SlideShare a Scribd company logo

Cyber Security

Ncell, profile picture
Ncell

This document provides information about an e-learning cyber security induction course for Axiata employees. The course aims to promote information security awareness around topics like introduction to security, social engineering, malware, mobile security, and responsible browsing. It serves as an induction for new employees and a refresher for existing employees. The course objectives are to understand information security and how to protect it, recognize social engineering techniques, be aware of malware types and prevention methods, understand mobile security risks and defenses, and learn responsible browsing practices. The course content will cover these topics through modules on introduction to security, social engineering, mobile security and social media, responsible browsing, and malware. Upon completing the course, participants will understand these cyber security concepts and

Technology
Related topics:
Mobile Security Insights
1 of 31
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
Most read
12
13
14
15
16
17
18
Most read
19
20
21
22
23
24
25
26
27
28
Most read
29
30
31
Cyber Security Induction
E – Learning Course Information 1. To promote information security awareness in the area of: i. Introduction to information security; ii. Social engineering; iii. Malware; iv. Mobile security & social media; and v. Responsible browsing. 2. To serve as an induction course for new Axiata employees. 3. To serve as a refresher course for existing Axiata employees. OBJECTIVES
OBJECTIVES 1. Understand information security, its importance and the role you have to play to protect our information security. 2. Recognise the many forms of social engineering, its potential impacts and how to stay vigilant against it. 3. Be aware of the different types of malware and signs of malware infection, and ways to prevent exposing your device to malware. 4. Understand mobile security, identify common mobile devices and mobile security attacks, and ways to reduce risk of mobile security attacks. 5. Recognise the importance of responsible browsing, understand safe browsing practices and practise safe sharing on social media. Why Is This Course Important? Upon completion of this course, participants will be able to: Let’s begin.
1 2 3 4 5 Course Content Introduction to Information Security Social Engineering Mobile Security and Social Media Responsible Browsing Malware 6 Assessment
Introduction to Information Security
PEOPLE. Our people working across the Axiata Group. Even with the absence of malicious intent, often times, information security is compromised due to employees’ lack of understanding on how to work in a secure manner. But where does our biggest threat come from? Why Do We Care? Estimates upwards of 250 billion dollars of loss associated with Cyber Crime! Every year, the Director of National Intelligence publishes an unclassified “Worldwide Threat Assessment.” The year 2018 report was published listing “Cyber” is the first (and greatest) threat listed. Information Security What is it? All the processes and practices we implement to protect networks, computers, applications and data from attacks on the C-I-A triad (Confidentiality, Integrity, and Availability).
You can ensure you play your part in protecting our information by: Keeping to our values. Keeping vigilant and diligent. Keeping hold of our valuables. Keeping it confidential. Keeping us all safe. How Do I Play My Part and How Will I Help? You will be helping Axiata to: Protect information from a range of threats. Ensure business continuity. Minimise potential financial loss. Optimise return on investments. Increase business opportunities.
Always logoff or lock your system even if you leave for a short time. Keep systems patched and up to date. Use strong passwords and protect your passwords. Encrypt sensitive files to ensure confidentiality of data. Watch what you share and be cautious of what information you put out there. Never let someone have access to your system with your credentials. Be wary of individuals looking for information or access to the building. Disable unsecured mechanisms. If something feels wrong or uncomfortable, trust your instinct and ask for help. Report any potential breach to your security team. Good Information Security Practices 1 2 3 4 5 6 7 8 9 10
Social Engineering
• Social engineering is the act of manipulating people into disclosing private information and sometimes it involves breaking normal security procedures. • It relies heavily on manipulating human emotions, such as guilt and fear. • It exploits our natural tendency to trust others. • It is very common because it is much easier to trick a person into disclosing his or her credentials than hacking into his or her account. Social Engineering?
