Cybersecurity & Internal Threats

FREE

What is Cybersecurity? A short introduction

Welcome! As a part of the security personnel, physical safety is not the only kind of safety that you must look out for. You must also be well-informed about the threats and attacks that may transpire in virtual environments and cyberspace.

In this lesson, we will... Introduce what cybersecurity is, Demonstrate how cyberattacks may happen, and Enumerate the types of cyberattacks that hackers usually employ.

Are you ready? Click on the button below to get started!

What happens when you've been phished? Once a phishing link is clicked, cyber criminals will be able to access sensitive data such as... credit card, social security, or login information. When clicking links on emails, always ask yourself: Do I know this person or organization? And make sure to take a step further by double-checking their details and credentials. You may also ask: Are they who they really claim they are to be?

Malwares Types of Cyberattacks

Malwares are malicious software such as spyware, ransomware, and viruses.

Malware can usually breach a network through vulnerabilities such as clicking on a suspicious email link or installing an unauthorized application on your office computer.

Once inside a network, malware can steal sensitive information or produce more harmful software within it which can affect our operations.

Social Engineering This is a type of cyberattack. This is the process of psychologically manipulating people into divulging personal information. This may also be a form of phishing wherein the attacker takes advantage of the person's natural curiosity or trust. An example of advanced social engineering is voice manipulation. In this case, cybercriminals take your voice from sources such as social media. By manipulating it, criminals can pretend as you to call your friends and relatives to gain your credit card or other sensitive information.

What are Insider Threats? A short introduction

Welcome back! In the last lesson, we shortly discussed the importance of cybersecurity and its role in managing cyberattacks. But sometimes, these attacks do not come from the outside-- they may come from inside our organization.

In this lesson, we will... Introduce what insider threats are, Enumerate the types of insider threats that commonly occur, and Teach you how to spot a potential insider threat.

Are you ready? Click on the button below to get started!

Insider Threats What are they? Cybersecurity isn’t only about protection against hackers --- these threats may also come from people inside our organization. They may be our current employees, former employees, contractors, or partners. People who got in touch inside our organization could... potentially abuse our trust through modifying or deleting sensitive information, and accessing our non-disclosable networks and assets. The information at risk could span from... our employee data, log-in credentials, financial records, customer data, and even our very organization’s security practices.

Which of the following company data are at risk with insider threats? You may choose multiple answers.

How can you spot an insider threat? Here's a list of suspicious activities to look-out for!

Online Activity Were there activity logs at unusual times?

Volume of Traffic Were there instances where too much data is being transferred through our network?

Unusual Activity Were there documents that were accessed unusually?

How can we Protect Company Data? Some preventive measures

Welcome back! Last lesson, we shortly discussed what insider threats are and how they pose a danger to our organization's cybersecurity. In this final lesson, we'll help you handle and manage these potential breaches in our cybersecurity.

In this lesson, we will... Give you some tips to reduce the likelihood of insider threats from happening and Show you preventive measures to protect yourself from these insider threats.

Are you ready? Click on the button below to get started!

Reducing the Risk of Insider Threats Some tips for all staff Conduct risk assessments regularly. This would help you understand the terrible consequences of insider threats. 2. ## All staff must undergo cybersecurity awareness regularly. 3. ## Monitor important assets. This includes the management of accounts and privileges of our staff and contractors. 4. ## Challenge the organization's current defenses. Simulations or "penetration testing" can be done annually to test the effectivity of the current security system. Do phishing simulations. This will help pinpoint our organizations' weak points. 6. ## Install 24/7 network and endpoint monitoring for anomalous behavior.

Protect yourself from insider threats! Some Tips

Do an inventory of your critical assets. These can be physical or logical, such as systems, technology, facilities, or people.

What are these critical assets? customer data for vendors, proprietary software, schematics, and internal manufacturing processes.

Here are some guide questions: What critical assets do we possess? Which are our priorities? What is the current state of these assets?

Enforce policies. Everyone must arrive at a common and shared understanding of the importance of cybersecurity.

Continuation... Organizational policies must be clearly documented, implemented, and monitored. Most importantly, everyone should know the scope and limitations of their rights with regard to their access to company data.

Conduct cybersecurity workshops regularly. Stability in cybersecurity is not only through actions— it depends on attitudes, beliefs, values, and habits.

Remember. Regular workshops and the promotion of cybersecurity values in company culture will help combat insider threats caused by negligence.