SlideShare a Scribd company logo
Information Security Awareness Training
SECURITY IS EVERYONE'S
RESPONSIBILITY
Training Objectives and Overview
Objectives
3
After completing this training, you should be able to:
• Understand cyber security threats associated with
email and other forms of electronic communications
• Learn tips on how to safely maneuver through the
internet
• Understand why it is important to protect our
information assets and your role in the process
• Learn how to better secure your computer and data
• Understand the importance of passwords and how
to create a strong password
• Understand how international travel can pose risks
to information assets
• Locate policies, standards and travel preparation on
the Employee Portal
Electronic Communication
4
Electronic Communication
• Any Communication (email, instant messaging, text
messaging, etc.)sent in support of the corporate
business is considered the corporate message and is
subject to monitoring.
Do not Send:
• Anything which could be interpreted as abusive or
harassing
• Unsolicited advertising or anything that could be
interpreted as a scam
5
Electronic Communication-Do’s
• Be careful of the information shared outside of the
company and its competitive value.
• Protect information inside the company by not sharing
it with those without a need-to-know.
• Use approved “Chat” applications (set up by IT
helpdesk) for instant messaging needs. The use of
other commercial instant messaging products could
allow viruses to infect your computer.
• Be mindful of the Information Security Policies and
procedures restrictions on information sharing.
Improper use of electronic communication in support of
the corporate business can put the corporate at risk and
is a violation of company policy.
6
Email Viruses
Email is the most common source of computer viruses. What
can you do to avoid computer viruses?
When receiving email from questionable sources:
• Do not open attachments.
• Do not click on web links.
• Do not respond to the email.
• If you don’t know the sender or what it concerns, the
safest thing to do is delete the email.
• Forward the email to mailscam@mailserver.com
Even be cautious of email which appears to be from
someone you know. The email could have been forwarded
from a questionable or unknown email address. Be certain of
the source before you click on a link.
7
Email
• Email is inherently unsafe because it is the easiest way for
someone to breach the system and to trick you.
• Do not forward any confidential company email outside of the
corporate policy (i.e., personal email accounts , etc.).
• If your job requires you to email confidential information to
outside parties, including personal information, use the e-mail
policy for the policy, Secure Email*.
*encrypt-to convert or scramble computer data and messages
into something incomprehensible.
8
Spam
• Spam is unsolicited email ( junk email). It may be
targeted to a certain group or a mass mailing.
• the corporate e-mail spam service blocks millions of
spam email everyday; however some do manage to
get through.
• For the majority of cases, delete the spam.
• If you feel someone should be alerted , call the help
desk or forward the email to
mailscam@corporate.com
9
Phishing
Phishing is a type of cyber attack involving forged emails
and websites. Typically, an email is sent with a disturbing
message such as “Your bank account has been
suspended” and includes a website link or an attachment.
The website link looks like a viable website, such as a
financial institution, but is actually the hacker’s website.
To avoid being caught by a phishing email, individuals
should:
• Contact the business directly.
• Be suspicious of any email requesting personal
information.
• Do not open links or attachments from questionable
sources.
• Delete the email.
10
Internet Usage
11
Use Good Judgment
the corporate monitors internet usage and block
certain websites for a variety of reasons.
Please be aware that anything you do on the
internet can be traced.
When accessing the internet from email links use
sound judgment. Be extremely wary of emails
asking for information or asking you to click a link. If
the email states “You’ve got to see this,” ask
yourself why.
Please use sound judgement when accessing
personal web-based email such as Yahoo, Gmail, or
other non-the corporate email systems from your
the corporate Computer.
12
Blocked Website Categories
Certain types of websites are blocked from the the
corporate network. Some examples include:
• Adult/Mature Content
• Gambling
• Games
• Hacking
• Personals/Dating
• Social Media
• Violence/Hate/Racism
• Weapons
Contact IT for a complete list of Blocked Websites
Categories.
13
Malware
• Malware is a term for malicious software which is
designed to be installed on a computer without the
owner’s knowledge.
• Spyware is a type of malware which monitors your
computer activity and reports this activity back to the
owner of the spyware. Spyware can keep track of the
websites you visit.
• Based on this information, spam or phishing emails
can be created by hackers to target your interests or
work profession.
• Therefore, visiting unfamiliar sites could infect your
computer with malware.
14
Caution Before You Click