Common Social Engineering Attacks Phishing Phishing is a technique of fraudulently obtaining private information. Phishing refers to the use of emails that appear to originate from a trusted source to trick a user into entering his or her login credentials, ATM card’s PIN number or credit card number at a fake website. Phishing emails typically look very convincing and contains a link to fake web pages with seemingly legitimate company logos and addresses. While spear phishing and phishing are similar in the sense that both attacks involve sending emails to trick users into providing information, the key difference is that spear phishing involves sending highly customised emails to a few specific users whereas phishing involves sending generic emails to a broad number of users. This means that spear phishing email is more strategic and specific with its choice of targets. Hence, spear phishing attacks are known to have higher rate of success than phishing attacks. Spear Phishing
Common Social Engineering Attacks Vishing, otherwise known as voice phishing, is the practice of using the telephone to impersonate a known individual to gain access to sensitive information. Typically, the victim receives a call with a voice message disguised as a communication from a financial institute or government agency. 3. Vishing 4. Tailgating Tailgating is the practice of following someone through a security controlled door without showing or using the required ID pass. A tailgater may request the target to hold the door, stating that he or she forgot to bring his or her ID along. The target typically complies to the tailgater’s request out of good faith and common courtesy without verifying if the tailgater is allowed on premises. z
Limit what you share online • Without prior information, social engineers are unable to establish a solid pretext to trick you. • Set your social media accounts private • Accept friend requests from people you know in real life • Refrain from posting sensitive information online. Think before you click Do not click, forward or respond to phishing emails. Challenge tailgaters Politely reject requests from tailgaters to hold the door and direct them to register at the reception counter instead. Think before you speak Do not disclose your personal information to unknown caller. Be aware, connect with care Do not connect unfamiliar physical media to the organisation’s network. Defending Against Social Engineering Attacks
Practise laptop security • Secure your laptop to your workstation with a cable lock. • Never leave your laptop in your vehicle. • Press “Ctrl” and “L” to lock your laptop screen when it is not in use. Follow Axiata Policy and Procedures Read, understand and follow Axiata’s policy and procedures. When in doubt, report to IT helpdesk! Keep your software up-to-date Software updates involves security patches that fixes security vulnerabilities. Defending Against Social Engineering Attacks
Malware
What is Malware? Malicious software. Executes without your permission. Tricks you into thinking it’s something else. Works to remain unnoticed. Compromise computer functions. Steal data. Bypass access controls. Harms the host computer.
Stealing data, monitoring user activity, modifying files - these are one of the few things a malware can do. Being aware of their tactics is the first line of defense! The list below depicts some of the common malwares. Trojan Bot RAT Common Malwares Bots are software programs created to automatically perform specific operations such as video gaming, internet auctions and online contests. A Trojan disguises itself as a normal file or program to trick users into downloading and installing malware. It is typically bundled with games. RAT (short for remote access Trojan) is a malware program that includes a back door for administrative control over the target computer.
Pop-ups that asks you to download antivirus software or offer freebies. Antivirus software and firewalls have been disabled without your consent. Computer is running slower than usual. Emails/messages being sent automatically without user’s knowledge. Computer has been crashing or freezing lately. Detecting Malwares Detecting malware is not an easy task. Anti-virus software are rarely 100% accurate at detecting malware because malwares are designed to self-update and continually hides its presence whenever they start getting detected. If your computer is acting “funny”, it may be infected with malware. The most common indicators of a malware attack include:
Preventing Malwares Prevention is better than cure. As malwares are getting harder to detect and new threats are seen on a regular basis, you must be extra cautious in reducing the risk of getting malware attacks on your computer. Listed below are a few key recommendations to prevent malwares. Installing protection software Update your operating system Securing your network • Important updates for your system are packed with bug fixes, virus protection, and lots of other important things to keep your device clean. • Ensure your network needs a strong password to connect. • Do not broadcast your network name. • Provide a separate network for guests. When you suspect a malware infection, report to your IT security team immediately before the problem gets worst! • This protection is a must-have first step in keeping your computer virus free. • Ensure that you keep your software up to date too.
Mobile Security
What is Mobile Security? Also known as wireless security. Serves as a protection of smartphones, tablets, laptops and other portable computing devices and the networks they connect to from threats and vulnerabilities. A means by which a mobile device can authenticate users and protect or restrict access to data stored on the device. Common Mobile Devices in the Workplace Laptops Bluetooth devices Smartphone BYOD (Bring Your Own Device) Tablets
