Archives page

Posts Tagged ‘cyber’

RESCHEDULED 1/17: Robert Carey, Principal Deputy CIO, DOD
Read More

RESCHEDULED 1/17: Robert Carey, Principal Deputy CIO, DOD

The Government Technology & Services Coalition cordinally invites you to an Insight Session with Mr. Robert J. Carey, Principal Deputy Chief Information Officer at the Department of Defense.

Robert Carey DOD

Mr. Robert J. Carey, Principal Deputy Chief Information Officer, U.S. Department of Defense

Mr. Robert J. Carey serves as the Department of Defense Principal Deputy Chief Information Officer.  Selected to this position in October 2010, his main focus is to help lead the consolidation and standardization of the Defense information technology enterprise while strengthening its cybersecurity posture and the enterprise architecture.  His additional focus is to align, strengthen and manage the office of the DoD Chief Information Officer to have it better serve the Department’s mission and help lead the IT/Cyber workforce into the 21st century.

From November 2006 to September 2010, he served as the fifth Department of the Navy (DON) Chief Information Officer (CIO) where he championed transformation, enterprise services, the use of the internet, and information security.  Mr. Carey joined the staff of the DON CIO in February 2000, serving as the DON CIO eBusiness Team Leader through June 2003.  During this period, he also served as the Director of the DON Smart Card Office from February through September 2001.  Mr. Carey entered the Senior Executive Service in June 2003 as the DON Deputy Chief Information Officer and was responsible for leading the DON CIO staff to achieve IM/IT enterprise integration across the Navy & Marine Corps.

Mr. Carey’s Federal service began with the U.S. Army at the Aberdeen Proving Ground in October 1982, where he worked as a Test Director evaluating small arms, automatic weapons and ammunition.  He began his service with the Department of the Navy in February 1985 with the Naval Sea Systems Command.  He worked in the Anti-Submarine/Undersea Warfare domain where he served in a variety of engineering and leadership positions.

Mr. Carey earned a BS in Engineering in 1982 from the University of South Carolina and a Master of Engineering Management from the George Washington University in 1995.  He has been awarded the Department of the Navy Distinguished Civilian Service Award (twice) as well as the Superior and Meritorious Civilian Service Awards.  He received the prestigious Federal 100 Award in 2006, 2008, and 2009, recognizing his significant contributions to Federal information technology.  He was selected to the InformationWeek Top 50 Government CIOs in 2009, 2010, and 2011.  Mr. Carey was named the Defense Executive of the Year for 2009 by Government Computer News, and he also received the prestigious Association for Federal Information Resources Management (AFFIRM) Executive Leadership Award – Defense for 2011.

A native of West Chester, PA, Mr. Carey is an active member of the United States Navy Reserve and currently holds the rank of CAPTAIN in the Civil Engineer Corps.  He was recalled to active duty for Operation Desert Shield/Storm and Operation Iraqi Freedom where, in 2006-2007, he served in the Al Anbar province with I Marine Expeditionary Force.

Register now

Dec. 12: The National Security Supply Chain: Reducing the Vulnerabilities
Read More

Dec. 12: The National Security Supply Chain: Reducing the Vulnerabilities

Join the Government Technology & Services Coalition (GTSC) for a program featuring an overview of acquisition, technology and innovation in the intelligence community to both assure we have the most advanced protections in place to mitigate our vulnerabilities, and the most recent tools and information on how to protect intellectual property, prevent insider threats and understand supply chain considerations in the government contracting environment.  Keynote Frank Montoya, Jr., National Counterintelligence Executive, Office of the Director of National Intelligence will keynote with a preview of the 2013 Economic Espionage Report (EER).

