SUFFOLK, Va. (NNS) — Cyber threats come from a variety of sources including nation states, profit-motivated criminals, ideologically motivated hackers, extremists and terrorists. When you log on to a Navy network or system, you're in the cyber battlespace.
If there are weaknesses in the Navy's defenses, its networks and computers can be compromised by intruders with relatively limited resources. Cyber adversaries only have to be successful once to do significant damage; we cannot afford to make any mistakes.
Follow these best practices to keep Navy networks and systems secure.
Don't Take the Bait — Always verify source of emails and the links in emails. If you're directed to a site for an online deal that looks too good to be true, it probably is fraudulent. Phishing or fishing is a form of email spoofing. By clicking on a link in what appears to be a legitimate email or taking the bait, you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening an infected email attachment can also install bad software on your computer.
Spear-phishing is a form of phishing that targets a specific organization. Spear-phishing emails appear to be from an individual or business you know. Spear-phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by those seeking financial gain, trade secrets or military information. Signs that an email may be a spear-phishing attempt include:
- Sender's name, organization and/or company not matching the email address or digital signature;
- Words such as official, mandatory, urgent, etc.;
- Link text may not match associated URL;
- Unsolicited requests for personal information;
- Poor grammar and multiple misspellings.
When in Doubt, Throw it Out — Don't open suspicious links in emails, tweets, posts, messages or attachments, even if you know the source.
Don't Connect Unauthorized Devices to Navy Networks — Don’t connect unauthorized devices, such as thumb drives and cell phones, to your computer. Unauthorized devices may contain software that can allow an intruder inside the Navy's network.
Remove Your Common Access Card (CAC) — Remove your CAC or lock your computer when you’re not using it. Don't make it easy for someone to access data on your computer by leaving it unlocked when you're away.
Use A Better Password — Don't use easily guessed or weak passwords, and safeguard them so they can't be stolen. Password best practices include:
- Use different passwords for every account.
- Make passwords a minimum of 8 characters long and include at least one number, one capital letter, one lower case letter and one special character.
- Select the first letter of each word in an easily remembered phrase for the letters in your password. For example, stand Navy down the field, sails set to the sky becomes sNdtfsstts.
- Don’t use names or words that can be found in any dictionary (including foreign languages).
- Don't use keyboard patterns.
- Routinely change passwords on all accounts.
- Do not change passwords in a serial fashion (e. g., password2015 replaced with password2016).
- If you save your passwords to a file, password protect and/or encrypt the file.
- Don’t write down your passwords or keep them in your wallet/purse.
- Don’t allow your browser to store your passwords.
Safeguard Your Personally Identifiable Information (PII) — Cyber adversaries can use information they've obtained about you to appear legitimate so they can trick you into surrendering data they need to breach our networks and systems.
To protect your PII, be savvy about providing information online and use good security practices when using social media sites. Choose security questions that have answers not discoverable on the Internet — e.g., do not choose the street you grew up on, your mother's maiden name, etc.— and don’t conduct work-related business on your personal account. Facebook, Twitter, LinkedIn and other social media platforms are invaluable tools, but they can introduce security hazards. Personal profile information on these sites may be used by hackers for social engineering or phishing purposes. Also, be extra vigilant about friending bogus Facebook accounts, which can allow hackers to harvest sensitive user photos, phones numbers and email addresses for social engineering attacks.
Don't Use P2P Programs — Don't use peer-to-peer (P2P) file sharing programs. These programs can spread bad software inside the Navy's network defenses.
Stay on Known, Good Websites — Use websites that are business-related or known to not pose a hazard.
Don't Use Systems in Unauthorized Ways — The Navy has established policies to protect itself from compromise. Don't put others at risk by using systems in ways that aren't authorized.
Complacency about cybersecurity makes the Navy vulnerable to compromises that could significantly affect operations. Your commitment to these cybersecurity best practices will protect the Navy’s operational capabilities and contribute to our cyber fight.
Think cybersecurity before you act.
Navy Information Dominance Forces (NAVIDFOR) is the Navy's global readiness-focused TYCOM responsible for providing Navy Information Dominance capabilities afloat and ashore. It provides commanders ashore and afloat, forward deployable, combat-ready information dominance forces capable of conducting prompt and sustained naval, joint and combined operations in support of U.S. national interests.