Second-level modules

Security Awareness Training / Second-level modules

A basic step to ensure information security, data protection and compliance with privacy regulations involves paying particular attention to your workstation and not leaving critical or even sensitive information available for unauthorised people to access.

With the widespread use of smart working, meaning mainly teleworking or remote work, it has become necessary to focus attention on this particular issue. Working outside the reassuring walls of the office exposes all users to increased cyber risks.

Smart working has generated a rapid increase in the use of information-sharing and collaboration tools, among all videoconferencing tools. This use has gone beyond the professional dimension to definitively take hold in the personal sphere, with many associated risks.

This is another particular Phishing technique that strikes through messaging systems such as WhatsApp, Messenger, Telegram and SMS, or telephony systems. To understand how even messaging systems – in some ways considered “secure” – can hide dangerous pitfalls.

We return to the topic of Phishing with Spear Phishing, a sophisticated technique that affects a specific individual or a specific group of individuals. In this type of attack, the emphasis is on those preparatory techniques needed to collect sensitive information through deception.

This is the most insidious form of malware, which causes the most damage and blackmails individuals and organisations with no easy way out. This technique is increasingly widespread and aggressive, and in recent times has been used in a growing number of serious attacks.

Encouraging the use of the most advanced authentication systems helps both to strengthen the overall level of security of individuals and organisations, and to inform users about the new techniques hackers employ to overcome these systems, leveraging the human factor.

Household appliances, cameras, wearable devices, increasingly smart cars: even ‘things’ are destined to communicate more and more. If appropriate behaviours are not adopted, each interconnected device can become a potential security vulnerability.

These two technological components are now indispensable to ensure connection on the move, personal mobility and digital transformation, but they can conceal pitfalls if users do not adopt an informed attitude.

Information classification is one of the key factors in information security management, but also one of the least understood by users. It is essential not only to comply with standards and regulations but also to protect Personal Identifiable Information.

We are back to talking about data protection with a view to security, more specifically Privacy and the relationship with various quality and information security regulations, especially the GDPR. We deal with original and more sophisticated content than in the first level.

Social Engineering: an attack technique that uses deception and psychological manipulation to achieve fraudulent purposes. Starting with some examples taken from reality, we will provide some additional elements of awareness, beyond those already discussed, on the techniques used by Cyber Criminals.