Dear Colleague,

As computer science majors who previously served in the national security field, we are writing to raise awareness
and improve the security culture in the House of Representatives. The ease with which foreign governments,
criminal syndicates, and everyday hackers can access your smartphone, tablet, desktop or laptop is frightening. The
Chief Information Officer of the House of Representatives has worked tirelessly to protect our offices from millions
of cyberattacks every year. But there are steps that Members of Congress and their staffs can take each day to better
protect our sensitive data.
Below we have identified some common ways that you can help protect your personal data, identity, and other
information:

Adopt Two-Factor Authentication: Also known as multi-factor authentication, two-factor authentication

is a security process whereby the user provides two means of identification as opposed to just a simple
password. Wherever available, two-factor authentication should be enabled for all Internet
services. Twitter, Facebook and Gmail are among some of the web services that offer two-factor
authentication as a setting.

Use Complex Passwords: For example, avoid using simple passwords such as 1234 or Password. The
House of Representatives system already requires a strong password consisting of numbers, letters and
symbols and prompts you to change it every so often. This should be a common practice for all users across
all platforms. Additionally, it is a best practice to avoid using duplicate passwords for separate accounts and
devices.

Install Anti-Virus Software and Apps: While smartphones are as powerful as many computers, most
people do not think to use anti-virus software as they would on their desktop. There are various programs
and apps for your mobile devices that will help mitigate cyberattacks and monitor for anomalous activity.

Use Encryption and Encryption Messaging Apps: As 60 Minutes recently highlighted, there are
numerous vulnerabilities throughout all communications platforms. Encrypting your voice and text data will
go a long way towards mitigating the various risks we have identified. There are a number of easy-to-use
applications that have end-to-end encryption for mobile communications. These apps will encrypt both your
voice and text messaging data. While this method is not foolproof, the use of these apps constructs a huge
barrier to your communications being deciphered.

Connect to only Trusted Networks: Up to 89% of all public wi-fi networks are unsecured. When you go to
a coffee shop, hotel or airport and log onto the wi-fi network, you could easily be logging onto a network set
up by hackers or a foreign government through a process known as wi-fi spoofing. Only connect to known
networks that you are 100% are encrypted. When available, WPA2 should be enabled for your home wi-fi.

Back-Up Your Data: As a recent notification from House security recently highlighted, ransomware and
phishing attacks are on the rise. Ensure that you have an isolated back-up of important or irreplaceable
data. In the event that you do fall victim to a ransomware type attack, your data will be accessible elsewhere.

The website of the United States Computer Emergency Readiness Team (US-CERT) provides a large amount of
valuable information on cybersecurity. Here is a link to their publication on cyber threats to mobile phones,
specifically: https://www.us-cert.gov/security-publications/cyber-threats-mobile-phones
Your devices will be subject to continuing cyber attacks. Hopefully this letter will help you to better defend against
those attacks.

Sincerely,
Ted W. Lieu
Member of Congress
Congress

Will Hurd
Member of

Visit the e-Dear Colleague Service to manage your subscription to the available Issue and Party list(s).