Cybersecurity Do’s and Don’ts

CLEVELAND, OHIO, UNITED STATES

03.23.2020

Story by Anthony Hardman 

Defense Finance and Accounting Service

✔ ✗ Subscribe

13

Teleworking offers great flexibility, but it also comes with its own set of challenges. When it comes to cybersecurity it can be easy to slide into bad habits, especially with additional distractions like having a spouse and children at home. With the current liberal telework policy enacted at Defense Finance and Accounting Service, following good cybersecurity practices remains a top priority.

6.3 million DFAS customers depend on you every day to ensure their data is protected. You are the frontline of defense against cyber data breaches, so follow these tips to remain vigilant during this unique time period.

Following are important do's and don'ts to remember so that you do your part to protect the information on our networks while teleworking.

Do…
-Use government furnished equipment (GFE) as your primary tool. Personal devices should be a last resort and limited to reading web mail.
-Report loss or theft of your GFE to your supervisor. Know how to report incident types.
-Close all applications you are not actively using.
-Configure your home Wi-Fi according to best practices. Use a strong password, change it often and enable encryption.
-Study and know the difference between Personally Identifiable Information (PII), Controlled Unclassified Information (CUI) and Unclassified information.
*PII refers to information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual.
*CUI is unclassified information that requires safeguarding or dissemination controls, pursuant to and consistent with applicable law, regulations and Governmentwide policies.
*Unclassified is information not requiring control, but requiring review before public release.
-Report any suspicious activity or behavior to your supervisor. For more information about reporting security threats visit the site security portal pages.
-Follow DFAS specific cybersecurity guidance.
-Ensure your GFE & personal devices are updated with the latest operating system and security patches. Please pay specific attention and ensure your home router is running the latest software.

Don't…
-Leave your computer unlocked when unattended.
-Use public Wi-Fi connections. Only use trusted networks.
-Open suspicious emails.
-Click on suspicious "pop-ups" that may appear. If you're unsure, don't click and instead, report it.
-Allow family member or others to use your GFE.
-Plugin non-GFE equipment (flash drives, printers, hard drives, phones, other USB devices, etc.) into your GFE laptop.
-Forward CUI or PII from official email accounts to personal email accounts.
-Post, store and or transmit PII, CUI or Protected Health Information (PHI) on personal devices.
-Use personal email accounts for official business.
-Send unencrypted PII or PHI.
-Use personal cloud/file sharing accounts for official business. If you need to send large files or videos (10MB or greater) you can use DoD SAFE.
-Use any unofficial instant messaging applications to share DoD information. Always use Skype, Outlook or Defense Collaboration Services (DCS) to communicate.
-Work from public location where others can look over your shoulder.