Cyber Security Awareness Training PDF

Copyright@2017 by Godrej & Boyce Mfg. Co. Ltd.
All rights reserved

Information Technology (IT) Assets Guidelines
1 I Godrej I Title of presentation I Date

CONTENT
Why Cybersecurity?
Initiatives Taken by the Organization
The G&B Guidelines
Cyber security Champions
Types of Cyber Security Threats:
Malware
Social Engineering
Phishing
2 I Godrej I Cyber Security: E-Learning Training Module Restricted; Not for Circulation
WHY CYBER SECURITY?

GLOBAL ATTACKS ARE ON THE RISE.
ITS NOT JUST BANKS & TELECOM COMPANIES ANY MORE
ATTACKS ON MANUFACTURING COMPANIES ARE ON THE RISE
EMPLOYEES ARE THE FIRST AND LAST LINE OF DEFENCE!!
GODREJ & BOYCE INITIATIVES

INITIATIVES TAKEN BY GODREJ
DUE TO THESE RECENT CYBER ATTACKS, IT BECOMES OUR RESPONSIBILITY TO BE MORE

AWARE AND PROTECT OUR ORGANIZATION BY:
Embedding cyber vigilance within our company culture

Staying ahead of these threats by:
Proactive prevention Comprehensive training
Effective detection Structured network
Optimized reporting Increased engagement
Adapted behaviours
THE GODREJ & BOYCE GUIDELINES

ACCEPTABLE USAGE OF IT ASSETS GUIDELINES
LAUNCH OF IT ASSETS AND INFORMATION ASSET CLASSIFICATION AND PROTECTION GUIDELINES ACROSS G&B
Acceptable usage of IT assets guidelines Information Asset classification and protection

guidelines
Usage of the Companys information systems
Defining the type of Information assets
Usage of passwords
Classification and treatment of Information Assets
Virus Protection
Electronic Mail (E-mail) and instant messaging
Physical Security
Use of Office Equipment
Internet User Code of Conduct
Acceptable Usage of Social Media
Mobile Device Management Guidelines

guidelines
Usage of passwords
Virus Protection
Physical Security
USAGE OF THE COMPANYS INFORMATION SYSTEMS
THE KNOW-HOW #1
Authority to utilize the Companys information resources for business purposes only
Downloading, redistribution and printing of copyrighted materials to the Companys information systems strictly prohibited
Disseminating proprietary data or other confidential information in violation of company guidelines is strictly prohibited
Downloading inappropriate material for personal use is strictly prohibited
Users are prohibited from tampering with Companys security systems
Users must ensure that confidential papers, removable storage media as well as laptops are not left unattended on the
work area
Users shall lock their computer systems when they move away from the device
Users shall not share Companys information, classified as confidential or restricted, to a third party unless authorized by
information asset owner
Copyrighted materials belonging to the entities other than Company may not be transmitted by employees
PASSWORD USAGE
THE KNOW-HOW #2
Do not reveal password in an E-mail message, telephones, on At least 8 Uppercase

characters Letters
questionnaires or security forms or to co-workers while on vacation
Lowercase
Letters
Passwords should not contain the word Godrej or any variants such as
Godrej@123. Passwords should not contain names of any applications or
servers such as speedflow@123
Special Numbers
Users must not use the same password for Company accounts as for other non- Characters
company access
Change passwords at regular intervals & avoid recycling of old passwords
Ensure that they access the system only through their individual user ID and
password and do not allow anyone else to access the system through their
password
Multiple users should not be allowed to access the system through same email ID
The Perfect Password
EMAIL SECURITY
THE KNOW-HOW #3
Users shall use only their own corporate E-mail account and not allow anyone else to access
their account
No e-mail or other communication should be sent which intentionally hides the identity of the
sender or represents the sender as someone else or someone from another organization
Any messages or information sent by a user to another individual outside via an electronic
network are statements that normally reflect on the Company. Therefore, all such
communication should be done keeping the Company security and image uppermost in mind
E-mail should be used primarily for business purposes
Users shall not send unsolicited bulk mail messages
Forwarding of company email to personal email id is not permitted
PHYSICAL SECURITY
THE KNOW-HOW #4
Users shall not enter into the Company without ID badges and they shall always display their ID badges
within the Company
Users shall not allow any unauthorized person to accompany them and / or enter the Company without a
proper gate pass
Users shall ensure that any company asset / documents is taken outside the premises following proper
procedures and authorization on appropriate gate pass
Vendors and third party contractors, who are bringing in their own assets for the purpose of official usage
should declare the same at the security checkpoint and get an entry made on the gate pass
The first line of defense for every organization is YOU!
Physical security is the protection of personnel, hardware, software, networks and data from
physical actions and events that could cause serious loss or damage to an enterprise.
APPROPRIATE USE OF OFFICE EQUIPMENT
THE KNOW-HOW #5
Users shall not reveal sensitive information over the telephone
Making additional copies of or printing of extra copies of confidential

