Rustic American Flag Gunny's Job Board

Category Archives: Information Warfare

The Threat from Within

By Carlos F. Parter, FCC/C10F Office of the Navy Authorizing Official

When
we consider cybersecurity threats and vulnerabilities, we often think of
external actors. Indeed, external actors work hard to get into our information
technology infrastructure. Surprisingly, they are not our primary threat. When
external actors successfully exploit a vulnerability, you must consider how and
why. More often than not, the exploit was because of failures from within.

One
of the biggest threats to the security of our information systems and networks
is the insider threat. Internal actors are responsible for 75% of security
breach incidents. Do the math. Three-quarters of successful attacks on our
information systems come from within our infrastructure. The bad guys are
working hard to get in, but the internal actors already have the keys to the
kingdom.

What
is an insider threat? The 2017 National Defense Authorization Act defined an insider
threat as, with respect to the Department of Defense, a threat presented by a
person who has, or once had, authorized access to information, a facility, a
network, a person, or a resource of the Department; and wittingly, or unwittingly,
commits an act in contravention of law or policy that resulted in, or might
result in, harm through the loss or degradation of government or company
information, resources, or capabilities; or a destructive act, which may
include physical harm to another in the workplace. 

Simply
put, an insider threat can be characterized as a malicious threat to an
organization that comes from people within the organization, such as employees,
former employees, contractors or business associates, who have inside
information concerning the organization’s security practices, data and computer
systems.

The
insider threat is like a cancer that keeps eating away at our cybersecurity
controls. The central purpose of cybersecurity is to ensure the
confidentiality, integrity, and availability of our information. In other
words, only authorized users should have access to the information, the
information should be unaltered, and the information should be available to
authorized personnel on request. The threat from within circumvents our ability
to effectively secure our information resources from unauthorized access.

So,
who is the insider? The insider could be anybody. Some examples of insiders are
disgruntled employees, careless users or system administrators, those who are
seeking financial gain (cyber/industrial espionage), untrained users, untrained
system administrators, an employee with an internal sense of loyalty to a
cause, etc. Any of us, or those who we work alongside (we are all “insiders”),
could be the malicious insider at any given time if we do not take
cybersecurity seriously. It only takes one person to open the door and allow
bad actors unauthorized access.

People
are the weakest link to any robust cybersecurity program. In contrast, people
are also our greatest asset and our first line of defense. We are the eyes and
ears of information security. If you see something, say something. Vigilance is
essential to ensure that our sensitive information is protected from
unauthorized access. We have to familiarize ourselves with the indicators of
the insider threat and act accordingly.

Indicators of an
Insider Threat

What
are some indicators of the insider threat? The following is a list of some
possible indicators of which we should be mindful:

  • Poor
    performance reviews. An employee may take a poor performance review personally
    and seek to get even with the company or organization.
  • Strong
    disagreements over policies and standards. An employee may circumvent a policy
    that he or she does not support.
  • Financial
    distress. Employees may feel overwhelmed regarding their financial status and
    make a rash decision to share sensitive information with external actors for
    personal gain.
  • Financial
    windfall. A shipmate has a new car, new house, or other tangible assets that
    are unexplained/unusual for his or her household income.
  • Unreasonable
    disagreements with co-workers/senior management. Violent behavior should be
    observed and reported to the chain of command.
  • Seeking
    information about projects or information to which they are not assigned or
    have access. Be cautious of individuals who are overly interested in sensitive
    projects in which they do not have a need-to-know.
  • Unusual/unreported
    overseas travel. Foreign travel to spots that are not frequented by tourists,
    not required for work, or have no personal ties to the individual could be an
    indicator of espionage. Also any routine but unreported travel outside the
    United States.
  • Secrecy.
    We should be careful with the sensitive information we are responsible for safeguarding,
    but we are not the owners of the information. Be aware of personnel who are
    overly secretive about their job.
  • Odd
    working hours. Be mindful of personnel who do not have a need to work outside
    of normal working hours and have access to sensitive information.
  • Inattentive
    work habits. Careless or inattentive work habits could result in an inadvertent
    spillage of sensitive information.

Fighting the
Threat

We
must create a culture of acceptable user behavior. The culture begins at home.
Be cognizant of what you post to social media. Think twice before posting
information about work. If the information is regarding a sensitive project or
could lead to aggregated information that could become sensitive, do not post
it to your social media accounts. Better yet, do not share sensitive
information (part or whole) outside of work. Keep your operating systems
updated, secure your Wi-Fi, monitor your browsing habits, avoid clickbait, do
not install software from unverified sources, and keep your antivirus up to date.

