1 00:00:00,803 --> 00:00:02,970 NARRATOR: The purpose of security awareness training 2 00:00:02,970 --> 00:00:06,060 is to make all employees aware of information security 3 00:00:06,060 --> 00:00:09,300 policies, help us deal with problems when they arise, 4 00:00:09,300 --> 00:00:12,210 and to meet our compliance training requirements. 5 00:00:12,210 --> 00:00:14,580 We can have all the systems and technical controls 6 00:00:14,580 --> 00:00:17,220 in the world; but if we as human beings 7 00:00:17,220 --> 00:00:20,340 fail to follow our policies and security practices, 8 00:00:20,340 --> 00:00:22,560 then the whole system breaks down. 9 00:00:22,560 --> 00:00:24,360 So first, what's the risk? 10 00:00:24,360 --> 00:00:25,600 What's the big deal? 11 00:00:25,600 --> 00:00:27,540 Well, there's a monetary risk. 12 00:00:27,540 --> 00:00:29,940 Your company could be fined if you're not found compliant 13 00:00:29,940 --> 00:00:31,320 with the laws in place. 14 00:00:31,320 --> 00:00:34,410 There's also a legal risk if an employee violates the law-- 15 00:00:34,410 --> 00:00:36,370 knowingly or unknowingly. 16 00:00:36,370 --> 00:00:39,840 And that risk extends to both the company and the individual. 17 00:00:39,840 --> 00:00:41,370 Most importantly, though, there's 18 00:00:41,370 --> 00:00:43,830 a risk of damaging the company's reputation. 19 00:00:43,830 --> 00:00:46,650 You've seen it plenty of times where very big companies end up 20 00:00:46,650 --> 00:00:48,570 in the news due to data breaches. 21 00:00:48,570 --> 00:00:50,650 And you don't want that to happen. 22 00:00:50,650 --> 00:00:52,530 There are a number of technology related 23 00:00:52,530 --> 00:00:55,950 reasons for data breaches, such as new viruses or malware. 24 00:00:55,950 --> 00:00:58,050 But the overwhelming number of data breaches 25 00:00:58,050 --> 00:01:00,660 are caused by human error and carelessness. 26 00:01:00,660 --> 00:01:03,330 A sensitive document is left out in the open. 27 00:01:03,330 --> 00:01:05,489 A computer is left unattended for a few minutes 28 00:01:05,489 --> 00:01:07,170 without password protection. 29 00:01:07,170 --> 00:01:09,930 Sensitive information is sent over unencrypted email 30 00:01:09,930 --> 00:01:11,160 without a password. 31 00:01:11,160 --> 00:01:13,650 Another cause of breach is social engineering. 32 00:01:13,650 --> 00:01:16,500 Techniques can be as simple as calling a company office, 33 00:01:16,500 --> 00:01:18,900 claiming to be from another company location 34 00:01:18,900 --> 00:01:21,120 and asking for protected information. 35 00:01:21,120 --> 00:01:23,820 It's surprising how often this works. 36 00:01:23,820 --> 00:01:26,580 Let's discuss some specific actions you can take. 37 00:01:26,580 --> 00:01:30,220 One, Update your anti-virus and anti-malware software. 38 00:01:30,220 --> 00:01:32,850 Two, don't install unapproved software. 39 00:01:32,850 --> 00:01:35,530 Three, keep your computer's operating system current 40 00:01:35,530 --> 00:01:38,130 by installing updates when you are notified of them. 41 00:01:38,130 --> 00:01:41,790 Four, log off or lock your computer screen when not in use 42 00:01:41,790 --> 00:01:44,580 and make sure to use a password-protected screensaver. 43 00:01:44,580 --> 00:01:46,830 Five, physically lock up documents 44 00:01:46,830 --> 00:01:49,710 that contain sensitive information when not in use. 45 00:01:49,710 --> 00:01:53,980 Six, adopt a clear screen, clear desk approach to your work. 46 00:01:53,980 --> 00:01:56,690 Seven, never write your passwords down. 47 00:01:56,690 --> 00:01:59,100 A password written on the sticky note on your monitor 48 00:01:59,100 --> 00:02:01,410 is the same as not having a password at all. 49 00:02:01,410 --> 00:02:03,690 And eight, never open email attachments 50 00:02:03,690 --> 00:02:06,220 that come from people you don't know. 51 00:02:06,220 --> 00:02:07,960 The key is to make security a habit 52 00:02:07,960 --> 00:02:10,600 and to report suspicious or potential security issues 53 00:02:10,600 --> 00:02:13,390 to your local information security officer. 54 00:02:13,390 --> 00:02:15,370 Work on making security a habit and help 55 00:02:15,370 --> 00:02:17,080 protect all of your company's data, 56 00:02:17,080 --> 00:02:19,180 resources, and reputation. 57 00:02:19,180 --> 00:02:20,510 That's all for this video. 58 00:02:20,510 --> 00:02:22,290 Thanks for watching.