Federal Manager's Daily Report

The Navy CIO’s office has posted advice to Navy employees that would be equally applicable to all agencies regarding security considerations of using computers at work and at home. It includes:

• “Do not open attachments unless they are expected and come from a known and trusted source, and do not execute software that is downloaded from the internet (if such actions are permitted) unless from a trusted source or the download has been scanned for malware.
• “Be cautious when clicking on URLs in emails or social media programs, even when coming from trusted sources and friends.
• “Deploy a web browser URL reputation plugin solution that displays the reputation of websites from searches (various software security vendors offer a capability to validate a URL that you click on, or a URL associated with a webpage in a search list)
• “Be aware of and practice safe online conduct. Offers that look too good to be true usually are, and hot topics are prime bait for scams. Not all links lead to real login pages.
• “For your personal web interfaces, adopt two-step authentication on any website or app that offers it.
• “Employ password discipline. Have different passwords for every email account, applications and login, especially for work-related sites and services.
• “Use common sense. Having antivirus and security software doesn’t mean it is OK to visit malicious or questionable websites.
• “Raise the alarm if you see anything suspicious.”

The CIO also reminded Navy employees about required annual cyber awareness training for those who access information systems on unclassified or secret networks.