Some
of the mitigations to minimize the insider threat in the work place are as
follows:

  • Company/Organization
    Policy. Users should be informed of expected behavior and the consequences of
    failure to comply.
  • User
    Awareness Training. We cannot overemphasize the need and importance of an
    effective user training program. Include spot checks, bulletin board postings,
    and other ongoing awareness activities to ensure insider threat awareness is
    ingrained as a central part of an organization’s culture. Include our individual
    responsibilities to report suspicious activity.
  • Network
    Monitoring. Monitor and baseline normal behavior and set alerts on deviations
    from normal behavior.
  • Separation
    of Duties. This requires dividing functions among multiple personnel to make it
    difficult for one individual to cause damage to an organization without a
    co-conspirator. It should take two to tango.
  • Job
    Rotation. When possible, create a work culture that fosters the sharing of
    ideas, but relies on the basics of cybersecurity to ensure you have a means to
    identify possible unusual user behavior. Job rotation is a great countermeasure
    to the insider threat. Job rotation improves your workforce skills and
    minimizes complacency from repeating the same tasks day in and day out.
  • Onboarding/Offboarding.
    An effective tool in defending against the insider is a command’s
    Onboarding/Offboarding process. When you onboard a new hire, you have the
    opportunity to share the organization’s vision, mission, and expected behavior.
    When using offboarding, you can see what the organization is doing right,
    ensure a smooth transition, and ensure that the former employee no longer has
    access to vital information technology resources.

Fight the Good
Fight

There is no guarantee to rid our networks of the insider threat, but we can minimize the damage. We can all work together and do our part to ensure the damage done by the insider does not result in grave harm to our information systems and networks. Take user awareness training seriously, do not be afraid to speak up, govern your network hygiene, and be a part of the solution. The insider threat not only affects our cybersecurity posture, but the malicious insider degrades our operations security and counter intelligence activities. Our network depends on you — the users and administrators. For news and information from Commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, visit www.navy.mil/local/FCCC10F/ or follow us on twitter @USFLEETCYBERCOM.

Graphic illustration by Defense Media Activity

Cybersecurity: More than a Buzzword

By Chief of Naval Operations Adm. Mike Gilday

Cybersecurity has my full
attention… and it should have yours too.

From personal mobile phone apps to
our classified systems, cyber is intertwined with everything we do, both in our
professional and personal lives. 

No doubt, cyber has enriched our
lives in unimaginable ways. 

But we are also in a cyberfight 24/7, 365-days-a-year, at home and on the job, where the enemy is often unseen. Cyberthreats are all around us and we must be prepared to defend against them.

Information has become the
cornerstone of how the Navy functions in the 21st century. Nothing the Navy
does, or will do, can exist without it.

October, which is National Cybersecurity Awareness Month, should not just be a time to complete our annual cyber training. Rather, we must take time to recognize wherever you are, whatever system you’re operating, every time you log in, you are in a cyberbattle.

We, as a Navy, are also under attack every day. Our adversaries, who are technologically advanced, well-resourced and relentless, are focused on eroding our warfighting advantage by stealing our data, and compromising our networks and systems, including those that control our ships, aircraft, weapons and infrastructure. And they launch full-scale attacks with little or no warning.

Make no mistake. You play an important part in keeping the Navy secure. And we must ensure going forward that our Sailors, civilians, contractors, industry partners, and family members, have a comprehensive understanding of cyberthreats and actions that increase Navy’s cybersecurity readiness.

A successful cyberattack in one part of our network can jeopardize other systems and data because attackers move across the network to other targets once they are inside it – at network speed.

When attackers have this
capability, one mistake by an individual can put others at risk. Because these stakes
are so high, adhering to cybersecurity policies and best practices requires an
“All Hands” approach to keep the Navy and our nation safe.

Throughout the month of October, our N2N6 Team will post resources here. There will be specific information on ways you can protect your home information systems from cyberattacks, and information specific to our cyber professionals.

While the Navy has made strides in
our cybersecurity practices, including the creation of four new directorates
that work for the Department of the Navy’s Chief Information Officer, there is
still more work to be done.

For the Navy to compete, fight and win across the spectrum of our operations – I need you to understand the gravity of the cyberthreats we face. Be vigilant, and know our ability to prevail depends on what you do in cyberspace.

The Navy must dominate the information and cybersphere as we have dominated the maritime environment for the past half-century.

See
you in the Fleet.

