All Hands Need to Practice Cyber Safety

By George D. Bieber
Naval Information Forces Public Affairs

Cyberthreats come from a variety of sources including nation states, profit-motivated criminals, ideologically motivated hackers, extremists and terrorists. When you log on to a Navy network or system, you’re in the cyber battlespace.

If there are weaknesses in the Navy’s defenses, its networks and computers can be compromised by attackers with relatively limited resources. Cyber attackers only have to be successful once to do significant damage; we cannot afford to make any mistakes.

Follow the below best practices to keep Navy networks and systems secure:

Don’t Take the Bait
Always verify source of emails and the links in emails. If you’re directed to a site for an online deal that looks too good to be true, it probably is.

Phishing (“fishing”) is a form of email spoofing. By clicking on a link in what appears to be a legitimate email (“taking the bait”), you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening an infected email attachment can also install bad software on your computer.

Spear-phishing is a form of phishing that targets a specific organization. Spear-phishing emails appear to be from an individual or business you know. Spear-phishing attempts are not typically initiated by “random hackers,” but are more likely to be conducted by those seeking financial gain, trade secrets or military information. Signs that an email may be a spear-phishing attempt include: Sender’s name, organization and/or company do not match the email address or digital signature

The use of words such as official, mandatory, urgent, etc.

The link text may not match associated URL

Contains unsolicited requests for personal information

The use of overly poor grammar and contains multiple misspellings.

When in Doubt, Throw it Out Don’t open suspicious links in emails, tweets, posts, messages or attachments, even if you know the source. Don’t Connect Unauthorized Devices to Navy Networks Don’t connect unauthorized devices, such as thumb drives and cell phones, to your computer. Unauthorized devices may contain software that can allow an attacker inside the Navy’s network. Remove Your CAC Remove your CAC or lock your computer when you’re not using it. Don’t make it easy for an inside attacker to access data on your computer by leaving it unlocked when you’re away. Use a Better Password Don’t use easily guessed or weak passwords, and safeguard them so they can’t be stolen. Password best practices include: Use different passwords for every account Make passwords a minimum of eight characters long and include at least one number, one capital letter, one lower case letter and one special character Select the first letter of each word in an easily remembered phrase for the letters in your password. For example, “stand Navy down the field, sails set to the sky” becomes “sNdtfsstts” Don’t use names or words that can be found in any dictionary (including foreign languages). Don’t use keyboard patterns Routinely change passwords […]