AGENDA AT A GLANCE
 
12:00 PM Welcome & Introductions
  • Kristina Tanasichuk, CEO, GTSC
  • Elena Kim-Mitchell, Director, Private Sector Outreach, ODNI

 

12:10 PM ODNI Movie

12:30 PM – 1:30 PMKeynote Luncheon:Preview of the 2013 Economic Espionage Report
Frank Montoya, Jr., Counterintelligence Executive, ONCIX

1:30 PM – 2:00 PM CERT & Insider Threat

Randy Trzeciak Senior Member of the Technical Staff, Software Engineering Institute’s (SEI), CERT Program, Carnegie Mellon University

2:00 PM – 3:00 PM Best Practices on Insider Threats & Supply Chain Security

  • Joan McCarroll, Director, Systems Engineering and Integration (SE&I) Center of Excellence
  • Kathy Mills, Corporate Security Officer/Security Director, CENTRA Technology, Inc.

3:00PM – 3:30PM Cyber Threats & Vulnerabilities to Small & Mid-Sized Companies

3:30 PM – 4:15 PM Acquisition, Technology & Innovation
Dr. David A. Honey, Ph.D., Director for Science & Technology, Assistant Deputy Director of National Intelligence for Science & Technology, ODNI

4:15PM – 5:00 PM What Can Business Do?

  • DHS Business Continuity tool
  • FBI Resources
Keynote: Dr. David A. Honey, Director for Science & Technology, Assistant Deputy Director of National Intelligence for Science & Technology, ODNI
Dr. David Honey serves as the Director for Science & Technology and Assistant Deputy Director for National Intelligence for Science & Technology for the Office of the Director of National Intelligence. Dr. David A. Honey joined the DoD’s Office of the Director, Defense Research and Engineering as the Director for Research on 31 August 2009. Dr. Honey was responsible for policy and oversight of DoD Science and Technology programs from Basic Research through Advanced Technology Development. He was also responsible for oversight of DoD laboratories, ensuring the long-term strategic direction of the Department’s S&T programs, and for developing those technologies needed for continued technological superiority of US forces. Before assuming this position Dr. Honey was the General Manager and Senior Vice President of the Defense Sector for Information Systems Laboratories (ISL), a small business pursuing science and engineering innovations in the fields of advanced sensors, communications, UAVs, adaptive signal processing, and undersea warfare technology. Dr. Honey also served on the Air Force Scientific Advisory Board. Dr. Honey was the Director of the Defense Advance Research Projects Agency (DARPA) Strategic Technology Office (STO), Director of the Advanced Technology Office (ATO), and Deputy Director and Program Manager of the Microsystems Technology Office (MTO). While at DARPA he led efforts in optoelectronics, networks, communications, information assurance, network-centric-warfare applications, information assurance, sensor systems, space and near-space sensors and structures, maritime technology, underground facility detection and characterization, alternative energy, and chemical-biological defense.

Keynote: Frank Montoya, Jr., Counterintelligence Executive, Office of the National Counterintelligence Executive (ONCIX) 

Frank Montoya, Jr. began his career as an FBI special agent in May 1991 and reported to the San Antonio Field Office, where he worked violent crime and fugitive investigations. He established and led activities of the division’s fugitive task force. Montoya also worked temporarily in the Oklahoma City Field Office to assist in the Alfred P. Murrah Federal Building bombing investigation. In April 2000, Montoya was promoted and worked at FBI Headquarters. He oversaw national security investigations and operations. During this time, he assisted in the Robert Hanssen investigation. Montoya transferred to the Milwaukee Field Office in November 2002. He served as supervisor and oversaw the counterintelligence squad and several national security investigations. Montoya returned to FBI Headquarters in December 2005, was promoted to unit chief in the Counterintelligence Division, and participated in the establishment of the National Cyber Investigations Joint Task Force. He moved to the West Coast in July 2007 and worked in the San Francisco Field Office as assistant special agent in charge in the counterintelligence branch.

Joan McCarroll, Director, Systems Engineering and Integration (SE&I) Center of Excellence

In her role as SE&I COE Director, Joan is responsible for establishing and promoting TASC’s best practices and processes in SE&I, program protection and cybersecurity including insider threat analysis.  In her current role, Joan identifies Leading Practices in SE and deploys them across the company resulting in innovative solutions for our customers. In the area of program protection, Joan has expertise in both external and internal threat assessment and protection. Since joining TASC in 1990, Joan has performed and led end-to-end technical efforts in support of operationally deployed systems, systems under development, and future system architecture studies. She has held senior program management positions supporting the intelligence community in secure communications and SIGINT. Joan received her BSEE from Drexel University and her MS in Systems Analysis and Management from George Washington University. She has also attended Executive education courses at Darden and Strategic Marketing at the University of Chicago.


