Two-Factor Authentication
If the administrator does not require it system-wide, Arena users can choose to enable two-factor authentication at an individual account level. This sends a unique code to the user’s email address or mobile number when the user logs in from an unknown computer.
Password Policy
Users create and secure their passwords. Passwords expire at an interval controlled by your Account Administrator (recommended no more than 90 days). When your password expires, you will be prompted to change your password upon login. Depending on how your workspace is configured, you may be able to keep the same password. Arena passwords must be 8-18 characters long and must include at least one lowercase letter, one uppercase letter, and one number.
Phishing
Brief, formal phishing education may be beneficial for Arena users. Phishing is the fraudulent attempt to obtain information such as usernames, passwords, and data, or disrupt an entire computer system or network. Attackers phish for malicious reasons, by disguising as a trustworthy entity in an e-mail.
Some simple recommendations you can make to your Arena users:
Teach users to not be fooled by phishing, and to not click links or open attachments in suspicious emails. One of the most effective cyber attack techniques is tricking someone to click a link or open an attachment that installs malware. These are called phishing e-mails because they lure you into opening an email. Phishing email can say something intriguing, useful, or appear to be a legitimate message from a real company (package delivery, payroll, IRS, social networking, etc.). They can include logos or other official-looking images.
Instruct users to never open emails from unknown sources. Hackers want people to click on their link so that they can infect the user’s computer. Similarly, teach users that emails received from an unknown source should be evaluated based on the source and whether it makes sense. If not, it may be malicious. The sender’s address should always be verified and and any links to URLs can be hovered over to validate them. For example, if the link says it’s from Arena, then hovering over the link should show a URL ending in “.arenasolutions.com”.
