Employee Security Awareness Training

Importance of Security Awareness

Terms of Use

Terms of Use

You must be at least 18 years old to continue with this training.

The Site and its original content, features, and functionality are owned by Netware LLC, DBA HakAware and are protected by international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.

HakAware cannot guarantee that the information provided on this website is accurate, complete or suitable for any purpose. HakAware training does not in any way guarantee a 100% reduction in attacks against any business.

All provisions of this Agreement that by their nature should shall any survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity, and limitations of liability.

  • Yes, I agree to the terms above.
  • No, I do not agree to the terms above.

Importance of Security Awareness - Video

Watch Video, then Proceed By Selecting "Next".

Importance of Security Awareness

Why is Security Awareness so Important?

Imagine a modern Cybersecurity attack - do you think of a computer hacker hammering away commands on a keyboard? Well, that's not how it happens these days.

This course covers multiple types of intrusions and how they can be prevented. These types of intrusions do not just occur over the internet - but may occur over the phone, email, or even in person.

Considering all types of possible intrusion is important to minimize criminal access to your information.

Without physical security, no software patch, antivirus software, or firewall will prevent a hacker from walking right in the front door to steal sensitive corporate information.

This course will make you aware of the various attacks that criminals use to obtain user id's, passwords, trade secrets, financial reports, customer data, or other sensitive information.

But keep in mind, not all criminals want your information. They may want to simply disrupt business by inflicting damage.

Where Information Breaches Could Occur.

Vulnerabilities are everywhere! Select on the image below where a possible information breach could occur, then select "Submit".

Security Awareness is for Everyone.

Security Awareness Applies to Everyone.

A receptionist being aware of security is just as important as managers and executives. A receptionist could prevent an intrusion simply because they verified a worker before entry.

HakAware provides Security Awareness Training for Employees, Contractors, IT Workers, Programmers, and Management. There is no exception to who should be trained on Security Awareness - neglecting to train a single person could cost a company millions of dollars.


Risks of Not Training Security Awareness

The Risks of Not Training

The risk of not training workers about security awareness could lead to:

  • Legal Liability
  • Monetary Loss
  • Identity Theft
  • Theft of Goods
  • Theft of Trade Secrets
  • Corporate Espionage
  • And Much More...

Social Engineering Awareness

What is Social Engineering?

What is Social Engineering?

Social Engineering refers to the psychological manipulation of people to perform actions or divulge confidential information.

Social Engineers do not have to be technically skilled - this type of crime requires a creative and ingenious person to trick their victims. A Social Engineer often appears as someone you can trust - a fellow worker over social media, maintenance person, or even a worker from the IT department. 

What are they out for? Often it's sensitive information that the attacker can sell. But an attacker may desire to just disrupt business operations.

Sixty percent of enterprises have fallen victim to social engineering in 2016 - these incidents cost companies anywhere between thousands to millions of dollars each.

-Source: Agari

Types of Social Engineering - Intro

Watch Video, then Proceed By Selecting "Next".

Types of Social Engineering - Phishing

Phishing

Phishing is the general act of when cybercriminals attempt to steal information often through phone, email, or website. Phishing scams cost american businesses over half a billion dollars per year.

Here is an example. You receive an email from your bank with a link to update your information. You click on the link and it takes you to a website that looks like theirs. You enter your username, password. After that, the hacker redirects you to the real bank website, prompting you for your credentials again. They now have your bank account login. UH OH!


-Source: Forbes.com

Types of Social Engineering  - Phishing Data Theft Scenario

Select the Proper Response in the Simulation Below:

Types of Social Engineering - Vishing

Vishing

Vishing is a form of Phishing where the attacker contacts you by phone in the attempt to gain access to sensitive information. This is one of the most successful methods of breaching a corporation. 

Example: Jane receives a phone call from the attacker who claims to be with IT. They inform her that they have ordered her a new Laptop and need a backup of her current files to transfer onto the new laptop. The attacker sends Jane a remote session to help transfer the files over. Jane's files are now compromised. And of course the new laptop never comes.

Types of Social Engineering - Vishing Example

Vishing Example

Types of Social Engineering - Baiting

Baiting

This is the act of an attacker baiting their victim, often luring them with curiosity. 

A common method for this attack involves the attacker leaving USB thumb-drives inside or outside of a business, where an individual may find it and plug it in to inspect it's contents. At that point, the individuals workstation is compromised. You may see USB thumb-drives or CD's left in locations such as bathrooms, elevators, hallways, or other public locations where the attacker may have physical access. Sometimes they go to the trouble of putting the corporate logo on the removable media.

Don't let curiosity get the best of you! Do not fall for baiting.