Common Attacks Theft / Gaining Physical Access Data Interception Insider Threats Malware Eavesdropping
Ways to reduce the risk of mobile security attacks What can we do? Use Strong Passwords. Enable remote wipe function and consider the “Find Your Device Option”. Backup and protect your data. Don’t connect to a work system or the network unless you have permission to do so. Download only secure applications. Be cautious about what you share – text is not inherently secure. Don’t ‘jailbreak’ or ‘root’ your device. Report anything suspicious to the security team.
Responsible Browsing
What is Responsible Browsing? Browsing habits that protect your personal information and online activity from cyber criminals, while being accountable for the impacts of your browsing habits towards Axiata's information security. What are Safe Browsing Practices? • All information shared on the internet are easily accessed by the public within a single click, which makes the internet a risky place. • Cyber criminals often lurk behind the scenes while internet users browse online, prying to steal sensitive information and execute other malicious activities. • Hence, it is important to understand and follow certain safeguards in order to defend ourselves from the schemes of cyber criminals. • These safeguards are known as safe browsing practices, which are simple tips you can take to keep your online activity safe from cyber criminals. • The next few pages show some examples of safe browsing practices.
Create Secure & Unique Passwords. • Creating strong passwords make it difficult for cyber criminals to crack the password. A strong password should have a mix of the following: • Upper case; • Lower case; • Number; and • Special character. • Example of a weak password versus a strong password is as below: Weak Password Strong Password • ThisPasswordIsStrong Th1sPa55wordisStr0ng
Staying Safe while using Public Wi-Fi • Verify your connection. • Be sure to ask the employee what the actual public Wi-Fi is to avoid connecting to a bogus network. • Avoid checking sensitive data. • Hold off on login to your social media, email and especially your financial accounts while on public Wi-Fi. • Turn off sharing. • Be sure to turn off sharing while you are on public Wi-Fi. If you leave it on while in a public place, cyber criminals can easily gain access to sensitive personal information and fields. • Use a VPN. • If you need to check sensitive data like your banking account while on public Wi-Fi, use a virtual private network or a VPN. Even if a cyber criminal positions himself in the middle of your connection, your data will be strongly encrypted. • Turn your Wi-Fi off when you’re done. • Even if you haven't actively connected to your network, the Wi-Fi hardware and your computer can still be transmitting data with any network in range. If you are through using the internet, ensure that your Wi-Fi is turned off.
Avoid Unsecured Websites • Websites with secured connection will have URLs that start with “https.” instead of “http://”. • The “s” suffix indicate that the website information is secured and encrypted. This security is provided by a SSL certificate, which certifies that sensitive information entered into that site is secured. • Without a SSL certificate, that information is highly vulnerable to be exposed and easily accessible by cybercriminals. • Identify a padlock symbol in the browser window frame, which appears when you attempt to log in to your existing accounts or register new accounts. You can click on the padlock icon to verify that your connection is secure.
Keep Browser Up-to-date • Most updates will include security patches. New patches are often released to fix existing vulnerabilities in browser software, so having the most up-to- date versions is critical. • If you're not installing those updates, you may leave yourself and Axiata vulnerable to new threats that pop up constantly. • Therefore, always make it a point to update your browser and leave no room for any form of security vulnerabilities.
Importance of Responsible Browsing • Browsing without caution can put Axiata at risk of all sorts of dangers, which includes identity theft, data theft and even computer damage. • Sensitive information (e.g. credit card number, bank accounts, IC number & mobile number) could be stolen & used for malicious purposes. • It can be used to make fraudulent purchases, sign up new credit cards, and even apply for government benefits. IDENTITY THEFT • Files from your computer such as photographs, videos and documents are stolen & then sold for illicit purposes. DATA THEFT • Viruses are sent to computers to cause damage and make them inoperable. COMPUTER DAMAGE • Experiencing data breach will not only give us a bad reputation and affect our business operations, it will also compromise our customer’s trust towards us. • Losing our customer’s trust is the last thing we want to see happening, which is why everyone in Axiata play an essential role in practicing browsing habits that will improve the security of your online activities.
Assessment

