SlideShare a Scribd company logo

Building a culture of security

Courion Corporation
Courion Corporation

Simple tips to instill a culture of security at your company.

Business
1 of 14
Download to read offline
1 How to Build a Culture of Security
2 You are the target. Gone are the days where robbers run out of a bank with bags of money or someone sneaks in at night and steals your proprietary information. The hackers are no longer going after the company, they are going after you. With your credentials, they can slide into your organization and take information without anyone noticing. This means you are the target and any data you touch, from your user credentials to network tokens, you are ultimately responsible for keeping safe. Here are 10 things to look out for and recommendations for how to keep all of your information safe.
3 Social Engineering Social engineering hacks consist of a very sophisticated approach where the hacker pretends to be someone you know or trust – such as your bank or even a friend or co-worker – and will use information he gains from social networks to win your trust. While these attacks generally come in the form of an email, they can be delivered by instant messaging, text messages, or even in-person attacks. Train your teams:  To look for common indicators such as people asking for information they shouldn't have access to, using a lot of confusing or technical terms, creating a sense of urgency, or the general "if it seems too good to be true, it probably is."
4 Phishing attacks are skyrocketing along with the more targeted "spear phishing" attacks. These attacks use the information gained through social engineering to gain your trust and are trying to get you to do something seemingly harmless such as click on a link or open an attachment. Train your teams:  Just because a message seems like it comes from a friend doesn't mean it is safe. Hackers could have taken over a friend’s computer or account or simply spoofed the "from" address.  Be suspicious of any emails directed "Dear Customer" or other generic greetings.  Be skeptical of any message requiring 'Immediate action' or creates a sense of urgency.  Be suspicious of any emails coming from an official organization or business that have bad grammar or spelling mistakes.  Before you click on a link, hover your mouse over it and the true destination will display; confirm that the address is what you think it is.  Be careful with attachments, and only open ones you were expecting.  Always treat suspicious emails with a healthy dose of skepticism and common sense. Phishing and Spear-Phishing
5 Internet browsers are one of the easiest ways to get into your computer. Common techniques are to place hacks on websites you might visit and then launch multiple attacks while you are on the site. Train your teams:  If your browser or plugins are outdated, then you are at risk. Always upgrade to the most recent versions.  If your browser warns you not to go somewhere: Listen! Or contact your IT department for more information.  Do not install plugins or add-ons unless you absolutely need them and they are approved by your IT department.  Be sure your connection is encrypted whenever you connect to sensitive websites. Not sure if it is safe? Look for "HTTPS" on the website address.  Always scan any files you download with anti-virus software. Browsing the Internet
6 Social networks are the new watercooler, and we don’t expect anyone to stay off of them while at work. However, all social networks should be used securely. Train your teams:  Social networks are phishing's number one tool; don't give out any information on these sites unless you're ok with the world knowing it. Be weary of any messages that could fall under the "phishing" guidelines.  Be careful what you post; your information could be used to steal your identity, guess your passwords (what year did you graduate?) and commit online fraud.  Be careful when integrating third-party websites with your social network. Not all security is the same. Just because you don’t mind Facebook linking to your home computer doesn’t mean it’s ok to link them to your company computer.  Only access social networks from work devices IF approved by your IT department.  Never share sensitive information. Social Networking
7 Just like with social networking, it is becoming impossible to keep employee devices off of your network. To make sure that none of these devices are impacting your network, make sure to put a BYOD policy in place that includes the following:  Differentiated networks: Only approved networks can be reached by employee devices so that your most sensitive data can stay safe on its own network.  Only install apps that you need and only from trusted sources. Always update them when available to keep highest security.  Disable Bluetooth when you are not using it and Wi-Fi.  Do not access or store work email or other data unless you have been authorized and have proper security in place.  Protect your devices with hard-to-guess PIN numbers and encrypt your data if that is an option.  Consider enabling remote wiping. Bringing Your Own Device (BYOD)
