KNOW-HOW –
    SECURITY AWARENESS

    Cyber security involves much more than just technical elements. Many people are unaware that cyber security starts with the factor "human". You can find out here the role played by security awareness in this and what it is all about.

    SECURITY AWARENESS QUIZ

    Security awareness is on everyone's lips and thankfully in an increasing number of companies. How knowledgeable are you in the area of security awareness? Irrespective of whether you have never heard of it or think you already know everything, you can test yourself in our security awareness quiz and refresh your knowledge right now!

    Here you can find also more information about security awareness and the terms in the quiz. Have fun!

    1

    One important aspect of security awareness is social awareness. What skills do I need to develop social awareness?

    Emotional intelligence

    There are no wrong answers

    Social intelligence

    Social sensitivity

    Are you wondering what all these (actually positive) skills have to do with security awareness and cyber attacks? Social awareness is good in principle and is also important when dealing with people because it fosters relationships and cooperation. However, awareness, i.e. the ability to (re)act appropriately in certain situations, can also be misused for the purpose of manipulation, and this then brings us to cyber crime. These manipulations by cyber criminals can be summarised under the term social engineering. Therefore, an important part of effective security awareness is the capacity for social awareness, including emotional and social intelligence, to detect attacks like these.

    2

    What does the term social engineering mean?

    Taking advantage of people’s willingness to help, their uncertainty or good faith, for example, to obtain confidential information.

    A motivational technique to raise awareness of security among employees.

    Spying on private information on the company computer using software.

    Social engineering exploits people’s "weak points" to obtain information or data. These vulnerabilities include helpfulness, uncertainty or good faith. For example: someone claiming to be from the IT department comes round to install new software and inserts a USB stick – and that quick the computer is infected. After all, who knows all of the employees in a large company personally?

    3

    Which of the following passwords is the best one?

    MdLbd11M!

    Fg67

    ,.:-_#+~<>!§$%&(){}=?@

    Hans1960

    In our view, the best one would be MdLbd11M! (My daughter Lisa’s birthday is 11th March!) – it’s simple but still complex, do you agree? With this modular principle, you just choose a set of letters and numbers that you can remember easily. It should consist of at least twelve characters, including numbers and punctuation marks, as well as words beginning with upper and lower case letters. Why do we advise against the other passwords? Well, Fg67 consists of only four consecutive entries on the keyboard. ,.:-_#+~<>!§$%&(){}=?@ is made up of special characters, and most of us (without a password manager) wouldn't be able to remember it, but admittedly, it would be definite! And Hans1960 is pretty self-explanatory…

    4

    You decide to go to a café and check your e-mails between two customer appointments. Here you can log in to a free Wi-Fi connection. You want to access Google Mail (mail.google.com), but you are redirected to the googlemail.account.net page. What do you do?

    Nothing – forwarding is harmless as long as the page looks trustworthy.

    Continue browsing in private mode.

    Next time you are in the office, as a precaution, ask the Help Desk / IT Support to check your computer.

    Log out of the Wi-Fi straight away.

    Forwarding could indicate spoofing - a method of eavesdropping and manipulating network traffic. This means that your e-mail traffic may be forwarded and your input into the supposed login mask may be read. You should disconnect the Wi-Fi connection immediately! It is also advisable to notify the Help Desk / IT Support and ask them to have a look at your laptop.

    By the way, an important principle is: do not log into a public, free Wi-Fi – especially not on your business laptop, tablet or smartphone.

    5

    The first step in ensuring adequate security awareness is the ability to a potential security risk...

    to master.

    to recognise.

    to avoid.

    At work, we are exposed to security risks daily – whether when we are opening e-mails (especially with attachments), making phone calls, browsing websites, etc. It is impossible to avoid risks altogether, let alone master them. On the other hand, it is vital to be aware of the risks – security awareness is the keyword. Be vigilant and identify risks before they escalate into a real attack.

    6

    Who is responsible for information security within the company?

    The IT department.

    The Security Officer (CISO).

    The CEO.

    All employees.

    One thing to be kept in mind – EVERY employee is responsible for information security because cyber criminals are well aware that many employees are easy targets. It's no wonder, especially if they were never made aware of the dangers and trained accordingly. This makes it even more important that everyone knows about IT security and how to handle information securely (the keyword is "security awareness"). Cyber security should also be at the top of the management agenda!

    7

    You receive an e-mail from an unknown sender, informing you that all of the information can be found in the attached Word document. What should you do?

    Report the email using the "phishing button" and forward the e-mail to the Help Desk / IT Support.

    Save the attachment before opening it.

    Transfer the e-mail to your private e-mail account and open it at home.

