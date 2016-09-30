One of the Federal Government’s most important missions is to provide citizens, customers, and partners with easy access to government information and services.

As society increasingly relies on social media as a primary source for information, it is clear that these platforms have an important role to play in the Federal Government’s communication strategy, including its move toward a digital, open government. Social media allows an agency to post messages in places where people regularly interact, and ensures it reaches interested audiences – including audiences known to the agency as well as those that are unknown. In addition, social media enhances the Federal Government’s situational awareness by enabling agencies to learn about problems and issues being discussed by different audiences, and allowing agencies to react, respond, and assist the public more efficiently and effectively. Government agencies also may use social media to fulfill their operational missions, for example, detecting and preventing benefit fraud and abuse.

Cybersecurity Risks

According to the CIO Council’s Guidelines for Secure Use of Social Media by Federal Departments and Agencies, social media technologies such as wikis, blogs, and social networks are especially vulnerable to the following methods and techniques of cyber attacks:

Spear Phishing: Spear phishing targets a specific user or group of users, and attempts to deceive the user into performing an action that launches an attack, such as opening a document or clicking a link. Spear phishers rely on knowing a personal piece of information about their target, such as an event, interest, travel plans, or current issues. Sometimes this information is gathered by hacking into a targeted network, but more often it is easier to look up the target on a social media network. Spear phishers use social media as an alternative way to send phishing messages as the social media platform bypasses traditional email security controls such as antivirus protection. Social media websites can be used as a propagation mechanism to trick users into opening a document or clicking a link.

Social Engineering: Social engineering relies on exploiting the human element of trust. The first step in any social engineering attack is to collect information about the attacker’s target. Social media websites can reveal many details of personal information, including resumes, home addresses, phone numbers, birth dates, employment information, work locations, family members, education, hobbies, interests, and photos. Social media websites may share more personal information than users expect or need to, and attackers are earnestly using social media to learn personal information about an individual. By expressing interest in similar topics, the attacker builds a trust relationship with the victim. This positions the attacker to influence the victim’s friends and co-workers, or even to collect sufficient information about the victim to fraudulently pose as him or her.

Web Application Attacks: Social media websites are attractive to attackers who are looking to slip in malicious code or to link to off-site content that contains malware (short for malicious software) because malicious content is easy to disguise as valid content on social media websites. There is also a risk that developers of user-generated games and applications on some websites can have code approved and then inject malicious code at a later time. If an attacker hijacks the account of a federal user or a federal account, there is an elevated risk that unauthorized posts, tweets, or messages may be seen by the public as official messages, or may be used to spread malware by encouraging users to click links or download unwanted applications (i.e., “web application attacks”) or malware.

Another common risk associated with the use of social media is the accidental or unintended release of sensitive, For Official Use Only (FOUO), or classified information. This can be caused by an exfiltration of the information by a hacker or by an employee who may not be aware that the information should not be disclosed publicly.

All of the risks mentioned above can be mitigated by implementing both technical and non-technical security controls, including role-based training for employees who are responsible for managing social media accounts on behalf of the agency and through strong language in contracts with third parties.

Personal information is like money.

Value it. Protect it.

Secure your devices: Use strong passwords, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.

Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.

Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are in range. Disable WiFi and Bluetooth when not in use.

Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal mobile hotspot if you need a more secure connection on the go.

Source: stopthinkconnect.org

“Technology plays an increasingly significant role in our daily lives. The rise of the Internet has brought incredible opportunity and new ways of innovating and enhancing our way of life — but with great

potential also comes heightened risk to our data. Keeping cyberspace secure is a matter of national security, and in order to ensure we can reap the benefits and utility of technology while minimizing the dangers and threats

it presents, we must continue to make cybersecurity a top priority. Throughout National Cybersecurity

Awareness Month, we recognize the role that individuals can play in enhancing cybersecurity, and we join to raise awareness of the importance of securing our information against cyber threats. …”

– President Barack Obama, National Cybersecurity Awareness Month, 2016

Read the proclamation in full online at https://www.whitehouse.gov/the-press-office/2016/09/30/presidential-proclamation-national-cybersecurity-awareness-month-2016.

Learn how to protect yourself online

The Army Europe Information Technology Training program is offering a Cybersecurity Awareness Briefing Oct. 14 from 9 to 11 a.m. and 1:30 to 3:30 p.m. at the Tony Bass Auditorium. Learn how to protect personal information and create passwords, take charge of your online safety and reputation, safely use social networks, use security software, understand how your data is shared and more. For more information, contact Marzia Tumeo at DSN 537-6422 or marzia.tumeo.ctr@mail.mil.

Official Facebook pages

A complete list can be found at www.army.mil/media/socialmedia.

Facebook.com/usagwiesbaden (U.S. Army Garrison Wiesbaden)

Facebook.com/IMCOMEurope (IMCOM-E)

Facebook.com/InstallationManagementCommunity (IMCOM)

Facebook.com/USArmyEurope (U.S. Army Europe)

Facebook.com/BrigadeofExcellence (2nd Signal Brigade)

Facebook.com/5sigcmd (5th Signal Command (Theater))

Facebook.com/europedistrict (USACE-E)