An official website of the United States government Here's how you know

Cybersecurity Awareness Month refresher for IE best practices

By Kristen PittmanOctober 24, 2024

October marks Cybersecurity Awareness Month which serves as an opportunity for public and private entities to work together to raise awareness about the importance of cybersecurity.
October marks Cybersecurity Awareness Month which serves as an opportunity for public and private entities to work together to raise awareness about the importance of cybersecurity. (Photo Credit: Kristen Pittman) VIEW ORIGINAL

As the modern workspace trends more and more in the digital direction, the threats to and vulnerabilities of the Information Environment have grown exponentially.

According to the Cybersecurity & Infrastructure Security Agency (CISA), the President of the United States and Congress have recognized October as Cybersecurity Awareness Month since 2004; the observance is a time for public and private entities to work together to raise awareness about the importance of cybersecurity.

For Department of Defense service members, civilians and contractors, the safeguarding of information is a matter of national security, which is why Mike Doherty, U.S. Army Security Assistance Command cyber operations team lead, is stressing the importance of vigilance and caution this Cybersecurity Awareness Month.

There are many ways an adversary or criminal can wreak havoc on public, private, and even personal networks and use that data and access for identity theft, ransomware attacks, disruptions to critical infrastructure and more, so it’s important to understand how to take preventative actions to thwart threats as well as how to tell when your system might be compromised and how to react.

To establish a safer digital environment, CISA highlights the following four ways to protect information: use strong passwords, turn on multi-factor authentication (also sometimes referred to as two-factor or two-step authentication), recognize and report phishing, and update software.

“Phishing is when cybercriminals try to trick you into revealing personal information by pretending to be trustworthy,” said Doherty.

He went on to explain that phishing is often used through emails and messages and that there are often signs to alert the recipient such as poor grammar, out of network or slightly incorrect email addresses, shortened URLs and urgent or emotionally appealing language. If USASAC employees receive suspected phishing emails or messages, they should alert G2/6.

Other telltale signs that a system may be at risk or already compromised include slower operating speeds and unrecognizable software. Malicious software, or malware, covers threats such as viruses and ransomware.

“Ransomware is on the rise, and while it can happen to an individual, it usually impacts big businesses where they’re shut down until they pay a ransom to the cyber criminals,” said Doherty.

During the National Cyber Summit in September, Doherty said malware and its threat to national security was a big topic, especially regarding nations such as China, Russia, Iran and North Korea, who persist as threats to steal sensitive data, conduct cyber espionage, or sabotage critical systems through malware and other tactics.

With the emergence of new technologies, especially in the field of artificial intelligence, and new ways to target sensitive information, it’s more important than ever to ensure best practices are being carried out on work and home devices.

The required annual DoD Information Assurance Awareness Training lays a solid foundation for how to protect government assets and how to recognize when a system may be compromised, but if personnel need more information, they should visit https://www.cisa.gov/ or reach out to G2/6.

“Cybersecurity takes everyone,” said Doherty. “Staying vigilant can make a huge difference to help protect the Army systems and networks and protect critical data.”