Password Security
Sometimes passwords can be difficult to remember. What is one tool or application that is helpful to avoid forgetting passwords?
(Hint, the acronym is PM)
Password Manager
Grammar/Spelling
Sense of Urgency
Request/Call to Action - Ask if it's normal?
Suspicious Link
When is it okay to post about Canpotex on Social Media?
When it follows our organization's social media and confidentiality policies.
"External Communications and Social Media Policy"
It basically covers confidentiality, and standards for acceptable behavior, privacy and respect.
Should you ever connect to unfamiliar or unsecure Wifi?
No you should never as a rouge access point could have bad actors watching the traffic going through.
This goes for free shop wifi as well. It's not advisable to use those either.
Which of the following passwords would be the most secure?
abc123
Password1
Br&N3w4U!
Tim0805
Br&N3w4U!
Based on complexity.
Daily Double
What is the first think you should do when your work device is lost or stolen?
As a security behaviour, when is the only time it's okay to give your password to someone else?
Trick question, it's never okay. At Canpotex we will never ask for your password. We might ask you to input your password into something while helping you install something, or troubleshooting, but we won't ask directly for your password.
Why do Social Engineers create a sense of urgency when asking or saying something?
So that you react without pausing to stop, look, and think. To more easily fall for their tricks.
Name 2 things that make password:
P@56W0rd1F0rM3
Stronger than this password:
superpass#1
More complexity with an uppercase letter.
It's a passphrase.
Length
No use of dictionary words - Uncommon substitutions
You receive an unexpected email from your manager that says they are out of the office and need you to upload some work files to their personal cloud, giving the reason that it's too large to email. Should you send the files right away?
No, you should verify the request first.
Mobile Device Freebie!
You should always keep your apps up to date, only use apps from the device's app store, and don't save login information to your device.
Which of the following would be the most secure question to choose in the event you forget your password?
2. When you were a child, what did you want to be when you grew up?
This is likely the most difficult piece of information for a social engineer to find.
Should you reuse a password or passphrase on multiple sites if it's at least 25 characters long, highly complex, and very secure?
No you shouldn't, because if one of those sites gets compromised, then no matter how complex your password is, it's instantly guessable.
What should you do in this scenario? You get an email from a client from a different reply-to address, and they ask you to resend the contract because they deleted it.
Call them at a verified number to confirm the request.
Why might hackers also be interested in the contents of your personal mobile device?
Because sometimes there is work information on your personal device, and it can be used as a pathway to the organization's data.
Daily Double True or False!
Can Bluetooth be exploited to monitor communications and steal data?
Do hackers always act immediately after they've gotten malicious access?
Not always, they sometimes lie in wait patiently for the right opportunity.
Which of the following, is an example of an attack used by hackers to get you to take action or reveal information?
1. Voicemail from a coworker asking a question about a project you're both working on.
2. IT Notice asking to log out tonight due to scheduled maintenance.
3. Someone calls from IT, asking to download an unknown app on your device.
3. Someone calls from IT, asking to download an unknown app on your device.
What is SMIShing?
It's phishing, but over text. The same rules apply, beware of unsolicited calls to action, urgent requests, and weird links.
Name 2 of the people from the Canpotex Security Team!
Greg, Ross and Anthony!