SlideShare une entreprise Scribd logo

Cybersecurity tips for employees

Priscila Bernardes
Priscila Bernardes

The complete guide on how to prevent an IT security breach. Some of the tips include: ♦ Why keeping a clean desk matters ♦ How to avoid email threats, including five ways to block phishing attack ♦ How your employees can secure their mobile devices ♦ Website browsing best practices.

Technologie
1  sur  20
Télécharger pour lire hors ligne
www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES THE COMPLETE GUIDE TO SECURE BEHAVIOR ONLINE AND IN THE OFFICE
CYBERSECURITY TIPS FOR EMPLOYEES www.lancom.co.nz INTRODUCTION When developing cybersecurity programs, many businesses focus on protecting their infrastructure perimeter and device endpoints. After all, that’s where cybercriminals usually first gain access and wreak havoc on a company’s digital access. But it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee—in the form of a malicious email or text, or even a voicemail that might prompt an employee to respond with confidential company information. There’s also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk. In 2015, an updated survey increased that number to 86%.1 These numbers indicate that it’s clear there’s a pressing need for better cybersecurity. The issue is not going away anytime soon. If anything, it’s only getting worse. According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. The Need to Educate Employees on Cybersecurity 86% 69%
Stronger cybersecurity has become a global priority over the last few years as hackers penetrate the IT infrastructure of government and enterprises with increasing frequency and sophistication. According to a study conducted by the Identify Theft Resources Center, the total number of data breaches reported in the US grew from approximately 400 in 2011 to approximately 750 in 2015. This represents an increase of more than 60% and does not include breaches that went unreported—a figure that is likely much higher.1 Coupled with the Internet of Things (IoT) and the explosive growth of mobile devices, the threat landscape and potential for data leaks is even more significant. In this eBook, we explore the need for employees to practice strict and secure cybersecurity habits— not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information. We also present the key steps SMB business owners can take to educate their employees to help secure their company’s data and intellectual property. We can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks— unintentional and intentional—could hurt the business in the form of information that assists a competitor, violates regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed. Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Business Insider, “This one chart explains why cybersecurity is so important,” 4/5/2016: www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-31
CHAPTER 01 PHYSICAL SECURITY PRECAUTIONS Keep a Clean Desk It makes complete sense and sounds so simple, but keeping a clean desk is often overlooked when talking about data security. It’s also the perfect place to start the discussion with employees. Employees that keep a cluttered desk tend to leave USB drives and smartphones out in the open. They also often forget to physically secure their desktops and laptops so someone can’t simply walk off with them. A messy desk also makes it more difficult to realize something is missing such as a folder with hard copy print-outs of customer lists. In addition to increasing the likelihood of something being removed, a cluttered desk means that the discovery of any theft will likely be delayed—perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might now be located. Encouraging employees to maintain a neat desk pays off in two ways. In addition to making digital and paper assets more secure, employees with clean desks are more apt to be productive because they can quickly—and safely—access the tools and resources they need to do their jobs. www.lancom.co.nz What is wrong with this photo? Click the photo to find out!
CYBERSECURITY TIPS FOR EMPLOYEES www.lancom.co.nz The Common Messy Desk Mistakes to Avoid The following list presents 11 “messy desk” mistakes employees are prone to commit and which could cause irreparable harm to the business, the employee, fellow employees, customers and business partners. These are all bad habits for which to educate employees to stop: Leaving computer screens on without password protection: Anyone passing by has easy access to all the information on the device; be sure to lock down screen settings. Placing documents on the desk that could contain sensitive information: It’s best to keep them locked up in drawers and file cabinets. Forgetting to shred documents before they go into the trash or recycling bin: Any document may contain sensitive information; it’s best to shred everything rather than taking a risk. Failing to close file cabinets: This makes it easy for someone to steal sensitive information and more difficult to realize a theft has occurred. Setting mobile phones and USB drives out in the open: They likely contain sensitive business or personal information and are easy to pick up quickly without being caught in the act. Neglecting to erase notes on whiteboards: They often display confidential information on products, new ideas and proprietary business processes. 01. 02. 03. 04. 05. 06.
07. 08. 09. 10. 11 www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Dropping backpacks out in the open: There’s often at least one device or folder with sensitive information inside. Writing user names and passwords on slips of paper or post-its: This is especially important given that user names and passwords are typically used to log in to more than one site. Leaving behind a key to a locked drawer: This makes it easy to come back later—perhaps after hours when no one is around—and access confidential files. Displaying calendars in the open or on the screen for all to see: Calendars often contain sensitive dates and/or information about customers, prospects and/or new products. Leaving wallets and credit cards out on the desk: This is more likely to impact the employee, but wallets may also possess corporate credit cards and security badges. CYBERSECURITY TIPS FOR EMPLOYEES TIP In today’s fast-paced world where employees are always on the go, it takes too much time to determine whether documents, USB drives, devices and other items contain sensitive information. The safe bet is to make sure everything is filed away and kept locked up or else properly destroyed.
www.lancom.co.nz CHAPTER 02 Social Engineering Inboxes and VoiceMail Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks. An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network. Phishing Email Compromises One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on. Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totaling over $2 billion dollars in corporate losses.2 Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to. EMAIL THREATS
CYBERSECURITY TIPS FOR EMPLOYEES CYBERSECURITY TIPS FOR EMPLOYEES Four Common Phishing Techniques The scope of phishing attacks is constantly expanding, but frequent attackers tend to utilize one of these four tactics: Embedding links into emails that redirect users to an unsecured website requesting sensitive information. Installing Trojans via a malicious email attachment or posing ads on a website that allow intruders to exploit loopholes and obtain sensitive information. Spoofing the sender address in an email to appear as a reputable source and requesting sensitive information. Attempting to obtain company information over the phone by impersonating a known company vendor or IT department. www.lancom.co.nz RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf2
