FORT MEADE, Md. -- National Cybersecurity Awareness Month is the perfect time to recall where Operations Security (OPSEC) and cybersecurity meet, which is of course online.
For example, as the U.S. Navy remains ever vigilant, taking the fight to our adversaries, recent media reports have highlighted the potential risk from information carelessly or inadvertently shared on social media that could be available to adversaries if service members and their families are not practicing OPSEC.
Similarly, there has been a steady stream of reporting on criminal and other malevolent cyber actors who seek information using hoax emails, also known as phishing, to gain access to your finances or other sensitive information. Phishing is an illegal activity using social engineering techniques to fraudulently solicit sensitive information or install malicious software. It solicits sensitive information such as usernames, passwords, personal information, military operations details, and financial and information, for example. Variations include hoaxes via phone calls and text messages.
For the Navy, safety and security are always our highest priority. So, the recent reports on social media risks and new or recycled phishing scams do not necessarily mean there is an increased threat, but we can never let our guard down.
To avoid disclosing your private information publicly via social media or your banking account and other sensitive information to a criminal or the enemy, here are five things to keep in mind always:
- Never share anything online you would not tell directly to the enemy.
- Never post private or personal information.
- Assume any information you share electronically will be made public.
Phishing scams tend to have common characteristics that make them easy to identify.
- Spelling and punctuation errors.
- Scare tactics to entice a target to provide personal information or follow links.
- Sensational subject lines to entice targets to click on attached links or provide personal information.
- Include a redirect to malicious URL’s which require you input usernames and passwords to access.
- Try to appear genuine by using legitimate operational terms, key words and accurate personal information.
- Fake or unknown sender.
- When in doubt about a suspicious email from a supposed bank, call your financial institutions or check with your command Information Assurance lead. Your command IA can also assist with other types of suspicious email.
As your Naval OPSEC Support Team, part of Navy Information Operations Command Norfolk, highlights: “Knowledge is power — for both you and the adversary.”
With this in mind, remember:
- Understand the value of your information.
- Be suspicious of unsolicited phone calls, online requests, or emails.
- Be suspicious when information about you and your family is requested.
- Always ask yourself, do they have the “need to know.”
Ensure OPSEC is a way of life, 24/7/365. Take moment today to have members of your teams and their families assess how they use social media with OPSEC in mind and the need to best protect themselves, their loved ones, and all with whom we serve.
It is everyone’s responsibility help keep Sailors, civilians, and families safe by not sharing personal or sensitive military information in email or in any online environment.
For more information, and for links to excellent OPSEC review materials, visit the Naval OPSEC Support Team’s webpage here: http://www.public.navy.mil/fcc-c10f/niocnorfolk/Pages/OPSECMission.aspx.
For timely and relevant presentations about social media and phishing, click the links below from the Naval OPSEC Support Team’s Slideshare collection:
Social Media Trends for OMBUDSMEN
Phishing Awareness
Facebook Privacy and Account Settings
For more information about Commander, U.S. Fleet Cyber Command/U.S. 10th Fleet, visit www.fcc.navy.mil /.