It’s cyber security month. Is your backdoor locked?

14 October 2013 | John Weigelt, National Technology Officer, Microsoft Canada
Security, more than any other single factor, drives our digital economy forward. Governments around the world know this and are addressing cyber security as they build out their suite of digital services and IT solutions. But government agencies that are not directly involved with setting security policy might not understand the role they can play in safeguarding their corner of cyberspace.
You might be surprised at how widely available many security measures are. Here are three easy actions you can take right now to help protect your organization against cyber threats.
1. Get clear on the threats.
When it comes to security, the media spotlight shines brightest on government agencies that deal with public safety or national security. But the sad fact is, malicious actors are everywhere. Every government entity can be victimized by security breaches resulting in the theft of business plans, negotiation strategies, intellectual property, and sensitive personal information.  Given its unique role, a government agency will encounter more sophisticated threats than the average citizen. As a result, you have a greater responsibility to implement safeguards to protect against a broad spectrum of threats. Step one is to research the types of threats that are out there, and determine which of your department’s assets are at risk.
2. Get current.
Sophisticated security breaches make great headlines, but they tend to be outliers. The fact remains that the vast majority of cyber break-ins are performed using well known vulnerabilities for which updates are available. Simply enabling automatic updates for your operating systems and office apps provides a meaningful defense against many of the most common exploits being used. This is an area of relentless focus at Microsoft, of course. Since implementing the Security Development Lifecycle over 10 years ago, we have continuously improved security in Windows and Office, with each new version being more resilient to threats than its predecessor. Across the board, the modern software industry has evolved to the point where today’s software includes a variety of security capabilities to thwart the traditional techniques used by the hacker community. Government organizations have traditionally been slow to deploy the modern software that can protect against most threats. For example, many agencies will continue using Windows XP after it's discontinued in April 2014. Don’t let your agency be one of them.
3. Light up those features.
How often have we heard of personal data spills resulting from a stolen laptop or misplaced USB memory stick? With features like BitLocker Drive Encryption and BitLocker to go built into Windows, it should never happen. Other built-in features such as Windows Defender, Microsoft Security Essentials, and Internet Explorer tracking protection should be deployed immediately if they’re not already in use. If you’re on Windows, you get these protection measures for free—and they work. There’s really no excuse for not using them.
October is Cyber Security Awareness Month, so it’s a great time to have this discussion. Cyber security is part technology and part individual initiative. Like locking our doors at night or activating a home security system when we’re traveling, the best protections against break-ins are often at our fingertips. We just have to take the first step.
What steps are you taking to improve cyber security in your government agency? Leave a comment here, and let’s make cyber security a global, year-round effort.
Have a comment or opinion on this post? Let me know @Microsoft_Gov. Or e-mail us at
John Weigelt
National Technology Officer, Microsoft Canada

About the Author

John Weigelt | National Technology Officer, Microsoft Canada

John drives Microsoft Canada’s strategic policy and technology efforts. He is the lead advocate for the use of technology by private and public sectors, economic development, innovation, environmental sustainability, accessibility, privacy, and security.