Last week, former FBI director James Comey testified before Congress in the latest chapter of the investigation into Russian interference in the 2016 presidential election. With new twists and turns every week, Washington is in turmoil as controversial hacks and leaks are seemingly endless.
While these cyber attacks and breaches are likely being made to further one political party over another, Comey reminded Americans Thursday that the effects are damaging to both the left and right—and not likely to end anytime soon.
These events are not just pieces on the political chessboard that is Washington, D.C., or food for talking heads on television. Recent incidents in cyber security have provoked policy change across the aisle that will affect working Americans at every level. This begins with the Federal Information Security Management Act—or FISMA.
In 2002, President Bush signed the E-Government Act, which recognized that information security is vital to the economic growth of the United States, and raised the standards for protection of information among all government agencies. Under Title III of the act, FISMA requires government agencies and contractors to develop protocol within its company to secure all information.
Because of an executive order signed by President Trump in May, every government agency, contractor, and vendor must achieve FISMA compliance by Dec. 31, 2017.
Protocol includes both physical and security standards for agencies and their contractors. While data preservation, network protection, and authorization control are essential to preventing breaches, tangible infrastructure is equally important. Regardless of cyber security practices, information remains vulnerable if organizations succumb to written records of client information, visible passwords, weakness among facilities, and more.
“Security policies, while administrative in nature, demonstrate in clear and unequivocal terms, senior management’s commitment to information security and protecting the organization’s operations, assets, individuals, other organizations, and security,” said the National Institute of Standards and Technology. This includes personnel training, incidence response, crisis planning, and even background checks for employees to ensure data is kept from potentially dangerous individuals.
Organizations that do not comply will lose their contracts, and agencies will lose funding. This will not only hurt the paychecks of executives and management, but will cost some employees their jobs.
Even organizations that do not have a stake in national security or contracts with government agencies will benefit from complying, however. The massive outbreak of the WannaCry virus in May showed the capabilities for ransomware to temporarily cripple and demand money from all types of institutions. And, a 2015 federal appeals ruling now allows the Federal Trade Commission to fine companies for insufficient network security if clients’ data is breached.
While hacking allegations in Washington may initially seem to be of purely political concern, small businesses are well advised to review their cyber security policies and increase network protection before the end of the year.