More Related Content

PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPTX
Hyphenet Security Awareness Training
Jen Ruhman
 
PDF
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
PPTX
Cybersecurity Awareness Training
Dave Monahan
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPTX
Cybercrime and Security
Noushad Hasan
 
PDF
Cyber security
Bhavin Shah
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Hyphenet Security Awareness Training
Jen Ruhman
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cybersecurity Awareness Training
Dave Monahan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cybercrime and Security
Noushad Hasan
 
Cyber security
Bhavin Shah
 

What's hot (20)

PDF
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
PDF
Cyber Security Awareness
Ramiro Cid
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PDF
14 tips to increase cybersecurity awareness
Michel Bitter
 
PDF
End-User Security Awareness
Surya Bathulapalli
 
PPTX
Cyber security system presentation
A.S. Sabuj
 
PPTX
Secure coding practices
Scott Hurrey
 
PPTX
cyber security presentation.pptx
kishore golla
 
PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
PPTX
Introduction to cyber security
RaviPrashant5
 
PPTX
Introduction to cyber security amos
Amos Oyoo
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
PPTX
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
PPT
Information security management
UMaine
 
PPTX
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
PPT
IT Security Awareness-v1.7.ppt
OoXair
 
PDF
Social engineering attacks
Ramiro Cid
 
PPTX
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
PDF
Employee Security Awareness Program
davidcurriecia
 
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Cyber Security Awareness
Ramiro Cid
 
Threat Intelligence
Deepak Kumar (D3)
 
Introduction to Cybersecurity
Krutarth Vasavada
 
14 tips to increase cybersecurity awareness
Michel Bitter
 
End-User Security Awareness
Surya Bathulapalli
 
Cyber security system presentation
A.S. Sabuj
 
Secure coding practices
Scott Hurrey
 
cyber security presentation.pptx
kishore golla
 
Owasp top 10 vulnerabilities
OWASP Delhi
 
Introduction to cyber security
RaviPrashant5
 
Introduction to cyber security amos
Amos Oyoo
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Information security management
UMaine
 
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
IT Security Awareness-v1.7.ppt
OoXair
 
Social engineering attacks
Ramiro Cid
 
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
Employee Security Awareness Program
davidcurriecia
 
Ad

Similar to Cyber Security (20)

PDF
Customer information security awareness training
AbdalrhmanTHassan
 
PPTX
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
PPSX
csa2014 IBC
apyn
 
PDF
Week3-CyberSecurity 8th Semester important.pdf
MArshad35
 
PPT
Cyber-Security-20211013105857 (1).ppt
ssuser8fdae3
 
PDF
fundamentals of Cybersecurity Lesion 1.pdf
adamgaidam
 
PPT
Cyber-Security.ppt
VarunJain65422
 
PPT
Cyber-Security-20211013105857.ppt
HArshMangasuli
 
PPT
cybertestqas.ppt
JacobJose37
 
PPT
Cyber-Security-20211013105857.ppt
UmeshBansal18
 
PPT
Cyber-Security-20211013105857.ppt
AshaVijay11
 
PPT
Cyber-Security-.ppt
mabiratu
 
PPT
cs0123.ppt
HeroZero12
 
PPTX
Cyber-Security.ppt
chandakujjwal6
 
PPT
Cyber-Security-20211013105857 (1).ppt
KeerthikaaThiyagaraj
 
PPTX
Cyber security by vinod sencha for education
KanakKumarKanak1
 
PPT
Cyber-Security-20211013105857.ppt HGJHHKJHJKHKH
bhaimeresuresh
 
PPT
Direct infection: virus can infect files every time a user opens that specif...
BUSHRASHAIKH804312
 