    Never open an e-mail attachment unless you are 100% sure that it's harmless. Do you know the sender? Are you expecting an attachment? Do the e-mail and the name of the file have anything to do with your business, company or project? If you are not sure, do not open the attachment, report the e-mail using the "phishing button" and forward it to the internal Help Desk / IT Support.

    8

    What is spear phishing?

    A massive spam mail attack targeting all employees.

    A phishing attack launched by an employee.

    A highly targeted, well-planned cyber attack.

    A phishing attack via a smartphone app.

    In the same way that a spear is used to catch a single fish, in this attack the attacker targets a specific person or object. Spear phishing – this is why attacks are so insidious because they are often carefully planned long in advance. This makes it all harder to expose them.

    icon-pillar-page-thumb2

    X OF X CORRECT - UNSATISFACTORY

    Would it be right to say that you have heard little or nothing about security awareness – certainly not in your company? This makes it all the more important that you deal with the topic now, and that includes your staff!

    Below you will find lots of information, blog articles and downloads to help you, or even better, you can contact us directly. We have a variety of security awareness measures to provide you and your employees with the knowledge you need. This is because as you now know, ALL employees are responsible for information security.

    icon-pillar-page-thumb3

    X OF X CORRECT - SATISFACTORY

    Security awareness is by no means a new term for you. Likely, the topic has already been discussed in your company – but a small knowledge update certainly wouldn't do any harm. We will give you a booster!

    Below you can find a lot of information, blog articles and downloads about security awareness, or you can contact us direct. We provide you and your employees with the necessary knowledge, or we can refresh what you have learned with various security awareness actions. This is because, as you now know, ALL employees are responsible for information security.

     

    icon-pillar-page-thumb1

    X OF X CORRECT - GREAT

    Congratulations! It's not child's play for cyber criminals with you. You've probably already had security awareness training – or you've read all our blog articles.

    But cyber criminals are always coming up with new tricks, so don’t rest on your laurels and keep honing your security awareness. What's the easiest way to do it? Subscribe to our blog updates! This way you will always get the latest articles, white papers, infographics, etc. about cyber security, cyber defence and, of course, security awareness.

    Blog Update Subscription

    WHAT IS SECURITY AWARENESS?

    The purpose of security awareness measures is to increase employee awareness of (information) security. The aim is to reduce risks arising from careless behaviour or a lack of awareness and to increase cyber security. But why is security awareness so important for companies?

    Did you know that currently, over 99 (!) per cent of all cyber attacks are attributable to human interaction? Apart from technology, people pose the greatest security risk, and this is why the term "human weakness" is often used. Unfortunately, a good cyber security strategy and the latest technologies are no longer adequate to provide effective protection. For example, these days, phishing e-mails look deceptively real and it is almost impossible to distinguish them from "real" e-mails. One wrong click and the hackers are already inside the corporate network – frequently with catastrophic consequences. Dangers like these are lurking everywhere in our everyday lives, even physically, which is why security awareness is an important element in the cyber security strategy.

    POSSIBLE TYPES OF ATTACK

    Hackers are constantly developing new ways of attacking companies. Below we have listed some of the most popular ones associated with social engineering and security awareness:

    Social Engineering

    Social engineering abuses people's good faith, willingness to help and uncertainty to gain access to sensitive information or data. One possible way in is for an attacker to pretend to be IT support staff member, and so access the computer of an actual employee. The result could be not only the theft of information but also the introduction of malware such as trojans into the company network. You can find more information about social engineering in our blog article.

    Have you already downloaded our Social Engineering Checklist? Get 15 tips to help you protect yourself from social engineering. Download now!

    Social Engineering Checklist

    Phishing

    Phishing is one of the favourites and unfortunately, also one of the most successful means of attack. E-mails from proper senders are forged or imitated so that neither the spam filters nor people identify them as "fakes". There are different targets: clicking on a link that installs malware on the computer, an action such as requesting payment, sharing confidential information via e-mail, etc. There are now a large number of types of phishing like spear phishing, smishing (SMS), vishing (voice phishing), whaling, pharming, social media phishing and many more.

    Incidentally, our cyber security experts have put together the most important tricks for detecting phishing e-mails in a poster for you. Get it now for free!

    Phishing poster

    SECURITY AWARENESS IN 3 STEPS

    Information security involves much more than just the technical aspects – it starts with people because a lack of sensitivity and knowledge often acts as the gateway for cyber criminals. But how can awareness be raised in the long term? A tried and tested means of raising employee awareness is a targeted security awareness campaign. We will tell you how you can boost your security awareness in just 3 steps!

