Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Do's and don'ts for feds on vacation
Friday - 8/1/2014, 4:20pm EDT
As a federal employee you're a prime target for hackers and you're even more vulnerable when you're away from home.
Don't take your laptop or mobile device on vacation if you can help it, Irvine said. "Anytime you travel with those devices, they're basically another entry point into that network and should be treated as a potential risk. If you do take them, make sure you never let them out of your sight."
Do use the safe in your hotel room if you have to leave your laptop or cellphone behind. He said it's normal to think that locked in the car or just in your room is safe, but it's not. If there's not a safe in your room, there's often one behind the front desk.
But physical controls only cover one of the risks, Irvine said.
Do make sure your operating systems are up to date and the latest patches are installed. He said the two most important things in protecting your computers are antivirus and patch-management, according to the Department of Homeland Security.
Don't use public Wi-Fi or Ethernet ports. Virtual Private Network (VPN) connections are only as strong as their weakest link. Public WiFi and even the Ethernet connections in your hotel room are all sharing the same network access. "Other people are sitting on them and could be running sniffers or performing man-in-the-middle attacks and have rogue access points out there," Irvine said.
Do use your own 3G or 4G connection by wire-tethering your mobile device or wireless card. Because it's a point-to-point connection that makes it harder for eavesdroppers.
Do be cautious when logging on to your government email. If you're connected to your email system, you're connected to your internal network, Irvine said.
Don't ever click on any type of URL in an email, even if it's from someone you know. Never click on it. Instead, go to your browser and do a search on it and click from there.
Do avoid out-of-office emails if you can. Irvine said many organizations are foregoing the auto-reply and instead redirecting email to an employee who is in the office and can cover for the person on vacation. The issue is really phishing emails, he said. Once a potential hacker sees your out-of-office reply, they will target you because you're less likely to notice.
Do take vacation photos…Don't post them until you get back. When using social media it's better to wait until you're home to share those photos from the road. It's just one more opportunity for malicious users to attack you, either by your user ID and password, or physically by robbing your home or you on vacation. Irvine said to consider how many 'friends' you have. If you have hundreds, you probably don't know who they all are. Because of that, it's extremely difficult for social media platforms to be a secure environment.
Do know your destination and when to be extra careful. Irvine used the Sochi Olympics as an example where visitors were hacked within minutes of landing in Russia. The Baltic states are dangerous, said Irvine, but also South America, some European countries and even England. Still he stressed, "Any coffee shop, any public WiFi, is just a breach waiting to happen."
Do install mobile device management applications on your systems. "They provide you and your agency the ability to encrypt — not only your data — but have a separate encryption scheme for the confidential and private information," Irvine said. "You have the ability to locate the device and wipe the device in case it's lost or stolen. It also provides Data Loss Prevention (DLP) applications that will look for emails or documents that have certain keywords or certain classifications and will disallow them from being used in a remote type of environment."
Do know your agency's bring-your-own-device policy. If you're using your personal phone or computer for work make sure you're in compliance with the rules so you aren't in for any surprises when you return.