CYBER SECURITY AWARENESS TRAINING.pdf

Information Technology (IT) Assets Guidelines

d e v r e s e r s t h g i r l l A . d t L . o C . g f M e c y o B & j e r d o G y b 7 1 0 2 @ t h g

CONTENT



Why Cybersecurity?



Initiatives Taken by the Organization



The G&B Guidelines



Cyber security Champions



Types Typ es of Cyber Security Threats: 

Malware



Social Engineering



Phishing

CONTENT



Why Cybersecurity?



Initiatives Taken by the Organization



The G&B Guidelines



Cyber security Champions



Types Typ es of Cyber Security Threats: 

Malware



Social Engineering



Phishing

WHY CYBER SECURITY?

GLOBAL ATTACKS ARE ON THE RISE….

IT’S NOT JUST BANKS & TELECOM COMPANIES ANY MORE…

ATTACKS ON MANUFACTURING COMPANIES ARE ON THE RISE

EMPLOYEES ARE THE FIRST AND LAST LINE OF DEFENCE!!

GODREJ & BOYCE INITIATIVES

INITIATIVES TAKEN BY GODREJ DUE TO THESE RECENT CYBER ATTACKS, IT BECOMES OUR RESPONSIBILITY TO BE MORE AWARE AND PROTECT OUR ORGANIZATION BY:



Embedding cyber vigilance within our company culture



Staying ahead of these threats by: •

Proactive prevention

•

Comprehensive training

•

Effective detection

•

Structured network

•

Optimized reporting

•

Increased engagement

• Adapted behaviours

THE GODREJ & BOYCE GUIDELINES

ACCEPTABLE USAGE OF IT ASSETS GUIDELINES LAUNCH OF IT ASSETS AND INFORMATION ASSET CLASSIFICATION AND PROTECTION GUIDELINES ACROSS G&B

Acceptable usage of IT assets guidelines Usage

of the Company’s information systems

Usage

of passwords

Virus

Protection

Electronic Physical Use

Mail (E-mail) and instant messaging

Security

of Office Equipment

Internet

User Code of Conduct

Acceptable Mobile

Usage of Social Media

Device Management Guidelines

Information Asset classification and protection guidelines Defining

the type of Information assets

Classification

and treatment of Information Assets




Usage

of passwords

Virus

Protection



Security

of Office Equipment

Internet







Classification


USAGE OF THE COMPANY’S INFORMATION SYSTEMS THE KNOW-HOW #1



Authority to utilize the Company’s information resources for business purposes only



Downloading, redistribution and printing of copyrighted materials to the Company’s information systems strictly prohibited



Disseminating proprietary data or other confidential information in violation of company guidelines is strictly prohibited



Downloading inappropriate material for personal use is strictly prohibited



Users are prohibited from tampering with Company’s security systems



Users must ensure that confidential papers, removable storage media as well as laptops are not left unattended on the work area



Users shall lock their computer systems when they move away from the device



Users shall not share Company’s information, classified as confidential or restricted, to a third party unless authorized by information asset owner



Copyrighted materials belonging to the entities other than Company may not be transmitted by employees

PASSWORD USAGE THE KNOW-HOW #2 

Do not reveal password in an E -mail message, telephones, on

At least 8 characters

Uppercase Letters

questionnaires or security forms or to co-workers while on vacation 

Passwords should not contain the word “Godrej” or any variants such as

Lowercase Letters

“Godrej@123”. Passwords should not contain names of any applications or servers such as “speedflow@123” 

Users must not use the same password for Company accounts as for other noncompany access



Change passwords at regular intervals & avoid recycling of old passwords



Ensure that they access the system only through their individual user ID and password and do not allow anyone else to access the system through their password



Multiple users should not be allowed to access the system through same email ID

Special Characters

Numbers

EMAIL SECURITY THE KNOW-HOW #3 

Users shall use only their own corporate E-mail account and not allow anyone else to access their account



No e-mail or other communication should be sent which intentionally hides the identity of the sender or represents the sender as someone else or someone from another organization



Any messages or information sent by a user to another individual outside via an electronic network are statements that normally reflect on the Company. Therefore, all such communication should be done keeping the Company security and image uppermost in mind



