While it is no surprise that almost everyone (98 percent) claims that privacy is important to them, an astonishing 82 percent of government employees have no security system for protecting their computer screens.
The survey found that 69 percent of respondents use their computers in public places to view sensitive information. In fact, most respondents indicated they work with multiple types of sensitive information.
Fifty-seven percent stated that they work with financial/credit card data; 18 percent work with For Official Use Only (FOUO) information (this is primarily used by the United States Department of Defense as a handling instruction for Controlled Unclassified Information); 18 percent work with human resources data and 19 percent work with classified information.
While protecting data on computers is top of mind for everyone, most organizations are focused on conventional security technologies such as anti-virus software, personal firewalls and spam filters. The WikiLeaks episode clearly revealed one crucial fact – the government did not have adequate protections on sensitive data, and the status quo of traditional security tools and official policy could not stop a breach.
Besides tightening up controls on removable media, WikiLeaks underscores the need for the government to start looking at a system the way an attacker does – by looking for the weakest links. The majority of breaches are made through social engineering attacks that start with simple observation. Adversaries, especially insiders, start by observing computer screens surreptitiously to launch their attacks.
While most expect the government to operate in a much “safer” working environment, Oculis Labs found that both government and commercial organizations are about equal when it comes to data loss vulnerability.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.