Interesting & Relevant read for security professionals

twentysomething wrote:

Hi twentysomething,
Yes. Blast out IT Security Awareness emails to all staff. If Singcert advisory has topics related to work or staff, I will just copy and send.
www.csa.gov.sg/singcert/news/advisories-alerts

---

Sample
Dear Fellow Colleagues,

There has been a global ransomware attack as of yesterday, XX June YYYY.

This new ransomware has been identified as Petya. Blah blah blah

You are advised to strictly follow these Internet Best Practices.

1. Exercise caution and avoid opening suspicious email attachments. When in doubt, verify with the email sender if they had sent the email.

2. Similarly, do not click on suspicious links to websites that you do not recognise or are sent from people you do not know. These websites may contain malicious codes that infect a visitor’s computer with ransomware.

3. More importantly, do not download software from unofficial or disreputable sources. Such software – especially pirated software – may have ransomware or other malicious software bundled with it.

If you are a victim of ransomware, please contact IT Helpdesk / IT Security immediately.

Reference: www.csa.gov.sg/singcert/news/advisories-...yaransomwareoutbreak

Best Regards,
IT Security

Oh i see. think rather than wait for major incidents, it's good to broadcast on regular basis on impt subjects such as phishing, ransomware, data protection, etc.. how often do u conduct IT Security Awareness for general users?

twentysomething wrote:

Usually plan for at least 1 per quarter because there is a separate Information/IT Security Awareness training portal to test the staff twice a year. Yes, the email broadcast will include phishing, ransomware, acceptable computer use etc.

Do you mind sharing what training portal do you use? We are looking into purchasing or customizing a training portal but not sure what's the good ones out there. thanks!

twentysomething wrote:

PM-ed you