Cyber Security Awareness

Cybersecurity Awareness

Our chance to sharpen our cybersecurity skills, learn ways to avoid security threats and have some fun while we’re at it!

Cyber Security

Cybersecurity Awareness program is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come.

What is Cybersecurity?

Cybersecurity is the practice of protecting computer systems, networks, and digital data from theft, damage, or unauthorized access. It involves a range of measures, such as encryption, firewalls, and security policies, designed to safeguard the confidentiality, integrity, and availability of information in the digital realm. The goal of cybersecurity is to mitigate the risks posed by cyber threats, including hackers, malware, and other malicious actors, to ensure the security and privacy of digital assets and infrastructure.

In this program, we’ll be sharing helpful tips and resources to help you stay safe and secure, whether at work or at home.

Using strong passwords and a Password Manager

Just like you need a unique ticket for each movie you attend, you should also have a unique password for all your online accounts. Don’t reuse the same password across websites. If one of those sites gets compromised, hackers will also try that password on other sites. No matter the account, all passwords should be created with these three words in mind:

  • Long — At least 12 characters
  • Unique — Never reuse passwords. Each account needs its own unique password
  • Complex — Use a combination of upper- and lower-case letters, numbers and special characters. Some websites will even let you include spaces.

If you haven’t already, install a password manager — never write passwords down. Password managers not only let you manage all your online accounts’ unique passwords, but they have some other advantages:

  • Saves you time
  • Works across all your devices and operating systems
  • Protects your identity
  • Notify you of potential phishing websites

You can refer below video for more information

Play Video
Cyber - Recognizing and reporting phishing

Recognizing and reporting phishing

Phishing is a type of scam email designed to steal your confidential information, such as passwords or credit card data. Phishing is popular among hackers and can be catastrophic for organizations. 98% of phishing incidents are via email. But it isn’t enough to simply know that phishing emails are out there; you also need to be able to recognize and report them. Let’s preview some of the scripts used by hackers in their big heists this year:

  • Emails that contain an offer that’s too good to be true
  • Language that’s urgent, alarming, or threatening
  • Poorly-crafted writing with misspellings and bad grammar
  • Greetings that are ambiguous or very generic
  • Requests to send personal information
  • Urgency to click on unfamiliar hyperlinks or attachment
  • Strange or abrupt corporate communications
  • Sending e-mail address doesn’t match the company it’s coming from

While our organization’s security tools successfully block 95% of phishing emails, there remains a 5% chance of them slipping through. Therefore, it’s crucial to maintain constant vigilance when accessing emails within our organization and to adhere to guidelines for identifying and reporting phishing attempts.

By selecting the Report Phishing icon in Outlook, you may alert your security team about any phishing emails you receive.

 

You can refer below video for more information

Play Video

Updating Software

We see movies being remade constantly on the silver screen to stay relevant. Just like our favorite reboots, our software and apps want the latest and greatest updates to stay secure. These updates fix general software problems and provide new security patches where criminals might get in.

Please Note: When downloading a software update:

  • Only get it from the company that created it. Hacked, pirated, or unlicensed software versions often contain malware and cause more problems than they solve.
  • Make sure the software or application you’re updating is approved by your organization and are pushed by admin. If you are unsure please contact our team for more information.
  • Rebooting your devices after a software update is advised to ensure the update is properly installed. It will notify you when an update has been downloaded and is ready for installation so you can quickly schedule the reboot. 

 

You can refer below video for more information

Play Video

Enabling Multi-factor Authentication

Multi-factor authentication (MFA) is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity — usually via a push notification; think of MFA as a sequel to a password. Remember: two factors are better than one.

How it works: When logging into your account, you first provide your password or passphrase. Next, you will provide an extra way of proving that you’re you; this is typically done through either of these:

  • An extra PIN (personal identification number)
  • An extra security question like, “What’s your favorite pet’s name?”
  • An additional code, either emailed or texted
  • A biometric identifier like facial recognition or a fingerprint
  • A unique number generated by an “Authenticator App”
  • A secure token is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system

We have already enabled MFA within our organization and most of us are already enrolled. 

We have enabled 2 authentication options for Punch Powertrain as below:

  • A unique number generated by an “Microsoft Authenticator App” (Recommended Option)
  • Phone Text based OTP

 

You can refer below video for more information

Note: MFA registrations steps shown in the video is for reference and might differ.

Play Video

Announcement of Future Cybersecurity Developments

  • Enforce the New Password Policy.

  • Activating Windows Hello PIN/ Fingerprint.

  • Data Labelling Policy aka Data Classification.

  • Phishing Campaign and Awareness Training.

 

Please refer below summary video 

Play Video

Stay Safe, Stay Secure.

Stage 3: Updating software

Welcome to stage 3! We see movies being remade constantly on the silver screen to stay relevant. Just like our favorite reboots, our software and apps want the latest and greatest updates to stay secure. These updates fix general software problems and provide new security patches where criminals might get in.

Please Note: When downloading a software update:

  • Only get it from the company that created it. Hacked, pirated, or unlicensed software versions often contain malware and cause more problems than they solve.
  • Make sure the software or application you’re updating is approved by your organization. If you are unsure please contact our team for more information.
  • It is advised to turn on automatic updates. When an update is available, it will give you a reminder so you can easily start the process.

Thank you for removing our organization from the hackers’ cast list!

Stage 4: Enabling multi-factor authentication

Welcome to stage 4! Multi-factor authentication (MFA) is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity — usually via a push notification; think of MFA as a sequel to a password. Remember: two factors are better than one.

How it works: When logging into your account, you first provide your password or passphrase. Next, you will provide an extra way of proving that you’re you; this is typically done through:

  • An extra PIN (personal identification number)
  • An extra security question like, “What’s your favorite pet’s name?”
  • An additional code, either emailed or texted
  • A biometric identifier like facial recognition or a fingerprint
  • A unique number generated by an “Authenticator App”
  • A secure token is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system

Thank you for removing our organization from the hackers’ cast list!

Thank you for removing our organization from the hackers’ cast list!