Kathy Mills, Corporate Security Officer/Security Director, CENTRA Technology, Inc.

Kathy joined CENTRA Technology, in November 2008 as the Corporate Security Officer/Security Director.  She is responsible for all aspects of CENTRA’s Security operations, including personnel security, program security, physical security, and Information security, at both CENTRA’s Arlington and Burlington locations. Kathy has over twenty years experience in security including management of day-to-day operational security, personnel management, administration, and maintaining all aspects of a security program under the National Industrial Security Program.

Randy Trzeciak Senior Member of the Technical Staff, Software Engineering Institute’s (SEI), CERT, Carnegie Mellon University

Randy Trzeciak is currently a Senior Member of the technical staff for the Software Engineering Institute’s (SEI) CERT Program. Mr. Trzeciak is a member of a team in CERT focusing on insider threat research. The studies analyze the physical and online behavior of malicious insiders prior to and during network compromises. Other insider threat research uses system dynamics modeling for risk analysis of the impacts of policy decisions, technical security measures, psychological issues, and organizational culture on insider threat. Mr. Trzeciak also is an adjunct professor in Carnegie Mellon’s H. John Heinz School of Public Policy and Management. Prior to his current role in the CERT Program, Mr. Trzeciak managed the Management Information Systems (MIS) team in the Information Technology Department at the SEI. Under his direction, the MIS team developed and supported numerous mission-critical, large-scale, relational database management systems.

 

Register now

Cyber Security Survey
Read More

Cyber Security Survey

Last fall, the InfraGard National Capital Region Members Alliance (INCRMA), FBI-Washington Field Office, and the Government Technology & Services Coalition (GTSC) co-hosted a cyber security program at which we announced our intention to develop a survey for companies to share their experience with cyber security “incidents,” hacking, viruses, spear phishing, malware, and other suspicious activity, in addition to asking about what kinds of tools and resources could be most valuable to help industry be more prepared.

gtsc_securityThe survey collects data on the type and frequency of computer security incidents in which a computer was used as the means of committing a crime against the company or as a conduit through which other intrusion and/or criminal activity was perpetrated. It also collects data about the type and size of the company, cyber security practices, and computer infrastructure.

The results will provide the basis for enhancing or initiating efforts to strengthen the information sharing and awareness to inform our public private partnerships and create meaningful programming and tools to combat the cyber threat. 

Initial results will be reviewed at our Cyber Security Awareness Month program on October 23 with Dr. Phyllis Schneck, the new Deputy Under Secretary of Cyber Security at DHS. The full results will be released this fall. The questions have been developed by GTSC from a previously issued DOJ survey, in combination with input from FBI-WFO’s Cyber Branch and the INCRMA’s Cyber Special Interest Group. Please feel free to share the link with others who you believe would be appropriate respondents.

Cyber Security Insurance: Does Your Company Need It?
Read More

Cyber Security Insurance: Does Your Company Need It?

“Cybersecurity – A Special Report”…with newspaper headlines like this in the The Washington Post, cyber security is THE hot topic.  If your company uses a computer, credit card, checking account, files a tax return, employs smart phones, or uses iPads, your business is a target for losing intellectual property or becoming the vehicle for a cyber attack — with a huge financial loss as the result.

For individuals the theft or misuse of private information occurs daily.  Signals stolen while using public internet, misplaced cell phones, fishing attacks on home computers, and theft of personal computers happen throughout our society and result in long-term financial crisis.

Small Business owners face even greater obstacles from cyber attacks.  A recent National Small Business Association reported 44% of their 800 surveyed members had fallen victim to a digital break-in.  What are the steps we can take to help thwart these information criminals?  Solutions for both companies and individual citizens are very similar.