Email Security Best Practices - Five Ways to Block Phishing Attacks Employees should always be suspicious of potential phishing attacks, especially if they don’t know the sender. Here are five best practices to follow to help make sure employees don’t become helpless victims: www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Don't reveal personal or financial information in an email—Make sure employees also know not to respond to email solicitations for this information. This includes clicking on links sent in such emails. Check the security of websites—This is a key precaution to take before sending sensitive information over the Internet. <http> indicates the site has not applied any security measures while <https> means it has. Also consider if employees are practicing safe browsing habits. Sites that do not serve a legitimate business purpose are also more likely to contain harmful links. 01. 02. Pay attention to website URLs—Not all emails or email links seem like phishing attacks, so employees may be lured into a false sense of security. Teach them that many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it's not hidden behind non-descript text) to see if it looks legit. Employees may also be able to detect and evade the scheme by finding variations in spellings or a different domain (e.g.,.com versus .net). Verify suspicious email requests—Contact the company they're believed to be from directly. If an employee receives an email that looks odd from a well-known company, such as a bank, instruct them to reach out to the bank using means other than responding to the suspicious email address. It’s best to contact the company using information provided on an account statement—NOT the information provided in the email. Keep a clean machine—Utilizing the latest operating system, software and Web browser as well as antivirus and malware protection are the best defenses against viruses, malware and other online threats. It may be difficult for employees to do this, so the business may want to invest in a managed IT services provider who can also be a trusted advisor for all IT needs. 03. 04. 05.
CHAPTER 03 Low Security Account Credentials USERNAME AND PASSWORD MANAGEMENT Although it should be common sense, employees need to avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords according to www.splashdata.com are those that use a series of numbers in numerical order, such as <123456>. The names of popular sports such as <football> and <baseball> are also on the list as are quirky passwords such as <qwerty> and even the word <password> itself. Emphasis should also be placed on the importance of avoiding common usernames. In analysis conducted by the information security firm Rapid7, hackers most often prey upon these 10 usernames in particular3 : • Administrator • Administrator • user1 • Admin • Alex • Pos • Demo • db2admin • Sql • Username www.lancom.co.nz
CYBERSECURITY TIPS FOR EMPLOYEES How Attackers Exploit Weak Passwords to Obtain Access While most websites don’t store actual username passwords, they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. When passwords are weak, it's easier to break the password hash. Here is a list of common word mutations hackers use to identify passwords if they feel they already have a general idea of what the password might be4 : www.lancom.co.nz Replacing letters like <o> and <l> with numbers like <0> and <1> Punctuating the ends of words, such as adding an exclamation mark <!> Duplicating the first letter or all the letters in a word Combining two words together Adding punctuation or spaces between the words Inserting <@> in place of <a> Capitalizing the first letter of a word Checking all combinations of upper/lowercase for words Inserting a number randomly in the word Placing numbers at the beginning and the end of words Putting the same pattern at both ends, such as <foobar> Lifehacker, “The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers,” 3/3/2016: http://lifehacker.com/the-top-10-usernames-and-passwords- hackers-try-to- get-i-17626382433 InformationWeek DarkReading, “How Hackers Will Crack Your Password,” 1/21/2009: http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/11302174 TIP Educating end users on these tactics underscores the importance of creating long passwords (at least 12 characters) and applying multiple deviations, rather than something simple like just capitalizing the first letter.
www.lancom.co.nz Nine Tips to Strengthen Password Security Change passwords at least every three months for non-administrative users and 45-60 days for admin accounts. Use different passwords for each login credential. Avoid generic accounts and shared passwords. Conduct audits periodically to identify weak/duplicate passwords and change as necessary. Pick challenging passwords that include a combination of letters (upper and lower case), numbers and special characters (e.g. <$>, <%> and <&>). Avoid personal information such as birth dates, pet names and sports. Use passwords or passphrases of 12+ characters. Use a Password Manager such as LastPass where users need just one master password. Don’t use a browser’s auto-fill function for passwords. An advanced and under-used password security tip to consider is two-factor authentication, which is a way for websites to double confirm an end user’s identity. After the end user successfully logs in, they receive a text message with a passcode to then input in order to authenticate their ID. This approach makes sure that end users not only know their passwords but also have access to their own phone. Two-factor authentication works well because cybercriminals rarely steal an end user’s password and phone at the same time. Leading banks and financial institutions enable two-factor authentication by default, but if not, the service can often be turned on by asking the website to do so. More and more non-financial websites are now offering two-factor authentication as well. 01. 06. 07. 08. 09. 02. 03. 04. 05. CYBERSECURITY TIPS FOR EMPLOYEES
www.lancom.co.nz MOBILE SECURITY Mobile Threats Jeopardizing Company Data Mobile security is increasingly becoming a big concern as more and more companies adopt Bring Your Own Device (BYOD) environments, which allow end users to connect to corporate networks through their own (often multiple) devices. Even in cases where a business does not offer BYOD, end users often find a way to log onto business networks on their own. With personal devices accessing corporate networks, businesses must now protect endpoint devices that are not completely under their control, which opens up the business to greater risk. Trying to gain control over personal devices also presents the challenge of making sure the company does not infringe on personal apps and information employees store on their own devices. CHAPTER 04
www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Mobile Device Security Challenges Employees that utilize unsecured public Wi-Fi are another area of concern. Hackers in the vicinity of or on the same network can overtake a device without the end user even being aware, capturing sensitive data in transit. The end user can then become the victim of a man-in-the-middle attack, also referred to as hijacking. The hacker leverages the device so that it turns into an invasive device against other unsuspecting end users. Lost, misplaced or stolen devices—remote wiping them quickly is key to protecting sensitive business and personal information. Mobile malware—hackers are now turning their attention to mobile devices and executing successful breaches through text messages. Android markets can be set up by anyone looking to sell malicious software to unsuspecting customers. Note: While mobile malware affects Androids more than IOS, a few exploits exist for Apple products as well. Unsecure third-party apps—if breached, they can serve as a gateway to other apps on a device and the device operating system, where security controls can be manipulated. Files with sensitive information accidentally emailed to an unauthorized party or posted online— once something is sent, it’s out there forever.
