Vous êtes sur la page 1sur 12

Security

Awareness
Training

The 2019
Essential
Cyber Security
Checklist
The protection of confidential
information is vital for every
organization. The purpose of
security awareness training is
to develop competence and
company culture that saves
money and creates a human
firewall guarding against an
ever increasing threat of rep-
utational and actual damage
and data loss.

Common Security Risks


This is a list of the most common security threats that your
employees need to be aware of. There are of course more threats out
there. This is just a starting point with the most common ones that
should be the foundation of your training efforts.

Awareness raising must be interesting enough to get people’s atten-


tion and short enough to be remembered.

Security awareness is a compliance issue and is needed to accommo-


date standards such as ISO27001, PCI-DSS and many country or state
laws. Security awareness is an essential part of employee training and
is the most effective way to keep companies safe from intruders and
hacks.

We hope this list helps to identify at least some of the threats that are
around today.
Essentials Email
A modern company needs An understanding of phishing,
informed employees who have a malicious attachments and
basic understanding of when it is proper to use email
where security risks lie and when not

Internet At the Office


Safe browsing and Handling confidential content,
understanding http or https, printed or digital. Disposing of it
phishing sites, and correctly and not leaving it laying
common threats on the web around are all risks

Out of Office Social Awareness


Working from home using a Understanding where the risks
laptop or even a phone can are and how social engineering
cause a security risk if the employee works is essential to securing
is not aware of the risks access to a workplace and data

Privacy Mobile
With increased regulations to Mobile phones today are mini
guard personally identifiable computers that can hold
information, mistakes valuable information
can be very expensive
Data Leaks Essentials Privacy

A d at a l e ak i s t h e intentiona l or
u n i n t e n t i o n al re l ea s e of s ec u re or priva te /
c o n f i d e n t i al i n fo r ma tion to a n u ntru sted
e n v i ro n m e n t . Fai lu re to repor t a lea k c a n ha ve
s eve re c o n s e q u e nc es for the indiv idu a l a nd
l e ad t o h eft y f i n es for the c ompa ny.

Ransomware Essentials Internet

Ran s o m ware i s m a lwa re or a v iru s tha t


e n c r y pt s t h e d at a on you r c ompu ter or in s ome
c as e s yo u r w h o l e net work . You c a nnot a c c es s
yo u r f i l e s o r p i c t ures u ntil you pa y the ra ns om,
o r s o m et i m e s n ot even then.

Phone Locking Essentials Mobile

Do c u m e n t s, m e mos, ema il, a nd c onta c ts c a n


b e st o l e n i f yo u l ea ve you r phone u nloc ked.
I t i s i m p o r t an t t o gu a rd the informa tion.
A l ways ke e p yo ur phone loc ked w hen you ’ re
n ot u s i n g i t .

Vishing Mobile Social

V i s h i n g i s t h e t e lephone equ iva lent of


p h i s h i n g . I t i s d e sc ribed a s the a c t of u s ing
t h e t e l e p h o n e i n a n a t tempt to s c a m the u s er
i n t o s u r re n d e r i n g priva te informa tion tha t
w i l l b e u s e d fo r i dentit y theft .
Unattended Computer

Le av i n g yo u r c o mpu ter u nloc ked a nd


u n at t e n d e d c an c a u s e s eriou s problems
i f s o m e o n e e l s e ha s a c c es s to it .

Same Password Essentials Internet Mobile

M an ag i n g m u l t i p l e pa s swords c a n be ha rd,
b u t i t i s e s s e n t i al to ha ve different
p as swo rd s fo r d i fferent s ens itive a c c ou nts.

Malicious Attachments
E m ai l i s st i l l an i m por ta nt c ommu nic a tion
t o o l fo r b u s i n e s s orga niza tions. At ta c hments
re p re s e n t a p ot e n tia l s ec u rit y ris k . They c a n
c o n t ai n m al i c i o u s c ontent , open other
d an g e ro u s f i l e s, or la u nc h a pplic a tions, etc .

