Use this to guide you through the presentation add or take away as needed. 

OPENING    

About Me 

Welcome to [BLANK] – My name is [BLANK] and I am part of the [BLANK] here in [BLANK].  

[BLANK] has quite an expansive Cyber threat profile that consists of the full spectrum of threats that could target any organisation. 

  • Criminal Groups (Generic and Sophisticated) 
  • Chancers / Script Kiddies / Glory Hunters 
  • Hacktivists 
  • APT Groups (Advanced Persistent Threat) Government funded, that possess sophisticated tools to bypass many security controls that are available to organisations.  

USE [COMPANY] DEVICES FOR [COMPANY] WORK 

If you have been provided an [BLANK] laptop, it will be configured in such a way that is different to your home machines.  

  • We apply settings to the device that harden the Operating System which limits the attack surface.  
  • With increased security there is always a usability drawback.  
  • You will not be able to perform certain tasks on the machine like you would do for at home. 
  • All devices have been encrypted. 
  • No Administrative Access – Cannot install Software manually 
  • Cannot update certain applications 
  • Cannot disable certain Security features. 

USE COMPLEX AND REGULARLY CHANGED PASSWORDS 

  • Long more than 12 characters ensure that they are unique, and complex. 
  • Password Managers Keepass, LastPass, 1Password

USE MULTI FACTOR AUTHENTICATION 

  • To access certain services – Multi factor authentication will need to be set up.
  • Enabling this security control ensures that the person accessing the account is genuine by providing something they know (password) with something they have (Auth token or SMS) 
  • Preferred way of configuration is using the MS Authenticator application over SMS, however SMS is better than nothing. 

USE VPN WHEN NECESSARY 

VPN enables you to connect to corporate resources. This method of accessing resources is considered legacy, many things that you may need for you day to day work will now be available in Office 365. 

We recommend that during long periods of working from home that users connect to the VPN from time to time to get updated settings from the systems. Would recommend connecting for about an hour at least if you can, once a week. 

DO NOT USE PERSONAL EMAIL FOR [BLANK] WORK 

  • We do not encourage the use of services like Gmail /Hotmail / Yahoo on [BLANK] Laptops due to the issues around data leakage. 
  • We do not control any spam settings within that application so cannot see what enters or leaves the organisation. 

REPORT ANYTHING SUSPICIOUS TO THE SERVICEDESK 

Although we monitor and receive alerts, please be vigilant. 

  • If you see anything suspicious / out of the ordinary happening on your machine. 
  • If you receive a Virus Alert 
  • If you accidently click what you think might be a phishing link 
  • If you are just unsure about something 

Report to the ServiceDesk. 

Reporting Phishing 

There is a button in the Outlook client where you can report phishing or Junk. Or you can report to the ServiceDesk. 

WORKING FROM A PERSONAL DEVICE 

  • Ensure windows updates are all up to date 
  • Ensure AV is all up to date 
  • Only work online with Office 365 – Do not sync Documents down to the machine 
  • Ensure WIFI / home network is secure 
    • Change default router password 
    • Change default Internet password 
  • Ensure all Internet browsers are up to date 

Leave a Reply

Your email address will not be published. Required fields are marked *