Who should attend:
general users, admin users, leaders and managers.
Instructor-led sessions, e-learning
scenario-based learning, case studies, microlearning, posters, email briefings that inform participants about the current threats, and interactive quizzes.
This module instils in users best practice IT security behaviours that will make your organisation more resilient against costly and reputation-damaging IT security incidents.
Passwords – Devising secure and memorable passwords. The risks of password recycling for multiple devices or services. The risks of password sharing. The importance of secure password storage. Actionable steps for secure password management.
Secure web browsing – The risks of downloading third-party applications onto a computer, tablet or smartphone. How internet browsers get exploited and the security implications of this.
Secure email practices
- Best practices that will prevent your email address from being abused.
- How to avoid data breaches when using email.
- The importance of using encryption when emailing sensitive documents.
- The dangers of malicious URLs in emails.
- The risks associated with internal and external file sharing.
- How metadata can result in an inadvertent data leak.
- The risks of using portable media.
- The importance of encryption for portable storage devices.
- When file sharing over the cloud goes wrong.
Relevant case studies and scenarios are presented, and participants are given actionable steps to share their files securely.
Malvertising - Many users perceive online advertising to be relatively harmless. In this section, we describe:
How seemingly innocuous internet advertising is used as a vector for deadly strains of ransomware and data-collecting malware.
Participants are given actionable steps to detect and mitigate such threats.
BEC (Business Email Compromise) – BEC attacks have become so profitable for cybercriminals, the FBI has dubbed them the “five-billion-dollar scam”. This is because, between 2013 and 2016, the cumulative losses from them amounted to 5.3 billion dollars. Irish victims have included airlines (Ryanair - €4.6 million), regional councils (Meath County Council - €4.3 million) and even a Zoo (Dublin Zoo - €500K). As a BEC attack primarily relies on exploiting human nature, even the most sophisticated technical defences have proved ineffectual. The most effective defence is IT security awareness training, particularly for those who work in finance or accounting functions.
Mobile computing risks – Social engineering attacks on iOS and Android users are on the rise. Apps are becoming conduits for all sorts of data-stealing malware. We inform participants how to use mobile devices securely without compromising your organisation’s security posture.
Wi-Fi Usage – The risks of using public Wi-Fi and how “Evil Twin” attacks work. How sensitive data can be sniffed over Wi-Fi networks.
Social Media – Social media gives cybercriminals an ideal platform on which to gather intelligence on victims and execute more targeted attacks. This module explains how social media is being exploited by attackers and highlights how imprudent the use of social media results are in security incidents. Real-life examples of how to fake social media profiles are used for attack reconnaissance and how this information can be used for highly targeted spear-phishing attacks. Actionable steps on the safer use of social media platforms are provided.
Incident reporting – Participants are reminded of the importance of reporting security-related incidents early. This gives your organisation the time to mitigate any damage caused by a threat.
- Employees trained in the use of robust passwords means your organisation will be better protected against brute-force attacks.
- Employees who adopt secure browsing habits lessen the risk of data-stealing malware getting installed onto systems.
- Best practice email behaviours reduce the risk of a data breach occurring due to email misdelivery or other human-factor errors.
- Reduced risk of financial loss due to business email compromise
- Reduced risk of employees accidentally leaking sensitive information on social media.
- Reduced risk of cybercriminals gleaning sensitive information from employee social media posts that can be used in subsequent attacks.