Security Basics mailing list archives
RE: Security Training for Company's Employee
From: "Burton Strauss" <Burton () FelisCatus org>
Date: Tue, 20 Sep 2005 17:59:20 -0500
I'd echo the earlier comments... DO NOT TRY TO DO TOO MUCH. At best, you have an hour? Which translated at best to 20 minutes of real attention - from a non-computer audience. So use NO computer terms. The best thing you can teach in a short period is TRUST NOBODY. Phone numbers, web addresses, etc. - anything that YOU DO NOT INITIATE to a trusted source should - politely - be refused. How DO you know that phone call came from XYZ Credit card company? Because they said so? Caller ID? That can be faked? The ONLY safe way is to ask for their department and/or extension, and hang up. Then call the phone # embossed on the back of your credit card and ask to be transferred to that department/person. How DO you KNOW that phone call really came from Tech Support when they ask you for your password? Because they said that's who they are? Because the know a bit about the company's computer systems? No way - you can't know. So don't give information out. Ask for the person's name and call the published number for the help line and ask to be transferred to them. Same goes for Web addresses. Is www.xyzonline.com the same as www.xyzbank.com? How do you KNOW? Same goes for files in email. Unless you are expecting it, DO NOT OPEN IT. If you are the SLIGHTEST BIT unsure, call the person who sent you the file and ASK. Remember: The only SAFE contact is one that YOU initiate to a well known / published address or phone number. If they tell you that there's no way for you to contact them? If that's what they think of security, then you really don't want to give that company your business do you? -----Burton
Current thread:
- Security Training for Company's Employee Syn Ack (Sep 19)
- Re: Security Training for Company's Employee Saqib Ali (Sep 20)
- Re: Security Training for Company's Employee Stacey Blanc (Sep 26)
- Re: Security Training for Company's Employee Henrik Becker (Sep 20)
- Re: Security Training for Company's Employee Saqib Ali (Sep 26)
- RE: Security Training for Company's Employee Boubacar Fadiga (Sep 26)
- RE: Security Training for Company's Employee Kenton Smith (Sep 26)
- <Possible follow-ups>
- Re: Security Training for Company's Employee sf_mail_sbm (Sep 20)
- RE: Security Training for Company's Employee Burton Strauss (Sep 22)
- Re: Security Training for Company's Employee sburns (Sep 22)
- Re: Security Training for Company's Employee Topi Ylinen (Sep 22)
- Re: Security Training for Company's Employee Saqib Ali (Sep 20)