Defense News: Cybersecurity Awareness Month: Teleworking or off duty? Here are some cybersecurity best practices while on the go

Source: United States Navy

“In an increasingly mobile world, maintaining vigilance in all cyber situations is an absolute must,” said Rear Adm. Tracy Hines, director of the Navy’s Enterprise Networks and Cybersecurity Division. “This includes exercising good digital citizenship even when not logged onto a Navy network. Our online behavior, no matter what the circumstance, must reflect the highest standards of character and conduct.”

In keeping with the National Cybersecurity Alliance’s Cybersecurity Awareness Month theme of “See Yourself in Cyber,” this week the Navy is asking Sailors and staff to see themselves in cyber while interacting on the internet in a remote or non-work capacity.

Here are some best practices to keep in mind while working remotely or off duty:

– Know and follow your agency’s cybersecurity and telework policies and ensure you are current on mandatory training. Department of the Navy information technology, information management, and cybersecurity policy and guidance may be found here: https://www.doncio.navy.mil/Policy.aspx. Check with your leadership for agency-specific guidance.

– Only connect government furnished equipment (GFE) to a network over which you have complete control, such as a home Wi-Fi network. If you must use public Wi-Fi, be sure to utilize a virtual private network (VPN) to protect your data.

– Be cognizant of your surroundings to deter eavesdropping and shoulder surfing, and always remove your CAC card from your machine when not in active use.

– Only use agency-approved collaboration tools, including but not limited to chat and video conferencing platforms. The Navy’s enterprise collaboration tool is Microsoft Teams.

– Store work-related content on GFE and agency-approved cloud services only. Do not forward work emails to a personal email account.

– Do not print work-related materials at home or on a public printer. Be mindful of how you handle paper documents outside the office and remember that a locked personal residence is not considered a secure facility for the handling of classified materials.

– Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that adversaries need to know to target you and your loved ones—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.

– Be careful of who you allow to be a “friend” or “follower,” and be mindful of the difference. Social media platforms may allow different levels of access to your profile depending on your relationship with those with whom you connect.

– Speak up if you’re uncomfortable. If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if someone approaches you because something you’ve posted makes them uncomfortable. People have different tolerances for how much the world knows about them, and it is important to respect those differences. Don’t hesitate to report any instance of cyberbullying, suspicious, or harassing activity. Work with the social media platform to report, and possibly block, harassing users. Report an incident if you’ve been a victim of cybercrime. Local and national authorities are ready to help you.

Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more common. Celebrating its nineteenth year, the campaign has grown globally since its inception, reaching consumers, small and medium-sized businesses, corporations, and families in over 75 countries and territories.

For more information on the Navy’s Cybersecurity Awareness Campaign, visit doncio.navy.mil and search “Cybersecurity Awareness Month.”