8 With the surge in online applications, users have multiple accounts with credentials. In order to keep that access safe, they need to make their passwords not only differentiated but also hard to guess. Here are a few more ways to keep your passwords secure.  Use a passphrase instead of a password.  Require a number and/or a symbol in your passphrase.  Have at least one upper and one lower case letter.  Use Multi-Factor Authentication – that is, using a password and a pin or a thumbprint and a password.  Make it a policy to change login credentials every 90 days.  Use different passwords for different accounts.  Never share passwords with anyone, even your supervisor.  Do not use public computers to log onto work or bank accounts with your password.  Be careful of websites that ask you for personal questions. Only use personal questions that no one else can answer (remember social engineering). Passwords
9 Encryption is a process that makes your information unreadable or unusable to anyone who doesn't have the key to unlock it using algorithms to construct a unique key to encrypt and unencrypt your data. All data should be encrypted going both ways for ultimate protection. Examples of things that should be encrypted:  Laptop, mobile phone, USB sticks – anything that is mobile or can leave the premises  Communication protocols – VOIP, instant messaging, email  Electronic files and folders  Browser connections to websites such as online banking, social networking, online shopping Encryption
10 We live in a world of big data with more and more information being shared and stored each day. But what do we really need to store? The answer is: only what you absolutely need. Here are a few other tips for data retention.  Only use systems approved by the organization to store or transmit data and never store data on personal laptops, phones, or other devices.  Do not transfer data without encryption.  Do not store sensitive data without encryption and never store or share sensitive information on public internet or cloud services.  Never leave sensitive documents open at your desk and always lock your computer.  Use only authorized software for work-related activities.  Any third-party vendor provided with data needs to follow the same security protocols. This may require a contract.  Any sensitive information that is no longer necessary or appropriate to store should be properly destroyed, shredded or rendered unreadable.  If you believe data has been lost, stolen, or compromised, contact your security team immediately. Data Retention
11 Everything you do over Wi-Fi – even on networks requiring passwords/log-in information – can be monitored. Not only can everything you say, type, or send be monitored, but hackers can use your connection to penetrate your network and compromise your computer or online account.  When you are connected to any Wi-Fi network, make sure that all of your communications are encrypted, especially on public Wi-Fi networks.  If you have Virtual Private Network (VPN) capabilities, utilize it when using public Wi-Fi as it will create an encrypted tunnel and will allow you to work more securely. Wi-Fi Security
12 Outside attacks are not the only threat to your organization. People inside – employees, contractors, and third-party vendors – can also cause you harm. The insider has both physical and digital access to your systems. Look out for:  Someone carrying a large number of documents or downloading extremely large files for projects they are not working on.  Someone working strange hours or working when others are off the clock.  Someone trying to log on to others accounts or get access to systems or applications they shouldn't need.  Someone changes their behavior drastically. In order to minimize insider threat:  Only give people access to the applications, data, etc. that they are responsible for as part of their job functions.  Store sensitive information in appropriate locations.  Always lock your computer and desk when you are away for any period of time.  Never share your password or credentials with anyone – not even your supervisor. Insider Threats
13 Between our laptops, tablets, and cell phones, we are constantly working. While this is good for us and our business, it is also good for hackers who have increased entry points into your system.  When working remotely, make sure you only use devices that are authorized by your company or that are covered under your BYOD policy.  Keep your devices physically secure at all times; stolen laptops were a huge percentage of healthcare data breaches last year.  Always use VPN when on public networks and that all applications are using encryption.  Never use a public computer for work; you do not know if they are secured properly.  Always password-lock your computer when you leave it and do not allow others to connect devices to your laptop. Working Remotely
14 How many of these policies do you think your employees already follow? How many do you think they need to follow? Unfortunately, every organization’s number one resource is also their number one threat- their people. By building a culture of security in your organization, you will help build a secure network from the inside out. Need help with your network? Our Identity and Access Management solutions can help you provision and monitor your employees’ access and alert you of any anomalies in your system. Contact us today for more information on how you can become truly secure. 1-866-COURION info@Courion.com www.Courion.com How Secure is Your Culture?