Computers can get infected with malware by simply
visiting an infected website. That is why it is very
important to be careful when clicking a link in email,
search lists, or web pages.
Malware can also steal data. This includes personal
data such as computer ID’s, passwords, social security
and account numbers.
To avoid having your identity compromised by
malware:
• Be careful what internet sites you visit.
• Do not open attachments or links from unknown
sources.
• Don’t download without your managers approval
for free software download offers.
15
Social Networking (i.e. Facebook, LinkedIn, Twitter)
• Be very careful what information is shared on these
sites . Always consider what could be done with this
information and the possible impact it may have.
• Certain data posted on these sites may allow a
targeted email fraud, phishing, or spam attack to be
developed.
• In addition, the personal information posted may be
used in a social engineering attack, where someone
masquerades as you or a person close to you.
• Access to many social networking sites is blocked from
the the corporate network due to the risk of exposure.
16
Public Wireless Access
• Public Wireless Internet is available at many
locations. It is important to understand when
you use these networks you are no longer on a
network controlled by either you or the
corporate.
• Many of the security controls in place at work
are not available on a public network. You
cannot assume a public network is secure.
• Protect company information by ALWAYS using
your the corporate secure Virtual Private
Network (VPN) connection when accessing a
public network.
• Always use extreme caution when handling the
corporate information.
17
Personal Devices
Do not connect personal devices to the corporate network. Examples include:
• IPads
• Tablets
• Wireless camera
• Wireless Printers
Do not use personal software for company business.
• Using personal software for company business violates company license
agreements.
18
Data Security
19
Protecting Information
• Non-public company information should be
protected, both inside and outside the company.
• Unauthorized disclosure of company information
can put the corporate at risk. We could lose
competitive advantage, create legal problems,
violate regulatory requirements, or tarnish the
image of the company.
• Information should only be shared with individuals
on a need-to-know basis. the corporate uses access
restrictions on File Shares to protect stored
information and Secure File Transfer Protocol
(SFTP) to securely transfer information.
20
Information Protection
Confidential information should never be left unattended
in place such as :
• Meeting rooms
• Fax machines
• Printers
• Desks
• Dry erase boards
• Unlocked file cabinets
• Unsecured shared drives
Dispose of personal or confidential information in a secure
manner (i.e., shred, delete data from hard drive according
to company guidelines, or incinerate).
Use a clean desk approach. Lock up confidential/sensitive
papers when you are not using them.
21
File Share Ownership for “Common Drive”
Information
• Per the corporate policy, File Share owners must be a manager or supervisor.
• File Share owners are responsible for all content and access they own.
• Ownership roles must be reviewed annually and updated when there is a change in job
responsibilities.
• Owners should limit access to only those who have a business need to access the information.
• Data owners should adhere to the the corporate Information Security Handling and Classification
Policy (NO-POL-0026) to ensure content is retained based on regulatory obligations, industry
benchmarks and sound business practices. The policy is available on the corporate’s intranet.
• Do not store Personally Identifiable Information (PII) on a File Share that is accessible by any
employee who does not have a legitimate business purpose for accessing that information.
22
Unauthorized Software
• Installing unauthorized software is a violation of
company policy that may result in disciplinary action.
Software downloaded from the internet can contain
vulnerabilities that put the entire association at risk.
• the corporate catalogs, tracks, and updates the
software contained in the standard computer image
for vulnerabilities. However, updates cannot be done
for unauthorized software thus putting the
association’s at risk.
• Software downloaded to share music can often make
other files on your computer available for sharing to
others and lead to disclosure of sensitive information.
• These precautions apply to all the corporate owned
devices, including mobile devices (NO-POL-0013).
23
Mobile Device Security
Every individual at the corporate is responsible
for protecting the company’s information and
equipment.
• Laptops, smart phones, tablets and other
mobile devices(i.e., thumb drives) should be
locked or kept in your personal possession at
all times.
• When traveling, be sensitive to where and
when you use mobile devices such as phones ,
laptops, and tablets. Don't allow others to
“look over your shoulder”.
• Never Leave laptops or other mobile devices
in clear view inside a vehicle.
• Immediately report any stolen mobile device
storing corporate information to Help Desk.
