Company Ofisgate Security Plan

Get Started. It's Free
or sign up with your email address
Rocket clouds
Company Ofisgate Security Plan by Mind Map: Company Ofisgate Security Plan

1. Ways to avoid social engineering

1.1. 6 ways to avoid social engineering

1.1.1. Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.

1.1.2. Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.

1.1.3. Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.

1.1.4. Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.

1.1.5. Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.

1.1.6. Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.

2. Social engineering life cycle

3. Brief the employees

3.1. Employees should know their roles and restriction

3.2. Employees are given tutorials on how to overcome information threats

4. Security Policy

4.1. Passwords must be changed on a weekly basis

4.1.1. Passwords must contain alphanumeric letters, at least 8 letters long, memorised or written down and kept secured

4.2. Data Backup

4.2.1. Backups should be executed on either a weekly or monthly basis depending on the type backup

4.3. Internet Use

4.3.1. Limit employees' use of internet to a certain amount of time

5. Employees must go through an information threats awareness talk before being employed to the company

6. Security Risks