All business firms using the internet must have a strong risk management plan established and adhere to the rules in order to lessen the impact of cyber theft.  With the growth of cloud computing, use of smart phones and tablets, employees telecommuting, and digital information flowing outside the office, cyber attackers have many more access points.  The Federal Communication Commission (FCC) lays out guidelines to prevent cyber attacks.  Among their suggestions are:

  • Train employees in security principles.  Use strong passwords with expiration dates.
  • Protect information, computers and networks from cyber attacks.  Install fire wall security, the latest security software and web browsers.
  • Create a mobile device action plan.  Password protect devices, encrypt data, and install security apps and how to report lost or stolen equipment.
  • Make copies of all important data.  Store offsite or in the cloud.
  • Passwords and authentication.  Require unique passwords and change every three months.

Many businesses have the additional exposure of outsourcing data.  Many businesses share customer information with third parties who provide billing, payroll, and employee benefits.  Additionally, web hosting, HR services, and information technology services are frequently outsourced.  Despite this outsourcing exposure many businesses do not require third parties to cover costs associated with data breach in their contacts.  When using outside partners, what is the risk-management strategy they use to protect you against financial loss and reputation harm?

Because of the explosion in internet usage many companies are seeking contractual risk transfer and indemnification through insurance.  Starting in the early 1990’s insurance has changed to provide protection for cyber growth.  Today numerous insurance companies either provide stand-alone policies or add the protection with other coverages, such as Directors & Officers policies (D&O), Errors & Omission Policies (E&O), and Fiduciary Liability policies. An E&O policy is a type of professional liability typically issued to companies setting standards for them selves or other clients.  D&O liability coverage is designed to protect companies against their management decisions and covers directors, officers, staff and the organization itself.

Cyber Liability Policies should provide protection for both First Party and Third Party Claims.

First Party coverage includes:

  • Network and Information Security Liability
  • Communication and Media Liability
  • Regulatory Defense Exposure

Third Party coverage includes:

  • Crisis Management Event Exposures
  • Security Breach Remediation and Notification Expenses
  • Computer Program and Electronic Data Restoration Expenses
  • Computer Fraud
  • Funds Transfer Fraud
  • E-Commerce Extortion
  • Business Interruption and Additional Expenses

Cyber Insurance helps before the loss occurs by going through a thorough underwriting process to help highlight the potential risk exposures to be addressed.  Nevertheless, should the loss occur these policies help in determining the data leak, PR crisis, IT crisis, and the financial crisis.

The recommendation to combat today’s cyber threat involves risk management planning, assistance from third party partners, and insurance coverage to assist should a loss occur. For more cyber security tips, visit www.US-CERT.com. Learn about the FCC’s Small Business Cyber Planner here.

Mary Jordan, “CYBERSECURITY – A Special Report,” The Washington Post, Thursday, October 10, 2013

P Allen Haney

P. Allen Haney, President, P. Allen Haney Company

Mr. P. Allen Haney is a Strategic Advisor to the Government Technology & Services Coalition. He is also a trusted advisor to business owners and nonprofit executives, Allen Haney is best known for solving problems. His consul on employee benefits, executive compensation, and retirement planning routinely vitalizes the health and sustainability of closely held businesses and associations.

He is most appreciated for his all-inclusive, uncompromising commitment to expand client capacity by uncovering risks and opportunities hidden in blind spots. Read more about Mr. Haney here.

Oct. 23: Cyber Security: Focus on Public Private Sector Collaboration
Read More

Oct. 23: Cyber Security: Focus on Public Private Sector Collaboration

Join GTSC and the InfraGard National Capital Region Members Alliance for a cyber program focused on the threats to the public and private sector.  gram.  Since Executive Order 13636 and PPD-21 were issued in February 2013, there has been a renewed focus on the challenges of security the nation’s digital infrastructure. Most admit and understand that our cyber security relies on a strong and vital collaboration between industry and government — whether that be the industry protecting our critical infrastructure or industry that provides the underpinning of our economy.  Legislators on Capitol Hill  are trying to determine how to streamline authorities and responsibilities and law enforcement and other agencies in the Federal government are grappling with preventing and mitigating the impacts of this threat.  This session will discuss DHS’ role in cyber security, how the private sector and Federal partners are communicating, what threats are at the forefront from cyber hackers, hostile nation states etc. and how we see future collaboration improving to fight these threats and protect our economy and infrastructure.