Mobile devices, including smart phones and
tablets, must be password protected.
24
Corporate Mobile Devices and Personal Information
• the corporate may elect to to provide corporately owned
mobile devices to enable the Company workforce. These
devices may include tablets such as iPads, smart phones,
Androids or other types of mobile devices.
• Though the devices are for corporate use, it is easy to
commingle personal information with corporate data on
the device.
• To ‘commingle’ company information and personal
information means to mix them in some fashion.
Commingling company information and personal
information has privacy and security consequences.
• Examples of commingling data include:
• Personal emails and/or documents stored on a
corporate device
• Corporate email stored on a personal email account
• Call records of personal telephone calls made on a
corporate device
25
Commingling – No Expectation of Privacy
• the corporate permits limited personal use of corporate
computing resources .
• There are many consequences, to storing personal information
on a corporate device, including mobile devices. Some of these
consequences are :
• Employees can have no expectation of privacy related to
personal information stored on the corporate device
• If the employee is involved in personal litigation, and
relevant personal data is on the corporate device, that
device may be subject to discovery and :
• The Company may be compelled to provide the
personal information to counsel, placing personal
information at risk of exposure, and
• The device may be unavailable to the company for a
time which could place company data at risk of
exposure.
26
USB Flash/Thumb Drives
• USB drives are becoming a way to spread unwanted
malicious progrthe corporate.
• It is important no to insert personal-use USB drives into
the corporate equipment. This may inadvertently
transport a virus or other unwanted progrthe corporate.
• One hacking trick is to leave infected USB drives laying
around in public places for people to pick up and use.
While it is enticing to find a ‘free’ USB drive, inserting it
into your corporate or home computer is strongly
discouraged.
• To protect information contained on USB drives, look for
devices that use a password or allow encryption
(scrambling the information into secret code).A user
manual often comes with the device to explain these
features.
• If you work inside process control environments use only
dedicated portable media to transfer information to
Supervisory Control and Data Acquisition (SCADA) systems
or process computer systems. Do not use this portable
media for any other purpose.
27
What to do if you notice a Security Issue
If you suspect the corporate’s security has been compromised,
a security issue has occurred or unauthorized information has
been accessed or released, contact:
• The Help Desk
• Your Manager or Supervisor
28
Social Engineering
• Social Engineering is the art of manipulating
people into performing actions or divulging
confidential information. Email is a common
method used.
• They create a scenario based on a few known
facts(names ,phone numbers, etc.) which seems
believable. If the story is credible, then most
people are more than willing to help the social
engineer.
• For example, a social engineer may claim to be an
the corporate IT employee who needs your
password to fix a computer problem. In reality,
they are trying to gain access to the corporate
computers using your ID and password.
• Be very cautious and think twice before giving out
the corporate information.
29
Physical Security
30
Physical Security for Information Assets• Facilities housing the corporate information assets
are physically restricted to authorized individuals
and require a valid the corporate ID.
• These facilities or buildings must be protected by
physical security controls that prevent unauthorized
individuals from gaining access. Visitors are required
to sign in and be accompanied by an escort while in
company facilities.
• Remember:
• Never allow others to user your badge
• Never allow tailgating (holding a door or gate
open for another person that requires a badge).
• Report lost or stolen badges immediately:
• HR Administration
• Mangers or Supervisors
• Help Desk
31
Sabotage on the corporate Facilities
Individuals should watch for one or more of the following signs:
• Physical surveillance of the corporate facilities
• Any threats to individuals or property
• Attempts to gain unauthorized access to restricted areas
• Vandalism to company property
What should you do ?
• If threated or in danger , move to safety and call 911.
• Notify HR Administration.
• Do not touch anything. Preserve evidence for investigators.
32
Lock Your Computer
• Lock your computer when you walk away. It is easy to do :
• 1. Press the Ctrl+Alt+Del KEYS AT THE SAME TIME
• 2. Then select the “Lock Computer” option
• You are responsible for all actions that occur with your ID.
if you leave your computer unattended and unlocked,
someone else could take action ( such as send email)
using your identity or access your personal information
(view your paycheck) via Portal.
• Your computer should always be in a physically secured
location.
