What is a Possible Effect of Malicious Code

Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Claiming 2020

The Cyber Awareness Claiming, which is likewise known every bit the
Army Cyber Sensation Training, the cyber sensation claiming
or
the DOD cyber challenge
, is an annual reckoner security training that was created to increase cyber awareness among Department of Defence (DoD) employees.

It’south
available online, it’due south
free of cost
for everyone, and it’southward also accessible from
whatever office of the world
and then long as you have a reliable internet connection!

Everyone with a estimator or that handles whatever type of sensitive information would benefit from it. In this guide, we’ll explore the fundamental lessons of the DoD cyber challenge and the summary of the entire training materials.

DoD Cyber Awareness Challenge: Who Can Have Information technology?

  • Regular army, other armed force branches,
    authorities employees
    .
  • Companies and organizations
    can use this cyber awareness claiming as an excellent resource to provide cybersecurity training to their employees.
  • All individuals
    — particularly those who value privacy and security, who piece of work with sensitive information, or those who work in the IT field — should take this training to protect themselves and their clients from potential cyber-attacks.

You can complete this cyber awareness challenge preparation on the official DoD Cyber Awareness Challenge 2020 website.

Even though its lessons are focusing on securing the nation’s classified data, the cyber awareness challenge contains lots of cybersecurity takeaway for not-armed services users like you and me.

The Format and Main Content of the DoD Cyber Awareness Challenge

There are iii main sections and their subsections in the DoD Cyber Awareness Challenge tutorials:


Each department has definitions, vulnerabilities, real-life scenarios, and talks near the types of decisions y’all should make or avoid to preclude a cyber attack.

1) Data Spillage

In the government, “spillage” is a term that refers to information that’s leaked from a higher classification or protection level to a lower ane. A spillage poses a serious risk to national security. Spillage occurs when someone accidentally or intentionally makes an unauthorized information disclosure, data modification, or engages in espionage, which results in loss or deposition of resources or capabilities.

ii) Sensitive Information

For any type of business or organization that handles sensitive data, information technology’s crucial that y’all do everything you can to protect this data — both for the sake of your customers as well every bit to remain compliant with laws and regulatory data protection requirements. Some of these regulations include:

  • The Wellness Insurance Portability and Accountability Act (HIPAA),
  • The European Spousal relationship’s Full general Data Protection Regulation (GDPR),
  • The California Consumer Privacy Deed (CCPA), and
  • The Payment Card Industry Data Security Standards (PCI DSS), etc.

Merely what is considered “sensitive information?” Sensitive information includes:

  • Controlled technical information (CTI),
  • Personally identifiable information (PII),
  • Protected health information (PHI),
  • Financial information,
  • Personal or payroll information,
  • For official employ only (FOUO),
  • Controlled unclassified data (CUI), and
  • Proprietary data.

These types of sensitive data must exist protected because their leakage can compromise regime missions or interests. An example of such sensitive information includes data or information that’s provided by a confidential source (person, commercial business, or foreign authorities) with the condition it would not be released.

For businesses and healthcare organizations, examples of these types of data include:

  • Employee or customers’ names, addresses, phone numbers, etc.,
  • Financial records and business relationship information,
  • User credentials and passwords,
  • Patient medical records and wellness-related information, and
  • Medicare or insurance information.

3) Malicious Code

Malicious code tin be spread by downloading corrupted e-mail attachments and files or visiting infected websites. Malicious code includes viruses, trojan horses, worms, macros, and scripts. They tin can impairment or compromise digital files, erase your hard drive and/or allow hackers admission to your PC or mobile from a remote location.

Popular:   A Command Economy Tends to Exist Under a

Fundamental Lessons for Corporations and Individuals from the DoD Cyber Awareness Claiming

Here, we have written a summary of cyber awareness challenge preparation, roofing the key takeaway lessons.

Please note that we have included only handpicked the lessons which we deem beneficial to a full general audience. Information technology doesn’t have all the teachings of the grade, though. To go access to all of that, you must complete the DoD Cyber Awareness Challenge yourself!

