Quick reminders to keep you, your DoD info cybersecure
by Katie Lange, Department of Defense
Each morning, thousands of people around the globe wake up with one job to do: steal U.S. secrets and technology. And they’re targeting you – Defense Department personnel – hoping to find weak spots on your computer, phone and social media to gain access to critical defense information.
Did you know that 44 percent of millennials were victims of cybercrimes last year? According to the Department of Homeland Security, 600,000 Facebook accounts are hacked every day, 47 percent of U.S. adults have had their personal information exposed, and one in three homes with computers is infected with malicious software.
Our DoD IT folks can only do so much to protect us. We have to protect ourselves and our work, too, so the information we have that’s critical to warfighters around the world isn’t breached. Here are a few tips to make sure you’re cybersecure:
1) When you’re online at your desk or on your smartphone:
Always check for the padlock icon in your browser bar – this signifies a secure connection.
Avoid free internet access in public. If you have to use an unsecured connection, avoid sensitive activities that require passwords. Your personal hotspot is often a safer alternative to free Wi-Fi.
2) Never transfer files from your work computer to one at home. Also, never move data across domains using a thumbdrive.
3) Passwords: You should consider using the longest password or passphrase permissible, according to the National Institute of Standards and Technology. If you have too many passwords, consider using a password manager – they are the most secure way to store all your unique passwords.
4) If you have a common access card (CAC), don’t take photos where the ID is visible. That goes for the building you work in, too — don’t take photos of anything identifiable that could give information to enemies.
5) Beware of phishing and whaling attempts. Phishing is a message sent to a large group of people. Whaling attempts are aimed at senior executives and other high-profile targets. Click here to learn more.
Need an example? During a 2010 joint military exercise, one team’s mission was to target several military personnel. They chose seven user email accounts with one phishing email. It wasn’t digitally signed or encrypted, and it contained a document with malicious code. Two of the seven targeted users clicked the email, allowing the team to establish connections, capture data and remotely execute commands of their choosing. They eventually achieved domain admin privileges over more than 6,800 user accounts, 5,400 computer accounts and all associated password hashes – severely affecting the organization’s mission.
ON MOBILE DEVICES:
All mobile devices have trackers that can pinpoint, display and record your location. These often activate by default. This data by itself may not reveal much; however, when it’s collected and aggregated, it could be possible to pick out military installations or troop movements and patterns in places such as the Middle East or other sensitive locations. So be very caution with your mobile devices:
Know what your device is capable of
Configure setting to secure your information
Opt out of info sharing
Don’t share sensitive information online.
Beware of insecure default settings, unintentional data sharing and untrusted network connections
Follow your local commander’s guidance when possible
These tips count for fitness trackers, smartwatches and any other GPS-enabled device you keep with you. This document has a few more important ones:
Why do these things?
It helps ensure our troops’ safety. For example, while drilling at sensitive military bases, location information may be gathered and transmitted over the internet, providing adversaries who find it the ability to map activity and locations.
It avoids tracking of and compromising sensitive data.
It protects national security.
ON SOCIAL MEDIA:
Most of the above tips apply to social media sites, too, but here are a few more so your risk of becoming a target is low:
Don’t share where you work or what you do on them, and don’t talk openly about the services you provide the government.
Don’t add people you don’t know.
Set up multifactor authentication on all of your mobile device apps.
Avoid posting names, phone numbers, addresses, school and work locations, and other sensitive information.
Disable geotagging, which allows anyone to see where you are – and where you aren’t – at any given time.
Have more questions? Check with your IT folks, who can help you out with various training exercises to help you be as cyberaware as possible.
Military News | Navy News | Cybersecurity tips