SlideShare a Scribd company logo

Security awareness-checklist 2019

Mustafa Kuğu
Mustafa Kuğu

Security awareness-checklist 2019

Technology
1 of 12
Download to read offline
Security awareness training The 2019 The Essential Cyber Security Checklist
The protection of confidential information is vital for every organization. The purpose of security awareness training is to develop competence and company culture that saves money and creates a human firewall guarding against an ever increasing threat of rep- utational and actual damage and data loss. This is a list of the most common security threats that your employees need to be aware of. There are of course more threats out there. This is just a starting point with the most common ones that should be the foundation of your training efforts. Awareness raising must be interesting enough to get people’s atten- tion and short enough to be remembered. Security awareness is a compliance issue and is needed to accomdate standards such as ISO27001, PCI-DSS and many country or state laws. Security awareness is an essential part of employee training and is the most effective way to keep companies safe from intruders and hacks. We hope this list helps to identify at least some of the threats that are around today. Common Security Risks
Essentials A modern company needs informed employees who have a basic understanding of where security risks lie Internet Safe browsing and understanding http or https, phishing sites, and common threats on the web Working from home using a laptop or even a phone can cause a security risk if the employee is not aware of the risks Out of Office Privacy With increased regulations to guard personally identifiable information, mistakes can be very expensive Email An understanding of phishing, malicious attachments and when it is proper to use email and when not At the Office Handling confidential content, printed or digital. Disposing of it correctly and not leaving it laying around are all risks Social Awareness Understanding where the risks are and how social engineering works is essential to securing access to a workplace and data Mobile Mobile phones today are mini computers that can hold valuable information
A data leak is the intentional or unintentional release of secure or private/ confidential information to an untrusted environment. Failure to report a leak can have severe consequences for the individual and lead to hefty fines for the company. Data Leaks Ransomware is malware or a virus that encrypts the data on your computer or in some cases your whole network. You cannot access your files or pictures until you pay the ransom, or sometimes not even then. Ransomware Documents, memos, email, and contacts can be stolen if you leave your phone unlocked. It is important to guard the information. Always keep your phone locked when you’re not using it. Phone Locking Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. Vishing Essentials Privacy Essentials Internet Essentials Mobile Mobile Social
Leaving your computer unlocked and unattended can cause serious problems if someone else has access to it. Unattended Computer Managing multiple passwords can be hard, but it is essential to have different passwords for different sensitive accounts. Same Password Email is still an important communication tool for business organizations. Attachments represent a potential security risk. They can contain malicious content, open other dangerous files, or launch applications, etc. Malicious Attachments Removable media is a common way to move larger amounts of data. The risks are numerous, including data loss, malware threats and misplacement resulting in reputational damage. Removable Media Essentials Internet Mobile Out of office Privacy
A USB key drop is when a hacker leaves a USB stick on the ground or in an open space, hoping that someone will plug it into their computer, giving access to their computer and all files they have access to on the network. USB Key Drop Social engineering is the use of a deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes often tricking people into breaking normal security procedures. Social Engineering Dumpster diving is a technique to retrieve sensitive information that could be used to access a computer network. It isn’t limited to searching through the trash for documents. Dumpster Diving Spyware and malware are types of software that enables a hacker to obtain covert information about another’s computer activities by transmitting data from the computer or Spyware Out of Office Social Awareness Essentials Email Internet
A chain mail attempts to convince the recipient to pass it on to others. The risk is that email addresses will be distributed to a malicious person, and the email can include links to malware. Chain Mail The CEO scam is when a hacker impersonates executives and tricks employees into sending sensitive information. This includes using social engineering to manipulate people and their actions. CEO Scam Maintaining a clean desk includes not leaving sensitive documents on the desk, not writing passwords on sticky notes, cleaning sensitive information off a white board, and not leaving an access card where it might be stolen. Clean Desk Keep software up to date to defend against serious issues. Viruses, spyware, and other malware rely on unpatched and outdated software. Computer Installs At the Office Email Social Awareness Internet At the Office Social Awareness At the Office Internet
Choosing a good password is necessary. Choose one that has at least 8-10 characters and use at least one number, one uppercase letter, one lowercase letter, and one special symbol. Do not use any words that are in the dictionary. Password Choosing a good password is just a start. Use different passwords for different accounts and don’t leave the password where it can be found. Don’t send credentials by email or store them in an unsecure location. Password Handling Printing documents and leaving them in the printer can give unauthorized persons access to confidential data. Printouts Private media is often not regulated and sometimes unsecure. Understanding the ways a hacker might gain access to unauthorized data is important. Confidential Material Essentials Essentials Essentials At the Office
Tailgating, sometimes called piggybacking, is a physical security breach where an unauthorized person follows an authorized one into a secure location. Tailgating Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing Hypertext Transfer Protocol Secure (HTTPS) is a variant of the standard web transfer protocol (HTTP) that adds a layer of security to the data in transit. HTTPS Spear Phishing is the practice of studying individuals and their habits, and then using that information to send specific emails from a known or trusted sender’s address in order to obtain confidential information. Spear Phising Essentials Email Social Awareness Essentials Email Social Awareness
Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords, and other confidential data by looking over the victim’s shoulder. Shoulder Surfing People usually use free WiFi without thinking. One of the most common open WiFi attacks is called a Man-in-the-Middle (MitM) attack, where a hacker can monitor all traffic and get sensitive information. Free WiFi Home networks are often set up in a rush to get connectivity ready as soon as possible. Most people do not take any steps to secure their home network, making them vulnerable to hackers. Home WiFi A keylogger is a piece of malicious software or hardware (a small device connected to the computer keyboard) that records every key- stroke you make on a keyboard. Keylogger Out of Office Internet At the Office Out of office Internet
This simple list is hopefully helpful for security personnel or data protection officers in defending against cyber criminals and finding potential security risks. We try to update this list with new content as often as possible. If you feel that anything is missing. Please let us know at awarego@awarego.com. We think of security awareness as a marketing campaign instead of a training effort, and it should be enjoyable. About the List Ragnar experienced first hand the challenges orga- nizations face when training employees on proper security measures. He saw employees doze off and lose complete interest during security awareness training. That is why he started AwareGO in 2007: there had to be a better way to bring the security message to the masses and make workplaces safer. Ragnar Sigurdsson Ethical Hacker, CISSP At AwareGO we use marketing principles and humor to urge employees to become more aware and com- pliant within today’s volatile organizations. AwareGO follows what is happening in security today and pro- vides organizations of all sizes with the tools they need to train their employees to keep sensitive data safe and secure. AwareGO Security Awareness and Compliance
Phone +354 899 4370 Email awarego@awarego.com Address AwareGO, Borgartun 27, 105 Reykjavik Iceland Get In Touch

