In a news report it was revealed that up to 1 billion passwords have been compromised. As an IT professional we know to do. Quickly either delete the affected account or change the password. And if we use the same password or naming convention, all other accounts we have get changed too. Even with the fact that the compromise was 3 years ago and the reporting/knowledge is just coming out.
This problem is larger. I think we need to tell all our non-IT staff members what to do too. For both the protection of their other account(s), but also for company. If a staff member get phished and the “bad guy” has another password, multiple data points are gathered – and that can spell bad news. Bad news for the individual and bad news for those associated with that individual.
These types of events that are published are opportunities for us to talk about building and nurturing a security culture within our firms. Think about it. That security culture can even aid marketing in adding that (feature or service) into whatever product or service your firm sells or delivers.
Building awareness for the non-IT staff regarding risk and security is new norm. With the amount of threats, we need to discuss and talk about what to do, what to look for, and what not to do.
A great way to strengthen a link, which in many organizations, is one of the weaker links. There are several non-IT education programs that are available too. And we would be happy to share information on them.