E-mail should be used primarily for business purposes



Users shall not send unsolicited bulk mail messages



Forwarding of company email to personal email id is not permitted

PHYSICAL SECURITY THE KNOW-HOW #4 

Users shall not enter into the Company without ID badges and they shall always display their ID badges within the Company



Users shall not allow any unauthorized person to accompany them and / or enter the Company without a proper gate pass



Users shall ensure that any company asset / documents is taken outside the premises following proper procedures and authorization on appropriate gate pass



Vendors and third party contractors, who are bringing in their own assets for the purpose of official usage should declare the same at the security checkpoint and get an entry made on the gate pass

The first line of defense for every organization is YOU! Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise.

APPROPRIATE USE OF OFFICE EQUIPMENT THE KNOW-HOW #5 

Users shall not reveal sensitive information over the telephone



Making additional copies of or printing of extra copies of confidential information shall be prohibited



While use of USB storage devices on laptops and desktops shall be allowed, any unauthorized access would make the employee liable for punitive action



Employees are responsible for data backup at reasonable intervals



Users shall not download any software directly from the Internet

ACCEPTABLE USAGE OF SOCIAL MEDIA THE KNOW-HOW #6 

Do not forget to verify the source of message before giving out any information



Go slow and pay keen attention to fine details in emails and messages



Never click on embedded links in emails from unknown senders



Never download email attachment from unknown senders



Reject requests for online tech support from strangers no matter how legitimate they may appear



Secure your computer space with a strong firewall, up to date antivirus software and set your spam filters too high





Don’t forget to verify the website URL Avoid being greedy on the web

MALWARE PROTECTION THE KNOW-HOW #7 

Users shall not open any files attached to an E-mail from a suspicious source whose subject line is questionable



Users shall delete chain / junk E-mails (Spam) and not forward or reply to any of these mails



Employee should provide information about such emails to the DPH / location HR Head/ BCM for the branches or on email id [email protected]



Users shall not download any software directly from the Internet



Users must contact the IT helpdesk in case they have any additional specific software requirements



Users shall not download security programs or utilities that reveal weaknesses in the security



Users shall not bring any personal media for use on Company computer systems




Usage

of passwords

Virus

Protection



Security

of Office Equipment

Internet







Classification


TYPE OF INFORMATION ASSETS 

Information – Institutionalized information in soft form


Information – Institutionalized information in soft form Systems Software



Application Software

Utilities Development Tools

Software – Software which is used to sup port / facilitate the company’s business operations





Switches Servers



Laptops



Desktops

Firewalls Routers


Fax Machines

Printers

Physical – Physical devices which are required to support operations





Switches Servers





Desktops

Firewalls Routers


Fax Machines

Printers

Laptops

Physical – Physical devices which are required to support operations 

Agreements Contracts

Invoices

Manuals

Paper – Institutionalized information in physical hard copy form





Switches Servers





Fax Machines

Agreements Contracts

Invoices

Generator

Manuals

Paper – Institutionalized information in physical hard copy form

Fire Detection Systems

HVAC



Development Tools

Printers

Laptops

Physical – Physical devices which are required to support operations

UPS

Utilities


Desktops

Firewalls Routers


Telecommunication equipment

Service – Ser vices / infrastructure which is necessary to ensure smooth operation of the company

DATA CLASSIFICATION HOW & WHAT TO CLASSIFY Classification Category

•

Most valuable company information which could be disclosed only to concerned personnel

Critical

Treatment of Information Assets

Criteria for Classification

•

Its unauthorized disclosure could have adverse impact on operations, stakeholders, business partners and/or customers

•

•

Should be handled only by limited employees

•

Modification should be authorized by relevant authority

Leading to legal and financial repercussions and adverse public opinion

•

Valuable information which could be disclosed only to identified personnel only within the company

Restricted •

While its unauthorized disclosure is against the guideline, it is not expected to adversely impact the

•

employees •

Public

Information which can be shared freely with personnel outside the company

Enhance sharing of best practices

company •

Shared amongst only company

•

It may be freely disseminated without potential harm

SCENARIO #1: I have received a Financial Statement from the Head of the Business Unit. Can I share it with my EXAMPLES colleagues, or make changes?

