The following is a guest post from a very hard working, dedicated, and friendly man in uniform that I am honored to know and work with: Joe Schweickert As a veteran myself serving from 1985-1993 this is a deeply disturbing HR issue that the military personnel records have been exposed.
- Fix all Critical vulnerabilities within 30 days – part of the federal ‘Cybersecurity Sprint’.
- Tighten policies on ‘privileged users’ – requiring administrators to use 2-factor authentication for access to systems, making it harder to steal passwords.
- Accelerate use of ‘smart cards’ for system access for all users – Government wide use is only about 42%, but agencies (such as Defense) that have adopted smart cards have seen a significant decrease in hacks. (See example smart card – access to the computer requires both inserting the physical card, as well as a PIN).
- Deploy ‘indicators’ to scan systems/logs and detect breaches.