Lift your cyber veil of ignorance

Your internet activity could impact workplace security.

Ever consider that by “liking” an ad, picture, or video on Facebook you may have invited a computer worm to sift through your personal information? 

According to Infosecurity magazine, cyber security, cyber espionage and cyber terrorism top the 2013 list of information security threats.

Individuals, industry and governments are clamouring to proactively manage the inherent security demands.

Your personal computing habits – the way you browse the internet, use social media, and save and transfer files – can also be a hazard to work place security.

Sharing the details of your daily activity is common place in social media. Minute-by-minute updates of your personal life are not harmful unless sensitive information is included in your posts.

For example, Tweeting, “Glad the ship broke down and we get to stop in Crete for parts…who know how long the repairs will take,” discloses Essential Elements of Friendly Information (EEFI) that are useful to anyone who wants to cause harm.

In general, EEFIs include information about personnel, equipment, capabilities, position, and operations. This Tweet has just told the “bad guys” where the ship is headed (position), that she is broken (capabilities), her operational capability is limited and that the ship’s company will likely be exploring the sights and sounds of downtown Crete. This is valuable information for anyone with the will and means to derail the ship’s mission.

Private computing behaviours seldom adhere to principles of acceptable workplace computing and are rarely conducive to operational security (OpSec). The recently promulgated VCDS OpSec directive (CANFORGEN 032/13) serves as a reminder and a warning to Canadian Armed Forces (CAF) personnel that sensitive information must be handled with care, exercising due consideration for public safety and national security. With access to privileged information comes the obligation to safeguard it appropriately.

Collectively, the goal is to make a clear distinction between personal and workplace computing, and to moderate your activity to comply with OpSec regulations and defend against cyber attacks. Increased awareness, training, and skills development are the best defences against what is essentially a cyber veil of ignorance.

For more information on information security, visit www.tbs-sct.gc.ca/sim-gsi/index-eng.asp.

-PO2 Thandi Pilkey, Base PA