information shall be prohibited
While use of USB storage devices on laptops and desktops shall be allowed,
any unauthorized access would make the employee liable for punitive action
Employees are responsible for data backup at reasonable intervals
Users shall not download any software directly from the Internet
ACCEPTABLE USAGE OF SOCIAL MEDIA
THE KNOW-HOW #6
Do not forget to verify the source of message before giving out any information
Go slow and pay keen attention to fine details in emails and messages
Never click on embedded links in emails from unknown senders
Never download email attachment from unknown senders
Reject requests for online tech support from strangers no matter how legitimate they may
appear
Secure your computer space with a strong firewall, up to date antivirus software and set
your spam filters too high
Dont forget to verify the website URL
Avoid being greedy on the web
MALWARE PROTECTION
THE KNOW-HOW #7
Users shall not open any files attached to an E-mail from a suspicious source whose subject
line is questionable
Users shall delete chain / junk E-mails (Spam) and not forward or reply to any of these mails
Employee should provide information about such emails to the DPH / location HR Head/ BCM
for the branches or on email id infosec@godrej.com
Users shall not download any software directly from the Internet
Users must contact the IT helpdesk in case they have any additional specific software
requirements
Users shall not download security programs or utilities that reveal weaknesses in the security
Users shall not bring any personal media for use on Company computer systems

guidelines
Usage of passwords
Virus Protection
Physical Security
TYPE OF INFORMATION ASSETS
Information Institutionalized information in soft

form

form Application Utilities
Software
Systems Software Development Tools
Software Software which is used to support / facilitate the companys business

operations

Software

operations
Switches Firewalls Desktops Fax Machines

Servers Routers Laptops Printers
Physical Physical devices which are required to support

operations

Software

operations


Agreements Manuals
operations Contracts Invoices
Paper Institutionalized information in physical hard copy

form

Software

operations


Agreements Manuals
operations Contracts Invoices
Paper Institutionalized information in physical hard copy

form
HVAC Fire Detection Systems

UPS Generator Telecommunication
equipment
Service Services / infrastructure which is necessary to ensure smooth operation of the
company
DATA CLASSIFICATION
HOW & WHAT TO CLASSIFY
Classification Treatment of Information
Criteria for Classification
Category Assets
Most valuable company information which could be
disclosed only to concerned personnel
Should be handled only by
Its unauthorized disclosure could have adverse impact
Critical limited employees
on operations, stakeholders, business partners and/or
Modification should be
customers
authorized by relevant authority
Leading to legal and financial repercussions and
adverse public opinion
Valuable information which could be disclosed only to
Shared amongst only company
Restricted identified personnel only within the company
employees
While its unauthorized disclosure is against the
Enhance sharing of best
guideline, it is not expected to adversely impact the
practices
company
Information which can be shared freely with personnel It may be freely disseminated
Public outside the company without potential harm
SCENARIO #1:
I have received a Financial Statement from the Head of the Business Unit. Can I share it with my
EXAMPLES
colleagues, or make changes?
Financial Statement would be a Critical document. It should be handled only by

limited employees and you should not share it with anybody, unless specifically
informed by the Head of the Business Unit. Any changes to such a document can only
be made by relevant authority for the identified personnel only
SCENARIO #2:
I have received a SOP, from my superior, which can be adopted as a best practice
withinEXAMPLES
the Business Unit. Can I share it with my colleagues in other Business Units?
Standard Operating Procedure (SOP), is a Restricted document. After taking

permission from relevant authorities, this may be shared within the same Business Unit
or within the Company
TYPES OF CYBER SECURITY
THREATS

