SlideShare a Scribd company logo

Security and the Service Desk

N
NorthCoastHDI

This document discusses the security responsibilities of service desk staff. It emphasizes that security is a team effort and individual responsibility. The service desk plays an important role by being aware of potential threats, communicating security messages to users, and properly handling security incidents. As the main point of contact for IT issues, the service desk is well positioned to help the organization by noticing suspicious activity and serving as role models for secure practices.

Technology
1 of 20
Download to read offline
Service Desk - Security Chris Prewitt
Service Desk – Why is it a threat?
Attacking the Service Desk
Responsibility
6 Security is everyone’s concern The key to Security Awareness is found in the word itself: “Security… a team effort, but an individual responsibility” SEC- -Y
Employee Responsibility 7 The OPM hack, the RSA hack, and many others were initiated by an employee making 2 mistakes. First, clicking a link that led to malware. Second, not reporting it immediately when something weird happened. What can you do to help your company? Be aware; see something, say something *Malware is software that is intended to damage or disable computers and computer systems
Most Common Passwords (2017) 1. 123456 (Unchanged) 2. Password (Unchanged) 3. 12345678 (Up 1) 4. qwerty (Up 2) 5. 12345 (Down 2) 6. 123456789 (New) 7. letmein (New) 8. 1234567 (Unchanged) 9. football (Down 4) 10.iloveyou (New) 11.admin (Up 4) 12.welcome (Unchanged) 13.monkey (New) 8 14. login (Down 3) 15. abc123 (Down 1) 16. starwars (New) 17. 123123 (New) 18. dragon (Up 1) 19. passw0rd (Down 1) 20. master (Up 1) 21. hello (New) 22. freedom (New) 23. whatever (New) 24. qazwsx (New) 25. trustno1 (New) The password policy within Active Directory enforces password length, complexity, and history. This does not in any way control what the password is, just how long it is and what characters are inside of it. Many people will use easily guessable passwords like Winter2017 or Password!@# because they technically meet the standards but are easy for them to remember.
Is Your Password Secure? Ensure that your password:  Is a minimum of 8 characters  Is comprised of at least 3 of the following: • uppercase letter (A, B, C..) • lowercase letter (a, b, c…) • numeric (1, 2, 3…) • special character (#, $,*…)  Has no sequentially repeated characters  Rotate password every 90 days  Is not a dictionary word  Create or Use a passphrase  Is never shared and (never written down) 9
Sensitive Data Types • Employee Data • Names, addresses, national ID or social security numbers • Employee Medical Information • Insurance, accidents • Financial Information/Payment Card • Credit Card information: internal and customer • Bank routing numbers • Consumer/Customer Information • Names, email addresses, login, passwords • Intellectual Property • Machine drawings, assembly instructions, chemical formulations, recipe • Source code, what’s your companies secret sauce? 10
How information is stored, transferred • Email • Corporate file transfer tools • File Servers • Online personal storage • Dropbox, Google Drive, OneDrive, Box.com, etc. • Password protected files (Office, Zip) • USB 11
Risks
Acceptable Use Policy - Email & Internet Limited personal use is permissible under most policies. However…  Using company networks to access pornography or gambling sites is strictly prohibited.  These tools are to help your productivity – not interfere with your job performance.  Do not use e-mail to distribute files that are obscene, pornographic, threatening, or harassing.  Do not open attachments or links in unknown or suspicious email.  Using company resources to establish or maintain your own personal business should be strictly prohibited. 13
Data Leakage 14 Data Leakage is the unauthorized transmission of data (or information) from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method. Be mindful that unauthorized leakage does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized. Examples Sharing confidential or restricted documents with anyone that shouldn’t see them. Storing confidential or restricted documents on non-Lincoln Electric assets, such as Dropbox, your home computer. Transferring confidential or restricted documents using your personal email or other methods.
Social Engineering  Watch out for phishing attempts through email trying to trick you into providing sensitive information over the internet.  Protect against “dumpster diving” - dispose of sensitive information properly (e.g., appropriately shredding sensitive paper documents). Social Engineering occurs when techniques such as trickery and manipulation are used to deceive associates into providing useful Company or personal information. This information can be used to gain unauthorized access to company’s most sensitive information assets. Here are some tips:  Never give out sensitive Company information or your personal information over the phone, internet, e- mail, etc. 15
Phishing 16 Phishing email messages, websites, and phone calls are designed to steal information or money. Cybercriminals can do this by installing malware or malicious software on your computer. Cybercriminals also use social engineering to convince you to install malware or hand over personal information under false pretenses. You could be sent an email, at work or home, they could call you on the phone, or you may even see a popup asking you to download and run software.
Phishing Phone Calls 17 Treat all unsolicited phone calls with skepticism. Do not provide any personal information of yourself or co- workers. Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor other partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
Physical Loss Before After 18 What is the real cost of a lost laptop, tablet or smart phone? • How much private information could be stolen? • How many trade secrets? • How much will you have to spend to restore your customers' privacy? Not to mention their trust - or your reputation?
Response
Service Desk Responsibility Do you know who to call? Do you know what to do? What tools do you have? What is your responsibility? Why should the Service Desk care about Security? 1. Everyone’s Responsible for Security 2. Service Desks Are the Eyes and Ears of IT 3. Service Desks Can Communicate Information Security Messages to Users 4. Service Desks Have a Major Role to Play in Security Incident Management 5. Service Desk Staff Are Role Models

