Cybersecurity Training for Corporate Functions

Cybersecurity Awareness Webinar

At Altamira, maintaining strong cybersecurity practices is not just a technical requirement—it’s a critical part of our daily operations. With our ISO 27001 and ISO 9001 certifications, we are committed to following strict security protocols. This presentation is designed to educate and empower all contractors by highlighting common cyber threats, best practices, and your individual role in protecting our organization.

Importance of Cybersecurity

• The webinar was led by Dmytro Kravchuk, a cybersecurity consultant with over 10 years of experience.
• Cybersecurity is crucial for Altamira, as the company's assets are located in the digital world, and cyber threats are a daily occurrence.
• Altamira holds important security certifications, such as ISO 27001 and ISO 9001, which require the company and its employees to follow strict security protocols.

Common Cybersecurity Threats

The webinar covered the following common cybersecurity threats:

• Phishing: Attackers send fake emails or messages to trick recipients into revealing sensitive data or clicking on malicious links.
• Social Engineering: Attackers use psychological manipulation to trick people into giving up confidential information.
• Malware: Malicious software designed to harm, exploit, or compromise data, computers, websites, or IT systems.
• Ransomware: A type of malware that encrypts data and demands a ransom for the decryption key.
• Data Breaches: Unauthorized access or disclosure of sensitive data.
• Weak and Reused Passwords: Easily guessed or reused passwords that can be exploited by attackers.
• Supply Chain Attacks: Targeting less secure elements in the supply chain to gain access to the main target.

Password Management

• The presenter emphasized the importance of using strong, unique passwords or passphrases for each account.
• Password managers, such as 1Password, were recommended to securely store and generate passwords.
• Enabling multi-factor authentication (MFA) was also highlighted as a crucial security measure.

Secure Communication and Email

• Participants were advised to avoid opening unexpected attachments or links, and to be cautious of file types that can contain malware.
• The use of VirusTotal, a file scanning service, was discussed, but with the caution that downloading suspicious files should be avoided.
• Employees were encouraged to use only company-approved tools and to avoid sharing sensitive information through unsecured channels.

Device Security

• Locking the screen when stepping away from the device, keeping software up-to-date, and using device encryption were recommended.
• Avoiding public or unsecured Wi-Fi networks without a VPN was also emphasized.
• Reporting lost or stolen devices to the IT team was highlighted as an important step.

Software and AI Tools

• Installing software only from trusted sources and being cautious of browser extensions and plugins were discussed.
• The risks associated with AI tools, such as data leakage, misinformation, and breach of contracts/NDAs, were addressed.
• Employees were advised to anonymize data before using AI tools and to review the outputs carefully.

Responsibility and Reporting

• Employees were reminded of their responsibility in following Altamira's security policies and using common sense when handling information.
• Reporting any suspicious activities or security incidents to the IT team was emphasized as a crucial step.

Q&A Session

1. Question: What password managers can be recommended? Answer: The presenter recommended 1Password as a good commercial password manager option.
2. Question: How to prevent making screenshots during screen sharing? Answer: The presenter suggested using features in video conferencing tools that can prevent recording or screenshots, as well as anonymizing or depersonalizing any sensitive information shown on the screen.
3. Question: What is the recommended strategy for securely sharing links with clients? Answer: The presenter advised that sharing links is generally okay, but the files should not be publicly accessible. It's recommended to share the files first through personal emails and then provide the link, ensuring the client can access it only with their corporate account.
4. Question: Any standards or best practices for sharing password-protected documents with clients? Answer: The presenter recommended using password managers to securely share credentials, rather than sending password-protected files. The password should be shared through a separate channel, such as SMS or a direct message.