Hello SUNY Cobleskill,
Welcome to the 4th and final week of Cybersecurity Awareness Month. This time we have prepared some material that helps you better understand why certain security controls or settings are applied that may be a tough to deal with at the workplace or educational place.
Why security awareness is important?
Due to the number of risks and threats that have been observed on the internet, organizations are beginning to use training modules for cybersecurity awareness and training. These modules are aimed to inform employees and desired recipients of the potential dangers when accessing the internet in hopes of preventing attacks from affecting the organization and users.
https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-important/
Why passwords are important
In our day-to-day lives, we use accounts for a variety of systems such as Amazon, email, phone apps, and company-owned accounts. The major obstacle in having all these accounts is setting a unique password for each and every account. The importance of having a strong password is to act as a layer of defense against attackers that might be looking into extracting sensitive information from these accounts to be used against you.
https://www.cisa.gov/news-events/news/choosing-and-protecting-passwords
Why MFA is important
In addition to passwords, accounts that you create may sometimes require you to set up Multi-Factor Authentication (MFA) in addition to passwords. MFA acts as a second layer of defense and account passwords act as the first layer, The purpose of this combination is to thwart the attempts of malicious actors gaining access to your account that may contain sensitive information such as credit card numbers, social security, etc.
https://www.cisa.gov/sites/default/files/publications/MFA-Fact-Sheet-Jan22-508.pdf
Why IT Policies and Procedures are Important?
When getting hired by an organization or getting accepted by a school, you may encounter policies and procedures that may seem overwhelming and annoying when compared to your previous workplace or school. Policies are in place to set standards and recommendations on how to protect and secure end-user-owned and company-owned devices and data from threats and risks. Procedures are implemented to establish a set of guidelines for a wide array of scenarios such as how to reset your password, what to do when receiving a suspicious email, or if an account is compromised. The more clear and more concise these procedures are the more effectively issues are resolved from the end user and ITS point of view.
https://www.linkedin.com/pulse/benefits-documented-policies-procedures-mike-lorenzen-sphr-mcp-vcp
What are security controls and why it is important?
Security controls are a variety of rules and policies for the purpose of addressing risks and threats. These controls are broken into several categories that are classified based on what they do and their purpose. These are important for any business to utilize as it protects data and systems from malicious sites, files, and programs that might be used by malicious actors to gain unauthorized access.
https://drata.com/blog/security-controls
Another reminder, Security training is due on the 15th of November as well as the attestation form. Please keep in mind that the attestation form and the training are 2 separate links and modules, both are to be completed before November 15th.