MFA Important Not Just at Work
Guillaume Ross is deputy CISO at JupiterOne.
“When educating employees on security, it’s important to explain why certain controls are useful, as well as how they can leverage them in their own personal lives,” he said. “We might enforce MFA at work, but we should also suggest that people use it on their own important accounts, when it’s available at least. The same goes with password managers, keeping browsers up to date, as well as on the dangers of submitting information to unknown sources on the Internet.”
If browsers are not updated rapidly when new vulnerabilities are discovered, it’s likely that one of them could be compromised during March Madness, the Olympics, the World Cup or during any regular week, Ross said.
“For this reason, a company with a good understanding of their social engineering attack surface, a well-configured spam filter, employees that are used to reporting suspicious emails, and where a well-known, trustworthy site to track brackets is chosen early on is probably not exposed to significantly higher risk during March Madness,” he said. “For companies where all traffic goes through a corporate VPN, I recommend making official streaming sites available out of the VPN rather than blocking them, which will lead to people searching for illegal streams that aren’t blocked, which might bring more security risk.”
