IMPORTANT REMINDER ON CYBERSECURITY AND AWARENESS

Please find an important notice below that I wish you communicate within your regions. While our IM/IT staff have increased their security posture in response to the increased threat, we must also remind all our personnel to be watchful and prepare ourselves in the event of an interruption of our IT systems.

Thank you.

BILINGUAL CORRESPONDENCE / CORRESPONDANCE BILINGUE
 
1. In light of Russia’s ongoing, military offensive in Ukraine, the Defence Chief Information Officer encourages all DND/CAF commanders and members to increase their vigilance and assume a heightened posture of cyber security awareness with their respective organizations, as well as to be prepared to maintain continuity of operations in the event of a disruption or loss of information technology and systems. 

2. As members of the CAF and DND, it is our individual and collective responsibility to take cybersecurity seriously. During this time, we must increase our vigilance and ensure our personal and work information remains secure.

3. Any malicious act or suspicious activity that a staff member witnesses should be reported to the Information System Security Officer (ISSO) (J6) immediately or to the CJCR IT SMC Service Desk by email [email protected] or calling 1-855-252-8082. 

4. Common threats and malicious activities (not limited to) are: 

a. Phishing:  A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. It is important to note that attackers can spoof an address that is familiar to you.  If you are not expecting the message, or it looks odd, don’t click on any links.  Report the message. 

b. Multi Factor Authentication fatigue: once attackers have a password, they will repeatedly attempt to log in, generating requests to authenticate hoping you’ll press “allow” just to make the notifications go away. 

c. Social Engineering: someone posing as service desk agent, or another familiar person/agency, asking questions about the structure of the system (what servers, where are they, do you use 2 factors authentication, where are you based, who is your commander, etc.) in order to gain information to launch further attacks. 

d. Education is key to improving cyber security awareness across the organization. The IT SMC has produced the following infographics found on Canada.ca that are a great resource and reminder of our responsibilities and what individuals can do to help maintain the security of our information and systems: 
​

1. The Best Practices for Safety on Virtual Platforms;
2. Cybersecurity – Ransomware;
3. Canadian Cadet Organizations Password Security; and
4. Cyber Update - Work vs Personal.

 
5. Remember, cyber security is everyone’s responsibility. 

END OF ENGLISH TEXT / DÉBUT DU TEXTE EN FRANÇAIS