PPT
Cyber-Security-20211013105857.ppt
mohan jena
 
PPT
Cyber-Security-20211013105857.ppt
Anoop Mishra
 
Customer information security awareness training
AbdalrhmanTHassan
 
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
csa2014 IBC
apyn
 
Week3-CyberSecurity 8th Semester important.pdf
MArshad35
 
Cyber-Security-20211013105857 (1).ppt
ssuser8fdae3
 
fundamentals of Cybersecurity Lesion 1.pdf
adamgaidam
 
Cyber-Security.ppt
VarunJain65422
 
Cyber-Security-20211013105857.ppt
HArshMangasuli
 
cybertestqas.ppt
JacobJose37
 
Cyber-Security-20211013105857.ppt
UmeshBansal18
 
Cyber-Security-20211013105857.ppt
AshaVijay11
 
Cyber-Security-.ppt
mabiratu
 
cs0123.ppt
HeroZero12
 
Cyber-Security.ppt
chandakujjwal6
 
Cyber-Security-20211013105857 (1).ppt
KeerthikaaThiyagaraj
 
Cyber security by vinod sencha for education
KanakKumarKanak1
 
Cyber-Security-20211013105857.ppt HGJHHKJHJKHKH
bhaimeresuresh
 
Direct infection: virus can infect files every time a user opens that specif...
BUSHRASHAIKH804312
 
Cyber-Security-20211013105857.ppt
mohan jena
 
Cyber-Security-20211013105857.ppt
Anoop Mishra
 
Ad

More from Ncell (20)

PPT
Termination of contract
Ncell
 
PPT
Law of contract
Ncell
 
PPT
Law making procedures and law operating system for Business in nepal
Ncell
 
PPT
Law & business law
Ncell
 
PPT
Judicial system and jurisdiction of court in nepal
Ncell
 
PPT
Intellectual property rights (IPR)
Ncell
 
PPT
Indemnity and guarantee
Ncell
 
PPT
Foreign investment and technology transfer act
Ncell
 
PPT
Contract of sale of goods
Ncell
 
PPT
Contract of agency
Ncell
 
PPT
Company
Ncell
 
PPT
Breach of contract
Ncell
 
PPT
Board of directors
Ncell
 
PPT
Bailment and pledge
Ncell
 
PPTX
Employee Training & development
Ncell
 
PPTX
Selection decisions
Ncell
 
PPTX
Recruitment decisions
Ncell
 
PPTX
Person profiling - Person Job Fit
Ncell
 
PPTX
Performance planning
Ncell
 
PPTX
Performance appraisal
Ncell
 
Termination of contract
Ncell
 
Law of contract
Ncell
 
Law making procedures and law operating system for Business in nepal
Ncell
 
Law & business law
Ncell
 
Judicial system and jurisdiction of court in nepal
Ncell
 
Intellectual property rights (IPR)
Ncell
 
Indemnity and guarantee
Ncell
 
Foreign investment and technology transfer act
Ncell
 
Contract of sale of goods
Ncell
 
Contract of agency
Ncell
 
Company
Ncell
 
Breach of contract
Ncell
 
Board of directors
Ncell
 
Bailment and pledge
Ncell
 
Employee Training & development
Ncell
 
Selection decisions
Ncell
 
Recruitment decisions
Ncell
 
Person profiling - Person Job Fit
Ncell
 
Performance planning
Ncell
 
Performance appraisal
Ncell
 

Recently uploaded (20)

PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
A Presentation on Artificial Intelligence
memembruh336
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Approach and Philosophy of On baking technology
30anthuong17
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 

