Cybersecurity Guide
Protect Yourself and The Company Easily and Effectively!
Security Fundamentals
Beware of Phishing!
Strong Passwords
Safe Browsing
Confidential Info
Mobile Security
Beware of USBs
Report Incidents
Frequently Asked Questions
Cybersecurity Fundamentals
What is cybersecurity? Imagine it's like your home security system (alarms, strong locks, cameras), but for protecting the company's information and equipment in the digital world.
Why is it important? If a thief breaks into the company's "digital house," they could steal valuable information (like customer data or company secrets), cause chaos (disrupt work), or damage our reputation. It affects everyone!
Your role is key: Each of us is like a watchguard. If one is careless, they can leave a "door open" for the bad guys. We are all the first line of defense!
Each employee is a vital link in protecting company assets.
Quick Guide:
- ✔️ Cybersecurity protects our information and work.
- ✔️ One oversight can affect the entire company.
- ✔️ You are essential to keeping us safe!
Beware of Phishing and Social Engineering!
What is phishing? It's like a tricky fisherman casting a hook (a fake email, message, or call) hoping you'll "bite" and give them your personal information or click on something dangerous.
Types of scams:
- Phishing (email): The most common. Emails that look like they're from banks, well-known companies, or even coworkers!
- Vishing (voice/phone): They call you pretending to be from tech support or the bank.
- Smishing (SMS/messages): Text messages with suspicious links or asking for information.
How to spot them?
- Suspicious sender: Is the email address weird? (e.g., bank@secure-mail.com instead of @officialbank.com)
- Urgency or threats: "Your account will be blocked if you don't act NOW!"
- Spelling or grammar mistakes.
- Strange links: Hover over them (don't click!) to see the real address.
- Unexpected attachments.
- Odd requests: Is your boss emailing you to urgently buy gift cards? Be suspicious!
If in doubt → Report to IT
Real Example:
An employee receives an email that appears to be from HR, asking them to URGENTLY update bank details via a link. The link leads to a FAKE page identical to the portal. If they enter their details, thieves capture them!
Another case: An SMS says: "Package held at customs. Pay $XX to release it: [malicious link]".
What to do if you're suspicious? NEVER click, download anything, or reply! Report it to the IT team immediately.
Anti-Phishing Quick Guide:
- ✔️ Be wary of unexpected and urgent requests.
- ✔️ Check senders and links carefully.
- ✔️ Never give out your passwords via email or message.
- ✔️ When in doubt, ask IT!
Strong Passwords and Management
What is a strong password? Think of it as your house key. A simple key (like "12345") is easy to copy. A complex key, with many different notches, is much more secure.
A strong password should be:
- Long: At least 12-15 characters. The longer, the better!
- Complex: A mix of uppercase (ABC), lowercase (abc), numbers (123), and symbols (!@#$).
- Unique: Don't use the same password for everything!
Common mistakes (Avoid them!):
- Using pet names, birth dates, "123456", "password", "qwerty".
- Reusing passwords on multiple sites.
- Writing them on a sticky note attached to your monitor.
Password managers: They are like a secure digital vault for all your passwords. You only need to remember ONE strong master password. (e.g., LastPass, 1Password, Bitwarden).
Two-Factor Authentication (2FA/MFA): It's like adding an extra deadbolt! Enable it whenever you can, especially on important accounts!
- Long: 12+ characters
- Complex: Aa + 123 + #$%
- Unique: Different for each site
Good and Bad Examples:
Bad: Cat2024 · Okay: C@t2o24! · Good: MyD0gEatsHappyCh1ck3n!
Idea: "My grandma Jane bakes pies on Sundays" → MgJbP0S!2024
Password Quick Guide:
- ✔️ Long, complex, and unique.
- ✔️ Use a password manager if possible.
- ✔️ Always enable 2FA/MFA.
- ✔️ Don't share them or write them down where they can be seen!
Safe Internet Browsing
The internet is like a big city: there are great, safe places, but also dangerous alleys. Learn to navigate carefully!
HTTPS and the padlock (): When you see "https://" and a closed padlock, the communication is "armored" (encrypted). Especially important for shopping or personal data!
Avoid suspicious websites:
- Pages with tons of flashing ads or aggressive pop-ups.
- Sites that ask you to download programs "to see better" out of nowhere.
- Pages with design errors, bad spelling, or that just "feel weird."
Download with caution: Only download from official and trusted sources.
Public Wi-Fi networks (Be careful!): Wi-Fi in cafes, airports, etc., are like a public square: anyone could be listening! If the company provides a VPN, use it!