www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES How Employees Can Secure Their Mobile Devices Set a PIN or passcode: This is the first line of defense—if someone wants to access the device, they first need to break the code. This is not an easy task and can operate as a deterrent against theft. Some device manufacturers also provide the option to automatically wipe the device after a few unsuccessful attempts at the passcode or PIN. So even if a phone is stolen, information cannot be accessed. Use remote locate tools: Several software solutions help locate lost or stolen devices through GPS and geofencing capabilities. Apple offers a service like this for mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services, and Windows mobile users have this same option from the Windows Phone website. Similarly, many third-party applications are available in each of the app stores. Keep devices clean: Phones are mini-computers, and just like “big” computers, they need to be cleaned up from time-to-time. Utilizing an antivirus and malware scanner is always a good idea. Malware can compromise information stored on mobile devices and has a snowball effect that continuously piles up until it slows downs or stops the device. Mobile Device Management (MDM) solutions help businesses and their employees apply these best practices by providing the ability to remotely wipe any devices that are lost or stolen. Such solutions also isolate personal apps from corporate apps in separate digital containers so that personal information remains private, and when an employee leaves the company, only their corporate apps and data are deleted while their personal apps and data are left intact. By deploying an MDM platform, businesses can also enforce the use of passcodes to access devices, and they can apply geofencing capabilities that allow a lost device to be more easily located. End users can also be restricted to using only the corporate apps for which they have proper authorization. MDM also protects devices from jailbreaking and rooting—where hackers try to gain access to the operating system to open security holes or undermine the device’s built-in security measures.
www.lancom.co.nz SECURE WEBSITE BROWSING The Top Browser Threats When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats lurking on many website pages. Some of them are readily apparent, but others are well hidden. Malvertising—a form of malicious code that distributes malware through online advertising—can be hidden within an ad, embedded on a website page, or bundled with software downloads. This type of threat can be displayed on any website, even those considered the most trustworthy. According to security firm RiskIQ, malvertising increased by 260% in the first half of 2015 compared to the same timeframe in 2014.5 End users also need to beware of social media scams. Hackers have created a playground of virtual obstacles across all the major social media sites. According to an article in The Huffington Post, some of the most common Facebook hacks and attacks include click-jacking, phishing schemes, fake pages, rogue applications and the infamous and persistent Koobface worm, which gives attackers control of the victim's machine while replicating the attack to everyone on their Facebook contact list. Twitter isn’t immune to security issues either. Since the microblogging site is both a social network and a search engine, it poses extra problems. According to CNET News, just 43 percent of Twitter users could be classified as “true” users compared to the other 57 percent, which fell into a bucket of “questionable” users. Among the things to watch for on Twitter are direct messages that lead to phishing scams and shortened URLs that hide malicious intentions. As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees. CHAPTER 05
CYBERSECURITY TIPS FOR EMPLOYEES Website Browsing Best Practices for Employees Be conservative with online downloads. Beware antivirus scams. Interact only with well-known, reputable websites. Confirm each site is the genuine site and not a fraudulent site. Determine if the site utilizes SSL (Secure Sockets Layer), a security technology for establishing encrypted links between Web servers and browsers. Don’t click links in emails—go to sites directly. Use social media best practices. ComputerWeekly, “BlackHat 2015: RiskIQ Reports Huge Spike in Malvertising,” 8/24/2015: http://www.computerweekly.com/news/4500251077/BlackHat-2015- www.lancom.co.nz
www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES As your business begins the journey to enhance its cybersecurity posture, it all starts with educating your employees. The tips provided within this eBook along with some basic common sense can go a long way in making sure sensitive information does not fall into the wrong hands. Proactively identify and thwart potential attacks as well as react expediently if a successful attack occurs. This is where a managed IT services provider can assist. They eliminate the need for your business to keep up on the latest antivirus, antimalware and alert technologies. You also don’t need to expend the necessary resource time to deploy and manage such solutions, which often fall beyond the bandwidth and expertise of internal teams. Succeeding in applying the necessary cybersecurity measures is paramount to your long-term business success. In today’s world of advanced hackers, who revel in breaching corporate networks, confidential information will always be at risk. Businesses must take the necessary steps to protect their intellectual property, their confidential information and their reputations while also safeguarding their employees, customers and business partners. Education and Technology: A Winning Cybersecurity Combination
Cybersecurity Tips for Employees eBook - Sources Business Insider, “This one chart explains why cybersecurity is so important,” 4/5/2016: www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-3 RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf lifehacker, “The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers,” 3/3/2016: http://lifehacker.com/the-top-10-usernames-and-passwords-hackers-try-to-get-i-1762638243 Webroot, “Top 11 Security resolutions for the New Year,” 12/29/2015: http://www.webroot.com/blog/2015/12/29/top-11-security-resolutions-for-the-new-year/ InformationWeek DarkReading, “How Hackers Will Crack Your Password,” 1/21/2009: http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/1130217 Sophos Labs, “When Malware Goes Mobile: Causes, Outcomes and Cures,” 2015: https://www.sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/Sophos_Malware_Goes_Mobile.pdf Symantec Blog, “7 Security Tips To Protect Your Mobile Workforce,” 6/30/2014: http://www.symantec.com/connect/blogs/7-security-tips-protect-your-mobile-workforce Entrepreneur, “11 Tips to Secure Mobile Devices and Client Data,” 6/11/2015: http://www.entrepreneur.com/article/246814 Webroot, “How Businesses Stay Safe and Secure Using Social Media,” Date unknown: http://www.webroot.com/us/en/business/resources/articles/social-media/how-businesses-stay-safe-and-secure-using-social-media ComputerWeekly, “BlackHat 2015: RiskIQ Reports Huge Spike in Malvertising,” 8/24/2015: http://www.computerweekly.com/news/4500251077/BlackHat-2015-RiskIQ-reports-huge-spike-in- malvertising Heimdal Security, “How You Can Get Infected via World Wide Web Exploits,” 3/3/2015: https://heimdalsecurity.com/blog/internet-browser-vulnerabilities/ www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES
Lancom is a cloud-first managed services provider and custom software developer specialising in Amazon Web Services, Citrix and Microsoft technologies. Our services span outsourced IT support, software development, infrastructure projects, vendor management and cloud computing. By fostering better knowledge of what technology can do, we work closely with our clients to deliver smart solutions to business challenges. Founded nearly 30 years ago, Lancom delivers decades of experience and is trusted by many New Zealand businesses and global Fortune 500 companies including Coca-Cola and Microsoft. About Lancom This is our website This is where to send an email +64 (9) 377 8282 And this is our phone number This is our blog