Seven Steps to Reducing Your Cybersecurity Risk

By the Office of the Deputy Chief of Naval Operations for Information Warfare Public Affairs

Much of our focus for Cybersecurity Awareness Month is on
how the Navy’s cybersecurity is threatened by nation states, ideologically
motivated hackers, cyber criminals, and malicious insiders. Our cybersecurity
workforce and Cyber Mission Forces battle these cyberspace adversaries every
day. 

But just as importance is for each and every one to pay
close attention to your own cyber vulnerabilities, at work and at home. Those
same adversaries mentioned above can target you whether you are at work or on a
personal device outside of work.

Cyber criminals use some of the same tools and techniques as
these bad actors to target anyone who has a personal computer, smart phone or
smart device. They are primarily interested in financial gain but may hack for
other illegal purposes. Regardless, you are the front line that is defending
your personal data and devices from their attacks.    

The Department of Homeland Security (DHS) has produced a series of short, information-packed, easy-to-read “tip sheets” for protecting yourself online. These guides are available, but we have reposted tip sheets for protecting yourself on the home front. Topics range from social media cybersecurity to protecting internet-connected sensing devices but there are some common themes repeated below:

  • Shake up
    your password protocol.
    According to National Institute for Standards and
    Technology guidance, you should consider using the longest password or
    passphrase permissible. Get creative and customize your standard password for
    different sites, which can prevent cybercriminals from gaining access to these
    accounts and protect you in the event of a breach. Use password managers to
    generate and remember different, complex passwords for each of your accounts.
    Read the Creating a Password Tip Sheet for more information.
  • Double
    your login protection.
    Enable multi-factor authentication (MFA) to ensure
    that the only person who has access to your account is you. Use it for email,
    banking, social media, and any other service that requires logging in. If MFA
    is an option, enable it by using a trusted mobile device, such as your
    smartphone, an authenticator app, or a secure token — a small physical device
    that can hook onto your key ring. Read the Multi-Factor Authentication How-to-Guide
    for more information.
  • Play hard
    to get with strangers.
    Cybercriminals use phishing tactics, hoping to fool
    their victims. If you’re unsure who an email is from — even if the details
    appear accurate — or if the email looks “phishy,” do not respond and do not
    click on any links or attachments found in that email. When available, use the
    “junk” or “block” option to no longer receive messages from a particular
    sender.
  • Never
    click and tell.
    Limit what information you post on social media — from
    personal addresses to where you like to grab coffee. What many people don’t
    realize is that these seemingly random details are all criminals need to know
    to target you, your loved ones, and your physical belongings — online and in
    the physical world. Keep Social Security numbers, account numbers, and
    passwords private, as well as specific information about yourself, such as your
    full name, address, birthday, and even vacation plans. Disable location
    services that allow anyone to see where you are – and where you aren’t – at any
    given time. Read the Social Media Cybersecurity Tip Sheet for more information.
  • If you
    connect, you must protect.
    Whether it’s your computer, smartphone, game
    device, or other network devices, the best defense against viruses and malware
    is to update to the latest security software, web browser, and operating
    systems. Sign up for automatic updates, if you can, and protect your devices
    with antivirus software. Read the Phishing Tip Sheet for more information.
  • Stay
    protected while connected.
    Before you connect to any public wireless
    hotspot – like at an airport, hotel, or café – be sure to confirm the name of
    the network and exact login procedures with appropriate staff to ensure that
    the network is legitimate. If you do use an unsecured public access point,
    practice good Internet hygiene by avoiding sensitive activities (e.g., banking)
    that require passwords or credit cards. Your personal hotspot is often a safer
    alternative to free Wi-Fi. Only use sites that begin with “https://” when
    online shopping or banking.
  • Keep tabs
    on your apps.
    Most connected appliances, toys, and devices are supported by
    a mobile application. Your mobile device could be filled with suspicious apps
    running in the background or using default permissions you never realized you
    approved — gathering your personal information without your knowledge while
    also putting your identity and privacy at risk. Check your app permissions and
    use the “rule of least privilege” to delete what you don’t need or no longer
    use. Learn to just say “no” to privilege requests that don’t make sense. Only
    download apps from trusted vendors and sources.

An additional tip for protecting yourself when accessing
public Wi-Fi is to use virtual private network (VPN) software, which encrypts your
online communications. Anti-virus software companies and other software providers
offer affordable VPN solutions.  

By following the advice in this blog and the more detailed
guidance in the DHS tip sheets, you will reduce your chances of: becoming one
of the 60 million Americans affected by identity theft, being held hostage by a
ransomware attack, or having your credit card exploited.

The good cybersecurity habits you learn and apply at home
will also help you protect the Navy from cyber adversaries when you are at work.
 

U.S. Navy, Marine Corps and Coast Guard Professionals Explore Latest Technologies at WEST Conference 2019

Welcome to Navy Live blog coverage of the 29th WEST Conference in San Diego, California, where military, government and industry professionals experience the leading-edge technologies and state-of-the-art networking capabilities supporting the Sea Services’ operations.

Co-hosted by the U.S. Naval Institute (USNI) and the Armed Forces Communications and Electronics Association (AFCEA) at the San Diego Convention Center, the theme for this year’s conference, held Feb. 13-15, is “Sharpening the Competitive Edge: Are We Ready to Compete, Deter and Win Globally?”

Follow this page for updates.

SAN DIEGO, Cal. (NNS) — Commanders of the U.S. 3rd and 10th fleets have emphasized dynamic force employment at WEST 2019 conference at the San Diego Convention Center.

SAN DIEGO (NNS) — Space and Naval Warfare Systems Command (SPAWAR) announced it will change the names of its Echelon III systems centers, SPAWAR Systems Center Atlantic in Charleston, South Carolina, and SPAWAR Systems Center Pacific in San Diego, to Naval Information Warfare Centers Atlantic and Naval Information Warfare Center Pacific, respectively.

 

SAN DIEGO (Feb. 13, 2019) Under Secretary of the Navy Thomas Modly delivers the luncheon keynote address during the Armed Forces Communication and Electronics Association-U.S. Naval Institute (AFCEA/USNI) WEST 2019. WEST brings together military and industry leaders from the sea services to share information and ideas. (U.S. Navy photo by Mass Communication Specialist 2nd Class Jasen Moreno-Garcia/Released)

 

SAN DIEGO (Feb. 13, 2019) Under Secretary of the Navy Thomas Modly, right, speaks with Vice Adm. Dewolfe Miller, III, commander, Naval Air Forces during the Armed Forces Communication and Electronics Association-U.S. Naval Institute (AFCEA/USNI) WEST 2019. WEST brings together military and industry leaders from the sea services to share information and ideas. (U.S. Navy photo by Mass Communication Specialist 2nd Class Jasen Moreno-Garcia/Released)

 

‘Tis the Season to Practice Cybersecurity

Cyber Monday is here – a day to steal great online deals during this holiday shopping season, but it’s also an opportunity for cyber criminals to steal from shoppers.

So, before you start shopping for your Sailor, family and friends, put the below tips from the Department of Homeland Security on your list as must haves. All hands need to practice cybersecurity because the threat is real:

  • Remembering to hover over hyperlinks and think before you click. A common phishing tactic during the holidays is a phony email saying an order has shipped, with links like “Click here for expected delivery date” or prompts for your login and password to a particular website.
  • Avoiding making purchases over public Wi-Fi. Use your cellular data for financial transactions instead.
  • Using your credit card rather than your debit card for online purchases. Credit cards offer more consumer protections if your card is compromised and will not impact your checking account like a debit card. Continue to monitor your credit card and bank statements regularly to detect any fraudulent activity that might go unnoticed.
  • Choosing encrypted shopping websites for safer transactions. There are two ways to tell if a site uses encryption: a closed padlock icon in the status bar at the bottom of your browser window or at the top of the browser window, or a website address that begins with “https:” rather than just “http:”.
  • Heeding “certificate error” messages. If you receive a notice that says “certificate error,” examine who issued the certificate, ensure the name matches the site you are visiting, and ensure the certificate has not expired.
  • Downloading vetted apps. Never install software outside of your phone’s designated app store, and only use trusted vendor apps when shopping from your phone.
  • Creating strong passwords. Avoid using the same password for your online accounts; otherwise, one compromised account can translate to multiple compromised accounts.

It’s also a good idea to use a virtual private network any time you connect to the internet using a Wi-Fi network that you don’t recognize. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security.

ARABIAN GULF (Dec. 19, 2017) Sailors sort incoming mail in the hangar bay of the aircraft carrier USS Theodore Roosevelt (CVN 71). (U.S. Navy photo by Mass Communication Specialist 3rd Class Victoria Foley/Released)
ARABIAN GULF (Dec. 19, 2017) Sailors sort incoming mail in the hangar bay of the aircraft carrier USS Theodore Roosevelt (CVN 71). (U.S. Navy photo by Mass Communication Specialist 3rd Class Victoria Foley/Released)

 

We’re in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Check out this blog for more information about how to go from vulnerable to cyber secure.

‘Tis the Season to Practice Cybersecurity

Cyber Monday is here – a day to steal great online deals during this holiday shopping season, but it’s also an opportunity for cyber criminals to steal from shoppers.