• Use the provided cable lock/tether to secure laptops left
unattended.
33
Password Management
34
Your Password
• Your password is an integral part of the overall
protection of the corporate’s information
assets.
• Hackers will try to steal passwords and IDs to
break into the corporate systems.
• If your password is compromised , the hacker
has the ability to access anything you can
access, using your identity.
• Never use your the corporate ID or account
password on non the corporate systems such as
Amazon, Facebook or EBay. Once a password is
compromised, the next logical step for a hacker
is to try that password on other systems that
you access.
35
Password Guidelines & Suggestions
The science of password cracking has been simplified with the use
of high speed progrthe corporate that employ databases
containing words and phrases. There are ways to protect your
password from these types of attacks, such as creating a password
by using a password phrase.
Tips: What Not to Do:
• Do not write down or share your password.
• Do not use the same password for everything(i.e., work,
personal banking, etc.)
• Do not use information that others could associate with you,
like names of family members or pets.
• Do not use cyclical, incremental, or patterned passwords.
• Do not use words spelled backwards.
• Do not use keyboard patterns (i.e., “asdf”).
For information on creating a strong password, see Password
Requirements located on the Password Policy (NO-POL- 0022).
36
Tips for Creating a Strong Password
Create a strong , secure password that is easy to remember.
Use a combination of upper case, lower case, numbers, and
special characters to make your password complex.
• Example: Use the phrase "it is not enough to do your best ; you
must know what to do, and Then do your best.” W.Edwards
Deming
• Take the first letter from each word, separate every four letters with a
comma, and then put a two digit number at the end.
• Add a number or punctuation every few letters or between syllables.
• A 12 character password would then be “iine,tdyb,12”.
• Your the corporate password should only be used for your the
corporate’s account. Use a different password for all personal
email accounts.
37
Privacy
• Privacy is a set of fair information practices to ensure:
• Personal information is accurate, relevant, and current.
• All collections, uses, and disclosures of personal information are known and appropriate.
• Personal information is protected.
The Policy for Privacy:
• Implements procedures and controls at all levels to protect the confidentiality and integrity of
information stored and processed on systems.
38
Different types and forms of Personally Identifiable
Information (PII)
•Social Security number (SSN)
• Health Insurance Claim Number (HICN)
• Date of birth (DOB)
• National Provider Identification (NPI)
• Driver’s license number
• Passport number
• Personal Health Information (PHI)
• Biometric Information
• PII must be protected in any form : paper, electronic, oral.
39
Recognize threats to information systems and privacy
• Share information on a need to know basis.
• Never access PII unless authorized to do so to perform your job.
• Only store PII on encrypted devices.
• Encrypt emails and double – check that the recipient name(s) is correct before sending.
• When faxing, confirm that you have the correct fax number and call the recipient to confirm receipt.
40
Privacy Roles and Responsibilities
Objective: Understand personal responsibility to protect information systems.
Privacy policies and procedures require you to:
• Collect, use, and disclose personal information for reasons that are for a
legitimate job function, support the mission of the corporate and are allowed by law.
• Disclose only the minimum amount of information.
• Access information only for authorized purposes.
• Follow standards to safeguard personal information throughout the information
life cycle.
• Report suspected privacy violations or incidents.
• Comply with all applicable privacy laws.
• Shred documents containing PII; NEVER place them in the trash. Contact the IT
Department for proper disposal of equipment like copy machines and
computers.
As a member of the the corporate workforce, you are responsible for privacy policies and procedures.
41
Privacy Violations
• Privacy violations can result in severe consequences including:
42
Security Summary
43
Things You Can Do To Help Keep the
Company Secure
It is the responsibility of each member of the corporate workforce to protect
our enterprise information assets.
Here are some things you can do to help:
• Only the corporate equipment can be connected to the internal business
network.
• Do not load any unapproved software on your the corporate equipment.
• Do not change any corporate security settings.
• Avoid opening email and attachments from questionable sources.
• Lock your workstation before you walk away.
• Protect the corporate data in all formats(i.e., thumb drive, hard copy, CD,
etc.)
• Use a strong password.
• Do not write down or share your password.
• Ensure each member of the workforce has access to only what they need.
• Beware of social engineering.
• Report any lost or stolen company information asset (laptop, mobile phone
,etc.) to the Help Desk. 44

