This year, President Barack Obama again issued a presidential proclamation declaring October as National Cyber Security Awareness Month. For each week in October, there is a different theme and focus. One of the main themes of the campaign is “Stop. Think. Connect.” and “general online safety.”
More information about the campaign can be found at http://stopthinkconnect.org. This website addresses some information that every Internet user should pay particular attention to:
STOP – Before you use the Internet, take time to understand the risks and learn how to spot potential problems.
THINK – Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety or your family’s.
CONNECT – Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.
When we address the issue of “general online safety,” we are looking at a wide scope of potential capabilities that must be squared away while online. Some of the terminologies have been around for a while and some are relatively new.
As smartphone and tablet technologies continue to replace our existing hardware platforms, there is an increased privacy risk associated with these devices. Most smartphones and tablets have GPS capabilities built in them and location service features are typically turned on by default. When a picture is taken with the smartphone or tablet, the GPS data is embedded into the picture. Anyone who comes across this picture can use the GPS coordinates to determine exactly where the picture was taken. A harmless picture of children playing in the yard could provide the exact location of where the family lives.
Social media continues to have a presence in day-to-day environments. The challenge associated with social networking is the fact that the security features of the individual’s account is constantly changing based on what the site owner is changing. Users are reminded to periodically check their security settings to ensure they are not opening themselves up to invasions of their privacy. Social networking itself is not bad; more often than not, it is the account security settings that are the culprit for unauthorized release of information. A quick Google search will yield many presentations on how to effectively lock down your social networking sites.
Phishing is a terminology that has been around for a while and has been prevalent in today’s society. Hackers and general bad guys attempt to fool an individual by getting the unsuspecting user to willingly divulge their private information. Phishing is still an effective threat vector because of the large number of individuals who fall prey to the hack.
Smishing is new terminology that is just like phishing but is conducted over cell phone text messaging. Smishing happens on cell phones much the same as a user receives an email in their mailbox. If they fall for the bait, their cell phone could be taken control of and any content residing in the device could be stolen.
One of the main keys in ensuring the safety and security of the home information system is by providing updated operating system and application patches along with antivirus signature files.
The second Tuesday of every month is called “Patch Tuesday,” and all Microsoft updates will be released during this timeframe. As far as the applications are concerned, each company has its own release schedule or update feature.
It is recommended to check your applications on a monthly basis to ensure you are running the latest and greatest patches. Antivirus applications are free for all active-duty military and Department of Defense civilian personnel to use on their home computer systems. There are numerous sites that an individual can use in order to download either the McAfee or Symantec solution.
These are among the few sites available:
» https://infosec.navy.mil/main/home?p=5-1
» https://patches.csd.disa.mil/CollectionInfo.aspx?id=213
For questions, contact your unit information assurance officer.
(Article courtesy of HQ USAFE-AFAFRICA Cyber Surety Office)