1 00:00:00,930 --> 00:00:03,030 The purpose of Security Awareness Training 2 00:00:03,030 --> 00:00:06,120 is to make all employees aware of information security 3 00:00:06,120 --> 00:00:09,360 policies, help us deal with problems when they arise, 4 00:00:09,360 --> 00:00:12,240 and to meet our compliance training requirements. 5 00:00:12,240 --> 00:00:14,610 We can have all the systems and technical controls 6 00:00:14,610 --> 00:00:15,610 in the world. 7 00:00:15,610 --> 00:00:18,030 But if we, as human beings, fail to follow 8 00:00:18,030 --> 00:00:20,400 our policies and security practices, 9 00:00:20,400 --> 00:00:22,590 then the whole system breaks down. 10 00:00:22,590 --> 00:00:24,390 So first, what's the risk? 11 00:00:24,390 --> 00:00:25,660 What's the big deal? 12 00:00:25,660 --> 00:00:27,600 Well, there's a monetary risk. 13 00:00:27,600 --> 00:00:30,000 Your company could be fined if you're not found compliant 14 00:00:30,000 --> 00:00:31,380 with the laws in place. 15 00:00:31,380 --> 00:00:34,470 There's also a legal risk if an employee violates the law, 16 00:00:34,470 --> 00:00:36,400 knowingly or unknowingly. 17 00:00:36,400 --> 00:00:39,900 And that risk extends to both the company and the individual. 18 00:00:39,900 --> 00:00:41,420 Most importantly, though, there's 19 00:00:41,420 --> 00:00:43,920 a risk of damaging the company's reputation. 20 00:00:43,920 --> 00:00:46,710 You've seen it plenty of times, where very big companies end up 21 00:00:46,710 --> 00:00:48,630 in the news due to data breaches, 22 00:00:48,630 --> 00:00:50,680 and you don't want that to happen. 23 00:00:50,680 --> 00:00:53,070 There are a number of technology-related reasons 24 00:00:53,070 --> 00:00:56,010 for data breaches, such as new viruses or malware. 25 00:00:56,010 --> 00:00:58,110 But the overwhelming number of data breaches 26 00:00:58,110 --> 00:01:00,720 are caused by human error and carelessness. 27 00:01:00,720 --> 00:01:03,360 A sensitive document is left out in the open. 28 00:01:03,360 --> 00:01:05,550 A computer is left unattended for a few minutes 29 00:01:05,550 --> 00:01:07,200 without password protection. 30 00:01:07,200 --> 00:01:09,960 Sensitive information is sent over unencrypted email 31 00:01:09,960 --> 00:01:11,220 without a password. 32 00:01:11,220 --> 00:01:13,710 Another cause of breach is social engineering. 33 00:01:13,710 --> 00:01:16,560 Techniques can be as simple as calling a company office, 34 00:01:16,560 --> 00:01:18,930 claiming to be from another company location, 35 00:01:18,930 --> 00:01:21,160 and asking for protected information. 36 00:01:21,160 --> 00:01:23,890 It's surprising how often this works. 37 00:01:23,890 --> 00:01:26,700 Let's discuss some specific actions you can take. 38 00:01:26,700 --> 00:01:30,250 One, update your anti-virus and anti-malware software. 39 00:01:30,250 --> 00:01:32,920 Two, don't install unapproved software. 40 00:01:32,920 --> 00:01:35,600 Three, keep your computer's operating system current 41 00:01:35,600 --> 00:01:38,200 by installing updates when you are notified of them. 42 00:01:38,200 --> 00:01:41,830 Four, log off, or lock, your computer screen when not in use 43 00:01:41,830 --> 00:01:44,650 and make sure to use a password protected screen-saver. 44 00:01:44,650 --> 00:01:46,900 Five, physically lock up documents 45 00:01:46,900 --> 00:01:49,870 that contain sensitive information when not in use. 46 00:01:49,870 --> 00:01:53,050 Six, adopt a clear-screen, clear-desk approach 47 00:01:53,050 --> 00:01:54,020 to your work. 48 00:01:54,020 --> 00:01:56,610 Seven, never write your passwords down. 49 00:01:56,610 --> 00:01:59,200 A password written on the sticky note on your monitor 50 00:01:59,200 --> 00:02:01,470 is the same as not having a password at all. 51 00:02:01,470 --> 00:02:03,760 And eight, never open email attachments 52 00:02:03,760 --> 00:02:06,250 that come from people you don't know. 53 00:02:06,250 --> 00:02:08,020 The key is to make security a habit 54 00:02:08,020 --> 00:02:10,630 and to report suspicious or potential security issues 55 00:02:10,630 --> 00:02:13,420 to your local information security officer. 56 00:02:13,420 --> 00:02:15,400 Work on making security a habit, and help 57 00:02:15,400 --> 00:02:19,270 protect all of your company's data, resources and reputation. 58 00:02:19,270 --> 00:02:22,620 [MUSIC PLAYING]