Elektronická bezpečnost z pohledu bezpečnostního analytika IT Kraje Vysočina

[Audio] Good morning, We would like to welcome you to today's cybersecurity training. This session is designed for all employees who have access to our corporate network and mobile devices. Our goal today is to raise your awareness of the risks and threats that we face in the digital world and to show how we can work together to protect both our personal and company data. We live in an era of technology where the everyday use of the internet and digital tools brings us convenience and efficiency, but it also introduces new cybersecurity challenges and risks. That's why it's essential for each of us to understand the basic principles of information security. By doing so, we can ensure that our data and our company remain secure. Thank you all for being here and for your attention. Let's get started..

[Audio] · Today, we will explore why cybersecurity is critical for both us as individuals and our business. Our focus will be on the various forms of cyber attacks that threaten our digital environment, with a detailed examination of one of the most dangerous types—ransomware. We'll discuss how such attacks can impact our business and the strategies we can implement to defend against them. · Next, we'll address document security, emphasizing the importance of properly classifying information and documents. Understanding which data requires more protection and why it is crucial to maintaining security. · We'll also cover the Information Security Management System (ISMS) and TISAX certification. These standards and certifications enable us to adopt a systematic approach to security, increase the trust of our clients and partners, and unlock new opportunities. · Finally, we'll review the basic rules of secure IT practices that every employee should follow. Adhering to these rules is essential for maintaining the security of our information systems and protecting us from potential threats, as the security of our company relies on each individual..

[Audio] In today's connected world, cyber threats and attacks are becoming increasingly sophisticated and can have devastating consequences for individuals and organizations. Let me introduce you to some of the most common ways attackers can compromise our digital security: 1. Ransomware One of the most common methods of attack today is ransomware. This type of malware encrypts your data, making it inaccessible without the decryption key held by the attacker. As a result, your computer or even the entire corporate network can become unusable. Victims typically see a ransom note demanding payment in exchange for the decryption key. We will take a look at an example of this note later. 2. Fraudulent Emails Attacks are often initiated through fraudulent emails. In these instances, the sender impersonates a legitimate person to trick the recipient into clicking on a malicious link, opening an infected attachment, or providing personal or login information. These emails can carry ransomware or other types of malware. Our company receives approximately 1,000 of these fraudulent emails each day. 3. Phishing A specific type of fraudulent email attack is phishing. In phishing schemes, attackers pose as trustworthy individuals or companies, aiming to obtain sensitive information such as login credentials, phone numbers, or bank details. Phishing can occur via emails, online messages, or social media advertisements. The primary goal is to gain access to the victim's accounts. We will look at examples of phishing later in the presentation. 4. DDoS Attacks Another type of attack is the Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attacker attempts to disrupt access to a services such as websites, email, or internet connection by overwhelming the network with traffic from multiple sources. Although these attacks are typically closely targeted and less likely to affect individuals directly, it's important to be aware of them. Understanding these threats is important for protecting ourselves and our business. Let's take a closer at various examples and ways how we can defend against these attacks. Ransomeware ---------------------------------------- Mezi nejčastější dnes patří tzv. Ransomware. Co tento vir dělá už vypovídá jeho název. Vydírá. Tento vir zašifruje vaše data a bez klíče, který drží útočník se k nim nedostanete. To znamená v lepší případě váš počítač v horším případě celá firemní síť se stane nepoužitelnou. Následně po zamknutí vašich dat se z pravidla zobrazí obrazovka s informacemi jak data zpět odemknout. Útočníci zpravidla vyžadují platbu, po které zašlou klíč pro dešifrování. 2. Podvodné emaily ------------------------------ Dále časté útoky se provádí pomocí podvodných emailů. Odesilatel se vydává za legitimní osobu s cílem příjemce oklamat ke kliknutí na odkaz v emailu, otevření přílohy, zadání přihlašovacích údajů … Tyto podvodné emaily mohou být nositelé právě pro viry jako Ransomware. Těchto podvodných emailů naše společnost obdrží CCA 1000 za den. 3. Phishing ------------------------------------- Jedna z verzí těch podvodů je tzv Phishing. Kdy se útočník cíleně vydává za vámi důvěryhodnou osobu nebo společnost. Toto mohou být podvodné emaily, zprávy na internetu, reklamy na sociálních sítích ,… Cíl je znovu aby útočník získal vaše citlivé informace jako přihlašovací údaje, telefonní čísla, rodné číslo, bankovní údaje, …. Primárně se tento útok využívá pro získání přístupu k účtům napadené osoby. Příklady tohoto si ukážeme později. 4. DDoS --------------------------------------------------- Další možnost útoku je tzv. DDoS útok Kdy se útočník snažím vám zabránit v přístupu k různým službám, ať už jsou to webové stránky, emailová schránka nebo přístupu k internetu, … Většinou se tyto útoky provádí přetížením sítě za pomocí tisíců počítačů. Tento typ útoku vás jako uživatele ovlivní převážně nedostupností například webů ale ve většině případů jde o tak úzce mířený útok, že je velice malá šance, že nás zasáhne..

