An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
The part focusses on authentication, and more particularly on passwords.
The slides come with notes that in short explain the visuals on the slides.
9. 9
- Internal - Page
Password = PIN: Common Sense?
Common sense?
1. WK Brazil 2014 – World Cup Security Centre
2. Super Bowl 2014 – Super Bowl Security Centre
3. UK flood emergency team 2014
Source – http://grahamcluley.com
123456789
10. 10
- Internal - Page
Be Wary of People Asking for Password-Related Data
12. 12
- Internal - Page
Behind the Curtains
ABC Group aims to work with a single
sign on password: one password for all
ABC applications.
There are a few criteria your password
must meet before it can be accepted.
There is a forced password change every
90 days.
After 3 wrong password attempts you are
locked out.
…
Look for alternatives to passwords
13. 13
- Internal - Page
Key Takeaways
Use a strong password or even a passphrase,
that is easy for you to remember, but hard for
others to crack.
Treat passwords like the PIN of your credit card.
Never write it down. Be aware of people trying
to make you make you reveal it.
Change your password regularly.
Do not use your ABC Group password(s)
outside of the ABC Group.
30 sec IS/DPP survival kit
WrapUp
Hinweis der Redaktion
Welcome to the fifth part of the baseline training IS/DPP.
Herein we look at access to the data. More in particular to passwords.
ABC Group asks of you to smartly use strong passwords.
A strong password is a password that keeps the people trying to crack it out long enough.
You increase the difficulty to crack your password by
making it longer, even if the characters are just lower case letters of the alphabet
making it more complex, by using more characters than the 26 letters of the alphabet.
Even with the need for a strong password, choose a password or passphrase you can remember.
If it is too hard to remember and you would have to write it down, it is a bad password.
Also, ensure that your password is not easy to guess.
So
don’t use personal information like your name, nickname or birthday or those of your family or pets,
don’t use words or quotations that are in the dictionnary
don’t use consective number or a sequence on your keyboard (like “Querty1”)
Change your password regularly.
So be creative or use a passphrase and use a mindtrick to remember it.
And obviously don’t tell the mindtrick to anybody.
We hope it goes without saying that you have to treat your password highly confidentially, tell it to no-one, etc. etc.
Common sense will bring us a long way.
However, just look at these examples. Could a camera crew (or just someone with a smartphone), make pictures like that at ABC?
Even the best passwords are worthless if you give them away.
So be wary of people, websites, emails, … asking for your password or password related data.
For example if you answer questions to a survey on how you make your password safe (“I reverse the name of my dog and my birthday.”)
and then give the underlying information (“my dogs name is Roover and my birthday is 17 June 1980”), you basically give away your password.
Sometimes they crack your password the old school way.
If someone threatens you to reveal your password, assess the situation.
If possible, trigger the incident management procedure.
That way you can remain out of danger and ABC Group may be able to contain the harm that can be done.
Behind the curtains a few measures are implemented to increase the security.
They are there to support you.
That is it for this section. Here are a few key takeaways.