CYBER SECURITY TRAININGVIRGINIA MARINE RESOURCES COMMISSION OCTOBER 2015

HOW TO DEFEND YOUR DIGITAL DERRIÈRE IN MINUTES OR LESS.

Would I lie to you? Would I try to trick you?....

ten

…of course I would…

I’m a hacker!

I’ll schmooze you, I’ll bamboozle you,

…if I can, I’ll befuddle you too.

I go phishin’ I go sniffin’

I’m completely unforgivin’

I can entice youI can advise you

I can delight you too

I’ll invite youI’ll beguile you

Then I’ll quickly surprise you!

Most of all…I get your permission

Then take what you have given.

Here, lemme show ya how it works…how ‘bout I call you “Pat”, you know, like Patsy, or Mark, like “the Mark”.

So, I email you, or have a link on a webpage you’re at, with an urgent message from your bank, or your network provider or somebody else important, someplace you keep some of your stuff that I’m lookin’ for.

Anyway, it’s reeaal important that you click on the link that I provide…RIGHT away! or your account will be disabled or inaccessible or things will get lost!

See…what’s really gonna happen when you click the link is you’re gonna give me something of value to both of us…access to secret, privileged data. Then I can slip into your account, your PC, your life, without your permission, or you even knowing about it…just what I want.

Get it?

After we’ve gotten to know each other a little better…ok, after I’ve gotten to know you better. I’ll start using the stuff you’ve given me, to gain access to even more stuff of yours, of your family’s, of people you know, of clients, co-workers, and even strangers. It just keeps getting bigger and bigger, and better and better…for me…see?

So, to make my day easier, I’d like you to do a few things for me, will ya?

First, keep your passwords simple, use like, “password” or “1234”. Don’t make me type anything too hard like “I’mgonnamakeitatough1” or “that hacker is 1 ID10t”

Second, don’t scramble or “encrypt” any of the secret stuff ok?

Third, in case I happen to be nearby, could ya leave a sticky note on your screen with the username and password?...in case I need to check the game scores or somethin’.

Fourth, if you’re at home, just turn that ol’ firewall off an’ don’t worry about any “security patches” to your PC, unless I tell you, you need it urgently, ok?

Fifth, if you are in a coffee shop or someplace with an open WiFi, remember VPN fob’s that encrypt communications are gonna make it harder for me to do MY job, oh, and if you have to get some more cream or a Danish or somethin’, just leave your screen unlocked… nobody’s gonna touch it.

Last, and most important, if I ask you for some secret stuff, any secret stuff, like your COV email address, a new (or old) password, account numbers or names, client names, addresses, drivers license numbers, even harvest information, and especially credit card numbers, just hand it over will ya… ya know I’m legit! … Right?

So…it’s nice knowing you….real nice. You can call me…well, never mind that. Jus’ try to remember, my job, is ta get to you…your job is ta help me do it.

Got it?…cool.

The pop quiz ! If you’d like to help Harry “the hacker”, then do

what he wants (operators are ready 24 hours a day). If you’d like to help yourself, your co-workers and friends, then don’t be had by “Harry the hacker”.

Don’t forget you are required to take a quiz after completing the training. Access the quiz by logging into the “Employee Portal”.  You will find the quiz under the “System Access”.  It is a multiple choice test and should only take a couple of minutes to complete.  You must pass the test with a 90% - but you can take the test multiple times.  If you pass the test by 90%, you will receive a “Nice Job! You've passed!” message. 

Harry “the hacker” (not his real name), will not like it.

;-)

Thanks to you…

for going through the training today.Security is important in all aspects of life, at work and at home. Our information is an important part of what needs protecting.

Use our MRC security web page to access more information on security and access account request information. Also available, is the Agency Information Security Policy – all users should be familiar with the policy and their responsibilities for security as an agency employee.

Please contact Erik Barth (x72262), Dave Lego (x72280), or your supervisor if you have any questions about this training or, information on security topics in general.