Tips for Creating a Strong Password
Correct risky password behavior and reduce your chances of being hacked.
No matter how many layers of security technology you layer onto your network, the most critical component of your defenses will always be human team members who can circumvent those measures - either intentionally or through just not knowing any better. And with the ever-changing matrix of threats faced by your network, you need to update your employees about as frequently as you patch your operating systems.
The IT Security Training Tool, from our partners at Info~Tech Research Group, makes recommendations on staff training efforts based on 11 key business and employee factors. The Excel-based tool is available free to IT Business Edge members here in the IT Downloads library.
On the enterprise front, the tool asks you about issues such as:
Does your organization collect, store or process sensitive data of any kind? This is of course essential in evaluating the level of staff training you should undertake. Some employees who handle the most sensitive data will need customized training programs, of course.
Has your organization ever been attacked by a hacker or someone pretending to be from a company or department to solicit private information? Everybody's perimeter gets attacked once in a while, but if you actually have suffered a social engineering attack in recent months, it means that you are viewed as either a highly attractive or pretty easy target. It's a red flag among red flags that you need to invest in staff training - there simply is no technological answer to this threat.
Does your organization have the ability to deliver training in-house? This is a key issue for many smaller businesses. In-house training is expensive, but there's really no substitute for classroom learning. However, on your cost-benefit curve, some computer-based courses or other method may be the best fit.
After the tool collects information about your shop, its recommendations tab gives you tips on areas where you should focus your training efforts. For example, if your business does not use wireless technologies (which at this point in time is highly unlikely), that training category won't be on your recommendations list. A few tips from the recommendations tab:
Make sure that users are aware of what they can and can't say in public spaces. Again, you don't need to be a tech wizard to overhear a phone conversation about Social Security numbers. Staff training is imperative in battling social engineering.
Ensure that users are complying with the company's password policy. Unless you have gone all biometric, bad password practices remain a problem. No sticky notes!
Teach employees how to contact and use the help desk and also cover how the help desk will engage them. This is useful for a number of reasons, particularly since posing as the help desk is a key tactic in so many social engineering attacks. Every user should know that the help desk will not ask for a password over the phone.