Image: wk1003mike/Shutterstock.com
By: FEDweek StaffAn IG audit has raised concerns about cybersecurity practices at the Federal Housing Finance Agency, including that about two-fifths of employees who received a test phishing-type phone call did not report it as required by agency policy.
A report said that with management’s agreement, the IG “developed a test to check user awareness of and compliance” with agency policies for employees with access to agency information systems. Among other things, those policies require that such employees immediately report any suspected or potential security incidents to the agency’s IT help desk.
The test “consisted of a phone call to FHFA users on their FHFA-assigned phones in which we informed the user that certain work information (i.e., name, FHFA phone number, FHFA username, and FHFA password) had been published on the Dark Web.” Auditors called a sample of 120 employees and contractor employees, speaking directly with five and leaving messages for the others. Of the total, 45 did not report the call as required.
Many of the employees were on telework status at the time, the IG added, but the agency’s telework policy requires agencies to respond within one hour to emails and voice mails. The agency later notified employees that the call had been part of an authorized “social engineering” test.
The IG said the agency “has committed to continue to emphasize to employees and contractors the need to report suspicious activities.” Management also agreed with one other recommendation, regarding better documenting table top security exercises, but not another involving record-keeping of security incidents.
Agencies occasionally conduct such tests of compliance with security training although they can be controversial and upsetting to employees, as was especially the case with an Army test email in 2014 directing recipients to a bogus site for the Thrift Savings Plan.
Biden Launches Sweeping Diversity Initiative for Federal Workforce
2.7 Percent Raise Called for in Key Budget Bill; End to FEHB Abortion Ban
Partisan Clash at Hearing on Paid Leave Expansion
Additional Security Screening for Federal Jobs Planned Under Domestic Terrorism Strategy
