Awareness Training
Extract from the general training course Risk of IT Security for Businesses and Individuals
Risk of IT Security for Businesses and Individuals
We are specialists in assessing and supporting businesses, we have a number of general modules that can be adapted to specific sectors (like ISO14298:2021 or INTERGRAF15374:2023) or, depending on your needs, we can design a specific module to be used as a training or awareness-raising tool for your employees.
Here are some key points
- DEEPFAKE Combined TEAMS or other videoconference tools
- Social engineering, countering attempts at manipulation
- Workstation, computer workstation ( for Company )
- E-Mail Communication
- Danger and use of the Internet
- Drill Phishing & Ransomware 2025
For more information, please write to us at the following address info@rch-s-advisors.ch
DEEPFAKE Combined TEAMS or other videoconference tools
The use of deepfake technology combined with internet platforms, such as Microsoft Teams or other virtual collaboration tools, introduces a range of dangers or risk.
example of the risks and implications:
1. Identity Theft and Fraud- Deepfake Use: Cybercriminals can use deepfake technology to impersonate individuals in video meetings, mimicking their voice and appearance with alarming accuracy.
- Consequences:
- Gaining unauthorized access to sensitive company meetings.
- Misleading participants into sharing confidential information, such as trade secrets or login credentials.
2. Social Engineering and Phishing- Deepfake Use: Attackers may create realistic video or audio messages of executives or trusted colleagues to trick employees into:- Approving fraudulent transactions.- Sharing sensitive internal documents.
- Consequences:
These tactics exploit trust within teams and organizations, increasing the likelihood of success in scams.
3. Reputation Damage- Deepfake Use: Manipulating video recordings from meetings to portray individuals saying or doing things they never did.
- Consequences:
This can lead to:
- Misinformation campaigns.
- Loss of credibility for individuals or organizations.
- Potential legal repercussions for victims.
4. Misinformation and Disruption- Deepfake Use:
Sabotaging team communications by altering or fabricating meeting content.
- Consequences:
- Deliberate spread of false information during decision-making processes.
- Creating confusion and mistrust within teams.
5. Security Vulnerabilities in Collaboration Tools- Deepfake Use:
Exploiting vulnerabilities in video conferencing platforms to inject deepfake content in real-time.
- Consequences:
- Undermining the integrity of virtual communications.
- Facilitating other cyberattacks by appearing as legitimate participants.
Mitigation Strategies To be addressed in separate training
Social engineering, countering attempts at manipulation
Be vigilant and wary of social engineering attacks, in which someone tries to manipulate you to obtain data or information accessible to you concerning work processes and internal or confidential information! It is essential that you exercise discernment when sharing data and information in personal conversations, as well as in telephone or email conversations.
Behaviour:
- Social engineering attacks exploit human weaknesses.
- Attackers appeal to your good faith and helpfulness. Be critical when responding to requests or talking to people you don't know yet. Don't be persuaded and stand firm.
- Do not communicate information about internal or sensitive data by telephone or e-mail.
- Information should only be shared with duly authorised persons, according to their classification level.
- Pass on telephone enquiries (press requests, etc.) to the relevant department or person, or consult your superior. Do not give out extension numbers.
- Pay attention to information security issues (passwords, user names, etc.).
- Check that you are dealing with an employee and, if in doubt, call them back. When you call back, do not use the telephone number provided by the caller. Instead, use the number in the internal telephone directory.
- When conducting or receiving business telephone conversations in public, take care not to divulge confidential information.
- Report unusual incidents with precise information (name stated, company and date/time) to your superior.
Workstation, computer workstation ( for Company )
Behaviour:
- Social engineering attacks exploit human weaknesses.
- Attackers appeal to your good faith and helpfulness. Be critical when responding to requests or talking to people you don't know yet. Don't be persuaded and stand firm.
- Do not communicate information about internal or sensitive data by telephone or e-mail.
- Information should only be shared with duly authorised persons, according to their classification level.
- Pass on telephone enquiries (press requests, etc.) to the relevant department or person, or consult your superior. Do not give out extension numbers.
- Pay attention to information security issues (passwords, user names, etc.).
- Check that you are dealing with an employee and, if in doubt, call them back. When you call back, do not use the telephone number provided by the caller. Instead, use the number in the internal telephone directory.
- When conducting or receiving business telephone conversations in public, take care not to divulge confidential information.
- Report unusual incidents with precise information (name stated, company and date/time) to your superior.
Workstation, computer workstation ( for Company )
Your personal workstation must be protected against unauthorised access.
As a user, you are responsible for all the activities you carry out from your workstation (terminal, desktop, notebook, etc.), tablet or smartphone.
The use of the company's IT equipment is intended for professional purposes.
Personal use of IT equipment supplied by the company is in some case not permitted
Proper, careful and safe use of your IT workstation significantly reduces the risk of losing data or information.
