of complexity. The easiest way is to find a solution that enables devices that guarantee E2EE as a digital lockbox. This means communications generate both a public and a private key. The public key is shared with anyone who encrypts a message, while the private key stays on the recipients device to decrypt the messages. A sender has the public key to put something in a lockbox and ostensibly secure it, but the recipient has the one and only key to unlock it.
If agencies can easily enact E2EE for remote workers, they can ensure that no bad actors can eavesdrop on government information. Clearly, different levels of encryption will be needed based on the sensitivity of the materials, but these fundamental steps can be taken. Superficially simple, but incredibly complex -- implementing rigorous E2EE protocols is the one essential way that agencies can remain as secure as possible while the workforce is stuck at home.
About the Author
Joel Wallenstrom is the CEO of Wickr.
See the rest here:
Federal-grade encryption from the comfort of home - GCN.com
- What is On-the-Fly Memory Encryption? - Electropages - August 8th, 2020
- AFP says it made three requests for assistance in breaking encryption in 2019-20 - iTWire - August 8th, 2020
- Blue Canyon Technologies Tapped to Build QETSSat Encryption Satellite - Via Satellite - August 8th, 2020
- Encryption Software Market Report to Share Key Aspects of the Industry with the Details of Influence Factors- 2024 - Owned - August 8th, 2020
- Exorcist Ransomware and CIS Exclusion - Security Boulevard - August 8th, 2020
- Beyond Krk: Even more WiFi chips vulnerable to eavesdropping - We Live Security - August 8th, 2020
- Comprehensive Analysis on Endpoint Encryption Software Market based on types and application - The Daily Chronicle - August 8th, 2020
- This hardware-encrypted USB-C drive is rugged, inexpensive, and can run Windows - TechRadar UK - August 8th, 2020
- Zoom's COO is not concerned by app bans in India, says end-to-end encryption for all by year end - Economic Times - August 8th, 2020
- Jihadi Use Of Bots On The Encrypted Messaging Platform Telegram - Middle East Media Research Institute - August 8th, 2020
- Thoughts on encryption legislation - and the real 'link' between 5G and coronavirus - Cloud Tech - July 21st, 2020
- Twitter Urged To Beef Up Encryption 07/20/2020 - MediaPost Communications - July 21st, 2020
- Encryption Software - Market Share Analysis and Research Report by 2025 - CueReport - July 21st, 2020
- Encryption Management Solutions Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And... - July 21st, 2020
- Research Report on Data Encryption Service Market by Current Industry Status, Growth Opportunities, Top Key Players, and Forecast to 2025 -... - July 21st, 2020
- Bill That Mandates Cyber Backdoors Will Leave Front Doors Wide Open - CPO Magazine - July 21st, 2020
- These encrypted iStorage hard drives and flash drives are the ultimate peace of mind for your data - Boing Boing - July 21st, 2020
- Virtual and face-to-face connect to coexist: Zoom COO - Fortune India - July 21st, 2020
- Facebook's Rolling Out Touch ID and Face ID Lock Options for Messenger - Social Media Today - July 21st, 2020
- Global Cloud Encryption Technology Market Expeted To Reach xx.xx mn USD With growth Rate of xx by 2025| Pandamic Impact Analysis : Gemalto, Sophos,... - July 21st, 2020
- Encryption Software Market 2020 Comprehensive Analysis With Top Trends, Size, Share, Future Growth Opportunities & Forecast By 2027 - Connected... - July 21st, 2020
- Cryptocurrencies Have 'No Way' to Comply With US Anti-Encryption Bills - CoinDesk - CoinDesk - July 17th, 2020
- Encryption Key Management Market: Find Out Essential Strategies to expand The Business and Also Check Working in 2020-2027 - Jewish Life News - July 17th, 2020
- Email Encryption Market Worth $9.9 Billion by 2025 - Exclusive Report by MarketsandMarkets - PRNewswire - July 17th, 2020
- Encryption Software Market Overviews With Key Players, Size Growth Drivers As Well As Industry Challenges Opportunities To 2027 - Connected Lifestyle - July 17th, 2020
- Encryption Software Market 2020 | Covid-19 Impact Analysis and Industry Forecast Report Till 2024 - 3rd Watch News - July 17th, 2020
- Encryption Software Market 2020 Overview by Size, Share, Financial Services, Applications, Sales Data and Investment Opportunities till 2025 - Apsters... - July 17th, 2020
- Flash drives and hard drives with military-grade encryption on sale - Mashable - July 17th, 2020
- Hardware Encryption Market: Size, Share, Analysis, Regional Outlook and Forecast 2020-2025 - Express Journal - July 17th, 2020
- IoT Security Solution For Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Endpoint Encryption Software Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Report 2020 by Key Players, Types, Applications, Countries, Market Size, Forecast to 2026... - July 6th, 2020
- Explained: WhatApp calls End-to-End Encrypted, but what does it mean for you? - India Today - July 6th, 2020
- The booming business of encrypted tech serving the criminal underworld - Telegraph.co.uk - July 6th, 2020
- Hardware Encryption Devices Consumption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Network Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Encryption Software Market Worth $20.1 Billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - June 18th, 2020
