PowerPoint Presentation

[Audio] Hi Everyone! Welcome to the Cybersecurity Training for Meralco Employees..

[Audio] Let's start the discussion by identifying our goals. What are we aiming on this training? Our goal is to enhance employee awareness and understanding of cybersecurity best practices to minimize the risk of cyber threats and protect sensitive information. We will also learn the following: Introduction to Cybersecurity, Best Practices for Cybersecurity, Protecting Sensitive Information and Incident Response. In line with this training, you will also have an assessment at the end of this training to measure your learning..

[Audio] To start with, let's discuss all about Cybersecurity. To introduce cybersecurity to you, we will define cybersecurity and why is it important..

[Audio] To define Cybersecurity, It is the protection of internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from digital attacks. Cybersecurity helps to protect our data and systems from digital attacks. Why is it important? Because it safeguards digital systems, networks, and data from unauthorized access, damage, and misuse, ensuring the confidentiality, integrity, and availability of information..

[Audio] As discussed, cybersecurity is crucial and important in a company. And some benefits of Cybersecurity are the following: it is essential for protecting sensitive information, preventing cyber threats, ensuring business continuity, preserving privacy, safeguarding critical infrastructure, complying with regulations, mitigating financial losses, and fostering trust in the digital ecosystem. We need to take note that It is an ongoing and evolving effort that requires constant attention and proactive measures to stay ahead of emerging threats..

[Audio] And we know that cybersecurity has a lot of benefits. But in any case, that there will be a breached, we also have consequences to experience. These consequences are wide-ranging and can have a lasting impact on individuals, businesses, and societies. Some of the most common consequences are Data loss and theft, financial losses, reputational damage, disruption of business operations, legal and regulatory consequences, damage to critical infrastructure, and intellectual property theft. Recognizing these potential outcomes underscores the critical importance of implementing robust cybersecurity measures, fostering a cyber-resilient culture, and continuously adapting to evolving threats to safeguard sensitive information and protect against cyber attacks..

[Audio] Now, let us proceed with identifying the most common cybersecurity threats. We have Phishing, Malware, Ransomware and Social Engineering. Let's start with Phishing..

[Audio] To define what is phishing, it is a form of social engineering technique which exploits human vulnerability. It involves tricking individuals into revealing sensitive information, such as passwords or credit card details, by impersonating a legitimate entity through emails, messages, or websites. Phishing is the most common cybersecurity threats of all. We mostly receive phishing attacks thru emails..

[Audio] We need to watch out for few indicators of a Phishing email. As we can see from the sample email, there are 7 most common indicators of a Phishing email. First, the sender of an email. We need to Check who sent the email. Validate the email by checking the email address to see if it came from a legitimate sender. Does the email address looks legit? Second, check the subject. Phishing emails usually starts with an urgent subject. Third, watch out for generic greetings such as "Dear Customer" or "Hello Employee". Fourth, check if the sender is asking you for any information like your password, bank account details, or other sensitive data. If so, this is clearly a phishing email. Fifth, check before you click. Hover over links before clicking them to see its true destination. If it redirects you to a suspicious or unexpected location, do not click it! Sixth, watch out for suspicious grammar and characters. Phishing emails usually has grammatical errors. And lastly, do not open any suspicious or unexpected attachments in an email. By taking extra precautions, we will avoid taking the bait!.

[Audio] Moving on to the next, Malware. To define what is Malware, it is a form of malicious software in which any file or program can be used to harm a computer user. Different types of malware include worms, viruses, Trojans and spyware. It gains unauthorized access or to cause damage to a computer. Malware is mostly linked with phishing. As hackers usually tricks individuals into clicking on links or downloading an attachment or file that contains malicious codes which will cause malware to enter your computers and infect them..

