Don’t let employee training fall to the side of data security. 
By: David PageSecurity AnalystQSAWhen it comes to data security, many businesses tend to think of things like locks, firewalls, and the latest technology to protect their sensitive data. But they often overlook their biggest vulnerability: employees.Now, I’m not saying employees are bad; they’re just human, and humans make mistakes. Unfortunately, many hackers will take advantage of human error to gain access to your data. You need to spend just as much time and money on your employees as you do on secure technology.Follow for more data security articles like thisMany data breaches happen as a result of a well-meaning employee doing something to make your business vulnerable, whether it’s clicking on a phishing email that downloads malware, giving out sensitive information to someone they shouldn’t, or not being diligent in protecting their passwords. Most of these cases aren’t even intentional or malicious.Why is training important?
A question a business may have is why should employee training matter so much? After all, a business just has to have a firewall and security policies in place and they should be good, right?Wrong.Your security policies are useless if your employees aren’t aware of them. For example, you may have a policy on what to do if you suspect a data breach. But if your employees aren’t trained in what they should do in that situation, they will likely make an error or waste time in reporting it to the right people, potentially causing your business more damage.Another problem is social engineering, which is rapidly becoming a big threat against businesses of all types and sizes. The problem with social engineering is that it targets your employees specifically. If your employees aren’t trained to recognize social engineering tactics, you could be vulnerable to a data breach.Finally, you and your employees should care about data security and maintaining compliance with PCI, HIPAA, and other industry data security standards. You need to instill a sense of urgency in your employees when it comes to data security. Sometimes they’re all that stands between your business and a damaging data breach.Who should be trained in data security?It’s important to train all of your employees on basic data security best-practices.It’s critical that employees with access to sensitive data know how to protect it.
TweetThings like email phishing scams and social engineering can affect anyone in your business from the top executive to the janitor. Make sure all of your employees are briefed on policies involving basic physical and data security.What should employees be trained on?It’s good to make a list of policies employees should be made aware of and be trained on. Some policies may include:technology usepassword managementdata handling proceduresincident response plansdata security best practicessocial engineering techniquesBasically, if you have a policy about security that involves your employees, your employees should know about it. Tips for training employeesHolding yearly meetings doesn’t really do it anymore—your employees need a constant reminder to prioritize data security in their daily activities. They will also absorb more information if they receive training more often. Here are some tips to get your employees ready.
Set monthly training meetings: focus each month on a different aspect of data security, such as passwords, social engineering, email phishing, etcGive frequent reminders: these could be sent out in an email or newsletter that includes tips for employeesTrain employees on new policies ASAP: also, newly hired employees should be trained on policies as quickly as possibleMake training materials easily available: Intranet sites are a great way to provide access to training and policy informationCreate incentives: reward your employees for being proactiveWatch out for your employeesIt’s important to make sure your employees understand how critical their role is in keeping your business’s data secure. Training employees should be a top priority in your overall data security strategy. After all, your employees are the ones standing between your data and the bad guys. Shouldn’t you make sure they know what to do?Need help finding resources for employee training? Talk to us!David Page is a Qualified Security Assessor and has been working at SecurityMetrics for 2 and a half years. He has over 18 years experience in network and system engineering, design, and security. 
The origins of human cooperation: Nature or nurture?
Where does our tendency to cooperate come from? Is it natural for us to cooperate or is it the result of social learning? It’s tempting to think that we’re born as non-cooperative beasts that need to be tamed via education and other forms of cultural learning. The whole idea of ‘human civilization’ revolves around the assumption that humans have somehow risen above animals because they can cooperate, have morals and be kind to one another.But even a casual look at nature will convince you that cooperation is not exclusive to humans. Chimpanzees cooperate, bees cooperate, wolves cooperate, birds cooperate, ants cooperate… the list goes on and on. There are myriad species in nature that cooperate with their conspecifics.This leads one to think that cooperation in humans must also have its roots in natural selection- that cooperation may not be entirely the result of cultural conditioning but something that we’re born with.Evolution of cooperationCooperation is usually a good thing for species to possess because it enables them to do things efficiently. What an individual cannot do by itself a group can. If you’ve ever observed ants carefully you must’ve seen how they share the load of a particularly heavy grain that a single ant couldn’t possibly carry.