Financial Statement would be a “Critical” document. It should be handled only by limited employees and you should not share it with anybody, unless specifically informed by the Head of the Business Unit. Any Any changes to such a document can only be made by relevant relevant authority for the identified personnel person nel only

SCENARIO #2: I have received a SOP, from my superior, which can be adopted as a best practice withinEXAMPLES the Business Unit. Can I share share it with my colleagues in other other Business Units?

Standard Operating Procedure (SOP), is a “Restricted” document. After taking permission from relevant relevant authorities, this may be shared within the same Business Unit or within the Company

TYPES OF CYBER SECURITY THREATS

MALWARE

CONTENT - MALWARE



Malware



What is Malware?



Statistics 2016



Different Types of Malware



Malware Symptoms



How to prevent it?



The Cure



The Instances

Short for "malicious software“, malware refers to software programs designed to damage or do other unwanted actions on a computer system Malware is often used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords. Left unguarded, personal and networked computers can be at considerable risk against these threats It can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing it

MALWARE STATISTICS

INFOGRAPHIC DEPICTING REVENUE MODEL OF MALWARE IN 2016

MALWARE INFECTED AREAS:

TYPES OF MALWARE

Virus

Worm Ransomware

Malware Rootkit

Trojan

VIRUS

 A

virus is a contagious program or code that attaches itself to another piece of

software, and then reproduces itself when that software is run. Most often this is spread by sharing software or files between computers

WORM

 A

program that replicates itself and destroys data and files on the computer. Worms

work to “eat” the system operating files and data files until the drive is empty

TROJAN



The most dangerous Malware. Trojans are written with the purpose of discovering your financial information, taking over your computer’s system resources, and in larger systems creating a “denial-of-service attack ”



Denial-of-service attack: An attempt to make a machine or network resource unavailable to those attempting to reach it. Example: AOL, Yahoo or your business network becoming unavailable

ROOTKIT



This one is likened to the burglar hiding in the attic, waiting to take from you while you are not home



It is the hardest of all Malware to detect and therefore to remove



Many experts recommend completely wiping your hard drive and reinstalling everything from scratch



It is designed to permit the other information gathering Malware in to get the identity information from your computer without you realizing anything is going on

RANSOMWARE



If you see this screen that warns you that you have been locked out of your computer until you pay up. Your system is severely infected with a form of Malware called Ransomware



It is not a real notification from law enforcement agency, but, rather an infection of the system itself



Even if you pay to unlock the system, the system is unlocked, but you are not free of it locking you out again. The request for money, usually in the hundreds of dollars is completely fake

SYMPTOMS OF MALWARE

THE EARLY SIGNS While these types of malware differ greatly in how they spread and infect computers, they all can produce similar symptoms. Computers that are infected with malware can exhibit any of the following symptoms: 

Increased CPU usage



Slow computer or web browser speeds



Problems connecting to networks



Freezing or crashing



Modified or deleted files

 Appearance

of strange files, programs, or desktop icons



Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off antivirus and firewall programs)



Strange computer behaviour



Emails/messages being sent automatically and without user’s knowledge (a friend receives a strange email from you that you did not send)

HOW TO PREVENT?

PREVENTION IS BETTER THAN CURE 

Purchase and maintain anti-virus software: It is important to only use one anti-virus program, in addition to performance issues, the programs may conflict causing connection and security problems. Be sure to keep your security solution up-to-date, out of date security is useless



Keep up-to-date: It is important to download and install all updates for software you are using. Windows’ updates should be downloaded and installed when available. These updates often patch security holes. Installing updates for other applications such as Adobe, Java, and media players should also be installed. These program updates may also improve the security of these applications



Site Advisor: These programs alert you to the risk level of a website before you enter it. You should also steer clear of high risk websites such as sites containing pirated software downloads and adult only material. These sites can contain malicious code

START WITH PREVENTION! 

File Sharing Sites: The files shared on these sites can be fraudulent. Often you believe you are downloading your favourite song when in reality it is malware or a virus. Installing these programs often opens a tunnel for any type of program to execute on your PC



Scan: Periodically scan your computer for malware. These programs can detect and remove even minor malware threats



Beware of e-mail: Don’t open e-mail from strangers. You wouldn’t let a stranger in your house so do not let them into your computer. Also beware of unexpected e-mail attachments that you are not expecting

DON’T CATCH THE COLD!