More Related Content

What's hot

Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
Wilmington University
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
User security awareness
User security awarenessUser security awareness
User security awareness
K. A. M Lutfullah
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
Atlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 

What's hot (20)

Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 

Viewers also liked

Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
Nicholas Davis
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
Terranovatraining
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Information security management system
Information security management systemInformation security management system
Information security management system
Arani Srinivasan
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
Atlantic Training, LLC.
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 

Viewers also liked (11)

Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 

Similar to Information Security Awareness Training Open

TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
vasidharta
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
Excellence Foundation for South Sudan
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
Courion Corporation
 
Computer Basics in the Work Place
Computer Basics in the Work PlaceComputer Basics in the Work Place
Computer Basics in the Work Place
Alan Simpers MBA M.ED
 
Internet Safety & Privacy
Internet Safety & PrivacyInternet Safety & Privacy
Internet Safety & Privacy
Alexine Marier
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
HarishParthasarathy4
 
Free_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdfFree_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdf
klodianelezi1
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Brian Pichman
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
B2BPlanner Ltd.
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
samina khan
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
Brian Pichman
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
How to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxHow to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptx
Sultan593473
 
Computer Security and Safety, Ethics, and.pptx
Computer Security and Safety, Ethics, and.pptxComputer Security and Safety, Ethics, and.pptx
Computer Security and Safety, Ethics, and.pptx
EigraEmliuqer
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
santosh26kumar2003
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
Radiant Minds
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & Safety
Anjan Mahanta
 

Similar to Information Security Awareness Training Open (20)

TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Computer Basics in the Work Place
Computer Basics in the Work PlaceComputer Basics in the Work Place
Computer Basics in the Work Place
 
Internet Safety & Privacy
Internet Safety & PrivacyInternet Safety & Privacy
Internet Safety & Privacy
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
 
Free_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdfFree_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdf
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
How to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxHow to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptx
 
Computer Security and Safety, Ethics, and.pptx
Computer Security and Safety, Ethics, and.pptxComputer Security and Safety, Ethics, and.pptx
Computer Security and Safety, Ethics, and.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & Safety
 