[Audio] In front of you, you see an example of a screen that might appear on a computer infected with ransomware. In this scenario, the attacker has encrypted your data and is demanding a ransom for its release, specifying payment in Bitcoin. A key element of this screen is the sense of urgency it creates. The warning that you only have a limited time to pay—in this example it is 5 days—is a psychological tactic designed to pressure you into acting in quickly without proper consultation with IT department or security experts. This situation highlights the importance of vigilance and knowing how to respond to potential threats. You should never respond to such demands by making an immediate payment. Instead, it is crucial to contact our IT department immediately..

[Audio] Now I would like to show you how easy it is to fall victim to a ransomware attack. Imagine a normal working day when you receive an email with an attachment. It might look legitimate, appearing to be from a colleague or even your supervisor. You decide to open the attachment, confirm the changes, and allow the content. At this very moment, you have become a victim of a Ransomware. In the "better" case, your computer becomes inoperable, and you lose access to your personal or work data. In a worse case, everything you had access to - shared drives, applications and systems are now also encrypted and inoperable. To limit such risks, access rights are assigned strictly on a need-to-know basis. Even our administrators do not have unlimited rights, minimizing the potential damage malware could inflict. If a ransomeware attack like this happens on an administrator Account with unlimited privileges, we can close down the company for a couple of weeks, because nothing would be functional at that point. For this reason, our critical infrastructure is backed up once a day. This means that in a worst-case scenario, if we were successfully attacked by ransomware, we would lose a maximum of one day's worth of data. This is a crucial security measure that allows us to recover our systems with minimal loss. This situation underscores the importance of being constantly vigilant and adhering to security procedures. Always be cautious about what you open or download, and if you have any doubts, contact our IT department for assistance or a second opinion..

[Audio] In this graph, we have visualized the most common causes that lead to ransomware attacks: · As you can see, phishing emails are the primary cause. These emails are designed to appear trustworthy and convince you to open a malicious attachment or click on a link that can install ransomware on your system. We will discuss phishing emails and the techniques used in them in more detail in the following slides. · The next major factor is user behavior, specifically visiting questionable websites or downloading content such as movies or apps from unofficial sources. These activities can unknowingly introduce malware to your devices. · The third factor is the lack of user training and poor cybersecurity knowledge. This underscores the importance of regular education and training for employees so they are always aware of the latest threats and know how to defend against them. · Last but not least, the use of simple passwords and inadequate access management are significant factors. Strong, unique passwords and two-factor authentication are key to protecting against unauthorized access. Additionally, it is crucial to grant access rights only to those who need them for their work..

[Audio] On this slide, we have a real example of a phishing email that was sent to some of our employees. It highlights how to spot a potentially dangerous email and avoid becoming a victim of a scam. · The first signal to look out for is the sender's address. Even if the email appears to be from a known or trusted person, in this case the owner of our company, it's crucial to check the actual email address. In this case, the address does not match our standard company domain (@mergon.com), which is a clear indicator that the email is not legitimate. · Note the absence of a standardized signature. All of our corporate emails should include a signature with the company logo, which is missing here. · Additionally, the content often includes phrases that create a sense of urgency, urging immediate action. This tactic is designed to make you act quickly without sufficient thought and verification. Be wary of requests for information that the sender should already have, such as staff telephone numbers. · Grammar mistakes and unusual phrasing are often signs of phishing emails. These emails are frequently generated by non-native speakers or use automatic translators, leading to errors and unusual expressions. · Before opening the email, you might see a warning in a yellow box indicating that the email does not come from Mergon. These warnings appear often and should be taken seriously and considered carefully. This example shows us the importance of paying attention to details and not assuming every incoming email is trustworthy. Always verify the sender, be cautious about calls for immediate action, and contact the IT department if you have any doubts. This vigilance helps protect both personal and company data from potential threats..

