Awareness Messages

The Core Pa$S^^ord!

We’re supposed to use “unique passwords.”  This means that we can’t use the same password for everything.  We should use one for windows, a different one to log into the core, a different one for e-mail, a different one for the imaging program, etc. We’re also supposed to us...

Let’s Get Physical!!!

We often incorrectly think of Information Security as a set of rules and practices surrounding the computer.  But the Acceptable Use Policy pertains to more than just technology.  It covers legal risk, reputational risk, operational risk, etc.  But it also covers hard-copy i...

The User Level: Keep Your Desk Clean!

Office space is frequented by customers, consultants, vendors, cleaning crews, maintenance and other employees.  As it is crucial to protect sensitive information from disclosure, employees should be taught to not leave nonpublic personal information (also known as NPI) on t...

Plugins and Widgets and Applets, Oh My

Boy do we need to be sensitive to third party applications!  This is true not only as we use our browser at work, but also when we use Facebook or Myspace or any of the myriad of social media sites at home. Third party applications may enhance our user experience, or they ma...

Did you do it???

User Accountability:     You are responsible for all activity that takes place on the Information System and the Network using your username. If the security of your user login is compromised, you are still responsible and liable for all activity under that usernam...

What is unique, anyway?

Is Twitter_v1g!l1z3 the same password as Youtube_v1g!l1z3? Did you know that our policy requires you to use unique passwords for critical applications?  In other words, the password you use to log into the network, to log into the core, and to log into everything else must ...

Think for yourself!

Social Media can be safe, if YOU choose to learn safe practices! I was going to write this long article about how no amount of my warnings would safeguard this bank without the active participation of you, the user of our information assets!  I wanted the article to come to ...

Instead of surmise, Vigilize!!!

To surmise means to “infer from incomplete evidence.” Often, in an effort to be polite or not offend, we will assume a person’s identity without having all of the required evidence to prove that identity. This is how we fail in pretext calling attacks, phi...

Are you the weak link?

Or do you use strong passwords? You must use strong passwords to beat cracker software, which is software that bad guys use to guess passwords really fast. A strong password has six factors: 1) Numbers like 1234… 2) Upper case letters like ABCD… 3) Lower case letters like ef...

Searching for Sensitivity!

Be careful what you post on-line . . . it can hang around forever! Of course our acceptable use policy prohibits us from posting information about the bank or bank business on our own social media sites like Facebook, Youtube, etc.  But we should also be careful about ANY in...