Cyber Security Training

[Audio] This Cyber Security Training presentation will help the audience to understand cyber security, it's importance, individual responsibilities and safe practices to contribute towards better cyber security structure for Arrow Leadership..

[Audio] Cyber Security is defined as the protection of privacy, integrity, and accessibility of data information in the Cyberspace. Cyberspace is acknowledged as an interaction of persons, software and worldwide technological services. The goal of cybersecurity for organizations is simple, to protect computer-based devices, company-owned data from unauthorized and unexpected access, illegal data changes, and from other potential threats. Our goals for this presentation are to ensure: Basic understanding of Cyber Security Individual responsibility of workers Safe practices regarding Cyber Security.

[Audio] We will be covering the following topics in our Training Presentation: Understanding individual responsibilities towards cyber security as an employee, employer and business owner. Importance of separate passwords for personal and professional use. Beware of phishing Emails and attached malicious links. Avoiding public hotspots or internet connections. Unattended devices and related threats. Avoiding unknown external devices on professional devices..

[Audio] We will further discuss: Importance of Backing-up data on daily basis. Avoid sharing business insights or security mechanisms with irrelevant people or personnel. Installing software updates & keeping security settings up-to date. Keeping donors informed regarding cyber threats and potential malicious activities. Reporting Incidents & Informing Appropriate Manager. On going Training Sessions regarding cyber Security and their importance with-in organisation..

[Audio] Understanding individual responsibilities plays a vital role in overall security of procedures & operations of a business. Each individual needs to understand their role in development of a secure environment. For that: Be well-aware about your role and responsibilities in the organisation and understand that security is an individual task and everyone needs to stay cautious and participate actively towards cyber security. Learn about security procedures, latest news and researches on individual level and keep yourself up-to date. Organizational resources are there to help everyone; Employers, Employees and clients, therefore, use all the resources wisely and according to company policies. Each individual operates devices and utilizes services which are company's property and hence should be kept safe by all means at all times. Safe IT policies provided by organization are highly important and should be read and practiced by everyone..

[Audio] Strong and Secure passwords are highly important for protection of devices and data. Compromised passwords can lead to unauthorized access to the systems and devices, bringing potential harms for organization. For better security and safety: Use separate passwords for private and professional use. For example, Passwords used for social media should not be used for official email accounts. Strong passwords do not have any chunk of information which make them easily breakable. Avoid using birth dates, names, mobile numbers or other such personal information in passwords. Use combination of alphabets, numbers and characters instead of sequential names or numbers. Sharing your passwords can be more harmful than you can ever imagine. Passwords should be kept safe and should not be shared with any family member, friend or colleague. Using combination of Upper and Lower Case Alphabets helps to increase the strength of your password. Passwords should be at least 10 to 12 characters long and must have combinations. Two-factor authentication makes your devices, systems, emails and several accounts pretty safe. Use 2 factor authentication wherever it is available and add more security to applications and softwares..

[Audio] Phishing emails bring great threats and therefore, must be identified to avoid any breaches or compromising of data. Phishing emails are embedded with malicious links or direct you to a website or page which has malicious pop-ups. Each employee needs to pay attention on such emails and should: Be-aware of any email which looks suspicious, or malicious. The best way, to avoid such emails is disregard emails which do not concern the business in any way like marketing or advertisement emails. While sending phishing emails, the attackers use email addresses or URL links which look similar to the original but if keenly observed can be identified as different. Therefore, pay attention to every email id and links which are part of any email, even if the email is coming from colleagues or clients. Do not click and open any unwanted link attached in your emails. Emails are widely used for communication with in the organization and with clients and other entities. But avoid sharing any sensitive information on your emails without confirming the identity of receiver. Malicious links can lead to a malicious websites, page or can install potential viruses on your devices. Therefore, please do not open any unnecessary link. If any link on your emails, lead you to a homepage or message where you are requested to provide your personal credentials, please close the link immediately and do not share any of your personal credentials anywhere to avoid potential threats..

