SlideShare a Scribd company logo

ICT and end user security awareness slides

J
jubke

This document discusses the importance of security for computer users and provides tips to improve security practices. It notes that the internet allows attackers to strike from anywhere in the world and that poor security can lead to identity theft, monetary theft, legal issues, and job termination. It distinguishes between security, which protects computers and data, and safety, which protects users from technology risks. The document provides examples of different types of attackers and threats like viruses, worms, Trojan horses, and botnets. It offers recommendations for creating strong passwords, avoiding suspicious emails and links, and not installing unauthorized programs or plugging in personal devices without permission.

Related slideshows

Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
1 of 29
User Awareness and Practices
2ExcellencePassion TeamworkIntegrity IMPORTANCE OF SECURITY  The internet allows an attacker to attack from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not  followed
3ExcellencePassion TeamworkIntegrity SECURITY VS SAFETY Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
4ExcellencePassion TeamworkIntegrity
5ExcellencePassion TeamworkIntegrity Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks…
6ExcellencePassion TeamworkIntegrity • Virus • Worm • Trojan Horse / Logic Bomb • Social Engineering • Rootkits • Botnets / Zombies
7ExcellencePassion TeamworkIntegrity • Spyware symptoms:  Change of your browser homepage/start page  Ending up on a strange site when conducting a search  System-based firewall is turned off automatically  Lots of network activity while not particularly active  Excessive pop-up windows  New icons, programs, favorites which you did not add  Frequent firewall alerts about unknown programs trying to access the Internet  Bad/slow system performance If your computer experiences such symptoms, kindly contact Jubilee ICT
ICT and end user security awareness slides
9ExcellencePassion TeamworkIntegrity • A good password is:  private: it is used and known by one person only  secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal  easily remembered: so there is no need to write it down
10ExcellencePassion TeamworkIntegrity PASSWORD RECOMMENDATIONS A good password is:  At least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation  Not guessable by any program in a reasonable time, for instance less than one week.  Changed regularly: a good change policy is every 3 months  Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
11ExcellencePassion TeamworkIntegrity • Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. • Do not click on links in emails unless you are absolutely sure of their validity. • Only visit and/or download software from web pages you trust.
12ExcellencePassion TeamworkIntegrity USE OF SOCIAL MEDIA • Be aware of what you post online! • Monitor privacy settings • Refrain from discussing any work-related matters on such sites.
13ExcellencePassion TeamworkIntegrity REPORT SUSPICIOUS COMPUTER PROBLEMS If your system acts unusual! 13 Report immediately to your supervisor or IT department Trojan Horse Spyware Worm
14ExcellencePassion TeamworkIntegrity PROTECT YOUR FACILITY • Protect your facility by following these general security tips:  Always use your own badge to enter a secure area  Never grant access for someone else using your badge
15ExcellencePassion TeamworkIntegrity Protect your facility by following these general security tips Challenge people who do not display badges or passes. Report any suspicious activity that you see to your supervisor or building security
16ExcellencePassion TeamworkIntegrity SITUATIONAL AWARENESS • To practice good situational awareness, take the following precautions, including but not limited to: –Avoid discussing topics related to organization business outside organization premises, whether you are talking face to face or on the phone –Remove your security badge after leaving your work station
