Is your military family safe online?

A survey paints an alarming picture of what kids are encountering online, while more than half of parents admit to not monitoring activity.

Nearly one-third of adolescents said they met someone online who claimed to be someone they were not, using fake photos and fake identities, according to the National Cyber Security Alliance, while other findings reveal only 41% of parents say they check their teenager online versus 68% who monitor children under 9 years old. At a time when digital users are connected daily at school, work and home, experts recommend families take stock of their cyber fitness.

Retired Air Force Master Sgt. Alexander Hubert, CISSP, director, Cyber Security Division, 2d Theater Signal Brigade at Wiesbaden, Germany, is a school mentor and understands how cybersecurity affects every member of the military family.

“Much of our life today is lived, posted, and shared online, from personal matters to legal and financial matters,” Hubert said. He suggests families address the following questions to improve their cyber fitness:

What are my kids doing online?

• Know kids’ passwords, browsing and social media history, messages, and posts.

What am I doing online that endangers my family?

• Pictures taken with location services on and posted to social media allows predators to pinpoint your location.
• Cat-phishing, spear-phishing, whale-phishing, phishing, cyber-bullying, cyber-shaming, and adware/malware are real. People have lost their lives over this. Talk about cybersecurity, be aware, and protect and defend your cybersecurity landscape.

How safe are my online finances and private transactions?

• Financial information is only as safe as the cybersecurity of the financial institution and your device.
• Check for the lock icon or “https:” in your browser address bar to ensure communication between you and bank’s website is encrypted and secure.
• Protect devices, including mobile, by ensuring every device has anti-virus/malware software application and third-party applications — such as Adobe or Java — are set to auto update and most current versions.
• Use strong passwords, such as two uppercase characters, two lowercase, two numbers, two special characters, and then repeat.

Am I happy with my online persona and what can I do about it?

• Take inventory about you, your family, and what is your online persona.
• Google all variations of your name and do the same for family members.
• If anything should not be online, get it removed. Every site has a privacy policy and opt-out process to ask the site owner to remove content.

What about OPSEC?

• The Department of Homeland Security advises to stop, think, and then connect.
• Stop and think about metadata behind pictures and if posting poses a threat to your spouse, deployed location or the personnel.
• Turn off location data for pictures.

Col. Brett Riddle, director of the Cyber Battle Lab at Fort Gordon, Georgia, expands on risks regarding seemingly “innocuous” smart speakers and digital assistants.

“It is important for military families to know that though the device may appear to off, it is listening all times, waiting to hear key words that trigger the assistant to respond and record,” Riddle said.

Smart speakers can record conversations not meant to be recorded, which may then be uploaded to the cloud database and become property of the tech company. He continues, “… these companies reviewing the recordings from smart speakers have little regulated oversight,” and therefore, “the risk of personal information leaking is significant.”

In addition, Riddle says though, “OPSEC is trained pretty rigorously within the ranks, it doesn’t cover risks associated with smart speakers and we often times let our guard down when we are within the comfort of home.”

Follow these precautions:

1. Turn off/mute smart speakers when not needed.
2. Configure privacy settings to disable recording function — each device is different; recommend a web search for device being used.
3. Disable settings not needed.
4. Review and delete previous recordings. Be advised deleting recordings could impact devices ability to recognize voice commands.
5. Secure wireless network using WPA2 (wireless encryption).
6. Give wireless router and modem a name; don’t stick with defaults.

Bluetooth is built into almost every electronic device and as we embrace the Internet of Things, this trend will continue, Riddle says,  and “given this connectivity, it is important for military families to understand there are still risks within the Bluetooth protocols and coding that we all need to be aware of.”

Common threats are: 

1. Bluesnarfing: Hacker exploits connections to steal information.
2. Bluebugging: Hacker takes control of smartphone using wireless connection.
3. Key Negotiation of Bluetooth (KNOB) Attack: Attackers crack encryption built within protocol and carry out attack without pairing with the target (stealth attack).
4. Eavesdropping: Problem for older devices or those not updated to newest version.

Steps to mitigate Bluetooth attacks:

1. Turn Bluetooth off when not needed.
2. Ensure Bluetooth is current. Unfortunately, the only way to update Bluetooth within cell phones is purchasing a new one.
3. Change Bluetooth settings to non-discoverable (hidden). When purchasing wireless headsets or ear buds, purchase models with encryption, and only pair device to known, trusted devices.
4. When possible, change PIN to more secure combinations, not defaults. Always be alert when using public networks.