vault backup: 2022-10-14 15:52:41

2025-12-27 14:54:05 -06:00 · 2022-10-14 15:52:41 +13:00 · 2022-10-14 15:52:41 +13:00 · 6de321fb23
commit 6de321fb23
parent 1e4e83fbe1
1 changed files with 1 additions and 1 deletions
--- a/content/notes/ass03-security-flaws-essay.md
+++ b/content/notes/ass03-security-flaws-essay.md
@ -52,7 +52,7 @@ There are 6 main rules which I have decided on:
 SMEs should assume that they will be inevitably be compromised, and they should be ready to respond. They should have systems in place to detect attacks when they happen, and have a plan for how to respond, and prevent it from occuring again in the future. If they are unable to respond to attacks themselves, they should know who to contact. They should also purchase a cyber security insurance policy, and consider what legal obligations they have to their stakeholders.

 ### Strong User Authentication
-This one of the most important rules. In addition to strong passwords SMEs should require two-factor authentication, preferrably with an authenticator not just by text. SMEs should also require users to create strong security questions, so that accounts can be recovered if a password is stolen, there should not be any secondary questions that a user can use to recover an account.
+This one of the most important rules. In addition to strong passwords SMEs should require two-factor authentication, preferrably with an authenticator app and not just by text. SMEs should also require users to create strong security questions, so that accounts can be recovered if a password is stolen, there should not be any secondary questions or other information that a user can use to recover an account.

 ### Awareness Training
 For all employees including customer service and tech support. Employees should be made aware of the proper procedures and standards and adhere strictly to them.