We've all heard nightmarish tales of identity theft, but that only happens to someone else, right? Wrong! Security breaches at the Department of Veterans Affairs and Los Alamos National Laboratory underscored the fact that regardless of how secure you think you are — the safety of your personal information is really at the mercy of virtual strangers.
These incidents served as a call to arms to government offices and personnel to better protect personally identifiable information (PII). These breaches and others like them are completely avoidable. Most importantly, employees should not load any personally identifiable information personal computers as of Oct. 1, 2007. Vigilant physical security enforcement and supervisory oversight are essential in protecting personal information.
While the Navy Marine Corps Intranet (NMCI) protects computers and laptops on the job, we still must be alert to the hazards of the Internet and e-mail. Also, many of us have multiple computing devices for personal and official use that we must defend.
Virtual predators are cunning! The Federal Trade Commission estimates that 27.3 million Americans (9 percent of the total U.S. population) have been victims of identity theft. Financial losses totaled nearly $48 billion for businesses and financial institutions and at least $5 billion in expenses for individuals. With these startling statistics in mind, we can improve our security posture at home and in the office by practicing these 10 common sense countermeasures:
• Strong Password Protection
• Virus Protection
• Spam Protection
• Spyware Protection
• Security Patches
• Security for data at rest and mobile devices
• Data Backups
• Firewall Protection
• WiFi Protection
• Data, E-mail and Transaction Encryption
Let's take a brief look at each and establish best practices for implementation.
Strong Password Protection
Effective passwords are the first line of defense. They should:
– Be at least eight characters including upper and lower case, digits and special characters (~, #, %)
– Change frequently — every 60 to 90 days
– Be unique with each change
– Never be shared with others
– Be easy to remember. Use identifiers such as the first characters of a phrase. For example, "My wedding anniversary is July 26, 199990" = MwaiJ26,199990 — is a pretty good password!
– Never use proper nouns; dictionary attacks and brute force techniques can easily crack these!
Viruses and other malware, including worms and Trojan horses, are programs that attach to or masquerade as other programs causing widespread and often unrecoverable damage.
If you don't have antivirus software, get it! Antivirus software is free to Defense Department personnel. The Navy Information Assurance Web site is just one of the sources for downloading antivirus software. It is the primary distribution center for antivirus tools for the Navy and Marine Corps, although any DoD-affiliated agency may request them. McAfee, Trend Micro and Symantec antivirus software applications are currently licensed for use by the DoD.
Spam is unsolicited bulk e-mail messages indiscriminately distributed to unsuspecting users. Spam cost U.S. companies more than $10 billion in 2004, including lost productivity and the additional equipment, software and manpower needed to combat the problem. Spam e-mail is often the vehicle of choice used to spread viruses and other malware. Even though most e-mail applications have some anti-spam capabilities, such as the junk mail filter in MS Outlook, the problem still persists.
Most Internet service providers have provisions for reporting spammers and many antivirus applications can also protect against spam. Reme