Information Security Awareness Training Open

  • 1. Information Security Awareness Training SECURITY IS EVERYONE'S RESPONSIBILITY
  • 3. Objectives 3 After completing this training, you should be able to: • Understand cyber security threats associated with email and other forms of electronic communications • Learn tips on how to safely maneuver through the internet • Understand why it is important to protect our information assets and your role in the process • Learn how to better secure your computer and data • Understand the importance of passwords and how to create a strong password • Understand how international travel can pose risks to information assets • Locate policies, standards and travel preparation on the Employee Portal
  • 5. Electronic Communication • Any Communication (email, instant messaging, text messaging, etc.)sent in support of the corporate business is considered the corporate message and is subject to monitoring. Do not Send: • Anything which could be interpreted as abusive or harassing • Unsolicited advertising or anything that could be interpreted as a scam 5
  • 6. Electronic Communication-Do’s • Be careful of the information shared outside of the company and its competitive value. • Protect information inside the company by not sharing it with those without a need-to-know. • Use approved “Chat” applications (set up by IT helpdesk) for instant messaging needs. The use of other commercial instant messaging products could allow viruses to infect your computer. • Be mindful of the Information Security Policies and procedures restrictions on information sharing. Improper use of electronic communication in support of the corporate business can put the corporate at risk and is a violation of company policy. 6
  • 7. Email Viruses Email is the most common source of computer viruses. What can you do to avoid computer viruses? When receiving email from questionable sources: • Do not open attachments. • Do not click on web links. • Do not respond to the email. • If you don’t know the sender or what it concerns, the safest thing to do is delete the email. • Forward the email to mailscam@mailserver.com Even be cautious of email which appears to be from someone you know. The email could have been forwarded from a questionable or unknown email address. Be certain of the source before you click on a link. 7
  • 8. Email • Email is inherently unsafe because it is the easiest way for someone to breach the system and to trick you. • Do not forward any confidential company email outside of the corporate policy (i.e., personal email accounts , etc.). • If your job requires you to email confidential information to outside parties, including personal information, use the e-mail policy for the policy, Secure Email*. *encrypt-to convert or scramble computer data and messages into something incomprehensible. 8
  • 9. Spam • Spam is unsolicited email ( junk email). It may be targeted to a certain group or a mass mailing. • the corporate e-mail spam service blocks millions of spam email everyday; however some do manage to get through. • For the majority of cases, delete the spam. • If you feel someone should be alerted , call the help desk or forward the email to mailscam@corporate.com 9
  • 10. Phishing Phishing is a type of cyber attack involving forged emails and websites. Typically, an email is sent with a disturbing message such as “Your bank account has been suspended” and includes a website link or an attachment. The website link looks like a viable website, such as a financial institution, but is actually the hacker’s website. To avoid being caught by a phishing email, individuals should: • Contact the business directly. • Be suspicious of any email requesting personal information. • Do not open links or attachments from questionable sources. • Delete the email. 10
  • 12. Use Good Judgment the corporate monitors internet usage and block certain websites for a variety of reasons. Please be aware that anything you do on the internet can be traced. When accessing the internet from email links use sound judgment. Be extremely wary of emails asking for information or asking you to click a link. If the email states “You’ve got to see this,” ask yourself why. Please use sound judgement when accessing personal web-based email such as Yahoo, Gmail, or other non-the corporate email systems from your the corporate Computer. 12
  • 13. Blocked Website Categories Certain types of websites are blocked from the the corporate network. Some examples include: • Adult/Mature Content • Gambling • Games • Hacking • Personals/Dating • Social Media • Violence/Hate/Racism • Weapons Contact IT for a complete list of Blocked Websites Categories. 13
  • 14. Malware • Malware is a term for malicious software which is designed to be installed on a computer without the owner’s knowledge. • Spyware is a type of malware which monitors your computer activity and reports this activity back to the owner of the spyware. Spyware can keep track of the websites you visit. • Based on this information, spam or phishing emails can be created by hackers to target your interests or work profession. • Therefore, visiting unfamiliar sites could infect your computer with malware. 14
  • 15. Caution Before You Click Computers can get infected with malware by simply visiting an infected website. That is why it is very important to be careful when clicking a link in email, search lists, or web pages. Malware can also steal data. This includes personal data such as computer ID’s, passwords, social security and account numbers. To avoid having your identity compromised by malware: • Be careful what internet sites you visit. • Do not open attachments or links from unknown sources. • Don’t download without your managers approval for free software download offers. 15
  • 16. Social Networking (i.e. Facebook, LinkedIn, Twitter) • Be very careful what information is shared on these sites . Always consider what could be done with this information and the possible impact it may have. • Certain data posted on these sites may allow a targeted email fraud, phishing, or spam attack to be developed. • In addition, the personal information posted may be used in a social engineering attack, where someone masquerades as you or a person close to you. • Access to many social networking sites is blocked from the the corporate network due to the risk of exposure. 16
  • 17. Public Wireless Access • Public Wireless Internet is available at many locations. It is important to understand when you use these networks you are no longer on a network controlled by either you or the corporate. • Many of the security controls in place at work are not available on a public network. You cannot assume a public network is secure. • Protect company information by ALWAYS using your the corporate secure Virtual Private Network (VPN) connection when accessing a public network. • Always use extreme caution when handling the corporate information. 17
