Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Similar documents
WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

How to Build a Culture of Security

Best Practices Guide to Electronic Banking

Cyber security tips and self-assessment for business

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Personal Cybersecurity

How Cyber-Criminals Steal and Profit from your Data

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Business Online Banking & Bill Pay Guide to Getting Started

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Web Cash Fraud Prevention Best Practices

Safety and Security. April 2015

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Employee Security Awareness Training

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Guide to Getting Started. Personal Online Banking & Bill Pay

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

South Central Power Stop Scams

Course Outline (version 2)

2017 Annual Meeting of Members and Board of Directors Meeting

Century Bank Mobile. Android and iphone Application Guide

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Personal Online Banking & Bill Pay. Guide to Getting Started

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

Why was an extra step of choosing a Security Image added to the sign-in process?

KSI/KAI Cyber Security Policy / Procedures For Registered Reps

Business Mobile Banking.

ANATOMY OF AN ATTACK!

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

Take Risks in Life, Not with Your Security

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Treasury Services Group Number Treasury Management Officer

1) Are employees required to sign an Acceptable Use Policy (AUP)?

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Online Security and Safety Protect Your Computer - and Yourself!

The Cyber War on Small Business

Cyber Security Guide. For Politicians and Political Parties

Who We Are! Natalie Timpone

Whitepaper on AuthShield Two Factor Authentication with SAP

Keep the Door Open for Users and Closed to Hackers

BEST PRACTICES FOR PERSONAL Security

Financial scams. What to look for and how to avoid them.

Selling network security. A partner guide to getting more business. // Partner Guide. Kerio Technologies

Remote Desktop Security for the SMB

Business Bill Pay User s Guide

It pays to stop and think

Cybersecurity The Evolving Landscape

PROTECTING YOUR BUSINESS ASSETS

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Company System Administrator (CSA) User Guide

Capital Bank Express User Guide. The Tech Behind the Money

REACH Remote Deposit Capture

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

January 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers

Easy IT Audit Engagements

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

HIPAA 2017 Compliancy Group, LLC

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Cyber Security Risk Management and Identity Theft

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Protecting Your Gear, Your Work & Cal Poly

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

JHA Payment Solutions ipay Solutions. Business Bill Pay. Funds Verification CSL Client Reference Guide. September 2018

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

Cybersecurity Today Avoid Becoming a News Headline

A practical guide to IT security

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Cyber Security. Our part of the journey

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Security Gaps from the Field

PCI Compliance. What is it? Who uses it? Why is it important?

Cyber Security Guidelines for Public Wi-Fi Networks

Newcomer Finances Toolkit. Fraud. Worksheets

2 User Guide. Contents

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

IT Remote Working Policy

10 FOCUS AREAS FOR BREACH PREVENTION

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

SHS Annual Information Privacy and Security Training

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Cyber Security: What s the Big Deal?

Business Bill Pay User Guide

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Bring Your Own Device

Most Common Security Threats (cont.)

Cyber Insurance: What is your bank doing to manage risk? presented by

Protecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013

LastPass Enterprise Recommended Policies Guide

PRACTICING SAFE COMPUTING AT HOME

SECURING YOUR HOME NETWORK

Transcription:

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Ray Colado, Information Security Analyst Raise awareness around information security to help you protect valuable personal and company information. 2

Information Security Trends in Cyber Crimes Cyber Crime Statistics The Perfect Storm Social Engineering Passwords, and more! Web Pay Security Features & Best Practices 3

Trends in Cyber Crime 4

Cyber Crime Statistics: 89% of all attacks involve financial or espionage motivations. 63% of confirmed data breaches involve using weak, default or stolen passwords. 95% of breaches and 86% of security incidents fall into nine patterns. Ransomware attacks increased by 16% over 2015 findings. Source: Verizon 2016 Data Breach Investigations Report 5

Did you know? Among small to mid-sized businesses infected by ransomware Ransomware doesn t kill small businesses Downtime does! 6

Top 3 The Perfect Storm Social Engineering Malware Hacking Recipe for Disaster Social Engineering + Malware + Hacking 7

Social Engineering What is it? Popular methods include phishing, smishing, vishing and scareware 8

Phishing What is it? Common characteristics include: Generic greetings Spelling and grammar errors Too good to be true offers Create a sense of urgency 9

Phishing Think before you click! Things to look for: Sender Subject Relevancy Spelling and grammar Links Attachments 10

11

12

Smishing What is it? Tips: If the sender is not in your contact list and/or the text doesn t make sense The text is Too good to be true Do not click on the link! DELETE IT! 13

