Be safe not sorry: protecting your personal information isn't optional—it's a must!

CHIPS, Oct-Dec, 2007 by John Janachowski

[ILLUSTRATION OMITTED]

We've all heard nightmarish tales of identity theft, but that only happens to someone else, right? Wrong! Security breaches at the Department of Veterans Affairs and Los Alamos National Laboratory underscored the fact that regardless of how secure you think you are--the safety of your personal information is really at the mercy of virtual strangers.

These incidents served as a call to arms to government offices and personnel to better protect personally identifiable information (PII). These breaches and others like them are completely avoidable. Most importantly, employees should not load any personally identifiable information personal computers as of Oct. 1, 2007. (See pages 15 and 40 for direction on protection of PII of Navy-issued computers, mobile devices and storage media.) Vigilant physical security enforcement and supervisory oversight are essential in protecting personal information.

While the Navy Marine Corps Intranet (NMCI) protects computers and laptops on the job, we still must be alert to the hazards of the Internet and e-mail. Also, many of us have multiple computing devices for personal and official use that we must defend.

Virtual predators are cunning! The Federal Trade Commission estimates that 27.3 million Americans (9 percent of the total U.S. population) have been victims of identity theft. Financial losses totaled nearly $48 billion for businesses and financial institutions and at least $5 billion in expenses for individuals. With these startling statistics in mind, we can improve our security posture at home and in the office by practicing these 10 common sense countermeasures:

* Strong Password Protection

* Virus Protection

* Spam Protection

* Spyware Protection

* Security Patches

* Security for data at rest and mobile devices

* Data Backups

* Firewall Protection

* WiFi Protection

* Data, E-mail and Transaction Encryption

Let's take a brief look at each and establish best practices for implementation.

Strong Password Protection

Effective passwords are the first line of defense. They should:

--Be at least eight characters including upper and lower case, digits and special characters (~, #, %)

--Change frequently--every 60 to 90 days

--Be unique with each change

--Never be shared with others

--Be easy to remember. Use identifiers such as the first characters of a phrase. For example, "My wedding anniversary is July 26, 1990" = MwaiJ26,1990--is a pretty good password!

--Never use proper nouns; dictionary attacks and brute force techniques can easily crack these!

Virus Protection

Viruses and other malware, including worms and Trojan horses, are programs that attach to or masquerade as other programs causing widespread and often unrecoverable damage.

If you don't have antivirus software, get it! Antivirus software is free to Defense Department personnel. The Navy Information Assurance Web site, https://infosec.navy.mil, is just one of the sources for downloading antivirus software. It is the primary distribution center for antivirus tools for the Navy and Marine Corps, although any DoD-affiliated agency may request them. McAfee, Trend Micro and Symantec antivirus software applications are currently licensed for use by the DoD.

Spam Protection

Spam is unsolicited bulk e-mail messages indiscriminately distributed to unsuspecting users. Spam cost U.S. companies more than $10 billion in 2004, including lost productivity and the additional equipment, software and manpower needed to combat the problem. Spam e-mail is often the vehicle of choice used to spread viruses and other malware. Even though most email applications have some anti-spam capabilities, such as the junk mail filter in MS Outlook, the problem still persists.

Most Internet service providers have provisions for reporting spammers and many antivirus applications can also protect against spam. Remember, never open unsolicited e-mail and attachments at work or at home!

Spyware Protection

Spyware is software that is unwittingly installed on a computer by linking to Web sites that deploy spyware to intercept or record information. Some spyware monitors user behaviors and can collect and distribute personal information--even passwords! Benign forms of spyware often redirect Web pages to paid advertisers. Spyware is one of the leading causes of identity theft. To combat this problem, use an anti-spyware application such as Ad-Aware or Windows AntiSpyware. They are free!

Operating Systems and Security Patches

It's a fact that new software vulnerabilities are exposed almost daily. In fact, since April 2007 more than 20 new Microsoft security vulnerabilities have been documented. Operating systems, especially Windows, since it is the most widely used OS, are usually the primary targets. Use the Windows update service to remediate security vulnerabilities daily by clicking on the Tools bar and following the directions for automatic updates.

Mobile Workforce Awareness

More and more people are using mobile computing devices that allow them to work from virtually anywhere. This presents security challenges including safeguarding information. Follow your workplace's policies for telework and mobile devices.