Brookdale Community College takes the security of its organization, users, and data seriously. To help protect our confidential information and assets, Brookdale has implemented a Security Awareness Training program. The goal of this long-term program is to not only to meet all compliance and legal requirements but also to secure employees and the organization by educating employees about the potential security threats and changing their behaviors.
SANS Security Awareness
Securing the Human, Security Awareness Training is an online, self-paced program focusing on awareness and compliance of information security. The learning modules cover a variety of topics that apply not just to work but also home, including how to secure your family. The top five modules address Social Engineering, Email & Messaging, Social Networks, Mobile Device Security, Passwords. Each module is approximately three minutes. Securing the Human Security Awareness Training is available to Brookdale full-time employees and Adjunct Faculty.
Coming in October 2018 New Security Awareness Training Program
- Click here to access SANS Security Awareness Training.
- Enter your username which is your Brookdale email address
- Enter your NetID password.
For additional information and assistance, please contact Linda Bernabeu at ext. 2805.
SANS Security Awareness 2018 EndUser Training supports a relevant, interactive, and gamified content to engage, educate, and inform learners and how to best avoid and defend themselves from social engineering attacks and scams.
Modules are videos tutorials, approximately 3-5 minutes.
Micro Videos are short-concise videos that provide a high-level overview of the topic, approximately 1 minute in length.
Interactive Modules include an activity following the video. Each self-paced interactive module takes between 5 to 10 minutes to complete.
Below is an overview of the topics covered in the SANS training modules.
You Are the Shield
An introduction that explains how cyber attackers are focusing on human risk to gain access to data and information by bypassing technology’s defense and how to build a strong cyber shield and use training to strengthen cyber detection skills at work and home.
Email and Phishing
This module explains key methods cyber attackers use to get people to click on the bait in an email message, such as links, attachments, or redirects. It also identifies the primary clues that each person can use to detect phishing, and how to safely check links in emails.
This module focuses on the common warning signs that can be used to identify and report an incident. Warning signs include, but are not limited to, anti-virus alerts, suspicious software running on the device, unexplained data or device battery usage, pop-up messages indicating malware, and compromised passwords.
This module follows NIST recommendations for strong passwords, such as keeping passwords long, strong, and unique for each online account.
Browsers as well as their add-ons, plugins, and extensions, are common targets for cyber attacks. In this module, staying safe online involves key security behaviors, including safe browsing, recognizing signs of a security compromise, managing updates, looking for signs of encryption, and logging off websites to remove sensitive information.
This module explains what malware is and provides examples of commonly used malware, such as ransomware, spyware, and keyloggers and also focuses on key methods attackers use to deploy malware and how each of us can defend against them.
This updated module explains and illustrates different types of social engineering attacks, including spoofing from trusted sources, and how people can detect and defend against them.
This module provides a real-world example of how a targeted attack works and how everyone in an organization can protect and defend against them. Key security behaviors include not oversharing information, following policies or procedures used to protect information, recognizing signs of spoofing and social engineering, and managing links and attachments in emails.
This module explains how attackers can attempt to trick and fool their way into restricted areas, such as by tailgating. Also discuss how employees can protect the physical security of your facilities by managing visitors, protecting entrances and exits, proper information disposal, and related physical security behaviors.
This module, provides an overview of key security behaviors include enabling a screen lock, enabling remote wiping, disabling Wi-Fi and Bluetooth features when they are not in use, keeping the devices updated, and not jailbreaking security features designed to protect these devices.
This module explains what encryption is and how an encryption key works to encrypt and decrypt information.
This module explains these risks to employees and shows them how to safely use authorized Cloud providers in your organization.
This module is the foundation of most of the compliance videos. The module also describes ways to securely store or process sensitive information, restrictions on transferring or sharing information, ways to manage data retention, and why it is important to follow data policies and processes, as well as how to destroy data securely.
Protecting your devices, safeguarding your data and identity
Regardless of what technology you are using or where you are using it, here are five fundamental
steps you should take to protect yourself. Learn more at www.securingthehuman.org/ouch
YOU: The most critical part of staying secure is you. Cyber attackers have learned that the easiest way to get something is to ask for it directly. As a result, common sense is your best defense. If an email, message, or phone call seems odd, suspicious, or too good to be true, it may be an attack
UPDATING: Ensure your computer, mobile device, and apps are updated and always running the latest version of their software. Whenever possible, enable automatic updating.
ENCRYPTION: Ensure your computer, mobile device, and apps are updated and always running the latest version of their software. Whenever possible, enable automatic updating.
BACKUPS: Make sure you do regular backups of any important information. Often, the only way you can recover from a computer or device that has been hacked, lost, or stolen is to recover from your backups.
PASSWORDS are the keys to your kingdom; guard them well.
- Always use long, strong passwords; the more characters you have, the better. Even better, use two-step verification whenever it is possible.
- Use a unique password for every device and account. Can’t remember all of your passwords? Use a password manager for securely storing and retrieving your passwords.
- Never share your passwords with anyone, including your co-workers or your supervisor.
Source: Security Awareness Newsletter Online: (2014) OUCH!Security Awareness. Retrieved Oct 1, 2014, from http://www.securingthehuman.org/resources/newsletters/ouch/2014
Securing Mobile Devices
Securing your mobile devices and smartphones is as relevant or perhaps even more critical as securing your computer. Your smartphone contains a wealth of personal information such as pictures, passwords, email, phone numbers, and contacts. A lost or stolen or unsecured smartphone could expose personal data and lead to identity theft and fraud.
Below is a short list of some basic Smartphone safety tips to help protect your smartphone.
- Password-protect your device.