Protection Against Malicious Code

Malicious code is a term that describes the code that’s used in online forms, scripts, and software that aims to cause impairment in some way. To help your employees avoid the risks associated with downloading and installing malicious lawmaking, here are some helpful tips:

  • Scan all external files before uploading them to your reckoner.
  • Don’t access website links, buttons, and/or graphics in a suspected email or a pop-up generated past an electronic mail message.
  • If yous suspect any email to be malicious or if whatever unknown/unauthorized sender is requesting some personal/sensitive information, contact your security betoken of contact (POC) or assistance desk-bound for aid.
  • For your personal and role devices (laptop, PC, mobile, etc.), research whatsoever awarding and its vulnerabilities before downloading that it.
  • View email in plain text and don’t view an electronic mail in the preview pane.
  • Look for digital signatures if your organization uses an email signing certificate (highly recommended). Digitally signed emails are considered more secure.

Best Practices for Protecting Sensitive Information

When you trust your employees to handle customers’ confidential data, they must be enlightened of the sensitivity of the data and how to protect them. A single act of negligence can be catastrophic. Hither are some major takeaways from cyber awareness claiming that you can use to train employees.

  • While faxing sensitive information, ensure the recipient is at the receiving end. Contact the recipient to confirm receipt.
  • The nigh commonly reported crusade of PII breaches is a failure to encrypt email messages containing PII. And so ever employ encryption when emailing PII, PHI, or any other sensitive information. As well, digitally signed emails whenever possible to provide authentication and to assure data integrity.
  • Avoid storing sensitive data in shared folders or shared applications (e.g., SharePoint, Google Docs, etc.).
  • Never apply personal electronic mail accounts for transmitting PII and PHI.
  • Store sensitive data only on authorized information systems. Don’t transmit, store, or process confidential information on non-authorized systems.
  • Follow your organisation’southward policy apropos the retention or disposal of sensitive information.
  • Mobile devices may exist hacked or infected with malware. And then, always use mobile devices approved by your organisation and follow your arrangement’s policies on the utilize of mobile computing devices and encryption while dealing with PII or PHI.

Prevention Confronting Insider Threats

Incidents related to insider threats are up 47% since 2018, according to information from the Ponemon Institute and ObserveIT.

The term insider threat refers to a situation where employees themselves (intentionally or unintentionally) leak the information or execute the cybercrime against the organisation. You lot can’t dominion out the possibility of insider threats because employees take tons of data readily bachelor to them on their fingertips. So, every bit an employer, you must go along an middle on your employees’ activities and also train the staff to recognize the potential threat that may exist amongst them. We’re not saying that all of your employees are insider threats. However, if someone is going through difficult life circumstances or experiencing persistent interpersonal difficulties, their emotional instability can brand them a potential candidate to get i. Observe them and appraise whether they’re showing any uncommon or apropos behaviors, such as:

  • Showing hostile, vindictive or criminal beliefs, or
  • Taking an unusual, or excessive interest in sensitive information or
  • Indicating unexplained or sudden abundance by purchases of loftier-value items/living beyond i’s ways or
  • Attempting to access and/or remove sensitive information without the need-to-know
Popular:   Rising Action Climax and Falling Action Are All Part of

Rather than giving the benefit of the doubt, report any suspicious activity or beliefs in accordance with your agency’s insider threat policy.

Of course, in that location are additional steps yous can take to prevent or limit the impact of insider threats:

  • Perform system-wide take chances assessments.
  • Create and enforce a data use policy.
  • Implement the principle of least privilege to limit employee access to only necessary systems.
  • Periodically review access lists and remove admission immediately for employees who quit or are fired.
  • Utilize a security data and consequence system (SIEM) to monitor employees’ actions and the information they access.

Best Practices for Concrete Security in the Workplace

There are many reasons why physical security is then important to organizations — your colleague could be an insider threat, or some walk-ins or visitors might be spying, eavesdropping or looking for a take a chance to steal the important data from the files or estimator. These occurrences non only happen on military installations but also within the organizations. So, yous must be vigilant about your workplace security, too. This ways:

  • Don’t talk about work/customers/visitor’s policies regarding marketing, applied science, etc. exterior your workspace. You might unintentionally leak some confidential information that must not go out. Even inside a closed work environment, be careful when discussing sensitive information, such equally PII or PHI, as people without a demand-to-know may be present around you lot.
  • Be aware of people eavesdropping when retrieving messages from smartphones or other media.
  • Know and follow your organization’s policy on gaining entry in the edifice, securing work surface area, and responding to emergencies.
  • Always lock your function’south cabinets and drawers if they are having whatsoever files/papers containing sensitive data.

All-time Practices for Portable Devices and Removable Media

Portable devices and removable media pose a major security threat to businesses and government organizations alike. They’re easy to use and convenient. However, portable devices also tin comport malware from one device to another without the user knowing. So, if you lot plug an infected device into a new auto, it may install that malware on the new device.

