Security-Cyber Tips




Tips for Peer-to-Peer (P2P) and Unauthorized Software

P2P software can:

  • Compromise network configurations
  • Spread viruses and spyware
  • Allow unauthorized access to data

To protect information systems:

  • Don’t use unauthorized peer-to peer (P2P software
  • Don’t illegally download copyrighted programs or materials

Social Engineering Tips

Social engineers use telephone surveys, e-mail messages, websites, text messages, automated phone calls, and in-person interviews.

To protect against social engineering:

  • Do not participate in social engineering
  • Do not give out personal information
  • Do not give out computer or network information
  • Do not follow instructions from unverified personnel
  • Document interaction:
    • Verify the identity of all individuals
    • Write down phone numbers
    • Take detailed notes
  • Contact your security POC or Helpdesk
  • Report cultivation contacts by foreign nationals

Tips about Spear Phishing

CAC / PIV / Security Token Tips

Common Access Card (CAC)/Personal Identity Verification (PIV) is a controlled item and implements (DOD Public Key Infrastructure (PKI) and contains certificates for.

  • Identification
  • Encryption
  • Digital Signatures
Note: Some systems use different types of security tokens. Be sure to use the appropriate token for each system.
To protect your CAC/PIV:
  • Use all security tokens appropriately
  • Remove and take your CAC/PIV whenever you leave your work station.
  • Lock your computer when leaving/shut it down at the end of your shift
  • Do not use your CAC/PIV for Badge exchanges
  • Do not write down or share PIN for your CAC/PIV
  • Maintain possession of your CC/PIV at all times
  • If lost or misplaced, report it immediately to your security POC

Physical Security Tips

Physical security protects the facility and the information systems/infrastructure, both inside abd outside the buildings.

To practice good physical security:

  • Know and follow your organizations policy on:
  • Gaining entry
  • Securing work area
  • Responding to emergencies
  • Use your own security badge/key code. Note that your CAC/PIV is sometimes used as an access badge.
  • Don’t allow others access or to piggyback into secure areas
  • Challenge people without proper badges
  • Report suspicious activity

Tips about Spear Phishing

Tips about Whaling

Additional Email Tips

Malvertising:.  Malvertising is the process of placing malicious code within an online ad.  Inside this category of malware, we are concerned with "Clickjacking" which is the concealment of hyperlinks under real ads to manipulate user activities on a website