Tiny yet fascinating! Ants building a bridge out of themselves to help others cross over.In us humans too, cooperation is something that should be favoured by natural selection because it’s beneficial. By cooperating humans can better their chances of survival and reproduction. Individuals who cooperate are more likely to pass on their genes.But there’s a flipside to the story. Individuals who cheat and don’t cooperate are also more likely to be reproductively successful. Individuals who receive all the benefits a group provides but don’t contribute anything have an evolutionary advantage over those who do cooperate. Such individuals lay their hands on more resources and hardly incur any costs. Since the availability of resources can be correlated with reproductive success, over evolutionary time, the number of cheaters in a population must increase.The only way in which the evolution of cooperation can happen is if humans have the psychological mechanisms to detect, avoid and punish cheaters. If cooperators can detect cheaters and interact with only like-minded cooperators, cooperation and reciprocal altruism can gain a toehold and evolve over time.Psychological mechanisms favouring cooperationIf you pause to think about all psychological mechanisms that we possess to detect and avoid cheaters, you’ll soon realize that a rather great part of our psyche is devoted to these ends.We have the ability to recognize many different individuals, not just by their names but also by the way they talk, walk and the sound of their voice. Identifying many different individuals helps us identify who is cooperative and who is non-cooperative.No sooner do new people meet than they form quick judgments about each other, mostly about how cooperative or non-cooperative they’re going to be.“She’s nice and very helping.” “He has a kind heart.”“She’s selfish.”“He’s not the type who shares his stuff.”Similarly, we have the ability to remember our past interactions with different people. If someone deceives us, we tend to remember this event vividly and vow never to trust that person again or demand an apology. Those who help us we put them in our good books.Imagine what chaos would ensue if you were unable to keep track of those who’ve been non-cooperative toward you? They’d continue to take advantage of you causing you tremendous loss.Interestingly, we not only keep track of those who’re good or bad to us but also how much they’re good or bad to us. This is where reciprocal altruism kicks in. If a person does x amount of favour upon us, we feel obliged to return the favour in x amount. If a person does a huge favour upon us, we feel obliged to repay in a big way (the common expression, “How can I repay you?”). If person does a not-so-big favour for us, we return them a not-so-big favour.Add to all this our capacity to understand each other’s needs, convey our own and feel guilty or bad if we’re disappointed or if we disappoint others. All these things are in-built in us to promote cooperation.It all boils down to cost v/s benefitsJust because we’re evolved to cooperate does not mean non-cooperation does not happen. Given the right circumstances, when the benefit of not cooperating is greater than the benefit of cooperating, non-cooperation can and does happen.The evolution of cooperation in humans only suggests that there is a general tendency in the human psyche to cooperate with others for mutual benefit. Generally, we feel good when cooperation that is beneficial to us happens and feel bad when non-cooperation that is harmful for us happens.
How to Do Passwords Right: Password Management Best Practices
Learn what your business is doing wrong with passwords. 
By: George MateakiWith the recent release of PCI 3.2, one of the changes is the requirement that business must use multi-factor authentication within and out of the network. Multi-factor authentication includes at least two of the following:Something you know (password, code, etc.)Something you have (code sent to your phone)Something you are (fingerprint scan, etc.) Part of the authentication process includes passwords, but unfortunately passwords can bring their own set of problems.
