Ukrainian governmental institutions are in need to strengthen capacity to train civil servants on cyber hygiene: to identify and address common cybersecurity threats.
I wonder how much could it cost to hack the public institution? Sometimes one could accomplish it without money. All you need is just to spread small traps, and the victim would get into them himself/herself. Could an ordinary e-mail from the supervisor or any lost USB drive with the inscription «List_Fired» be dangerous? It is also interesting whether the hackers would «break» governmental agencies? No doubt, they would.
According to the statistics of the Department of Cyberpolice, in terms of documenting and investigating crimes in the field of high technology in 2020 – 11,621 cases referred to crimes committed in the cyberspace: including those in the banking sector, in the field of online fraud and illegal content.
Assessment of capacity building needs of central executive structures conducted by Ukrainian School of Governance (USG) in 2019 revealed that the level of knowledge of Ukraine’s civil servants on the principles of security in cyberspace is insufficient.
In order to address the identified gaps in knowledge of cyber hygiene rules and principles, the OSCE Project Co-ordinator in Ukraine developed the project «Strengthening Ukrainian State Authorities’ Cyber Hygiene and Cybersecurity Capacity».
One of the important project achievements is related to the development of the online course «Cyber Hygiene Essentials». Almost 35,000 participants successfully completed the course at «Diia. Digital Education» – osvita.diia.gov.ua/courses/cyber-hygiene.
You could only imagine that 80% of all penetrations occurred due to the successful phishing attack, according to ISSP Labs that specializes in cyber-attacks and malware analysis, reverse engineering, challenging computer forensics tasks, etc. Such statistics cannot emphasise enough how relevant the course for civil servants is. Hence, the developed online course targets a wide range of topics:
- Cyber hygiene essentials and the importance of the human factor in the security system.
- The concept of social engineering including its causes, conditions and techniques.
- Safe Internet: browser and its functions, domain names and secure use of Wi-Fi networks.
- Distinguishing between the use of personal and business mailboxes: threats when using mailbox.
- Threats to software: licensed and unlicensed; types of malware.
- Security of social networks including configuration of privacy and other security settings.
- Mobile Security: rules for restricting access.
- The role of physical security in cybersecurity of an organization.
- Disinformation and information manipulation in the cyberspace. This section also contains materials on the legal basis of cyber hygiene in Ukraine.
Those civil servants who are interested in the advanced in-person training on cyber hygiene essentials could register for the training part provided by Ukrainian School of Governance.
Cyber hygiene is the fundamental requirement for cybersecurity. It is a special type of thinking and precaution measure for personal protection against potential threats in the cyberspace. Cyber hygiene in public administration is an essential set of practices and measures that computer system administrators and users can undertake to improve and maintain their security online.
Good luck and remember: the security of the organization depends on the awareness and responsibility of everyone!
All educational instruments were developed in co-operation with the National Agency of Ukraine for Civil Service and Ukrainian School of Governance in the framework of the project «Strengthening Ukrainian State Authorities’ Cyber Hygiene and Cybersecurity Capacity» by the OSCE Project Co-ordinator in Ukraine, with financial support from the British Foreign, Commonwealth and Development Office and the German Federal Foreign Office.
Olga Voitovych, National Project Officer, OSCE Project Co-ordinator in Ukraine (PCU)