gtsc_securityAGENDA AT A GLANCE
8:00 AM Registration & Breakfast 
8:30 AM Conference Introduction
8:45 AM Keynote: The Challenges of Cyber Security
9:30 AM How do we share information more effectively? 
10:30 AM What are the latest threats? 
11:30 AM Lunch on your own in the National Geographic Society Cafeteria
12:30 PM Keynote: Cyber Security Priorities from the DHS Perspective
1:15 PM Where is the Government Targeting their Resources?
2:00 PM What the Private Sector Do?
2:45 PM Closing Remarks 
Confirmed Speakers:

Keynote: Dr. Phyllis Schneck, Deputy Under Secretary for Cyber Security, NPPD, DHS

Dr. Phyllis Schneck, McAfee’s former CTO and vice president of the global public sector, has been named deputy under secretary of cyber security for the National Protection and Programs Directorate at DHS. Join us to hear her priorities for cyber at NPPD!

Denise Anderson, National Council of Information Sharing and Analysis Centers (ISACs); Vice President, Financial Services-ISAC

Noel Due, Supervisory Special Agent, FBI – HQ, Cyber Division, Operation Clean Slate

Brian Finch, Partner, Global Security, Dickstein Shapiro LLP

John Harmon, Partner, Tactical Network Solutions

John Lainhart, CGEIT, CISA, CISM, CRISC, CIPP/G, CIPP/US Partner, Cybersecurity & Privacy, US Public Sector, IBM Global Business Services

James Mulvenon, Vice President, Defense Group Inc., Center for Intelligence Research and Analysis

Vipul Sharma, Vice President & CTO, Civil Government & Healthcare IT solutions, L-3 STRATIS

Trent Teyema, Assistant Special Agent in Charge, FBI WFO, Criminal Division – Cyber Branch

Glenn Wood, Vice President, Technology, InfraGard Board & Co-Chair, Cyber SIG

 

About the InfraGard National Capital Region Members Alliance

The InfraGard National Capital Region Members Alliance (INCRMA) consists of a growing membership of professionals who are creating a more resilient critical infrastructure in the Washington, DC metro area. These include defense industrial base, information technology, water supply systems, electrical energy, emergency services, law enforcement, health systems, transportation, banking, and telecommunications. Our membership is voluntary yet exclusive and is comprised of individuals from both the public and private sector. The main goal of INCRMA is to promote ongoing communication, education, and community outreach between the public and private sectors and the FBI. In doing so, information is shared, relationships are strengthened, and vital assets are protected.  To learn more, visit us at www.infragard.org.

 

Register now

Spear Phishing: Getting Caught is a Drag
Read More

Spear Phishing: Getting Caught is a Drag

LeapFrog Phishing

I’m a Spear Phisherman. I want to catch the big one and reel it in! But I’m not talking about tuna; I’m talking about landing your personal information. Here’s my secret: I impersonate your friends, your bank and the people you trust to gain access to your computer and your network.

PDN_MalWareI’m pretty good. I know that you can’t always tell the difference from the real messages and the fake ones that I dangle in front of you. It doesn’t take long for me to gather lots of personal information about you — what you like, who you follow, what you purchase online and which websites you visit.

I use the information I find through open sources and develop personalized messages designed to trick you into believing they are from trusted entities. Spear phishermen like me can design emails, tweets, phone texts and even Facebook updates that access your private information after just one click.

Once you open the message, I trick you into giving me your user names, passwords or other office information, which allow me to access your network undetected. Little did you know that you just gave me the ability to take all the company information I would like.

It’s easy to avoid my targeted attacks and protect yourself against “Spear Phishing:”

  • Be stingy with your user name and password. Don’t share personal information with anyone. At all!
  • Don’t surf the Web chasing popular stories, blog posts, videos, etc. I love to hide in these sites, learn about your likes and dislikes and then target you.
  • Think before you click links from social media sites, emails or text messages. That’s the easiest way for me to catch your information.
  • Verify any caller before providing names and email addresses of your coworkers. Be the first line of defense.
  • Delete suspicious emails without opening them or responding to them. If it looks suspicious and you don’t know the sender, it could just be bait. Use caution!