Recommended

Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Parsons Behle & Latimer
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
ITNet
 
Safety And Security Of Data Student Work
Safety And Security Of Data Student WorkSafety And Security Of Data Student Work
Safety And Security Of Data Student Work
Wynthorpe
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 

Recommended

Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Parsons Behle & Latimer
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
ITNet
 
Safety And Security Of Data Student Work
Safety And Security Of Data Student WorkSafety And Security Of Data Student Work
Safety And Security Of Data Student Work
Wynthorpe
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Hacking
HackingHacking
Hacking
pranav patade
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
BbAOC
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
Elipeta Sotabento
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)
Stu Sjouwerman
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Helen Dixon
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
Rashed Sayyed
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Internet security
Internet securityInternet security
Internet security
Mohamed El-malki
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
Srikanth VNV
 
Hacking
Hacking Hacking
Hacking
Farkhanda Kiran
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
Stephen Cobb
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
Shawn Tuma
 
9 ethics in it space
9 ethics in it space9 ethics in it space
9 ethics in it space
Alwyn Dalmeida
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
लक्ष्मण गिरी
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
Ben Rothke
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
Nicholas Davis
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or bad
Ashish Chandurkar
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
amberkhan59
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notes
Linda Barron
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
RajuSingh730938
 

More Related Content

What's hot

Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
BbAOC
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notes
Linda Barron
 

What's hot (20)

Hacking
HackingHacking
Hacking
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Internet security
Internet securityInternet security
Internet security
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
 
Hacking
Hacking Hacking
Hacking
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
9 ethics in it space
9 ethics in it space9 ethics in it space
9 ethics in it space
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or bad
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notes
 

Similar to Security and the Service Desk

USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
sumita02
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Network
thowell
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
ocinc
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
EricK Gasana
 
Data theft
Data theftData theft
Data theft
Laura
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 

Similar to Security and the Service Desk (20)

Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
IT security awareness
IT security awarenessIT security awareness
IT security awareness
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Network
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
 
Data theft
Data theftData theft
Data theft
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
User security awareness
User security awarenessUser security awareness
User security awareness
 

More from NorthCoastHDI

More from NorthCoastHDI (10)

Is AI the Future of IT Operations?
Is AI the Future of IT Operations?Is AI the Future of IT Operations?
Is AI the Future of IT Operations?
 
Major Incident Management
Major Incident ManagementMajor Incident Management
Major Incident Management
 
WiFi 101
WiFi 101WiFi 101
WiFi 101
 
Shift Left Strategy
Shift Left StrategyShift Left Strategy
Shift Left Strategy
 
Proactive Project Management w/Machine Learning
Proactive Project Management w/Machine LearningProactive Project Management w/Machine Learning
Proactive Project Management w/Machine Learning
 
Learn More about HDI
Learn More about HDILearn More about HDI
Learn More about HDI
 
Good Practice Discussion - itSMF
Good Practice Discussion - itSMFGood Practice Discussion - itSMF
Good Practice Discussion - itSMF
 
Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)
 
The Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast ChapterThe Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast Chapter
 
NorthCoast HDI September 2014
NorthCoast HDI September 2014NorthCoast HDI September 2014
NorthCoast HDI September 2014
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Security and the Service Desk

