Who is responsible for security?

 

Who is responsible for security?

I really don't want to write this. Because I can earn by going to companies to discuss (workshop) about these topics ☺️. (Even though it's not as perfect as it was said in the workshop) In this post, I'll tell you how to understand the content

Who is responsible for #Security?

A student in my course asked this question. He asked a system administrator how to prevent this from happening.

His organization has a private domain and a private mail server.

It seems that someone's mail from the org came to the admin. I think the admin clicked the link.

If there is an attack...

In this case, it's not just the carelessness of the admin. Since he sent it from his company's staff, there will be a trust as a letter sent to each other. This will force you to click on the link quickly.

If you are using a company or organization's mail, or your own mail server, rather than normal Gmail, everyone who uses such mail must pay attention to security.

Since a company has its own sectors, there may be many people using company mail.

For example, marketing1@company.com, marketing2@company.com email addresses are used by people in charge of marketing.

Even if you think about it casually, you can distinguish between the system admin and the marketing staff, who is easier to attack. So the marketing department will acc phish someone using social engineering. Then if you use SE to system admin through his Acc, the result will be different.

And another thing you should be careful about is the login credentials. Because it's too much to remember, most people still keep the same password.

Another thing is to prevent the URL from appearing in the mail (for example - URL Shortener). You can also send fake URLs (for example - Fake URL + Hyperlink).

To make it easy to understand, we use the <a> HTML tag to spoof the URL.

  <a href="https://attacker.com/fakeLogin.php">https://company.com/Login.php</a>

Look at above.

As system admins, the link in the mail sent to each other in their work may make them want to click on it. To prevent this from happening, please copy the link (URL) address and paste it in the note 📝. The easiest way to check is by opening it first in another browser that you don't use.

If we have to conclude according to the topic, the system admin 👨‍💼 is also responsible, as well as other users 👩‍💼 👨‍💼 🧑‍💼 who use the same private mail server.

For such things, every employee in every sector needs to have security knowledge. If necessary, we can do workshops for knowledge and make a security alarm 🚨.

I have to write on my phone, so that's all I'm satisfied with.

If you have any problems, you can write in the comments.

Thank you all for continuing