Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Spread the Message Beyond the Experts

Home
Industry Insights
Spread the Message Beyond the Experts

Blog Article Published: 10/28/2015

By Andrew Wild, Chief Information Security Officer, Lancope

PrintOctober is National Cyber Security Awareness Month. But if you’re reading this blog, chances are good that you are an experienced information security professional and that you’re focused on awareness every month! So, how do you explain security awareness to others, especially co-workers, family members and friends that are not information technology experts? In this article, I will share some of the tips that I pass along to my family and friends.

Passwords

A funny but accurate analogy I’ve read on the Internet that seems to work with non-IT folks is: Passwords are like underwear…

  • Change them often.
  • Don’t share them with anyone.
  • The longer the better.
  • Don’t leave them on your desk.

All kidding aside, the three most important points to share about password security are:

  1. Ensure you create a strong password. There is a lot of information on the Internet that defines a strong password.
  2. Don’t reuse passwords. Many people still use the same password on multiple accounts. Stress the importance of not reusing password across accounts.
  3. Don’t share your password with anyone. Surprisingly to IT security professionals, there are many people that don’t know that support staff from an organization will never ask you to give them your password.

Most people hate passwords though, and telling them they have to use a different password for every site and that the passwords have to be strong isn’t likely to be advice that will be followed. Whenever I talk about password security, I always follow up by recommending the use of a password vault. There are many password vault solutions available at low or no cost that can help people manage their passwords. Most of the vault solutions also provide a mechanism to generate secure passwords too.

And finally, encourage people to take advantage of stronger authentication options that are now available. Many banks, email service providers and file sharing services now support some kind of stronger authentication for password security. The use of multifactor authentication significantly reduces the likelihood of your account being compromised.

Phishing

We’ve been telling people for years not to open email attachments, and most people do understand the risks of opening unsolicited attachments, but now it’s not only about attachments, it’s also about not clicking on URLs contained inside email messages. We can tell people to be careful about clicking on links, but the reality is that it is often difficult to tell if a link is good or bad. A resource that I have found to help people understand the thought process for evaluating a link is the nice flowchart from Intel Security. They also have an online test that is a useful way to check your understanding.

Cyber Monitoring

Inside our Enterprise environments, we’ve implemented extensive cyber monitoring capabilities to quickly and proactively detect anomalous behavior within our networks (check out Lancope’s StealthWatch® System). Many online IT solutions have capabilities for detecting unusual activity and notification. Banks and credit card companies can send notification by SMS (text messaging) or email for a variety of events including financial transactions over a user-defined threshold. Many online service providers allow users to configure multiple email addresses for an account and can send an alert by SMS or email when a password is changed. Monthly online account activity information is also available for many services, showing geo locations from which the service was accessed (obtained by examining the source IP information). Encourage friends and family to enable and use these cyber monitoring capabilities to proactively look for anomalous activity on their accounts.

Patch Patch Patch

Encourage the frequent updating of operating systems, applications and plugins for computers and mobile devices. Updating web browser software and their plugins has become very important given the extensive use of web applications. A tool that I find very useful to help friends and family check the health of their web browsers and plugins is the Qualys Browser Check. This easy-to-use tool can identify vulnerabilities in browser software and the plugins used by browsers.

These are some of the ways that I help my friends and family secure their online assets. I hope these are helpful, and remember that the Stop Think Connect message is not just for National Cyber Security Awareness Month, it is a year-round approach that everyone should adopt.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.