[Audio] It is important to note that phishing is not limited to emails and text messages. Social networks and websites are other common targets for scammers who use a variety of techniques to obtain your personal or login details. · In the first image, you can see an advertisement for a supposed whatsapp group, talking about popular topics of passive income and early retirement. However, it is very likely that this offer is a fake and the link does not lead to where the attacker makes you think it does. Always verify links before clicking and be skeptical of offers that seem too good to be true. · Phishing Messages: The second image shows a user trying to convince you with a message to click on a link to set delivery preferences on an order. The message uses psychological pressure – making you feel like they are waiting for you – thus making you act in haste. You shoud always be wary when it comes to messages such as this, especially when they come from an unknown phone number. · The third image illustrates the difference between websites marked as safe and those that are not. Look for websites that use the HTTPS security protocol and have a trust certificate. Sites without these features, while they cannot be completely avoided, should be approached with caution. These examples highlight that internet security requires constant vigilance across all platforms—not just in your inbox. Always thoroughly check the authenticity of links, reject dubious offers, and remember that if something looks too good to be true, it probably is. Stay alert and proactive in protecting your personal and company information from phishing attacks across all digital environments.

[Audio] Now let's talk a little bit about the acronym ISMS that was mentioned before. An ISMS, or Information Security Management System, is crucial for any organization that wants to protect its information from both external and internal threats. An ISMS is a comprehensive framework of policies, procedures, and technical and physical measures that a company implements to ensure the confidentiality, integrity, and availability of its information assets. Our company holds a TISAX certification, which is specifically designed for the automotive industry and is a recognized standard for information security management. TISAX builds on the principles of ISMS and adds specific requirements relevant to the automotive sector. This certification demonstrates that our company takes information security seriously and that our practices align with industry's best practices. Part of the ISMS process involves identifying information assets that need protection—this can include everything from computers and production systems to email systems. Once these assets are identified, a risk analysis is performed to determine the threats these assets face, such as the risk of an email system being hacked or a computer being stolen. Based on this analysis, measures are then put in place to minimize these risks. The goal of ISMS and TISAX certification is to ensure that all these steps—from design to implementation to monitoring—are carried out systematically to protect our information from any threat. This is why such systems and certifications are important; they not only strengthen our defenses against cyber-attacks but also increase our clients' and partners' confidence in our ability to protect sensitive information..

[Audio] When we talk about information security standards, there are certain basic obligations that every employee of our company must adhere to in order to collectively protect our data and information systems. These responsibilities are designed to minimize risks and ensure that our information assets are protected. · Distinguishing Between Personal and Work Devices: It is imperative to use work devices for work purposes only. This reduces the risk of introducing malware into our corporate network and protects sensitive work data. · Avoid using Personal Storage Media an Work Computers: This policy helps prevent potential security threats, such as accidentally introducing malware to the network. Always use company-provided storage media for work-related files. · Using the Visitor Network for Personal Phones: If you need to connect your personal phone to the internet at work, please use the dedicated visitor network. This ensures that our company network remains protected from potential threats that may come from personal devices. · Minimizing the Risk of Sensitive Data Leaks and Virus Infections: Always be vigilant and follow cybersecurity best practices. Avoid sending sensitive information over unsecured channels and refrain from downloading unverified software. These precautions help protect our systems and data. Violation of these or any other rules of our security policy can have serious consequences not only for the individual but also for the entire company. It can lead to financial losses and legal complications. Therefore, it is important that each of us understands our responsibilities and adheres to this policy to collectively maintain a safe working environment..