17ExcellencePassion TeamworkIntegrity –Don’t talk about work outside the office –Avoid activities that may compromise situational awareness –Be discreet when retrieving messages from smart phones or other media
18ExcellencePassion TeamworkIntegrity IT Security DOs and DON’Ts
19ExcellencePassion TeamworkIntegrity 1. Don’t be tricked into giving away confidential information • Don’t respond to emails or phone calls requesting confidential company information • Always keep in mind that bad guys are successful because they are convincing. • Keep on guard and report any suspicious activity to IT.
20ExcellencePassion TeamworkIntegrity 2. Don’t use an unprotected computer • When you access sensitive information from a non- secure computer you put the information you’re viewing at risk. • Malicious software exists that allows people to easily snoop on what you’re doing online when accessing unprotected sites. • If you’re unsure the computer you’re using is safe, don’t use it to access corporate or sensitive data.
21ExcellencePassion TeamworkIntegrity 3. Don’t leave sensitive info lying around the office • Don’t leave printouts containing private information on your desk. It’s easy for a visitor to glance at your desk and see sensitive documents. • Keep your desk tidy and documents locked away or shredded when no longer needed. • It makes the office look more organized, and reduces the risk of information leaks
22ExcellencePassion TeamworkIntegrity 4. Lock your computer and mobile phone when not in use • Always lock your computer and mobile phone when you’re not using them. You work on important things, and we want to make sure they stay safe and secure. • Locking these devices keeps both your personal information and the company’s data and contacts safe from prying eyes.
23ExcellencePassion TeamworkIntegrity 5. Stay alert and report suspicious activity • Sometimes suspicious activity isn’t as obvious as we think. • Be cautious of people you don't know asking for things, especially online. • Always report any suspicious activity to IT. If something goes wrong, the faster we know about it, the faster we can deal with it
24ExcellencePassion TeamworkIntegrity 6. Password-protect sensitive files and devices • Always password-protect sensitive files on your computer, USB flash drive, smartphone, laptop, etc. • Losing a device can happen to anyone. But by protecting your device with strong passwords, you make it difficult for someone to break in and steal data.
25ExcellencePassion TeamworkIntegrity 7. Always use hard-to-guess passwords • Many people use obvious passwords like “password,” “cat,” or obvious character sequences on the qwerty keyboard like “asdfg.” • Create complex passwords by including different letter cases, numbers, and even punctuation. • Try to use different passwords for different websites and computers. So if one gets hacked, your other accounts aren’t compromised.
26ExcellencePassion TeamworkIntegrity 8. Be cautious of suspicious emails and links • Hackers try to steal email lists from Companies.Company email addresses are valuable to attackers, allowing them to create fake emails from "real people.“ • Always delete suspicious emails from people you don't know. And never click on the links. • Opening these emails or clicking on links in them can compromise your computer without you ever knowing it
27ExcellencePassion TeamworkIntegrity 9. Don’t plug in personal devices without the OK from IT • Don’t plug in personal devices such as USBs, MP3 players and smartphones without permission from IT. • Even a brand new iPod or USB flash drive • These devices can be compromised with code waiting to launch as soon as you plug them into a computer. • Talk to jubilee ICT about your devices and let them advice on the device suitability
28ExcellencePassion TeamworkIntegrity 10. Don’t install unauthorized programs on your work computer • Malicious applications often pose as legitimate programs like games, tools or even antivirus software. • They aim to fool you into infecting your computer or network. • If you like an application and think it will be useful, contact Jubilee ICT and we’ll look into it for you.
29ExcellencePassion TeamworkIntegrity

