An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Common Cyber Threats and How to Avoid Them

  • Published
  • By Capt. Randolph Wilson II
  • 379th Expeditionary Communication Squadron
April 25, 2016 --  Securing the domain, known as cyber, is not at all easy. It is very much a whole-team effort and a critical piece of cybersecurity starts with you – the user. There are many threats encountered in this realm, but two fairly common ones are phishing and privilege misuse.

Phishing. Phishing is trying to obtain financial or other confidential information from Internet users, typically, an email that looks as if it is from a legitimate organization. An email may appear to be from your financial institution, but contains a link to a fake website that replicates the real one. Even with countless hours of annual Department of Defense Cyber Awareness training and constant reminders that clicking on hyperlinks in unfamiliar email messages will open worm holes, there are those who still ignore cybersecurity measures.

How to Avoid Phishing: As training indicates, pay attention to what you are clicking on. This also includes websites as well. A fairly recent example of this is the fake AEF Online website that was created. A good tip to avoid a phishing scam is to navigate via AF Portal, rather than another source. Another general tip is to observe the URL for anything that looks incorrect, such as .com when you would expect .mil or .gov.

Privilege Misuse. Privilege refers to the accesses or permissions granted to a specific network account. Most have basic-level user permissions, allowing those to perform routine functions, such as opening applications, accessing share drive(s), navigating the web, etc. Those with administrator-level user permissions can make system changes, create accounts, install programs, etc. The misuse comes from using administrator accounts for basic user activities, which greatly increases the risk of compromising your entire system and/or network if the administrator account becomes infected.

How to Avoid Privilege Misuse: Do not use your privileged administrator account to conduct basic user actions. Have your unit representative create a separate, non-privileged local account to perform these actions. Example – the 379th Expeditionary Civil Engineer Squadron or similar unit-level organization, requests an account; those in the squadron are given a non-administrator account. But on non-government or personal computers, one may tend to find cases where the local administrator account initially installed on your operating system—Windows, Mac OS, etc.—is likely the same account used to perform everyday activities such as web browsing, email, etc.