CYBER SECURITY Guide for employees Essential guide to keeping yourself and the Society safe when online
CONTENTS Introduction
1
Staying Safe Online
2
Phishing Explained
3
Email Awareness
4
Top Tips to Avoid Cyber Fraud
5
Guide for Dealing with Banks
7
Reporting Concerns
9
Taking Action
10
Further Information
11
Useful Websites
12
INTRODUCTION With most of us relying on the internet to communicate, manage our finances, buy products and services and enjoy entertainment, it is a wonderful resource. However, things can go wrong online and there is an increasing number of people being affected by fraud, identity theft and abuse over the internet.
The Society is aware of the increasing number of cyber fraud attempts so we have put this booklet together to help employees protect both the Society and themselves when using the internet.
There are a number of simple steps we can all take to protect ourselves. Most problems can be avoided by making sure we always follow simple rules and use our common sense. This guide provides some useful tips which we recommend you follow while online. Keep it handy as a quick reminder as you never know when you may need it. Read and adhere to the IT Acceptable Usage Policy. This is available on the HR Sharepoint site (see page 10).
1
STAYING SAFE ONLINE Below are some golden rules to follow whenever you are online. That way, you and the Society have a better chance of staying safe online.
1
Choose, use and protect your passwords carefully, and use different ones for your most important accounts: email, online banking and social media.
2
Ensure you always have internet security software which is kept up to date and switched on.
3
Be aware of the internet connection you are using. If on free or public wifi, your information may be visible to other users. Only use secure connections when conducting private and banking transactions.
4 5 6
Never reveal more than you have to in terms of personal or financial information.....you never know who might see it, or use it. Do not click on links or open attachments in emails if the source isn't 100% trustworthy. Take your time and think twice, because everything may not be as it seems.
2
PHISHING AWARENESS WHAT IS PHISHING?
Phishing is defined as the act of attempting to access information such as usernames, passwords, credit card details, and sometimes, indirectly, money; by pretending to be a trustworthy entity in an electronic communication.
Remember as an employee you are more likely to hear from either members of the public or SVP members if there is an issue. So be vigilant and take action if the need arises. Highlight any issues with your manager who will follow up when required. Read and adhere to the email usage policy. This is available on the HR Sharepoint site (see page 10).
3
3
EMAIL AWARENESS
Emails are becoming the most commonly used method of communication but there are some basic things to be aware of so - STOP, THINK & VERIFY before taking any action. Emails are used more and more to try and trick people into making payments or giving confidential information in order to steal or use the information to try and commit further scams.
Be aware of emails that: 1
Have forced or faked urgency to get you to respond before you think.
2
Offer a prize or reward to tempt you to click on a link.
3
Ask you for passwords or other confidential information.
4
Have website addresses that are similar but not the same as the real one e.g gbbgle.com vs google.com.
5
Use 'masked' links that look like a trusted website address but take you somewhere else when you click (hover over the link to see the actual address).
6
Use poor spelling or unusual grammar.
4
TOP TIPS TO AVOID CYBER FRAUD
1
2
3
Do not click on links or attachments in emails if you have any suspicions that the email is not genuine. Never respond to messages that ask for personal or financial (banking) information. Do not assume an email is authentic, even if someone knows your basic details.
5
Be alert! Always double check any random or unexpected emails, calls or texts requesting personal, Society or financial information.
4
5
6
Before processing any payment requests, verify the instructions are genuine and from a trusted source. Remember that criminals can spoof email addresses to appear as someone you know or from the Society. If the request is unusual always check and verify before taking action. Report matters of concern to your manager immediately if you think you are a victim of a fraud email or cyberattack. 6
DEALING WITH BANKS & FINANCIAL PAYMENTS For anyone working in the finance areas, you will have detailed internal control procedures to follow.
1
If you are asked to change or follow a different procedure for any money/banking transactions, always speak to a known contact to confirm the validity of the instructions.
2
If phone numbers, e-mail or contacts are changed you should ask for confirmation that these changes are valid.
3
Never give out your own or the Society's secure details such as full banking passwords, codes & login details. 7
Remember- these rules should be applied when dealing with your own personal banks.
4
Ask for confirmation when funds from you have been received.
5
Be aware and be vigilant, raising your concerns to your manager if you feel any request appears unusual or suspicious.
6
When checking your own banking online always use a secure connection- NOT free wifi.
8
REPORTING CONCERNS ON CYBER FRAUD
If you suffer from fraud, identity theft or abuse, report it immediately to avoid repeat victimisation and prevent it from happening to others. Report the problem to the website, social network, ISP or organisation used by the fraudster, identity thief or abuser to commit their crime. If you receive a fraudulent email, phone call, text or social media post, report it to the organisation being falsely represented (for example your bank). You report it however small the amount you have lost or the abuse suffered. Be aware and be vigilant, raising your concerns to your manager if you feel any request appears unusual or suspicious as precaution is always best.
9
TAKING ACTION What is the Society doing? The Society takes the threat of cyber fraud very seriously and is continually monitoring IT services and systems as much as possible.
What can I do? All Policies and Guides are available on the online HR Sharepoint site. These outline in more detail everything you need to know to keep yourself and the Society safe when online. For help to access the Sharepoint site send an email to: hr@svp.ie with your name, email, department and location. There is now online cyber security & GDPR training available for employees who have not yet completed it. You can request a GDPR Training link to log in and complete online training by sending an email to: svp.gdprtraining@svp.ie with your name, email, department and location.
10
FURTHER INFORMATION Where to go for help in SVP If you have any concerns about cyber fraud in relation to your SVP work contact your Data Champion.
Who is your Data Champion? For employees in general this will be your Regional Coordinator or Regional Manager. For employees within Specialist Services it will be the relevant manager or Head of Function.
For more information Email the Data Protection Officer (DPO) for the Society: svp.dpo@svp.ie All Policies and Guides are available on the HR Sharepoint site (see page 10).
11
Useful websites: SVP website: www.svp.ie www.fraudsmart.ie www.ncsc.gov.uk/collection/charity www.dataprotection.ie/en/organisations
12
Cyber Security Booklet for employees version 1 Summer 2019