No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions.
If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million.
Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.”
Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM.
Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network.
Lessons from the Heartland
Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with schools and employers to help Iowans with disabilities fulfill the prerequisites they need to enter the workforce. Because of the nature of their work, IVRS counselors often work remotely, as they travel across the state to meet their clients in the field.
While IVRS may not have an IT footprint comparable to that of the OPM or another large federal government agency, but it still has 30 offices and hundreds of mobile employees who, when in the field, require secure remote access to their network.
For Network Security Administrator Bill Dickerson, the challenge is to build an IT environment that allows IVRS counselors to work remotely, without putting sensitive client information at risk as it travels between the IVRS counselor’s mobile device and the network.
The integrity of client information is no trivial detail. IVRS holds a contract from the Social Security Administration, so the agency is required to transfer information over a secure IPsec connection.
Dickerson says he’s found just the solution he needs with NCP engineering’s Secure Enterprise Solution. With this VPN remote access solution, IVRS employees are automatically provided with a stable, secure connection as soon as they log into their devices. No frustration, no interruptions.
And for Dickerson and his staff, the NCP Secure Enterprise Solution has provided centralized remote access management, meaning that customizing settings and configurations, as well as troubleshooting, is now much easier.
These same benefits could be seen on a broader scale, across government agencies, if more look to add VPN remote access solutions to their network administration toolkits. The next breach victim is out there somewhere, and it’s up to government agencies to make sure they aren’t the next one.
Want to learn more about using VPNs for government network security? Read our case study with Iowa Vocational Rehabilitation Services to find out more.
– How IVRS uses remote access VPN to serve Iowans, wherever they are
– How NCP has reduced IVRS IT staff time spent on VPN
– How NCP makes troubleshooting “a piece of cake”