  • 1. Service Desk - Security Chris Prewitt
  • 2. Service Desk – Why is it a threat?
  • 4.
  • 6. 6 Security is everyone’s concern The key to Security Awareness is found in the word itself: “Security… a team effort, but an individual responsibility” SEC- -Y
  • 7. Employee Responsibility 7 The OPM hack, the RSA hack, and many others were initiated by an employee making 2 mistakes. First, clicking a link that led to malware. Second, not reporting it immediately when something weird happened. What can you do to help your company? Be aware; see something, say something *Malware is software that is intended to damage or disable computers and computer systems
  • 8. Most Common Passwords (2017) 1. 123456 (Unchanged) 2. Password (Unchanged) 3. 12345678 (Up 1) 4. qwerty (Up 2) 5. 12345 (Down 2) 6. 123456789 (New) 7. letmein (New) 8. 1234567 (Unchanged) 9. football (Down 4) 10.iloveyou (New) 11.admin (Up 4) 12.welcome (Unchanged) 13.monkey (New) 8 14. login (Down 3) 15. abc123 (Down 1) 16. starwars (New) 17. 123123 (New) 18. dragon (Up 1) 19. passw0rd (Down 1) 20. master (Up 1) 21. hello (New) 22. freedom (New) 23. whatever (New) 24. qazwsx (New) 25. trustno1 (New) The password policy within Active Directory enforces password length, complexity, and history. This does not in any way control what the password is, just how long it is and what characters are inside of it. Many people will use easily guessable passwords like Winter2017 or Password!@# because they technically meet the standards but are easy for them to remember.
  • 9. Is Your Password Secure? Ensure that your password:  Is a minimum of 8 characters  Is comprised of at least 3 of the following: • uppercase letter (A, B, C..) • lowercase letter (a, b, c…) • numeric (1, 2, 3…) • special character (#, $,*…)  Has no sequentially repeated characters  Rotate password every 90 days  Is not a dictionary word  Create or Use a passphrase  Is never shared and (never written down) 9
  • 10. Sensitive Data Types • Employee Data • Names, addresses, national ID or social security numbers • Employee Medical Information • Insurance, accidents • Financial Information/Payment Card • Credit Card information: internal and customer • Bank routing numbers • Consumer/Customer Information • Names, email addresses, login, passwords • Intellectual Property • Machine drawings, assembly instructions, chemical formulations, recipe • Source code, what’s your companies secret sauce? 10
  • 11. How information is stored, transferred • Email • Corporate file transfer tools • File Servers • Online personal storage • Dropbox, Google Drive, OneDrive, Box.com, etc. • Password protected files (Office, Zip) • USB 11
  • 12. Risks
  • 13. Acceptable Use Policy - Email & Internet Limited personal use is permissible under most policies. However…  Using company networks to access pornography or gambling sites is strictly prohibited.  These tools are to help your productivity – not interfere with your job performance.  Do not use e-mail to distribute files that are obscene, pornographic, threatening, or harassing.  Do not open attachments or links in unknown or suspicious email.  Using company resources to establish or maintain your own personal business should be strictly prohibited. 13
  • 14. Data Leakage 14 Data Leakage is the unauthorized transmission of data (or information) from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method. Be mindful that unauthorized leakage does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized. Examples Sharing confidential or restricted documents with anyone that shouldn’t see them. Storing confidential or restricted documents on non-Lincoln Electric assets, such as Dropbox, your home computer. Transferring confidential or restricted documents using your personal email or other methods.
  • 15. Social Engineering  Watch out for phishing attempts through email trying to trick you into providing sensitive information over the internet.  Protect against “dumpster diving” - dispose of sensitive information properly (e.g., appropriately shredding sensitive paper documents). Social Engineering occurs when techniques such as trickery and manipulation are used to deceive associates into providing useful Company or personal information. This information can be used to gain unauthorized access to company’s most sensitive information assets. Here are some tips:  Never give out sensitive Company information or your personal information over the phone, internet, e- mail, etc. 15
  • 16. Phishing 16 Phishing email messages, websites, and phone calls are designed to steal information or money. Cybercriminals can do this by installing malware or malicious software on your computer. Cybercriminals also use social engineering to convince you to install malware or hand over personal information under false pretenses. You could be sent an email, at work or home, they could call you on the phone, or you may even see a popup asking you to download and run software.
  • 17. Phishing Phone Calls 17 Treat all unsolicited phone calls with skepticism. Do not provide any personal information of yourself or co- workers. Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor other partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
  • 18. Physical Loss Before After 18 What is the real cost of a lost laptop, tablet or smart phone? • How much private information could be stolen? • How many trade secrets? • How much will you have to spend to restore your customers' privacy? Not to mention their trust - or your reputation?
  • 20. Service Desk Responsibility Do you know who to call? Do you know what to do? What tools do you have? What is your responsibility? Why should the Service Desk care about Security? 1. Everyone’s Responsible for Security 2. Service Desks Are the Eyes and Ears of IT 3. Service Desks Can Communicate Information Security Messages to Users 4. Service Desks Have a Major Role to Play in Security Incident Management 5. Service Desk Staff Are Role Models