Cyber24x7 Cybersecurity awareness slides to make users aware of company policies , information security issues , phishing emails etc. Well explained crisp information security slides covering 27001 awareness.
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
CyberSecurity Cyber24x7.pdf
1.
2. Importance of Cybersecurity
The internet allows an attacker to work from anywhere on the planet.
Risks caused by poor security knowledge and practice:
R & D , Patents, Intellectual Property Theft
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and your organization)
Sanctions or termination if policies are not followed
According to the SANS Institute, the top vectors for vulnerabilities available
to a cyber criminal are:
Web Browser
Mobiles
Chat clients
Web Applications
Excessive User Rights
3. Cybersecurity is Safety
• Information Security: We must protect our computers and data in the
same way that we secure the doors to our homes.
• Safety: We must behave in ways that protect us against risks and threats
that come with technology
• Resilience : We must ensure resilience in our systems to survive against
any attacks.
4. What is Information Security?
• Ensure the confidentiality, integrity, and availability of information through
safeguards (Information Security)
• Ensure that the information will not be disclosed to unauthorized
individuals or processes (Confidentiality)
• Ensure that the condition of information has not been altered or destroyed
in an unauthorized manner, and data is accurately transferred from one
system to another (Integrity)
• Ensure that information is accessible and useable upon demand by an
authorized person (Availability)
6. Social Engineering
• Social engineering is a technique to manipulate people into performing
actions or divulging confidential information. Similar to a confidence trick
or simple fraud, the term applies to the use of deception to gain
information, commit fraud, or access computer systems.
Phone Call:
Phone Call:
Phone Call:
This is John,
the System
Administrator.
What is your
password?
Email:
Email:
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
In Person:
In Person:
What city you
are from ?
Your mother’s
maiden name?
and have
some
lovely
software
patches!
I have
come to
repair your
machine…
7. Phishing: Counterfeit Email
• Phishing: A seemingly trustworthy entity asks for sensitive information
such as SSN, credit card numbers, login IDs or passwords via e-mail
10. Physical Access Controls
• All employees need to wear their ID cards while entering the premises.
• Do not let anyone tail-gate while you enter critical areas like Data center or
Server room or UPS room etc.
• You are required to cooperate with the guards during frisking to ensure our
own security.
• Employees should inform all visitors not to carry any weapon or tobacco
products while entering the premises of the company during
visits/meetings.
• Wipe of the boards while meeting is over before you vacate the meeting
rooms.
• Ensure mobile devices are protected and note left unattended while you are
travelling or visiting company areas which are not under CCTV monitoring.
• Ensure that you are aware if fire safety norms, usage of fire extinguishers
and emergency numbers.
11. Security Etiquette
• Good Security Standards follow the “80 / 20” Rule:
• 20% of security safeguards are technical
• 80% of security safeguards rely on the computer user (“YOU”) to adhere to
good computing practices
• Example: The lock on the door is the 20% control. Your responsibility is
80% which includes tasks such as remembering to lock, checking to see if it
is properly locked, ensuring others do not prop the door open, keeping
control of keys. 20% security by lock is worthless without YOU!
• “A study reveals that the vast majority of security breaches are the result of
a human error rather than technology flaws.” Best of technology fails if
users do not adopt good security practices/procedures. See report from
Verizon : https://www.verizon.com/business/resources/reports/dbir/
12. E-mail Usage
• Sending mails to public accounts such as gmail, yahoo etc is prohibited
unless approved by HOD.
• All emails going out of the company are scanned and tracked using state of
the security technology
• Employees should not forward sensitive or confidential information via e-
mail without authorization.
• Employees are prohibited from sending/storing unofficial files using e-
mails.
• Employees should not write abusive, racist or otherwise inappropriate
comments in e-mails.
• Don’t forward chain mails with jokes, multimedia file and other non-
productive content.
• Report spam/unsolicited messages to
13. Internet Usage
• Use internet for business purpose only
• Chatting, accessing job sites, YouTube, Social Media, checking movie clips
is prohibited
• Do Not access sites that may be considered to be obscene, racist, sexist, or
otherwise offensive
• Accessing unofficial mail sites (Yahoo, Hotmail, Rediff, or others) and
online chat sites is prohibited
• Do not upload or send confidential company information (e.g. credit cards,
ATMs, or e-funds transfer information ) through the Internet
• Do Not download or use copyright, trademark or patent protected
information
• Do Not post personal opinion or sensitive information to chat rooms,
bulletin boards, or forums
• Do not subscribe to unofficial sites without approval from your HOD.
• Access to Internet Is Monitored and Logged Regularly. Your systems can be
audited any time by IT /IT Security team.
14. Desktop/Laptop Data Security
• Do not share your Login ID’s such as system login, Server login or Network
login IDs
• Do not use other’s ID, Access company resources with your own ID only.
• Do not fiddle with security settings of your systems
• Do not use corporate hardware for personal use
• Do not use personal storage devices/USB’s on corporate
network/hardware
• Store confidential data in the file servers with access controls
• Follow clear desk and clear screen guidelines to protect information
• Lock you desktop/laptop while you leave your workspace for a break
• Periodic Audits Are Done to Ensure Compliance With All These Policies
15. Software Compliance
• Do not download or install any
software on your computer without a
clearance from the IT support teams
• Installation of unauthorized Software
(e.g. Yahoo messenger, Skype, Mobile
PC suites, games, MP3 files, etc) is
strictly prohibited as per the company
policy and can result in disciplinary
action.
• In case you observe any such software
on your system, please inform your
manager & the Information security
team immediately.
16. Password Security
• Set minimum eight character
password with a combination of upper
case, lower case, numbers, and special
characters like @, %, ^, &, and *.
• Do not use your name, surname, city
etc in the password
• Do not share a password with anyone
• Do not write your password or store
critical passwords in the browsers.
• Change your password on a regular
basis as per security policy of the
company.
• Use a separate password for your
work and personal accounts