-
ART 2025 INFORMATION SECURITY
1. MULTI-FACTOR AUTHENTICATION
-
MFA stands for
Multi-Factor Authentication.
-
It’s also called Two Step
or Two Factor Authentication.
-
Multi-Factor Authentication
provides an extra step of security
-
for your online accounts and apps.
-
This extra step could be a code
that’s sent to you via email
-
or a code generated by an app
-
whenever you try to log in
to an account that has MFA set up.
-
You have to provide that special code
-
in order for your online login attempt
to be successful.
-
This is to prevent an unauthorized login
-
by someone who gains
access to your login info,
-
or gains access to your device.
-
As a company, MFA is required
-
in order to access
your company login and resources.
-
Most of you have this setup
through Microsoft Authenticator,
-
but you can set up MFA
for many other online accounts.
-
Here are some recommendations:
-
Go to your settings in any online account.
-
Once you find the MFA feature,
turn it on for that account.
-
You’ll select your preferred settings
-
and usually the options are something like
"receive a code via text message"
-
or "set up in an authentication
app" like Microsoft Authenticator.
-
Different accounts will have
different preferences and options.
-
As a side note,
-
it is not recommended to use SMS or
text message as an authentication method,
-
as it is not considered secure.
-
Push notifications
or an app code via an authentication app
-
are the preferred method
and much more secure.
-
Then confirm that the MFA you just set up
works by giving it a shot.
-
If you have questions or need help
setting up MFA on your company account,
-
please reach out
to ServiceDesk@msnpath.com.
-
There’s so much noise out in the hall.
-
We didn’t know
it was "shot clinic" day.
-
Great.
-
ART 2025 INFORMATION SECURITY
2. PASSWORD SECURITY
-
Oh, hello again.
-
It’s Clint,
one of your Computer Helper Guys.
-
It’s nice to be-a back with you.
-
It’s nice to be back with you.
-
Let’s talk about password security again.
-
Yeah, I know some of you
were squirming a little bit.
-
You have those passwords
in a notepad in your pocket,
-
or you have them
on a checkbook registry.
-
I say it because it’s happened!
-
Or you might have some
of the same passwords for everything.
-
And I know things like password complexity
and length requirements can be annoying.
-
It’s not meant to annoy you.
-
Hey, look, it’s a new day,
-
and it’s a good day
-
to get your password security
under control.
-
Let’s talk about how you can do that.
-
Password complexity
-
Your company password is required
to be at least 15 characters
-
and contain a certain level of complexity.
-
It would be wise to apply the same
standard to all of your passwords,
-
even for personal accounts.
-
There are a couple of ways to make sure
your passwords are more complex.
-
You can use a random string
of characters, numbers, and symbols.
-
Another way is to create a memorable
passphrase with 5 to 7 unrelated words.
-
Get creative with spelling
to make it even stronger.
-
Password uniqueness
-
Use different passwords on every account.
-
Yep, this one is touchy.
-
I know, but this is one
of the biggest vulnerabilities.
-
If a data leak occurs that exposes
your username and password on one website
-
online criminals will try to use that
same username and password on other sites.
-
Would your bank account be protected?
-
Thankfully, there’s a tool made
exactly for this task.
-
You’ve heard of it before:
password manager
-
A password manager is an app that you
can have on your phone, computer, or both
-
that is encrypted and can store all
of your username and passwords securely.
-
They can even generate
random, unique passwords
-
for you when you create new logins,
-
so that you don’t even have to think about
what your password is going to be.
-
Let’s take a quick look
at how password managers work.
-
Hey, this is my password manager.
-
Just kidding.
-
Just kidding. Just…
-
Just kidding.
It’s Kevin.
-
He keeps all of my passwords safe.
-
Oh, no!
An online criminal! Ahhhhhh!
-
-Give me your passwords!
-Nope.
-
Nope.
-
Nope. Nope. Unh-uh.
-
You have to have the right password.
-
Unh-uh.
-
No.
-
Correct.
-
Yes!
-
We’re just fooling!
This wasn’t a real situation!
-
This is Kevin.
He’s a Computer Helper Guy.
-
And…NOT really an online criminal…
-
This is Calah!
She’s a Computer Helper Girl!
-
That’s how password managers work.
-
Back to you, Me!
-
Ha! That was awesome.
-
Some password manager options
are available
-
on Self Service on the Mac
and Company Portal on your PC.
-
But hey, there are many more.
-
You might check with your colleagues
to see what they’re using
-
or reach out to ServiceDesk@msnpath.com
-
ART 2025 INFORMATION SECURITY
3. PHISHING
-
Next, let’s talk about phishing.
-
I know… phishing, fishing…
low hanging fruit.
-
But we’re talking about
phishing with a P-H.
-
Phishing scams are emails
-
or online messages designed to look
like they come from a trusted source.
-
The goal is to trick you into clicking
a link or opening an attachment
-
that would expose you
to sending personal data
-
to a scammer
or launching malware or a virus.
-
Thankfully, if you’re paying attention,
you can usually recognize the signs.
-
Phishing messages will often come with
urgent or emotionally appealing language.
-
They’ll be requests
to send personal or financial information.
-
There may be an unexpected attachment,
web addresses that don’t look quite right,
-
and it could be from an email address
that kinda looks odd,
-
like if you get an email
claiming to be from Microsoft
-
but the email address is weird
like CustomerSupport@microSAFT.com.
-
Sometimes poor grammar and misspellings
can be a dead giveaway.
-
Some of these phishing messages
have gotten pretty good and look good.
-
Trust your senses.
If it looks off, it probably is.
-
Resist the urge
to click anything in the email.
-
Report the messages as phishing,
-
and you can do that inside of Outlook
using the Phish Alarm button.
-
Just select the email message and
look for the Report Suspicious Email icon.
-
This is not to be confused
with the Report Phishing option,
-
which is not the one you want.
-
The Report Suspicious Email button
-
is in slightly different places
depending on your version of Outlook.
-
Once reported,
if the email is deemed safe,
-
it will automatically
come back to your inbox.
-
Sometimes these phishing messages
will come up in the form of a web pop-up,
-
and it will look alarming like...
-
“We’ve detected a virus!
-
Call Help Desk at 1-800-bluhbluhbluhblah
immediately!”
-
Don’t call that number, and don’t click
on the pop-up. This is a scam.
-
We will never ask you
to “Call Help Desk” from a web pop-up.
-
If you have legitimate malware, our
security software will detect the threat
-
and the Information Security Team
will reach out to you.
-
But if you’re in doubt, you may always
contact ServiceDesk@msnpath.com.
-
So let’s leave them fish
in the water.
-
ART 2025 INFORMATION SECURITY
4. ONGOING SUPPORT
-
Finally, I know all of these things
can be a bit daunting,
-
and most of you are not computer experts
or Computer Helper People.
-
Well, we recognize that
that can be a struggle sometimes.
-
Thankfully, you do have some computer and
technology experts who are in your corner
-
ready to help and serve you
in your work when you need help.
-
And we truly want to be an asset
and a resource for you.
-
So, if at any time,
anywhere in the world,
-
you need help getting this kind of stuff
straightened out, please reach out to us.
-
You can start that conversation by sending
an email to ServiceDesk@msnpath.com
-
or go to the Service Desk Portal
on the Intranet.
-
Service Desk hours are 8 a.m. to 5 p.m.
Eastern Standard Time,
-
and Service Desk will respond
as promptly as possible.
-
And we - Service Desk, Technology Support,
and Information Security - as a team
-
will be in your corner,
ready to help.