[Audio] Mobile devices such as phones and laptops are an integral part of our working equipment. However, it is important to follow the designated safety rules and precautions when using them: · Installing software from unknown sources is prohibited - only apps from verified sources such as Google Play or the App Store should be installed on mobile devices. For laptops, software installation is handled exclusively by the IT department to ensure security and compatibility. · Each device should be protected with a password, PIN, or biometric authentication (such as fingerprint or facial recognition) to prevent unauthorized access. · Software updates often fix security vulnerabilities. Therefore, we keep automatic updates enabled to ensure our systems are always up-to-date with the latest security patches. · Setting the auto-lock feature to activate after no more than 5 minutes of inactivity minimizes the risk of an unauthorized person accessing data if the device is left unattended. · Devices should never be left unattended, whether in the office, in a car, or any other public place, to prevent theft or misuse. · Lastly, devices should not be made available to other people or children to prevent inadvertent or deliberate misuse..

[Audio] Portable storage media such as USB flash drives, DVDs, SD cards, and similar devices are a convenient way to transfer and store data. However, their portable nature makes them a vulnerable point in our security strategy. Therefore, we have implemented the following rules for handling these media in our company: · Use Only Company-Owned Storage Media: Only USB flash drives and other media provided to employees through the IT department are intended for data transfer. The IT department maintains a list of all such devices, including their owners, to ensure better control and accountability. · Prohibition of Connecting Personal or External Storage Media to Work Computers: This measure prevents the risk of unwanted malware infecting our systems and protects company data from unauthorized access. Only approved and company-issued storage media should be used with work computers. · Storage Media Disposal Procedure: When storage media is no longer needed, we follow regulations for secure disposal. CDs and DVDs can be physically destroyed (shredded), while the disposal of USB drives and similar devices is handled by the IT department. The IT department performs a secure data wipe and removes the device from the system. Each disposal is documented with a protocol, ensuring transparency and accountability of the process..

[Audio] Portable storage media such as USB flash drives, DVDs, SD cards, and similar devices are a convenient way to transfer and store data. However, their portable nature makes them a vulnerable point in our security strategy. Therefore, we have implemented the following rules for handling these media in our company: · Use Only Company-Owned Storage Media: Only USB flash drives and other media provided to employees through the IT department are intended for data transfer. The IT department maintains a list of all such devices, including their owners, to ensure better control and accountability. · Prohibition of Connecting Personal or External Storage Media to Work Computers: This measure prevents the risk of unwanted malware infecting our systems and protects company data from unauthorized access. Only approved and company-issued storage media should be used with work computers. · Storage Media Disposal Procedure: When storage media is no longer needed, we follow regulations for secure disposal. CDs and DVDs can be physically destroyed (shredded), while the disposal of USB drives and similar devices is handled by the IT department. The IT department performs a secure data wipe and removes the device from the system. Each disposal is documented with a protocol, ensuring transparency and accountability of the process..

[Audio] Sharing classified and confidential information requires extra caution and adherence to specific security protocols to ensure that this information is not misused or improperly disseminated. Therefore, we have implemented the following methods for secure information sharing at our company: Internal Sharing: For sharing internal information, within the company, we use shared drives or SharePoint. These platforms allow us to store and share files in a controlled and secure environment, accessible only to authorized individuals. Sharing with External Partners: When we need to share confidential information with customers or external companies, we use OneDrive. This allows us to maintain control of files even after they've been shared, ensuring that only authorized people have access to them. Use of Customer Portals: If a customer insists on using their own portal to exchange information, we consider this method secure as long as the portal complies with our security standards and policies. Confidential Emails: When confidential files are shared via email, the email automatically becomes "confidential." This means it is subject to the same restrictions as the file itself, including limitations on forwarding, printing, or other potential misuse of the content. Sharing with Third Parties: Before allowing the sharing of classified information with a third party, we ensure that they comply with our security terms, including signing a confidentiality agreement. This is key to protecting our data and ensuring its safety. By following these protocols, we can effectively manage and safeguard our confidential information, ensuring it is shared securely and only with authorized individuals..

[Audio] On this slide, we will explain how to properly handle information depending on its security classification: classified, internal, and public. · Classified Information: this information is subject to the strictest rules. No copies may be made without the express permission of the owner of the document. When sent by post, they must be clearly marked. Physical destruction must be done by shredding and physical copies must be stored in a safe. Digital information must be secured in a storage facility with access for authorised persons only. The owner of the information shall define access rights, including who may make physical copies. Sharing of this information shall only be permitted by secure methods. · Internal Information: is available to company employees according to their work needs. The manipulation and deletion is done in the usual way. Documents are stored in secure locations, such as shared drives, or Sharepoint. · Public Information: can be handled without restrictions, which includes printing, distribution or storage. This information is freely accessible and can be shared outside the company without any restrictions..

