Miscellaneous Monday: The Defense as Strong as in Hogwarts

Well, first things first: Black cats and ghosts aren't scary to me because black cats (as long as you're talking pets, not panthers) are just nice little creatures and ghosts doesn't exist. Worms, trojans, ransomware - that ist a different story. They are a REAL threat to individuals, companies, economies, societies and cause billions worth damage every single year.

My security tip is: When you're an admin, don't force your users to change their password too often, otherwise someone will do something like this (refer to pic below). Happy holiday, everyone!

Great post @Daria Kulikova_GitProtect_io!

I haven't participated in a cybersecurity event, but I have friends that have participated in "capture the flag" events locally.

My tips are all around emails.  There are a few things you should be on the lookout for:

• A tempting offer or a critical flaw (either an offer of free money or a threat that your account has been hacked)
• A sense of urgency (being told you must take action right now!)
• The person it's coming from, is it something you know and expect, does the email address match where is says it's coming from? (If you don't have a Netflix account but are getting an email that your account has been hacked or the email address is bob@mircosoft-support.com)
• Links or attachments - as much as you may be tempted to look, event the act of previewing an attachment can be a bad thing

Last but not least if you think something is suspicious, let your IT team know immediately.  You might not have been the only one that email was sent to and someone else might have accidentally compromised their machine by clicking on a link.

I don't have any tips, but I do have an action item we can all take out of this lesson @Daria Kulikova_GitProtect_io.

HEAD OVER TO YOUR INFOSEC OR IT TEAM TODAY AND JUST SAY THANK YOU.

IT is one of the most misunderstood teams in any company. Users just think they are there to make their lives and work harder. Execs don't give them the budgets they need to execute on their goals. And they are probably the #1 dumping ground for complaints. But they are there to be our first line of offense and last line of defense against the rest of the digital world. Without them, our teams and companies would not be able to operate. 

So, just send them a note of thanks for being there 24/7.

Cool topic!

From my perspective, I can just say that the more I work within this (IT) industry, the more I'm impressed by how many people just don't care about the data they're working with. That is until something happens. I've also been working with the financial sector and you could find data 'leaking everywhere'. Or not necessarily leaking but under really low-security policies. It's getting better, but I worry it might be too slow compared to everything there is when it comes to cybersecurity in general. I support the enforcement of DORA within the EU next year as at least by this, companies might actually do what has been recommended for years now.

I've participated in a couple of cybersecurity events a couple of years back. They were mostly regarding spamming, whaling, or phishing. With those, we had some internal education courses and quizzes which helped to understand what's all out there. Apart from learning a bunch of new terms and practices, it was fun too!

Love the topic, @Daria Kulikova_GitProtect_io!

Everywhere I've worked, we've had required annual training on cybersecurity. So one suggestion is to search online or in your company's online learning for a cybersecurity course and take one each year -- both as a reminder to practice good cybersecurity, and to catch up on the latest types of scams and prevention. Second suggestion: If you see something odd or just have a sense an email/message isn't "right", say something! IT folks would rather you mistakenly report something than ignore it and have a huge problem. And third suggestion: Before you click on any links, buttons, images, etc. in an email or message, take a quick look at the URL to make sure it's legitimate; a lot of phishing, malware, etc. emails/ messages look completely authentic, especially now with AI. Vigilance is the key!

We use The Inside Man for cyber awareness training (The Inside Man | Security Awareness Training Series) it's a great way to deliver important messages on security and compelling watching !

My tip is to use Multi-Factor Authentication (MFA), but be sure to complain about it a lot and be vocal about how annoying it is.

Who ever thought we'd long for the days where bad spelling, grammar, and versions of company logos made it easy for us to spot a bogus email? 

Hi

I have participated in some cybersecurity events, and I could give some quick and simple advice:
1.- Do not write down the card PIN on a post-it on the fridge
2.- Do not create passwords with personal data
3.- Change the password regularly, every 2 or 3 months
4.- Create very complicated passwords
5.- Use applications for two-factor authentication
6.- Do not save passwords in the browser, whatever it is

And I think that this is a good start.

Regards