Removable Media Out of office Privacy

R e m ovab l e m e d i a is a c ommon wa y to move


l arg e r am o u n t s of da ta . The ris ks a re
n u m e ro u s, i n c l u ding da ta los s, ma lwa re
t h re at s an d m i s p la c ement res u lting in
re p u t at i o n al d ama ge.
USB Key Drop Out of Office Social Awareness

A U S B key d ro p i s w hen a ha c ker lea ves a


U S B st i c k o n t h e grou nd or in a n open
s p ac e , h o p i n g t h at s omeone w ill plu g it
i n t o t h e i r c o m p u ter, giv ing a c c es s to their
c o m p u t e r an d al l files they ha ve a c c es s
t o o n t h e n et wo r k .

Social Engineering
S o c i al e n g i n e e r i ng is the u s e of a dec eption
t o m an i p u l at e i n d iv idu a ls into div u lging
c o n f i d e n t i al o r p ers ona l informa tion tha t
m ay b e u s e d fo r fra u du lent pu rpos es often
t r i c k i n g p e o p l e i nto brea king norma l
s e c u r i t y p ro c e d u res.

Dumpster Diving
Du m p st e r d i v i n g is a tec hniqu e to
ret r i eve s e n s i t i ve informa tion tha t c ou ld be
u s e d t o ac c e s s a c ompu ter net work . I t is n’ t
l i m i t e d t o s e arc h i ng throu gh the tra s h for
d o c u m e n t s.

Spyware Essentials Email Internet

S py ware an d m alwa re a re t y pes of s oft wa re


t h at e n ab l e a h acker to obta in c over t
i n fo r m at i o n ab o u t a nother ’s c ompu ter
ac t i v i t i e s by t ran s mit ting da ta from the
c o m p u t e r o r g ai n ing direc t a c c es s to it .
Chain Letter At the Office Email

A c h ai n l et t e r at tempts to c onv inc e the


re c i p i e n t t o p as s it on to others. The ris k is
t h at e m ai l ad d re s s es w ill be distribu ted to a
m al i c i o u s p e rs o n , a nd the ema il c a n inc lu de
l i n ks t o m al ware .

CEO Scam Social Awareness Internet

T h e C EO s c am i s w hen a ha c ker impers ona tes


exe c u t i ve s an d t r ic ks employees into
s e n d i n g s e n s i t i ve informa tion. This inc lu des
u s i n g s o c i al e n g i neering to ma nipu la te
p e o p l e an d t h e i r a c tions.

Clean Desk At the Office Social Awareness

M ai n t ai n i n g a c l ea n des k inc lu des not


l e av i n g s e n s i t i ve doc u ments on the des k ,
n ot w r i t i n g p as swords on stic ky notes,
c l e an i n g s e n s i t i ve informa tion off a w hite
b o ard , an d n ot l ea v ing a n a c c es s c a rd
w h e re i t m i g h t b e stolen.

Computer Installs At the Office Internet

Ke e p s oft ware u p to da te to defend


ag ai n st s e r i o u s i ss u es. V iru s es,
s py ware , an d ot h er ma lwa re rely on
u n p at c h e d an d o utda ted s oft wa re.
Password Essentials

C h o o s i n g a g o o d pa s sword is nec es s a r y.
C h o o s e o n e t h at ha s a t lea st 8 - 1 0 c ha ra c ters
an d at l e ast o n e nu mber, one u pperc a s e let ter,
o n e l owe rc as e l et ter, a nd one s pec ia l sy mbol.
Do n ot u s e an y words tha t a re in the
d i c t i o n ar y.

Password Handling Essentials

C h o o s i n g a g o o d pa s sword is ju st a sta r t .
U s e d i f fe re n t p asswords for different
ac c o u n t s an d d o n’ t lea ve the pa s sword w here
i t c an b e fo u n d . D on’ t s end c redentia ls by
e m ai l o r st o re t h em in a n u ns ec u re loc a tion.

Printouts Essentials At the Office

Pr i n t i n g d o c u m e nts a nd lea v ing them


i n t h e p r i n t e r c an give u na u thorized
p e rs o n s ac c e s s t o c onfidentia l da ta .