Cyber Security

  • 2. E – Learning Course Information 1. To promote information security awareness in the area of: i. Introduction to information security; ii. Social engineering; iii. Malware; iv. Mobile security & social media; and v. Responsible browsing. 2. To serve as an induction course for new Axiata employees. 3. To serve as a refresher course for existing Axiata employees. OBJECTIVES
  • 3. OBJECTIVES 1. Understand information security, its importance and the role you have to play to protect our information security. 2. Recognise the many forms of social engineering, its potential impacts and how to stay vigilant against it. 3. Be aware of the different types of malware and signs of malware infection, and ways to prevent exposing your device to malware. 4. Understand mobile security, identify common mobile devices and mobile security attacks, and ways to reduce risk of mobile security attacks. 5. Recognise the importance of responsible browsing, understand safe browsing practices and practise safe sharing on social media. Why Is This Course Important? Upon completion of this course, participants will be able to: Let’s begin.
  • 4. 1 2 3 4 5 Course Content Introduction to Information Security Social Engineering Mobile Security and Social Media Responsible Browsing Malware 6 Assessment
  • 6. PEOPLE. Our people working across the Axiata Group. Even with the absence of malicious intent, often times, information security is compromised due to employees’ lack of understanding on how to work in a secure manner. But where does our biggest threat come from? Why Do We Care? Estimates upwards of 250 billion dollars of loss associated with Cyber Crime! Every year, the Director of National Intelligence publishes an unclassified “Worldwide Threat Assessment.” The year 2018 report was published listing “Cyber” is the first (and greatest) threat listed. Information Security What is it? All the processes and practices we implement to protect networks, computers, applications and data from attacks on the C-I-A triad (Confidentiality, Integrity, and Availability).
  • 7. You can ensure you play your part in protecting our information by: Keeping to our values. Keeping vigilant and diligent. Keeping hold of our valuables. Keeping it confidential. Keeping us all safe. How Do I Play My Part and How Will I Help? You will be helping Axiata to: Protect information from a range of threats. Ensure business continuity. Minimise potential financial loss. Optimise return on investments. Increase business opportunities.
  • 8. Always logoff or lock your system even if you leave for a short time. Keep systems patched and up to date. Use strong passwords and protect your passwords. Encrypt sensitive files to ensure confidentiality of data. Watch what you share and be cautious of what information you put out there. Never let someone have access to your system with your credentials. Be wary of individuals looking for information or access to the building. Disable unsecured mechanisms. If something feels wrong or uncomfortable, trust your instinct and ask for help. Report any potential breach to your security team. Good Information Security Practices 1 2 3 4 5 6 7 8 9 10
  • 10. • Social engineering is the act of manipulating people into disclosing private information and sometimes it involves breaking normal security procedures. • It relies heavily on manipulating human emotions, such as guilt and fear. • It exploits our natural tendency to trust others. • It is very common because it is much easier to trick a person into disclosing his or her credentials than hacking into his or her account. Social Engineering?
  • 11. Common Social Engineering Attacks Phishing Phishing is a technique of fraudulently obtaining private information. Phishing refers to the use of emails that appear to originate from a trusted source to trick a user into entering his or her login credentials, ATM card’s PIN number or credit card number at a fake website. Phishing emails typically look very convincing and contains a link to fake web pages with seemingly legitimate company logos and addresses. While spear phishing and phishing are similar in the sense that both attacks involve sending emails to trick users into providing information, the key difference is that spear phishing involves sending highly customised emails to a few specific users whereas phishing involves sending generic emails to a broad number of users. This means that spear phishing email is more strategic and specific with its choice of targets. Hence, spear phishing attacks are known to have higher rate of success than phishing attacks. Spear Phishing
