Cybersecurity is Everyone’s Business

WASHINGTON - October is National Cyber Security Awareness Month, an annual campaign to raise awareness about the importance of cybersecurity and provide employees with the tools and resources needed to stay safe online at work and at home.

“Cybersecurity is really a part of our culture,” said Stephanie Clark, NAVSEA Headquarters’ information systems security manager (ISSM). “The ability to secure information and data is critical to our mission. It should be part of every-day life, both here at work and at home.”

The ISSM is one of several divisions in the Command Information Office (00I) focused on network security and the prevention, detection and recovery from cyberattacks. The NAVSEA Headquarters Cybersecurity Office team Clark leads is responsible for protecting information, networks and information systems.

“Cybersecurity is everyone’s responsibility, but our office establishes policy and procedures for the headquarters, provides oversight and guidance and manages the teams here that operate and protect our systems,” she said. According to Clark, cybersecurity must be a part of everything we do, something that we include early in our programs and not add on as an after-thought.

While most technical support requests are coordinated through an organization’s Activity Command Information Officer (ACIO), Clark said any cybersecurity-specific questions should be addressed to the Headquarters’ Cybersecurity Office. Some of the functions managed by her team include: account management; Risk Management Framework; vulnerability management and compliance validation; cybersecurity workforce management; incident response and reporting; cybersecurity training and physical security.

They also provide other services to the workforce including: personal identification number (PIN) resets, account management, electronic spillage coordination, reporting and clean-up, connectivity and account re-enablement following a cybersecurity incident, website unblock requests and cybersecurity technical questions.

According to Clark, there are a number of common cybersecurity mistakes people make at work that can be readily remedied, including removing common access cards (CAC) each and every time an employee walks away from a computer, not opening emails from unknown persons, and not visiting unknown websites.

“Within the past few years, there has been a significant amount of government data breeches that have occurred,” said Gawian Middleton, NAVSEA’s alternate information system security manager. “We certainly don’t want that here at NAVSEA. Avoiding cyber threats requires a cyber-smart attitude. Don’t be the weakest link.”

“Do not click on links received from a suspicious unknown sender that are not digitally signed or encrypted,” he said. “If you get a virus or malware on your machine, NETWARCOM will lock your account until the virus is cleaned. The entire process can take up to 10 working days.”

Middleton said employees should forward “phishing” email attempts as an attachment to nmci_spam@navy.mil. Once sent, delete the email and clear the deleted items folder. Within the last five years, cybersecurity phishing attempts have become more sophisticated in an effort to trick people into giving up their personal identifiable information (PII), or their company’s trademarked secrets.

Earlier this month, 00I hosted a Cybersecurity Awareness Day event. Clark’s team passed out flier on wide range of topics on how to protect yourself at work and your and at home.

“Its important people understand not only how to protect their networks and devices,” said Clark, “But you also need to know what to do at home if you’ve been hacked or compromised.”

Experts recommend creating regular back-ups for data and personal information. If a system is hacked, it’s possible that all data on that system will be lost. Credit cards and financial information should also regularly be monitored for changes or unauthorized charges. The SANS Institute has a useful list of steps to take for creating a more cyber secure home environment.

Clark recommends that NAVSEA employees be cautious with their information online and also when attending events such as corporate tradeshows.

“It’s important to understand how the vendors at these events will use the information that you provide,” she said. “Some businesses want to create a list of government email address so that they can expand their business, but there are vendors who collect addresses so that they can sell them to other organizations. As you provide your information, you should ask the vendors how they will use your information.”

For more tips and tricks on how to stay safe online, visit https://staysafeonline.org.