Security Awareness | Breakin Labs

Security Awareness

Security Awareness

1 Clean Desk Policy

Sensitive information on a desk such as sticky notes, papers and printouts can easily be taken by thieving hands and seen by prying eyes. According to the mandates of a clean desk policy, the only papers that should be left out are ones relevant to the current project you are working on.
All sensitive and confidential information should be removed from the desk at the end of each working day. During lunch or any emergency departure during office time, all critical information should be placed in a locked desk drawer.

2 Clean Desk Policy

BYOD covers the employees’ personal computing possessions which might be used in a work setting. They may include mobile devices, audio players, digital cameras and various other portable electronic devices which could be utilized to steal sensitive data.

BYODs are also a part of “IT consumerization,” whereby a consumer’s hardware and/or software is brought into the organization. Ensuring the security of devices within BYOD is a daunting task. However, enterprises can achieve it by implementing a proactive security training program. This program should include the following best practices for your employees:

From a security standpoint, each mobile device is not 100% secure. According to a McAfee Threat Report from Q1 of 2018, though security is the great concern to both Apple and Google — apparent by an investment they have made into resources to safeguard the platform completely from the component level to the app store — plenty more work still needs to be done.

Unlocked devices are more vulnerable than locked devices. Organizations should create a list of acceptable and banned devices. The security staff must verify that each BYOD is within the acceptable list; all others should be prohibited

3 Data Management

There are numerous types of data (such as a backup copy of customer contracts or mission statements) and a lot of employees may not be aware of this fact. These employees do not realize the significance of classified data. For example, from a financial standpoint, a backup copy of a customer contract is more important than a backup copy of a mission statement.

Employees should learn about all the types of data so that they can understand their business criticality.

4 Removable Media

It’s more common than you think for employees to find a removable thumb drive or external hard drive in the parking lot, bring it inside and plug it into their computer to see who it belongs to, only to find the device was planted there to either destroy or take over their computer with malware.

The secure usage of both personally-owned devices and corporate devices is crucial. Unauthorized removable media may invite data security issues, malware infection, hardware failure, and copyright infringement.

5 Safe Internet Habits

Almost every worker, especially in tech, has access to the Internet. For this reason,
the secure usage of the Internet is of paramount importance for companies.

Security training programs should incorporate safe Internet habits that prevent attackers from penetrating your corporate network. Below is a list of some safe Internet habits for your employees:

6Physical Security &
Environmental Controls

Security awareness isn’t just about what resides in your company’s computers or handheld devices. Employees should be aware of potential security issues originating in physical aspects of the workplace. This includes spatial awareness as well as physical components.
BYOD covers the employees’ personal computing possessions which might be used in a work setting. They may include mobile devices, audio players, digital cameras and various other portable electronic devices which could be utilized to steal sensitive data.

BYODs are also a part of “IT consumerization,” whereby a consumer’s hardware and/or software is brought into the organization. Ensuring the security of devices within BYOD is a daunting task. However, enterprises can achieve it by implementing a proactive security training program. This program should include the following best practices for your employees:

From a security standpoint, each mobile device is not 100% secure. According to a McAfee Threat Report from Q1 of 2018, though security is the great concern to both Apple and Google — apparent by an investment they have made into resources to safeguard the platform completely from the component level to the app store — plenty more work still needs to be done.

Unlocked devices are more vulnerable than locked devices. Organizations should create a list of acceptable and banned devices. The security staff must verify that each BYOD is within the acceptable list; all others should be prohibited

Nowadays, enterprises use social networking as a powerful tool to build a brand (either locally or globally) and generate online sales. Unfortunately, social networking also opens the floodgates for phishing attacks that can lead your company towards an immense disaster. For example, Facebook shared its users’ data without their permission to third-party apps developers.

News Corp Australia Network reported on May 1, 2018 that it was not just Facebook, either: Twitter also sold users’ data to Cambridge Analytica Ltd (CA), a British political consulting firm that was influencing the U.S. 2016 elections.

Email scams involve fraudulent and unsolicited emails that claim to offer a bargain for nothing. A scam email lures a user for the free offer, bogus business opportunity, guaranteed loans or credit, easy money,

health and diet schemes and so forth. According to the Federal Trade Commission, scammers were duping numerous soccer fans with phishing emails to entice them with totally fake and “free” trips to the World Cup.

9 Physical Security &
Environmental Controls

Security awareness isn’t just about what resides in your company’s computers or handheld devices. Employees should be aware of potential security issues originating in physical aspects of the workplace. This includes spatial awareness as well as physical components.
A training session on malware should illustrate malware types and their implications. Malware types should include adware, spyware, viruses, Trojans, backdoors, rootkits, ransomware, botnets, logic bombs and armored viruses. Employees

should learn how to identify malware and what to do if their device or network has been infected. The immediate response should be to turn off the system or device and inform the security management team.

Get The Hacker Right
In The House!

We’ll show you your security holes and help to close them!