MALWARE

CONTENT - MALWARE
Malware
What is Malware?
Statistics 2016
Different Types of Malware
Malware Symptoms
How to prevent it?
The Cure
The Instances
Short for "malicious software, malware refers to software programs designed to damage
or do other unwanted actions on a computer system
Malware is often used against individuals to gain information such as personal

identification numbers or details, bank or credit card numbers, and passwords. Left
unguarded, personal and networked computers can be at considerable risk against these
threats
It can cause havoc on a computer's hard drive by deleting files or directory information.
Spyware can gather data from a user's system without the user knowing it
MALWARE STATISTICS

INFOGRAPHIC DEPICTING REVENUE MODEL OF MALWARE IN 2016
MALWARE INFECTED AREAS:
TYPES OF MALWARE

Virus
Worm
Ransomware
Malware
Rootkit Trojan
VIRUS
A virus is a contagious program or code that attaches itself to another piece of
software, and then reproduces itself when that software is run. Most often this is
spread by sharing software or files between computers
WORM
A program that replicates itself and destroys data and files on the computer. Worms
work to eat the system operating files and data files until the drive is empty
TROJAN
The most dangerous Malware. Trojans are written with the purpose of discovering
your financial information, taking over your computers system resources, and in
larger systems creating a denial-of-service attack
Denial-of-service attack: An attempt to make a machine or network resource
unavailable to those attempting to reach it. Example: AOL, Yahoo or your

business network becoming unavailable
ROOTKIT
This one is likened to the burglar hiding in the attic, waiting to take from you while you
are not home
It is the hardest of all Malware to detect and therefore to remove
Many experts recommend completely wiping your hard drive and reinstalling everything
from scratch
It is designed to permit the other information gathering Malware in to get the identity
information from your computer without you realizing anything is going on
RANSOMWARE
If you see this screen that warns you that you have been locked out of your computer
until you pay up. Your system is severely infected with a form of Malware called
Ransomware
It is not a real notification from law enforcement agency, but, rather an infection of the
system itself
Even if you pay to unlock the system, the system is unlocked, but you are not free of it
locking you out again. The request for money, usually in the hundreds of dollars is
completely fake
SYMPTOMS OF
MALWARE

THE EARLY SIGNS
While these types of malware differ greatly in how they spread and infect computers, they all can produce
similar symptoms. Computers that are infected with malware can exhibit any of the following symptoms:
Increased CPU usage
Slow computer or web browser speeds
Problems connecting to networks
Freezing or crashing
Modified or deleted files
Appearance of strange files, programs, or desktop icons
Programs running, turning off, or reconfiguring themselves (malware will often reconfigure or turn off
antivirus and firewall programs)
Strange computer behaviour
Emails/messages being sent automatically and without users knowledge (a friend receives a strange
email from you that you did not send)
HOW TO PREVENT?

