Report: Homeland Security employees pass phishing scams, struggle with physical security

Dive Brief:

  • Department of Homeland Security employees are less likely to click on potentially dangerous malware than they were previously, according to the results of a penetration test conducted by an independent auditor.

  • The DHS inspector general contracted with KPMG to conduct the social engineering tests and found employees displaying basic cybersecurity practices. 

  • The report, however, found that employees lacked physical security practices and often left sensitive documents laying around their workspace. 

Dive Insight:

Auditors, posing as agency technical support, called DHS employees and asked them to provide their login credentials, according to a Nextgov report. They reached only eight of the 28 employees and contractors they contacted, but none of the eight turned over their passwords.

Last week, Clifton Triplett, the cybersecurity adviser for the Office of Personnel Management, said fewer OPM employees fell for bogus emails in a similar test at that organization.

Improving cybersecurity has been a priority for the federal government. A recent report from SecurityScorecard found U.S. federal, state and local government agencies rank lowest in cybersecurity when compared to the private sector. The federal government has been making a number of moves to try to improve cybersecurity within its organizations.

Filed Under: Security Leadership & Careers
Top image credit: Flickr; USCapitol