Topic-icon Interesting & Relevant read for security professionals

1 month 2 weeks ago #3616 by KudoShinichi

twentysomething wrote:

hi kudoshinichi, may i know what kind of briefs are u referring to? do u mean those mailers or something to blast out?

Hi twentysomething,
Yes. Blast out IT Security Awareness emails to all staff. If Singcert advisory has topics related to work or staff, I will just copy and send.
www.csa.gov.sg/singcert/news/advisories-alerts

Sample
Dear Fellow Colleagues,

There has been a global ransomware attack as of yesterday, XX June YYYY.

This new ransomware has been identified as Petya. Blah blah blah :P

You are advised to strictly follow these Internet Best Practices.

1. Exercise caution and avoid opening suspicious email attachments. When in doubt, verify with the email sender if they had sent the email.

2. Similarly, do not click on suspicious links to websites that you do not recognise or are sent from people you do not know. These websites may contain malicious codes that infect a visitor’s computer with ransomware.

3. More importantly, do not download software from unofficial or disreputable sources. Such software – especially pirated software – may have ransomware or other malicious software bundled with it.

If you are a victim of ransomware, please contact IT Helpdesk / IT Security immediately.

Reference: www.csa.gov.sg/singcert/news/advisories-...yaransomwareoutbreak

Best Regards,
IT Security

Please Log in or Create an account to join the conversation.

1 month 2 weeks ago #3617 by twentysomething

Oh i see. think rather than wait for major incidents, it's good to broadcast on regular basis on impt subjects such as phishing, ransomware, data protection, etc.. how often do u conduct IT Security Awareness for general users?

Please Log in or Create an account to join the conversation.

1 month 1 week ago #3623 by KudoShinichi

twentysomething wrote:

Oh i see. think rather than wait for major incidents, it's good to broadcast on regular basis on impt subjects such as phishing, ransomware, data protection, etc.. how often do u conduct IT Security Awareness for general users?

Usually plan for at least 1 per quarter because there is a separate Information/IT Security Awareness training portal to test the staff twice a year. Yes, the email broadcast will include phishing, ransomware, acceptable computer use etc.

Please Log in or Create an account to join the conversation.

1 month 1 week ago #3624 by twentysomething

Do you mind sharing what training portal do you use? We are looking into purchasing or customizing a training portal but not sure what's the good ones out there. thanks!

Please Log in or Create an account to join the conversation.

1 month 1 week ago #3625 by KudoShinichi

twentysomething wrote:

Do you mind sharing what training portal do you use? We are looking into purchasing or customizing a training portal but not sure what's the good ones out there. thanks!

PM-ed you B)

Please Log in or Create an account to join the conversation.