FALLS CHURCH, Va. -- From protecting systems and data to regular training updates, cybersecurity is a top priority in the workplace – and it should be at home, too. By making cyber fitness a part of daily routines, families can protect their online information and personal well-being.
Servio Medina, Cyber Security Division Policy Branch lead at the Defense Health Agency, said cybersecurity used to be considered a technological problem, but now it’s viewed as a human knowledge problem and a personal responsibility. The need for cyber awareness goes beyond the workplace and into homes, impacting items ranging from electronic devices to toys, and increasing the importance for people of all ages to be ‘cyberfit,’ as Medina says.
“We do want to empower [people] to not unwittingly compromise their own information and their own well-being,” said Medina while speaking at Defense Health IT Symposium in July. Part of the Military Health System’s role in taking care of families is helping them understand how to protect their online presence, he said.
Cyberfitness, also known as cyber hygiene by the Department of Health and Human Services, is defined as an individual’s health or security when conducting all activities online. Medina called it a readiness issue.
Being cyberfit includes recognizing risky behavior, such as clicking a link in a suspicious email, said Medina. Federal employees are required to take yearly cyber awareness training and comply with Health Insurance Portability and Accountability Act (HIPAA) guidelines for protecting health care information. But roughly 80 percent of cybersecurity breakdowns can be traced back to human error after training, according to a 2015 Department of Defense memo that included a plan to close the gap.
Medina said an increase in awareness and accountability is needed to reduce cyber risks. He draws a parallel with the practices and choices we make every day for overall fitness.
“You should probably get a medical expert’s assessment if you suspect having something worse than a cold, yet we really don’t have the same mindfulness when it comes to cyber practices and choices,” said Medina. The DoD released its 2018 Cyber Strategy, which emphasizes that leaders and their staffs need to be “cyber fluent” so they can understand the cybersecurity implications of their decisions.
“By understanding the consequences of their cybersecurity decisions on the job – and seeking a cybersecurity expert’s assessment – people can be better equipped to use this knowledge in their activities outside the office,” said Medina.
“We at the DHA care about family cyberfitness because innovations are enabling Military Health System beneficiaries to have greater and easier access to electronic health records, communication and prescription tools, and more,” he said. “Without cyberfitness, these health IT innovations might lead to information being misused by mistake or on purpose.”
Medina said military families in particular often face challenges with cyberfitness. Frequent moves and deployments upset routines and social connections. Some parents may become so distracted by the basic details of re-establishing households that they don’t pause to consider what their children – who seem to be positively occupied – may be doing online, he said.
Kelly Blasko, a psychologist and program lead for the mobile app and web program in the Connected Health branch in the Defense Health Agency at Joint Base Lewis-McChord in Washington, referred to video games and online chat rooms as examples of possible security threats facing children and teenagers.
“We tell children not to talk to strangers and that’s usually in a face-to-face situation, but it’s true on the internet as well,” said Blasko, a representative for Military Kids Connect. Cyber predators can target minors through the use of false links that allow access to the computer or accounts used by the child, she warned. “That really puts them at risk.”
Identify theft is often thought of as a problem for adults connected to financial identity, but children can also be targets, Blasko said. “They use the family computer and it might have banking account information or Social Security numbers that could allow someone to open a credit card in the name of a child, and then that ends up being a real problem.”
Medina said it’s important for parents to talk with children about cyberfitness frequently and candidly. He stressed that those conversations can empower children to make smart decisions and understand that cyberfitness is a daily priority. “Begin the conversations when they’re young, with age-appropriate messages on topics like creating strong passwords, safeguarding personal information, and turning to a trusted adult immediately if anything online makes the child uneasy.”
Blasko recommends having the conversation before any security concern comes up. Paying attention to how children and teenagers use the internet, educating them on cyber awareness, and having an open dialogue can allow young people to feel comfortable going to a parent or trusted adult for help, she said.
According to the Department of Homeland Security, children between the ages of 8 and 18 spend an average of seven and a half hours online every day at home, school, and public spaces.
“Practically everyone, young or old, can click into and connect with data, information, and other people,” said Medina. Many household items that rely on an internet connection and may seem mundane – such as security cameras, baby monitors, or wireless devices – can put people at risk for a cybersecurity breach, said Blasko.
Medina said the Defense Health Agency’s health information technology team offers information to ensure cyberfitness at home, including a five-day plan: Day 1 – add strong passwords to devices; Day 2 – clean out mobile apps; Day 3 – protect stored information; Day 4 – share information wisely; and Day 5 – beware of health information fraud.
The DHS campaign, Stop.Think.Connect, offers parent and educator resources for talking about cybersecurity with children.
“We have to protect our military children and families,” said Blasko. “They’re really who we serve and we don’t want them to be jeopardized in any way.”