During Cybersecurity Awareness Month, all Law Enforcement agencies should be assessing their ongoing cybersecurity training initiatives for all employees.
It’s Cybersecurity Awareness Month and unfortunately many city, county, state, tribal and federal law enforcement agencies provide little or no ongoing relevant security awareness to their employees. This needs to change.
Law Enforcement agencies not only serve as the first responders; they are entrusted to protect the public data they retain. Law Enforcement personnel must keep up with constantly changing cybersecurity crimes and vulnerabilities. New scams pop up every day and the Law Enforcement agencies are always in defense mode in their response.
The following threat groups pose risk to Law Enforcement agencies:
- Nation States
- Terrorist Organizations
- Organized Crime Groups
- Insider (Accidental & Purposeful)
- Individual Hackers
Law Enforcement employees should receive ongoing training on cyber security best practices to insure they have a better understanding of the risk to the public and their organization. Everyone in the Law Enforcement agency needs to have a baseline of security awareness training to help with best practices.
Human error due to lack of training and non-existent basic cyber security best practices account for over 70% of data breaches. Without basic cyber security awareness knowledge for all employees, the Law Enforcement agency greatly increases the risk that the agency will fall victim to a cyber-attack.
Risk to the Critical Infrastructure
These basic security practices should be required for insuring that all Law Enforcement agency personnel safeguard the public’s data and protect the critical infrastructure.
If a Law Enforcement employee falls for a social engineering scam and does not follow policy this creates the possibility that the “keys to the kingdom” could be handed to the very criminals that the agency is investigating.
Criminals now know that if they can break into the Law Enforcement agencies computer network they no longer need to bribe Law Enforcement employees to obtain information. The same information can be hacked or obtained though social engineering or a phishing scam.
Ongoing security awareness training would help to reduce Law Enforcement organizational risk. With the development of proper policies and procedures along with the appropriate training, the public will be better protected.
The Value of Ongoing Security Awareness Training
Since the Covid-19 pandemic started, online fraud is continuing to rise. Law Enforcement and government agencies continue to be the top ransomware targets.
There are numerous government and private sector organizations that will assist law enforcement agencies with cybersecurity awareness training. It’s imperative that Law Enforcement provide ongoing cybersecurity awareness training throughout the year.
All Law Enforcment empoyees are on the front line of fighting cybercrime. We all have a role in protecting our personal data, business data and the critical infrastructure and security awareness training can help to reduce risk.