Best Practices
WinKey + L performs this operation. It also stops your coworker from changing your desktop background to a picture of minions.
What is locks the computer?
"Hi, this is Joni. I need you wire $5,000 to this account due a surprise expense. Please submit payment to link below as soon as possible.
www.notSketchyPaymentLink.com/pay/"
This is probably an example of this type of attack.
What is phishing?
This defense uses complex algorithms to protect data and render it unreadable, unless you have the key.
What is encryption?
This search engine company holds first and second place in the list of the largest data breaches in history. The breaches occurred in September and December of 2016.
What is Yahoo!?
Per CoreLink's policy, we have 5 different levels of this. Each one determines how sensitive a given document is.
What is classification?
It may sound rude, but holding open a secured door for someone can be potentially dangerous. This term refers to someone else following you in to a secured area.
What is tailgating/piggybacking?
If you don't sanitize user input that interacts with your SQL database, a user could use this attack to steal data or even destroy the database.
What is SQL injection?
This network appliance intercepts and filters all incoming and outgoing traffic. It is also the reason you can't access Gmail.
What is a firewall?
This famous hacker got his start in the '70s at age 13 by hacking the LA bus system to get free rides. By the late '90s, he was arrested by the FBI for hacking Federal computer networks. Now, he's the Chief Hacking Officer at KnowBe4.
Who is Kevin Mitnick?
CoreLink's highest classification level is this. You could compare it to "Top Secret", but we're not the government.
What is Restricted?
Having one compromised account is bad enough, but doing this could mean having your entire online life compromised.
What is reusing passwords?
If you run that suspicious .exe that just downloaded, you might end up a victim of this type of attack that encrypts all your files. Hope you own some bitcoin to get those files back...
What is ransomware?
This defense mechanism prevents someone from logging into your account, even if they have your username and password... unless you approve it.
What is multi-factor authentication? (MFA)
One of the first organized hacking groups called themselves "The 414s". The name was based on the area code for this Wisconsin city where they lived. Unsurprisingly, it made the FBI's job a lot easier when trying to find them.
What is Milwaukee?
Personal Health Information requires it's own special classification due to this US Law. It's very costly not to abide by it...
What is HIPAA?
Traditional wisdom says complex passwords are the most secure. However, the newest NIST guidelines emphasize this characteristic over complexity.
What is length?
This attack typically uses a botnet to overload a server or web service. It is massively annoying when it happens to Netflix.
What is a DDOS attack? (Distributed Denial of Service)
This defense allows you to work from home (or Starbucks...) securely by encrypting your traffic.
What is a VPN? (In our case, Cisco Anyconnect)
This botnet took down most of the internet on October 12th, 2016. Most of compromised devices in this botnet were "Internet of Things" devices. So the internet was taken down by a ton of internet-connected toasters.
What is the Mirai botnet?
An invite to your brother-in-law's birthday party sent to your work email probably falls under this classification.
What is "Personal"?
While it is cool to have access to everything, this principle states that a user's access should be equivalent to their need.
What is the principle of least privilege?
This attack allows a user to load malicious scripts on your website, posing a major threat to not only you, but also your other users.
What is cross-site scripting? (XSS)
This Microsoft tool allows the security team to detect compromised users and audit sign-ins in real time. It also alerts us when you log in on vacation in Italy.
What is Azure Active Directory?
This common hashing algorithm was cracked in 2017, rendering it no longer secure. All it took were Google engineers, nine quintillion computations, and 6,500 years worth of computing time.
What is SHA-1?
You should do these two steps if you receive a document classified as Restricted - Finance and you're not in Finance.
What is report & delete?