Behaviour:
- Never share your user access with anyone and, in particular, never allow outsiders to work on your computer workstation.
- Prevent unauthorised access to your work computer by actively blocking it. To do this, use the keyboard shortcut WIN + L or Ctrl + Alt + Del followed by Enter.
- Requiring a password when the computer wakes up also ensures that your workstation is automatically locked after a certain period of inactivity. This is a security setting that should not be disabled in some case...
- It is forbidden to connect personal devices or devices from outside the company. Harmful programs may be installed on your computer.
- Do not bypass the official security settings.
- Only authorised employees may maintain software and install devices.
- Respect the clean desk policy.
E-Mail Communication
As a user, you are responsible for all the activities you carry out from your workstation (terminal, desktop, notebook, etc.), tablet or smartphone.
The use of the company's IT equipment is intended for professional purposes.
Personal use of IT equipment supplied by the company is in some case not permitted
Proper, careful and safe use of your IT workstation significantly reduces the risk of losing data or information.
Behaviour:
- Never share your user access with anyone and, in particular, never allow outsiders to work on your computer workstation.
- Prevent unauthorised access to your work computer by actively blocking it. To do this, use the keyboard shortcut WIN + L or Ctrl + Alt + Del followed by Enter.
- Requiring a password when the computer wakes up also ensures that your workstation is automatically locked after a certain period of inactivity. This is a security setting that should not be disabled in some case...
- It is forbidden to connect personal devices or devices from outside the company. Harmful programs may be installed on your computer.
- Do not bypass the official security settings.
- Only authorised employees may maintain software and install devices.
- Respect the clean desk policy.
E-Mail Communication
Do not open e-mail attachments if you do not know the sender! Do not enter confidential data such as passwords or login credentials!
Behaviour:
- Even if the e-mail comes from someone you know, only open attachments that you have requested yourself.
- Never click on questionable links in unsolicited e-mails.
- Do not open files with unusual endings.
- An e-mail is not as protected as a postcard. You should therefore encrypt all e-mails with sensitive content.
Danger and use of the Internet
Just as in real life, there are criminals and fraudsters online. It's your responsibility to identify this type of threat and react appropriately!
Danger and use of the Internet
Behaviour:
- Even if the e-mail comes from someone you know, only open attachments that you have requested yourself.
- Never click on questionable links in unsolicited e-mails.
- Do not open files with unusual endings.
- An e-mail is not as protected as a postcard. You should therefore encrypt all e-mails with sensitive content.
Danger and use of the Internet
Just as in real life, there are criminals and fraudsters online. It's your responsibility to identify this type of threat and react appropriately!
Danger and use of the Internet
Just as in real life, there are criminals and fraudsters online. It's your responsibility to identify this type of threat and react appropriately!
Behaviour:
- Make sure that the security settings of your Internet browser have not been changed. Set the security settings of all web browsers you use to maximum.
- The best way to protect yourself from dangers such as viruses, spyware and trojans is to be careful while surfing the web. Web sites created by known and respected providers should be more reliable than unknown sites.
- Websites that lure visitors with free software downloads or questionable competitions should generally be distrusted.
- One should not blindly click on every link on websites. If necessary, check the status bar before clicking on a link to see the address to which the link leads and what kind of action will be performed.
- In addition to the risk of malware, downloading files can also lead to licensing and copyright issues. For this reason, you should always obtain the approval of your supervisor or IT contact first.
- Check the exact address on security-relevant websites.
With secure connections (https), check whether the certificate matches the respective website provider by clicking on the closed padlock icon.
- Do not access websites with pornographic, violence-glorifying or potentially illegal content.
Doing so could lead to legal problems for you and the company.
Drill Phishing & Ransomware 2025
customised for each customer ....
Online Secure Training Platform will be available on Q2 - 2025
For more information, please write to us at the following address info@rch-s-advisors.ch
Behaviour:
- Make sure that the security settings of your Internet browser have not been changed. Set the security settings of all web browsers you use to maximum.
- The best way to protect yourself from dangers such as viruses, spyware and trojans is to be careful while surfing the web. Web sites created by known and respected providers should be more reliable than unknown sites.
- Websites that lure visitors with free software downloads or questionable competitions should generally be distrusted.
- One should not blindly click on every link on websites. If necessary, check the status bar before clicking on a link to see the address to which the link leads and what kind of action will be performed.
- In addition to the risk of malware, downloading files can also lead to licensing and copyright issues. For this reason, you should always obtain the approval of your supervisor or IT contact first.
- Check the exact address on security-relevant websites.
With secure connections (https), check whether the certificate matches the respective website provider by clicking on the closed padlock icon.
- Do not access websites with pornographic, violence-glorifying or potentially illegal content.
Doing so could lead to legal problems for you and the company.
Drill Phishing & Ransomware 2025
customised for each customer ....
Online Secure Training Platform will be available on Q2 - 2025
For more information, please write to us at the following address info@rch-s-advisors.ch