  • 12. Common Social Engineering Attacks Vishing, otherwise known as voice phishing, is the practice of using the telephone to impersonate a known individual to gain access to sensitive information. Typically, the victim receives a call with a voice message disguised as a communication from a financial institute or government agency. 3. Vishing 4. Tailgating Tailgating is the practice of following someone through a security controlled door without showing or using the required ID pass. A tailgater may request the target to hold the door, stating that he or she forgot to bring his or her ID along. The target typically complies to the tailgater’s request out of good faith and common courtesy without verifying if the tailgater is allowed on premises. z
  • 13. Limit what you share online • Without prior information, social engineers are unable to establish a solid pretext to trick you. • Set your social media accounts private • Accept friend requests from people you know in real life • Refrain from posting sensitive information online. Think before you click Do not click, forward or respond to phishing emails. Challenge tailgaters Politely reject requests from tailgaters to hold the door and direct them to register at the reception counter instead. Think before you speak Do not disclose your personal information to unknown caller. Be aware, connect with care Do not connect unfamiliar physical media to the organisation’s network. Defending Against Social Engineering Attacks
  • 14. Practise laptop security • Secure your laptop to your workstation with a cable lock. • Never leave your laptop in your vehicle. • Press “Ctrl” and “L” to lock your laptop screen when it is not in use. Follow Axiata Policy and Procedures Read, understand and follow Axiata’s policy and procedures. When in doubt, report to IT helpdesk! Keep your software up-to-date Software updates involves security patches that fixes security vulnerabilities. Defending Against Social Engineering Attacks
  • 16. What is Malware? Malicious software. Executes without your permission. Tricks you into thinking it’s something else. Works to remain unnoticed. Compromise computer functions. Steal data. Bypass access controls. Harms the host computer.
  • 17. Stealing data, monitoring user activity, modifying files - these are one of the few things a malware can do. Being aware of their tactics is the first line of defense! The list below depicts some of the common malwares. Trojan Bot RAT Common Malwares Bots are software programs created to automatically perform specific operations such as video gaming, internet auctions and online contests. A Trojan disguises itself as a normal file or program to trick users into downloading and installing malware. It is typically bundled with games. RAT (short for remote access Trojan) is a malware program that includes a back door for administrative control over the target computer.
  • 18. Pop-ups that asks you to download antivirus software or offer freebies. Antivirus software and firewalls have been disabled without your consent. Computer is running slower than usual. Emails/messages being sent automatically without user’s knowledge. Computer has been crashing or freezing lately. Detecting Malwares Detecting malware is not an easy task. Anti-virus software are rarely 100% accurate at detecting malware because malwares are designed to self-update and continually hides its presence whenever they start getting detected. If your computer is acting “funny”, it may be infected with malware. The most common indicators of a malware attack include:
  • 19. Preventing Malwares Prevention is better than cure. As malwares are getting harder to detect and new threats are seen on a regular basis, you must be extra cautious in reducing the risk of getting malware attacks on your computer. Listed below are a few key recommendations to prevent malwares. Installing protection software Update your operating system Securing your network • Important updates for your system are packed with bug fixes, virus protection, and lots of other important things to keep your device clean. • Ensure your network needs a strong password to connect. • Do not broadcast your network name. • Provide a separate network for guests. When you suspect a malware infection, report to your IT security team immediately before the problem gets worst! • This protection is a must-have first step in keeping your computer virus free. • Ensure that you keep your software up to date too.
  • 21. What is Mobile Security? Also known as wireless security. Serves as a protection of smartphones, tablets, laptops and other portable computing devices and the networks they connect to from threats and vulnerabilities. A means by which a mobile device can authenticate users and protect or restrict access to data stored on the device. Common Mobile Devices in the Workplace Laptops Bluetooth devices Smartphone BYOD (Bring Your Own Device) Tablets
  • 22. Common Attacks Theft / Gaining Physical Access Data Interception Insider Threats Malware Eavesdropping
