This document discusses the security responsibilities of service desk staff. It emphasizes that security is a team effort and individual responsibility. The service desk plays an important role by being aware of potential threats, communicating security messages to users, and properly handling security incidents. As the main point of contact for IT issues, the service desk is well positioned to help the organization by noticing suspicious activity and serving as role models for secure practices.
6. 6
Security is everyone’s concern
The key to Security Awareness is found in the word itself:
“Security… a team effort, but an individual responsibility”
SEC- -Y
7. Employee Responsibility
7
The OPM hack, the RSA hack, and many others were initiated by an
employee making 2 mistakes. First, clicking a link that led to malware.
Second, not reporting it immediately when something weird happened.
What can you do to help your company?
Be aware; see something, say something
*Malware is software that is intended to damage or disable computers and computer systems
8. Most Common Passwords (2017)
1. 123456 (Unchanged)
2. Password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 2)
5. 12345 (Down 2)
6. 123456789 (New)
7. letmein (New)
8. 1234567 (Unchanged)
9. football (Down 4)
10.iloveyou (New)
11.admin (Up 4)
12.welcome (Unchanged)
13.monkey (New)
8
14. login (Down 3)
15. abc123 (Down 1)
16. starwars (New)
17. 123123 (New)
18. dragon (Up 1)
19. passw0rd (Down 1)
20. master (Up 1)
21. hello (New)
22. freedom (New)
23. whatever (New)
24. qazwsx (New)
25. trustno1 (New)
The password policy within Active
Directory enforces password length,
complexity, and history. This does not in
any way control what the password is, just
how long it is and what characters are
inside of it.
Many people will use easily guessable
passwords like Winter2017 or
Password!@# because they technically
meet the standards but are easy for them
to remember.
9. Is Your Password Secure?
Ensure that your password:
Is a minimum of 8 characters
Is comprised of at least 3 of the following:
• uppercase letter (A, B, C..)
• lowercase letter (a, b, c…)
• numeric (1, 2, 3…)
• special character (#, $,*…)
Has no sequentially repeated characters
Rotate password every 90 days
Is not a dictionary word
Create or Use a passphrase
Is never shared and (never written down)
9
10. Sensitive Data Types
• Employee Data
• Names, addresses, national ID or social security numbers
• Employee Medical Information
• Insurance, accidents
• Financial Information/Payment Card
• Credit Card information: internal and customer
• Bank routing numbers
• Consumer/Customer Information
• Names, email addresses, login, passwords
• Intellectual Property
• Machine drawings, assembly instructions, chemical formulations, recipe
• Source code, what’s your companies secret sauce?
10
11. How information is stored, transferred
• Email
• Corporate file transfer tools
• File Servers
• Online personal storage
• Dropbox, Google Drive, OneDrive, Box.com, etc.
• Password protected files (Office, Zip)
• USB
11
13. Acceptable Use Policy - Email & Internet
Limited personal use is permissible under most policies. However…
Using company networks to access
pornography or gambling sites is strictly
prohibited.
These tools are to help your productivity –
not interfere with your job performance.
Do not use e-mail to distribute files that are
obscene, pornographic, threatening, or harassing.
Do not open attachments or links in unknown or
suspicious email.
Using company resources to establish or maintain your own
personal business should be strictly prohibited.
13
14. Data Leakage
14
Data Leakage is the unauthorized transmission of data (or information) from within an
organization to an external destination or recipient. This may be electronic, or may be via a
physical method.
Be mindful that unauthorized leakage does not automatically mean intentional or malicious.
Unintentional or inadvertent data leakage is also unauthorized.
Examples
Sharing confidential or restricted documents with anyone that shouldn’t see them.
Storing confidential or restricted documents on non-Lincoln Electric assets, such as Dropbox,
your home computer.
Transferring confidential or restricted documents using your personal email or other methods.
15. Social Engineering
Watch out for phishing attempts through email trying to trick you into
providing sensitive information over the internet.
Protect against “dumpster diving” - dispose of sensitive information
properly (e.g., appropriately shredding sensitive paper documents).
Social Engineering occurs when techniques
such as trickery and manipulation are used to
deceive associates into providing useful
Company or personal information. This
information can be used to gain unauthorized
access to company’s most sensitive
information assets. Here are some tips:
Never give out sensitive Company
information or your personal
information over the phone, internet, e-
mail, etc.
15
16. Phishing
16
Phishing email messages, websites, and phone calls are designed to steal
information or money. Cybercriminals can do this by installing malware or
malicious software on your computer.
Cybercriminals also use social engineering to convince you to install
malware or hand over personal information under false pretenses. You
could be sent an email, at work or home, they could call you on the phone,
or you may even see a popup asking you to download and run software.
17. Phishing Phone Calls
17
Treat all unsolicited phone calls with
skepticism. Do not provide any
personal information of yourself or co-
workers.
Cybercriminals might call you on the phone and offer to help solve your computer
problems or sell you a software license. Neither Microsoft nor other partners make
unsolicited phone calls (also known as cold calls) to charge you for computer security or
software fixes.
18. Physical Loss
Before After
18
What is the real cost of a lost
laptop, tablet or smart phone?
• How much private
information could be stolen?
• How many trade secrets?
• How much will you have to
spend to restore your
customers' privacy? Not to
mention their trust - or your
reputation?
20. Service Desk Responsibility
Do you know who to call?
Do you know what to do?
What tools do you have?
What is your responsibility?
Why should the Service Desk care about Security?
1. Everyone’s Responsible for Security
2. Service Desks Are the Eyes and Ears of IT
3. Service Desks Can Communicate Information
Security Messages to Users
4. Service Desks Have a Major Role to Play in
Security Incident Management
5. Service Desk Staff Are Role Models