[Audio] It is important to know if our computers are infected with a malware. What are the signs of a malware infection? Here are the list of the most common indicators of a malware infection. Sluggish computer performance, such as slow startup, frequent crashes, or unresponsive programs. Unexpected system behavior, such as the appearance of new icons, desktop background changes, or unfamiliar toolbars. Excessive and unwanted pop-up advertisements. Disabled or malfunctioning antivirus or security software. Files or folders becoming inaccessible or getting encrypted. Unauthorized changes to system settings or browser configurations. Random system errors or error messages. And Unexpected system restarts or shutdowns..

[Audio] Now that we are familiar with Phishing and Malware, let us discuss what Ransomware is. Ransomware is a type of malware that encrypts a victim's files or locks their entire system until a ransom is paid to the attacker. Ransomware attacks can cause significant financial losses and operational disruptions for both individuals and organizations. So we can also get infected with Ransomware thru a Phishing email with a suspicious link and attachment..

[Audio] It is crucial to act right away if our computers or systems will get infected with a ransomware. Here are few indicators of a ransomware attack: Inability to access or open files, as they have been encrypted by the ransomware. Appearance of ransom notes or messages demanding payment in exchange for decryption keys. Changes in file extensions or file names indicating encryption. Decreased system performance or slowdowns. Disabled or malfunctioning security software. And Pop-up windows or notifications displaying ransom demands..

[Audio] Now that we know what may cause these cyberattacks and the indicators of each of them, let us familiarize ourselves with the best tips on avoiding these from happening. We need to Be cautious with email attachments and links, especially from unknown or suspicious sources. Keep your operating system and software up to date with the latest security patches. Use reputable antivirus and anti-malware software and keep them regularly updated. Practice safe browsing habits and avoid visiting suspicious websites or downloading files from untrusted sources. And Regularly backup your important data and keep backups offline or in a secure, separate location..

[Audio] Lastly, let us discuss Social Engineering. Social engineering involves manipulating individuals into divulging sensitive information or performing actions that could compromise security. This can include techniques such as impersonation, pretexting, baiting, or tailgating..

[Audio] Let's be aware to avoid being a victim of social engineering. We should Be cautious about sharing personal information online or over the phone, especially with unknown individuals or organizations. Double-check the authenticity of emails, messages, or phone calls requesting sensitive information or urgent action before responding. Use strong, unique passwords for all accounts and enable two-factor authentication when available. Be skeptical of offers or requests that seem too good to be true and be wary of unsolicited communications. And always Validate the Identity of a suspicious person reaching out to you..

[Audio] Let us proceed with discussing the best cybersecurity practices..

[Audio] Under Security Controls, we have a couple of examples that we need to adopt and apply as part of the best practices for Cybersecurity. We need to make sure that all our devices, software that we use, and system owned by Meralco are kept up to date and automatic updates is enabled company wide. Regular updates strengthen the security and add patches that close security vulnerabilities. We also need to make sure that antivirus is installed in your computers to protect our devices from viruses, spywares, malwares, ransomware and phishing scams. Lastly, lock your computers when leaving your desk. Protect and lock away paper files with sensitive data. In this manner, we will be able to exercise physical security in the office..

[Audio] It is best to keep user access always updated. In this manner, we should do the following: Regularly reviewing and updating user access privileges to align with changes in job roles or responsibilities. Implementing the principle of least privilege, granting users only the necessary access rights based on their roles and responsibilities. Disabling or revoking access for terminated employees or users who no longer require access to systems or data. Conducting periodic access audits to ensure compliance with policies and identify any unauthorized or excessive access privileges. Regularly monitoring and updating access controls, privileges, and permissions to maintain a secure and well-managed user access environment..

[Audio] It is also important to have a secured password for our accounts. This is where password management takes its place. We need to: Use strong and unique passwords for each online account. Avoiding common and easily guessable passwords, such as "123456" or "password." Regularly updating passwords and avoiding password reuse across multiple accounts. Enabling two-factor authentication for an extra layer of security. Being cautious about sharing passwords and avoiding storing them in insecure locations. Regularly reviewing and updating passwords for critical accounts and privileged access. Implementing policies and guidelines for password management within organizations to ensure consistent practices..