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
User security awareness
User security awarenessUser security awareness
User security awarenessK. A. M Lutfullah
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 

More Related Content

What's hot

End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 

What's hot (20)

End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 

Similar to Security awareness-checklist 2019

cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Anwar CHFI, SSCP, ITIL
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe TNS Group
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptxTapan Khilar
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awarenessKanishk Raj
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password ProtectionNikhil D
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
How to Ensure Complete Data Protection at Work?
How to Ensure Complete Data Protection at Work?How to Ensure Complete Data Protection at Work?
How to Ensure Complete Data Protection at Work?XNSPY
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesBryTech INC
 

Similar to Security awareness-checklist 2019 (20)

cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Mobile security
Mobile securityMobile security
Mobile security
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social Engineering
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
How to Ensure Complete Data Protection at Work?
How to Ensure Complete Data Protection at Work?How to Ensure Complete Data Protection at Work?
How to Ensure Complete Data Protection at Work?
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling Enterprises
 
Information security
Information securityInformation security
Information security
 

More from Mustafa Kuğu

Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdfMarmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdfMustafa Kuğu
 
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdfKVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdfMustafa Kuğu
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyMustafa Kuğu
 
CenturyDX-IT-Company
CenturyDX-IT-CompanyCenturyDX-IT-Company
CenturyDX-IT-CompanyMustafa Kuğu
 
Dataliva Company Brief 2024
Dataliva Company Brief 2024Dataliva Company Brief 2024
Dataliva Company Brief 2024Mustafa Kuğu
 
Right Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptxRight Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptxMustafa Kuğu
 
Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)Mustafa Kuğu
 
Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)Mustafa Kuğu
 
Telenity Solutions Brief
Telenity Solutions BriefTelenity Solutions Brief
Telenity Solutions BriefMustafa Kuğu
 
Netmera Presentation.pdf
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdfMustafa Kuğu
 
NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform Mustafa Kuğu
 
NTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfMustafa Kuğu
 
PRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRMPRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRMMustafa Kuğu
 
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdfInypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdfMustafa Kuğu
 
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdfAçık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdfMustafa Kuğu
 
Startup Business Models
Startup Business ModelsStartup Business Models
Startup Business ModelsMustafa Kuğu
 
Navigating VC Negotiations
Navigating VC NegotiationsNavigating VC Negotiations
Navigating VC NegotiationsMustafa Kuğu
 
Quantum Computing Market Report
Quantum Computing Market ReportQuantum Computing Market Report
Quantum Computing Market ReportMustafa Kuğu
 

More from Mustafa Kuğu (20)

Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdfMarmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
 
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdfKVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5Company
 
KVKK-Kararlar.pdf
KVKK-Kararlar.pdfKVKK-Kararlar.pdf
KVKK-Kararlar.pdf
 
CenturyDX-IT-Company
CenturyDX-IT-CompanyCenturyDX-IT-Company
CenturyDX-IT-Company
 
Dataliva Company Brief 2024
Dataliva Company Brief 2024Dataliva Company Brief 2024
Dataliva Company Brief 2024
 
Right Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptxRight Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptx
 
Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)
 
Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)
 
Telenity Solutions Brief
Telenity Solutions BriefTelenity Solutions Brief
Telenity Solutions Brief
 
Netmera Presentation.pdf
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
 
NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
 
NTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdf
 
PRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRMPRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRM
 
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdfInypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
 
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdfAçık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
 
Startup Business Models
Startup Business ModelsStartup Business Models
Startup Business Models
 
Navigating VC Negotiations
Navigating VC NegotiationsNavigating VC Negotiations
Navigating VC Negotiations
 
Quantum Computing Market Report
Quantum Computing Market ReportQuantum Computing Market Report
Quantum Computing Market Report
 
Product Metrics
Product MetricsProduct Metrics
Product Metrics
 

Recently uploaded

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Security awareness-checklist 2019