Public Wi-Fi → Use VPN
Public Wi-Fi Example:
You're in a coffee shop using free Wi-Fi. Without a VPN, a hacker on the same network could "see" what you send and receive, like your passwords.
Browsing Quick Guide:
- ✔️ Always look for the padlock and HTTPS.
- ✔️ Be wary of offers too good to be true.
- ✔️ Only download from official sources.
- ✔️ Use a VPN on public Wi-Fi if possible.
Handling Confidential Information
What is confidential information? These are the company's "treasures": customer data, secret plans, financial numbers, strategies... and also your personal information!
Share securely:
- Don't use personal WhatsApp or Gmail to send work files if it's not authorized. Use tools provided by the company.
- If you need to send something very sensitive, ask IT if there's a way to encrypt it.
Clean desk (physical and digital!):
- Don't leave documents with sensitive information visible on your desk. Lock them up!
- Lock your computer (Windows + L) whenever you get up.
- Don't have files with passwords or customer data visible on your desktop.
Secure destruction: Papers with confidential information must go to the paper shredder!
Example of Carelessness:
Leaving a customer list with phone numbers on the desk while going to lunch. Someone could take a photo. Or a financial report on the shared printer for hours.
Confidential Info Quick Guide:
- ✔️ Identify what information is sensitive.
- ✔️ Use secure channels to share it.
- ✔️ Keep your workspace clean and locked.
- ✔️ Shred important documents!
Mobile Device Security
Your phone or tablet are pocket computers, and they need security too!
ALWAYS use screen lock: Use a strong PIN, a complex pattern, your fingerprint, or facial recognition.
Apps only from official stores: Only download from Google Play Store or App Store. Downloading from strange sites is like inviting a stranger into your home.
Review app permissions: Does a flashlight app need access to your contacts? Suspicious! Grant only necessary permissions.
Keep software updated: Updates often include security patches that fix "holes" hackers could use.
Beware of Wi-Fi and Bluetooth: Disable them when not in use.
Malicious App Example:
You download a "free" game from an unofficial page. The game works, but in the background, the app is stealing your contacts, passwords, or even recording your conversations.
Mobile Quick Guide:
- ✔️ Always lock your screen.
- ✔️ Download apps only from official stores.
- ✔️ Review and limit app permissions.
- ✔️ Keep everything updated.
Secure Handling of USB Devices
USB drives are super useful, but they can also be a gateway for viruses!
Don't connect unknown USBs! If you find a USB drive lying around, DO NOT connect it to your computer! It could have a virus that installs automatically.
Analogy: It's like finding unwrapped candy on the street. Would you eat it? No! An unknown USB is just as risky.
Scan USBs (if you must use them): Notify IT first. They can scan it with antivirus software in a safe environment.
Be careful what you copy: Don't copy confidential company information to personal USBs if it's not allowed.
Found a USB? → DON'T CONNECT IT → Notify IT.
Real Case: "Gifted" USBs
At some conferences, "gift" USBs containing malware have been distributed. Attendees, upon connecting them, unknowingly infected their devices.
USB Quick Guide:
- ✔️ Never connect a USB from an unknown source.
- ✔️ If you must use an external USB, ask IT to check it first.
- ✔️ Don't use personal USBs for sensitive company info without permission.
Reporting Security Incidents
What is a security incident? Anything unusual or suspicious that endangers the company's information or systems.
When and how to report? AS SOON AS POSSIBLE!
- Reporting channel: [YOUR IT SUPPORT CONTACT HERE].
- What to report: Describe what happened, when, what you saw. The more details, the better!
Why is it so important to report quickly? Imagine there's a small fire. If you alert quickly, firefighters (IT) can put it out before the building burns down.
Don't be afraid to report: It's better to report a false alarm than not report something serious!
Your quick report minimizes damage.
Incident Example:
You clicked on a link that now seems suspicious. Your computer starts running slow. REPORT IMMEDIATELY!
Another: You lost the USB with the client presentation. REPORT!
Reporting Quick Guide:
- ✔️ If you see something suspicious, REPORT IT!
- ✔️ Do it as quickly as possible.
- ✔️ Use the official channel provided by the company.
- ✔️ Don't be afraid; it's better to be safe!
Frequently Asked Questions (Q&A)
Here you'll find answers to common questions. Don't hesitate to ask IT if you have others!
Have more questions? Contact the IT team!
[YOUR IT SUPPORT CONTACT HERE]