The top five questions asked at security education and awareness presentations

Online security can be frustrating and confusing for end users, leading to a greater number of successful cyber-attacks. Attackers are increasing their sophistication in line with advancements in online technology and things go wrong when the end user is confused – attackers prey on this confusion and supplement it with fear. Many issues relating to cyber security can be avoided by demystifying some of the threats, methods, motives, and by providing simple advice for online safety. That’s where security education and awareness presentations come in.

The team at Asterisk deliver many education and awareness presentations to clients covering information security policy and demystifying online threats. These presentations also educate users on security controls (both technical and non-technical) that they can apply easily at home and in the office.

From C-level executives to IT Managers, support desk, workshop and administrative staff, everyone has a question to ask. Here are the top five questions we are regularly asked at security education and awareness presentations:

Q: “How do I make my passwords secure?”

A: We recommend using passphrases instead of passwords. A passphrase is a group of words together such as “Sunny Commodore Apple Polyester” that is easy for you to memorise but hard for attackers to crack. The trick is to make sure the words are random, anything that would be obvious to people you know or who follow your public social media accounts, such as your favourite sports, animals, or TV shows should be avoided.

Where you can, we also recommend turning on multi-factor authentication, so your account will perform a second check (or factor) before letting you in. The most common second factor used for personal services is to send an SMS to your mobile phone. This means that even if your password is guessed or cracked, the attacker won’t be able to get into your account without the second factor – your phone.

If you would like to read more about passwords we recommend the NIST guidance which is available here.

Q: “Are password managers safe to store all my passwords?”

A: Generally yes, password managers are a safe place to store your passwords, as long as you choose a good one! There are a number of free and subscription-based password managers on the market so we recommend reading reviews before deciding which one to use. Some products allow you to sync your passwords across all your devices so you can have access on your desktop, laptop or phone, and others will include a secure password generator that will create strong passwords for you. Remember, your password manager is only as secure as your master password. We suggest you always enable two factor authentication and use a strong passphrase rather than a password to access your password manager.

Q: “Are banking apps on my phone safe to use?”

A: Yes, if they are installed from the genuine app store (Apple App Store, Android Marketplace, Google Play Store, etc) and the bank is a major player in the Australian market. Always use trusted apps and never install an app from a website or email link. The bank should be listed as the app publisher or seller. If you have any suspicions about the authenticity of a mobile banking app, contact your bank for verification.

Also, remember not to store any of your banking passwords or other information that could be used to access your bank accounts on your device.

Q: “Is it safe to use Public or “Free-Wifi” when available?”

A: Connecting to public free Wi-Fi use comes with several risks. Public WiFi networks are generally not encrypted, which means anyone nearby with some basic monitoring tools can see the information passing between your device and the access point you are connected to. In our opinion, the safest option is to not use these networks at all, but if you do find yourself needing to connect to a public wi-fi network, consider using a trusted virtual private network (VPN) to encrypt the information that is moving across your connection and never log in to online banking sites or websites that store your credit card information.

It’s also good practice to turn off Wi-Fi or Bluetooth connections when not in use, which is also great for your battery life!

Q: “Can I use the same strong password on many sites?”

A: Reusing the same password across different accounts is never a good idea. If one site is breached or someone gets hold of that password, they can use it to access multiple accounts. You should always use unique passwords for your work and personal accounts and be extra careful with sensitive accounts like online banking or accounts with a lot of personal information like MyGov. If you think your password may have been compromised or you notice anything suspicious, change your password immediately and report it where appropriate. Password managers can assist with keeping track of different passwords and generating strong passwords that are less likely to be guessed or cracked.

 

Security education and awareness presentations are not just “one size fits all”. Surveys are conducted to identify gaps in staff knowledge, then training content is tailored to cover those gaps and fit the culture of the business. By undertaking training, staff can learn how to work safely online and create a culture of security – both at work and at home.

For more information about on how a security education and awareness presentation can benefit your organisation, contact the team at Asterisk on 1800 651 420 or contact@asteriskinfosec.com.au

 

Leave a Reply

Your email address will not be published. Required fields are marked *