Best Practices: Hints from the KnowBe4 Support Team


(Jessica) #1

Happy National Cyber Security Awareness Month! We celebrate that right?!

We should be using October to raise awareness particularly aimed at our end-users and particularly in the form of testing and training. For this month’s, “Best Practices”, I am inviting the Tech team from KnowBe4 to give us their personal recommendations based on their own experiences in working with the platform and admins just like you.

I also invite you to check out Homeland Security’s site HERE for their weekly themes and ideas.

Also, feel free to post a reply yourself!

Jessica S. Community Manager/Managed Services :jack_o_lantern:


(Chris Littlefield) #2

Enabling two-factor authentication for all users’ accounts is the easiest way to add significant security to your organization.


(Kaiser Ulrich) #3

This is great, Jessica! From my experience, I see the most successful learning experiences when your phishing campaigns frequency is set for at least once a month. This is just enough time to keep people on their toes and to remember all their training without making them too paranoid.

Kaiser U.
Tech Support


(Amy) #4

When someone calls your work line asking for information, don’t be afraid to verify who they are. Internal IT and Helpdesk folks (usually) won’t ask for your passwords or any other sensitive information without verifying who they are.

A recent example comes to mind at the hospital where a family member works, a bad guy claiming to be IT asked for and was given access to all employee records, including names, addresses, and SSNs.


(Megan) #5

In our line of work, it is always important to remember to change your passwords regularly. I know this can be annoying for some users or admins, but it is very important! Especially if your data is compromised in any way. Remember if you change your passwords they do not have your most up to date information. A small and possibly annoying task, but totally worth it!


(Ray Nelson) #6

Remind your users to always, always, always lock their workstation if they are leaving their desks. This is of course even more important if they are in an area accessible to the public or if they work with sensitive data!!


(Doug) #7

It very important to make sure all of your users are trained if they have access to your network. Every single one, no user is too insignificant or too important to go through training. If they have access to the network they need to be inoculated to current attacks against your system. Every user has the keys to the kingdom! Remember your human firewall is only as strong as the weakest brick.


(Josh Greenberg) #8

Always be wary of emails containing requests for urgent actions to be taken (like requests for money, credentials, etc. appearing to come from friends, family, co-workers and managers or executives) and verify that it’s actually coming from the person it’s supposed to be coming from by making direct contact with the person (i.e. calling them directly, talking to them in person, etc.) .


(Arsenio Figueroa) #9

Security is not always techincal. Simply shredding documents with important data and information can mitigate risk tremendously! Dumpster diving is still a thing! Kevin Mitnick himself as a teen started out by dumpster diving!


#10

I agree with changing compromised password, but lets move away from randomly setting an expiration on passwords. NIST is changing the guidance on this.

Toward Better Password Requirements from Jim Fenton


(Rod) #11

I think it’s a good idea to have users go through some of the knowbe4 micro training modules throughout the month.