Security Is Everybody's Responsibility
11 March 2011
There are just three basic things a company’s staff need to know to establish a robust defence against IT threats.
Think about it. When you leave your home, you lock your door. And when you leave your car, you activate the central lock and alarm system. Now ask yourself: why should it be any different with your computer?
While the information stored on a computer has value in itself, it is the identity used to log in to the computer that is the most prized possession of all for a malicious user. In the same way your passport enables you to travel to other countries and your ATM card gives you access to your funds, your login ID gives a hacker all of your user privileges. But worse still is the fact that a login ID not only provides access, but also an identity to hide behind. In essence, anything the hacker does using your ID will be traced back to you alone.
While technology can help minimise this threat, it is user behaviour and actions that determine the security of the infocomm environment. It is important that every person in an organisation takes security as a personal responsibility. And the best way to achieve that is to help them understand the issues involved.
Many users see computers merely as a tool to get their work done. What they also need to be made aware of is that this ability to access data and complete tasks starts from the privileges granted to them.
So, what are the three basic things users can be taught to do to help secure their environment?
- Strong password
Ensure that your staff create strong passwords for their user accounts. Strong passwords are usually made up of a combination of at least 8 letters (both uppercase and lowercase), numbers and punctuation marks.
But do note that while a password such as “G7ys%*hs23” would be considered strong, it is certainly not easy to remember. A pass phrase then would be something much easier to recall. For example, the pass phrase “Mla3ca7d” can be derived from the first character of each of the words in the phrase “Mary looks after 3 cats and 7 dogs”.
Also, remind all staff to never write their passwords down, store them on their computers, or allow their browsers to save or remember their passwords.
- Lock computer when not in use
Teach your staff to 'lock' their computers when not in use, so that other users cannot access them if they are not there. People who go off for lunch or to the restroom, leaving their computers unlocked, make an easy target for a malicious user.
Locking your computer is often a matter of a single keystroke (such as hitting the Windows key). Or to make matters even simpler, you can set your computer to lock itself automatically after a short period of inactivity.
- Beware of social engineering
Alert your staff about the threat posed by social engineering – a process scammers use to manipulate an unsuspecting person into divulging sensitive details (such as security codes or confidential information). This can be done via spam email messages in which the scammer assumes the identity of a trusted person or organisation, and establishes a scenario where the user feels obliged to release the desired details.
In a properly configured environment, an administrator, or anyone else for that matter, would not need access to your security credentials – for example, your username and password – for system maintenance. It is vital to educate users in your organisation about the value of their data and credentials.
Security is the responsibility of all users in your organisation. With these simple tips, you will go a long way towards establishing a strong defence against IT threats.
Infocomm security is something that businesses should not neglect. Start looking into implementing some measures to safeguard your business today.
Do you have the right security measures in place? Visit https://www.csa.gov.sg/singcert today to sign up for free alert services on the latest cyber threats, solutions and patches; free seminars and workshops available; and tips to educate and raise awareness amongst your staff.