Recommandé

Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 

Recommandé

Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityForam Gosai
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusa4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusaebiolibros
 
Online Herbal Prescriptions
Online Herbal PrescriptionsOnline Herbal Prescriptions
Online Herbal PrescriptionsEswar Publications
 

Contenu connexe

Tendances

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 

Tendances (20)

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 

En vedette

4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusa4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusaebiolibros
 
Ficha información padres actividades (1)
Ficha información padres actividades (1)Ficha información padres actividades (1)
Ficha información padres actividades (1)ActividadesIESULGIJON
 
Ponemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskPonemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskFiona Lew
 
Ficha información padres actividades (1) (1)
Ficha información padres actividades (1) (1)Ficha información padres actividades (1) (1)
Ficha información padres actividades (1) (1)ActividadesIESULGIJON
 
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSPRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSpattok
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Companydanielblander
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessRobin Rafique
 
4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence TeamsRecorded Future
 
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...Florencio Ortiz Alejos
 
Service Culture Indicator
Service Culture IndicatorService Culture Indicator
Service Culture IndicatorUpYourService
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017TAIMOOR KHAQAN
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Testing Metrics - Making your tests visible
Testing Metrics - Making your tests visibleTesting Metrics - Making your tests visible
Testing Metrics - Making your tests visibleAlper Mermer
 
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...The Security Awareness Company
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017Bill Chamberlin
 

En vedette (20)

4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusa4º Civilización U1º VA: La revolución rusa
4º Civilización U1º VA: La revolución rusa
 
Online Herbal Prescriptions
Online Herbal PrescriptionsOnline Herbal Prescriptions
Online Herbal Prescriptions
 
Ficha información padres actividades (1)
Ficha información padres actividades (1)Ficha información padres actividades (1)
Ficha información padres actividades (1)
 
El Software
El SoftwareEl Software
El Software
 
Ponemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data RiskPonemon Institute Data Breaches and Sensitive Data Risk
Ponemon Institute Data Breaches and Sensitive Data Risk
 
Ficha información padres actividades (1) (1)
Ficha información padres actividades (1) (1)Ficha información padres actividades (1) (1)
Ficha información padres actividades (1) (1)
 
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSPRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Company
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams
 
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...
Bloque8. Pervivencia y transformaciones económicas en el siglo XIX: un desarr...
 