[Audio] Similarly, Avoid installing unknown or irrelevant softwares on your professional devices. For enhanced security reasons, only the system administrator should be able to install the softwares which means that any installation on the system or device should be password protected and not available for individuals. Professional devices and resources should be used for organizational responsibilities and thus, avoid visiting unwanted websites from professional devices. Websites, softwares and applications can carry malwares and viruses, which can not only hinder the operations on effected devices but can also lead to potential cyber breaches or attacks. For example, Torrent websites can install potential malwares on your devices..

[Audio] Public hotspots are unsecure, unencrypted and vulnerable to several potential threats and attacks. Public hotspots should be avoided for security reasons as: Threat actors commonly known as attackers often use such networks to steal personal information, data or credentials of users from such unsecure connections. The login page which is used to connect to a public hotspot can be forged and used to steal login credentials of a user. These compromised credentials can be misused on several other platforms. Similarly, sessions of a webpage can be hijacked. This means, if you are using a website and you logged into it, an attacker can steal session information and login-in the same account and can send malicious emails or messages to your contacts using your accounts. This can bring catastrophic results especially, if financial transactions are involved..

[Audio] Unattended devices are the easiest targets for not only cyber criminals but for common thieves too. Therefore: If you have to leave your device un attended in office, always remember to sign out of your device before you leave your desk. Similarly, practice signing out of your devices anywhere, even at home, when you are not using them. If you leave your device un-attended and on your return anything looks suspicious about it, for example tabs on screen or location of your device, check your device thoroughly and investigate about it. Leaving devices un-attended bring several harms as they can be: Stolen Corrupted with malware Breached for information Misused by unauthorized person.

[Audio] External devices like, portable hard drives, USB, CD, memory cards, mobile phones or other such devices should only be plugged in your device if you are completely sure about their security and ownership. Avoiding unknown devices is important because: Unknown devices can be used to transfer potential threats or malwares to your device. These devices can also be used in information and data theft. It is better to use external devices provided by the company or devices strictly used for professional use on your personal official devices. Organizational resources should not be used for personal objectives. Any external device used for professional tasks should not be used to store personal data, installing softwares, or downloading files. Keep your devices and external devices safe from any potential threat actor or attacker..

[Audio] The purpose of the backup is to create a copy of data that can be recovered in the event of a primary data failure. Primary data failures can be the result of hardware or software failure, data corruption, or a human-caused event, such as a malicious attack ( virus or malware), or accidental deletion of data. Second back-up can be physical back-ups like CD, DVD or external Hard Drives. Such back-ups add another layer of security to the system. Backing-up data comes with a cost of management and storage but it is worth it to spend money for this operation as it can be a great savior in the time of crisis such as cyber attack. Backing up data helps to gain competitive advantages as it helps in retaining clients and maintaining a connection with them. Redundant work can be avoided by using back ups as the same entries do not need to be entered again and again. Accessing information becomes easier with back ups and thus it improves overall productivity of the organization is enhanced. Back-ups are highly important in restoring services and operations after a cyber attack or system failure. The more efficiently a company or organization backs up their data, the easier it is for them to resume operations. When the data is safe, all stake holders can enjoy peace of mind. Employees do not need to worry about working again on same entities, employers can audit the work anytime, owners can access the sytem and data at their ease and thus back ups make life easier for every stake holder..

