OCTOBER 21, 2024 – As part of Cybersecurity Awareness Month, the D.C. National Guard is urging members to remain vigilant against online threats and practice strong cyber hygiene. U.S. Amy Staff Sgt. Francisco Fuentes, Cybersecurity Operations Branch Chief and Information Systems Security Manager (ISSM), stressed the importance of awareness, password security, and adhering to cybersecurity protocols.
“The biggest threat is the user,” Fuentes explained. “We can’t control what someone clicks on or how they respond to suspicious emails, and that opens the door to attacks.”
One common tactic cybercriminals use is phishing, where malicious websites or emails mimic legitimate platforms to trick users into sharing sensitive information. “A link might look like it’s from Wells Fargo, but it could be missing a letter or directing you to a fake site that looks identical to the original,” Fuentes said. He advised users to always check for the security lock icon in the browser address bar. “A secure website will show a closed lock symbol; if it’s red or crossed out, that’s a sign something isn’t right.”
Social Engineering and Password Security
Beyond phishing, Fuentes warned about social engineering, which can happen in public spaces like cafes or even in the office. “Bad actors can ‘shoulder surf,’ meaning they’ll watch what you type or take notes. This can happen anywhere – at work, a library, or a coffee shop,” he said.
Fuentes stressed that weak passwords make people easy targets. “Some users prefer simple passwords or reuse the same one across platforms because it’s easier to remember. But that’s dangerous,” he said. “We enforce strong passwords here (D.C. National Guard) to prevent vulnerabilities.” He explained that cybercriminals use something called brute force attacks, where they try combinations of common words, names, or birthdates until they crack a password.
To combat these threats, the D.C. National Guard is moving towards multi-factor authentication (MFA), using military-issued Common Access Cards (CAC) for system access. “The CAC card is like a second password – something you have along with something you know,” Fuentes said. He also emphasized the importance of two-factor authentication (2FA) for personal accounts. “Many companies now send one-time passcodes via text or email. It’s a valuable layer of security.”
Building a Cybersecurity Culture
Fuentes encouraged all members to stay engaged with cybersecurity protocols and maintain open communication with the IT team. “Cyber hygiene is my top priority,” he said. “It’s not just about policies – it’s about awareness, communication, and education. Listen to your cybersecurity team, follow their directives, and stay updated on your training.”
Fuentes, who holds a master’s degree in cyber operations and is currently pursuing a Ph.D. in cyber defense, is passionate about fostering a culture of cybersecurity. “This is more than a job for me – it’s a passion. I stay up to date with the latest developments, and I hope others do the same,” he said.
Resources and Contact Information
For additional support, Fuentes directed members to the Joint Knowledge Online (JKO) website for annual training. DCNG members with specific cybersecurity questions can contact the cybersecurity team directly via the D.C. Cybersecurity inbox at dccybersecurity@army.mil.
As Cybersecurity Awareness Month continues, Fuentes’s message to all service members is clear: “Stay vigilant, follow the policies, and communicate with your cybersecurity team. We’re all in this together.”
To recap, here are essential tips from Staff Sgt. Francisco Fuentes that will help you stay safe while you’re online during Cybersecurity Month and all year:
- Secure your Common Access Card, or CAC, at all times. Keep it safe on your person and be sure to remove it from your computer when it’s not within arms reach.
- Keep confidential information out of view in public spaces. “Shoulder surfing” (when someone watches you type passwords or notes) can happen at cafes, libraries, or even at work.
- Passwords: Use strong, complex passwords for each of your accounts.
- Watch out for phishing attacks: be cautious of small typos or changes in familiar URLs that could redirect you to fake sites.
- Cybersecurity is a team effort. Report your concerns immediately to your cybersecurity team. Contact the team at dccybersecurity@army.mil for questions or support.
Story by Ayan Sheikh
DC National Guard