Confidential Material
Pr i vat e m e d i a i s often not regu la ted a nd
s o m et i m e s u n s e c u re. Understa nding the
ways a h ac ke r m ight ga in a c c es s to
u n au t h o r i ze d d ata is impor ta nt .
Tailgating
Tai l g at i n g , s o m et imes c a lled piggy ba c king,
i s a p h ys i c al s e c u rit y brea c h w here a n
u n au t h o r i ze d p e rs on follows a n a u thorized
o n e i n t o a s e c u re loc a tion.

Phishing Essentials Email Social Awareness

P h i s h i n g i s t h e f ra u du lent pra c tic e of


s e n d i n g e m ai l s p u rpor ting to be from
re p u t ab l e c o m p a nies in order to indu c e
i n d i v i d u al s t o revea l pers ona l informa tion,
s u c h as p as swo rds a nd c redit c a rd nu mbers.

HTTPS Essentials Email Social Awareness

H y p e r t ex t Tran s fer Protoc ol Sec u re


( H T T P S ) i s a var i a nt of the sta nda rd web
t ran s fe r p rot o c o l (HTTP) tha t a dds a la yer
of s e c u r i t y t o t h e da ta in tra ns it .

Spear Phising
S p e ar P h i s h i n g i s the pra c tic e of stu dy ing
i n d i v i d u al s an d t heir ha bits, a nd then u s ing
t h at i n fo r m at i o n to s end s pec ific ema ils
f ro m a k n ow n o r tru sted s ender ’s a ddres s in
o rd e r t o o bt ai n confidentia l informa tion.
Shoulder Surfing
S h o u l d e r s u r f i n g is a t y pe of s oc ia l
e n g i n e e r i n g t e c h niqu e u s ed to obta in
i n fo r m at i o n s u c h a s pers ona l identific a tion
n u m b e rs, p as swords, a nd other c onfidentia l
d at a by l o o k i n g over the v ic tim’s s hou lder.

Free WiFi Out of Office Internet

Pe o p l e u s u al l y u s e free W iF i w ithou t thinking.


O n e of t h e m o st c ommon open W iF i a t ta c ks
i s c al l e d a M an - i n- the - Middle (MitM) a t ta c k ,
w h e re a h ac ke r c a n monitor a ll tra ffic a nd get
s e n s i t i ve i n fo r m a tion.

Home WiFi Out of office Internet

H o m e n et wo r ks are often s et u p in a ru s h to
g et c o n n e c t i v i t y rea dy a s s oon a s pos s ible.
M o st p e o p l e d o not ta ke a ny steps to s ec u re
t h e i r h o m e n et work , ma king them v u lnera ble
t o h ac ke rs.

Keylogger At the Office

A key l o g g e r i s a piec e of ma lic iou s s oft wa re


o r h ard ware ( a s ma ll dev ic e c onnec ted to the
c o m p u t e r key b o ard) tha t rec ords ever y key-
st ro ke yo u m ake on a key boa rd.
About the List
This simple list is hopefully helpful for security personnel or data
protection officers in defending against cyber criminals and finding
potential security risks.

We try to update this list with new content as often as possible. If you
feel that anything is missing. Please let us know at
awarego@awarego.com.

We think of security awareness as a marketing campaign instead of a


training effort, and it should be enjoyable.

Ragnar Sigurdsson
Founder & CEO, Ethical Hacker, CISSP

Ragnar experienced first hand the challenges orga-


nizations face when training employees on proper
security measures. He saw employees doze off and
lose complete interest during security awareness
training. That is why he star ted AwareGO in 2007:
there had to be a better way to bring the security
message to the masses and make workplaces safer.

AwareGO
Simple & Effective Security Awareness

At AwareGO we use marketing principles and humor


to urge employees to become more aware and com-
pliant within today’s volatile organizations. AwareGO
follows what is happening in security today and pro-
vides organizations of all sizes with the tools they
need to train their employees to keep sensitive data
safe and secure.
Get In Touch

Phone
+354 899 4370

Email
awarego@awarego.com

Address
AwareGO, Borgartun 27, 105 Reykjavik Iceland