Stay legit: Pirated and cracked software can contain malware and often prohibits the software from obtaining updates. Pirated software could also contain keyloggers, spyware, or other malicious code



Think before you click: Even legitimate websites can contain ads or links that will forward you to higher risk websites. Social networking sites such as MySpace or Facebook may display messages tempting you to click a link, such as click here for a picture of your friend. These links often forward you to a bogus website

THE CURE

DO NOT PANIC!



Back Up Your Personal Files



Disconnect From The Internet



Boot In Safe Mode Or With A Live Antivirus Rescue Disk: By booting in Safe Mode, you’re able to prevent any non-core components from running, allowing you to isolate problems easier. To do this, restart your computer, and press and hold the F8 key while your computer starts up. The first option, “Safe Mode”, should be already selected, but if not, you can navigate to it with your arrow keys. Then press Enter. Once you’re in Safe Mode, you can continue the malwareremoval process



Change Your Passwords



Report to your concerned IT/Cybersecurity department

THE INSTANCES

Never trust a random pop up ad that hasn’t been validated by your existing anti-virus software

Avoid clicking on such claims as they are always likely to contain some form of malware!

This is a hidden Jotform link

SOCIAL ENGINEERING

CONTENT – SOCIAL ENGINEERING

•

•

•

•

•

•

What is Social Engineering? Statistics 2016 Types of Attacks What not to do! Scenarios Conclusion

AN ATTACK ON YOUR PSYCHE!

Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures

STATISTICS 2016

TYPES OF ATTACKS

Types of Attacks

PRETEXTING

BAITING



Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found



The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware

PHISHING



Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source



The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware

PRETEXTING



Pretexting is when one party lies to another to gain access to privileged data



For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient

SCAREWARE



Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content



The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware

SCENARIOS

SCENARIO #1: THE PENTESTER DECIDED TO PHISH FOR AN UNLISTED EMAIL ADDRESS OF A CFO IN THE AT-RISK COMPANY. HE STARTS BY CALLING THE CFO’s ADMINISTRATIVE ASSISTANT:



Assistant: Locks International, International, this is Asha, how can I help help you?



Phisher: Hi Asha, this is Amit, Amit, I’m a new hire down in Budgets trying to update some contact lists. Do you have Mr. Rahul Marolia’s Marolia’s email email address for our records?



Assistant: I do, but that’s not often given out, you can just use my address for most things it is [email protected]



Phisher: I know that, but I’m being put through the ringer down here and I was supposed to have this on my manager’s desk an hour ago and now he keeps checking up on me and I just started this job and I’ve…



Assistant: All Assistant: All right, I understand, understand, you can calm down. The email address address is [email protected] This scenario may seem far-fetched in written form, but change a few names and it quickly becomes real

life

SCENARIO #2: THE PENTESTER WANTS TO ENTER THE BUILDING WITHOUT PROPER ACCESS RIGHTS. AFTER DAYS OF STANDING OUTSIDE A SECURE ENTRANCE TO ACME, LOOKING ANXIOUS, THE PENTESTER FEELS THE TIME IS RIGHT. HE RECOGNIZES A MAN WHO OFTEN COMES THROUGH THIS ENTRANCE AND APPROACHES HIM: 

Pentester: It’s been a hell of a week huh?



Man: Yea, I guess it has.



Pentester: I left my ID in my car, and my car’s in the shop… I guess you really SHOULD get an oil change every 3000 kms.



Man: Ha! Man: Ha! Yea, I guess you should.

 As

the man walks walks inside, he holds the door open for the pentester. pentester.

The man might have been suspicious of the pentester at first, but he’s seen him around, and he shared a bit of his personal life. He even made a joke. That connection stirred some compassion and let him in the door

SCENARIO #3:



When was the last time someone said something like, “Yea! It was like in that one cricket match, India vs Eng, oh, what was that cricketer’s name? He scored 300, just like Sehwag?” or something along those lines and you blurt out “Karun Nair!” to much celebration and mild envy from a friend who’s clearly deficient in knowing great actors from awesome movies.



