1、Cybersecurity,Privacy&Protection for LibrariesThe Human Factor:Security Starts With StaffCyberattacks are on the riseMost breaches(68%),whether they include a third party or not,involve a non-malicious human element,which refers to a person making an error or falling prey to a social engineering att
2、ack.Source:Verizon Credential Abuse&Social Engineering AttacksWhat is credential abuse?When criminals use stolen or leaked credentials to access systems Reusing Passwords Not monitoring data breaches Keeping accounts active for people whove leftCredential Vunderabilities Accounts are not deleted fro
3、m the ILS or Library Software when a staff member leaves Staff share a login to a system/resource/tool A 3rd party is breached and staff email is accessedPassword Security Reused passwords Weak passwords Lack of multi-factor authenticationHow do we educate staff to defend against this type of attack
4、?Training Points:Credentials Never reuse passwords across accounts Never share passwords Enable MFA on everything especially email and your ILS Report login alerts you didnt trigger immediately When someone leaves,disable accounts the same day(MFA)on all accounts,as it blocks 99.9%of automated attac
5、ksSocial engineering accounts for 98%of cyber-attacksPhishing&Social Engineering Email phishing,spear phishing,smishing(SMS),vishing(voice)Impersonation Baiting Scareware Dumpster DivingImpersonationAn email arrives that looks like its from your ILS vendor.The logo is right.The tone is professional.
6、It says your password expired.Theres a link.Two Recent ExamplesHow do we educate staff to defend against this type of attack?STOP MethodS SuspectT ThinkO ObserveP Proceed&Report Analyze the Header How can you confirm the sender?Analyzing the header:Typosquatting(Amazon v.Amaz0n)Reveal the email not