When Dennis Lauer joined the Millennium Challenge Corp. as chief information officer two years ago, the young federal program’s growing pains included a startling lack of security. It was an almost free-for-all atmosphere, he recalled. Employees installed Apple iTunes on the agency’s network and regularly downloaded malware via pop-ups that harbored malicious code. “Almost every day we had [surreptitious] viruses, and people didn’t know not to click on” them, Lauer said. The security situation began to change for the better when the office adopted new security policies and practices. Launched in 2004, MCC had adopted a few information technology shortcuts in the early years as the U.S. government corporation embarked on its mission of helping underdeveloped nations.