Let's Get Physical
Before sending an email containing customer information, what should be typed into the subject line?
Secure
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Phishing
Maintaining a neat work environment during business hours, clearing non-essential documents or documents containing customer information from area as soon as practical. Documents containing customer and bank proprietary information should be secured in locked drawers, cabinets, or offices.
Clean Desk Policy
If using a windows-based PC, you can do this to quickly lock your computer before stepping away.
Windows+L
Monitors user activity on the internet and transmits that information in the background to someone else.
Spyware
A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.
Insider Threat
Watching (either in person or using a recording device) what you do on your computer by looking at a reflection of or the actual screen of your computer or mobile device.
Shoulder surfing
A targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.
Spear Phishing
Policy that defines the appropriate use of Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts, electronic mail, and internet browsing.
Acceptable Use Policy
Eight to twelve characters, upper- and lower-case letters, numbers as well as alphabetical characters, easy to remember but hard to guess, never shared with anyone, and never written down and left near your computer.
Secure Password Guidelines
A type of malware that holds victims’ computer files hostage by locking access to them or encrypting them. It then demands a ransom if the victim wants his or her files back.
Ransomware
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
Firewall
Most common delivery method of computer viruses and malware
This is the creation of a false narrative to obtain information or influence behavior. Could be a phone call, text message, email, etc. designed to steal the victims’ personal information.
Pretexting
This document establishes the need for minimum standards for password creation and management used by all employees. This document also outlines enforcement for password policy violations.
Password Policy
This kind of software helps to prevent safety threats to your computer like viruses, malware and pop-ups.
Anti-Virus Software
A set of instructions or programs that tell a computer what to do or how to perform a task.
Software
Accept, avoid, transfer and reduce
Risk mitigation strategies
The use of personality, knowledge of human nature and social skills to steal passwords, banking information or other credentials to gain access to systems. Example: A phone call stating, "This is Microsoft and we have detected a virus on your computer." Offering assistance by remotely accessing your computer.
Social Engineering
Report it using Phish Alert button, or contact the IT Department, delete the email, do not click on attachments or links
Steps to follow after receiving a phishing email
Information security standard for organizations that handle branded credit cards from the major card schemes.
The Payment Card Industry (PCI) Data Security Standard
A secure website will always have what letters at the beginning?
HTTPS
Software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Adware
Carried with you and when not properly password protected can result in a cyber security breach.
Mobile devices such as laptops, cell phones, tablets
Any combination of your name, your home address or phone number, credit card or account numbers or social security number.
Personally Identifiable Information (PII)
Type of phishing that directly contacts the target by calling on the phone and mimics known entities to steal sensitive data/funds.
Vishing
This policy defines the actions and processes our bank will take to ensure the security and confidentiality of customer and consumer information. Protect against any anticipated threats or hazards to the security or integrity of the information, unauthorized access to or use of customer or consumer information that could result in substantial harm or inconvenience
Information Security Policy
What is the average length of time for a company to discover a cyber security breach?
206 days
Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
Malware
The term used to describe a computer programmer who tries to gain unauthorized access into a network or computer systems with malicious intent.
Hacker