Types of Social Engineering - Baiting Example

Social Engineering Victim Prevention

Don't be a Victim

  • Slow down and think through the situation.
  • Be suspicious of any unsolicited messages.
  • Do not give out personal or sensitive business information.
  • Beware of any links, attachments, or downloads you may receive.
  • Do not connect any unknown media to your workstation.

Social Engineering Quiz

  • Phishing
    The general act of when cybercriminals attempt to steal information often through phone, email, or website.
  • Vishing
    The attacker contacts you by phone in the attempt to gain access or information.
  • Pretexting
    The criminal act of impersonating another person for criminal gain.
  • Baiting
    A common method for this attack involves the hacker leaving USB drives in a public location.

Physical Security

Importance of Physical Security

Be Aware of Physical Security Vulnerabilities.

Physical Security is usually a second thought to most companies which opens many opportunities for possible intrusion. This lack of security often occurs because IT focuses on cybersecurity countermeasures and not physical security.

Physical Security protects people, sensitive information, inventory, equipment,  and much more..

Without physical security, no software patch, antivirus software, or firewall will deter an attacker from entering your facility with the intent to steal sensitive corporate information, or harm your day-to-day operations.

Methods of Breach - Unsecured Entrances

Watch the Main Entrance!

It's important to monitor and control who you allow into the workplace. This starts at the main entrance. Check visitors for identification and the purpose of their visit before allowing entry. Require an escort to be with them at all times while in the facility if possible. Report suspicious activity near all entry points, parking areas, loading docks, and the immediate vicinity.

Tailgating

This occurs when an individual enters a facility piggybacking the access of another worker. Often this could be seen as a friendly gesture to hold the door for someone - but you could have just let the next data security breach into your building.

The attacker may look for vulnerabilities at other entrances. This could be propping a door open everyday during a smoke break, or while new furniture is being delivered. An attacker will seek out these opportunities and leverage them to gain unauthorized entry.

Facilities should do their best to ensure doors are not propped open, if they are - they should be closely monitored until they are closed and secured.

Methods of Breach - Secure Areas

Keep Secure Areas Secure

These are areas where sensitive information is either handled or stored. Anywhere IT equipment is stored should be considered a secure area.

Sensitive information is considered data that is protected against unwarranted disclosure.

Examples of sensitive information include but are not limited to trade secrets, network diagrams, employee information, financial information, customer data, credit card numbers, medical information, and more.

If you see a secure area such as utility closet, data center, or file storage room unlocked or propped open, secure the area immediately and report the incident to management.

Access to secure areas should be regulated and controlled. Only workers with the need to access these areas should have the access.

Methods of Breach - Waste Disposal

Destroy Sensitive Documents!

Be careful not to dispose of sensitive documents in public areas or in general trash bins. These documents will most likely be retrieved by cleaning crews and disposed of in an unsecured location.

Attackers commonly seek out information using a method known as dumpster diving - so do not dispose of sensitive documents without either cross shredding them first, or disposing them in a secured bin intended for destruction by a third party company.

Trash or Shred?

Drag the items below where they belong! Either the Trash or Shredder.

  • Travel Receipts
  • Dinner Recipes

Methods of Breach - Report Suspicious Activity

Do Not Underestimate Physical Security!

  • Report individuals that appear to be scoping out the facility.
  • Report any attempts to penetrate physical security.
  • Report individuals that do not appear to belong at your workplace.

When reporting suspicious activities, be sure to gather the following information if it's safe to do so:

  • Description of the activity.
  • The date, time, and location of the activity.
  • Description of the suspicious individual.

Computer Security Awareness

Importance of Computer Security

The Importance of Computer Security

Computer Security is the act of protecting your computer against unauthorized access. Security awareness and prevention measures are the best methods to ensuring you will not be a victim of cybercrime. This day and age, the computer has become a central part of our life - for paying bills, email, and social media. This module will make you aware of the various breach methods that are common, and how to prevent them. 

Methods of Breach - Unknown Files

Don't Download Unknown Files From Unknown Sources.

Unknown or Unsolicited downloads, email attachments, and links can often contain malicious software such as malware or viruses.

Additionally, prompts to download plugins to view pictures, videos, and music can often contain malicious software as well.

Only open files or install programs from trusted sources. 

If you receive a suspicious email attachment or download link, contact the IT department immediately. They may need to warn others in the company from opening it.

Methods of Breach - Web Browsing

Safe Surfing

  • Look for the Lock to Ensure Secure Browsing.
    • Verify the URL Contains "https://" before the website. This Will Ensure Secure Browsing.
    • Verify the URL (i.e. Paaypal.com with an extra "a" could be a malicous site").
  • Avoid Questionable and Unknown Webpages.
  • Download From Trusted Sources Only.
  • Ensure Your Browser and Other Software is Patched and Up to Date.
  • Avoid Adult, Social Media, and Filesharing Websites.
    • Do Not Allow Your Kids to Use Your Company Workstation.

