Cybersecurity in the workplace

DOVER AIR FORCE BASE, Del. — Rapidly evolving technologies demand for you to be the first line of defense for protecting our Cyberspace Domain. Cybersecurity in the Workplace is everyone’s business. Protecting your personal information and Air Force (AF) operations, missions and functions are critical to its success. Incorporating computer security must become second nature to you in the workplace. From the moment you pass through the security checkpoint and get your common access card (CAC) back, you’re setting the tone for operational readiness. AF Instructions, policies and guidance provide the AF imperatives authority, responsibility and accountability necessary to promote a culture that is risk aware and complies with practices that minimize vulnerabilities to AF networks, systems and information.

• Do you guard against the piggy-backers when entering your office?

• Do you block the cipher padlock on your door from the shoulder-surfer?

• Do you know what to do if you get a suspicious email?

• Do you have an Incidence Card placed on the wall next to your computer?

• Do you have your password written down at your desk? (No!)

Let’s keep our network clean. Cyber Hygiene is the establishment and maintenance of one’s online safety. The Air Force is just one part within the Department of Defense (DoD) infrastructure of trusted environments for confidential information exchange. Just because the DoD’s defenses are on high alert doesn’t mean attacks aren’t happening daily.

• More than one million Cyber-attacks on the U.S. Air Force network every day

• Phishing is the largest vulnerability of Air Force personnel.

• Additional common threats:

• Personal external devices (cell phones and hard drives)

• Insider threat from disgruntled employees seeking to cause harm

People are the weakest link in our security program. This is why you’re required to complete your cybersecurity training annually and other system specific training to maintain your access. Unscrupulous hackers will attempt to gain information in person, by phone, mail or email regardless of how secure a network, website, software or hardware is configured. Here are a few helpful ways to keep them out and keep your network safe.

Use R-E-A-D

R = is the email Relevant to what you are working on?

E = was the email Expected?

A = was the email Addressed correctly?

D = was the email Digitally Signed?

If it isn’t Relevant, don’t act upon it (Forward or Reply) and don’t click on any links in the email.

If the email comes out of the blue, don’t act upon it.

Compare the address with the legitimate email address that was received previously.

Trust only emails that are digitally signed.

Home security tips include the following:

• Establish strong passwords

• Put up a strong firewall

• Install antivirus protection

• Update your programs regularly

• Secure your laptops

• Secure your mobile phones

• Backup regularly

• Monitor diligently

• Be careful with e-mail, IM and surfing the Web

• Educate your employees

Resources: http://www.stopthinkconnect.org.

https://www.telesign.com/blog/post/fraud-fighters-stop-think-connect.

http://www.dhs.gov/stopthinkconnect-national-network.

http://www.dhs.gov/publication/stopthinkconnect-government-resources.

http://www.dhs.gov/publication/stopthinkconnect-young-professional-resources.