Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Show
It’s available online, it’s free of cost for everyone, and it’s also accessible from any part of the world so long as you have a reliable internet connection! Everyone with a computer or that handles any type of sensitive information would benefit from it. In this guide, we’ll explore the key lessons of the DoD cyber challenge and the summary of the entire training materials. DoD Cyber Awareness Challenge: Who Can Take It?
You can complete this cyber awareness challenge training on the official DoD Cyber Awareness Challenge 2020 website. Even though its lessons are focusing on securing the nation’s classified data, the cyber awareness challenge contains lots of cybersecurity takeaway for non-military users like you and me. The Format and Main Content of the DoD Cyber Awareness ChallengeThere are three main sections and their subsections in the DoD Cyber Awareness Challenge tutorials: Each section has definitions, vulnerabilities, real-life scenarios, and talks about the types of decisions you should make or avoid to prevent a cyber attack. 1) Data SpillageIn the government, “spillage” is a term that refers to information that’s leaked from a higher classification or protection level to a lower one. A spillage poses a serious risk to national security. Spillage occurs when someone accidentally or intentionally makes an unauthorized data disclosure, data modification, or engages in espionage, which results in loss or degradation of resources or capabilities. 2) Sensitive InformationFor any type of business or organization that handles sensitive information, it’s crucial that you do everything you can to protect this information — both for the sake of your customers as well as to remain compliant with laws and regulatory data protection requirements. Some of these regulations include:
But what is considered “sensitive information?” Sensitive information includes:
These types of sensitive information must be protected because their leakage can compromise government missions or interests. An example of such sensitive information includes data or information that’s provided by a confidential source (person, commercial business, or foreign government) with the condition it would not be released. For businesses and healthcare organizations, examples of these types of information include:
3) Malicious CodeMalicious code can be spread by downloading corrupted email attachments and files or visiting infected websites. Malicious code includes viruses, trojan horses, worms, macros, and scripts. They can damage or compromise digital files, erase your hard drive and/or allow hackers access to your PC or mobile from a remote location. Key Lessons for Corporations and Individuals from the DoD Cyber Awareness ChallengeHere, we have written a summary of cyber awareness challenge training, covering the key takeaway lessons. Please note that we have included only handpicked the lessons which we deem beneficial to a general audience. It doesn’t have all the teachings of the course, though. To get access to all of that, you must complete the DoD Cyber Awareness Challenge yourself! Protection Against Malicious CodeMalicious code is a term that describes the code that’s used in online forms, scripts, and software that aims to cause harm in some way. To help your employees avoid the risks associated with downloading and installing malicious code, here are some helpful tips:
Best Practices for Protecting Sensitive InformationWhen you trust your employees to handle customers’ confidential information, they must be aware of the sensitivity of the data and how to protect them. A single act of negligence can be catastrophic. Here are some major takeaways from cyber awareness challenge that you can use to train employees.
Prevention Against Insider ThreatsIncidents related to insider threats are up 47% since 2018, according to data from the Ponemon Institute and ObserveIT. The term insider threat refers to a situation where employees themselves (intentionally or unintentionally) leak the data or execute the cybercrime against the organization. You can’t rule out the possibility of insider threats because employees have tons of information readily available to them on their fingertips. So, as an employer, you must keep an eye on your employees’ activities and also train the staff to recognize the potential threat that may exist among them. We’re not saying that all of your employees are insider threats. However, if someone is going through difficult life circumstances or experiencing persistent interpersonal difficulties, their emotional instability can make them a potential candidate to become one. Observe them and assess whether they’re showing any uncommon or concerning behaviors, such as:
Rather than giving the benefit of the doubt, report any suspicious activity or behavior in accordance with your agency’s insider threat policy. Of course, there are additional steps you can take to prevent or limit the impact of insider threats:
Best Practices for Physical Security in the WorkplaceThere are many reasons why physical security is so important to organizations — your colleague could be an insider threat, or some walk-ins or visitors might be spying, eavesdropping or looking for a chance to steal the important data from the files or computer. These occurrences not only happen on military installations but also within the organizations. So, you must be vigilant about your workplace security, too. This means:
Best Practices for Portable Devices and Removable MediaPortable devices and removable media pose a major security threat to businesses and government organizations alike. They’re easy to use and convenient. However, portable devices also can carry malware from one device to another without the user knowing. So, if you plug an infected device into a new machine, it may install that malware on the new device. These types of media include flash media, such as thumb drives, memory sticks, and flash drives, external hard drives, optical discs, and external music players like iPods. So, what can you do to protect your organization?
Best Practices for Laptops and Mobile DevicesYour laptop and mobile devices must have stored so many saved credentials for automatic login, personal and professional data and media files. If your organization has provided you laptop or mobile for profession use, it might be a virtual goldmine for attackers. Just by hacking or stealing such devices, the cybercriminal can execute dangerous attacks. That’s why handing your mobile and laptop carefully is a crucial step.
Tips for Home Computer SecurityPeople generally don’t store organization related information in their home computer/personal computer. However, such personal computers do contain automatic login facilities to email addresses, social media sites, applications, financial institutions’ sites, etc. Hence, the employees must be aware of how to protect their home computers, too. Note: In the cyber awareness challenge, these tips are derived from the National Security Agency (NSA)’s PDF “Best Practices for Keeping Your Home Network Secure.”
Beware of sudden flashing pop-ups warning that your computer is infected with a virus; this might indicate a malicious code attack. General Security Tips for Online Behavior Outside the WorkplaceWhile employers can’t necessarily control what their employees do in their personal time, they can educate them about the dangers of social media and other online platforms. The DoD Cyber Awareness Challenge has a section that provides guidance on the best practices while surfing online. Here are a few key takeaways from this section of the DoD cyber awareness challenge training:
A Final Word on the DoD Cyber Awareness ChallengeCybercriminals use innovative and sophisticated ways to execute cyber attacks nowadays. People do fall for such malicious tricks and lose billions of dollars every year. That’s why cyber awareness training is a must for everyone, especially for corporate employees and people working in the field of technology. When corporations become a victim of a cyber attack due to the negligence of an employee or insider threats, they lose not only sensitive data but also the reputation and suffer from financial loss in legal battles. As such, the DoD Cyber Awareness Challenge is an excellent resource for organizations to train their employees, make them vigilant against various types of cyber crimes, and let them know the best protection techniques. The cyber awareness challenge is a highly recommended training for all for improving the security posture of any organization regardless of size. Which of the following is a concern when using your GovernmentWhen using your government-issued laptop in public environments, with which of the following should you be concerned? The potential for unauthorized viewing of work-related information displayed on your screen.
Which type of behavior should you report as a potential insider threat cyber awareness?An insider threat uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.
What can help protect the data on your personal mobile device cyber awareness 2022?What can help to protect data on your personal mobile device? -Secure it to the same level as Government-issued systems. Which of the following is an example of near field communication (NFC)? -A smartphone that transmits credit card payment information when held in proximity to a credit card reader.
What should you do if you suspect spillage has occurred cyber awareness?What do you do if a spillage occurs? Immediately notify your security point of contact. What should you do if a reporter asks you about potentially classified information on the web? Neither confirm nor deny the information is classified.
|