People like to be smart. There’s no shame in it. That’s why trivia games exist, people watch Jeopardy and most of us have filled in at least one Sudoku book in our lives. We especially like being smart when we can get recognized for it.



Now, think about when someone calls saying “I’m trying to call, whatsername, in accounting who stays at Thane…” and you suddenly share the name of a person in accounting. That might earn celebration from the engineer on the other end of the phone, but your impulses just gave something away.



For one week, write down every urge you have to blurt out information someone’s seeking or struggling to remember. You’re not likely to actually write these down, but every time it happens, it’ll make you think for a second. Try it – it’s creepy how often it comes up.

PAY CLOSER ATTENTION When you’re in any situation – good or bad – step back and look at it objectively . Notice what information is moving, what favors are being done, why it’s important, what the implications are if the information moves or if the favor is granted and what the best and worst outcomes of the situation are. 

If you really look at situations, many can start to seem a little fishy:



“Why is this guy in Budget making a contact list?”



“How come the guy outside the building hasn’t gone to the auto shop to get his ID when he needs it every day?”



“Why can’t he remember her name when everyone knows her?”

Those questions could have been pivotal, if the people in the scenarios above had taken a step back. Social engineering attacks are dangerous. Not because we need to remember harder passwords or remember our IDs at work, but because they don’t require a change in knowledge . Changes in knowledge are actually easy to adapt to. There are tricks to remembering things. Stopping these attacks requires a change in behavior and there aren’t any tricks to make that easy. Changes in behavior require changes in mindsets and paying closer attention.

PHISHING

CONTENT – PHISHING



What is Phishing?



How does it work?



Phishing Link Detection



Types of Phishing



Current Trends



How to avoid getting caught?



What to do when Fraud happens to me?

WHAT IS PHISHING?

The act of sending an email to a user falsely claiming to be an established, legitimate enterprise, in an attempt to scam the user into surrendering private information that will be used for identity theft

Targeted attacks through phishing especially in large corporates is real and growing at an alarming rate. These are some of the statistics of 2016:

85 percent of organizations have suffered phishing attacks!

UNIQUE PHISHING SITES DETECTED OCTOBER 2015 – MARCH 2016

250% surge in phishing detected in Q1 2016!

NUMBER OF PHISHING EMAILS OPENED & CLOSED IN FIRST 24 HOURS

30% of phishing emails get opened! That is the kind of open rate that marketers would kill for!

HOW DOES IT WORK?  Attackers

use different methods of deception as phishing strategies



They will create fake messages and websites, that imitate the original ones and try to lure you into handing over your personal information



They will either ask you to reply to them, follow a link included in the message or download an attachment



In order to make phishing look genuine, attackers include photos and information from the original website



They may even redirect you to the company’s website and collect the data through a false pop-up window. Or it can happen the other way around: they first request your personal data, then redirect you to the real website



Other times, they tell you that you have been targeted by a scam and that you urgently need to update your information in order to keep your account safe

DETECTING PHISHING LINKS



Criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication



Commonly used means: • Social web sites • Auction sites • Online payment processors • IT administrators

TYPES OF PHISHING

SPEAR PHISHING 

Spear phishing is an email directed at specific individuals or companies. It is highly effective and very well planned



The attackers will take their time and gather all the available information about their target before the attack: personal history, interests, activities, details about colleagues and any other details they can find. These are used in order to create a highly personalized and believable email



It’s a technique that works because the phishing email appears to be from someone you know and requires urgent action



Spear phishing requires higher efforts, but its success rates are also higher. It’s currently the most successful phishing technique, accounting for 95% of the attacks

 And

all this just by gathering publicly available information that we freely share on our social media

accounts and blogs

EXAMPLE

WHALE PHISHING



Whale phishing is the term used for attacks directed at high profile targets within companies, such as upper management or senior executives



These are tailored to appear as critical business email, sent from a legitimate business authority, that concern the whole company



Here are a few examples: legal subpoenas, managerial issues, consumer complaints



Needless to say that return on investment for attackers is very high in this case. And, contrary to what you’d think, these types of targets are not always as security savvy or protected as they should be