Service Culture Indicator
Service Culture IndicatorService Culture Indicator
Service Culture Indicator
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Need for Data Protection Training - How E-learning Can Help?
Need for Data Protection Training - How E-learning Can Help?Need for Data Protection Training - How E-learning Can Help?
Need for Data Protection Training - How E-learning Can Help?
 
Okara history and security slides 2017
Okara history and security slides 2017Okara history and security slides 2017
Okara history and security slides 2017
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Testing Metrics - Making your tests visible
Testing Metrics - Making your tests visibleTesting Metrics - Making your tests visible
Testing Metrics - Making your tests visible
 
La unción para manifestar el reino de Dios
La unción para manifestar el reino de DiosLa unción para manifestar el reino de Dios
La unción para manifestar el reino de Dios
 
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...
10 Things Disney Can Teach Us About Running a Security Awareness Program (Dow...
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017
 

Similaire à Cybersecurity tips for employees

Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019Mustafa Kuğu
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesBryTech INC
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103Jack McCullough
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Impact of Insecure Communications
Impact of Insecure CommunicationsImpact of Insecure Communications
Impact of Insecure CommunicationsKavika Roy
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organimallisonshavon
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 
Enhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfEnhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfTuring.com
 
Working from home- How secure is it.pdf
Working from home- How secure is it.pdfWorking from home- How secure is it.pdf
Working from home- How secure is it.pdfFiyona Nourin
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 

Similaire à Cybersecurity tips for employees (20)

Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Cyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools TacticsCyber Security and Fraud Prevention Tools Tactics
Cyber Security and Fraud Prevention Tools Tactics
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling Enterprises
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
beyond_the_firewall_0103
beyond_the_firewall_0103beyond_the_firewall_0103
beyond_the_firewall_0103
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Impact of Insecure Communications
Impact of Insecure CommunicationsImpact of Insecure Communications
Impact of Insecure Communications
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
Article1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organiArticle1DISCUSSION_1Information security within an organi
Article1DISCUSSION_1Information security within an organi
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
Enhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdfEnhancing Cybersecurity in Remote Work-3.pdf
Enhancing Cybersecurity in Remote Work-3.pdf
 
Working from home- How secure is it.pdf
Working from home- How secure is it.pdfWorking from home- How secure is it.pdf
Working from home- How secure is it.pdf
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 

Dernier

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Dernier (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Cybersecurity tips for employees

