Report: Feds must make security less burdensome for workers

Tools

Though insiders say federal agencies such as the U.S. Department of Health & Human Services and the Department of Veterans Affairs are vulnerable to cybersecurity threats, federal employees report bypassing burdensome security measures when those measures interfere with their work.

Federal security pros often fail to take user experience into account when implementing security measures, according to a new report by public-private partnership MeriTalk and underwritten by Akamai Technologies. The report urges federal security pros to work together with federal employees to ease their particular pain points while tightening security, according to an announcement.

Among the findings from an online poll of 100 federal security pros and 100 end users:

  • Agencies are vulnerable to a range of cybersecurity threats, including international cyber attacks, breaches involving mobile devices and denial-of-service attacks
  • 50 percent of cyber pros say their agency is likely to be a target of a denial-of-service attack in the next 12 months
  • While 74 percent of cyber pros say their agency prioritizes efforts to prevent data theft, just 40 percent focus on the end-user experience
  • 66 percent of end users believe the security protocols at their agency are burdensome; 69 percent say they make their work take longer
  • As a result, 31 percent of end users say they use some kind of security work-around at least once a week
  • Cyber pros say half of all agency security breaches result from lack of user compliance
  • The activities that cyber pros say are the most likely to cause a security breach are the same ones that cause end users the most frustration--safely surfing the Internet, downloading files, accessing networks and transferring files
  • Users say single sign-on (56 percent), user-friendly interfaces (27 percent) and streamlined access to mobile applications (13 percent) would enable them to work more efficiently and productively

"Without question, federal cyber security pros have a tough job, but they must start working with end users as partners instead of adversaries," Tom Ruff, Akamai's public sector vice president, said in the announcement. "It is a team game."

During the government shutdown, work was halted on, among other things, a $6 billion network threat-surveillance system scheduled to be deployed government wide.

Meanwhile, the VA, one of the nation's largest user of EHRs, also leads the nation in EHR privacy violations, according to an investigation by the Pittsburgh Tribune-Review. Many of the violations were due to failure to encrypt, "shoddy" safeguards and lack of accountability.

To learn more:
- find the announcement (.pdf)

Related Articles:
VA overrun with privacy violations
$6 billion cybermonitoring initiative victim of shutdown
Privacy experts: Health data security efforts too reactive