Академический Документы
Профессиональный Документы
Культура Документы
TM Computer Security Module
Contents
Overview 2
Physical Security 3
Best Practices When Working From Home or Remote Locations 3
Best Practices When Traveling 3
Patch Awareness 4
Best Practices 4
Screen Locking 6
Best Practices 6
Password Safety 8
Best Practices 8
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 1 of 12
TM Computer Security Module
Overview
Computer Security is a major concern for almost everyone these days. If you use a smartphone, a tablet, a
computer, or any other device that connects to the internet, it is imperative that you are not only aware of, but
follow, best practices in computer safety in the following areas: physical security, patch awareness, data
classification and protection, screen locking, safe browser use, password safety, email handling and acceptable
use, and social engineering. You should always be aware of the processes and procedures in case of a security
incident involving TranscribeMe.
The following module is designed to make you aware of these best practices, allowing you to protect your
devices, as well as the data on those devices. While not a "How To", it should provide you with the basic
information necessary to enact proper safeguards.
Before you begin, we ask that you download the attached document which will provide you with a copy of the
information within this module.
Each section within the module will be followed by two questions concerning the material you've just read. You'll
need to pass each section with 100% accuracy, verifying that you have read the information. While we would
prefer that you finish the module within one sitting, you must complete a full section, save, then click next
before closing out and coming back.
Thank you for taking the necessary steps to partner with TranscribeMe and ensure that your data, and ours, is
properly safeguarded!
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 2 of 12
TM Computer Security Module
Physical Security
The lack of physical security practices are often directly linked to computer breaches, as well as other security
incidents. For example, in 2008, a laptop was stolen from the trunk of a medical research employee's car at a
shopping mall. Their laptop contained information on 2,500 people taking part in a healthcare study. It's due to these
types of incidents that there are now many legal requirements, such as HIPAA, to protect data in all its forms:
spoken, digital, viewable, and hard copy. It is also imperative that everyone follow best practices - whether
working outside the home, working at home, or working while traveling - when handling personal information or
their employer's information.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 3 of 12
TM Computer Security Module
Patch Awareness
You sit down at your computer ready to work. You turn it on. And you see the dreaded message that updates
need to be applied or even worse, your computer begins the update without giving you an option. And all you
can do is sit there, staring at a progress bar, fuming because you want to use your computer *right now*.
The next time this happens, take a moment to stop and remember that computer security updates are *critical*
to your computer's well-being. They are your computer's armor, its bodyguard, its healthcare professional. It's
what stands between you and possible *doom*.
Back in 2002, hackers created a computer virus that could bypass firewalls and other security measures. While
Microsoft released a patch, many people neglected to patch their servers. As a result, over 75,000 servers were
impacted, causing network outages that led to canceled airline flights, as well as bank ATM failures and more.
While software developers spend a lot of time testing products before release, it's usually impossible to catch
everything. Flaws happen and hackers spend their time looking for ways to exploit them. No computers or
software are immune. Everything from your operating system to your applications can be vulnerable to attack.
Best Practices
● Make sure any critical security updates have been installed on your operating system.
● Verify that all browsers used by you are updated to the latest version, as well as any extensions or
themes that you have added to them.
● Keep your applications updated so that hackers don't gain access to your personal information.
● Always reboot your computer after applying updates/patches.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 4 of 12
TM Computer Security Module
Best Practices
● Use an anti-virus software and make sure it's kept up to date.
● Keep your software and operating system up to date.
● Use a different, complex, unique password for all your accounts.
● Never reply directly to emails requesting your personal information and be suspicious of any links to
websites they may contain. When in doubt, go directly to the institution using another means.
● If you're sharing personal information or paying for something online, make sure the website is secure
with the https:// prefix.
● Encrypt sensitive data, especially if you're saving it to a portable device, and archive or delete personal
data that is no longer needed.
