Winxnet University – Cyber Security and Social Engineering
Last week, I had the pleasure of speaking at on the topic of Cyber Security and Social Engineering as part of our Winxnet University educational lunch and learn series. Winxnet University events are designed to educate our customers and select prospects on a variety of different IT matters. In this presentation, I discussed the phenomenon of social engineering, showed common examples of attacks, as well as reviewed “best bang for your buck” controls you can use to mitigate the risk from those and other threats, covering both technical and human factor aspects of security.
I kicked off my presentation by reviewing the basic security facts which always begins with the acronym PICNIC – Problem in Chair, Not in Computer. Almost all security issues begin with human error. Computers don’t make mistakes, but people do. The goal for any organization from a security standpoint is to have enough controls in place to make it difficult for hackers to come after your organization.
The second portion of the presentation, I concentrated on the importance of password management and multifactor authentication (MFA). Most of us know by now that passwords often aren’t enough. If we do have to use passwords, we should use strong password is 10-16 characters and be as unpredictable as possible. The complexity associated with passwords make it difficult for you to memorize all your passwords for your different sites. Luckily, there are password management tools like LastPass or Dashlane that store all your passwords and keep your information secure.
However, the industry agrees that even strong passwords aren’t enough for protecting most sensitive information. Adding a second layer of protection, known as multi-factor authentication (MFA) will help keep you and your organization more secure.
Authentication factors classically fall into three categories:
- Something We Know: This includes things that a use must know to log in: user names, IDs, passwords, personal identification numbers (PINs) all fall into this category.
- Something We Have: This includes anything a user must have in their possessions to log in including: one-time password (OTP) tokens, smartphones with OTP apps, employee ID smartcards etc.
- Something We Are: This includes any biological traits that a user has that are used to confirm log in. For example, finger print scans, facial recognition, voice recognition etc.
With true MFA, authentication will require at least two factors from different categories, most commonly a password and an app on your smartphone. This way, even if your password is compromised, your data is still secure.
If you have any questions regarding which multi-factor authentication system to choose or questions on how best to stay secure, please contact our security experts today.