CareerSource Suncoast

Security Awareness Training

How to identify key security challenges and the
solutions and best practices to address them.

Lets begin with some

examples of how personal
information can be
compromised

Imagine your worst nightmare. You send a customers

social security number to someone outside of CSS.
Sensitive client information may be stolen.

You get a call from someone claiming to be from the IT Department

requesting your username and password.

Your personal information or sensitive CSS

information may be stolen from the network.

You leave a laptop , flash drive, a phone or paperwork unattended.

You or CSS could face civil

or criminal penalties and fines.

You leave sensitive information on your desk or fax machine.

You or this organizations reputation could be damaged.

Never leave
fax machines
unattended

Do not discuss work

related business
outside the office

Make sure phone

conversations are
not over heard
Never leave copy
machine
unattended

Dispose of
documents
properly

The Goal of this Course

Heighten your awareness of security, safety,
privacy and legality.
Realize that it takes more than just installing antivirus
software to protect your identity and customer information.
To build and maintain a security conscious organization,
we must make security-minded decisions every day.

Course Objectives
By the end of this course you should be able to:
Explain the importance of security for yourself,
our workplace and the people we serve.
Be aware of the benefits of safely using the
internet, email, mobile devices and equipment.
Be familiar with how to protect yourself and
customer data from identity theft in the
workplace.
Recognize when to report security incidents.
Be able to locate policies and procedures to get
more information.

This Information Security Awareness Course

Will Focus on the Following Topics:
Protecting Customer Information
Complex Passwords
Viruses Protection
Security Threats
Incident Reporting
Physical Security
Virus Protection
Internet use at the Workplace
Mobile Devices

Client Information
Casual viewing of employee or customer data, even data
that is not confidential or otherwise exempt from disclosure
as a public record, constitutes misuse of access and is not
acceptable (i.e., viewing a family or friends case file that is
not assigned to you)

Protecting Sensitive Information

This information can be stored on paper, hard drives, CDs, flash
drives and memory cards. Sensitive information such as social
security numbers, medical data, drivers license and financial
information are covered by a variety of privacy rules and
regulations.

If you have access sensitive information, you should:

Move your monitor to keep others from viewing
sensitive data or use a privacy screen.
Always use complex passwords. Keep them secret.
Change them often. Dont write them down.
When leaving the office, always lock your workstation
or log off of your computer.

To protect your customers personal information

and CSS from civil liability

Never leave documents unattended on a fax machine

Do not discuss work related information outside of the office
Never leave the copy machine unattended while you are using it
Make sure your phone conversations are not overheard
Dispose of documents properly
Notify your Supervisor and IT Department immediately if a
problem arises

Remember, to protect your customers personal

information and CSS from civil liability
Always keep your mobile devices with you or locked in a safe
place when you are out of the office.
Never loan your office electronics or give anyone your
passwords
Taking money or anything of value for your devices or any
confidential information is a criminal offense

Safely Sending Information

Federal and State requirements mandate that we take
certain steps when sending sensitive information.
To safely send client information:
1. Call the person on the phone.
2. Hand deliver information to the person, in an envelope
marked confidential.
3. Email by password protecting a PDF or Microsoft Word
document and sending the password in a separate email.
4. Scan to a staff members Scanned Documents folder.

Confidentiality and Disclosure of Data Laws

Unemployment information is confidential per Florida Statutes 443.171(5)
and 443.1715.
Any violation is a misdemeanor of the second degree.
If found guilty, penalties may include disciplinary action, termination, fine
of up to $500 or a term of imprisonment not to exceed 60 days or
combination of all of the above.
Social Security Administration (SSA) and the National Directory of
New Hire (NDNH) information is confidential and is protected from
unauthorized use or disclosure under the Social Security Act, the Privacy
Act of 1974, the Computer Matching and Privacy Protection Act, and the
Internal Revenue Code.
Any violation is a felony.
If convicted, penalties may include fines not to exceed $10,000 for each
occurrence of a violation, or imprisonment not to exceed 5 years, or
both. In addition, any person convicted shall be subject to immediate

Use Complex Passwords

There are things that you can do in order to safeguard
information against unauthorized computer access.
One of these is using complex passwords.
Guessing passwords is one of the easiest methods of gaining
unauthorized access to computer systems and files.
Passwords are one element that stands between a cyber
criminal and sensitive data, so you should use a complex
password to protect you and CSS information.
Never give out your username or password to anyone!

iLiveGr8!

A complex password such as iLiveGr8! typed as lower case i,

upper case L, lower case i, v, and e, upper case G, lower case r, the
number eight, and an exclamation point - is fairly easy for you to
remember, and yet it is more than 8 characters long and includes
upper and lower case letters, numbers, and symbols. If you think
your password has been compromised, you should change it
immediately and notify your IT department.
You should never write down your password
put the note where people can see it.

Virus Protection
Your IT staff is responsible for making sure antivirus
software is loaded on each computer device in your office,
however :
By identifying and responding appropriately to potential
computer problems, you can protect yourself and your
organization against unauthorized access to information.

Spamming
Spam, is also known as unsolicited bulk e-mail messages or any email
messages irrespective of content that is unwanted or unrequested by the
recipient. Spam messages are mostly commercial advertising, although
chain letters, political mailings and other forms of non-commercial mailings
are often included under the same categorization. A large portion of spam
has also been found to be comprised of ads for products of dubious quality
and services of questionable legality.
There are two types of spam: intentional and unintentional.
Intentional spam comes from spammers who are soliciting products or
attempting to commit fraud.
Unintentional spam originates from computers that are infected with a
virus or worm that activates e-mail distribution processes in the background.
The virus or worm attempts to send bulk messages from the infected
computer without the awareness of the computer owner.