[Audio] We can see from the table the standard password construction and management. It should be atleast 9 characters long, with a combination of uppercase letters, lowercase letters, numbers and special characters. Also, passwords should be changed regularly atleast every 30 days. When changing your passwords, it can only be re-used after 5 times. And, lastly, after 5 failed login attempt, your account will temporarily be lock out. Keep in mind that password management is the responsibility of the employee. You should always safeguard your passwords..

[Audio] To manage the company owned devices, we need solutions such as Mobile Device management and security tools. As these are made to centrally manage and secure mobile devices, smartphones, tablets, computers, laptops, etc. It allows administrators to configure devices, enforce security policies, and distribute applications remotely..

[Audio] To be safe when using the internet and email, we need to: Use strong and unique passwords for each online account. Being cautious with email attachments and links, avoiding clicking on suspicious or unknown sources. Being mindful of sharing personal information online and practicing privacy settings on social media. Being cautious when downloading files or installing software, verifying their authenticity from trusted sources. And Avoiding suspicious websites and pop-up advertisements. Verifying the authenticity of emails before clicking on links or providing sensitive information. Avoiding sharing sensitive information or credentials via email..

[Audio] We need to Stay Alert! Never trust anything that asks you to click on it (particularly pop-ups) without checking its legitimacy. Be wary of any file attachment on emails when you are not expecting them..

[Audio] One crucial task for a company is to train all employees with Information Security and Cybersecurity awareness. Establish clear policies to enforce Information Security. This is to help users and employees understand their role in helping combat information security breaches..

[Audio] Lastly, Be vigilant! If you notice something suspicious, alert your supervisor, manager, ICT department, CyberIncident Response Team or company to help ensure that the incident is handled quickly..

[Audio] Let us proceed with the discussion of how to protect Meralco information. information refers to the data that is collected, processed, organized, and utilized to support business operations, decision-making, and communication at various levels and functions within the company. Why do we need to protect these information? Because if exposed or accessed without authorization, this could result in harm, privacy breaches, or legal and financial consequences..

[Audio] Following the standard Meralco Information Classification, we have 4 data classifications which are the following: Public, Confidential, Highly Confidential and Restricted. Let's dig deeper and understand each classification and what are the common examples of each data classifications. Let's start with Public Information. These are intended to be readily available to the general public. Common examples are Company Awards and recognitions, employee newsletter and magazines, or content in Meralco website. So these are for public viewing and can be accessed and shared easily. Then we have Confidential Information. These are intended for internal or outside distribution among Meralco, its employees, and third parties who has been given authorized access or business need-to-know. Common examples are Contracts, Non-Disclosure Agreements, Inter-office memorandums or Internal company policy documents. These are usually documents that are only intended for internal use or external use depending on the authorization granted. On the other hand, Highly Confidential Information refers to the Sensitive Personal Information (SPI) and Personal Identifiable Information (PII) described in Data Privacy Act of 2012. These are anything that identifies someone. Best examples are SSS details, PhilHealth, Medical records, etc., other examples can be Litigation documents or Board of Directors Resolution. Lastly, we have Restricted Information. From the word restricted, meaning, these information/documents are only intended to a limited number of recipients. Best examples are Purchasing data, Franchise information or Strategic corporate plans and roadmaps..

[Audio] Some of the Best practices of proper information handling are the following: Implementing strong data security measures, such as encryption and access controls. Regularly backing up important data and storing backups securely. Complying with relevant laws and regulations regarding data privacy and protection. Conducting regular security assessments and audits to identify and address vulnerabilities. Securely disposing of data when it is no longer needed. Restricting access to sensitive information on a need-to-know basis. Conducting thorough due diligence when sharing data with third parties..

[Audio] To give an example of violation of Information Handling, we have here a scenario where in you disclosed a confidential document that needs authorization with the vendor without seeking guidance with your manager. Now, let us check what our policy states: We need to consult before disclosing ANY information to external parties or even internal parties. Now, based on the violation, this is a direct hit on this policy. But let us check these 2 policies for further information. Based on our COREC or Code on Right Employee Conduct Rule 4B - CONFIDENTIALITY OF WORK AND INFORMATION It states that Without proper authority, revealing, releasing, transferring or divulging confidential information or data to individuals other than authorized persons. And what if we violate this policy? The sanction will be suspension to dismissal, depending upon the gravity of the offense..