  • 1. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES THE COMPLETE GUIDE TO SECURE BEHAVIOR ONLINE AND IN THE OFFICE
  • 2. CYBERSECURITY TIPS FOR EMPLOYEES www.lancom.co.nz INTRODUCTION When developing cybersecurity programs, many businesses focus on protecting their infrastructure perimeter and device endpoints. After all, that’s where cybercriminals usually first gain access and wreak havoc on a company’s digital access. But it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee—in the form of a malicious email or text, or even a voicemail that might prompt an employee to respond with confidential company information. There’s also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk. In 2015, an updated survey increased that number to 86%.1 These numbers indicate that it’s clear there’s a pressing need for better cybersecurity. The issue is not going away anytime soon. If anything, it’s only getting worse. According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. The Need to Educate Employees on Cybersecurity 86% 69%
  • 3. Stronger cybersecurity has become a global priority over the last few years as hackers penetrate the IT infrastructure of government and enterprises with increasing frequency and sophistication. According to a study conducted by the Identify Theft Resources Center, the total number of data breaches reported in the US grew from approximately 400 in 2011 to approximately 750 in 2015. This represents an increase of more than 60% and does not include breaches that went unreported—a figure that is likely much higher.1 Coupled with the Internet of Things (IoT) and the explosive growth of mobile devices, the threat landscape and potential for data leaks is even more significant. In this eBook, we explore the need for employees to practice strict and secure cybersecurity habits— not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information. We also present the key steps SMB business owners can take to educate their employees to help secure their company’s data and intellectual property. We can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks— unintentional and intentional—could hurt the business in the form of information that assists a competitor, violates regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed. Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Business Insider, “This one chart explains why cybersecurity is so important,” 4/5/2016: www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-31
  • 4. CHAPTER 01 PHYSICAL SECURITY PRECAUTIONS Keep a Clean Desk It makes complete sense and sounds so simple, but keeping a clean desk is often overlooked when talking about data security. It’s also the perfect place to start the discussion with employees. Employees that keep a cluttered desk tend to leave USB drives and smartphones out in the open. They also often forget to physically secure their desktops and laptops so someone can’t simply walk off with them. A messy desk also makes it more difficult to realize something is missing such as a folder with hard copy print-outs of customer lists. In addition to increasing the likelihood of something being removed, a cluttered desk means that the discovery of any theft will likely be delayed—perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might now be located. Encouraging employees to maintain a neat desk pays off in two ways. In addition to making digital and paper assets more secure, employees with clean desks are more apt to be productive because they can quickly—and safely—access the tools and resources they need to do their jobs. www.lancom.co.nz What is wrong with this photo? Click the photo to find out!
  • 5. CYBERSECURITY TIPS FOR EMPLOYEES www.lancom.co.nz The Common Messy Desk Mistakes to Avoid The following list presents 11 “messy desk” mistakes employees are prone to commit and which could cause irreparable harm to the business, the employee, fellow employees, customers and business partners. These are all bad habits for which to educate employees to stop: Leaving computer screens on without password protection: Anyone passing by has easy access to all the information on the device; be sure to lock down screen settings. Placing documents on the desk that could contain sensitive information: It’s best to keep them locked up in drawers and file cabinets. Forgetting to shred documents before they go into the trash or recycling bin: Any document may contain sensitive information; it’s best to shred everything rather than taking a risk. Failing to close file cabinets: This makes it easy for someone to steal sensitive information and more difficult to realize a theft has occurred. Setting mobile phones and USB drives out in the open: They likely contain sensitive business or personal information and are easy to pick up quickly without being caught in the act. Neglecting to erase notes on whiteboards: They often display confidential information on products, new ideas and proprietary business processes. 01. 02. 03. 04. 05. 06.
  • 6. 07. 08. 09. 10. 11 www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Dropping backpacks out in the open: There’s often at least one device or folder with sensitive information inside. Writing user names and passwords on slips of paper or post-its: This is especially important given that user names and passwords are typically used to log in to more than one site. Leaving behind a key to a locked drawer: This makes it easy to come back later—perhaps after hours when no one is around—and access confidential files. Displaying calendars in the open or on the screen for all to see: Calendars often contain sensitive dates and/or information about customers, prospects and/or new products. Leaving wallets and credit cards out on the desk: This is more likely to impact the employee, but wallets may also possess corporate credit cards and security badges. CYBERSECURITY TIPS FOR EMPLOYEES TIP In today’s fast-paced world where employees are always on the go, it takes too much time to determine whether documents, USB drives, devices and other items contain sensitive information. The safe bet is to make sure everything is filed away and kept locked up or else properly destroyed.
  • 7. www.lancom.co.nz CHAPTER 02 Social Engineering Inboxes and VoiceMail Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks. An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network. Phishing Email Compromises One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on. Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totaling over $2 billion dollars in corporate losses.2 Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to. EMAIL THREATS
  • 8. CYBERSECURITY TIPS FOR EMPLOYEES CYBERSECURITY TIPS FOR EMPLOYEES Four Common Phishing Techniques The scope of phishing attacks is constantly expanding, but frequent attackers tend to utilize one of these four tactics: Embedding links into emails that redirect users to an unsecured website requesting sensitive information. Installing Trojans via a malicious email attachment or posing ads on a website that allow intruders to exploit loopholes and obtain sensitive information. Spoofing the sender address in an email to appear as a reputable source and requesting sensitive information. Attempting to obtain company information over the phone by impersonating a known company vendor or IT department. www.lancom.co.nz RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf2