It’s easy to protect your information against my traps and keep your personal and company information safe.

Protect — don’t neglect — your information against Spear Phishermen like Mal Ware. For more information, check out www.us-cert.gov.

Lisa Martin CEO LeapFrog Solutions, Inc.

Lisa Martin
CEO
LeapFrog Solutions, Inc.

LeapFrog Solutions (LFS) is a certified woman owned small business based in Fairfax, Virginia. Founded in 1996, we are a trusted source for commercial businesses and federal agencies seeking full spectrum creative solutions and exceptional program management. This blogpost is brought to you by GTSC in partnership with LeapFrog Solutions. For more information on cyber awareness campaigns contact Anjali Dighe at 703.539.6127 or [email protected].

 

Oct. 16: Mentor Session with Harris IT Services
Read More

Oct. 16: Mentor Session with Harris IT Services

Join the Government Technology & Services Coalition for a Mentor Session with Mr. Keith Bryars, the Client Executive for National Security and Federal Law Enforcement at Harris Harris IT Services on Wednesday, October 16.

About Harris IT Services

A leading provider of end-to-end solutions in mission-critical IT transformation, managed solutions, and information assurance for defense, intelligence, homeland security, civil and commercial customers. With over 3,300 professionals worldwide, Harris IT Services offers demonstrated past performance, proven technical expertise and innovative solutions in supporting large-scale IT programs that encompass the full technology lifecycle.

About Keith Bryars, Client Executive

Keith Bryars is a client executive with Harris IT Services. Harris IT Services designs, deploys, and operates secure communications systems and information networks with optimal reliability and affordability for high-profile customers in government and commercial markets, delivering expertise in cloud services, cyber security/information assurance, enterprise managed services, mobility, and systems integration worldwide.

Mr. Bryars joined Harris Corporation in April 2012 following a 25-year career as a senior executive special agent with the Federal Bureau of Investigation (FBI). Throughout his FBI career, Mr. Bryars was involved in a number of significant highprofile investigations involving counterterrorism, cybersecurity, counterintelligence, public corruption, and violent crimes. He is considered a subject matter expert in Federal Law Enforcement and National Security matters.

At the FBI, Mr. Bryars led and managed field operations across the country and served in the FBI’s Kansas City, Miami, Nashville, Birmingham, and Washington field offices, and at FBI headquarters in Washington, DC. As an FBI senior executive, Mr. Bryars helped lead the FBI’s strategic transformation, post-9/11, to an intelligence-led, threat-driven organization.

He also served as a senior executive at the FBI’s Engineering Research Facility at the Operational Technology Division at Quantico, Virginia, where he oversaw all of the FBI’s technical programs supporting FBI field operations and intelligence collection, and directed a variety of technical capabilities and operational technology support to the FBI and other Federal Law Enforcement and National Security partners.

Before his FBI career, Mr. Bryars worked as a mechanical engineer in the nuclear power industry.

Mr. Bryars holds a bachelor’s degree in mechanical engineering from Auburn University.

Harris is an international communications and information technology company serving government and commercial markets in more than 125 countries. Harris is dedicated to developing best-in-class assured communications® products, systems, and services.

About GTSC’s Mentor Companies

The Government Technology & Services Coalition’s (GTSC) Mentor companies understand how critical a robust, successful homeland and national security market is to our nation’s security.  Together with our members, these firms are committed to bringing the innovation, ideas and agility of small business to the experience, infrastructure and resources of large companies.  GTSC mentors join us to provide advice and counsel to small and mid-sized companies, find new and innovative teaming partners, address challenges in the prime/subcontractor relationship in a neutral environment and improve mentor/protégé communication and success.  Both our large and small companies recognize that the best security for our citizens – both physically and economically — is derived from the ability of our markets to meet the challenges posed by terrorism, natural disasters, and criminal activity.