[Audio] Now, let us check the 2nd policy, Which is from our Information Security Policy, 2.2.4 – Disclosure of Confidential Information to External Party. It states that All confidential information shall only be disclosed to an External Party when expressly authorized in writing by the Management and/or Information Asset Custodian or Approving Authority. Disclosure shall be preceded by a written non-disclosure agreement between parties, which shall include the purpose of disclosure and validity date of the agreement, and all agreements that may be required by policies and guidelines that may be adopted by the company. Same with the first policy, the sanction will be suspension to dismissal, depending upon the gravity of the offense. In short, a direct violation with this policy could lead to grave sanctions that's why we need to be careful and make sure to avoid any actions that will violate this policy..

[Audio] Lastly, we will be discussing all about Incident Response. What is Incident Response, why is it important and how to report an incident?.

[Audio] Before we proceed with discussing the Incident Response, let us first talk about what is an Incident. An incident refers to any adverse event or occurrence that poses a threat to the confidentiality, integrity, or availability of information or systems. Now, what does Incident Response means? It is a process to handle a data breach or cyberattack, including the way the company attempts to manage the consequences of the incident..

[Audio] So what is the importance of timely reporting an Incident? Of course, timely reporting an incident will mainly contain the breach. It will lessen the change on infecting other systems or computers and avoid grave consequences. It will also reduce the change of Data Loss and minimize potential damages and business disruptions. Also, we will be able to remediate the cause of the incident. Depending on severity of the breach or attack, there should be corresponding SLA's on when or how long will these be remediated..

[Audio] Now, let us discuss how incident reports are received. We have 4 main channels where Incident reports are usually received. We have first which is Incident reports that are received thru our security tools. These are alerts and notifications that are fired by the security tools which are received by our Cyber Incident Response Team to further investigate and respond to the incident. Second will be thru our ticketing system. So we can report an incident by raising and creating a ticket with all details needed to address an incident. 3rd channel would be thru chat. We can chat our Cyber Incident Response Team to consult and report an incident as needed. And lastly, we have the most common channel where incidents are being reported. This is thru email. We can email them directly on the email address provided, group.cyberincidentresponse@meralco.com.ph with all details regarding the incident. Just to give you an idea what is the process flow for reporting an incident, first, Cyber Incident Response Team receives the Security Incident Report may it be thru the security tool, ticketing system, chat or email. Then, the team will commence an investigation proper to know more about the Incident, take necessary actions to remediate the incident. After investigating the Incident, comes the communication of the team to the involved employees/individuals. This includes the specific person involved and the immediate supervisor/manager for visibility. After these steps, then comes the mitigation and resolution to the said Incident..

[Audio] Let me cite the most common security incidents so far. We have Phishing Emails, Ransomware Attack, Suspected Malware Infection, Unusual Account Activities and Suspected Account Compromise. These are mostly discussed earlier during our discussion. We must remember that even though we have different kinds of security incidents, we will all end up following the same process, same procedures on trying to close and resolve an incident. But to provide a real life scenario, let us use Phishing and Malware Infection. Let's say you are working from home. Upon logging in and opening your email, you happen to receive an urgent email coming from the HR. The email requests you to provide your employee number, address, name and other personal information for you to claim a voucher you allegedly won from their Spin The Wheel Event. Will you open the link and provide your details without consulting your immediate supervisor or the HR team directly to validate this email? Think twice! Remember, you need to be cautious and aware of the signs of a Phishing Email. If you happen to click the suspicious link, you might get infected with a malware and you will face the consequences of taking the bait of a phishing email..

[Audio] As we have finished the training module, you will now take a short quiz to gauge your learnings. Instructions will be provided shortly..