  • 9. Email Security Best Practices - Five Ways to Block Phishing Attacks Employees should always be suspicious of potential phishing attacks, especially if they don’t know the sender. Here are five best practices to follow to help make sure employees don’t become helpless victims: www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Don't reveal personal or financial information in an email—Make sure employees also know not to respond to email solicitations for this information. This includes clicking on links sent in such emails. Check the security of websites—This is a key precaution to take before sending sensitive information over the Internet. <http> indicates the site has not applied any security measures while <https> means it has. Also consider if employees are practicing safe browsing habits. Sites that do not serve a legitimate business purpose are also more likely to contain harmful links. 01. 02. Pay attention to website URLs—Not all emails or email links seem like phishing attacks, so employees may be lured into a false sense of security. Teach them that many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it's not hidden behind non-descript text) to see if it looks legit. Employees may also be able to detect and evade the scheme by finding variations in spellings or a different domain (e.g.,.com versus .net). Verify suspicious email requests—Contact the company they're believed to be from directly. If an employee receives an email that looks odd from a well-known company, such as a bank, instruct them to reach out to the bank using means other than responding to the suspicious email address. It’s best to contact the company using information provided on an account statement—NOT the information provided in the email. Keep a clean machine—Utilizing the latest operating system, software and Web browser as well as antivirus and malware protection are the best defenses against viruses, malware and other online threats. It may be difficult for employees to do this, so the business may want to invest in a managed IT services provider who can also be a trusted advisor for all IT needs. 03. 04. 05.
  • 10. CHAPTER 03 Low Security Account Credentials USERNAME AND PASSWORD MANAGEMENT Although it should be common sense, employees need to avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords according to www.splashdata.com are those that use a series of numbers in numerical order, such as <123456>. The names of popular sports such as <football> and <baseball> are also on the list as are quirky passwords such as <qwerty> and even the word <password> itself. Emphasis should also be placed on the importance of avoiding common usernames. In analysis conducted by the information security firm Rapid7, hackers most often prey upon these 10 usernames in particular3 : • Administrator • Administrator • user1 • Admin • Alex • Pos • Demo • db2admin • Sql • Username www.lancom.co.nz
  • 11. CYBERSECURITY TIPS FOR EMPLOYEES How Attackers Exploit Weak Passwords to Obtain Access While most websites don’t store actual username passwords, they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. When passwords are weak, it's easier to break the password hash. Here is a list of common word mutations hackers use to identify passwords if they feel they already have a general idea of what the password might be4 : www.lancom.co.nz Replacing letters like <o> and <l> with numbers like <0> and <1> Punctuating the ends of words, such as adding an exclamation mark <!> Duplicating the first letter or all the letters in a word Combining two words together Adding punctuation or spaces between the words Inserting <@> in place of <a> Capitalizing the first letter of a word Checking all combinations of upper/lowercase for words Inserting a number randomly in the word Placing numbers at the beginning and the end of words Putting the same pattern at both ends, such as <foobar> Lifehacker, “The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers,” 3/3/2016: http://lifehacker.com/the-top-10-usernames-and-passwords- hackers-try-to- get-i-17626382433 InformationWeek DarkReading, “How Hackers Will Crack Your Password,” 1/21/2009: http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/11302174 TIP Educating end users on these tactics underscores the importance of creating long passwords (at least 12 characters) and applying multiple deviations, rather than something simple like just capitalizing the first letter.
  • 12. www.lancom.co.nz Nine Tips to Strengthen Password Security Change passwords at least every three months for non-administrative users and 45-60 days for admin accounts. Use different passwords for each login credential. Avoid generic accounts and shared passwords. Conduct audits periodically to identify weak/duplicate passwords and change as necessary. Pick challenging passwords that include a combination of letters (upper and lower case), numbers and special characters (e.g. <$>, <%> and <&>). Avoid personal information such as birth dates, pet names and sports. Use passwords or passphrases of 12+ characters. Use a Password Manager such as LastPass where users need just one master password. Don’t use a browser’s auto-fill function for passwords. An advanced and under-used password security tip to consider is two-factor authentication, which is a way for websites to double confirm an end user’s identity. After the end user successfully logs in, they receive a text message with a passcode to then input in order to authenticate their ID. This approach makes sure that end users not only know their passwords but also have access to their own phone. Two-factor authentication works well because cybercriminals rarely steal an end user’s password and phone at the same time. Leading banks and financial institutions enable two-factor authentication by default, but if not, the service can often be turned on by asking the website to do so. More and more non-financial websites are now offering two-factor authentication as well. 01. 06. 07. 08. 09. 02. 03. 04. 05. CYBERSECURITY TIPS FOR EMPLOYEES
  • 13. www.lancom.co.nz MOBILE SECURITY Mobile Threats Jeopardizing Company Data Mobile security is increasingly becoming a big concern as more and more companies adopt Bring Your Own Device (BYOD) environments, which allow end users to connect to corporate networks through their own (often multiple) devices. Even in cases where a business does not offer BYOD, end users often find a way to log onto business networks on their own. With personal devices accessing corporate networks, businesses must now protect endpoint devices that are not completely under their control, which opens up the business to greater risk. Trying to gain control over personal devices also presents the challenge of making sure the company does not infringe on personal apps and information employees store on their own devices. CHAPTER 04
  • 14. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES Mobile Device Security Challenges Employees that utilize unsecured public Wi-Fi are another area of concern. Hackers in the vicinity of or on the same network can overtake a device without the end user even being aware, capturing sensitive data in transit. The end user can then become the victim of a man-in-the-middle attack, also referred to as hijacking. The hacker leverages the device so that it turns into an invasive device against other unsuspecting end users. Lost, misplaced or stolen devices—remote wiping them quickly is key to protecting sensitive business and personal information. Mobile malware—hackers are now turning their attention to mobile devices and executing successful breaches through text messages. Android markets can be set up by anyone looking to sell malicious software to unsuspecting customers. Note: While mobile malware affects Androids more than IOS, a few exploits exist for Apple products as well. Unsecure third-party apps—if breached, they can serve as a gateway to other apps on a device and the device operating system, where security controls can be manipulated. Files with sensitive information accidentally emailed to an unauthorized party or posted online— once something is sent, it’s out there forever.