Vishing What is it? Tips: Do not divulge any personal information like banking or credit card information Do not give in to their high-pressure tactics or intimidation. Hang up! 14

Scareware What is it? Tips: Do not call them Close the browser window 15

Passwords 35% of Users Have Weak Passwords; the Other 65% can be Cracked! Use paraphrases with at least 8 alphanumeric and special characters Unique account, Unique password Separate work from personal Write it down, to keep it safe Change it often (do not reuse) Opt-in to better security (MFA) 16

Automatic Updates Enable Auto-Updates Operating System patches Anti-virus signatures Application updates 17

Social Media Tips: Use a strong password Mark your page as Private Only accept friend requests from people you know Limit the information in your profile Do not post your vacation photos Be mindful of your posts 18

Additional Security Best Practices 1. Use a virtual private network (VPN) to connect to your company s network over a public Wi-Fi connection. 2. Lock your computer screen while you are away from your desk. 3. Lock your smartphone by using a PIN, password or pattern. 4. Keep your work area free of any sensitive documents. Lock them up. 5. Use your anti-virus software to scan USB and other external storage devices as they can be infected by malware. 6. Avoid copying sensitive personal data such as your Social Security, credit card or bank account number to a USB flash drive or storing it on a shared device. 19

Web Pay Security Security features we provide to help you secure your data 20

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 21

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 22

IP Restrictions Benefits Allows Company Administrators to restrict access to Web pay only from allowed IP addresses per security group Tips Ensure to define access for users explicitly or use ALL security group to avoid lockouts Prevents unauthorized access from outside your company network Incorrect configuration can lock out users Blocked Login IP Address Audit report 23

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 24

Notifications Benefits Notifications are sent based on a trigger date or event Tips Set up notifications for key updates that could detect malicious activity. Allows users and to be proactive in detecting malicious activity Know what is going on inside of your application Run reports regularly Notification by User report Notifications Setup report 25

Notifications Key Notifications to Set Up Notification 021 - Payroll Update Occurred Notification 028 Challenge Question Updated Notification 029 - Employee Direct Deposit Account Updated Notification 031 - Pending Changes Awaiting Approval Notification 061 User Account is Locked Out Notification 062 - User Reset Password Notification 063 User Logged In From New Network 26

Notifications 27

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 28

29

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 30

Single Sign-on (SSO) Some Key Benefits: Saves time and effort Fewer passwords to remember Reduces the risk of user account lockout * Not recommended for use by Company Administrators 31

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 32

Multi-Factor Authentication (MFA) 33

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 34

Step-Up Authentication (SUA) Some Key Points: Only Company administrators will use SUA. You can still access the full file of W-2s from the year-end dashboard At the first access of a W-2 and again after 2 hours of work time you will be prompted to SUA again. MFA and SUA are two types of security and are not dependent on each other. You will have to do SUA even if you just did MFA. 35

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 36

Role-based Access Control Security Roles 8 Standard security roles Roles are based on least privileged access Ability to create unlimited Custom Roles Maintain least privileged access Custom roles must be set up by Paylocity Tips: Review your employees security role at least once a year Review custom roles to ensure access aligns with job responsibilities 37

Web Pay Security Client Configurable Security Features Built-in Security Features IP Restrictions Notifications Password Expiration Single Sign-on (SSO) Multi-Factor Authentication (MFA) Step-Up Authentication Role-based Access Control Challenge Questions 38

39

Web Pay Best Practices Steps you can take to detect suspicious activity 40

Web Pay Best Practices Payroll Audits Employee Templates & Checklists for Terminations Go Paperless 41

Payroll Audits Before submitting payroll Review the Pre-process Register Review batch totals Make sure agency checks and deductions match Verify checks and direct deposits are correct Verify you own check Verify executive checks Verify checks with unique setups Review the payroll audit configuration to make sure none of the settings have been changed without your knowledge. 42

Employee Templates & Checklists Terminations Create a template Create a checklist Benefits Template contains all of the information required to terminate an employee all on one screen. Checklist tracks the operational tasks required to terminate an employee. Company Administrators are notified when all tasks are complete. 43

Go Paperless! Tip Enable paperless W-2 s Benefits Reduces printing costs Get your W-2 sooner Reduce likelihood of tax fraud Make it harder for the bad guys! 44

How can you help others? Be a Security Champion Talk to your coworkers, friends and family about what you ve learned Practice what you preach Review your Web Pay setup Use the security features provided Talk to you IT department Ask questions about security Do everything you can to protect your information. You won t regret it. 45

Additional Information The Department of Homeland Security StaySafeOnline.org 46

47

48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback