ACT—or "Achieving Cybersecurity Together"—is essential to securing and protecting Information Technology resources at DHS. Combined with the enterprise’s robust information security strategy and comprehensive architecture, employee responsibility ensures a collaborative approach that builds a resilient cybersecurity posture for the Department and the nation.
Some best practices for ACT include properly using DHS IT resources:
- Register and use your Personal Identity Verification card (PIV card) to access the DHS network, and also maintain security of login usernames and passwords. For complete information about PIV card access, including registration instructions, visit http://dhsconnect.dhs.gov/PIV. In addition, always keep usernames and passwords private and secure. Only use strong passwords, and change them often.
- Be suspect of unexpected e-mails, which may have attachments with malware or links that could take you to malicious sites. Always forward questionable email to FEMA-Spam@fema.dhs.gov. It will be checked against known scams or attacks. If there is a significant cyber threat, you will be contacted by an information security professional from the Cyber Threat Management Section.
- Avoid using Webmail on the DHS network. Webmail—or personal e-mail accounts such as Gmail, Hotmail, Yahoo, and others—is not scanned by the Department’s information security architecture, thus bypassing all enterprise e-mail security features. Webmail often includes threats such as spearphishing, which could compromise not only DHS IT resources but also your personal credentials.
- Protect DHS data and resources. Store DHS information only on DHS-owned or provided systems and equipment, and encrypt any sensitive information stored on portable devices such as DVDs, CDs, or thumb drives.
- Lock computers whenever leaving. Press Ctrl+Alt+Del, or the Windows logo key and L, to lock computers.
How employees use the Department’s IT resources impacts the network’s cybersecurity and, ultimately, the DHS mission. Employees who adopt ACT best practices do their part in protecting the DHS network.
This article, the second in a series of four, reminds all DHS employees of their shared responsibility in building and maintaining resilient cybersecurity for the enterprise in conjunction with the National Cyber Security Awareness Month campaign. NCSAM is a national public awareness campaign encouraging Americans everywhere to protect their computers and the nation’s critical cyber infrastructure.
For more information on National Cybersecurity Awareness Month, visit DHS.gov. Previous articles from DHS’s internal NCASM campaign are available at the Cybersecurity Information Center on DHS Connect.