  • 18. Personal Devices Do not connect personal devices to the corporate network. Examples include: • IPads • Tablets • Wireless camera • Wireless Printers Do not use personal software for company business. • Using personal software for company business violates company license agreements. 18
  • 20. Protecting Information • Non-public company information should be protected, both inside and outside the company. • Unauthorized disclosure of company information can put the corporate at risk. We could lose competitive advantage, create legal problems, violate regulatory requirements, or tarnish the image of the company. • Information should only be shared with individuals on a need-to-know basis. the corporate uses access restrictions on File Shares to protect stored information and Secure File Transfer Protocol (SFTP) to securely transfer information. 20
  • 21. Information Protection Confidential information should never be left unattended in place such as : • Meeting rooms • Fax machines • Printers • Desks • Dry erase boards • Unlocked file cabinets • Unsecured shared drives Dispose of personal or confidential information in a secure manner (i.e., shred, delete data from hard drive according to company guidelines, or incinerate). Use a clean desk approach. Lock up confidential/sensitive papers when you are not using them. 21
  • 22. File Share Ownership for “Common Drive” Information • Per the corporate policy, File Share owners must be a manager or supervisor. • File Share owners are responsible for all content and access they own. • Ownership roles must be reviewed annually and updated when there is a change in job responsibilities. • Owners should limit access to only those who have a business need to access the information. • Data owners should adhere to the the corporate Information Security Handling and Classification Policy (NO-POL-0026) to ensure content is retained based on regulatory obligations, industry benchmarks and sound business practices. The policy is available on the corporate’s intranet. • Do not store Personally Identifiable Information (PII) on a File Share that is accessible by any employee who does not have a legitimate business purpose for accessing that information. 22
  • 23. Unauthorized Software • Installing unauthorized software is a violation of company policy that may result in disciplinary action. Software downloaded from the internet can contain vulnerabilities that put the entire association at risk. • the corporate catalogs, tracks, and updates the software contained in the standard computer image for vulnerabilities. However, updates cannot be done for unauthorized software thus putting the association’s at risk. • Software downloaded to share music can often make other files on your computer available for sharing to others and lead to disclosure of sensitive information. • These precautions apply to all the corporate owned devices, including mobile devices (NO-POL-0013). 23
  • 24. Mobile Device Security Every individual at the corporate is responsible for protecting the company’s information and equipment. • Laptops, smart phones, tablets and other mobile devices(i.e., thumb drives) should be locked or kept in your personal possession at all times. • When traveling, be sensitive to where and when you use mobile devices such as phones , laptops, and tablets. Don't allow others to “look over your shoulder”. • Never Leave laptops or other mobile devices in clear view inside a vehicle. • Immediately report any stolen mobile device storing corporate information to Help Desk. Mobile devices, including smart phones and tablets, must be password protected. 24
  • 25. Corporate Mobile Devices and Personal Information • the corporate may elect to to provide corporately owned mobile devices to enable the Company workforce. These devices may include tablets such as iPads, smart phones, Androids or other types of mobile devices. • Though the devices are for corporate use, it is easy to commingle personal information with corporate data on the device. • To ‘commingle’ company information and personal information means to mix them in some fashion. Commingling company information and personal information has privacy and security consequences. • Examples of commingling data include: • Personal emails and/or documents stored on a corporate device • Corporate email stored on a personal email account • Call records of personal telephone calls made on a corporate device 25
  • 26. Commingling – No Expectation of Privacy • the corporate permits limited personal use of corporate computing resources . • There are many consequences, to storing personal information on a corporate device, including mobile devices. Some of these consequences are : • Employees can have no expectation of privacy related to personal information stored on the corporate device • If the employee is involved in personal litigation, and relevant personal data is on the corporate device, that device may be subject to discovery and : • The Company may be compelled to provide the personal information to counsel, placing personal information at risk of exposure, and • The device may be unavailable to the company for a time which could place company data at risk of exposure. 26
  • 27. USB Flash/Thumb Drives • USB drives are becoming a way to spread unwanted malicious progrthe corporate. • It is important no to insert personal-use USB drives into the corporate equipment. This may inadvertently transport a virus or other unwanted progrthe corporate. • One hacking trick is to leave infected USB drives laying around in public places for people to pick up and use. While it is enticing to find a ‘free’ USB drive, inserting it into your corporate or home computer is strongly discouraged. • To protect information contained on USB drives, look for devices that use a password or allow encryption (scrambling the information into secret code).A user manual often comes with the device to explain these features. • If you work inside process control environments use only dedicated portable media to transfer information to Supervisory Control and Data Acquisition (SCADA) systems or process computer systems. Do not use this portable media for any other purpose. 27
  • 28. What to do if you notice a Security Issue If you suspect the corporate’s security has been compromised, a security issue has occurred or unauthorized information has been accessed or released, contact: • The Help Desk • Your Manager or Supervisor 28
  • 29. Social Engineering • Social Engineering is the art of manipulating people into performing actions or divulging confidential information. Email is a common method used. • They create a scenario based on a few known facts(names ,phone numbers, etc.) which seems believable. If the story is credible, then most people are more than willing to help the social engineer. • For example, a social engineer may claim to be an the corporate IT employee who needs your password to fix a computer problem. In reality, they are trying to gain access to the corporate computers using your ID and password. • Be very cautious and think twice before giving out the corporate information. 29
