This document discusses security awareness for CCCS employees. It notes that negligent insiders are the top cause of organizational breaches and outlines seven common mistakes employees should avoid: choosing poor passwords, allowing sensitive data to be viewed by others, using unknown USB devices, clicking bad links in email, losing devices with sensitive data, using unknown Wi-Fi networks, and misusing social media. The document provides tips for each mistake, such as using password managers and VPNs, locking screens, and being mindful of social media posts. Overall, the document emphasizes that educated end users are the most important part of an organization's security.
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Security Awareness Presentation Fall 2013
1. 2013 Fall CCCS Security
Awareness
Why does Security Awareness apply
to me?
2. What is the Top Cause of
Organizational Breaches?
•
•
•
•
External hackers having fun?
External organized crime mobs stealing data?
Government sponsored hacking?
Negligent Insiders?
3. I’m an insider, why do I care?
• Our customers expect and demand us to treat
their Personal Private Information (PPI) with
due care.
• State law mandates that we do the right thing
for our students. National law mandates that
we take due care with Payment Card Industry
(PCI) data.
• Our brand name is build on our constant
diligent care and ruined by one careless slip.
4. Seven Mistakes
we can’t make!
• #1 – Choosing poor passwords.
• #2 – Allowing sensitive data to be
viewed by others.
• #3 – Using unknown USB devices.
• #4 – Clicking bad links in e-mail.
• #5 – Loosing devices with
sensitive data.
• #6 – Using unknown Wi-Fi.
• #7 – Misusing Social Media.
5. Poor Passwords
• In a large number of physical security audits
passwords were found on and around end
user workstations.
• What to do?
Write yourself a reminder of the password,
not the password itself. Use a password
schema and stick to it.
6. Clear screen & clean desk
• 71% of office workers say that they have been
able to sneak a peek at a workstation in the
workplace.
• What to do?
Lock your computer screen when you step
out. Store hard copy Personal Private
Information in a cabinet or file folder.
7. Unknown USB devices
• 35% of users have report having experienced
malware or virus infection via a USB device.
Attackers will leave infected devices in semipublic areas, sometimes with the company
logo and then simply wait.
• What to do?
Only use USB devices that you own or trust.
Ask IT to inspect any suspect USB devices.
8. Phishing Attacks
• CCCS and other educational organizations are
often the target of sophisticated, custom targeted
email phishing campaigns. While SPAM filters can
help, the human element is critical to stop these
attacks.
• What to do?
CCCS staff will never ask for Credentials via email.
Any email asking for login info should be treated
as bogus and discarded.
9. Lost Devices
• Almost 90% of people who find lost
smartphones will look through the digital
contents for sensitive information. Around
70% of users do not password protect their
smartphones.
• What to do?
Password protect your smartphone. Notify IT
as soon as possible if you should loose it.
10. Using Unknown Wi-Fi
• Less than 20% of users will use a VPN when
accessing a public Wi-Fi (Wireless hotspot.)
Rogue Wi-Fi “providers” can easily intercept
sensitive data and compromise CCCS
machines.
• What to do?
Always use the VPN when accessing offsite
guest Wi-Fi services.
11. Social Media
• As social media norms are changing rapidly, more than
50% of enterprises have seen an increase of malware
infections due to employee use of Social Media. Social
media can also easily make public things that shouldn’t
be disclosed.
• What to do?
Beware of viral videos that require you to install any
application in order to view them.
Be mindful of how others will view what you post
online. It can be very easy for others to find you and
misrepresent your posting.
12. CCCS Security Defenses
•
•
•
•
•
Firewalls
Malware prevention devices
Intrusion detection devices
Spam filters
System & network vulnerability scanners
• Most importantly – YOU! Educated end users are
the most important part of a good security
posture.