Safe and Secure- Individual’s Role in Security
We’ve all heard the phrase “security is everyone’s job” but we may not have given that much thought. You might not even be aware of security measures in place to guard against threats like ransomware, brute force attacks, and phishing. New threats to security emerge daily.
Security departments constantly look for new safeguards against security threats; longer passwords, simulated phishing emails, and secondary log in authentication are all ways to guard against these threats. IT departments aren’t the only personnel that need to be on the lookout for threats.
Your Role in Security
Every person in the organization can help safeguard information and resources, and knowing WHY a particular safeguard is in place can help end users understand and utilize those security measures. When security breaches occur, it isn’t just the financial loss that takes a toll on an organization: everything from re-training to loss of confidence in the organization can have long-reaching consequences. It is estimated that upwards of 75% of security breaches are caused by human error.
The following scenarios illustrate some of the most common and simple measures we can take to avoid security breaches.
Secure Passwords
Scenario: It’s time to change your password AGAIN. Seems like only yesterday you were trying to come up with a new password. What happened to the days when you could use the same password on EVERYTHING FOREVER?
Reasoning: Gone are the days where a lone hacker sat in the dark deciphering passwords to gain access to a lone computer. Now, password deciphering software works non-stop to uncover passwords that will allow access to entire networks. While it may be difficult for another human to guess your password (Fluffy123) a computer can run through thousands of combinations in less time than it takes to leash Fluffy for his morning walk.
According to tech advisor Komando.com, it takes a hacker an average of about two seconds to crack a numbers-only password with 11 characters. With the addition of some upper- and lower-case letters, it takes about one minute to crack a password with seven characters.
Your Role: While a random string of numbers, letters and special characters would be the best password, that might be a bit much to remember, so use the LOC method:
Phishing—Don't Bite!
Scenario: You’ve received an email, clicked on the link in the email, and have been informed that you’ve been hooked by a simulated phishing email, sent by your organization to raise awareness of this common security threat.
Reasoning: Phishing is one of the leading causes of data breaches, and IBM's 2022 Cost of Data Breach Report found that the average cost of data breaches rose from $4.24m in 2021 to $4.35m in 2022. Your company is looking to safeguard against bogus emails that trick users into clicking on links that can harm the network. Skepticism is a healthy attitude when it comes to email. Phishing emails attempt to simulate ‘real’ emails, but they often fall short in several ways. If you know what to look for, you can easily spot a phish:
Grammar and spelling errors are common
The message calls for immediate or urgent action
Specific sensitive information is requested
Suspicious attachments or links
Unusual requests
Unfamiliar tone
Your Role: Evaluate every email you receive to be sure that it is from a legitimate sender. If you feel that an email may be a phish, don’t take the bait! REPORT IT.
Two-Factor Authentication
Scenario: You have to add a NEW application to your phone to use IN ADDITION to your password. Isn’t a long, obscure, complex password enough?
Reasoning: Using a second authentication method provides an extra layer of protection in the event that your password is compromised. Combining something you know (your password) with something you have (a code sent to your phone) can block would-be hackers from gaining access to your information.
Your Role: If your organization uses this method, respond to the notification on your phone ONLY if you are logging in to your device and/or applications.
Everyone from IT to end users has a role to play in keeping information secure. Being aware of threats (and the process by which those threats are neutralized) creates an environment where every individual in the organization understands the need to utilize security procedures and takes measures to guard against security breaches.