Top 10 Ways to Make Your Employees        More Security Aware       2:00PM EDT, Thursday August 26th, 2010                ...
Welcome to the Event• Setting Your Expectations:   – Objective is to give you “food for thought”• Housekeeping Points• Int...
Security Awarenesso Many organizations tend to overlooko Forms the first line of defense against attackso Security Awarene...
Tip #1: Provide Credentials on HTTPS           Protected Sites    o Users should get in the habit of looking at a URL     ...
Tip #2: Creating Strong Passwords –             Give Them a Clueo   Provide a visual clue for employees when creating pass...
Tip #3: Watch for Your Personal Watermark                          Going to the beach is the best!o   Provides compliance ...
Tip #4: Look at Your Last Login Date and Time    o   Provides a quick check for fraudulent logins    o   Can be a log or a...
Tip #5: Password History Policies              o   The challenge is to maintain usability while                  increasin...
Tip #6: Using Security Question(s)Examples:       Bad Question: What was your first pet?       Good Question: Who was your...
Tip #7: Avoid Password Lockout –               Stop Logging In!o   Caused by users’ habit of repeatedly trying to login wi...
Tip #8: Watch for Trouble Spots & Malicious Activity o   Points throughout a user’s day where security is the weakest o   ...
Tip #9: Use Virtual Keyboard When Available o   Avoid keystroke logging attacks – educate users o   Implement a virtual ke...
Tip #10: Avoid Concurrent Login Sessions              o   Prevent concurrent login sessions                    • Inactivit...
Please Answer Based on a Scale from 1 to 5:Short Q&A Session:                               1. How much of an overall conc...
Q&A  •   Q&A Session  •   Thank You for Attending  •   Please email Kjohnson@pistolstar.com with any questions,      comme...
Upcoming SlideShare
Loading in …5
×

Make Your Employees More Security Aware

757
-1

Published on

Top 10 Ways to Make Your Employees More Security Aware

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
757
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Make Your Employees More Security Aware

  1. 1. Top 10 Ways to Make Your Employees More Security Aware 2:00PM EDT, Thursday August 26th, 2010 Presented By: Gregg Browinski CTO, PistolStar Inc. Moderated By: Kimberly Johnson Marketing Associate, PistolStar Inc.
  2. 2. Welcome to the Event• Setting Your Expectations: – Objective is to give you “food for thought”• Housekeeping Points• Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc.
  3. 3. Security Awarenesso Many organizations tend to overlooko Forms the first line of defense against attackso Security Awareness Programs = Headacheso Arm your employees with 10 tips to be more aware
  4. 4. Tip #1: Provide Credentials on HTTPS Protected Sites o Users should get in the habit of looking at a URL before logging in o HTTPS is Hypertext Transfer Protocol layered on an encrypted SSL/TLS o Prevents “eavesdropping” attacks
  5. 5. Tip #2: Creating Strong Passwords – Give Them a Clueo Provide a visual clue for employees when creating passwordso Avoids risks associated with weak passwordso Standards for passwords ever increasing – demands for “super passwords”o Pass “Phrases”
  6. 6. Tip #3: Watch for Your Personal Watermark Going to the beach is the best!o Provides compliance when multi-factor authentication is requiredo Another visual clue for the usero Usually used by financial institutionso Mutual authentication - proves server’s identity to user
  7. 7. Tip #4: Look at Your Last Login Date and Time o Provides a quick check for fraudulent logins o Can be a log or a simple phrase
  8. 8. Tip #5: Password History Policies o The challenge is to maintain usability while increasing compliance and security o Enforce only when appropriate o Expiration interval and password history limit are inversely proportional
  9. 9. Tip #6: Using Security Question(s)Examples: Bad Question: What was your first pet? Good Question: Who was your first kiss? o Use mandatory or optional sets of questions o It is better to require more answers o Can be used to reset passwords or to augment login security
  10. 10. Tip #7: Avoid Password Lockout – Stop Logging In!o Caused by users’ habit of repeatedly trying to login with the same credentialso Configure Password Lockouts to expireo Use helpful warning messages to educate and reduce Help Desk calls
  11. 11. Tip #8: Watch for Trouble Spots & Malicious Activity o Points throughout a user’s day where security is the weakest o Educate employees about attacks and how to watch for them
  12. 12. Tip #9: Use Virtual Keyboard When Available o Avoid keystroke logging attacks – educate users o Implement a virtual keyboard for password and/or challenge answer fields
  13. 13. Tip #10: Avoid Concurrent Login Sessions o Prevent concurrent login sessions • Inactivity timeouts • Logging in invalidates pre-existing sessions • Logging in not possible until previous sessions are logged out o Tailor to the required level of data protection
  14. 14. Please Answer Based on a Scale from 1 to 5:Short Q&A Session: 1. How much of an overall concern is securityThank You for Your Answers awareness and authentication in your organization currently? In order to help us provide our audience with the Please Choose One Answer for the Following: appropriate information for 2. Out of these four business drivers which one future events, please take resonates the most with you and in your a moment to respond with environment? your answers to the a) Usability following questions via b) Security Instant Message. c) Auditing d) Compliance Your answers are greatly 3. Out of these four feature categories which one appreciated. Thank you. resonates the most with you and in your environment? e) Password Management f) Self-service g) Audit/Logging h) Stronger Authentication
  15. 15. Q&A • Q&A Session • Thank You for Attending • Please email Kjohnson@pistolstar.com with any questions, comments or feedback you may have • For more information on this series and other webinars such as: “Securely Manage Your Corporate Portal Login: Take a Look at How the Financial Industry is Leading the Way” Please Visit: http://portalguard.com/learn-more.html
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×