Top 10 Ways to Make Your Employees More Security Aware 2:00PM EDT, Thursday August 26th, 2010 Presented By: Gregg Browinski CTO, PistolStar Inc. Moderated By: Kimberly Johnson Marketing Associate, PistolStar Inc.
Welcome to the Event• Setting Your Expectations: – Objective is to give you “food for thought”• Housekeeping Points• Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc.
Security Awarenesso Many organizations tend to overlooko Forms the first line of defense against attackso Security Awareness Programs = Headacheso Arm your employees with 10 tips to be more aware
Tip #1: Provide Credentials on HTTPS Protected Sites o Users should get in the habit of looking at a URL before logging in o HTTPS is Hypertext Transfer Protocol layered on an encrypted SSL/TLS o Prevents “eavesdropping” attacks
Tip #2: Creating Strong Passwords – Give Them a Clueo Provide a visual clue for employees when creating passwordso Avoids risks associated with weak passwordso Standards for passwords ever increasing – demands for “super passwords”o Pass “Phrases”
Tip #3: Watch for Your Personal Watermark Going to the beach is the best!o Provides compliance when multi-factor authentication is requiredo Another visual clue for the usero Usually used by financial institutionso Mutual authentication - proves server’s identity to user
Tip #4: Look at Your Last Login Date and Time o Provides a quick check for fraudulent logins o Can be a log or a simple phrase
Tip #5: Password History Policies o The challenge is to maintain usability while increasing compliance and security o Enforce only when appropriate o Expiration interval and password history limit are inversely proportional
Tip #6: Using Security Question(s)Examples: Bad Question: What was your first pet? Good Question: Who was your first kiss? o Use mandatory or optional sets of questions o It is better to require more answers o Can be used to reset passwords or to augment login security
Tip #7: Avoid Password Lockout – Stop Logging In!o Caused by users’ habit of repeatedly trying to login with the same credentialso Configure Password Lockouts to expireo Use helpful warning messages to educate and reduce Help Desk calls
Tip #8: Watch for Trouble Spots & Malicious Activity o Points throughout a user’s day where security is the weakest o Educate employees about attacks and how to watch for them
Tip #9: Use Virtual Keyboard When Available o Avoid keystroke logging attacks – educate users o Implement a virtual keyboard for password and/or challenge answer fields
Tip #10: Avoid Concurrent Login Sessions o Prevent concurrent login sessions • Inactivity timeouts • Logging in invalidates pre-existing sessions • Logging in not possible until previous sessions are logged out o Tailor to the required level of data protection
Please Answer Based on a Scale from 1 to 5:Short Q&A Session: 1. How much of an overall concern is securityThank You for Your Answers awareness and authentication in your organization currently? In order to help us provide our audience with the Please Choose One Answer for the Following: appropriate information for 2. Out of these four business drivers which one future events, please take resonates the most with you and in your a moment to respond with environment? your answers to the a) Usability following questions via b) Security Instant Message. c) Auditing d) Compliance Your answers are greatly 3. Out of these four feature categories which one appreciated. Thank you. resonates the most with you and in your environment? e) Password Management f) Self-service g) Audit/Logging h) Stronger Authentication
Q&A • Q&A Session • Thank You for Attending • Please email Kjohnson@pistolstar.com with any questions, comments or feedback you may have • For more information on this series and other webinars such as: “Securely Manage Your Corporate Portal Login: Take a Look at How the Financial Industry is Leading the Way” Please Visit: http://portalguard.com/learn-more.html