HR Compliance

Cyber Security/Sexual Harassment Prevention Training

We recommend at around 50 employees, companies start Cyber Security and Sexual Harassment Prevention Training.

What is Phishing?

Phishing is a cybercrime in which the scammer pretends to be a trustworthy individual by using email and/or text to obtain access to sensitive information or monetary goods.

Types of Phishing

Email Phishing: The most common type of phishing as it is the easiest to approach the targeted individual. Scammers usually embed a hyperlink to take individuals off their email to lure individuals to share information on a bogus website/link.Malware Phishing: This type of attack hides as an attachment (such as a resume or document). Once the individual opens the attachment the malware embeds itself on the computer and in systems.SMS/Text Phishing: The scammer reaches out to the individual by text pretending to be someone the individual knows asking them to purchase gift cards and initiate bank transfers.Vishing: The scammer reaches out to the individual by phone and tries to obtain sensitive information by voice call or leaving a voice message.

How to Prevent Phishing

Look at the Sender’s Email: It is from someone you know.Look at the Hyperlinks before Clicking: Make sure the hyperlink is correct before filling out your information.Beware of “your account has been frozen” and “your permissions are suspended” type Emails: These emails are to create fear. Always double-check with your account first before clicking.Read Who it is Addressed: Generic phishing emails are very common, “Dear Valued Customer” are used for more fraudulent cases.Check for Spelling and Typos: Spelling mistakes and incorrect grammar are red flags for a scam.

Sexual Harassment Prevention Training

It is very important that we have sexual harassment prevention training in place to educate and remind everyone what is not acceptable behavior in the workplace.Below are trainings that would help with prevention:Supervisor - people manager of employeeshttps://sexual-harassment-prevention-training.dfeh.ca.gov/SupervisoryEnglish/story.htmlNon-supervisor - does not manage any employeehttps://sexual-harassment-prevention-training.dfeh.ca.gov/NonSupervisoryEnglish/story.html

Document Security

When it comes to document security, it’s important to define what is "sensitive" and create rules around it. A simple solution is to add a text string to sensitive files that you would not see on other documents. For example, we could put SENSITIVE in the header of all sensitive documents, then set a rule to detect that. Once you’ve established a security identifier, you can then run a search to show how many sensitive files match one of these rules. You can also run a search to identify documents containing sensitive and confidential data such as SSNs, bank account numbers, etc.Most business suite providers have built-in security features to alert and enforce additional rules. You’ll want to start with alerting, to avoid breaking business processes. The enforcement it can: block external sharing, warn about external sharing, and prevent downloading printing, and copying.

Data Ransom

HBS Article: Your company’s data is for sale on the dark web. Should you buy it back?The answer is no.