October 2006
[ Music Intro ]
Luisa Garza: Hello and welcome to the Security Awareness Spotlight, I'm Luisa Garza.
The security awareness spotlight provides tips and tools for the security professional to use and share in support of the DoD security mission.
This month the spotlight is on computer security, specifically, password and laptop protection. The digital world we live in requires us to use passwords, codes and PIN Numbers, both at home and at work. Laptops offer a tremendous convenience, but they also present a tremendous opportunity for thieves and adversaries.
When using a password, code or PIN, you are taking measures to ensure safety and security.
One second of carelessness could cause damage to, or loss of, classified and sensitive information.
By becoming aware of the risks, and accepting responsibility for protecting classified and sensitive information, you are contributing to keeping our nation secure.
This month we present common sense approaches to computer security. As always, follow your organization's security standards and procedures. If you are not sure what they are, contact your security official.
Let's begin with password protection. Passwords are an important aspect of computer security and they are the front line of protection for most users. When protecting your information system, carefully chosen passwords become the key in protecting your computer from many threats.
Watch and see if you can identify each security threat and its common sense security measure
(Voice Over Video)
In this example, the employee is unable to log into her computer because she can't recall her login password. The employee eventually, and unfortunately, resolves the problem by finding the forgotten password hidden in what she obviously thought was a safe place --- taped to the bottom of her keyboard.
Luisa Garza: Is this you? It's very common to forget your password, but this is an example of what not to do. Your password is one of your security measures. Just as you would not leave your house key under your doormat, don't leave your password where others can find it. Commit your password to memory.
Remember the rhyme....Memorize Don't Compromise.
(Voice Over Video)
No, that's the one I used last month...
Was it, the wife's maiden name?
Oh yeah! Right, the zip-zap, so Samson.
Luisa Garza: Is this something you may have done in the past? If so, you may have thought you had a great password because you didn't have to write it down. A poorly chosen password, with a clue in plain sight may result in a compromise. Computer intruders use trial and error methods such as using readily available information. If your password is your birth date, your pet's name, or other special dates... you should pick a new one.
In a recent demonstration, anti-hacking experts from NASA took only 30 minutes to break 60% of a group of engineers' passwords.
Create Strong Passwords.
Passwords need to be complex enough to keep out a disgruntled or unscrupulous insider, adversary, organized criminal, or joy rider. Any of these can do great damage to your sensitive information.
Strong passwords have the following characteristics:
- Contain both upper and lower case characters
- Have digits and punctuation characters as well as letters
- Are at least eight characters long
- Are not based on personal information, names of family or family pet
Create passwords that can be easily remembered without writing them down.
In our final password protection scenario, we present a stickiy situation that some of us may encounter.
(Lee & Jane)
Lee: Jane, I'm heading out to headquarters for the big meeting
Jane: Whoa whoa whoa where are you going?
Lee: Headquarters.
Jane: Did you update that employee training spreadsheet?
Lee: Yes.
Jane: Okay, is it on your computer?
Lee: Yeah.
Jane: You have to give it to me before you go, I have to have that! I've got a deadline for Larry, I've got SIX MINUTES!
Lee: The van is about to leave, can you get an extension?
Jane: I'm sorry, you can't leave until I have that spreadsheet. It's on your computer...Why don't you just give me your password?
Lee: I don't feel comfortable doing that. Can't you get an extension?
Jane: You can change it when you get back.
Lee: Um, alright, alright.
Jane: Okay, what's your password?
Lee: It's bonehead.
Jane: Bonehead?!
Lee: Yeah.
Jane: Okay, thanks.
Luisa Garza:
This is clearly a tough situation. What would you do? Most organizations have a set of password protection standards for their employees to go by. Check with your security office if you are unsure of what those standards are. Just in case you were wondering,Here is a list of don'ts:
- Don't reveal a password to anyone, not over a phone, or e-mail
- Don't reveal a password to the boss
- Don't talk about passwords in front of others
- Don't reveal a password to co-workers, not even during vacations
- Don't share a password with family members
Let's move on to laptop safety.
Laptops are stolen for a variety of reasons: to sell, or obtain information such as social security numbers, passwords, financial and sensitive data. In a recent study of laptop theft, over 400,000 laptops were reported stolen. Thousands are simply misplaced or left in hotel room, restaurants, airports, cabs or coffee shops by busy employees.
Remember to use the same protection for your laptop as you would for your wallet or handbags. Treat it as if you are carrying around $1000 in cash.
Whether you are protecting classified or sensitive data, losing your laptop can result in significant consequences.
Never assume your laptop will be safe just sitting around.
No place is safe. Your laptop is at risk, even at the office. It's surprisingly common for a person to leave a laptop at the office unsecured, unattended and in full-view of others.
Protect yourself and your organization's sensitive data by following these tips for protecting your laptop:
- When traveling, keep it in sight
- Don't ask someone to watch it for you
- Label the laptop with your name and phone number
- When you leave the office, secure you laptop
Make security a habit. Become the strongest link in the security chain. Get into the habit of securing your laptop. Make it hard for criminals to steal the sensitive data that you are responsible for.
We hope you have a better understanding of the many threats that exist today and are motivated to put these common sense security measures into action.
Join us again next time for more security awareness tips and tools. In the meantime, you can visit us at www.dss.mil to view other editions of SETA Broadcast News and the Security Awareness Spotlight.
For SETA, I'm Luisa Garza. Thank you for watching.