The White House Executive Order on cybersecurity and the push for all federal agencies to adopt a zero-trust security framework will fundamentally reshape public sector information security strategies. The work ahead will be a continuing journey, from migrating legacy systems to cloud environments, to mandating multi-factor authentication (2FA), to improving software supply chain security and more. Accomplishing all of these goals will be challenging and require a joint effort between the federal government and private industry.
Frequently left out of this discussion are state, local, tribal, and territorial (SLTT) governments. These small agencies handle extensive and highly interconnected IT systems that control everything from emergency services to school districts, making them vital to protecting the nation’s critical infrastructure. However, SLTTs also struggle with significant budget constraints and a dearth of in-house security expertise. Most U.S. states dedicate less than 3% of their IT budgets to cybersecurity, in contrast to over 10% in the private sector.
Knowing this, cybercriminals see SLTTs as “soft targets” for cyberattacks, especially ransomware. Because SLTTs lack the resources to prevent or remediate ransomware attacks, and the systems they’re in charge of need to be up and running 24/7, they’re more likely to pay up than federal government agencies or large private-sector organizations.
Password Security Is Key to Compliance with Federal Zero-Trust Mandates
Even for the most budget-strapped local government agency, implementing zero-trust cybersecurity defense from cyberattacks can be integrated today. Simply by securing their agency’s passwords, SLTTs — and federal agencies — can dramatically improve their cybersecurity postures, ensure the resilience of the critical infrastructure under their purviews, and execute on federal cybersecurity mandates. There are two primary reasons for this.
1. Poor password security is the #1 cause of data breaches and ransomware
While there is no such thing as a cyber silver bullet, comprehensive password security comes pretty darn close. Over 80% of all successful data breaches, and approximately 75% of ransomware attacks, happened because of compromised passwords.
2. Password security is key to a zero-trust security architecture
With its emphasis on user and device verification, zero-trust hinges on the ability of IT administrators to enforce comprehensive password security among users, including the use of strong, unique passwords for every account; multi-factor authentication (2FA) on all accounts that support it; role-based access control (RBAC); and least-privilege access.
3. Password security is simple and inexpensive to implement
Cybersecurity tools work best when they’re easy for administrators to implement, and for employees and contractors to use. Keeper’s enterprise-grade password management and security platform takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs (and budget) of any size department or agency.
Employees get a secure digital vault that stores all of their passwords, 2FA codes, and other sensitive data. They can access their Keeper vault from any device, running any operating system, using their Master Password — the only password they’ll ever have to remember. Keeper automatically generates unique, random passwords and autofills passwords (and MFA codes) on websites and apps,
Meanwhile, IT administrators get complete visibility into employee password practices, enabling them to monitor adoption of password requirements and enforce password security policies organization-wide, including RBAC and least-privilege access policies.
As the only password management solution provider available on the FedRAMP marketplace, Keeper’s zero-trust and zero-knowledge enterprise password management and cybersecurity platform is the perfect defense against ransomware for government agencies of all sizes to get a head start on federal zero-trust mandates.
Contact our cybersecurity experts to deploy a secure, effective and simple zero-trust solution at +1 202-946-4575 or firstname.lastname@example.org.
We recently hosted a live discussion about this topic with Hanna Wong; Director of Public Sector Marketing at Keeper, Tristen Yancey; VP of Public Sector at Keeper, and Stacey Wright; Vice President of Cyber Resiliency Services at Cybercrime Support Network. If you missed it, you can view the recording here.