- Zoom says free users will get end-to-end encryption after all - The Verge - June 18th, 2020
- Zoom To Offer End-To-End Encryption For Video Calls, Trials To Start In July - NDTV - June 18th, 2020
- Encryption Software Market 2020-2025: Types, Services, Cost Structure, Application, Statistics, Emerging Trends And Regional Analysis - Owned - June 18th, 2020
- Zoom to offer end-to-end encryption for all users, trial to begin in July - Reuters India - June 18th, 2020
- Cloud Encryption Market Will Generate Massive Revenue In Future- A Comprehensive Study On Key Players - Surfacing Magazine - June 18th, 2020
- Global Cloud Encryption Gateways Market Research with COVID-19 After Effects - Cole of Duty - June 18th, 2020
- Encryption Software Market 2020 By Trends, Demand, Business Opportunities, Development Factors, Applications, Overview with Competitive landscape... - June 14th, 2020
- IMPACT OF COVID-19 ON Encryption Key Management Software RESEARCH, GROWTH TRENDS AND COMPETITIVE ANALYSIS 2020-2026 - Cole of Duty - June 14th, 2020
- Move over Zoom, this encryption company just released the first fully end to end encrypted conferencing solution #105518 - New Kerala - June 14th, 2020
- Cloud Encryption Software Market to witness high growth in near future - GroundAlerts.com - June 14th, 2020
- Three secure ways to surf the internet - Gadgets Now - June 14th, 2020
- Will Zoom Bring Encryption to the People Who Need It Most? - EFF - June 13th, 2020
- Encryption Software Market Size Scope and Comprehensive Analysis by 2028 - 3rd Watch News - June 13th, 2020
- Hardware-based Full Disk Encryption Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Congress introduces EARN IT Act, which would end encryption programs but violates the Constitution - NationofChange - June 13th, 2020
- IBM kit wants to keep your data encrypted while in use - ITProPortal - June 13th, 2020
- Commercial Encryption Software Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Nearly 500,000 say Congress shouldnt kill encryption with the EARN IT Act - The Daily Dot - June 13th, 2020
- COVID-19, Security and WFH: Myths and Misconceptions - Security Boulevard - June 13th, 2020
- Privacy News Online | Weekly Review: June 12th, 2020 - Privacy News Online - June 13th, 2020
- Global Optical encryption Market Insights and Forecast 2020 to 2025 - Jewish Life News - June 13th, 2020
- Hong Kong is number one in Asia for enterprise encryption, with customer personal information the top data protection priority, reports nCipher... - May 27th, 2020
- Are social giants morally obligated to break encryption? - ACS - May 27th, 2020
- Facebook plot to encrypt ALL chats will help child abusers to hide, former police chief warns - The Sun - May 27th, 2020
- Encryption Software Market To Expand At A Robust 14.27% Cagr Of 2020 | Sophos,McAfee,Check Point Software Technologies,Proofpoint,Trend Micro - 3rd... - May 27th, 2020
- Encryption Software Market Forecast Revised in a New Market Expertz Report as COVID-19 Projected to Hold a Massive Impact on Sales in 2020 | Long-term... - May 27th, 2020
- Global Homomorphic Encryption Market Analysis 2020-2025: by Key Players with Countries, Type, Application and Forecast Till 2025 - Cole of Duty - May 27th, 2020
- COVID-19 Impact ON AES Encryption Software Market: Size, Market Analysis, Application, Growth Drivers, Trends, status and Research Report by 2025 -... - May 27th, 2020
- Cloud Encryption Software Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top... - May 27th, 2020
- Global Encryption Key Management Market 2020 Insights, Key Player's Competition, Trends, Sales, Revenue, Supply, Demand, Growth Analysis and Forecast... - May 27th, 2020
- Starting to look at email security. Looking for guidance - Encryption Methods and Programs - BleepingComputer - May 25th, 2020
- Global Cloud Encryption Technology Market Projected to Reach USD XX.XX billion by 2025- Gemalto, Sophos, Symantec, SkyHigh Networks, Netskope etc. -... - May 25th, 2020
- Impact of Covid-19 on Cloud Encryption Technology Market is Expected to Grow at an active CAGR by Forecast to 2025 | Top Players Gemalto, Sophos,... - May 25th, 2020
- Zoom will seek public feedback on plan for stronger encryption - The Indian Express - May 16th, 2020
- Encryption Software Market Research Report 2020 By Size, Share, Trends, Analysis and Forecast to 2026 - Cole of Duty - May 16th, 2020
- Almost half of organisations have been reported to the ICO for a potential data breach - ResponseSource - May 16th, 2020
- VPN Tunnels explained: what are they and how can they keep your internet data secure - TechRadar - May 16th, 2020
- The Week in Ransomware - May 15th 2020 - REvil targets Trump - BleepingComputer - May 16th, 2020
- WhatsApp Video Calls Will Soon Support 50: This Is Why 8s The Limit For Your Security - Forbes - May 16th, 2020
- How to Use Encryption for Defense in Depth in Native and Browser Apps - InfoQ.com - May 14th, 2020
- Analyzing Encrypted RDP Connections - Security Boulevard - May 14th, 2020
- Analysis on Impact of COVID-19-Global Cloud Encryption Software Market 2020-2024| Increasing Use of In-built Cloud Encryption Solutions to Boost... - May 14th, 2020
- Vcrypt ransomware brings along a buddy to do the encryption - Naked Security - May 14th, 2020