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
Nguyen Xuan Quang
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
jaysonstreet
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
jubke
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Network
thowell
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
JoshuaWisniewski3
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
Dale Rapp
 

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
Nguyen Xuan Quang
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
jaysonstreet
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
jubke
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Network
thowell
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
JoshuaWisniewski3
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
Dale Rapp
 
Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
Jay Nagar
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Users guide
Users guideUsers guide
Users guide
Darren Thomas
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
ITNet
 
Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness Infographics
NetLockSmith
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
KloudLearn
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena Mishra
Devsena Mishra
 
SECURITY AWARENESS
SECURITY AWARENESSSECURITY AWARENESS
SECURITY AWARENESS
Felix Jumamoy
 
Ten Important Rules
Ten Important RulesTen Important Rules
Ten Important Rules
ritz482
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Safe Computing
Safe ComputingSafe Computing
Safe Computing
Dr. Dheeraj Mehrotra (National Awardee)
 
Online safety, Security, Ethics and Etiquette
Online safety, Security, Ethics and EtiquetteOnline safety, Security, Ethics and Etiquette
Online safety, Security, Ethics and Etiquette
DOFJLCCDD
 
Internet Safety Glossary of Terms
Internet Safety Glossary of TermsInternet Safety Glossary of Terms
Internet Safety Glossary of Terms
mikel_l
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
Sophos
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
Angelito Quiambao
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
EMBplc.com
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
Quick Heal Technologies Ltd.
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Scott Wright
 
security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...
ABHAY PATHAK
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your users
Simpliv LLC
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
Excellence Foundation for South Sudan
 

More Related Content

What's hot

Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
ITNet
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 

What's hot (20)

Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual Cyber security and Privacy Awareness manual
Cyber security and Privacy Awareness manual
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
 
Users guide
Users guideUsers guide
Users guide
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
 
Cybersecurity Awareness Infographics
Cybersecurity Awareness InfographicsCybersecurity Awareness Infographics
Cybersecurity Awareness Infographics
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena Mishra
 
SECURITY AWARENESS
SECURITY AWARENESSSECURITY AWARENESS
SECURITY AWARENESS
 
Ten Important Rules
Ten Important RulesTen Important Rules
Ten Important Rules
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Safe Computing
Safe ComputingSafe Computing
Safe Computing
 
Online safety, Security, Ethics and Etiquette
Online safety, Security, Ethics and EtiquetteOnline safety, Security, Ethics and Etiquette
Online safety, Security, Ethics and Etiquette
 
Internet Safety Glossary of Terms
Internet Safety Glossary of TermsInternet Safety Glossary of Terms
Internet Safety Glossary of Terms
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
 
Data breach
Data breachData breach
Data breach
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
 
security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...security privacy,security,web,internet,prevention from hackers,the onion rout...
security privacy,security,web,internet,prevention from hackers,the onion rout...
 

Similar to Building a culture of security

Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
RajviNikeetaRathore
 

Similar to Building a culture of security (20)

10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your users
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cybersecurity Awareness Month Tips
Cybersecurity Awareness Month TipsCybersecurity Awareness Month Tips
Cybersecurity Awareness Month Tips
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Security Features and Securing Your Data in TurboRater and InsurancePro - Kel...
Security Features and Securing Your Data in TurboRater and InsurancePro - Kel...Security Features and Securing Your Data in TurboRater and InsurancePro - Kel...
Security Features and Securing Your Data in TurboRater and InsurancePro - Kel...
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security Breaches
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Secure End User
Secure End UserSecure End User
Secure End User
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cyber security macau
Cyber security macau Cyber security macau
Cyber security macau
 
Working from home- How secure is it.pdf
Working from home- How secure is it.pdfWorking from home- How secure is it.pdf
Working from home- How secure is it.pdf
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 

More from Courion Corporation

Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 

More from Courion Corporation (8)

10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Detect, Deter, and Remediate Cyber Risk
Detect, Deter, and Remediate Cyber Risk Detect, Deter, and Remediate Cyber Risk
Detect, Deter, and Remediate Cyber Risk
 
4 ways to defend against internal attacks
4 ways to defend against internal attacks4 ways to defend against internal attacks
4 ways to defend against internal attacks
 
Buyers Guide for Governance
Buyers Guide for GovernanceBuyers Guide for Governance
Buyers Guide for Governance
 
Access Assurance in the Cloud
Access Assurance in the CloudAccess Assurance in the Cloud
Access Assurance in the Cloud
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
 
Assessing the Risk of Identity and Access
Assessing the Risk of Identity and AccessAssessing the Risk of Identity and Access
Assessing the Risk of Identity and Access
 