● Finally, regularly monitor your online accounts, such as banks and store accounts. If you notice unusual
activity, report it immediately and change your password.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 5 of 12
TM Computer Security Module
Screen Locking
You've been working hard, but now it's lunchtime. You're right in the middle of transcribing, so you don't want to
shut anything down. You want to leave everything where it is so you can pick up right where you left off! And off
you go! While you're gone, someone in your household walks in, sees your transcription screen open and thinks
you forgot to submit it, and they submit it for you. Or, they want to be funny, and they type garbled nonsense
intending to leave it for you to find, but they accidentally hit submit. Or, a repairman is at the house, and he sees
confidential client information that he later passes on and someone down the line posts it on social media. And
just like that, you've had a data breach.
Before walking away from any computing device, always check that the screen is locked. Leaving them unlocked
and walking away is an open invitation for someone to cause damage to your reputation, your identity, your
business, and/or your computer. Therefore, all users need to be aware of the importance of locking their device
screen when they are no longer nearby and are not in immediate control of their devices.
Best Practices
● Always, ALWAYS, lock computing devices before leaving the vicinity.
● Make sure you are required to authenticate before your device will unlock.
● Verify that should you forget, your device will automatically lock after less than 10 mins.
● For smartphones and tablets, make sure that you're not releasing personal or work information on your
lock screens so that anyone looking at your device doesn't have access to information they shouldn't.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 6 of 12
TM Computer Security Module
Best Practices
● Always make sure before you share personal information or pay for something online, that the website
is secure with the https:// prefix.
● If you receive an email requesting personal information or that asks you to login and update your
personal information, be suspicious! Go directly to the institution using another means. If you DO click
on a link in an email, make sure that the URL that you're on belongs to the company you're attempting to
deal with. Chase bank's website is w ww.chase.com. If you click on a link that takes you to
www.chaseonlinebank.com, then you're on a phishing site. It may look like Chase's website, but its intent
is to steal your information.
● Any downloaded file could contain malware. Make sure that you know and trust any source that asks
you to download files or to execute a file; however, realize that any website can be compromised, so
always make sure you know exactly what it is that you're downloading. When in doubt, cancel the
download or executable file.
● Links offering to clean your computer or pop-ups that say a website has found a virus on your computer,
are probably trying to get you to download spyware.
● Sites advertising free items may be trying to lure you into providing personal information so that they
can break into your personal or work accounts.
● Use different, unique passwords for every site and use a secure program to manage those passwords.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 7 of 12
TM Computer Security Module
Password Safety
You know that using good passwords for online accounts is important. You know the best passwords are long,
strong, and unique. But these days we have so many online accounts that it's become harder to remember the
passwords for them all. To make things easier, all too often, we reuse the same password over and over and
over again, making our accounts vulnerable to attack.
You may think that you don't have anything online that anyone else would want, and that no one is going to go
to the effort of figuring out your passwords; however, most cyber security attacks are random. They don't target
specific individuals. They aim to get as much information as possible and use that for their gain.
Passwords in particular are easy for attackers to get through data breaches that leak your email addresses and
passwords, lists of passwords are bought and sold online, and some attackers use software to guess passwords
through brute force.
Suppose you use the same email address and password for your email account that you with several other
online accounts. Someone has purchased a list with this email address and password. Consider the
consequences, if:
● The purchased email address and password are used on all your social media accounts.
● You have passwords for other accounts saved in your emails.
● The contact details for your friends and family are all in there.
● You have details of work, contracts, or other sensitive information stored in your account.
This information is all useful to an attacker. With it, they can cause difficulties for you, as well as your friends and
family. With access to this information, the attacker can:
● Send emails on your behalf with links to download malware, such as ransomware. Anyone receiving this
email would trust it because it appears to come from you.
● Click the "Forgot password" option on another account. The reset password email would allow them to
reset it, giving them full control over your account, while you'd be completely locked out.
Best Practices
● Use a password manager.
● Use a different, unique password for every online account you have.
