Professional Documents
Culture Documents
The 2019
Essential Cyber Security
Checklist
The protection of confidential
information is vital for every
organization. The purpose of
security awareness training is
to develop competence and
company culture that saves
money and creates a human
firewall guarding against an
ever increasing threat of rep-
utational and actual damage
and data loss.
We hope this list helps to identify at least some of the threats that are
around today.
Essentials Email
A modern company needs An understanding of phishing,
informed employees who have a malicious attachments and
basic understanding of when it is proper to use email
where security risks lie and when not
Privacy Mobile
With increased regulations to Mobile phones today are mini
guard personally identifiable computers that can hold
information, mistakes valuable information
can be very expensive
Data Leaks Essentials Privacy
A d at a l e ak i s t h e intentiona l or
u n i n t e n t i o n al re l ea s e of s ec u re or priva te /
c o n f i d e n t i al i n fo r ma tion to a n u ntru sted
e n v i ro n m e n t . Fai lu re to repor t a lea k c a n ha ve
s eve re c o n s e q u e nc es for the indiv idu a l a nd
l e ad t o h eft y f i n es for the c ompa ny.
M an ag i n g m u l t i p l e pa s swords c a n be ha rd,
b u t i t i s e s s e n t i al to ha ve different
p as swo rd s fo r d i fferent s ens itive a c c ou nts.
Malicious Attachments
E m ai l i s st i l l an i m por ta nt c ommu nic a tion
t o o l fo r b u s i n e s s orga niza tions. At ta c hments
re p re s e n t a p ot e n tia l s ec u rit y ris k . They c a n
c o n t ai n m al i c i o u s c ontent , open other
d an g e ro u s f i l e s, or la u nc h a pplic a tions, etc .
Social Engineering
S o c i al e n g i n e e r i ng is the u s e of a dec eption
t o m an i p u l at e i n d iv idu a ls into div u lging
c o n f i d e n t i al o r p ers ona l informa tion tha t
m ay b e u s e d fo r fra u du lent pu rpos es often
t r i c k i n g p e o p l e i nto brea king norma l
s e c u r i t y p ro c e d u res.
Dumpster Diving
Du m p st e r d i v i n g is a tec hniqu e to
ret r i eve s e n s i t i ve informa tion tha t c ou ld be
u s e d t o ac c e s s a c ompu ter net work . I t is n’ t
l i m i t e d t o s e arc h i ng throu gh the tra s h for
d o c u m e n t s.
C h o o s i n g a g o o d pa s sword is nec es s a r y.
C h o o s e o n e t h at ha s a t lea st 8 - 1 0 c ha ra c ters
an d at l e ast o n e nu mber, one u pperc a s e let ter,
o n e l owe rc as e l et ter, a nd one s pec ia l sy mbol.
Do n ot u s e an y words tha t a re in the
d i c t i o n ar y.
C h o o s i n g a g o o d pa s sword is ju st a sta r t .
U s e d i f fe re n t p asswords for different
ac c o u n t s an d d o n’ t lea ve the pa s sword w here
i t c an b e fo u n d . D on’ t s end c redentia ls by
e m ai l o r st o re t h em in a n u ns ec u re loc a tion.
Confidential Material
Pr i vat e m e d i a i s often not regu la ted a nd
s o m et i m e s u n s e c u re. Understa nding the
ways a h ac ke r m ight ga in a c c es s to
u n au t h o r i ze d d ata is impor ta nt .
Tailgating
Tai l g at i n g , s o m et imes c a lled piggy ba c king,
i s a p h ys i c al s e c u rit y brea c h w here a n
u n au t h o r i ze d p e rs on follows a n a u thorized
o n e i n t o a s e c u re loc a tion.
Spear Phising
S p e ar P h i s h i n g i s the pra c tic e of stu dy ing
i n d i v i d u al s an d t heir ha bits, a nd then u s ing
t h at i n fo r m at i o n to s end s pec ific ema ils
f ro m a k n ow n o r tru sted s ender ’s a ddres s in
o rd e r t o o bt ai n confidentia l informa tion.
Shoulder Surfing
S h o u l d e r s u r f i n g is a t y pe of s oc ia l
e n g i n e e r i n g t e c h niqu e u s ed to obta in
i n fo r m at i o n s u c h a s pers ona l identific a tion
n u m b e rs, p as swords, a nd other c onfidentia l
d at a by l o o k i n g over the v ic tim’s s hou lder.
H o m e n et wo r ks are often s et u p in a ru s h to
g et c o n n e c t i v i t y rea dy a s s oon a s pos s ible.
M o st p e o p l e d o not ta ke a ny steps to s ec u re
t h e i r h o m e n et work , ma king them v u lnera ble
t o h ac ke rs.
We try to update this list with new content as often as possible. If you
feel that anything is missing. Please let us know at
awarego@awarego.com.
Ragnar Sigurdsson
Founder & CEO, Ethical Hacker, CISSP
AwareGO
Simple & Effective Security Awareness
Phone
+354 899 4370
Email
awarego@awarego.com
Address
AwareGO, Borgartun 27, 105 Reykjavik Iceland