PREVENTION IS BETTER THAN CURE
Purchase and maintain anti-virus software: It is important to only use one anti-virus program, in addition to
performance issues, the programs may conflict causing connection and security problems. Be sure to
keep your security solution up-to-date, out of date security is useless
Keep up-to-date: It is important to download and install all updates for software you are using. Windows
updates should be downloaded and installed when available. These updates often patch security holes.
Installing updates for other applications such as Adobe, Java, and media players should also be installed.
These program updates may also improve the security of these applications
Site Advisor: These programs alert you to the risk level of a website before you enter it. You should also
steer clear of high risk websites such as sites containing pirated software downloads and adult only
material. These sites can contain malicious code
START WITH PREVENTION!
File Sharing Sites: The files shared on these sites can be fraudulent. Often you
believe you are downloading your favourite song when in reality it is malware or a
virus. Installing these programs often opens a tunnel for any type of program to
execute on your PC
Scan: Periodically scan your computer for malware. These programs can detect and
remove even minor malware threats
Beware of e-mail: Dont open e-mail from strangers. You wouldnt let a stranger in your
house so do not let them into your computer. Also beware of unexpected e-mail
attachments that you are not expecting
DONT CATCH THE COLD!
Stay legit: Pirated and cracked software can contain malware and often prohibits the
software from obtaining updates. Pirated software could also contain keyloggers,
spyware, or other malicious code
Think before you click: Even legitimate websites can contain ads or links that will
forward you to higher risk websites. Social networking sites such as MySpace or
Facebook may display messages tempting you to click a link, such as click here for a
picture of your friend. These links often forward you to a bogus website
THE CURE
DO NOT PANIC!
Back Up Your Personal Files
Disconnect From The Internet
Boot In Safe Mode Or With A Live Antivirus Rescue Disk: By booting in Safe Mode, youre able
to prevent any non-core components from running, allowing you to isolate problems easier. To
do this, restart your computer, and press and hold the F8 key while your computer starts up.
The first option, Safe Mode, should be already selected, but if not, you can navigate to it with
your arrow keys. Then press Enter. Once youre in Safe Mode, you can continue the malware-
removal process
Change Your Passwords
Report to your concerned IT/Cybersecurity department
THE INSTANCES
Never trust a random pop up ad
that hasnt been validated by
your existing anti-virus software
Avoid clicking on such
claims as they are
always likely to contain
some form of malware!
This is a hidden Jotform link
SOCIAL ENGINEERING

CONTENT SOCIAL ENGINEERING
What is Social Engineering?
Statistics 2016
Types of Attacks
What not to do!
Scenarios
Conclusion

AN ATTACK ON YOUR PSYCHE!
Social engineering is an attack vector that relies heavily on human interaction and often
involves tricking people into breaking normal security procedures
STATISTICS 2016

TYPES OF ATTACKS
Types of Attacks
PRETEXTING
BAITING
Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash
drive in a place it is sure to be found
The finder then picks up the device and loads it onto his or her computer, unintentionally
installing the malware
PHISHING
Phishing is when a malicious party sends a fraudulent email disguised as a
legitimate email, often purporting to be from a trusted source
The message is meant to trick the recipient into sharing personal or
financial information or clicking on a link that installs malware
PRETEXTING
Pretexting is when one party lies to another to gain access to privileged data
For example, a pretexting scam could involve an attacker who pretends to need
personal or financial data in order to confirm the identity of the recipient
SCAREWARE
Scareware involves tricking the victim into thinking his computer is infected with
malware or has inadvertently downloaded illegal content
The attacker then offers the victim a solution that will fix the bogus problem; in reality,
the victim is simply tricked into downloading and installing the attacker's malware
SCENARIOS
SCENARIO #1:
THE PENTESTER DECIDED TO PHISH FOR AN UNLISTED EMAIL ADDRESS OF A CFO IN THE AT-RISK COMPANY.
HE STARTS BY CALLING THE CFOs ADMINISTRATIVE ASSISTANT:
Assistant: Locks International, this is Asha, how can I help you?
Phisher: Hi Asha, this is Amit, Im a new hire down in Budgets trying to update some contact lists. Do you
have Mr. Rahul Marolias email address for our records?
Assistant: I do, but thats not often given out, you can just use my address for most things it is
Asha@LI.com
Phisher: I know that, but Im being put through the ringer down here and I was supposed to have this on
my managers desk an hour ago and now he keeps checking up on me and I just started this job and Ive
Assistant: All right, I understand, you can calm down. The email address is CFO@LI.com
This scenario may seem far-fetched in written form, but change a few names and it quickly becomes real
life
SCENARIO #2:
THE PENTESTER WANTS TO ENTER THE BUILDING WITHOUT PROPER ACCESS RIGHTS. AFTER DAYS
OF STANDING OUTSIDE A SECURE ENTRANCE TO ACME, LOOKING ANXIOUS, THE PENTESTER FEELS
THE TIME IS RIGHT. HE RECOGNIZES A MAN WHO OFTEN COMES THROUGH THIS ENTRANCE AND
APPROACHES HIM:
Pentester: Its been a hell of a week huh?
Man: Yea, I guess it has.
Pentester: I left my ID in my car, and my cars in the shop I guess you really SHOULD get an oil
change every 3000 kms.
Man: Ha! Yea, I guess you should.
As the man walks inside, he holds the door open for the pentester.
The man might have been suspicious of the pentester at first, but hes seen him around, and he
shared a bit of his personal life. He even made a joke. That connection stirred some compassion and
let him in the door
SCENARIO #3:
When was the last time someone said something like, Yea! It was like in that one cricket match, India vs Eng, oh, what was
that cricketers name? He scored 300, just like Sehwag? or something along those lines and you blurt out Karun Nair! to
much celebration and mild envy from a friend whos clearly deficient in knowing great actors from awesome movies.
People like to be smart. Theres no shame in it. Thats why trivia games exist, people watch Jeopardy and most of us have
filled in at least one Sudoku book in our lives. We especially like being smart when we can get recognized for it.
Now, think about when someone calls saying Im trying to call, whatsername, in accounting who stays at Thane and you
suddenly share the name of a person in accounting. That might earn celebration from the engineer on the other end of the
phone, but your impulses just gave something away.
For one week, write down every urge you have to blurt out information someones seeking or struggling to remember. Youre
not likely to actually write these down, but every time it happens, itll make you think for a second. Try it its creepy how
often it comes up.
PAY CLOSER ATTENTION
When youre in any situation good or bad step back and look at it objectively. Notice what
information is moving, what favors are being done, why its important, what the implications are if the
information moves or if the favor is granted and what the best and worst outcomes of the situation are.
If you really look at situations, many can start to seem a little fishy:
Why is this guy in Budget making a contact list?
How come the guy outside the building hasnt gone to the auto shop to get his ID when he needs it
every day?
Why cant he remember her name when everyone knows her?
Those questions could have been pivotal, if the people in the scenarios above had taken a step back.
Social engineering attacks are dangerous. Not because we need to remember harder passwords or
remember our IDs at work, but because they dont require a change in knowledge. Changes in
knowledge are actually easy to adapt to. There are tricks to remembering things.
Stopping these attacks requires a change in behavior and there arent any tricks to make that easy.
Changes in behavior require changes in mindsets and paying closer attention.
PHISHING