So, before you start shopping for your Sailor, family and friends, put the below tips from the Department of Homeland Security on your list as must haves. All hands need to practice cybersecurity because the threat is real:

  • Remembering to hover over hyperlinks and think before you click. A common phishing tactic during the holidays is a phony email saying an order has shipped, with links like “Click here for expected delivery date” or prompts for your login and password to a particular website.
  • Avoiding making purchases over public Wi-Fi. Use your cellular data for financial transactions instead.
  • Using your credit card rather than your debit card for online purchases. Credit cards offer more consumer protections if your card is compromised and will not impact your checking account like a debit card. Continue to monitor your credit card and bank statements regularly to detect any fraudulent activity that might go unnoticed.
  • Choosing encrypted shopping websites for safer transactions. There are two ways to tell if a site uses encryption: a closed padlock icon in the status bar at the bottom of your browser window or at the top of the browser window, or a website address that begins with “https:” rather than just “http:”.
  • Heeding “certificate error” messages. If you receive a notice that says “certificate error,” examine who issued the certificate, ensure the name matches the site you are visiting, and ensure the certificate has not expired.
  • Downloading vetted apps. Never install software outside of your phone’s designated app store, and only use trusted vendor apps when shopping from your phone.
  • Creating strong passwords. Avoid using the same password for your online accounts; otherwise, one compromised account can translate to multiple compromised accounts.

It’s also a good idea to use a virtual private network any time you connect to the internet using a Wi-Fi network that you don’t recognize. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security.

ARABIAN GULF (Dec. 19, 2017) Sailors sort incoming mail in the hangar bay of the aircraft carrier USS Theodore Roosevelt (CVN 71). (U.S. Navy photo by Mass Communication Specialist 3rd Class Victoria Foley/Released)
ARABIAN GULF (Dec. 19, 2017) Sailors sort incoming mail in the hangar bay of the aircraft carrier USS Theodore Roosevelt (CVN 71). (U.S. Navy photo by Mass Communication Specialist 3rd Class Victoria Foley/Released)

 

We’re in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Check out this blog for more information about how to go from vulnerable to cyber secure.

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.

Getting from Vulnerable to Cyber Secure

By George Bieber
Naval Information Forces Public Affairs

We are in the cyber fight 24/7. Ransomware attacks, identity theft and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, consider yourself lucky, but don’t let your luck lead you to complacency.

Below are tips recommended by military and private sector computer experts to better protect your personal information online:

  • Install an antivirus and update it.
    Antivirus software and updates are automatically covered at our worksites by Naval Information Forces’ Information Technicians (IT) Sailors at numerous commands around the globe and Navy/Marine Corps Intranet (NMCI) via Naval Network Warfare Command (NETWARCOM). For your computers at home, download antivirus software, which will help protect your computer against viruses and malware.
  • Explore security tools you install.
    Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Ensure your antivirus is configured and working correctly.
  • Use unique passwords for each account.
    One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use strong, unique passwords for every online account, preferably featuring 14 characters that combine upper and lower case letters, numbers and special characters.
  • Get a VPN and use it.
    Any time you connect to the nternet using a Wi-Fi network that you don’t recognize, use a virtual private network, or VPN. A VPN hides your IP address and encrypts your internet traffic, providing enhanced online security to the user.
  • Use two-factor authentication.
    Two-factor authentication means you need to pass another layer of authentication other than a password. This could include a fingerprint, facial recognition or a text. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
  • Use passcodes.
    Use a passcode lock on every smart device to protect your personal data. Many smartphones offer a four-digit PIN by default. Set a strong passcode, not an obvious four-digit PIN such as 1-4, last four digits of a Social Security Number, birthday or phone number.
  • Use different email addresses for different accounts.
    Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it and create a new one.
  • Clear your cache.
    To better protect that information that may be lurking in your web history, be sure to delete browser cookies and clear your browser history on a regular basis. To clear your cache, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
  • Turn off the ‘save password’ feature in browsers.
    When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If password managers can do that, you can be sure some malicious software can do the same.
  • Don’t fall prey to click bait.
    Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also include links in email, messaging apps and on social media sites. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device. Don’t click links in emails or text messages unless they come from a trusted source, and even then you should exercise caution.
  • Protect your social media privacy.
    Make sure you’ve configured each social media site so that your posts aren’t public. Think twice before revealing too much in a post, since your friends might share it with others. With care, you can retain your privacy without losing the entertainment and connections of social media.

Following these simple guidelines will help decrease your vulnerability in the cyber battlespace, and ensure that your personal data is better protected.

Click on the image to enlarge it.