More Related Content

ICT and end user security awareness slides

  • 2. 2ExcellencePassion TeamworkIntegrity IMPORTANCE OF SECURITY  The internet allows an attacker to attack from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not  followed
  • 3. 3ExcellencePassion TeamworkIntegrity SECURITY VS SAFETY Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
  • 5. 5ExcellencePassion TeamworkIntegrity Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks…
  • 6. 6ExcellencePassion TeamworkIntegrity • Virus • Worm • Trojan Horse / Logic Bomb • Social Engineering • Rootkits • Botnets / Zombies
  • 7. 7ExcellencePassion TeamworkIntegrity • Spyware symptoms:  Change of your browser homepage/start page  Ending up on a strange site when conducting a search  System-based firewall is turned off automatically  Lots of network activity while not particularly active  Excessive pop-up windows  New icons, programs, favorites which you did not add  Frequent firewall alerts about unknown programs trying to access the Internet  Bad/slow system performance If your computer experiences such symptoms, kindly contact Jubilee ICT
  • 9. 9ExcellencePassion TeamworkIntegrity • A good password is:  private: it is used and known by one person only  secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal  easily remembered: so there is no need to write it down
  • 10. 10ExcellencePassion TeamworkIntegrity PASSWORD RECOMMENDATIONS A good password is:  At least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation  Not guessable by any program in a reasonable time, for instance less than one week.  Changed regularly: a good change policy is every 3 months  Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
  • 11. 11ExcellencePassion TeamworkIntegrity • Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. • Do not click on links in emails unless you are absolutely sure of their validity. • Only visit and/or download software from web pages you trust.
  • 12. 12ExcellencePassion TeamworkIntegrity USE OF SOCIAL MEDIA • Be aware of what you post online! • Monitor privacy settings • Refrain from discussing any work-related matters on such sites.
  • 13. 13ExcellencePassion TeamworkIntegrity REPORT SUSPICIOUS COMPUTER PROBLEMS If your system acts unusual! 13 Report immediately to your supervisor or IT department Trojan Horse Spyware Worm
  • 14. 14ExcellencePassion TeamworkIntegrity PROTECT YOUR FACILITY • Protect your facility by following these general security tips:  Always use your own badge to enter a secure area  Never grant access for someone else using your badge
  • 15. 15ExcellencePassion TeamworkIntegrity Protect your facility by following these general security tips Challenge people who do not display badges or passes. Report any suspicious activity that you see to your supervisor or building security
  • 16. 16ExcellencePassion TeamworkIntegrity SITUATIONAL AWARENESS • To practice good situational awareness, take the following precautions, including but not limited to: –Avoid discussing topics related to organization business outside organization premises, whether you are talking face to face or on the phone –Remove your security badge after leaving your work station
  • 17. 17ExcellencePassion TeamworkIntegrity –Don’t talk about work outside the office –Avoid activities that may compromise situational awareness –Be discreet when retrieving messages from smart phones or other media
  • 19. 19ExcellencePassion TeamworkIntegrity 1. Don’t be tricked into giving away confidential information • Don’t respond to emails or phone calls requesting confidential company information • Always keep in mind that bad guys are successful because they are convincing. • Keep on guard and report any suspicious activity to IT.
  • 20. 20ExcellencePassion TeamworkIntegrity 2. Don’t use an unprotected computer • When you access sensitive information from a non- secure computer you put the information you’re viewing at risk. • Malicious software exists that allows people to easily snoop on what you’re doing online when accessing unprotected sites. • If you’re unsure the computer you’re using is safe, don’t use it to access corporate or sensitive data.
  • 21. 21ExcellencePassion TeamworkIntegrity 3. Don’t leave sensitive info lying around the office • Don’t leave printouts containing private information on your desk. It’s easy for a visitor to glance at your desk and see sensitive documents. • Keep your desk tidy and documents locked away or shredded when no longer needed. • It makes the office look more organized, and reduces the risk of information leaks
  • 22. 22ExcellencePassion TeamworkIntegrity 4. Lock your computer and mobile phone when not in use • Always lock your computer and mobile phone when you’re not using them. You work on important things, and we want to make sure they stay safe and secure. • Locking these devices keeps both your personal information and the company’s data and contacts safe from prying eyes.
  • 23. 23ExcellencePassion TeamworkIntegrity 5. Stay alert and report suspicious activity • Sometimes suspicious activity isn’t as obvious as we think. • Be cautious of people you don't know asking for things, especially online. • Always report any suspicious activity to IT. If something goes wrong, the faster we know about it, the faster we can deal with it
  • 24. 24ExcellencePassion TeamworkIntegrity 6. Password-protect sensitive files and devices • Always password-protect sensitive files on your computer, USB flash drive, smartphone, laptop, etc. • Losing a device can happen to anyone. But by protecting your device with strong passwords, you make it difficult for someone to break in and steal data.
  • 25. 25ExcellencePassion TeamworkIntegrity 7. Always use hard-to-guess passwords • Many people use obvious passwords like “password,” “cat,” or obvious character sequences on the qwerty keyboard like “asdfg.” • Create complex passwords by including different letter cases, numbers, and even punctuation. • Try to use different passwords for different websites and computers. So if one gets hacked, your other accounts aren’t compromised.
  • 26. 26ExcellencePassion TeamworkIntegrity 8. Be cautious of suspicious emails and links • Hackers try to steal email lists from Companies.Company email addresses are valuable to attackers, allowing them to create fake emails from "real people.“ • Always delete suspicious emails from people you don't know. And never click on the links. • Opening these emails or clicking on links in them can compromise your computer without you ever knowing it
  • 27. 27ExcellencePassion TeamworkIntegrity 9. Don’t plug in personal devices without the OK from IT • Don’t plug in personal devices such as USBs, MP3 players and smartphones without permission from IT. • Even a brand new iPod or USB flash drive • These devices can be compromised with code waiting to launch as soon as you plug them into a computer. • Talk to jubilee ICT about your devices and let them advice on the device suitability
  • 28. 28ExcellencePassion TeamworkIntegrity 10. Don’t install unauthorized programs on your work computer • Malicious applications often pose as legitimate programs like games, tools or even antivirus software. • They aim to fool you into infecting your computer or network. • If you like an application and think it will be useful, contact Jubilee ICT and we’ll look into it for you.

Editor's Notes

  1. \