Defense News: In the office? Here are some cybersecurity best practices while logged on to a Navy network

Source: United States Navy

“Cybersecurity is a Navy priority and commander’s business,” said Rear Adm. Tracy Hines, director of the Navy’s Enterprise Networks and Cybersecurity Division. “Any individual logging on to a Navy information system is immediately on the front lines of the cyber battlespace.”

In keeping with the National Cybersecurity Alliance’s Cybersecurity Awareness Month theme of “See Yourself in Cyber,” this week the Navy is asking Sailors and staff to see themselves in cyber while in the office or “on duty.”

Cybercriminals often rely on operator mistakes to gain access to systems; 95 percent of all cybersecurity breaches are due to human error.

“Cyber compliance alone will not keep us safe,” said Rear Adm. Hines. “The annual cyber awareness challenge does not equate to the automatic defense of our networks, and that’s where our people come in. It’s on all of us to protect our information systems.”

Here are some best practices to keep in mind while at your desk:

– Every member of the Navy team shares responsibility in protecting the Navy’s systems and information. Remember that every time you check your e-mail, access a shared drive, or log onto a network, you are immediately a cyber warrior, and cybersecurity is the best means of defense.

– Verify links and files before clicking or downloading; both are common attack vectors for nation states, criminals, and insider threats.

– When clicking on hyperlinks in emails, hover over the link to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.

– Always check the “To” and “Cc” line to ensure information is being sent to those with a need to know.

– Make passwords complex and change them frequently. Strong passwords include one uppercase letter, one lowercase letter, at least one number and 11 or more characters. Never write passwords down.

– Keep your computer healthy. This includes reading User Awareness Bulletins and acting as necessary to install software updates and apply security patches when prompted.

– Keep your Common Access Card (CAC) in your possession at all times. Your CAC serves as part one of two-factor authentication; it is something you have. Your pin, something only you know, serves as part two. A bad actor in possession of even one part of two-factor authentication increases the likelihood of access.

– Report phishing or suspicious activity. According to the National Cybersecurity Alliance, only 22 percent of email recipients report phishing. Utilize your Information Systems Security Manager and cybersecurity professionals for support.

Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more common. Celebrating its nineteenth year, the campaign has grown globally since its inception, reaching consumers, small and medium-sized businesses, corporations, and families in over 75 countries and territories.

For more information on the Navy’s Cybersecurity Awareness Campaign, visit doncio.navy.mil and search “Cybersecurity Awareness Month.”