These types of media include wink media, such equally thumb drives, memory sticks, and flash drives, external hard drives, optical discs, and external music players like iPods.

So, what tin you practise to protect your organisation?

  • Merely employ removable media to store piece of work-related data when operationally necessary, owned by your organization, and canonical past the advisable authority in accordance with policy.
  • Encrypt data appropriately when storing it in a removable media device.
  • Do not use any personally owned/non-organizational removable media to store your organization’due south data.
  • As a all-time practice, label all removable media, especially if they contain PII, or PHI, or any sensitive data.
  • Avoid inserting removable media with unknown content into your reckoner.
  • Follow your organisation’due south policy for sanitizing, purging, discarding, and destroying removable media

Best Practices for Laptops and Mobile Devices

Your laptop and mobile devices must have stored then many saved credentials for automatic login, personal and professional data and media files. If your organization has provided you laptop or mobile for profession use, information technology might be a virtual goldmine for attackers. Merely by hacking or stealing such devices, the cybercriminal can execute dangerous attacks. That’due south why handing your mobile and laptop advisedly is a crucial step.

  • Consider screen protection if you are using a laptop or mobile device for doing office work in public places.
  • Ability off the device if you lot are not going to employ information technology in the immediate future.
  • Enable automatic screen locking after a period of inactivity.
  • Encrypt all sensitive data on laptops/mobile.
  • Always maintain visual or physical control of your laptop/mobile devices, especially when going through airport security checkpoints.
  • Use public or free Wi-Fi only with the system’s approved VPN.
  • If the device is lost or stolen, immediately report the loss to your security POC or organization’due south technology department.
Popular:   A Person Who Believes in Fascism Thinks That:

Tips for Habitation Computer Security

People by and large don’t store organization related information in their home reckoner/personal computer. However, such personal computers do comprise automatic login facilities to email addresses, social media sites, applications, fiscal institutions’ sites, etc. Hence, the employees must exist aware of how to protect their home computers, too.

Note: In the cyber awareness challenge, these tips are derived from the National Security Agency (NSA)’s PDF “All-time Practices for Keeping Your Home Network Secure.”

  • Always utilize stiff passwords for your dwelling computer.
  • Create separate accounts for each user and take them create their own passwords using a potent password creation method.
  • Install all system security updates, patches, and keep your defenses such as antivirus software, spyware, and firewall up to appointment.
  • Regularly scan files for viruses.
  • Alter default login ID and passwords for operating systems and applications.
  • Regularly support and deeply store your files.

Beware of sudden flashing pop-ups warning that your computer is infected with a virus; this might indicate a malicious code assail.

General Security Tips for Online Behavior Outside the Workplace

While employers can’t necessarily control what their employees do in their personal fourth dimension, they can educate them near the dangers of social media and other online platforms. The DoD Cyber Sensation Claiming has a section that provides guidance on the best practices while surfing online.

Here are a few key takeaways from this department of the DoD cyber sensation claiming training:

  • Be enlightened of the information y’all post online nigh yourself and your family. It might be used to guess your passwords, executing doxxing attacks, sending spear/whale phishing emails, or for identity theft.
  • Create strong passwords and opt for 2-cistron hallmark (2FA) or multi-factor authentication (MFA), if available.
  • Beware of links to games, quizzes, and other applications available through social networking services. They might contain malicious codes or manipulate you lot to share your login credentials or other sensitive information.
  • Don’t post any confidential information virtually your organization, colleagues, or customers on social networking sites (no thing what privacy settings you accept set on your account).

A Concluding Give-and-take on the DoD Cyber Awareness Challenge

Cybercriminals use innovative and sophisticated ways to execute cyber attacks nowadays. People practice autumn for such malicious tricks and lose billions of dollars every year. That’southward why cyber awareness preparation is a must for anybody, peculiarly for corporate employees and people working in the field of technology.

When corporations become a victim of a cyber attack due to the negligence of an employee or insider threats, they lose not only sensitive data but also the reputation and suffer from financial loss in legal battles.  As such, the DoD Cyber Sensation Claiming is an excellent resource for organizations to railroad train their employees, make them vigilant against various types of cyber crimes, and allow them know the best protection techniques. The cyber awareness challenge is a highly recommended training for all for improving the security posture of any organization regardless of size.

What is a Possible Effect of Malicious Code

Source: https://sectigostore.com/blog/dod-cyber-awareness-challenge-2020-your-ultimate-guide/