Security is everyone's responsibility

IMPORTANCE OF SECURITY

We are as strong as our weakest link - if you open a malicious attachment, you put t he whole companies data at risk.

The Internet allows a hacker to attack from anywhere on the planet.

AVI wants to enable individuals to recognize IT security risks and respond accordingly.

Risks of poor security awareness and practices:

Monetary theft
Damage to reputation
Legal ramifications (for yourself and the company)

YOU ARE THE TARGET

We are all targets to hackers. Don't ever say "It won' t happen to me".
Risks exists regardless if you are using computer equipment at work or at home.
Transacting on banking or shopping sites, should only be do ne on a t rusted network.
Monitor your accounts for any suspicious activity. e.g. a purchase on your credit card in Russia.

INFORMATION SECURITY MEASURES

Anti- virus software - detects malware and destroys / quarantines it before damage is do ne.
Firewall - acts as a protective wall between your computer network and the internet.
Security Patch - software update to resolve security vulnerabilities.
Sensitive document s /da ta should be kept in a secure place.
Do not leave sensitive data on your desk.

PASSWORD SECURITY
• Passwords are an important security component and are used to authenticate, validate, that the person using
your logon-lD is really you.
• Your network account and password is your responsibility, do not share it with anyone. (Refer to the IT End User
Policy)
• Do not make your password easy to guess e.g. dogs name
• AVl's network password policy requires us to use a complex password, 14 characters with a combination of alpha
numeric and special characters (on your personal computer at home, use complex passwords).
Our password policy forces us to change our password every 90 days.
• Do not write your passwords down on a post -it note and paste it to your monitor.
 SOCIAL ENGINEERING

The art of obtaining confidential information from you using what appears to be innocent question or conversation.

You should never be asked to provide your password - even by your bank.

Phone Call: Email:

This is John, the ABC Bank has noticed a
Systems Admin In Person:
What ethnicity are you? problem with your account .
What is your
password? Your mothers maiden
name?

PHISHING EMAILS

• Never respond to requests for sensitive information via mail. (e.g. Passwords)
• Do not click on any suspicious links in an e-mail message.
• If you receive an email that looks a little #PHISHY
send it to the AVIITSS Service Desk to help prevent damage: servicedesk@[Link]

Definition of Phishing:
LOOKS PHISHY?
The fraudulent practice of sending emails pretending to be from
reputable companies in order to induce individuals to reveal
FORWARD SUSPICIOUS
personal information, such as passwords and credit card num-
bers .
EMAILS TO THE SERVICE
DESK!
servicedesk@[Link] .za

HACKED
• The faster you identify and respond to successful attacks the better in order to reduce the damage.
• Employees must understand that hackers are very persistent and very good, sooner or later it can happen to all of us.
• If you feel your account has been compromised, contact the AVI Service
Desk immediately.
• Indications of a compromise
 Browser takes you to a different website .
 Anti-virus report s an infected file.
 Suspicious or un-authorized accounts/ programs added to the
system.
 Password no longer works or locked out of your account.
 PHYSICAL SECURITY

• Access to buildings, Data Centers, server rooms should be restricted.

• Only authorised personnel with a valid business need should have access to restricted areas.

• People use fake ID badges to enter buildings/offices by following an authorized person into access controlled areas . This is called Tailgating.

• If you don' t know who the person is, take him / her to reception.

• If you see someone suspicious, in form security.

Hackers use tailgating to enter buildings to gather any type of information they can get their hands on.

PCI—PAYMENT CARD INDUSTRY

Credit Card fraud is a real threat e.g. Card skimming devices or malware that gathers credit card data that gets sold.

There are security standards now to avoid credit card fraud.

PCI DSS 3.2 (Data Security Standard)

Never share your credit card details (especially the CVV - Card Verification Value - number on the back of the card)
unless you are certain it is legitimate request e.g. Paywise or Paygate

Don't email full credit card numbers - mask 6 of the numbers by replacing with an " *" e.g. 1234 12******1234

Contact your bank if you suspect unauthorized transactions on your card

Types of Data on a Payment Card

CID CAV2/CID/CVC2/CVV2
Amex (all other payment card brands)
American Express

Chip
PAN

Cardholder
Name

Expiration Date Magnetic Stripe

(data on tracks 1 & 2)

IT SECURITY INCIDENTS / DATA INVESTIGATIONS

If you suspect there has been a data breach / incident, log a call with the AVI ITSS Service Desk on 086 126 8884 or via email to Autolog@[Link]
Report IT can be used for reporting possible incidents.
This can be accessed from the AVI Portal Home Page or by calling 0800 126 126.
Any investigations into data or emails require approval from business unit management and HR.
If anyone approaches ITSS (Information Technology Shared Services) directly without going through business unit management and HR,
they will be directed back to their business unit management.
This is to maintain the chain of evidence for legal purposes
 Acceptance of Induction IT Security Awareness Pack

I, _________________________________________________ have read and understood the content of this IT Security Awareness Pack.

Signature: _________________________________________

I.T Shared Services - Infrastructure

Business Unit: ______________________________________

11 July 2023
Date: _____________________________________________