Security Awareness Training

The 2019 Essential

Cyber Security Threat List

Simple & Effective

Security Awareness
Common Security Risks
This is a list of the most common security threats that
your employees need to be aware of. There are of course
more threats out there. This is just a starting point with
the most common ones that should be the foundation of
your training efforts. Awareness training must be
interesting enough to get people‘s attention and
short enough to be remembered.

Security awareness is a compliance issue

and is needed to accommodate standards
and regulations such as GDPR, ISO27001,
PCI-DSS and many country or state
laws. Security awareness is an
essential part of employee training
and is the most effective way to
keep companies safe from The protection
intruders and hacks. of confidential
information is vital
We hope this list helps to for every organization.
identify at least some of The purpose of security
the threats that are awareness training is to
around today. develop competence and
company culture that saves
money and creates a human
firewall guarding against an
ever increasing threat of reputational
and actual damage and data loss.
 Essentials Email
A modern company needs An understanding of phishing,
informed employees who have a malicious attachments and
basic understanding of when it is proper to use email
where security risks lie and when not

Internet At the Office

Safe browsing and How to safely handle confiden-
understanding http or https, tial content, printed or digital,
phishing sites, and and the correct ways to store
common threats on the web and dispose of it

Out of Office Social Awareness

Risk awareness when working Understanding where the risks
from home using a laptop or are and how social engineering
a phone works is essential to securing
access to a workplace and data

Privacy
With increased regulations to
guard personally identifiable
information, mistakes
can be very expensive
Mobile
Mobile phones today are mini
computers that can hold
valuable information
Data leaks
A data leak is the intentional or unintentional
release of secure or private/ confidential information
to an untrusted environment. Failure to report a leak
can have severe consequences for the individual
and lead to hefty fines for the company.
Essentials Privacy

Ransomware

R a n s om wa re i s m a l ware or a viru s th at en-

c r y p t s t h e d a t a on you r com p u ter or in s om e
c a s es you r w h ol e n e t work . You can n o t acces s
you r f i l e s or p i ct u re s u n til you p ay th e ran s om ,
or s om e t i m e s n o t eve n th en .

Essentials Internet

Phone Locking

D oc u m e n t s, m e m os, em ail, an d con tacts can b e

st ol e n i f you l ea ve yo u r p h on e u n locked . I t is
i m p or t a n t t o g u a rd t h e in form ation . A lways keep
you r p h on e l oc ked wh en you ’re n o t u s in g it .

Essentials Mobile

Vishing
V i s h i n g i s t h e t e l ep h on e eq u ivalen t o f p h is h in g .
I t i s d es c r i b e d a s t h e act o f u s in g th e telep h on e
i n a n a t t em p t t o s c a m th e u s er in to s u rren-
d e r i n g p r i va t e i n for m ation th at will b e u s ed for
i d e n t i t y t h e ft .
Mobile Social
Unknown network
It is very easy for a hacker to set up a Wi-Fi access
point, but if you connect, much of your
communication can be monitored or
even manipulated.

Essentials Social

Mobile listening

You should be aware that there might be a malware

installed on your mobile where they can turn on
your camera and microphone to listen in on your
conversation.

Essentials Out of office

Doublecheck Before You Trust

There is always a possibility that someone has

been “listening in” on your email conversations,
jumping in when you least suspect it and fooling
you into doing something you should not do.

Email Out of office Internet

Autofill
Often confidential information leaks out because
email senders are in a hurry or distracted and
select the wrong recipient.

At the office Email

Unattended Computer

L ea v i n g you r c om p u t er u n locked an d
u n a t t e n d ed c a n c a u s e s eriou s p rob lem s
i f s om eon e e l s e h a s acces s to it .

Essentials Privacy

Same Password

M a n a gi n g m u l t i p l e p a s sword s can b e h ard ,

b u t i t i s es s en t i a l t o h ave d if feren t
p a s sword s for d i f fere n t s en s itive accou n ts.

Essentials Mobile

Malicious Attachments

E m a i l i s st i l l a n i m p or tan t com m u n ication tool

for b u s i n es s org a n i zation s. At tach m en ts
rep re s e n t a p o t e n t i a l s ecu rit y ris k . T h ey can
c on t a i n m a l i c i ou s c on ten t , op en o th er
d a n gerou s f i l e s, or l au n ch ap p lication s, e tc .

Essentials Email

Removable Media
R e m ova b l e m e d i a i s a com m on way to m ove
l a rg er a m ou n t s o f d a ta. T h e ris ks are n u m erou s,
i n c l u d i n g d a t a l os s, m alware th reats an d m is-
p l a c e m en t res u l t i n g in rep u tation al d am ag e.

Privacy Out of office

USB Key Drop

A USB key drop is when a hacker leaves a USB

stick on the ground or in an open space, hoping that
someone will plug it into their computer, giving
access to their computer and all files they have
access to on the network.

Out of office Social

Social Engineering

Social engineering is the use of a deception to

manipulate individuals into divulging confidential
or personal information that may be used for
fraudulent purposes often tricking people into
breaking normal security procedures.

Essentials Out of office Social

Dumpster Diving

D u m p st e r d i v i n g i s a tech n iq u e to re trieve
s en s i t i ve i n for m a t i on th at cou ld b e u s ed to
a c c e s s a c om p u t er ne t work . I t is n’t lim ited to
s ea rc h i n g t h rou g h t he tras h for d ocu m en ts.

At the office Social

Spyware

Spyware and malware are types of software that

enable a hacker to obtain cover t information about
another’s computer activities by transmitting data
from the computer or gaining direct access to it.

Essentials Internet Email

Chain Letter
A chain letter attempts to convince the recipient
to pass it on to others. The risk is that email ad-
dresses will be distributed to a malicious person,
and the email can include links to malware.

Email At the office

CEO Scam

The CEO scam is when a hacker impersonates

executives and tricks employees into sending
sensitive information. This includes using social
engineering to manipulate people and their actions.

Internet Social

Clean Desk
M a i n t a i n i n g a c l ea n d es k in clu d es n o t leavin g
s e n s i t i ve d oc u m e n t s on th e d es k , n o t writin g
p a s sword s on st i c ky n o tes, clean in g s en s itive
i n for m a t i on o f f a w h ite b oard , an d n o t leavin g
a n a c c e s s c a rd w h e re it m ig h t b e stolen .

Social At the office

Computer Installs
Ke ep s o ft wa re u p t o d ate to d e fen d ag ain st
s e r i ou s i s s u es. V i r u ses, s pyware, an d o th er
m a l wa re rel y on u n patch ed an d ou td ated
s o ft wa re .

Internet At the office

Password

Choosing a good password is necessar y. Choose

one that has at least 8-10 characters and at
least one number, one uppercase letter, one
lowercase letter, and one special symbol. Do not
use any words that are in the dictionar y.

Essentials Internet

Password Handling

Choosing a good password is just a star t. Use

different passwords for different accounts and
don’t leave the password where it can be found.
Don’t send credentials by email or store them in
an unsecure location.

Essentials Internet

Printouts

Pr i n t i n g d oc u m e n t s an d leavin g th em in th e
p r i n t er c a n g i ve u n a uth orized p ers on s acces s
t o c on f i d e n t i a l d a t a .

Essentials At the office

Confidential Material

Pr i va t e m e d i a i s o ft e n n o t reg u lated an d
s om e t i m e s u n s e c u re . Un d erstan d in g th e ways
a h a c ke r m i gh t ga i n acces s to u n au th orized
d a t a i s i m p or t a n t .

Out of office At the office

Tailgating
Tailgating, sometimes called piggybacking, is a
physical security breach where an unauthorized per-
son follows an authorized one into a secure location.

Essentials At the office Social

Phishing Essentials Email Social Awareness

Phishing is the fraudulent practice of sending emails

purporting to be from reputable companies in order
to induce individuals to reveal personal information,
such as passwords and credit card numbers.

Essentials Email Social

HTTPS

Hyper text Transfer Protocol Secure (HTTPS) is

a variant of the standard web transfer protocol
(HTTP) that adds a layer of security to the data
in transit.

Essentials Email Social

Spear Phising

Spear Phishing is the practice of studying individuals

and their habits, and then using that information to
send specific emails from a known or trusted sender’s
address in order to obtain confidential information.

Essentials Email Social

Shoulder Surfing
Shoulder surfing is a type of social engineering
technique used to obtain information such as person-
al identification numbers, passwords, and other confi-
dential data by looking over the victim’s shoulder.

Essentials Social

Free WiFi

People usually use free WiFi without thinking. One

of the most common open WiFi attacks is called a
Man-in-the-Middle (MitM) attack, where a hacker
can monitor all traffic and get sensitive information.

Out of office Internet

Home WiFi

Home networks are often set up in a rush to get

connectivity ready as soon as possible. Most
people do not take any steps to secure their home
network, making them vulnerable to hackers.

Internet Out of office

Keylogger
A keylogger is a piece of malicious software or
hardware (a small device connected to the
computer keyboard) that records every keystroke
you make on a keyboard.

At the office
How to make your employees
aware of the risks?
When defending your systems and software
against cyber threats, technological
solutions alone are not enough to mitigate
the risks. Studies show that 91 per cent of
successful breaches rely on human errors.

Cybersecurity is now first and foremost about people. This

means companies need to create and nurture a security
culture with regular training and awareness reminders
to all employees. No matter how up-to-date your
systems and firewalls are (and they should be),
you and your staff might be the weakest
BE link when it comes to your company’s
AWARE cybersecurity. It only takes one
unaware employee to breach a
If you are looking
company resulting in an
for a way to incorporate
attack that could end up
Cyber Security Awareness
costing millions.
into your company’s culture
AwareGO has a simple and
effective solution using short videos
designed to keep up the cyber security
awareness level. With no need for a
complicated on-boarding procedure companies
can start awareness campaigns within minutes
with the simple and intuitive deployment platform.
About the List
This simple list is hopefully a helpful tool for security personnel or data
protection officers when it comes to defending against cyber criminals
and finding potential security risks.

We will try to update this list with new content as often as possible.
If you feel that anything is missing, please let us know at awarego@
awarego.com.

We think of security awareness as a marketing campaign instead of a

training effort, it should be enjoyable.

Ragnar Sigurdsson
Founder & CEO, Ethical Hacker, CISSP

Ragnar has a first hand experience when it comes to

the challenges organizations face when training em-
ployees on proper security measures. He saw people
doze off and completely loose interest during security
awareness training. This is why he started AwareGO
in 2007: There had to be a better way to bring the
security message to the masses and make workplaces
safer.

AwareGO
Simple & Effective Security Awareness

At AwareGO we use marketing principles and humour

to raise employee awareness and help companies be
compliant with he latest updates and changes to cyber
security standards and privacy laws. AwareGO follows
what is happening in security today and provides
organisations of all sizes with the tools they need to train
their employees to keep sensitive data safe and secure.
Get In Touch

Phone
+354 899 4370

Email
[email protected]

Address
AwareGO, Borgartun 27,
105 Reykjavik Iceland