Presentation PowerPoint

[Audio] Welcome to CyberSecurity Awareness Training 2026. Our goal is to give you practical habits to protect people, data, and systems—and to spot, stop, and report threats quickly. • Why it matters: one careless click can become a company‑wide incident. • What you'll get: clear examples, simple actions, and a short certification quiz. • Your role: security is everyone's responsibility—ask when in doubt..

[Audio] Cybersecurity is the practice of protecting systems and data from malicious actors. It safeguards sensitive information, keeps operations running, and reduces legal and financial risk. • Protect sensitive data: personal, financial, and confidential business info. • Business continuity: prevent disruptions that damage trust and reputation. • Risk reduction: avoid regulatory penalties and downstream costs..

[Audio] Think of security as a repeatable process. The NIST‑aligned cycle—Identify, Protect, Detect, Respond, Recover—keeps us focused on preparation, visibility, action, and learning. • Identify & Protect: know assets, apply MFA, patching, least privilege. • Detect: monitor logs, email filtering, and EDR for anomalies. • Respond & Recover: contain, communicate, restore cleanly, and improve..

[Audio] Social engineering targets people rather than firewalls. Attackers exploit trust across email, SMS, voice, social, and even QR codes to steal credentials, plant malware, or divert payments. • Mindset: trust but verify—unexpected = suspect until proven otherwise. • Goal of attackers: quick access to accounts, data, or money. • Your best defense: slow down, validate the request, and report..

[Audio] Phishing comes in many flavors—email, SMS, search ads, QR codes, social messages, voice calls, and targeted spear phishing—but the endgame is always theft. • Spear phishing uses personal details to look legitimate. • Vishing increasingly leverages AI‑cloned voices to pressure action. • Treat unexpected links/attachments as high risk until verified..

[Audio] Most phishing attempts reveal themselves if you pause and inspect. Look for urgency, mismatched sender details, odd requests, errors, suspicious links, or unusual payment/MFA behaviors. • Hover before you click—verify the true destination URL. • Watch for public email domains and subtle typos in addresses. • Beware MFA fatigue: deny unexpected prompts and report..

[Audio] Correct response beats clever attacks. Verify through known channels, report immediately, and avoid engaging with the message—don't click, reply, or bypass warnings. • Use the Report Phishing button, then delete and block the sender. • Never share passwords, MFA codes, or payment info via email. • If in doubt, contact IT/Security for confirmation..

[Audio] Length is the single biggest driver of password strength. Complexity helps, but each additional character increases cracking time exponentially—aim long first. • Target 12+ characters; longer is better for high‑value accounts. • Use a manager to generate/store strong, unique credentials. • Avoid reusing passwords across systems..

[Audio] Strong credentials follow three rules: long, unique, and random. A password manager makes these rules realistic by remembering for you. • Goal: 14–16+ characters when possible. • One account = one password to contain breaches. • Avoid patterns or personal info—mix cases, numbers, symbols..

[Audio] Passphrases turn length into memory‑friendly strength. Choose 4–5 unrelated words, add a simple separator and one symbol/number, and avoid famous quotes or clichés. • Example pattern: Word‑Word‑Word‑Word + ! or 7. • Keep each passphrase unique per account and store it securely. • Only memorize your password manager's master passphrase..

[Audio] Multi‑Factor Authentication adds a critical layer. SMS/email is OK, authenticator apps are better, and hardware security keys offer the strongest, phishing‑resistant protection. • Prefer app‑based codes or push over SMS/email. • For sensitive systems, use FIDO2/U2F hardware keys. • Never approve unexpected MFA prompts—report them..

[Audio] Ransomware volume and sophistication keep rising, including double extortion where data is stolen even if ransom is paid. Prevention, detection, and recovery discipline are essential. • Assume backups will be targeted—keep offline/immutable copies. • Harden endpoints, patch quickly, and monitor for lateral movement. • Practice your incident response plan before you need it..

[Audio] Everyday hygiene blocks most malware. Verify sources, separate work and personal accounts, store secrets in a manager, keep systems patched, and operate with least privilege. • Enable AV/EDR and scan removable drives. • Don't delay updates—'remind me later' creates exposure windows. • Avoid running as local admin for daily tasks..

[Audio] Recent breaches reinforce fundamentals: rotate keys, segment critical systems, maintain reliable backups, and ensure a rehearsed IR plan. Attackers exploit weak links and third parties. • Evaluate third‑party access and patch exposed edge devices. • Segment networks to limit blast radius. • Test restores and practice incident response regularly..

[Audio] Physical and network habits matter offsite. Protect against USB risks and unsafe public Wi‑Fi—prefer mobile data or VPN, and encrypt removable media. • Use data‑blocking adapters; never plug found USBs into your device. • Confirm Wi‑Fi SSIDs and connect to the corporate VPN immediately. • Avoid sensitive work on open networks when possible..

[Audio] Know the early warning signs: slowdowns, random restarts, missing or renamed files, unexpected resets, disabled security tools, or odd network activity. Act fast to contain risk. • Disconnect from the network and call IT Security immediately. • Do not try to 'clean it' yourself—preserve evidence for triage. • Report even if you're unsure—small anomalies matter..

[Audio] Security is a shared responsibility. Think before you click, use long unique credentials with MFA, keep devices updated, follow safe practices on networks and USBs, and report issues quickly. • Complete the quiz to certify this training. • Enroll in the password manager and register MFA today. • Questions or help: [email protected]..