An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Reducing risk in the cyber landscape

  • Published
  • By Lt. Col. Stephen Esposito
  • 375th Communications Support Squadron Commander
SCOTT AIR FORCE BASE, Ill. --  It doesn't matter if the Internet is running at home or not, everyone's information is flowing across the Internet now. From big retail giants to the smallest kiosk, credit card purchases are verified across the Internet. Smartphones and home Internet connections are valuable resources but can be a risk by just merely being connected through it and not necessarily by the activities these devices perform.

The only way to avoid personal information flowing across the Internet is to never use an ATM or credit card, never use a cell phone or smartphone, always perform financial transactions inside a bank, and only use cash when making purchases.  Because this is rather unrealistic for today's culture, there are some important tips to reduce the risk while operating on the Internet.

The threat

There are many documents, not in the Microsoft Office format, that are saved in the Adobe file format, commonly called a "PDF file," which is read using Adobe Reader. To watch cool animations and videos on the Internet, a computer requires the Java or Flash program. Almost everyone has read a PDF file or watched a video across the Internet. Be careful, because the three most vulnerable computer applications are Java, Adobe Reader, and Adobe Flash. If a system has any of these programs loaded and it's connected in any way to the Internet, even temporarily, then the system is vulnerable to attack where personal information can be removed from it without your knowledge or consent.

The Symantec Threat Report states there are 83 email phishing campaigns a day. A phishing email is a legitimate looking email that tries to make the user click on a link to load something malicious. Additionally, the daily spam email rate is 66 percent, which means two out of every three emails on the Internet is spam. On average, 29 billion spam emails are sent each day.

Mobile devices are seeing a sharp increase in vulnerabilities. There were 108 mobile vulnerabilities discovered for Apple iOS iPhone/iPad in 2013. These vulnerabilities allow attackers to collect data such as device info, phone numbers, device location, pictures and documents. Some attackers will use software to lock the compromised mobile device until a payment is received, referred to as Ransomware.

In the recent past, Target was the focus of a successful malicious attack that released 40 million customer's Personally Identifiable Information like credit card information, name, and home address. This exploit was eclipsed by a recent Home Depot incident that exposed 56 million customer's personal information. To add fuel to the fire, there are new vulnerabilities like the cross platform Heart Bleed exploit and the new Shellshock vulnerability for UNIX and Mac operating systems.

All computer system platforms (Apple, Windows, UNIX, and Android) are vulnerable, and the landscape is riddled with viruses, malware, vulnerabilities, spam, and the like. Risk is everywhere, from the brick and mortar locations like a Target store to the virtual locations like Amazon.com. Risk runs the gamut from applications loaded on the computer systems and smartphones to the basic operating system software required to operate these devices. Each risk can jeopardize financial, personal, and private information.  So, what can be done to minimize the risks when operating on the Internet? Be aware of your virtual surroundings. Here are some tips to keep in mind.

Debit cards tips

As victims of the Target breach, both my wife and I encountered several issues due to the loss of personal information. Both of our credit cards were replaced twice over the past three years because of fraudulent activity. Luckily I caught it right away before the purchases spiraled out of control. I lost access to my bank account for several days because I was using a debit card instead of a credit card and my bank locked my debit card to secure my money. A big lesson learned for my family.

When making purchases with debit cards monitor the bank statement closely for fraudulent charges. To lower the risk of losing money and loss of access to bank accounts, it's recommended to use a credit card so fraudulent charges can be disputed. Always report suspicious activity found on the monthly credit card statement. It takes at least 60-90 days to recover from identity theft from the date it is first discovered. When using a debit card, your daily operating budget can be devastated by a case of identity theft especially when it is not caught right away.

Email tip

For Internet use, know what kinds of emails should arrive in the inbox. If a restaurant email comes in and there was no subscription to the restaurant website, then the email should instantly be suspect.

Another email tip is to avoid clicking on links in email. Hover over the link first to ensure the link is going to the site you expect. Below are two example links that can be easily confused.

Legitimate link: http://www.airforce.com/articles/recent/today.aspx

Suspect link: http://www.airforce.com.cn/articles/recent/today.aspx

At first glance, it's difficult to see the difference between these two links but these links go to completely different website on different servers in different countries (the domain on the suspect link ends in ".cn"). It is recommended to minimize subscriptions to known legitimate companies, hover over a link, and inspect each link closely before clicking. If something doesn't look right with the email or the link, then don't click the link.

System performance tip

The computer system will act in a predictable way when it is not compromised by a virus or malware. Pay attention to how the computer system acts on a regular basis. If the system begins to act different than before, maybe the device is infected or compromised. A factory restore may be required to return the system's performance.

Safeguarding files tip

Another tip I always use is to keep copies of pictures and documents saved to an external medium like a DVD or an external hard drive. This won't prevent compromise but it will allow a factory restoral to happen without the concern of losing important photos or documents.

Monitoring tools tip

To reduce the risk of malware infecting a computer system or mobile device, it is recommended to use current anti-virus and anti-spyware software. There are a couple of free programs available for DoD government employees, which can be found in the AF Portal by searching for "antivirus software for home use."

It's important to be aware of your virtual surroundings. There are many risks and threats the computer system inherently causes for the user. The risk can be minimized by loading patches immediately, which will keep personal information secure. Email can easily be spoofed to look legitimate so hover over links before clicking. A computer system can be compromised, so watch its daily behavior for unusual activity such as running real slow. An external hard drive is a great way to maintain important information should a computer system require a factory reset. Automated tools like anti-virus and anti-spyware can defend computer systems and mobile devices when it's attacked, so always keep an updated tool running.

There are many pitfalls when operating on the Internet and being aware of your virtual surroundings can significantly reduce the threat to financial, personal, and private information.