  • 1. Security awareness training The 2019 The Essential Cyber Security Checklist
  • 2. The protection of confidential information is vital for every organization. The purpose of security awareness training is to develop competence and company culture that saves money and creates a human firewall guarding against an ever increasing threat of rep- utational and actual damage and data loss. This is a list of the most common security threats that your employees need to be aware of. There are of course more threats out there. This is just a starting point with the most common ones that should be the foundation of your training efforts. Awareness raising must be interesting enough to get people’s atten- tion and short enough to be remembered. Security awareness is a compliance issue and is needed to accomdate standards such as ISO27001, PCI-DSS and many country or state laws. Security awareness is an essential part of employee training and is the most effective way to keep companies safe from intruders and hacks. We hope this list helps to identify at least some of the threats that are around today. Common Security Risks
  • 3. Essentials A modern company needs informed employees who have a basic understanding of where security risks lie Internet Safe browsing and understanding http or https, phishing sites, and common threats on the web Working from home using a laptop or even a phone can cause a security risk if the employee is not aware of the risks Out of Office Privacy With increased regulations to guard personally identifiable information, mistakes can be very expensive Email An understanding of phishing, malicious attachments and when it is proper to use email and when not At the Office Handling confidential content, printed or digital. Disposing of it correctly and not leaving it laying around are all risks Social Awareness Understanding where the risks are and how social engineering works is essential to securing access to a workplace and data Mobile Mobile phones today are mini computers that can hold valuable information
  • 4. A data leak is the intentional or unintentional release of secure or private/ confidential information to an untrusted environment. Failure to report a leak can have severe consequences for the individual and lead to hefty fines for the company. Data Leaks Ransomware is malware or a virus that encrypts the data on your computer or in some cases your whole network. You cannot access your files or pictures until you pay the ransom, or sometimes not even then. Ransomware Documents, memos, email, and contacts can be stolen if you leave your phone unlocked. It is important to guard the information. Always keep your phone locked when you’re not using it. Phone Locking Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. Vishing Essentials Privacy Essentials Internet Essentials Mobile Mobile Social
  • 5. Leaving your computer unlocked and unattended can cause serious problems if someone else has access to it. Unattended Computer Managing multiple passwords can be hard, but it is essential to have different passwords for different sensitive accounts. Same Password Email is still an important communication tool for business organizations. Attachments represent a potential security risk. They can contain malicious content, open other dangerous files, or launch applications, etc. Malicious Attachments Removable media is a common way to move larger amounts of data. The risks are numerous, including data loss, malware threats and misplacement resulting in reputational damage. Removable Media Essentials Internet Mobile Out of office Privacy
  • 6. A USB key drop is when a hacker leaves a USB stick on the ground or in an open space, hoping that someone will plug it into their computer, giving access to their computer and all files they have access to on the network. USB Key Drop Social engineering is the use of a deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes often tricking people into breaking normal security procedures. Social Engineering Dumpster diving is a technique to retrieve sensitive information that could be used to access a computer network. It isn’t limited to searching through the trash for documents. Dumpster Diving Spyware and malware are types of software that enables a hacker to obtain covert information about another’s computer activities by transmitting data from the computer or Spyware Out of Office Social Awareness Essentials Email Internet
  • 7. A chain mail attempts to convince the recipient to pass it on to others. The risk is that email addresses will be distributed to a malicious person, and the email can include links to malware. Chain Mail The CEO scam is when a hacker impersonates executives and tricks employees into sending sensitive information. This includes using social engineering to manipulate people and their actions. CEO Scam Maintaining a clean desk includes not leaving sensitive documents on the desk, not writing passwords on sticky notes, cleaning sensitive information off a white board, and not leaving an access card where it might be stolen. Clean Desk Keep software up to date to defend against serious issues. Viruses, spyware, and other malware rely on unpatched and outdated software. Computer Installs At the Office Email Social Awareness Internet At the Office Social Awareness At the Office Internet
  • 8. Choosing a good password is necessary. Choose one that has at least 8-10 characters and use at least one number, one uppercase letter, one lowercase letter, and one special symbol. Do not use any words that are in the dictionary. Password Choosing a good password is just a start. Use different passwords for different accounts and don’t leave the password where it can be found. Don’t send credentials by email or store them in an unsecure location. Password Handling Printing documents and leaving them in the printer can give unauthorized persons access to confidential data. Printouts Private media is often not regulated and sometimes unsecure. Understanding the ways a hacker might gain access to unauthorized data is important. Confidential Material Essentials Essentials Essentials At the Office
  • 9. Tailgating, sometimes called piggybacking, is a physical security breach where an unauthorized person follows an authorized one into a secure location. Tailgating Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing Hypertext Transfer Protocol Secure (HTTPS) is a variant of the standard web transfer protocol (HTTP) that adds a layer of security to the data in transit. HTTPS Spear Phishing is the practice of studying individuals and their habits, and then using that information to send specific emails from a known or trusted sender’s address in order to obtain confidential information. Spear Phising Essentials Email Social Awareness Essentials Email Social Awareness
  • 10. Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords, and other confidential data by looking over the victim’s shoulder. Shoulder Surfing People usually use free WiFi without thinking. One of the most common open WiFi attacks is called a Man-in-the-Middle (MitM) attack, where a hacker can monitor all traffic and get sensitive information. Free WiFi Home networks are often set up in a rush to get connectivity ready as soon as possible. Most people do not take any steps to secure their home network, making them vulnerable to hackers. Home WiFi A keylogger is a piece of malicious software or hardware (a small device connected to the computer keyboard) that records every key- stroke you make on a keyboard. Keylogger Out of Office Internet At the Office Out of office Internet
  • 11. This simple list is hopefully helpful for security personnel or data protection officers in defending against cyber criminals and finding potential security risks. We try to update this list with new content as often as possible. If you feel that anything is missing. Please let us know at awarego@awarego.com. We think of security awareness as a marketing campaign instead of a training effort, and it should be enjoyable. About the List Ragnar experienced first hand the challenges orga- nizations face when training employees on proper security measures. He saw employees doze off and lose complete interest during security awareness training. That is why he started AwareGO in 2007: there had to be a better way to bring the security message to the masses and make workplaces safer. Ragnar Sigurdsson Ethical Hacker, CISSP At AwareGO we use marketing principles and humor to urge employees to become more aware and com- pliant within today’s volatile organizations. AwareGO follows what is happening in security today and pro- vides organizations of all sizes with the tools they need to train their employees to keep sensitive data safe and secure. AwareGO Security Awareness and Compliance
  • 12. Phone +354 899 4370 Email awarego@awarego.com Address AwareGO, Borgartun 27, 105 Reykjavik Iceland Get In Touch