ICT and end user security awareness slides

2ExcellencePassion TeamworkIntegrity
IMPORTANCE OF SECURITY
 The internet allows an attacker to attack from
anywhere on the planet.
 Risks caused by poor security knowledge and
practice:
 Identity Theft
 Monetary Theft
 Legal Ramifications (for yourself and companies)
 Termination if company policies are not
 followed

SECURITY VS SAFETY
Security: We must protect
our computers and data in
the same way that we
secure the doors to
our homes.
Safety: We must behave in
ways that protect us
against risks and threats
that come with technology.

Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users
who know how to
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Criminals:
Create & sell bots -> spam
Sell credit card numbers,…
System Administrators
Some scripts are useful
to protect networks…

• Virus
• Worm
• Trojan Horse / Logic Bomb
• Social Engineering
• Rootkits
• Botnets / Zombies

• Spyware symptoms:
 Change of your browser homepage/start page
 Ending up on a strange site when conducting a search
 System-based firewall is turned off automatically
 Lots of network activity while not particularly active
 Excessive pop-up windows
 New icons, programs, favorites which you did not add
 Frequent firewall alerts about unknown programs trying to
access the Internet
 Bad/slow system performance
If your computer experiences such symptoms, kindly contact
Jubilee ICT

• A good password is:
 private: it is used and known by one
person only
 secret: it does not appear in clear text
in any file or program or on a piece of
paper pinned to the terminal
 easily remembered: so there is no need
to write it down

PASSWORD RECOMMENDATIONS
A good password is:
 At least 8 characters, complex: a mixture of at least 3
of the following: upper case letters, lower case letters,
digits and punctuation
 Not guessable by any program in a reasonable time,
for instance less than one week.
 Changed regularly: a good change policy is every 3
months
 Beware that someone may see you typing it. If
you accidentally type your password instead of
your login name, it may appear in system log
files

• Do not open email attachments unless
you are expecting the email with the
attachment and you trust the sender.
• Do not click on links in emails unless you
are absolutely sure of their validity.
• Only visit and/or download software from
web pages you trust.

USE OF SOCIAL MEDIA
• Be aware of what you post online!
• Monitor privacy settings
• Refrain from discussing any work-related
matters on such sites.

REPORT SUSPICIOUS COMPUTER
PROBLEMS
If your system acts
unusual!
13
Report immediately to your
supervisor or IT department
Trojan Horse Spyware Worm

PROTECT YOUR FACILITY
• Protect your facility by following these
general security tips:
 Always use your own badge to enter
a secure area
 Never grant access for someone else
using your badge

Protect your facility by following
these general security tips
Challenge people who do not
display badges or passes.
Report any suspicious activity that
you see to your supervisor or
building security

SITUATIONAL AWARENESS
• To practice good situational awareness, take the
following precautions, including but not limited to:
–Avoid discussing topics related to
organization business outside
organization premises, whether you
are talking face to face or on the phone
–Remove your security badge after
leaving your work station

–Don’t talk about work outside the office
–Avoid activities that may compromise
situational awareness
–Be discreet when retrieving messages from
smart phones or other media

IT Security DOs and
DON’Ts

1. Don’t be tricked into giving
away confidential information
• Don’t respond to emails or phone calls
requesting confidential company information
• Always keep in mind that bad guys are
successful because they are convincing.
• Keep on guard and report any suspicious
activity to IT.

2. Don’t use an unprotected computer
• When you access sensitive information from a non-
secure computer you put the information you’re
viewing at risk.
• Malicious software exists that allows people to easily
snoop on what you’re doing online when accessing
unprotected sites.
• If you’re unsure the computer you’re
using is safe, don’t use it to access
corporate or sensitive data.

3. Don’t leave sensitive info lying
around the office
• Don’t leave printouts containing private
information on your desk. It’s easy for a visitor to
glance at your desk and see sensitive documents.
• Keep your desk tidy and documents locked away
or shredded when no longer needed.
• It makes the office look more organized, and
reduces the risk of information leaks

4. Lock your computer and mobile phone
when not in use
• Always lock your computer and mobile phone when
you’re not using them. You work on important things,
and we want to make sure they stay safe and secure.
• Locking these devices keeps both your personal
information and the company’s data and contacts safe
from prying eyes.

5. Stay alert and report suspicious activity
• Sometimes suspicious activity isn’t as obvious as we
think.
• Be cautious of people you don't know asking for
things, especially online.
• Always report any suspicious activity to IT. If
something goes wrong, the faster we know about it,
the faster we can deal with it

6. Password-protect sensitive files and
devices
• Always password-protect sensitive files on your
computer, USB flash drive, smartphone, laptop, etc.
• Losing a device can happen to anyone. But by
protecting your device with strong passwords, you
make it difficult for someone to break in and steal
data.

7. Always use hard-to-guess passwords
• Many people use obvious passwords like “password,”
“cat,” or obvious character sequences on the qwerty
keyboard like “asdfg.”
• Create complex passwords by including different letter
cases, numbers, and even punctuation.
• Try to use different passwords for different websites
and computers.
So if one gets hacked, your other
accounts aren’t compromised.

8. Be cautious of suspicious emails and
links
• Hackers try to steal email lists from
Companies.Company email addresses are valuable to
attackers, allowing them to create fake emails from
"real people.“
• Always delete suspicious emails from people you
don't know. And never click on the links.
• Opening these emails or clicking on links in them can
compromise your computer without you ever
knowing it

9. Don’t plug in personal devices without
the OK from IT
• Don’t plug in personal devices such as USBs, MP3
players and smartphones without permission from IT.
• Even a brand new iPod or USB flash drive
• These devices can be compromised
with code waiting to launch
as soon as you plug them into
a computer.
• Talk to jubilee ICT about your devices and
let them advice on the device suitability

10. Don’t install unauthorized programs
on your work computer
• Malicious applications often pose as legitimate
programs like games, tools or even antivirus software.
• They aim to fool you into infecting your computer
or network.
• If you like an application and think it will be useful,
contact Jubilee ICT and we’ll look into it for you.

ICT and end user security awareness slides

More Related Content

What's hot

Similar to ICT and end user security awareness slides

Recently uploaded

ICT and end user security awareness slides

Editor's Notes