According to recent research by CompTIA, human error accounts for more security breaches than faults in technology. That’s right, even the best security solutions can be undone by human nature. As a tech-driven industry, we sometimes overlook how basic education can combat the human mistakes, oversight and laziness that can cause data breaches. WatchGuard’s Information Security Threat Analyst Marc Laliberte recently wrote an article for Help Net Security explaining two areas where employee training can significantly improve your company’s security posture: password protection and phishing scams. In general, your company needs to find a balance between implementing strong security measures and ensuring that your security policies aren’t so complex or inconvenient that employees bypass them.
Here’s an excerpt from Marc’s article about tactics to help employees use stronger passwords:
One could make the argument that relaxing certain policies and protections could increase password security, if done in the proper context. The U.S. National Institute of Standards and Technology (NIST) recently released a draft of its upcoming digital identity guidelines document. In it, they recommend against password composition rules that require complex, hard-to-remember passwords. Instead, they encourage companies to have employees use longer, more easily remembered passphrases, such TelevisionBrainsHurtEverything or SometimesDoggyOthersChair.
Read Marc’s full article on Help Net Security and learn more about password hacks and best practices in detail here on Secplicity. To learn more about phishing tactics, check out our Daily Security Byte videos for examples of recent phishing attacks.