Newsletter DEC19 - Cybersecurity Awareness

Newsletter DEC19

Cybersecurity Awareness

At Entra we recognize the important role that we have, both as individuals and as a company, in protecting and safeguarding our data, devices, and networks. We are dedicated to raising awareness about current online security threats and what resources are available to keep us all safer and more secure.

Entra’s newsletter this month is going to be focused on tips, tools, and resources that you can use to be more aware of the latest threats, phishing attempts, and scams. Cyber criminals exploit human behaviors and are continuously looking for ways to get their malicious content onto our devices and our valuable content onto theirs. Educating both our workforce and customers in these threats is the first and most important step in protecting our industry.

We hope that you, as a concerned individual, will find here the talking points and knowledge you need to start conversations about cybersecurity with your team, customers, family, and friends. You can be the starting point for discussions that will make our businesses and livelihood resistant to cyber attacks.

Have a cyber safe December!

Topic One

Intellectual Property & Appropriate Use – Beware of Insiders

According to IMB, approximately 80% of all data breaches occur as a result of human error.

Employees are responsible for following all company policies and standards, especially as it relates to intellectual property and company property usage.

ARE YOU DOING EVERYTHING YOU CAN TO MAKE SURE YOUR EMPLOYEES KNOW WHAT THIS MEANS?

Intellectual Property is a product of the human mind that can be protected under the law. Books, Articles, Brands, Logos, Slogans, Ideas, and Inventions are all protected.

WHAT INTELLECTUAL PROPERTY DOES YOUR COMPANY HAVE AND DOES YOUR WORKFORCE UNDERSTAND WHAT IT MEANS TO KEEP IT SECURE?

Misuse, whether intentional or unintentional, can happen innocently. – Not understanding what it takes to comply with copyrights, license agreements, or contractual terms. – Excessive or unauthorized personal use of computing systems. Is Linda in sales using company software licenses to edit her church’s website? – Storing or transmitting illegal or inappropriate material that is hostile, intimidating, or offensive to others, even if the person doing so has no intention of publicly sharing this information. – Sharing of passwords. At all. Keep your accounts your own!

– Auto-forwarding business emails to non-company email addresses. We can only be responsible for so much. Having company information hosted outside of company-held software creates unnecessary risks. We have no control over Bob’s hotmail service!

– Viewing content or material not relevant to or appropriate for the work environment. Doing so exposes the company’s network to any malicious programs that might be associated with unsecured websites. Browse personal websites from your personal devices on your personal networks during your personal time.

Threat: The Insiders

Sometimes threats are unavoidable. Some people will inevitably use their legitimate access to your systems and date for negative purposes, or will take advantage of another employee’s legitimate access and negligence to steal information or intellectual property.

Talking with your team about how to protect their individual accounts is the best way to actively protect your assets as a whole. And remember, tell your employees that if they see something, SAY SOMETHING. Contacting supervisors and your IT department with any questions or concerns should be easy and encouraged.

Topic Two

Secure Passwords

Individual humans are the weakest point in the password security chain. From writing down passwords, to keeping them on spreadsheets, to resuming the same password on multiple sites, we create our own weaknesses when it comes to cybersecurity. No one likes having to remember all these different passwords and keeping them updated. Unfortunately, in the past few years the leaks of millions of usernames and passwords associated with popular websites such as Dropbox, LinkedIn, MySpace, Tumblr, and Yahoo! have been reported, underscoring the importance of strong passwords.

Below are a few suggestions for how to make passwords more secure and less annoying.

Use complex passwords: While oftentimes compromised passwords from websites are “hashed” or encrypted, preventing cyber criminals from viewing the actual password, enough information is reviled that criminals and their programs can recognize what common passwords look like encrypted. Instead of using “password” or “123456!” to secure your information, think of a short sentence or item description that you are likely to remember. This will likely give your password more than 8 characters, both upper and lower case letters, special characters like & or %, and perhaps even a number or two. Try replacing the letter E with a 3 or a T with a 7.

Change your passwords regularly: If a cyber criminal does obtain leaked passwords, he or she will likely try to use those passwords on other sites using the same or similar username or email. This process is automated with sophisticated hacking software. Therefore, change all you passwords regularly, even for accounts not associated with a known password leak.

Do not reuse old passwords: When changing passwords, avoid reusing part of or whole passwords that you have already used before or elsewhere. As the examples above show, leaked passwords may not become public knowledge until years after the leak occurs. Thinking that an old password is old enough to be safe again is just too risky now that information never goes away.

Do not use the same password for multiple sites: When a cyber criminal obtains a password associated with a username or email, he or she can then use that combination to attempt to access accounts on many, many other websites as well. If you use the same information to log into Facebook as you do your bank account, it is only a matter of time before a criminal has access to both!

If you really, really cannot be bothered to keep up with passwords for non-critical sites, try a password generating and securing app. Password manager programs can curate your access to low-risk accounts so you can focus your attention on creating, using, remembering, and updating the passwords for work, banking accounts, social media, and other sites that you really do not want criminals to get to.

Topic Three

How to keep involved ?

Resources and advice to keep involved:

• The Department of Homeland Security has a wide range of cybersecurity resources
• Subscribe to the Security Awareness Company on YouTube
• Hacker’s Paradise: A Security Awareness Music Video
• Thinkin’ 9 to 5
• Social Media Privacy Awareness: Parody of Every Breath You Take
• Get familiar with your Company policies and standards, especially as it relates to intellectual property and company property usage
• Remind Your Employees and Customers of the importance of Proper use of Passwords

It is very common to be uncertain if something is a cyber security incident. Cyber attacks typically attempt to mask their behaviors behind common IT malfunctions or innocent looking communications. End users are the first and most important line of defense in protecting systems.

Employees should know that they are responsible for reporting anything that might be an attempt to breach cyber security as soon as they are discovered or even suspected. Always notify leadership or technical support personnel if an email seems odd, a program is operating strangely, systems are functioning slower than usual, or you suspect that someone might be trying to gain access to something they should not be.