ICT and end user security awareness slides
- 2. 2ExcellencePassion TeamworkIntegrity
IMPORTANCE OF SECURITY
The internet allows an attacker to attack from
anywhere on the planet.
Risks caused by poor security knowledge and
practice:
Identity Theft
Monetary Theft
Legal Ramifications (for yourself and companies)
Termination if company policies are not
followed
- 3. 3ExcellencePassion TeamworkIntegrity
SECURITY VS SAFETY
Security: We must protect
our computers and data in
the same way that we
secure the doors to
our homes.
Safety: We must behave in
ways that protect us
against risks and threats
that come with technology.
- 5. 5ExcellencePassion TeamworkIntegrity
Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users
who know how to
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Criminals:
Create & sell bots -> spam
Sell credit card numbers,…
System Administrators
Some scripts are useful
to protect networks…
- 7. 7ExcellencePassion TeamworkIntegrity
• Spyware symptoms:
Change of your browser homepage/start page
Ending up on a strange site when conducting a search
System-based firewall is turned off automatically
Lots of network activity while not particularly active
Excessive pop-up windows
New icons, programs, favorites which you did not add
Frequent firewall alerts about unknown programs trying to
access the Internet
Bad/slow system performance
If your computer experiences such symptoms, kindly contact
Jubilee ICT
- 9. 9ExcellencePassion TeamworkIntegrity
• A good password is:
private: it is used and known by one
person only
secret: it does not appear in clear text
in any file or program or on a piece of
paper pinned to the terminal
easily remembered: so there is no need
to write it down
- 10. 10ExcellencePassion TeamworkIntegrity
PASSWORD RECOMMENDATIONS
A good password is:
At least 8 characters, complex: a mixture of at least 3
of the following: upper case letters, lower case letters,
digits and punctuation
Not guessable by any program in a reasonable time,
for instance less than one week.
Changed regularly: a good change policy is every 3
months
Beware that someone may see you typing it. If
you accidentally type your password instead of
your login name, it may appear in system log
files
- 11. 11ExcellencePassion TeamworkIntegrity
• Do not open email attachments unless
you are expecting the email with the
attachment and you trust the sender.
• Do not click on links in emails unless you
are absolutely sure of their validity.
• Only visit and/or download software from
web pages you trust.
- 16. 16ExcellencePassion TeamworkIntegrity
SITUATIONAL AWARENESS
• To practice good situational awareness, take the
following precautions, including but not limited to:
–Avoid discussing topics related to
organization business outside
organization premises, whether you
are talking face to face or on the phone
–Remove your security badge after
leaving your work station
- 19. 19ExcellencePassion TeamworkIntegrity
1. Don’t be tricked into giving
away confidential information
• Don’t respond to emails or phone calls
requesting confidential company information
• Always keep in mind that bad guys are
successful because they are convincing.
• Keep on guard and report any suspicious
activity to IT.
- 20. 20ExcellencePassion TeamworkIntegrity
2. Don’t use an unprotected computer
• When you access sensitive information from a non-
secure computer you put the information you’re
viewing at risk.
• Malicious software exists that allows people to easily
snoop on what you’re doing online when accessing
unprotected sites.
• If you’re unsure the computer you’re
using is safe, don’t use it to access
corporate or sensitive data.
- 21. 21ExcellencePassion TeamworkIntegrity
3. Don’t leave sensitive info lying
around the office
• Don’t leave printouts containing private
information on your desk. It’s easy for a visitor to
glance at your desk and see sensitive documents.
• Keep your desk tidy and documents locked away
or shredded when no longer needed.
• It makes the office look more organized, and
reduces the risk of information leaks
- 22. 22ExcellencePassion TeamworkIntegrity
4. Lock your computer and mobile phone
when not in use
• Always lock your computer and mobile phone when
you’re not using them. You work on important things,
and we want to make sure they stay safe and secure.
• Locking these devices keeps both your personal
information and the company’s data and contacts safe
from prying eyes.
- 23. 23ExcellencePassion TeamworkIntegrity
5. Stay alert and report suspicious activity
• Sometimes suspicious activity isn’t as obvious as we
think.
• Be cautious of people you don't know asking for
things, especially online.
• Always report any suspicious activity to IT. If
something goes wrong, the faster we know about it,
the faster we can deal with it
- 24. 24ExcellencePassion TeamworkIntegrity
6. Password-protect sensitive files and
devices
• Always password-protect sensitive files on your
computer, USB flash drive, smartphone, laptop, etc.
• Losing a device can happen to anyone. But by
protecting your device with strong passwords, you
make it difficult for someone to break in and steal
data.
- 25. 25ExcellencePassion TeamworkIntegrity
7. Always use hard-to-guess passwords
• Many people use obvious passwords like “password,”
“cat,” or obvious character sequences on the qwerty
keyboard like “asdfg.”
• Create complex passwords by including different letter
cases, numbers, and even punctuation.
• Try to use different passwords for different websites
and computers.
So if one gets hacked, your other
accounts aren’t compromised.
- 26. 26ExcellencePassion TeamworkIntegrity
8. Be cautious of suspicious emails and
links
• Hackers try to steal email lists from
Companies.Company email addresses are valuable to
attackers, allowing them to create fake emails from
"real people.“
• Always delete suspicious emails from people you
don't know. And never click on the links.
• Opening these emails or clicking on links in them can
compromise your computer without you ever
knowing it
- 27. 27ExcellencePassion TeamworkIntegrity
9. Don’t plug in personal devices without
the OK from IT
• Don’t plug in personal devices such as USBs, MP3
players and smartphones without permission from IT.
• Even a brand new iPod or USB flash drive
• These devices can be compromised
with code waiting to launch
as soon as you plug them into
a computer.
• Talk to jubilee ICT about your devices and
let them advice on the device suitability
- 28. 28ExcellencePassion TeamworkIntegrity
10. Don’t install unauthorized programs
on your work computer
• Malicious applications often pose as legitimate
programs like games, tools or even antivirus software.
• They aim to fool you into infecting your computer
or network.
• If you like an application and think it will be useful,
contact Jubilee ICT and we’ll look into it for you.