[Audio] When we talk about cybersecurity, we can't ignore the importance of secure passwords and physical security. · Password Security: The bottom line is that passwords should never be recorded in a loosely readable form. This means that there must be no sticky notes on the monitor or passwords written anywhere where they can be easily found or seen. We recommend using a verified and secure password manager to manage passwords. If you are interested in using a password manager, please contact our IT department. When creating a password, try to create a password that is complex and includes at least 8 characters, one uppercase letter, one lowercase letter, a number, and a special character. Passwords should not contain easily guessable information such as names, dates of birth, company name or current month. Passwords are valid for 120 days, after which they must be changed. · Physical Security: Next, we need to address physical security. As part of our security program, we have a Clear Desk Policy, which means that no sensitive or confidential documents should be left on the desk. All such documents should be kept in a locked facility. In addition, it is important to lock your computer screen whenever you leave the office and lock the office door when you leave work. RFID tag access doors are also in place in some parts of the building, which adds to the security of our work areas..

[Audio] To ensure that our premises and information are adequately protected, our buildings are divided into six coloured zones representing different levels of security. · The white zone is the zone with the lowest security level, such as the lobby of the main building, which is not subject to special protection and is freely accessible to visitors and employees. · The Blue Zone is for areas such as loading and unloading docks. There are some restrictions, but not as strict as in the higher security zones. · The Yellow Zone represents higher security locations such as some of the offices, warehouses and quality areas. Stricter security rules already apply in this zone. · The Orange Zone is a higher security zone where audiovisual recording is prohibited, which also applies to the Purple and Red Zones. This zone includes production areas. · The Purple Zone includes places where classified documents are handled, such as HR department. Special care is required in this zone and access is restricted to authorised persons. · The Red Zone represents the highest level of security. This zone includes technical rooms such as server rooms and archives where sensitive data and information is stored. Only the most authorised persons have access and the strictest security procedures apply..

[Audio] To maintain the security of our premises and protect sensitive information, we have clearly defined rules for visits to our buildings: · Each visitor must be announced in advance to the person in charge and must be recorded in the visitor's book, which is located at all entrances. This ensures we have a record of all external persons entering our premises. · Visitors are only permitted to enter higher security areas when accompanied by a responsible person. This person will ensure that all our security protocols are followed. · Each visitor must be informed of the prohibition of audio-visual recording on our premises. This protects our trade secrets and ensures the privacy of our employees and other visitors. In special cases where audio-visual recordings are necessary, an official protocol must be issued authorizing this, and the visitor must follow the exact terms agreed upon in advance. By adhering to these rules, we ensure that the physical security of our company is always paramount and that it is protected from any unauthorized activity or potential misuse..

[Audio] It is important to be vigilant and act immediately if you notice any signs of a security incident. Whether it's suspicious emails, unusually high amounts of spam, targeted phishing attempts, leaks of sensitive information, damage or theft of company assets, or any other technical issues and requests, it is imperative that these incidents are reported immediately. Our help desk is here to help address these situations and ensure that any potential issue is resolved efficiently and with minimal negative impact on our company. If you notice anything suspicious or have an IT-related issue, please do not hesitate to contact the helpdesk at mz.helpdesk@mergon.com. It is always better to report even small suspicions than to leave a potential problem unrecorded and unaddressed..

[Audio] As part of our commitment to maintaining high standards of safety and providing you with all the information you need, we have prepared a set of documents which include guides to secure data sharing, a detailed overview of document classification, and all the information about our company's security zones. All of these documents are accessible on the J drive, specifically in the All → IT_ALL_USERS → Tisax folder. Here, you will find detailed materials to help you better understand our security policies and procedures. If you have any questions or need further assistance, please do not hesitate to contact the IT department..

[Audio] Finally, I would like to thank you for your attention and for your active participation in this training. Your commitment to the safety and security of our data and work environment is extremely important to us. Each one of us contributes to the overall security of our company, and your vigilance and dedication are key to preventing security incidents. I hope you found this training valuable and that you will apply the information you have gained here in your daily work. Thank you again for your time and for your efforts in maintaining our company's security. Let's continue to work together to keep our environment safe and secure..