EXAMPLE

CLONE PHISHING



Clone phishing uses legitimate, previously delivered emails



The cyber attackers will use original emails to create a cloned or almost identical version



Clone phishing emails may claim to be a resend of the original or an updated version of it



Only this time, the attachment or link is replaced with a malicious version. It appears to come from the original sender and uses a fake reply-to address



This phishing strategy works because it exploits the trust created from the original mail

EXAMPLE

CURRENT PHISHING TRENDS

CURRENT TRENDS 

Cloud Phishing: IT attacks also had a boost in the past year, because of the increasing usage of cloud storage technology. This is usually distributed via email or social media, as a message sent by compromised friends accounts or on behalf of a cloud service provider. The stolen information can be used for extortion, sold to third parties or used in targeted attacks



Government Phishing: Be vigilant when it comes to communications that claim to be from law enforcement agencies, such as the IRS, FBI or any other entity. The most fraudulent attempts in the past years were created to mimic IRS communication, in an attempt to steal your financial information



Social Media Phishing: Phishers create websites that look identical to Facebook or LinkedIn or any other social media websites, using similar URLs and emails, in an attempt to steal login information. The attackers can then use this to access your account and send messages to friends, to further spread the illegitimate sites

HOW TO AVOID THE BAIT!

HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?



Clue #1: Sender details



First thing to check: the sender’s email address



Look at the email header. Does the sender’s email address match the name and the domain?



Spoofing the display name of an email, in order to appear to be from a brand, is one of the most basic phishing tactics




Clue #2: Message Content



They ask you to send them or verify personal information via email. They are likely to play on your emotions or urgency

 As

a general rule, be suspicious of any mail that has urgent requests (e.g. “respond in two days otherwise you will lose this deal”), exciting or upsetting news, offers, gift deals or coupons (especially around major holidays or events, such as Diwali or New Year)




Clue #3: They claim there was some sort of problem with your recent purchase or delivery and ask you to resend personal information or just click on a link to resolve it



Banks or legitimate e-Commerce representatives will never ask you to do that, as it’s not a secure method to transmit such information




Clue #4: Look out for attachments



They can attach other types of files, such as PDF or DOC, t hat contain links. Or they can hide malware. Other times, they can cause your browser to crash while installing malware



Clue #5: External links / websites



Let’s assume that you already clicked on a link from a suspicious email. Is the domain correct? Don’t forget that the link may look identical, but use a variation in spelling or domain

FOLLOW THESE RULES 

First rule: Beware of bogus or misleading links

• Hover your mouse over the links in the email message in order to check them BEFORE clicking on them • The URLs may look valid at a first glance, but use a variation in spelling or a different domain ( .net

instead of .com, for example) 

Second rule: Look out for IP address links or URL shortners

• They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended

destination 

Third rule: Beware of typos or spelling mistakes



Fourth rule: Beware of amateurish looking designs • This means: images that don’t match the background or look formatted to fit the style of the email. Photos

or logos uploaded at low resolution or bad quality 

Fifth rule: Beware of missing signatures • Lack of details about the sender or how to contact the company points into phishing direction. A legitimate

company will always provide such information

WHAT TO DO IF YOU THINK YOU WERE PHISHED? 

If you have a hunch that something is wrong, immediately contact your bank or credit card institution and close the accounts you believe may have been compromised



Change the passwords used for those accounts and then also change the passwords used for the emails linked to them



Report to the concerned cybersecurity personnel or the IT department if you think your PC has been breached

Conclusion: One last advice: always trust your instinct. It may not be the most scientific approach, but, ultimately, you should just listen to what your intuition tells you. If something feels wrong, even if you cannot specifically explain why, or if it’s too good to be true, it’s better to stay away from it

WHOM TO CONTACT IN CASE OF A VIOLATION?? Users are encouraged to consult the following people - the “Cyber Security Champions “ whenever they need clarifications about the guidelines or about how to act in a particular situation:

a. Divisional Personnel Head (DPH) b.Location Human Resource Head (LHRH) for upcountry factories Branch c. Commercial Manager (BCM) for the branches d.Manager – Information Security (Vikhroli) e. Manager – Information Security or on email id [email protected]

CYBER SECURITY AWARENESS TRAINING.pdf

Recommend Documents