Cybersecurity Awareness Month: Stay safe online at work

William B. King/2nd Signal Brigade
Staff Sgt. Johnnie Robinson, 2nd Theater Signal Brigade command group noncommissioned officer, uses a government computer with Microsoft Windows 10 operating system Oct. 2 in Wiesbaden.

October is National Cybersecurity Awareness Month and marks the kickoff of the yearlong Army Cybersecurity Awareness Campaign. The Army campaign is designed to increase readiness through improving awareness of cyber threats and incidents as well as their impact to Army missions. The Cybersecurity Awareness efforts also highlight how Soldiers and civilians need to respond in order to safeguard the Army.

Nic Hall, 2nd Theater Signal Brigade information systems security manager, provides some useful information for Soldiers, civilians, local national employees and other authorized users on government computers or networks.

1. Secure your Common Access Card, or CAC, at all times. Keep it safe on your person and be sure to remove it from your computer each time you leave your workstation.

2. Create a strong password of at least 15 characters with upper and lower case letters, numbers and special characters. Memorize your password, don’t write it down anywhere.

“There’s a lot of complexity when choosing your password, depending on the site,” Hall said. “Think of a phrase you can remember, then add some special characters and numbers.”

3. Watch out for phishing attacks. These attacks use a variety of sophisticated means to try to obtain sensitive information such as your date of birth, social security number, banking information, or usernames and passwords. Hall recommends looking carefully at the digital signature and the domain from where the email is coming to determine whether it is from a trusted source.

4. If you see something, say something. Don’t forward suspicious emails to anyone else, don’t download any documents and don’t click on any links.

“When you get an email that you think is suspicious, it could be a phishing attack or spam attack. What you need to do is notify your cybersecurity and provide us a copy of the email,” Hall said.

5. Annual training. Users need to continuously educate themselves, such as through annual cyber awareness and information assurance training.

“You can have a perfect (cybersecurity) plan in place, but if your users are not educated and don’t understand the technology they work with, then they will constantly leave themselves and the organization vulnerable to cyberattacks,” Hall said.

For more information contact your unit information assurance, cybersecurity division, or S-6 and G-6 section.

Cyber tips:

All personnel should be aware of online risks and the simple steps they can take against cyber threats. During a Senate hearing in March 2013, the nation’s top intelligence officials warned that cyber-attacks and digital spying are the top threat to national security, eclipsing terrorism. With the growing volume and sophistication of cyber-attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.

• When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a ‘https:’ URL whereby the ‘s’ stands for ‘secure’ rather than a ‘http:’. Also, beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.

• Don’t leave data or portable computing devices alone and in view.

• Choose strong passwords with letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly.

• Be suspicious of any unexpected email attachments even if they appear to be from someone you know. A simple rule of thumb is that if you don’t know the person who is sending you an email, be very careful about opening the email and any file attached to it. Should you receive a suspicious email, the best thing to do is to delete the entire message, including any attachment.

• Know how and when to say no. Don’t share protected personal information with strangers.

• Microsoft never sends out patches or updates by email. There are no exceptions. Keep that in mind and you won’t be a victim of a Microsoft patch hoax.

• Don’t let your trash become someone else’s treasure. Feed your shredder often.

Never use public computers to log in to any accounts
Be extremely cautious on public computers in public places like airports, hotel lobbies and internet cafes. Keep activities as generic and anonymous as possible.

Share with care
Think twice before posting pictures that would reveal you are not home or that you would not want certain people (like your parents or employer) to see.

Actively manage location services
Location tools come in handy while planning your trip or navigating a new city, but they can also expose your whereabouts – even through photos. Turn off location services when
they’re not in use.

Get savvy about WiFi hot spots
Do not transmit personal info or make purchases on unsecure networks like those in local cafes and hotel lobbies. Instead, use a virtual private network (VPN) or your phone’s cellular connection as a personal hotspot to surf more securely.

Cyber Awareness Month tips courtesy of Dr. Joseph Brown, USAG Wiesbaden Cybersecurity and