By George D. Bieber
Naval Information Forces Public Affairs
Cyberthreats come from a variety of sources including nation states, profit-motivated criminals, ideologically motivated hackers, extremists and terrorists. When you log on to a Navy network or system, you’re in the cyber battlespace.
If there are weaknesses in the Navy’s defenses, its networks and computers can be compromised by attackers with relatively limited resources. Cyber attackers only have to be successful once to do significant damage; we cannot afford to make any mistakes.
Follow the below best practices to keep Navy networks and systems secure:
Don’t Take the Bait
Always verify source of emails and the links in emails. If you’re directed to a site for an online deal that looks too good to be true, it probably is.
Phishing (“fishing”) is a form of email spoofing. By clicking on a link in what appears to be a legitimate email (“taking the bait”), you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening an infected email attachment can also install bad software on your computer.
Spear-phishing is a form of phishing that targets a specific organization. Spear-phishing emails appear to be from an individual or business you know. Spear-phishing attempts are not typically initiated by “random hackers,” but are more likely to be conducted by those seeking financial gain, trade secrets or military information. Signs that an email may be a spear-phishing attempt include:
- Sender’s name, organization and/or company do not match the email address or digital signature
- The use of words such as official, mandatory, urgent, etc.
- The link text may not match associated URL
- Contains unsolicited requests for personal information
- The use of overly poor grammar and contains multiple misspellings.
When in Doubt, Throw it Out
Don’t open suspicious links in emails, tweets, posts, messages or attachments, even if you know the source.
Don’t Connect Unauthorized Devices to Navy Networks
Don’t connect unauthorized devices, such as thumb drives and cell phones, to your computer. Unauthorized devices may contain software that can allow an attacker inside the Navy’s network.
Remove Your CAC
Remove your CAC or lock your computer when you’re not using it. Don’t make it easy for an inside attacker to access data on your computer by leaving it unlocked when you’re away.
Use a Better Password
Don’t use easily guessed or weak passwords, and safeguard them so they can’t be stolen. Password best practices include:
- Use different passwords for every account
- Make passwords a minimum of eight characters long and include at least one number, one capital letter, one lower case letter and one special character
- Select the first letter of each word in an easily remembered phrase for the letters in your password. For example, “stand Navy down the field, sails set to the sky” becomes “sNdtfsstts”
- Don’t use names or words that can be found in any dictionary (including foreign languages).
- Don’t use keyboard patterns
- Routinely change passwords on all accounts
- Do not change passwords in a serial fashion (e. g., password2015 replaced with password2016)
- If you save your passwords to a file, password protect and/or encrypt the file
- Don’t write down your passwords or keep them in your wallet/purse
- Don’t allow your browser to store your passwords.
Safeguard Your Personally Identifiable Information (PII)
Attackers can use information they’ve obtained about you to appear legitimate so they can trick you into surrendering data they need to breach our networks and systems.
To protect your PII, be savvy about providing information online and use good security practices when using social media sites. Choose security questions that have answers not discoverable on the internet (e.g., do not choose the street you grew up on, your mother’s maiden name, etc.) and don’t conduct work-related business on your personal account. Facebook, Twitter, LinkedIn and other social media platforms can introduce security hazards. Personal profile information on these sites may be used by hackers for social engineering or phishing purposes. Also, be extra vigilant about friending bogus social media accounts, which can allow hackers to harvest sensitive user photos, phones numbers and email addresses for social engineering attacks.
Don’t Use P2P Programs
Don’t use peer-to-peer file sharing programs. These programs can spread bad software inside the Navy’s network defenses.
Stay on Known Good Websites
Use websites that are business related or known good websites.
Don’t Use Systems in Unauthorized Ways
The Navy has established policies to protect itself from compromise. Don’t put others at risk by using systems in ways that aren’t authorized.