Phishing
Phishing is a special type of spam that is intended to trick you into entering
your personal or account information for the purpose of breaching your
account and committing identity theft or fraud.
Typically, a false e-mail message is delivered to you. The e-mail appears
to come from a legitimate source, for example eBay, your bank,
government departments etc. The message may contain a legitimate
corporation's logo, and appear to be sent from the corporation's e-mail
address. The message may ask you to click a link in the message to
update your account, or run a software program to upgrade your computer.
Although the message looks legitimate, it is really trying to compel you to
submit your personal and confidential information, which will be used to
steal your credentials. Normally you are asked to enter information such as
your name, date of birth, place of birth, social security number, mother's
maiden name, bank account number, and bank account PIN. Web sites
that are frequently spoofed by phishers include PayPal, eBay, MSN,
Yahoo, BestBuy, and America Online.

Spoofing
Spoofing is the forgery of an e-mail header so that the message appears to have
originated from someone or somewhere other than the actual source. Spoofing is
often used by spammers and can be accomplished by changing your "FROM" email address.
E-mail spoofing may occur in different forms, but all have a similar result: a user
receives email that appears to have originated from one source when it actually
was sent from another source. E-mail spoofing is often an attempt to trick the
user into making a damaging statement or releasing sensitive information, such
as a password. E-mail spammers often use spoofing in an attempt to get
recipients to open, and possibly even respond to, their solicitations.
To send spoofed e-mail, senders insert commands in headers that will alter
message information. It is possible to send a message that appears to be from
anyone, anywhere, saying whatever the sender wants it to say. Thus, someone
could send spoofed e-mail that appears to be from you with a message that you
didn't write.
Spam and phishing emails typically use such spoofing to mislead the recipient
about the origin of the message.

How to Avoid Security Threats

Do not follow unsolicited links and do not open or

respond to unsolicited email messages.
Use caution when visiting websites
Use caution when entering personal information online.
Think before you click! Delete all suspicious emails.
Contact your IT Department

Incident Reporting

Computer systems are subject to a wide range of mishaps from

corrupted data files to viruses to natural disasters. The primary
benefits of security incident reporting are containing and
repairing damage and preventing future violations. Examples
include, but are not limited to:
lost or stolen laptops
lost or stolen company cell phones
breach of data, or
suspected fraud
Any incidents should be reported to your supervisor
immediately!

Physical Security
Being aware of your personal safety and surroundings is also
important in safeguarding CSS information and resources
Never let unescorted visitors follow you into a secured office. If the visitor is
uncooperative or threatening, initiate your security protocols. Make sure you
are up to date with CSS protocols in case of a threatening situation. Do not get
into a confrontation.
Do not prop open doors that should be locked.
To reduce the risk of loss and/or prevent identity theft, you should secure
valuables, such as purses and briefcases, in locked drawers or cabinets when
you are not in your office.
When in doubt about your safety or the security of information, ask for help.

Internet Use at the Workplace

Use Common Sense
Always use caution when communicating personal information
via the internet or email. Remember all email is considered
public record unless specifically exempted by law.
Know the CSS policy on use of computers for personal email,
Internet access and use of social media.
Use common sense and good judgment.

Mobile Devices Wireless Technology

The rapid advance of wireless

technology poses new vulnerabilities to
our networks and systems. You have a
responsibility to safeguard any mobile
device such as a laptop, Tablets, or cell
phones. This also includes devices
connected to your computer such as an
external portable hard drive, USB flash
drive, CD, or media storage card. The
very nature of these devices being
portable makes them easy targets for
theft and misuse.

Security Situations That Are Specific To Mobile Devices

Understand the need for safety when using mobile devices.

Familiarize yourself with recommended security procedures
Learn how to report loss or theft.

Safety Measures for Devices

If you use a wireless connection to access the Internet or network
resources, be aware of the safety measures necessary to protect
the data and the integrity
Use caution when leaving equipment or software in your car
Confirm with the IT Department that anti virus software has been
installed on your devices
Update your operating system regularly
Be aware of people around you who might be able to see your
screen.
No customer personal information is to be on a mobile device

Personal Safety
Physical Security and Safety
Keep all personal belongings in a secure place
Always park in designated areas
Be aware of your surroundings when entering and exiting buildings
Report all threatening phone calls to your supervisor
Report any suspicious incident(s) to your supervisor
Safety Tips
Post a list of emergency telephone numbers by your telephone
Pay attention to unexpected changes in your environment
If it is valuable to you - LOCK IT UP!
Lock your car with valuables hidden or locked in the trunk
Park in well lighted areas, if you are out at night
Get someone to walk you to your car at night

Use Common Sense

Use common sense and know your agencies protocols in
order to protect your clients confidential information and
your company from civil liability.
Be Familiar with all CSS Policies and Procedures.
Refer to these Policies and Procedures:
Employee Handbook Communications / E-mail / Internet / Intellectual
property polices
Employee Handbook Public Communications section
Employee Handbook Code of Ethics
Employee Handbook Employee Safety and Security
CSS PP 02-03-R6 - Customer Records Confidentiality with Attachment
CSS PP 01-13-R3 Florida Sunshine Requirements
Information Technology Polices and Procedures

This concludes the Security Awareness Training

Course
You will now be given a Quiz on what you have learned
You must get 100% correct to Pass
You may review the course as often as needed to pass!

careersourcesuncoast.com