Start with purchasing devices that have strong security features right out of the box, taking into consideration the systems and devices that you already have in place. Are your employees working in a centralized office, or do you have a hybrid model? The more endpoint devices you have accessing and sharing data via the cloud, the more you want to invest in devices that have self-sufficient security measures. For asset management purposes, it’s best to invest in one brand that operates on the same software and that can be better protected from the same security update. Invest in devices that follow a zero trust model, which account for mistakes from employees like clicking on a suspicious link.
In response to severe cyberattacks that have unfolded over the last decade, the NIST identified a new class of security breach: the Advanced Persistent Threat (APT). APTs are planned, concerted, often state-sponsored attacks intended to destabilize government functions and are not one-off breaches from an opportunistic hacker who sees an open door. With such high stakes in mind, GSA outlines cybersecurity standards that are helpful for deciding which devices to purchase, and whom to purchase them from. We recommend partnering with a supplier who works with Government-wide Strategic Sourcing (GSS) vehicles. At ABM Federal, we offer Best-in-Class (BIC) government sourcing contracts that don’t require further competition, have better prices and streamlined purchasing processes, and meet GSA’s standards for security and sustainability.
Maintaining security is a constant process, and GSA’s cybersecurity standards further outline important considerations for selecting a service provider with that in mind. Vendors should have a proven track record managing security for a variety of devices across different platforms, should offer behavior analysis of email and web traffic for malware detection, and should provide encryption and firewall—among many other features. Your vendor should pay attention to context and trends, and always be up to date on best practices and current risks.
Cybersecurity burnout is a growing issue—both for office IT employees who feel overworked, and for other employees who feel overloaded with security requirements that they don’t understand. Burned out employees are three times more likely than other employees to say that security rules and policies aren’t worth the hassle. Government agencies need to partner with service providers who can do the heavy lifting and take some burden off overworked employees by setting up and maintaining strong security measures that take normal human behavior into account.
Government employees don’t have the luxury of simply taking an old computer to an electronics recycling center. Some offices drop off old devices at the local recycling depot or sell them to new users. The risk here is that restoring your device to default factory settings doesn’t fully wipe its memory; a hacker can still retrieve data from a wiped computer with little effort. Some believe that physically destroying a hard drive by hitting it with a hammer is adequate, but even doing that it’s alarmingly easy for a determined hacker to put the pieces back together. Cybercriminals have been known to reconstruct trashed devices in a laboratory in order to access hard drives or memory, and even to dumpster dive for old computer parts that could hold valuable information. With that in mind, it’s essential for government agencies to have a clear and reliable system for disposing of old devices.
The NIST Cybersecurity Framework provides guidelines for government organizations to adequately protect their data and devices. For some government agencies, these guidelines are mandatory. NIST publication 800-88 covers guidelines for “media sanitization,” or the steps that should be taken to ensure that a device is wiped of all sensitive information before it’s disposed of. NIST guidelines require shredding hard drives, melting them down, or incinerating them. It’s best to find an asset disposal service that is familiar with these guidelines and follows them.
At ABM Federal, we deliver smart and holistic solutions that simplify how government agencies equip their employees with the right devices and security features, flexible upgrades, and full lifecycle services. We offer BIC contract vehicles that manage the heavy lifting around compliance and budgeting requirements and help you through every step of managing your devices—from procurement to disposal. We are proud to partner with HP to offer devices that feature the industry’s best hardware-enforced security. Contact us to learn more about properly protecting your office.
Simplify and Secure Your Federal Office IT
ABM Federal, an HP Platinum Partner, provides HP Security Solutions to government agencies. With over 40 years of experience, an excellent past performance record, and Best In Class (BIC) contracts, ABM Federal offers a variety of innovative products and services to simplify and enhance your federal office IT.
Contact us at (800) 522-9226 to learn more.
ABM Federal | 285 Chesterfield Business Parkway | Chesterfield, MO 63005 | (800) 522-9226 | www.abmfederal.com
Copyright © 2021, ABM Federal.