  • 23. Ways to reduce the risk of mobile security attacks What can we do? Use Strong Passwords. Enable remote wipe function and consider the “Find Your Device Option”. Backup and protect your data. Don’t connect to a work system or the network unless you have permission to do so. Download only secure applications. Be cautious about what you share – text is not inherently secure. Don’t ‘jailbreak’ or ‘root’ your device. Report anything suspicious to the security team.
  • 25. What is Responsible Browsing? Browsing habits that protect your personal information and online activity from cyber criminals, while being accountable for the impacts of your browsing habits towards Axiata's information security. What are Safe Browsing Practices? • All information shared on the internet are easily accessed by the public within a single click, which makes the internet a risky place. • Cyber criminals often lurk behind the scenes while internet users browse online, prying to steal sensitive information and execute other malicious activities. • Hence, it is important to understand and follow certain safeguards in order to defend ourselves from the schemes of cyber criminals. • These safeguards are known as safe browsing practices, which are simple tips you can take to keep your online activity safe from cyber criminals. • The next few pages show some examples of safe browsing practices.
  • 26. Create Secure & Unique Passwords. • Creating strong passwords make it difficult for cyber criminals to crack the password. A strong password should have a mix of the following: • Upper case; • Lower case; • Number; and • Special character. • Example of a weak password versus a strong password is as below: Weak Password Strong Password • ThisPasswordIsStrong Th1sPa55wordisStr0ng
  • 27. Staying Safe while using Public Wi-Fi • Verify your connection. • Be sure to ask the employee what the actual public Wi-Fi is to avoid connecting to a bogus network. • Avoid checking sensitive data. • Hold off on login to your social media, email and especially your financial accounts while on public Wi-Fi. • Turn off sharing. • Be sure to turn off sharing while you are on public Wi-Fi. If you leave it on while in a public place, cyber criminals can easily gain access to sensitive personal information and fields. • Use a VPN. • If you need to check sensitive data like your banking account while on public Wi-Fi, use a virtual private network or a VPN. Even if a cyber criminal positions himself in the middle of your connection, your data will be strongly encrypted. • Turn your Wi-Fi off when you’re done. • Even if you haven't actively connected to your network, the Wi-Fi hardware and your computer can still be transmitting data with any network in range. If you are through using the internet, ensure that your Wi-Fi is turned off.
  • 28. Avoid Unsecured Websites • Websites with secured connection will have URLs that start with “https.” instead of “http://”. • The “s” suffix indicate that the website information is secured and encrypted. This security is provided by a SSL certificate, which certifies that sensitive information entered into that site is secured. • Without a SSL certificate, that information is highly vulnerable to be exposed and easily accessible by cybercriminals. • Identify a padlock symbol in the browser window frame, which appears when you attempt to log in to your existing accounts or register new accounts. You can click on the padlock icon to verify that your connection is secure.
  • 29. Keep Browser Up-to-date • Most updates will include security patches. New patches are often released to fix existing vulnerabilities in browser software, so having the most up-to- date versions is critical. • If you're not installing those updates, you may leave yourself and Axiata vulnerable to new threats that pop up constantly. • Therefore, always make it a point to update your browser and leave no room for any form of security vulnerabilities.
  • 30. Importance of Responsible Browsing • Browsing without caution can put Axiata at risk of all sorts of dangers, which includes identity theft, data theft and even computer damage. • Sensitive information (e.g. credit card number, bank accounts, IC number & mobile number) could be stolen & used for malicious purposes. • It can be used to make fraudulent purchases, sign up new credit cards, and even apply for government benefits. IDENTITY THEFT • Files from your computer such as photographs, videos and documents are stolen & then sold for illicit purposes. DATA THEFT • Viruses are sent to computers to cause damage and make them inoperable. COMPUTER DAMAGE • Experiencing data breach will not only give us a bad reputation and affect our business operations, it will also compromise our customer’s trust towards us. • Losing our customer’s trust is the last thing we want to see happening, which is why everyone in Axiata play an essential role in practicing browsing habits that will improve the security of your online activities.