100%
Information Security
> open to unlock
100% 100%
General
GDPR
Change
Access Control
Ransomware
Internet
Phishing
Passwords
100%
General
What is Information Security?
It’s all about protecting information so that people who shouldn’t have access to it can’t distribute, see it, change it, send it to someone else or delete it. Information security is not just important in the workplace; it’s very relevant to our everyday lives as well as it can keep us and our family’s details safe online. Information security is defined as protecting the confidentiality, integrity and availability of information and physical assets. This also includes the organisation image and reputational damage.
100%
Staff Awareness Change
Are you aware of Genesis Information Security Policy & E-learning module?
Through the Information Security policy we will protect our information assets (both physical and digital) against internal and external threats. The policy describes the roles and responsibilities for colleagues, contractors and third parties in maintaining the security of information assets. This is essential for legal compliance, competitive edge, reputation and profitability. Our customers also need to know we can be trusted with their information. The Information Security policy is located on Genie.
Mandatory Information Security Training To help you understand more about Information Security an e-learning course is available on the Digital Learning Zone and is mandatory for all colleagues. This new course covers how to tackle and prevent security breaches, identity theft, cyber criminals, and phishing emails. The aim of the course is to ensure that everyone understands how to reduce Genesis’ risk exposure from security failures and protect our physical, digital and paper assets. “Delivering Change through People “
100%
Awareness Campaignr Change
Consider information security in: • Team away days • Team meetings
• Processes & procedures • Personal lives
Be-aware of: • Social engineering • Cyber Hackers
• Phishing emails • Suspicious visitors
Genesis employees are the guardians of our information and physical assets.
100%
Can you spot a phish? Phishing Phishing is a method of using fraudulent emails in an attempt to steal YOUR information. Here are some useful tips to avoid getting caught out. • Be wary of emails from unknown senders, especially those asking you to confirm information • Never click links or open attachments from email that you are not expecting • Most importantly – if in doubt, get it checked out • If you receive a phishing email report it to the IT Service Desk as part of the Genesis Security Incident Procedure
A Phishing Attack Occurs Every 20 Seconds!!
100%
Types of Phishing There are many types of Phishing attacks: • Spear phishing – directed at specific individuals and companies like a spear • Clone phishing – as the name implies, clones emails and targets individuals e.g. emails cloned from organisations like banks, phone providers • Whaling – this type of phishing is targeted to senior managers or executives • Voice phishing – call from fake organisations pretending to be legitimate to obtain your credentials Phishing techniques have advanced and are continually evolving.
DON’T TAKE THE BAIT!!!
100%
5 things you should NEVER do online Internet
1.
Never connect with people you don’t know
2.
Never post personal information such as address, date of birth or bank details
3.
Never discuss work related issues
4.
Never give out sensitive information, especially to strangers
5.
Never upload compromising or work-related photos
More than 25% of online users fall victim to identify theft
100%
Passwords – Dos & Don’ts Passwords
Do ✓✓ Make them strong and change them regularly ✓✓ Keep them a secret ✓✓ Use a different password for every account ✓✓ Use a mix of letters, numbers and special characters
Don’t ✗✗ Write them down ✗✗ Share them, even with colleagues ✗✗ Use words that are easy to guess
47% of people use passwords that are at least five years old
100%
Do you know who’s behind you? Access Control ✓✓ Everyone must wear an access pass at all times. If you forget yours, you should report to reception for a temporary pass ✓✓ Don’t be the person who holds the door and smiles to let a criminal in ✓✓ If you see a visitor without a pass, escort them to reception ✓✓ Lock your screen when you leave your desk ✓✓ Follow the least privileged access
70% of employees believe that a security breach could happen via tailgating
100%
Top Tips Email ✓✓ Ensure you have the correct recipient before sending information. ✓✓ Remember emails have the same standing in law as other written communications ✓✓ Never initiate or forward ‘spam’ or chain type email ✓✓ Never send any work documents containing personal identifiable information to your personal computer ✓✓ Don’t make personal subscriptions to sites that store your information using the organisation’s mail account
100%
Emails are like postcards! If you wouldn’t put it on a postcard, don’t put it in an email Remember… ✓✓ Create A Unique Password… ✓✓ Beware of Phishing Scams… ✓✓ Never Click Links in Emails… ✓✓ Do Not Open Unsolicited Attachments…. ✓✓ Scan For Viruses & Malware…
Emails are the easiest door into an organisation – be alert!
100%
Did you know? Ransomware There are now more than 120 variants of ransomware. Phishing emails and a lack of awareness and training are the main causes of ransomware contagion. You’re not safe on any platform. Ransomware has been detected on Windows, Mac, OS, Linux, iOS and Android. Anti-virus software won’t always protect you. New malware is being developed faster than anti-virus products.
Worms Spyware
Rootkits
Crimeware
Trojans
Viruses
Malware
Adware
100%
GIV€ $¢AMMER$
A RUN FOR
¥OUR MON€¥ The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes and this enables consumers to get a level of protection. Genesis Customer App is PCI DSS Compliant ensuring that our customers have the appropriate level of security. Keep Information Security at the forefront.
100%
GDPR
General Data Protection Regulation
GDPR – The New Data Protection Rules GDPR is the new general data protection regulation, which replaces the current EU Data Protection Directive It comes in effect on: 25th May 2018
Who does it apply too? Anyone inside / outside the EU who targets the EU market, processes EU citizens’ data or monitors their behaviour.
A breach of GPDR can lead to a fine of €20 million or 4% of global turnover
100%
Notes
100%
Notes
100%
5 Information Security Tips 1. Protect your devices by following Genesis’ Smart Working Policy on clear desks and locked screens. 2. Comply with the Genesis corporate policies; familiarise yourself with the Information Security Policy. 3. Escort visitors around the offices. 4. Protect information outside the offices, in conversations and on devices to minimise the risk of theft and loss and social engineering. 5. Report security incidents on Heat to the IT department, eg loss of equipment, security breaches.
Information Security Genesis Housing Association Atelier House | 64 Pratt Street Camden | London | NW1 0DL www.genesisha.org.uk