This template can serve as a training manual for organizations that want to organize cyber security awareness program for its staff. For maximum results, the points described below must be demonstrated using real life scenarios.
Summary
The content of this awareness template focuses on just three areas
Social Media usage
Email policy
Password Policy
The aim is enlighten the staffs of organizations and prepare them against various Social Engineering techniques which uses the channels stated above .
Social Media
- Avoid posting of sensitive personal information
- Sensitive company’s information must not be posted on social media
- Use the privacy settings on the social media platform to setup who can access your information
- Avoid accepting friend requests from random people online
- If possible avoid using work email for social media
A real scenario should describe how an attacker can easily access too much sensitive information by a user on the social media, and use it to manipulate his/her work colleagues or same user.
Email Policy
- Work email should only be used for work related matters
- Avoid downloading attachment from email sent from a contact address you are not sure about
- Don’t click links on email from a sender you are not sure of
- Any suspicious email received should be reported to the IT security department
A real scenario should describe how a users computer can be hijacked by just clicking a link or email attachment.
Password Policy
- All passwords must be at least a 8 characters in length
- Passwords must have at least one upper-case character, number and special character
- same Passwords should not be used for different purposes
- A good approach to get unique password to easily remember is by using passphrase. Example TTUhasover20%internationalstudents
- password should not be written down on paper
- special software/applications can easily be used to manage passwords
- Never disclose your password to anyone for whatever reason
- Never submit password on surveys and forms such as google form, survey monkey etc
- When using a public computer or device, make sure the option to remember password is not marked before login
A real scenario can describe how an attacker can easily use some technical means to decode weak passwords.
No comments:
Post a Comment