  • 31. Physical Security for Information Assets• Facilities housing the corporate information assets are physically restricted to authorized individuals and require a valid the corporate ID. • These facilities or buildings must be protected by physical security controls that prevent unauthorized individuals from gaining access. Visitors are required to sign in and be accompanied by an escort while in company facilities. • Remember: • Never allow others to user your badge • Never allow tailgating (holding a door or gate open for another person that requires a badge). • Report lost or stolen badges immediately: • HR Administration • Mangers or Supervisors • Help Desk 31
  • 32. Sabotage on the corporate Facilities Individuals should watch for one or more of the following signs: • Physical surveillance of the corporate facilities • Any threats to individuals or property • Attempts to gain unauthorized access to restricted areas • Vandalism to company property What should you do ? • If threated or in danger , move to safety and call 911. • Notify HR Administration. • Do not touch anything. Preserve evidence for investigators. 32
  • 33. Lock Your Computer • Lock your computer when you walk away. It is easy to do : • 1. Press the Ctrl+Alt+Del KEYS AT THE SAME TIME • 2. Then select the “Lock Computer” option • You are responsible for all actions that occur with your ID. if you leave your computer unattended and unlocked, someone else could take action ( such as send email) using your identity or access your personal information (view your paycheck) via Portal. • Your computer should always be in a physically secured location. • Use the provided cable lock/tether to secure laptops left unattended. 33
  • 35. Your Password • Your password is an integral part of the overall protection of the corporate’s information assets. • Hackers will try to steal passwords and IDs to break into the corporate systems. • If your password is compromised , the hacker has the ability to access anything you can access, using your identity. • Never use your the corporate ID or account password on non the corporate systems such as Amazon, Facebook or EBay. Once a password is compromised, the next logical step for a hacker is to try that password on other systems that you access. 35
  • 36. Password Guidelines & Suggestions The science of password cracking has been simplified with the use of high speed progrthe corporate that employ databases containing words and phrases. There are ways to protect your password from these types of attacks, such as creating a password by using a password phrase. Tips: What Not to Do: • Do not write down or share your password. • Do not use the same password for everything(i.e., work, personal banking, etc.) • Do not use information that others could associate with you, like names of family members or pets. • Do not use cyclical, incremental, or patterned passwords. • Do not use words spelled backwards. • Do not use keyboard patterns (i.e., “asdf”). For information on creating a strong password, see Password Requirements located on the Password Policy (NO-POL- 0022). 36
  • 37. Tips for Creating a Strong Password Create a strong , secure password that is easy to remember. Use a combination of upper case, lower case, numbers, and special characters to make your password complex. • Example: Use the phrase "it is not enough to do your best ; you must know what to do, and Then do your best.” W.Edwards Deming • Take the first letter from each word, separate every four letters with a comma, and then put a two digit number at the end. • Add a number or punctuation every few letters or between syllables. • A 12 character password would then be “iine,tdyb,12”. • Your the corporate password should only be used for your the corporate’s account. Use a different password for all personal email accounts. 37
  • 38. Privacy • Privacy is a set of fair information practices to ensure: • Personal information is accurate, relevant, and current. • All collections, uses, and disclosures of personal information are known and appropriate. • Personal information is protected. The Policy for Privacy: • Implements procedures and controls at all levels to protect the confidentiality and integrity of information stored and processed on systems. 38
  • 39. Different types and forms of Personally Identifiable Information (PII) •Social Security number (SSN) • Health Insurance Claim Number (HICN) • Date of birth (DOB) • National Provider Identification (NPI) • Driver’s license number • Passport number • Personal Health Information (PHI) • Biometric Information • PII must be protected in any form : paper, electronic, oral. 39
  • 40. Recognize threats to information systems and privacy • Share information on a need to know basis. • Never access PII unless authorized to do so to perform your job. • Only store PII on encrypted devices. • Encrypt emails and double – check that the recipient name(s) is correct before sending. • When faxing, confirm that you have the correct fax number and call the recipient to confirm receipt. 40
  • 41. Privacy Roles and Responsibilities Objective: Understand personal responsibility to protect information systems. Privacy policies and procedures require you to: • Collect, use, and disclose personal information for reasons that are for a legitimate job function, support the mission of the corporate and are allowed by law. • Disclose only the minimum amount of information. • Access information only for authorized purposes. • Follow standards to safeguard personal information throughout the information life cycle. • Report suspected privacy violations or incidents. • Comply with all applicable privacy laws. • Shred documents containing PII; NEVER place them in the trash. Contact the IT Department for proper disposal of equipment like copy machines and computers. As a member of the the corporate workforce, you are responsible for privacy policies and procedures. 41
  • 42. Privacy Violations • Privacy violations can result in severe consequences including: 42
  • 44. Things You Can Do To Help Keep the Company Secure It is the responsibility of each member of the corporate workforce to protect our enterprise information assets. Here are some things you can do to help: • Only the corporate equipment can be connected to the internal business network. • Do not load any unapproved software on your the corporate equipment. • Do not change any corporate security settings. • Avoid opening email and attachments from questionable sources. • Lock your workstation before you walk away. • Protect the corporate data in all formats(i.e., thumb drive, hard copy, CD, etc.) • Use a strong password. • Do not write down or share your password. • Ensure each member of the workforce has access to only what they need. • Beware of social engineering. • Report any lost or stolen company information asset (laptop, mobile phone ,etc.) to the Help Desk. 44