- Keep your operating system updated.
- Enable strong password protection on your device and include a timeout requiring authentication after a period of inactivity.
- Download applications from reliable resources such as Apple Store and Google Play.
- Be cautious with public Wi-Fi, only connect to secure networks you know. Avoid unidentified Wi-Fi hotspots.
- Disable Bluetooth and Near Field Communication (NFC) capabilities when not in use.
- Be sure to review your mobile device manual to learn about the specific features of the device.
- Backup your device on a regular basis.
- Install a locator app.
- Be sure to wipe your mobile device using the built it “factory reset” function to delete your data before returning, reselling or discarding your smartphone.
Securing Desktops and Laptops
Keeping your computer safe, secure, and free of viruses and worms has become more difficult as computers are complex and interconnected through the Internet and other networks.
Below is a short list of some basic safety tips to help secure and protect your computer.
- Keep your firewall turned on.
- Do not buy security software in response to unexpected pop-up messages or emails.
- Use strong passwords.
- Set your operating system to update automatically.
- Use the most current version of your browser.
- Do not install plugins or add-ons into your browser unless you need them to run a particular application.
- Keep all essential browser plugins and add-ons update to date.
- Back up your files.
- Do not download unfamiliar software from the Internet. If you must, run a virus scan on the download before installing the application.
- Log off or lock your computer when leaving the device unattended.
- Do not open attachments from unknown sources.
- Do not use free public or unencrypted (unsecured) Wifi.
For additional information on staying safe and secure visit the following websites:
Securing a Wireless Network
A majority of home networks are not properly secured and configured. Unless you take steps to secure your router, you are vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cybercrimes. Do not rely on the default factory setting of your wireless router to be secure.
Below is a list of simple tips for keeping your wireless network secure. Be sure to review the manual of your wireless network for detailed information on changing the setting.
- Change the default name (SSID – Service Set Identifier) of your router.
- Change the default password.
- Change the security level to WAP or WAP2 if available.
- Best Practices for Keeping Your Home Network Secure
Additional information on wireless networks:
Security Awareness Tips
Security Awareness Tip of the Day
Security Awareness Tips
Each day SANS posts a new tip that focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization.
View the SANS Security Awareness Tip of The Day
Place a fraud alert to protect against identity theft
Call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number for a stolen a wallet or credit card. The alert means any company that checks your credit has to contact you to authorize new credit.
Here are numbers you always need to contact if your wallet, etc., has been stolen:
1. Equifax: 1-800-525-6285
2. Experian (formerly TRW): 1-888-397-3742
3. Trans Union: 1-800-680-7289
4. Social Security Administration (fraud line): 1-800-269-0271
You can get a free credit report once a year from each of the three credit reporting agencies. https://www.annualcreditreport.com/index.action
If your browser questions a website's security, stop, think, and verify
When visiting the “https” secure sites of banks and online shopping retailers, you may see an onscreen warning, such as “There is a problem with the •website’s security certificate” or “Secure Connection Failed.” Don’t just click to continue or to make an exception. The warning may only indicate that there is a harmless temporary problem with the site or with the network. But it can also mean that the site is bogus or has been compromised by hackers, and someone is listening in on your conversation with your bank or retailer.
Be smart. Contact your bank or retailer by phone to find out if they know about a problem with their website or the network. Don’t be the next victim of fraud.
Backup important files on a regular basis
Backup necessary files on a regular basis and store the backups in a safe place. (Preferably off-site.) You can backup files to removable disk or save copies to network shares. Unfortunately, it’s not a matter of “if” you’ll lose files one way or another; it’s a matter of “when.”
Four tips to help keep your computer secure
- Anti-virus. A reliable, effective anti-virus program with the latest updates. Both licensed and free anti-virus software are available. Whichever you use, make sure it scans incoming and outgoing emails for malware.
- Anti-spyware. Reliable effective anti-spyware is a must for securing your computer. Both licensed and free anti-virus software, such as Windows Defender, are available.
- Two-way Personal Firewall. Two-way personal firewall software monitors network traffic to and from your computer and helps block malicious communications.
- Anti-Keylogger software. Anti-Keylogger software products, like AntiLogger and Keyscrambler Personal, help prevent what you type on your computer, especially sensitive information such as the usernames, passwords, and financial information you use in making online transactions, from being hijacked by Bad Guys.
— Ramkumar Raghavan
Recycle electronic equipment
Before you get rid of electronics, be sure you have important files and then clear them of all data. Then look for places to donate or recycle. Most states have banned computers and components from landfills. To find recycling programs in your area, surf to your favorite search engine and type “computer recycling.” You’ll get a list of nonprofit groups, individuals, and academic institutions.
If you are a victim of identity theft, report it immediately
Here are some things you should do.
- Contact the three major credit bureaus and have them place a fraud alert on your credit report.
- If a credit card was involved, contact the credit card company and close the account. Contact your local law enforcement agency and file a report.
- File a complaint with the Federal Trade Commission.
- Document all conversations, so you know whom you spoke to and when.
Make sure your personal information is protected when you do business online
Always read the privacy statement before you fill in the blanks. You should also verify that the site is using encryption before you submit any information – look for https in the web address and a padlock or key in the lower right corner of your browser. Don’t send your personal information (social security number, credit card number, etc.) in an email or through instant messaging.
Check for encryption or secure sites when providing confidential information online
Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or “faked” sites for phishing scams. The information you provide to online banking and shopping sites should be encrypted and the site’s URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window.
SANS Monthly Newsletters
OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization. OUCH! View current and past SANS OUCH Newsletters. View the SANS Video of the MonthHighlighted Issues