Courion Survey Findings: Access Risk Attitudes
Courion Survey Findings: Access Risk AttitudesCourion Survey Findings: Access Risk Attitudes
Courion Survey Findings: Access Risk Attitudes
 

Recently uploaded

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 

Recently uploaded (20)

Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 

Building a culture of security

  • 1. 1 How to Build a Culture of Security
  • 2. 2 You are the target. Gone are the days where robbers run out of a bank with bags of money or someone sneaks in at night and steals your proprietary information. The hackers are no longer going after the company, they are going after you. With your credentials, they can slide into your organization and take information without anyone noticing. This means you are the target and any data you touch, from your user credentials to network tokens, you are ultimately responsible for keeping safe. Here are 10 things to look out for and recommendations for how to keep all of your information safe.
  • 3. 3 Social Engineering Social engineering hacks consist of a very sophisticated approach where the hacker pretends to be someone you know or trust – such as your bank or even a friend or co-worker – and will use information he gains from social networks to win your trust. While these attacks generally come in the form of an email, they can be delivered by instant messaging, text messages, or even in-person attacks. Train your teams:  To look for common indicators such as people asking for information they shouldn't have access to, using a lot of confusing or technical terms, creating a sense of urgency, or the general "if it seems too good to be true, it probably is."
  • 4. 4 Phishing attacks are skyrocketing along with the more targeted "spear phishing" attacks. These attacks use the information gained through social engineering to gain your trust and are trying to get you to do something seemingly harmless such as click on a link or open an attachment. Train your teams:  Just because a message seems like it comes from a friend doesn't mean it is safe. Hackers could have taken over a friend’s computer or account or simply spoofed the "from" address.  Be suspicious of any emails directed "Dear Customer" or other generic greetings.  Be skeptical of any message requiring 'Immediate action' or creates a sense of urgency.  Be suspicious of any emails coming from an official organization or business that have bad grammar or spelling mistakes.  Before you click on a link, hover your mouse over it and the true destination will display; confirm that the address is what you think it is.  Be careful with attachments, and only open ones you were expecting.  Always treat suspicious emails with a healthy dose of skepticism and common sense. Phishing and Spear-Phishing
  • 5. 5 Internet browsers are one of the easiest ways to get into your computer. Common techniques are to place hacks on websites you might visit and then launch multiple attacks while you are on the site. Train your teams:  If your browser or plugins are outdated, then you are at risk. Always upgrade to the most recent versions.  If your browser warns you not to go somewhere: Listen! Or contact your IT department for more information.  Do not install plugins or add-ons unless you absolutely need them and they are approved by your IT department.  Be sure your connection is encrypted whenever you connect to sensitive websites. Not sure if it is safe? Look for "HTTPS" on the website address.  Always scan any files you download with anti-virus software. Browsing the Internet
  • 6. 6 Social networks are the new watercooler, and we don’t expect anyone to stay off of them while at work. However, all social networks should be used securely. Train your teams:  Social networks are phishing's number one tool; don't give out any information on these sites unless you're ok with the world knowing it. Be weary of any messages that could fall under the "phishing" guidelines.  Be careful what you post; your information could be used to steal your identity, guess your passwords (what year did you graduate?) and commit online fraud.  Be careful when integrating third-party websites with your social network. Not all security is the same. Just because you don’t mind Facebook linking to your home computer doesn’t mean it’s ok to link them to your company computer.  Only access social networks from work devices IF approved by your IT department.  Never share sensitive information. Social Networking
  • 7. 7 Just like with social networking, it is becoming impossible to keep employee devices off of your network. To make sure that none of these devices are impacting your network, make sure to put a BYOD policy in place that includes the following:  Differentiated networks: Only approved networks can be reached by employee devices so that your most sensitive data can stay safe on its own network.  Only install apps that you need and only from trusted sources. Always update them when available to keep highest security.  Disable Bluetooth when you are not using it and Wi-Fi.  Do not access or store work email or other data unless you have been authorized and have proper security in place.  Protect your devices with hard-to-guess PIN numbers and encrypt your data if that is an option.  Consider enabling remote wiping. Bringing Your Own Device (BYOD)
