HURLBURT FIELD, Fla -- Team Hurlburt,
Over the past month several senior military and government officials have been subject to intrusions into their personal commercial e-mail accounts (Gmail, Yahoo, AOL, etc).
Below are steps Department of Defense personnel must take to help secure their personal computers, hand held devices, and e-mail accounts.
1. Accessing the Internet and protecting your home computer:
- Avoid using publically available and non-secure Wi-Fi. If you must use it, do not go to sites where you input your password or other personal data.
- Enable encryption on home wireless router and set strong passwords.
- Use firewall & antivirus programs on home computers.
- Install all patches, when they become available.
- Do not allow anyone to download software on your computer.
- Do not use unknown thumb drives.
- Download software from reputable sources only.
- Do not click on suspicious links or open attachments from unknown users.
- Do not configure computers to automatically open attachments.
2. Web sites and Internet activity:
- Avoid questionable websites.
- Choose security questions that have answers not discoverable on the Internet.
- Choose web browsers known to provide more security (e.g. Chrome).
- Do not conduct work-related business on your personal accounts.
3. Social media security:
- Facebook, Twitter, LinkedIn and other social media platforms are invaluable tools, but they introduce numerous security hazards, including data leakage, reputational damage, social engineering opportunities and lawsuits stemming from inappropriate use.
- Social media users tend to see the sites as a vehicle for personal expression. If used inappropriately they may pose a risk to their professional life and organization.
- Personal profile data such as title & organizational role details divulge data about organizational initiatives, travel, technologies, or management may be used by hackers for social engineering or phishing purposes.
- Users must be vigilant about friending bogus Facebook accounts. This may allow hackers to harvest sensitive user photos, phone numbers, and email addresses for social engineering attacks.
4. Passwords:
- Use 2-factor authentication when you log into commercial accounts.
- Use different passwords for every account.
- Choose strong passwords (A minimum of 8 characters long and include at least one number, one capital letter, one lower case letter and one special character).
-- Do not use names or words that can be found in the dictionary
-- Do not use keyboard patterns.
- Routinely change passwords on all accounts.
- Do not change passwords in a serial fashion (e.g., Password_5 replaced with Password_6).
- If you save your passwords to a file, password protect and encrypt that file.
- Do not write down passwords and keep them in your wallet/purse.
- Do not store passwords in the cookies of your browser.
If you have questions please contact Hurlburt's Wing Cybersecurity Office (WCO) at 884-6605 or DSN: 579-2666.