The problem with passwordsThe biggest problem with passwords is they can be broken fairly easily through brute-force and dictionary attacks. Programs like John the Ripper and L0phtCrack are used to crack even complex passwords.Human nature also makes passwords insecure. Employees tend to choose passwords they can remember easily, often making it easy for a data thief to crack through social engineering. Many employees also tend to write down passwords or even share them with others for more convenience.Finally, there’s the matter of storage. Many applications transmit passwords in plaintext, making it easy for hackers to find and use.Unfortunately, many businesses don’t realize just how easily cyber thieves can crack a password, especially if it’s a common one. As a result, they have poor practices when it comes to password security.Here are some things businesses are doing wrong with passwords.TweetDefault configuration: businesses will often keep the default passwords that were established when their routers/POS systems were set up. Most default passwords have been published on the internet, so that makes it fairly easy for hackers to break into your devices. Sharing credentials: sometimes employees will share accounts and credentials to save time. However, this makes it easy for social engineers to quickly gain access to sensitive data. Not updating passwords regularly: for many hackers, it’s only a matter of time before they crack a password, so businesses that have had the same passwords for their accounts since the day the company started are vulnerable. Choosing words like “password” or “admin”: these passwords are very common and are likely the first words hackers guess when trying to break into your remote access. SEE ALSO: Top Ten PCI Requirement Failures: Where is Your Business Struggling?Do we even need passwords anymore? It’s true that passwords alone will not secure your data very well, but it’s the baseline. The fact that many businesses aren’t even using basic password security shows how vulnerable their data may be.Eventually passwords may not be needed anymore as technology develops, but currently your devices and applications will still need unique, strong passwords.Password best practices So how do you make sure your passwords are secure? Here are some basic practices.Assign employees unique credentials/change default passwordsMake sure your employees aren’t using the same password or usernames. This will prevent social engineers from getting access to sensitive data simply by targeting one employee. Many companies will create a numeric user name that has absolutely no association with the actual name of the user. Changing the administrator account name to admin may meet the letter of the law but misses the intent. The administrator user name should be changed to something that does not indicate an administrator. This goes for any elevated access account used as the master/root access if the technology allows for this.You’ll also want to change all the default passwords on devices, otherwise you’re opening up your network to hackers. Follow for more data security articles like thisMake passwords long and complexThe longer your password, the better. Just like larger encryption keys are harder to break, longer passwords are more difficult to crack. The PCI DSS recommends businesses have passwords of at least eight characters, though I recommend at least 10-15 characters.You’ll also want to make them complex, using a mixture of numbers, symbols and letters. This seems like a no-brainer, but you’d be surprised how many people don’t follow this rule.Reset passwords oftenTrain your employees to reset passwords at regular intervals. For example, you could have them change passwords every 30, 60, or 90 days. Switching passwords often can help prevent the vulnerabilities of brute-force attacks. The less time hackers have on your password, the less likely they’ll crack it before you change it. The best approach is forcing users to change their passwords using technology per the current policy.Have limited login attempts:Set a number of times your employees can try to log into a system. After a number of unsuccessful logons, have the account lock out the one trying to get in. This will help prevent brute-force attacks and social engineers trying to guess passwords.SEE ALSO: 3 Data Security Best PracticesHow to create a strong password
Now days, using your favorite sport as a password doesn’t cut it anymore. Here’s a list of the top ten popular passwords for 2015:123456password12345678qwerty12345123456789football12341234567baseballSome additional passwords in the top 25 include, “dragon,” “welcome,” and “starwars.” None of these passwords are secure because they’re too easy to guess, being too common or relying on keyboard patterns. Hackers know these lists well and often use them as a first step to cracking your password. If any of your passwords are on this list, you’ll want to change them as soon as possible.Your best practice is to do a passphrase that’s unique to you. Take a phrase such as “I wear my sunglasses at night” and use the first letter of each word. Combine it with a number, such as a date, and you have a stronger password. Example: I wear my sunglasses at night= Iwmsg@n1980!You likely know these, but a few other basic guidelines for passwords include:Use a mixture of upper and lower-case lettersDon’t include name or other personal informationReplace some letters with numbersUse nonsense phrases, misspellings, or substitutionsDo not use repeating patterns between password changesDo not use the same passwords for work and personal accountsYou can’t really afford to have weak passwords. Ultimately a password isn’t going to completely secure your data. What you really need is to use a combination of multi-factor authentication, encryption, and other protocols to make sure your data is secure. But having a strong password is a good start.George Mateaki (CISSP, CISA, QSA, PA-QSA) is a Security Analyst at SecurityMetrics with an extensive background in Information Security and 20+ years in IT.
- « Previous Page
- 1
- …
- 122
- 123
- 124
- 125
- 126
- …
- 558
- Next Page »