Developer Data Modeling Mistakes: From Postgres to NoSQL
Make Your Employees More Security Aware
1. Top 10 Ways to Make Your Employees
More Security Aware
2:00PM EDT, Thursday August 26th, 2010
Presented By: Gregg Browinski
CTO, PistolStar Inc.
Moderated By: Kimberly Johnson
Marketing Associate, PistolStar Inc.
2. Welcome to the Event
• Setting Your Expectations:
– Objective is to give you “food for thought”
• Housekeeping Points
• Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc.
3. Security Awareness
o Many organizations tend to overlook
o Forms the first line of defense against attacks
o Security Awareness Programs = Headaches
o Arm your employees with 10 tips to be more aware
4. Tip #1: Provide Credentials on HTTPS
Protected Sites
o Users should get in the habit of looking at a URL
before logging in
o HTTPS is Hypertext Transfer Protocol layered on
an encrypted SSL/TLS
o Prevents “eavesdropping” attacks
5. Tip #2: Creating Strong Passwords –
Give Them a Clue
o Provide a visual clue for employees when creating passwords
o Avoids risks associated with weak passwords
o Standards for passwords ever increasing – demands for “super
passwords”
o Pass “Phrases”
6. Tip #3: Watch for Your Personal Watermark
Going to the beach is the best!
o Provides compliance when multi-factor authentication is
required
o Another visual clue for the user
o Usually used by financial institutions
o Mutual authentication - proves server’s identity to user
7. Tip #4: Look at Your Last Login Date and Time
o Provides a quick check for fraudulent logins
o Can be a log or a simple phrase
8. Tip #5: Password History Policies
o The challenge is to maintain usability while
increasing compliance and security
o Enforce only when appropriate
o Expiration interval and password history limit
are inversely proportional
9. Tip #6: Using Security Question(s)
Examples:
Bad Question: What was your first pet?
Good Question: Who was your first kiss?
o Use mandatory or optional sets of questions
o It is better to require more answers
o Can be used to reset passwords or to augment login
security
10. Tip #7: Avoid Password Lockout –
Stop Logging In!
o Caused by users’ habit of repeatedly trying to login with the same
credentials
o Configure Password Lockouts to expire
o Use helpful warning messages to educate and reduce
Help Desk calls
11. Tip #8: Watch for Trouble Spots & Malicious Activity
o Points throughout a user’s day where security is the weakest
o Educate employees about attacks and how to watch for them
12. Tip #9: Use Virtual Keyboard When Available
o Avoid keystroke logging attacks – educate users
o Implement a virtual keyboard for password
and/or challenge answer fields
13. Tip #10: Avoid Concurrent Login Sessions
o Prevent concurrent login sessions
• Inactivity timeouts
• Logging in invalidates pre-existing sessions
• Logging in not possible until previous
sessions are logged out
o Tailor to the required level of data protection
14. Please Answer Based on a Scale from 1 to 5:
Short Q&A Session:
1. How much of an overall concern is security
Thank You for Your Answers awareness and authentication in your
organization currently?
In order to help us provide
our audience with the Please Choose One Answer for the Following:
appropriate information for 2. Out of these four business drivers which one
future events, please take resonates the most with you and in your
a moment to respond with environment?
your answers to the a) Usability
following questions via b) Security
Instant Message. c) Auditing
d) Compliance
Your answers are greatly 3. Out of these four feature categories which one
appreciated. Thank you. resonates the most with you and in your
environment?
e) Password Management
f) Self-service
g) Audit/Logging
h) Stronger Authentication
15. Q&A
• Q&A Session
• Thank You for Attending
• Please email Kjohnson@pistolstar.com with any questions,
comments or feedback you may have
• For more information on this series and other webinars such as:
“Securely Manage Your Corporate Portal Login: Take a Look at How the
Financial Industry is Leading the Way”
Please Visit: http://portalguard.com/learn-more.html