what to keep in mind during the training of employees against the breach in organization.

1. Examine general training of employees of
your organization with respect to IT.
TEAM BLACK:
HETVI NAIK 101212340
PRIYANKA RAVIKUMAR 101265268
SUBASH GIRI 101165549
UMMEY HUMAYRA PONEY 101308277
UMANG PATEL 101235317

2. INTRODUCTION
• Why the general training is to be given
to the employees?
• The answer to that question is humans
are the most vulnerable asset of any
corporate organisation.
• Human factors needs to be considered
and make them secure first.
• In 2019 state of IT security survey found
that email and employee training was
listed on the top of problems faced by
IT security professionals.

3. • The Email scams (phishing)
• Malware
• Password security
• Removable media
• The safe internet habits
• Social engineering attacks
• Physical security and environment controls
• Clean desk policy
• Data management and privacy
• Bring Your Own Device(BYOD) policy.
THINGS TO
KEEP IN
MIND

4. Let's start..
Solution?
• Spread awareness about this kind
of social attacks with practical
drills.
• Not to open unsolicited emails
• Filter spam
• Be suspicious of attachments in
emails, websites and other
medias.
• Don’t install unauthorized
software or drives.
• Keep antivirus running and up to
date
EMAIL & MALWARE
• Email scams are phishing attacks,
one of the most common method
used by attacker to bypass a
corporate network, people are
most vulnerable to this tricks.
• Malware is dangerous piece of
software which gain access into
organisation and steals the data.
There are number of ways in
which they could get in but one of
them is phishing email.

5. PASSWORD
SECURITY
This may look like small thing but protecting password is really
important , poor password security is one of the biggest threats to
enterprise.
How to create strong password.
• Use unique password for each online account.
• Randomly generate password.
• It should be combination of alphabets , numerical and symbols.
• Using password manager is a good practice.
• Using of multi factor authentication is best way.
• Biometric authentication will be strongest solution to access.

6. REMOVABLE MEDIA
• USBs and CD are useful tools, but
they are threat to organisation at the
same time.
• As they can be manipulated by
attackers to enable malware to
bypass network security defences.
• This can cost a lot of damage to the
corporation.
How to be safe from this kind of
activities?
• Never plug untrusted removable
media into a computer
• Submit doubtful devices to
IT/security department.
• Disable autorun on all computers

7. SAFE INTERNET HABITS
Nowadays the number of malicious
websites are increasing day by day so
safe surfing on internet is very
important.
Employees should be aware of not
opening any of the untrusted websites.
This phony websites are using similar
domain names and just change it
slightly for example googgle.com
instead of google.com.
How to prevent this?
• Employees should know the
difference between the real and
fake one. Along with that the
difference between HTTP and
HTTPS and ability to identify
insecure connection.
• Downloading from torrent sites
should strictly be prohibited.

8. SOCIAL ENGINEERING ATTACKS
It is very dangerous and
unexpected , in this hackers try to
crack the opposite persons mind
and get the information on a
phone call. This type of attack is
known as “Vishing attack”.
Here the attacker will use phony
name and status and convince
victim to give information.
How to be safe?
• Do not trust anyone and give
information without inquiring about
that person who claims to be the
one.
• Training should be given and
awareness about this kind of attack
should be spread.

9. PHYSICAL
SECURITY AND
ENVIRONMENTAL
CONTROLS
Security isn’t about
computer only .
Shoulder surfing ,
impersonation, tailgating,
leave password on paper or
notebook page or on sticky
notes.
Leaving the devices control
after the use.
Physical security
malfunctioning.
How to be safe?
Check the security before
typing the password.
Secure your devices (lock in
safe place / use security
cable)
Always keep an eye behind
you so no once can tailgate.
Asking for ID and proper
verification of defend
against impersonation

10. CLEAN DESK POLICY
 Risk of information theft due to
sensitive information being left
unattended and visible in plain
view.
 Compliance requirement (ISO
27001, Data Protection Act).
 Besides, Clean = Green = Cheap.
 How to be safe?
• CDP should be part of an overall
Company Security Strategy.
• Should be written in clear instruction.
• Should be part of employee
orientation program.
• Regular check-up / monitoring of
policy implementation.
• Always check the surrounding for
suspicious activity.

11. DATA
MANAGEMENT
AND PRIVACY
Organisation have sensitive
information if any of it is exposed
then organisation would be in great
conflict.
They might face significant penalties.
How to keep it safe?
Protect data at every level.
Implement policies for keeping data
safe. Use of encryption software.
Appropriate storage location for
sensitive data.
Multi factor authentication and
password policies.

12. BYOD(BRING-
YOUR-OWN-
DEVICE)POLICY
This enable employees to bring their own device, but
this also falls into the category of a vulnerability as
personal devices are at a great risk.
How to protect personal devices from getting
exploited?
• First, to protect it with a secure strong password.
• Full data encryption on it.
• Usage of private network when the Wi-Fi is not
trustworthy.
• A proper update firewall and anti virus suggested
by security department.
• Regular scanning and not downloading stuff
from malicious websites.

13. CONCLUSION
Employees are a great assets in advancement of
company but are the biggest threat too. They should
be trained about attacks and the policies of keeping
the data safe. Monthly training and meetings to
spread knowledge and suggest tactics to defend this
type of malicious activities should be planned.