[Audio] Every year, malware causes damage of millions of dollars in all over world. The Main reason is that users don't install critical software or Windows updates. Installing software and security updates helps to: Remove bugs from older version of software. The bugs and vulnerabilities reported in previous version of a software are eliminated in newer updates, So, keep our softwares up-to date for enhanced security. Installing new software updates add new features to your software. These features can be related to physical appearance or User Interface of software, its workflow or newer operations are added to the software. By keeping our softwares up-to date, we can use them on our devices without any compatibility issue with the operating system. Out dated softwares stop working or crash at times, causing disruption in work flow. There are vulnerabilities and loopholes in every software which attackers can exploit and thus, updates provide software revisions and help in addressing and reducing such vulnerabilities. Cyber Space is a dynamic space and new threats and vulnerabilities come up everyday. Installing software updates regularly provides defense against such emerging threats and keeps the system secure. Moreover, installing updates help in smoother functionality of softwares. It helps the workers to work efficiently and focus in a better way. Thus, software and security updates should not be neglected..

[Audio] Awareness of donors also helps the business. It helps in connecting with donors in a better way and earning their trust by not only making their financial transactions secure but also, by making their credentials and other information safe. Maintaining an ongoing communication with donors through emails or messages helps them to stay aware about organization. Awareness emails and messages should be sent to donors, so they don't share any of their personal information to a phishing email. Keep the donors informed about various threats and vulnerabilities that they may cause for themselves or for the organization. Donors should be encouraged to play their role in secure ecosystem. In case of potential breaches or expected attacks, inform your donors beforehand. It is highly important to devise procedures for donors to report any incident to the organisation. Actions should be taken right away to protect the system accordingly. As the donations or donors are asset for the organization, their security should be a priority..

[Audio] Incident reporting and responses come in action after a potential failure, attack or mistake. Such incidents should be reported immediately to relevant authorities to avoid or mitigate the threats. An organization should be ready at all times to face any threat or attack. There must be proper procedures and plans for such events. Responding to a cyber-attack or failure of system needs immediate actions to prevent the losses. Back-ups and response plans help to restore the operations efficiently in case of any breach, system or software failure. There must be a proper chain of personnel in the organisation to report such incidents. Mistakes happen all the time but they should not be kept hidden or masked. Instead, report any action that you think can lead to potential vulnerability or exploitation of a loophole. Hiding a mistake can become an even greater mistake at times. For example, if your personal information, password or any credential has been compromised somehow, change your password immediately and report it to the authorities so any vulnerability in the system can be addressed properly. Keep learning and adapting to newer situations and procedures..

[Audio] Cybersecurity training is the process of educating your workforce about the various information security threats that they're vulnerable to and the policies and procedures that can secure them against these threats. Cyber security is an ongoing and continuous process. As the cyber space and threats are dynamic, therefore, prevention mechanisms and procedures too change rapidly. On going training sessions helps in understanding and equipping employees with latest knowledge and procedures. When everyone starts understanding their individual responsibilities and safe practices are followed with in the organisation, a culture of cyber security is developed. Training sessions also help in promotion of this culture. It is difficult to understand and remember security procedures at once and therefore, training sessions after regular intervals help employees to compliance with organizational security procedures. Input from employees helps in making better security procedures and also helps in problem solving. Learning everything at once can be exhausting. It is also difficult to start practicing all procedures at once. These on going trainings can help in learning by creating smaller stepping stones and thus, help in well-being of employees. Both professionally and mentally..

[Audio] Keep an Eye and report the following immediately if detected by any user: If any phishing email is detected report it so that other colleagues and users can be prevented from it too. Check user logs regularly and report any Unauthorized access to the system. If there are any unknown files in your devices, run a system virus scan and report the issue. Frequent crashing of any software can be signal of presence of a potential threat, so, report it. Unavailability of any service on the website needs to be reported immediately. Suspicious email from any colleague or donor can be harmful and alarming. Reporting such emails can save others from potential threats. Report compromised passwords and change them right away. Also, keep changing your passwords at least once a year for better security. If any unauthorized activity is detected on office network report it to the concerned authorities. If there is any potential threat that may arise in future, or if there is a chance of exploitation of any vulnerability, report it immediately so that the threats can be mitigated..

[Audio] As it is always said: "A chain is no stronger than its weakest link" Pay attention to your actions and responsibilities and try, not to be the weakest link. Thank You!.