    STEP 1 – SEE

    The first thing to do is to grab the employees attention and demonstrate where the risks are in everyday life. They should recognise how important their personal contribution is. Proven measures that "open the eyes" of employees are:

    • Live hacking demonstrations (more information below)
    • Videos
    • Blog articles, intranet, newsletters
    • Management communications with giveaway (e.g. SyncStop USB sticks)

    STEP 2 – UNDERSTAND

    In step two, the aim is to impart knowledge in order to develop the required level of understanding of information security. Employees need to recognise security risks and be aware of how to react. This is both the most important and the most difficult step in security awareness. Potential actions are:

    STEP 3 – ACTION

    The final step is to achieve a sustainable, permanent change in attitude and behaviour. This is why these actions need to ensure that the issue is firmly anchored in employees' minds and is constantly remembered. Some of the suitable measures are:

    TARGETED AWARENESS FOR YOUR EMPLOYEES

    Effective information security lives or dies depending on whether it is actively supported by employees – management included! In a security awareness campaign, basic knowledge can be communicated and employee awareness can also be boosted. Are you interested? We can help you set up a targeted security awareness campaign!

    Security Awareness Campaign

    SECURITY AWARENESS MEASURES

    InfoGuard designs individual awareness campaigns based on specific customer needs. A "red thread" and campaign branding coordinated with the corporate branding ensure both a high recognition value and a high level of internal acceptance.

    Phishing is a central theme running throughout the entire campaign. It starts with checking existing security awareness using a Cyber Attack Simulation or Social Engineering Audit (Security Testing) and continues with training and/or live hacking on-site and is complemented by awareness communication, right through to re-checking and success monitoring.

    InfoGuard will implement all these measures and also provides full on-site support during the implementation.

    Awareness Communication

    Communication is the be-all and end-all – and this also applies to security awareness. The messages are conveyed in a comprehensible way via sustainable awareness communications, so they stay memorised for longer and therefore have a greater presence in the company.

    We will support your security awareness communication with posters, brochures, management communications, text templates for the intranet, articles in your in-house magazine, wikis, newsletters, etc.

     

    Workshops & Training

    Our cyber security experts will present a workshop tailored to your needs to illustrate the cyber dangers lurking in everyday life. They will give you some important tips and information on how to identify critical situations and act appropriately. Your employees will become involved while having fun!

    E-Learning & Interactive Virtual Reality Training

    E-Learning and VR training are ideal methods for sensitising employees to information security according to time and location. The big advantage is that interactive, fun learning is not just enjoyable, it also creates a particularly long-lasting learning experience that can be validated using quizzes.

    In cooperation with our partner E-SEC, we develop innovative bespoke 3D training software. The possibilities are almost limitless, with topics such as social media, data protection & compliance, information security outside the company, banking secrets, fire protection, etc.

    More information about our e-learning and virtual reality training can be found on our E-SEC partner website.

    Live Hacking Demonstration

    Creating astonishment is the first step towards awareness – and consequently also towards sustained security awareness. That's why the most impressive method to make cyber security understandable is probably a live hacking demonstration by our security awareness experts and penetration testers. Your staff will be shown what catastrophic consequences even small mistakes can have especially from the point of view of a hacker.

    The potential range of topics is very broad and can be individually tailored to meet your needs. For a live hacking demonstration, there are a variety of potential scenarios: trojans, man-in-the-middle attacks, infected documents, phishing & pharming, QR code, GPS location, smartphone apps & trojans, cross-site scripting and more. Normally, live hacking demonstrations can be easily carried out on-site in your company.

    WHITEPAPERS, CHECKLISTS & POSTERS

    BLOGARTIKEL

    SECURITY AWARENESS WITH INFOGUARD

    Why should you work with InfoGuard? Our expertise and experience, the 360° security approach and the opinions of our customers all confirm that we are the right partner for security awareness.

    Expertise & Experience

    We have several cyber security specialists who specialise in security awareness. Their many years of experience mean that our clients benefit not only from an extensive skill base, but they also know exactly how cyber criminals act.

    It can be in the area of consulting (awareness communication, workshops, e-learning, live hacking, etc.), Cyber Attack Simulations, Social Engineering Audits, etc. – with us you will find exactly the right experts to help you most effectively.

     

    A One-Stop Shop

    InfoGuard covers all 360° of cyber security and cyber defence. What this means for you is that our experts know what they are talking about and are able to integrate all aspects of cyber security. We also offer a variety of additional services which, in combination with a security awareness campaign, will ensure that your cyber security is effective.

    So you see, security awareness is really important! What are you waiting for? Get your employees trained and protect your business from ransomware, phishing attacks, social engineering, and other threats. Contact us – we will work with you to create a personalised, effective security awareness campaign.

    Contact