  • 8. 8 With the surge in online applications, users have multiple accounts with credentials. In order to keep that access safe, they need to make their passwords not only differentiated but also hard to guess. Here are a few more ways to keep your passwords secure.  Use a passphrase instead of a password.  Require a number and/or a symbol in your passphrase.  Have at least one upper and one lower case letter.  Use Multi-Factor Authentication – that is, using a password and a pin or a thumbprint and a password.  Make it a policy to change login credentials every 90 days.  Use different passwords for different accounts.  Never share passwords with anyone, even your supervisor.  Do not use public computers to log onto work or bank accounts with your password.  Be careful of websites that ask you for personal questions. Only use personal questions that no one else can answer (remember social engineering). Passwords
  • 9. 9 Encryption is a process that makes your information unreadable or unusable to anyone who doesn't have the key to unlock it using algorithms to construct a unique key to encrypt and unencrypt your data. All data should be encrypted going both ways for ultimate protection. Examples of things that should be encrypted:  Laptop, mobile phone, USB sticks – anything that is mobile or can leave the premises  Communication protocols – VOIP, instant messaging, email  Electronic files and folders  Browser connections to websites such as online banking, social networking, online shopping Encryption
  • 10. 10 We live in a world of big data with more and more information being shared and stored each day. But what do we really need to store? The answer is: only what you absolutely need. Here are a few other tips for data retention.  Only use systems approved by the organization to store or transmit data and never store data on personal laptops, phones, or other devices.  Do not transfer data without encryption.  Do not store sensitive data without encryption and never store or share sensitive information on public internet or cloud services.  Never leave sensitive documents open at your desk and always lock your computer.  Use only authorized software for work-related activities.  Any third-party vendor provided with data needs to follow the same security protocols. This may require a contract.  Any sensitive information that is no longer necessary or appropriate to store should be properly destroyed, shredded or rendered unreadable.  If you believe data has been lost, stolen, or compromised, contact your security team immediately. Data Retention
  • 11. 11 Everything you do over Wi-Fi – even on networks requiring passwords/log-in information – can be monitored. Not only can everything you say, type, or send be monitored, but hackers can use your connection to penetrate your network and compromise your computer or online account.  When you are connected to any Wi-Fi network, make sure that all of your communications are encrypted, especially on public Wi-Fi networks.  If you have Virtual Private Network (VPN) capabilities, utilize it when using public Wi-Fi as it will create an encrypted tunnel and will allow you to work more securely. Wi-Fi Security
  • 12. 12 Outside attacks are not the only threat to your organization. People inside – employees, contractors, and third-party vendors – can also cause you harm. The insider has both physical and digital access to your systems. Look out for:  Someone carrying a large number of documents or downloading extremely large files for projects they are not working on.  Someone working strange hours or working when others are off the clock.  Someone trying to log on to others accounts or get access to systems or applications they shouldn't need.  Someone changes their behavior drastically. In order to minimize insider threat:  Only give people access to the applications, data, etc. that they are responsible for as part of their job functions.  Store sensitive information in appropriate locations.  Always lock your computer and desk when you are away for any period of time.  Never share your password or credentials with anyone – not even your supervisor. Insider Threats
  • 13. 13 Between our laptops, tablets, and cell phones, we are constantly working. While this is good for us and our business, it is also good for hackers who have increased entry points into your system.  When working remotely, make sure you only use devices that are authorized by your company or that are covered under your BYOD policy.  Keep your devices physically secure at all times; stolen laptops were a huge percentage of healthcare data breaches last year.  Always use VPN when on public networks and that all applications are using encryption.  Never use a public computer for work; you do not know if they are secured properly.  Always password-lock your computer when you leave it and do not allow others to connect devices to your laptop. Working Remotely
  • 14. 14 How many of these policies do you think your employees already follow? How many do you think they need to follow? Unfortunately, every organization’s number one resource is also their number one threat- their people. By building a culture of security in your organization, you will help build a secure network from the inside out. Need help with your network? Our Identity and Access Management solutions can help you provision and monitor your employees’ access and alert you of any anomalies in your system. Contact us today for more information on how you can become truly secure. 1-866-COURION info@Courion.com www.Courion.com How Secure is Your Culture?