Security Practitioners Share Tips For Cyber Security Awareness Month
An Engaged Workforce Makes The Difference For Cyber Hygiene
Only so much can taught about cyber hygiene through annual security training in the organization’s break room. As part of Cyber Security Awareness Month, we have collected tips and best practices from security leaders. More importantly, these are the insights that make a difference in having the workforce be part of your security posture.
First off, we’d like to start with some bright ideas collected through conversation over the year but were not able to attribute to just a single source.
- Ask users to create and maintain only 3 sets of credentials – one for personal email; one for the business login; and one for the password manager app
- Some organizations need to secure their end-users, such as an eCommerce site. If strong authentication is not used by the end-user, reduce the risk and liability from a breach by storing less sensitive info. For example, do not allow payment card details to be stored with weak authentication.
Chief Information Security Officer, NIH Center for Information Technology, Office of The Director
Use different browsers for different purposes (e.g. one for banking, another for work, another for surfing) and close or logout of each session after you are done.
Global CISO, OSI Group
- Most bad actors try to rush you into making a decision - take a second and think twice before you act.
- Trust your gut (you are the first defense against scams) - if you receive something that is not expected, does not sound right or is too good to be true, there is a good chance the bad actor is trying to impersonate the sender. If you feel it is off - call the sender or type in the link rather than clicking.
- Don't trust the link at face value - hover your mouse over the link to see where it actually leads you before you click.
- If you see something, say something. Our job as security practitioners is to engage our employees and make them part of the solution. If we treat them as the weakest link and provide no awareness, we have already lost the fight.
- Do not share passwords across your personal and corporate accounts. Hackers will find a way to link your personal account to your corporate presence.
See Related: Interview: Michael Welch, CISO, OSI Group
CEO & President, Task Force 7 Radio, LLC
- Use a password manager to help you manage unique independent passwords for all of your online accounts.
- Use multi-factor authentication (MFA) whenever offered by a service you use online
- Use extreme caution clicking on links or attachments in emails from people you know and never click on anything in an email from someone you don’t know
- Make sure you regularly back up your sensitive data to a secure location as ransomware attacks are becoming more prevalent
Dr. Rebecca Wynn
CISO, Information Technology
- Think twice before clicking on links or opening attachments. Even if an email looks like it's from someone you know, take care with attachments. Take that extra second to avoid walking into a digitally dangerous situation. Don't reply to the email because the sender's identity might have been compromised.
- Verify requests for private information. Whenever you are requested to provide private information (yours or anyone else's), verify the identity of the requester — even if it appears to be somebody you know. Con artists are clever in how they collect information to steal information and identities. Even if you think you're safe, regularly check your financial statements and credit reports.
- Protect your passwords. Never reveal your passwords to anyone. Make them long, strong, unique and use MFA wherever possible.
- Use a password manager.
- Use different passwords for different accounts.
- Use different passwords for work and home.
- Don't let apps and websites remember your passwords.
- Protect your stuff! Keep a close eye on your belongings when you're in public places. Lock things up or take them with you before you leave, even if you’ll only be away for a second. When you're at work, secure your area and lock your computer screen before leaving your desk. Take your phone and other portable items with you.