Official websites use .mil
Secure .mil websites use HTTPS
“Cybersecurity is a Navy priority and commander’s business,” said Scott St. Pierre, Director of the Navy’s Enterprise Networks and Cybersecurity Division. “We are in a cyber-fight all day every day, on the job and at home. The threats are both nation states and cybercriminals. Therefore, we must be prepared.”
Cybercriminals often rely on operator mistakes to gain access to systems: 95 percent of all cybersecurity breaches are due to human error.
Here are some best practices to keep in mind while at your desk:
· Every member of the Navy team shares responsibility to protect the Navy’s systems and information. Every time you check your e-mail, access a shared drive, or log onto a network, you are a cyber-warrior, and cybersecurity is your responsibility.
· Verify links and files before clicking or downloading; both are common attack vectors for nation states, criminals, and insider threats.
· When clicking on hyperlinks in emails, hover over the link to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect user information.
· Always check the “To” and “Cc” line to ensure information is being sent to those with a need to know.
· Make passwords complex and change them frequently. Strong passwords include one uppercase letter, one lowercase letter, at least one number and 11 or more characters. Never write passwords down.
· Keep your computer healthy. This includes reading User Awareness Bulletins and acting as necessary to install software updates and apply security patches when prompted.
· Keep your Common Access Card (CAC) in your possession at all times. Your CAC serves as part one of two-factor authentication; it is something you have. Your PIN, something only you know, serves as part two. A bad actor in possession of even one part of two-factor authentication increases the likelihood of them gaining access.
· Report phishing or suspicious activity. According to the National Cybersecurity Alliance, only 22 percent of email recipients report phishing. Use your Information Systems Security Manager and cybersecurity professionals for support.
Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more common. Celebrating its twentieth year, the campaign has grown globally since its inception, reaching consumers, small and medium-sized businesses, corporations, and families in over 75 countries and territories.
For more information on the Navy’s Cybersecurity Awareness Campaign, visit doncio.navy.mil and search “Cybersecurity Awareness Month.”