CONTENT PHISHING
What is Phishing?
How does it work?
Phishing Link Detection
Types of Phishing
Current Trends
How to avoid getting caught?
What to do when Fraud happens to me?
WHAT IS PHISHING?
The act of sending an email to a user falsely claiming to be an established, legitimate

enterprise, in an attempt to scam the user into surrendering private information that will
be used for identity theft
Targeted attacks through phishing especially in large corporates is real and
growing at an alarming rate.
These are some of the statistics of 2016:
85 percent of organizations have suffered phishing attacks!
UNIQUE PHISHING SITES DETECTED OCTOBER 2015 MARCH 2016
250% surge in phishing detected in Q1 2016!
NUMBER OF PHISHING EMAILS OPENED & CLOSED IN FIRST 24 HOURS
30% of phishing emails get opened!

That is the kind of open rate that marketers would kill for!
HOW DOES IT WORK?
Attackers use different methods of deception as phishing strategies
They will create fake messages and websites, that imitate the original ones and try to lure you
into handing over your personal information
They will either ask you to reply to them, follow a link included in the message or download an
attachment
In order to make phishing look genuine, attackers include photos and information from the
original website
They may even redirect you to the companys website and collect the data through a false
pop-up window. Or it can happen the other way around: they first request your personal data,
then redirect you to the real website
Other times, they tell you that you have been targeted by a scam and that you urgently need to
update your information in order to keep your account safe
DETECTING PHISHING LINKS
Criminally fraudulent process of attempting to acquire sensitive information

(usernames, passwords, credit card details) by masquerading as a trustworthy entity
in an electronic communication
Commonly used means:

Social web sites
Auction sites
Online payment processors
IT administrators
TYPES OF PHISHING

