January
“The Keys to the Kingdom”
Password Hygiene & MFA
Access control acts as the digital security guard of the company, ensuring only authorized individuals have the 'keys' to specific resources. Security is only as strong as these keys—our passwords and Multi-Factor Authentication (MFA) tokens.
Cautionary tale: The Keys to the Kingdom
In September 2023, the MGM Resorts empire was paralyzed: slot machines went dark, hotel keys failed, and systems were encrypted. The hackers didn’t crack a code; they used LinkedIn to find an employee’s details. They called the IT Help Desk, impersonated the employee, and convinced a technician to reset the employee’s MFA to a device the hackers controlled..
The Lesson: The hackers didn't 'break in'—they were let in by exploiting a human connection to bypass technical security.
Password Hygiene & MFA
Your password is the first line of defense; if it is weak, the door is already unlocked.
Length > Complexity: Long phrases like Purple-Elephants-Run-Fast-2026! are harder to crack than short, complex ones like P@ssw0rd1!.
Don’t Reuse: Never reuse work passwords for personal accounts like Netflix or banks. If one is leaked, they are all compromised.
Use a Vault: Avoid sticky notes or insecure files. Use the company-approved Password Manager to store and generate credentials.
Beware of the “MFA Fatigue” Trap: Hackers may spam your phone with dozens of login prompts, hoping you will hit “Approve” just to stop the notifications.
- If you receive an MFA prompt you didn’t initiate, DENY it immediately.
Report & Verify: A random prompt means someone has your password. Change it, alert IT, and check login maps—if you are in New York and the map says “London”, hit Deny.
January Checklist
- Audit Your Access: Look at your browser-saved passwords. If you see work credentials saved in Chrome/Edge, move them to our secure Password Manager.
- Verify the Source: If “IT” calls you out of the blue asking for an MFA code or a password reset, tell them you’ll call them back at their official extension. Real IT staff will never ask for your password.
Ready to Implement This Month's Security Focus?
Deploy automated security awareness training with Symbol Security. Schedule simulations, track progress, and measure improvement across your organization.