  • 15. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES How Employees Can Secure Their Mobile Devices Set a PIN or passcode: This is the first line of defense—if someone wants to access the device, they first need to break the code. This is not an easy task and can operate as a deterrent against theft. Some device manufacturers also provide the option to automatically wipe the device after a few unsuccessful attempts at the passcode or PIN. So even if a phone is stolen, information cannot be accessed. Use remote locate tools: Several software solutions help locate lost or stolen devices through GPS and geofencing capabilities. Apple offers a service like this for mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services, and Windows mobile users have this same option from the Windows Phone website. Similarly, many third-party applications are available in each of the app stores. Keep devices clean: Phones are mini-computers, and just like “big” computers, they need to be cleaned up from time-to-time. Utilizing an antivirus and malware scanner is always a good idea. Malware can compromise information stored on mobile devices and has a snowball effect that continuously piles up until it slows downs or stops the device. Mobile Device Management (MDM) solutions help businesses and their employees apply these best practices by providing the ability to remotely wipe any devices that are lost or stolen. Such solutions also isolate personal apps from corporate apps in separate digital containers so that personal information remains private, and when an employee leaves the company, only their corporate apps and data are deleted while their personal apps and data are left intact. By deploying an MDM platform, businesses can also enforce the use of passcodes to access devices, and they can apply geofencing capabilities that allow a lost device to be more easily located. End users can also be restricted to using only the corporate apps for which they have proper authorization. MDM also protects devices from jailbreaking and rooting—where hackers try to gain access to the operating system to open security holes or undermine the device’s built-in security measures.
  • 16. www.lancom.co.nz SECURE WEBSITE BROWSING The Top Browser Threats When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats lurking on many website pages. Some of them are readily apparent, but others are well hidden. Malvertising—a form of malicious code that distributes malware through online advertising—can be hidden within an ad, embedded on a website page, or bundled with software downloads. This type of threat can be displayed on any website, even those considered the most trustworthy. According to security firm RiskIQ, malvertising increased by 260% in the first half of 2015 compared to the same timeframe in 2014.5 End users also need to beware of social media scams. Hackers have created a playground of virtual obstacles across all the major social media sites. According to an article in The Huffington Post, some of the most common Facebook hacks and attacks include click-jacking, phishing schemes, fake pages, rogue applications and the infamous and persistent Koobface worm, which gives attackers control of the victim's machine while replicating the attack to everyone on their Facebook contact list. Twitter isn’t immune to security issues either. Since the microblogging site is both a social network and a search engine, it poses extra problems. According to CNET News, just 43 percent of Twitter users could be classified as “true” users compared to the other 57 percent, which fell into a bucket of “questionable” users. Among the things to watch for on Twitter are direct messages that lead to phishing scams and shortened URLs that hide malicious intentions. As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees. CHAPTER 05
  • 17. CYBERSECURITY TIPS FOR EMPLOYEES Website Browsing Best Practices for Employees Be conservative with online downloads. Beware antivirus scams. Interact only with well-known, reputable websites. Confirm each site is the genuine site and not a fraudulent site. Determine if the site utilizes SSL (Secure Sockets Layer), a security technology for establishing encrypted links between Web servers and browsers. Don’t click links in emails—go to sites directly. Use social media best practices. ComputerWeekly, “BlackHat 2015: RiskIQ Reports Huge Spike in Malvertising,” 8/24/2015: http://www.computerweekly.com/news/4500251077/BlackHat-2015- www.lancom.co.nz
  • 18. www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES As your business begins the journey to enhance its cybersecurity posture, it all starts with educating your employees. The tips provided within this eBook along with some basic common sense can go a long way in making sure sensitive information does not fall into the wrong hands. Proactively identify and thwart potential attacks as well as react expediently if a successful attack occurs. This is where a managed IT services provider can assist. They eliminate the need for your business to keep up on the latest antivirus, antimalware and alert technologies. You also don’t need to expend the necessary resource time to deploy and manage such solutions, which often fall beyond the bandwidth and expertise of internal teams. Succeeding in applying the necessary cybersecurity measures is paramount to your long-term business success. In today’s world of advanced hackers, who revel in breaching corporate networks, confidential information will always be at risk. Businesses must take the necessary steps to protect their intellectual property, their confidential information and their reputations while also safeguarding their employees, customers and business partners. Education and Technology: A Winning Cybersecurity Combination
  • 19. Cybersecurity Tips for Employees eBook - Sources Business Insider, “This one chart explains why cybersecurity is so important,” 4/5/2016: www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-3 RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf lifehacker, “The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers,” 3/3/2016: http://lifehacker.com/the-top-10-usernames-and-passwords-hackers-try-to-get-i-1762638243 Webroot, “Top 11 Security resolutions for the New Year,” 12/29/2015: http://www.webroot.com/blog/2015/12/29/top-11-security-resolutions-for-the-new-year/ InformationWeek DarkReading, “How Hackers Will Crack Your Password,” 1/21/2009: http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/1130217 Sophos Labs, “When Malware Goes Mobile: Causes, Outcomes and Cures,” 2015: https://www.sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/Sophos_Malware_Goes_Mobile.pdf Symantec Blog, “7 Security Tips To Protect Your Mobile Workforce,” 6/30/2014: http://www.symantec.com/connect/blogs/7-security-tips-protect-your-mobile-workforce Entrepreneur, “11 Tips to Secure Mobile Devices and Client Data,” 6/11/2015: http://www.entrepreneur.com/article/246814 Webroot, “How Businesses Stay Safe and Secure Using Social Media,” Date unknown: http://www.webroot.com/us/en/business/resources/articles/social-media/how-businesses-stay-safe-and-secure-using-social-media ComputerWeekly, “BlackHat 2015: RiskIQ Reports Huge Spike in Malvertising,” 8/24/2015: http://www.computerweekly.com/news/4500251077/BlackHat-2015-RiskIQ-reports-huge-spike-in- malvertising Heimdal Security, “How You Can Get Infected via World Wide Web Exploits,” 3/3/2015: https://heimdalsecurity.com/blog/internet-browser-vulnerabilities/ www.lancom.co.nz CYBERSECURITY TIPS FOR EMPLOYEES
  • 20. Lancom is a cloud-first managed services provider and custom software developer specialising in Amazon Web Services, Citrix and Microsoft technologies. Our services span outsourced IT support, software development, infrastructure projects, vendor management and cloud computing. By fostering better knowledge of what technology can do, we work closely with our clients to deliver smart solutions to business challenges. Founded nearly 30 years ago, Lancom delivers decades of experience and is trusted by many New Zealand businesses and global Fortune 500 companies including Coca-Cola and Microsoft. About Lancom This is our website This is where to send an email +64 (9) 377 8282 And this is our phone number This is our blog