SPEAR PHISHING
Spear phishing is an email directed at specific individuals or companies. It is highly effective and very
well planned
The attackers will take their time and gather all the available information about their target before the
attack: personal history, interests, activities, details about colleagues and any other details they can
find. These are used in order to create a highly personalized and believable email
Its a technique that works because the phishing email appears to be from someone you know and
requires urgent action
Spear phishing requires higher efforts, but its success rates are also higher. Its currently the most
successful phishing technique, accounting for 95% of the attacks
And all this just by gathering publicly available information that we freely share on our social media
accounts and blogs
EXAMPLE
WHALE PHISHING
Whale phishing is the term used for attacks directed at high profile targets within
companies, such as upper management or senior executives
These are tailored to appear as critical business email, sent from a legitimate
business authority, that concern the whole company
Here are a few examples: legal subpoenas, managerial issues, consumer complaints
Needless to say that return on investment for attackers is very high in this case. And,
contrary to what youd think, these types of targets are not always as security savvy or
protected as they should be
EXAMPLE
CLONE PHISHING
Clone phishing uses legitimate, previously delivered emails
The cyber attackers will use original emails to create a cloned or almost identical
version
Clone phishing emails may claim to be a resend of the original or an updated version
of it
Only this time, the attachment or link is replaced with a malicious version. It appears
to come from the original sender and uses a fake reply-to address
This phishing strategy works because it exploits the trust created from the original mail
EXAMPLE
CURRENT PHISHING TRENDS
CURRENT TRENDS
Cloud Phishing: IT attacks also had a boost in the past year, because of the increasing usage of
cloud storage technology. This is usually distributed via email or social media, as a message sent by
compromised friends accounts or on behalf of a cloud service provider. The stolen information can be
used for extortion, sold to third parties or used in targeted attacks
Government Phishing: Be vigilant when it comes to communications that claim to be from law
enforcement agencies, such as the IRS, FBI or any other entity. The most fraudulent attempts in the
past years were created to mimic IRS communication, in an attempt to steal your financial information
Social Media Phishing: Phishers create websites that look identical to Facebook or LinkedIn or any
other social media websites, using similar URLs and emails, in an attempt to steal login information.
The attackers can then use this to access your account and send messages to friends, to further
spread the illegitimate sites
HOW TO AVOID THE BAIT!
HOW TO AVOID GETTING CAUGHT IN THE PHISH NET?
Clue #1: Sender details

First thing to check: the senders email
address
Look at the email header. Does the
senders email address match the name
and the domain?
Spoofing the display name of an email, in
order to appear to be from a brand, is one
of the most basic phishing tactics
Clue #2: Message Content

They ask you to send them or verify
personal information via email. They are
likely to play on your emotions or
urgency
As a general rule, be suspicious of any
mail that has urgent requests (e.g.
respond in two days otherwise you will
lose this deal), exciting or upsetting
news, offers, gift deals or coupons
(especially around major holidays or
events, such as Diwali or New Year)
Clue #3: They claim there was some sort

of problem with your recent purchase or
delivery and ask you to resend personal
information or just click on a link to resolve
it
Banks or legitimate e-Commerce
representatives will never ask you to do
that, as its not a secure method to transmit
such information
Clue #4: Look out for attachments
They can attach other types of files, such as PDF or DOC, that contain links. Or they
can hide malware. Other times, they can cause your browser to crash while installing
malware
Clue #5: External links / websites
Lets assume that you already clicked on a link from a suspicious email. Is the domain
correct? Dont forget that the link may look identical, but use a variation in spelling or
domain
FOLLOW THESE RULES
First rule: Beware of bogus or misleading links
Hover your mouse over the links in the email message in order to check them BEFORE clicking on them
The URLs may look valid at a first glance, but use a variation in spelling or a different domain ( .net
instead of .com, for example)
Second rule: Look out for IP address links or URL shortners
They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended
destination
Third rule: Beware of typos or spelling mistakes
Fourth rule: Beware of amateurish looking designs
This means: images that dont match the background or look formatted to fit the style of the email. Photos
or logos uploaded at low resolution or bad quality
Fifth rule: Beware of missing signatures
Lack of details about the sender or how to contact the company points into phishing direction. A legitimate
company will always provide such information
WHAT TO DO IF YOU THINK YOU WERE PHISHED?
If you have a hunch that something is wrong, immediately contact your bank or credit
card institution and close the accounts you believe may have been compromised
Change the passwords used for those accounts and then also change the passwords
used for the emails linked to them
Report to the concerned cybersecurity personnel or the IT department if you think your
PC has been breached
Conclusion:
One last advice: always trust your instinct. It may not be the most scientific approach,
but, ultimately, you should just listen to what your intuition tells you. If something feels
wrong, even if you cannot specifically explain why, or if its too good to be true, its better
to stay away from it
WHOM TO CONTACT IN CASE OF A VIOLATION??
Users are encouraged to consult the following people - the Cyber Security Champions
whenever they need clarifications about the guidelines or about how to act in a particular situation:
a. Divisional Personnel Head (DPH)