 

Register now

Removable Media: Do You Know Where That’s Been?
Read More

Removable Media: Do You Know Where That’s Been?

LeapFrog Tip #2 Removable MediaSteer clear of portable malware by using only secure removable media

Admit it. You can’t resist plugging those cute little USB thumb drives, miniature CD ROMS and other removable media devices into your computer. They’re easy to use, portable, convenient and they hold lots of data.

PDN_MalWareBut my hacker friends and I discovered that those nifty memory devices are a great way to get into your computer and your network — especially if you don’t know where they came from. We hand them out everywhere we go. Everybody wants one. We pre-infect them with malware or spyware. The second you plug them into your USB port, presto! I’m running around your computer, free and easy.

Sure, it’s handy to download files onto a thumb drive and take them home with you instead of lugging your laptop around. But humans have a propensity to lose things. People misplace their thumb drives or CD ROMS all the time. Because they are so small, it’s pretty easy to steal them, too.

But you can protect yourself, your computer and your network. Just follow these easy tips:

  • If you don’t know where it came from, don’t put it in your computer.
  • Safeguard your memory sticks. Keep them in a safe place.
  • Use encryption. Protect sensitive data on your thumb drives.
  • Print hard copies of documents and back up data on removable media.

Remember, losing a memory stick that contains important data could have severe consequences. Protect, don’t neglect! For more information, check out www.us-cert.gov.

Lisa Martin CEO LeapFrog Solutions, Inc.

Lisa Martin
CEO
LeapFrog Solutions, Inc.

LeapFrog Solutions (LFS) is a certified woman owned small business based in Fairfax, Virginia. Founded in 1996, we are a trusted source for commercial businesses and federal agencies seeking full spectrum creative solutions and exceptional program management. This blogpost is brought to you by GTSC in partnership with LeapFrog Solutions. For more information on cyber awareness campaigns contact Anjali Dighe at 703.539.6127 or [email protected].

Get Smart About Your Password
Read More

Get Smart About Your Password

LeapFrog Banner #1You shared your password … now I know all your secrets. Don’t get exposed — be smart about your password!

PDN_MalWareThe attacker who writes my code is on the hunt for your password. Once he gets it, he inserts me, Mal Ware, into your network so he can see all the information that your employees need to keep private. I love taking secrets that aren’t mine and using them to do bad things. So don’t make it easy for me or your attacker.

Here are ways you can protect your information from my malicious intentions:

  • Keep your password to yourself. It’s supposed to be secret — so don’t share it!
  • Don’t be fooled by what others may say:
    • IT support does not need your password.
    • Your coworkers do not need your password to read your email. Share your inbox with another user or use a team email account.
    • Your assistant doesn’t need your password to do his/her job. You can give others access to your Outlook calendar and email.
    • Share file folder access with specific coworkers to avoid password sharing.
    • You don’t need to share your password with others to access the same sites or content management systems. Everyone with duties assigned on a system should have his/her own login and password.
    • Be creative to make your password uniquely yours:
      • Use a variety of symbols, letters, capital letters and numbers.
      • Avoid using words related to your company.
      • Avoid sequences or repetition of letters or numbers, words spelled backward, common misspellings or abbreviations.
      • Encourage others to be smart about their passwords. Make them aware of the threats that are out there if they share them, because once I have access to the network, I have access to everyone and everything.
      • A data breach could embarrass you and/or your company … or much worse.

It’s not difficult to avoid my threats. Just don’t share your password with anyone, and be smart when creating it. Protect, don’t neglect, your password! For more information, check out www.us-cert.gov.

Lisa Martin CEO LeapFrog Solutions, Inc.

Lisa Martin
CEO
LeapFrog Solutions, Inc.

LeapFrog Solutions (LFS) is a certified woman owned small business based in Fairfax, Virginia. Founded in 1996, we are a trusted source for commercial businesses and federal agencies seeking full spectrum creative solutions and exceptional program management. This blogpost is brought to you by GTSC in partnership with LeapFrog Solutions. For more information on cyber awareness campaigns contact Anjali Dighe at 703.539.6127 or [email protected].