● Make your password long and strong - a string of four or more words is just as strong as a 10 character
password that uses a mix of numbers, letters and symbols.
● Use two-factor authentication (2FA) w
henever possible.
● Don’t use personal information to create your accounts. Use password reset questions carefully and
avoid using personal information such as your mother's maiden name.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 8 of 12
TM Computer Security Module
Best Practices
● Be slightly skeptical of any unexpected email.
● Don’t click on a file attachment you weren’t expecting. Contact the sender first to confirm the source.
● Never click on an unexpected internet link without verifying that the URL is legitimate.
● Don’t enable “active content” in emails from untrusted sources.
● Don’t click ‘Reply All’ from large email posts.
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 9 of 12
TM Computer Security Module
Social Engineering
Phishing is one of the most widespread cyber attacks, targeting everyone from businesses to consumers to
children. If you are on the internet, you are a potential target. But what is it? Phishing is a type of online social
engineering tactic that attempts to trick you into giving out or granting access to confidential information.
Attackers are looking to steal data, load malware, install ransomware, or to use your device for larger crimes
such as distributed denial of service attacks, etc.
Best Practices
● If you receive a message - email, voice, or text - and you do not recognize the sender, it's often a phishing
attempt. You can often put the sending account address into a search engine and find that it's definitely
a phishing account.
● If you are sent a link, verify that it's correct before you click on it. Attackers will vary the URL address of
legitimate sites to make phishing sites look legitimate.
● Undisclosed recipient messages often indicate that there is an urgent matter that you must immediately
address but you are not listed as the specific recipient. Do not fall for it.
● Similar to undisclosed recipient messages, your name won't appear in the body of the email, instead it
will say Hello or Hello dear or something similar, and then request that you specifically need to to
something. Delete those messages. They're phishing attempts.
● Cyber criminals will convey a sense of urgency to get you to act quickly and without thinking. Watch out
for phrases like, "Hey, can you get me this information in the next 10 minutes? I need it for a meeting I'm
heading into."
● Fake emails are often loded with speling and grammaticle errors. It will often use information that is out
of context or use an unprofessional tone. The formatting itself may look odd or unprofessional and the
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 10 of 12
TM Computer Security Module
sender's address may not look like a typical account address.
● If you receive uncharacteristic messages from familiar senders, it's possible that a phishing scammer has
used data from a breach to make it look like messages are coming from people you know. If it's
uncharacteristic of the sender, don't click on any links or download any files.
● Have you been contacted by the relative of a Prince who needs you to receive several million dollars of
which they'll give you half? If it's too good to be true, then skip it as it's a phishing attack.
● Similarly, if you're receiving threats or warnings that look like they are coming from the government, law
enforcement, collection agencies, etc, and you are unaware of any reason they might be contacting you,
do not provide them information. Go directly to the source through other means and verify what you
were told.
Sadly, there is no way to keep from getting phishing attempts as there are unlimited ways that they can be sent;
however, you can limit those you receive by using up-to-date anti-malware and security tools and by not putting
your contact information online. Be aware at all times before you act or click on any type of communication!
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 11 of 12
TM Computer Security Module
Security Incidents
A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction
of information. This includes interference with information technology operations. Users are generally aware of
a computer security incident long before a company is aware. Remember: If you see something, say something.
It is important that actual or suspected security incidents are reported as early as possible so that TranscribeMe
can limit the damage and cost of recovery. Include details regarding the system breach, vulnerability, or
compromise of your computer when submitting your report, and we will respond with a plan for further
containment and mitigation.
Reporting
Beacon: You can reach our support team by sending a message via the beacon located on the bottom left-hand
side whilst logged into the TranscribeMe WorkHub.
Email: s upport@transcribeme.com
● Your name
● WorkHub email address
● Description of the information security problem
● Date and time the problem was first noticed (if possible)
● Any other known resources affected
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module 12 of 12