b.Location Human Resource Head (LHRH) for upcountry factories Branch
c. Commercial Manager (BCM) for the branches
d. Manager Information Security (Vikhroli)
e. Manager Information Security or on email id infosec@godrej.com
Now that you have understood the module, lets go through a
short quiz to gauge your understanding.
Please click on the Exit Module tab on the top right hand side.
Post that click on the Main Menu tab to return to the home
screen and take the quiz.

Cyber Security Awareness Training PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security Awareness Training PDF

Uploaded by

Copyright:

Available Formats

Copyright@2017 by Godrej & Boyce Mfg. Co. Ltd.

All rights reserved

1 I Godrej I Title of presentation I Date

Initiatives Taken by the Organization

The G&B Guidelines

Cyber security Champions

Types of Cyber Security Threats:

3 I Godrej I Title of presentation I Date

7 I Godrej I Title of presentation I Date

DUE TO THESE RECENT CYBER ATTACKS, IT BECOMES OUR RESPONSIBILITY TO BE MORE

Embedding cyber vigilance within our company culture

Proactive prevention Comprehensive training

Effective detection Structured network

Optimized reporting Increased engagement

9 I Godrej I Title of presentation I Date

Acceptable usage of IT assets guidelines Information Asset classification and protection

Electronic Mail (E-mail) and instant messaging

Use of Office Equipment

Internet User Code of Conduct

Acceptable Usage of Social Media

Mobile Device Management Guidelines

Acceptable usage of IT assets guidelines Information Asset classification and protection

Electronic Mail (E-mail) and instant messaging

Use of Office Equipment

Internet User Code of Conduct

Acceptable Usage of Social Media

Mobile Device Management Guidelines

Downloading inappropriate material for personal use is strictly prohibited

Users are prohibited from tampering with Companys security systems

Do not reveal password in an E-mail message, telephones, on At least 8 Uppercase

Change passwords at regular intervals & avoid recycling of old passwords

E-mail should be used primarily for business purposes

Users shall not send unsolicited bulk mail messages

Forwarding of company email to personal email id is not permitted

The first line of defense for every organization is YOU!

Users shall not reveal sensitive information over the telephone

Making additional copies of or printing of extra copies of confidential

Employees are responsible for data backup at reasonable intervals

Never click on embedded links in emails from unknown senders

Never download email attachment from unknown senders

Dont forget to verify the website URL

Avoid being greedy on the web

Acceptable usage of IT assets guidelines Information Asset classification and protection

Electronic Mail (E-mail) and instant messaging

Use of Office Equipment

Internet User Code of Conduct

Acceptable Usage of Social Media

Mobile Device Management Guidelines

Information Institutionalized information in soft

Information Institutionalized information in soft

Software Software which is used to support / facilitate the companys business

Information Institutionalized information in soft

Software Software which is used to support / facilitate the companys business

Switches Firewalls Desktops Fax Machines

Physical Physical devices which are required to support

Information Institutionalized information in soft

Software Software which is used to support / facilitate the companys business

Switches Firewalls Desktops Fax Machines

Physical Physical devices which are required to support

Paper Institutionalized information in physical hard copy

Information Institutionalized information in soft

Software Software which is used to support / facilitate the companys business

Switches Firewalls Desktops Fax Machines