vault backup: 2022-10-12 15:30:05

2025-12-27 14:54:05 -06:00 · 2022-10-12 15:30:05 +13:00 · 2022-10-12 15:30:05 +13:00 · c4859886f1
commit c4859886f1
parent c61ab3918a
1 changed files with 9 additions and 1 deletions
--- a/content/notes/ass03-security-flaws-essay.md
+++ b/content/notes/ass03-security-flaws-essay.md
@ -183,7 +183,15 @@ lessons learned
 SMEs should assume that they will be inevitably be compromised, and they should be ready to respond. They should have systems in place to detect attacks when they happen, and have a plan for how to respond, and prevent it from occuring again in the future. If they are unable to respond to attacks themselves, they should know who to contact. They should also purchase a cyber security insurance policy, and consider what legal obligations they have to their stakeholders.

 ### Strong User Authentication
-This one of the most important rules. 
+This one of the most important rules. In addition to strong passwords SMEs should require two-factor authentication, preferrably with an authenticator not just by text. 
+
+SMEs should also require users to create strong security questions, so that accounts can be recovered if a password is stolen, there should not be any secondary questions that a user can use to recover an account.
+
+### Awareness Training
+For all employees including customer service and tech support. Employees should be made aware of the proper procedures and standards and adhere strictly to them.
+
+### Backups
+In the event of an attack, or a natural disast


 # References