Everyone is responsible for online information security

October 10, 2012
By Claudette Roulo
American Forces Press Service

  National Cyber Security Awareness Month in October lasts just 31 days, but practicing good cybersecurity is important 365 days a year, according to the President of the United States, the governor of Wisconsin, and the Defense Department's deputy chief information officer. 

Robert J. Carey said because users engage with the network on a daily basis, good cybersecurity practices should be second nature. This means "changing our culture to be more mindful of the fact that the information needs to only be transmitted to those who are fit to consume it [and] who are authorized the right accesses," he said. 

Specific cybersecurity practices vary depending on the type of users, but Carey said there is one overriding concept: everyone is responsible for protecting information. 

And while information technology can be a complicated subject, with an equally complicated lexicon, Carey said his office is working to ensure that DOD adopts policies and strategies that help users at all levels to understand exactly why cyber security is so important. This way, he said, they can be confident that they're taking the right steps to protect information. 

"The most important link is the user. Each of us, when we engage the network, is either an asset or a vulnerability, depending on our actions," he said. "The human becomes the weakest link, and so the more we can strengthen that weakest link, the better we will be." 

Capt. Timothy Guy, information assurance manager for the Wisconsin National Guard, said one of the biggest cybersecurity risks involves click-on links. 

"It's important to know where that link is really going," Guy said. "If you hover your mouse over the link, you'll see the link's address." 

Responsible network access means users are aware of what they're clicking on, Carey said. 

"If you click on a link that you don't know where it came from and suddenly bad things happen ... well the link has already provided the information to your computer," he said, "so now you have bypassed a lot of the protections that the system has." 

Guy said e-mail attachments are another concern, adding Wisconsin National Guard members should ensure attachments are digitally signed before opening. Only download content from known and trusted websites, he said. 

The Department of Homeland Security has adopted "Stop. Think. Connect" as the motto for National Cyber Security Awareness Month. Carey said the program asks users to consider their actions and remember that what they do online may affect others. 

"If you're ... cutting corners and you're doing the wrong things, you can be a vulnerability to this big thing called the network," Carey said. "People don't realize the extent of it. They think, 'If my machine has a problem, [then] that's the extent of it.' It's generally not the extent of it." 

Network users should ask themselves if they're doing the right things or exhibiting the right behaviors to perform risk management of the information they're going to access, he said. 

This thought process should continue even when people aren't accessing the network from their workplace, Carey added. 

"At home you don't think about security," he said. "When you get on your computer at home and you engage the Internet, it's highly unlikely that you have a firewall, [and] it's highly unlikely that you have a smart card to log on, so the layers that afford us security aren't generally present." 

Guy cautioned against using public Wi-Fi networks. If such public wireless Internet sites are used, he said users should not check their bank accounts or other sensitive accounts, as that information is not safe on a public Wi-Fi network. He recommends developing strong passwords for each online account, and discourages using the same password for multiple accounts as well as storing passwords on or around Internet access devices. 

Guy also suggested limiting how much personal information is posted on social networking sites.

"That kind of goes against the philosophy of social networking," he acknowledged. "Be careful when using site check-in services - people can track where you are going. Be wary of strangers making social network friend requests." 

People may feel annoyed when security layers are added to the home experience, but, Carey said, "that operational overhead is a necessary evil to ensure that the information stays protected. If we can keep the information secure, the layers, they're just a necessary part of the accessing process." 

Guy said Ready Wisconsin provides additional cybersecurity information. 

Carey said that every user is front and center in the battle to ensure networked information remains secure.

"It is ... a cost of doing business in the information age," he said. "You just have to be aware."

Guy agreed. 

"Like any other environment you go in, understand where you are going and know the risks," he said.