Methods of Breach - Mobile Computing

Mobile Computing Risks

Public WiFi has a tremendous number of risks associated with it. Chances are, security on these networks are non-existent. Assume all information transferred over public WiFi can be captured by nearby attackers in plain text. It's never a good practice to send sensitive emails, perform online banking, or anything do anything where security is expected while on public wifi.

Malicious Hotspots

Malicious Hotspots are setup by the attacker to intercept all your traffic while you browse. These are typically named "Free WiFi", "Free Internet", and are not safe to use. If you have tethering abilities on your phone, that is your best bet for a secure wireless connection.

Methods of Breach - Social Media

Social Media Helps Hackers

Social Media is a hackers best friend. Thanks to social media, people post all their personal information, connect with all their friends and family, pictures of their dog Sammy, and even let you know when you are on vacation. This kind of connectivity has many benefits, but also creates many problems. Now a hacker can freely find your mothers maiden name by doing a couple minutes of research. Forgot your password? Sammy should help with that. Need to stop by your house to snag your backup storage? I know you are not home.

Be careful what you are posting and making available on social media. Before hitting "Post", think if the information could be used against you. It may be best to show off your vacation photos when you return home.

Methods of Breach - Lock Your Computer

Stop Leaving Your Computer Unlocked!

Anytime your workstation is unattended, it should be locked - yes even if it's just a minute. This protects you from the company prankster, as-well as limiting access to company information from potential criminals that may gain access to your facility.

Just in case you forget to lock your workstation, ensure it's configured to lock automatically after a period of inactivity.

Breach Prevention - Strong Passwords

Seriously, Change that Password!

One of the most common ways that hackers break into computer systems is by guessing the password. A strong password will help protect you and your company from a potential breach. Passwords should always be unique from other accounts. If your online account was hacked, a typical hacker will attempt to use your email and password on other platforms to gain access.

Choosing a Strong Password

Strong passwords have the following characteristics:

  • At least 10+ characters long.
  • Include UpperCase, LowerCase, Numbers, and Special Characters.
  • Not in a dictionary.
  • Does not include your name, company name, or any personal information (i.e. Pet Name).
  • Is NEVER written down.
  • Is NEVER sent in plain text over email.
  • Changed at least every 90 Days.
  • Do not reuse passwords on other accounts.

You're company could have tighter password restrictions - contact your supervisor for details.

Remembering a Strong Password

Strong Passwords can be tough to remember - but no matter what you do, DO NOT WRITE IT DOWN! One way to create a password you will remember is by creating a sentence you can relate with.

Example: I live 2 miles from the beach where I like to surf!

This should be pretty easy to remember, and now you have a strong password: Il2mftbwIlts!

Select the Strongest Password

  • tinkerbell
  • ILMKilmd78!
  • Password123$
  • qwertyuiop
  • jkzqlmnot!

Breach Prevention - Antivirus

All About Antivirus Software

Antivirus acts as a security guard on your system. It will protect you from incoming threats and warn you of possible intrusions. But only if you have it installed, enabled, and up to date!

Antivirus can't block every threat against your system, but it is a great tool to protect against most known vulnerabilities.

Be sure that you have Antivirus installed, and that it's up to date. If you do not keep it up to date, it may not be able to help you with that new virus you just downloaded.

Breach Prevention - Updates and Patches

Stay Up to Date!

Don't just leave this task to the IT department, ensure that all software on your machine is up to date - this would include the Operating System (i.e. Windows), Browsers (i.e. Chrome, Firefox), and Other Third Party Software. Often software is patched immediately for major vulnerabilities, but rarely are the updates applied in a reasonable time - causing unwanted data breaches. Stay Up to Date!

Importance of Security Awareness Quiz

Is it acceptable to use the same strong password on multiple platforms?

  • Yes
  • No

Security Awareness Review

Review - True or False

  • Passwords should be changed at-least every 90 days.
  • Default passwords are considered secure.

Review - Multiple Choice

What Social Engineering Attack Leverages Phone Communication Exclusively?

  • Phishing
  • Vishing
  • Baiting
  • PreTexting

Review - True or False

  • It is good to be familiar with the corporate security policies and procedures.
  • There is no need to lock your computer when you head to lunch.

Review - Text Matching

  • Passwords
    Should never be written down.
  • Sensitive Documents
    Should never be thrown away - they should be destroyed.
  • Suspicious People
    Should be reported to management and the authorities.
  • Visitors
    Should always be verified before entry.

Review - True or False

  • Physical Security is just as important as Network Security.
  • It's okay to prop doors open on the back side of the building.

Review - Multiple Choice

Sensitive Documents May Include (select all that apply)

  • Trade Secrets
  • Customer Data
  • Credit Card Information
  • Financial Information
  • Newspapers
  • Health Records
  • Football Stats