Week 1: Password Strength & Security
Did you know that password fatigue is a real feeling many people have? Those who are required to remember an excessive number of passwords such as your login for your work email, personal email, and your bank may experience password fatigue. Creating strong passwords and managing them properly helps prevent cybersecurity breaches.
At HB Global, password safety is our number one priority & the IT department is here to help protect our employees from cyber-threats. Below are some password security tips to help you create stronger passwords, keep them safe, and why it’s critical to avoid reusing the same password.
Dos:
- Try using the first letter of a long phrase, while including both upper and lower-case letters with substitutions for some letters to numbers. Password Chart
Example: “An ounce of prevention is worth a pound of cure.” A0ZofPiWaLBSoC”
- Replace a keystroke with an upper-left or upper-right key, next to the original key normally entered.
Example: “Hollywood!” = “T8ii5188w!”
- Longer passwords are always better than short, complex passwords!
Example: “TheP@cker$WillWinthe$uperBowl!”
Don’ts:
- Don’t create easy-to-guess passwords.
Examples: “Password1!” – “P12345!$” – “Hello123!”
- Don’t use only letters but substitute some letters with symbols or numbers.
Examples: “@” for “a” – “$” for “S” – “Hand Soap” = “H@nd_$0ap”
- Never share passwords with anyone, including coworkers.
- Beware of emails stating a password has been changed on an employee’s behalf. No one, not even IT personnel, will change an employee’s password, unless requested.
- Never write passwords down on paper or store them in a computer file.
- Never use the same password for multiple accounts.
I hope you have found this email informative and if you ever wonder, “Should I use the same password for every account?” The answer is always no.
Week 2: Social Engineering
This weeks focus: Social Engineering.
More than 80% of cybersecurity experts believe that there will be more ransomware attacks than ever. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. It is used by cybercriminals that focuses heavily on tricking individuals into breaching traditional security practices and into carrying out such acts or providing sensitive information.
Many social engineering attacks allow hackers to obtain sensitive information if successful. Through gaining the trust of users or stealing the passwords to masquerade as trusted insiders, they can attempt to access computer networks or data stores. It is normal for social engineers to focus on individuals’ inherent helpfulness or to try to manipulate their supposed flaws in their personality.
Hackers are now using more advanced techniques and HB Global’s IT department understands the significance of cyber defense and have focused on taking all possible steps to deal with cyber-attacks. To better educate employees on the popular forms of social engineering assaults, including phishing, the best protection is ultimately to provide employees the educational tools to be able to understand and resist typical social engineering techniques.
Last month, Uber was hacked by an 18-year-old who was able to breach the company’s internal database. Here is the article of the incident: Uber Gets Hacked
Week 3: Protect Your Personal Information
The holiday season is a time to celebrate with loved ones, finish checking off your gift list, or going on vacation. Unfortunately, the holidays are also a popular time for cyber hackers to access your personal information. There is also an uptick in phishing scams, identity theft, and a loss of privacy.
But First, Why Are the Holidays a Dangerous Time Regarding Your Personal Information?
When you think about the holiday season, you probably don’t think about your identity being stolen or unauthorized charges in your account. But cyber safety is more important than ever during the last two months of the year. Scams increase around the holidays because our behavior changes in predictable ways. We spend more money, visit more stores, shop online and travel to be with our loved ones. While you’re probably checking in on your accounts to make sure you stay on budget, it’s essential to protect your personal data in the process.
In 2018, The Federal Trade Commission received more than 2.5 million reports from victim of identity theft. There are a few proactive steps you can take to stay ahead of anyone who wants to target your personal information. You need a solid plan about how to protect your personal data during the holidays. Video: Traveling For The Holidays?
This document shows some ways to protect your personal data so you can focus on spending time with your loved ones.
I hope you have found this informative and feel free to share with friends and family.
Week 4: Fishing, Phishing
What is Phishing?
Email phishing is the top social attack method on businesses. Phishing is a type of fraud in which a hacker attempts to impersonate a person or brand and tricks users to provide confidential information such as Social Security numbers, routing or account numbers, passwords, etc. Phishing emails can be aimed at asking for information directly or by having the potential victim visit a fraudulent website.
Below are a few articles that provide more information on Phishing and what you should look out for.
Ten Common Signs of Email Phishing
Additionally, as a way to help fight phishing attacks, the IT department implemented the Phish Alert Button that is located on your home ribbon in Outlook. This button can be used to report any suspicious or potentially dangerous emails. If you receive a suspicious email, click the Phish Alert button (shown below) and the selected email will be automatically deleted from your inbox and reported to the IT team for analysis. Please see the links below to learn when and how to use the PAB.
Report Phishing Emails with the PAB Button
Knowledgebase Articles: Security Awareness
We hope that you have found this information useful and will continue to be vigilant in recognizing, preventing, and reporting potential cybersecurity threats at work and at home.
If you need further assistance, please reach out to the IT Support team.