614-322-2222 or 877-770-8324

Does Your Company Have the Same IT Security Lapses as the VA?

Mar

14

Does Your Company Have the Same IT Security Lapses as the VA?

Does Your Company Have the Same IT Security Lapses as the VA?

Later this month, the inspector general of the U.S. Department of Veterans Affairs will release a security audit that identifies the IT weaknesses of non-classified government agencies, according to Data Breach Today. Surprisingly, the audit confirmed cyberthreats to the VA from both domestic and international hosts.

However, an expert quoted in the article noted that the same lapses uncovered at the VA are also prevalent in the private sector, and blamed a lack of education for failure to commit to basic security measures.

The audit investigated all systems at the VA and came up with a list of blatant deficiencies, a list that creates a good starting point for IT professionals and business owners to reference.

The weak points of the infrastructure are divided into four categories:

Configuration Controls
•Updates and patches to systems were not timely or routinely implemented across the board.
•Change and baseline controls were not holistically implemented.

Access Standards and Controls
•Passwords requirements and updates were not enforced across all systems.
•Inactive and expired user accounts were not removed from systems.
•Remote access was not stringent (multifactor).

Security Management
•Risk assessments were outdated.
•Documentation did not match the current infrastructure.
•Employees were not trained or investigated to match their security levels.

Contingency Controls
•Updates and patches to systems were not timely or routinely implemented across the board.
•Documentation did not match disaster recovery tests.
•Recovery procedures were not documented.
•Backup tapes were not encrypted before being transmitted remotely.

So what does this mean for your business?

Security and consistency is incredibly important for small businesses and enterprises alike.

From the VA agency audit, it is increasingly clear that holistic consistency and documentation are more vital than ever. Even the smallest lapse in action (missed documentation, failed encryption, improper data destruction) can lead to serious bottom line consequences. As was evidenced by the surprising results of this government audit, any entity can be the target of domestic or foreign attacks.

Keep your data safe!



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


    Why risk it? Get started today! Call 614-322-2222



  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.