Вы находитесь на странице: 1из 12

 

 
TM Computer Security Module 

Contents 
Overview 2 

Physical Security 3 
Best Practices When Working From Home or Remote Locations 3 
Best Practices When Traveling 3 

Patch Awareness 4 
Best Practices 4 

Data Classification And Protection 5 


Best Practices 5 

Screen Locking 6 
Best Practices 6 

Safe Browser Use 6 


Best Practices 7 

Password Safety 8 
Best Practices 8 

Email Handling And Acceptable Use 9 


Best Practices 9 

Social Engineering 10 


Phishing, Smishing, Vitiating, oh my! 10 
Best Practices 10 

Security Incidents 12 


Reporting 12 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​1 of 12 
 

 
TM Computer Security Module 

Overview 
Computer Security is a major concern for almost everyone these days. If you use a smartphone, a tablet, a 
computer, or any other device that connects to the internet, it is imperative that you are not only aware of, but 
follow, best practices in computer safety in the following areas: physical security, patch awareness, data 
classification and protection, screen locking, safe browser use, password safety, email handling and acceptable 
use, and social engineering. You should always be aware of the processes and procedures in case of a security 
incident involving TranscribeMe. 
 
The following module is designed to make you aware of these best practices, allowing you to protect your 
devices, as well as the data on those devices. While not a "How To", it should provide you with the basic 
information necessary to enact proper safeguards. 
 
Before you begin, we ask that you download the attached document which will provide you with a copy of the 
information within this module.  
 
Each section within the module will be followed by two questions concerning the material you've just read. You'll 
need to pass each section with 100% accuracy, verifying that you have read the information. While we would 
prefer that you finish the module within one sitting, you must complete a full section, save, then click next 
before closing out and coming back. 
 
Thank you for taking the necessary steps to partner with TranscribeMe and ensure that your data, and ours, is 
properly safeguarded! 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​2 of 12 
 

 
TM Computer Security Module 

Physical Security 
The lack of physical security practices are often directly linked to computer breaches, as well as other security 
incidents. ​For example, in 2008, a laptop was stolen from the trunk of a medical research employee's car at a 
shopping mall. Their laptop contained information on 2,500 people taking part in a healthcare study.​ It's due to these 
types of incidents that there are now many legal requirements, such as HIPAA, to protect data in all its forms: 
spoken, digital, viewable, and hard copy. It is also imperative that everyone follow best practices - whether 
working outside the home, working at home, or working while traveling - when handling personal information or 
their employer's information. 
 

Best Practices When Working From Home or Remote Locations 


● Computers and information used for business should be kept in an area away from others. 
● Do not share devices used for work with others in the home.  
● Keep computers and other devices logged off and shut off when not in use.  
● Keep computer screens and other devices from being seen by others.  
● Do not throw print documents, computing devices, or storage devices into your household trash.  
● Choose a secure location to store your backups.  
 

Best Practices When Traveling 


● Avoid using public USB charging stations as these devices can be used to spread malware and steal your 
data.  
● Do not discuss work publicly in areas where others can hear you.  
● Keep all work-related items locked in the hotel safe if you're leaving the hotel for any reason. 
● Do not check computing and storage devices with your other baggage at the airport.  
● Be careful not to leave mobile computers in planes, cars, trains, and other types of travel.  
● Keep computing screens from the view of others and cover the keypad at ATMs and payment machines 
when you enter your PIN.  
● Do not leave computing devices unattended in public places.  
● Do not loan computing devices to others. 
● If you should find an unknown USB storage drive, never plug this into your computer.  
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​3 of 12 
 

 
TM Computer Security Module 

Patch Awareness 
You sit down at your computer ready to work. You turn it on. And you see the dreaded message that updates 
need to be applied or even worse, your computer begins the update without giving you an option. And all you 
can do is sit there, staring at a progress bar, fuming because you want to use your computer *right now*.  
 
The next time this happens, take a moment to stop and remember that computer security updates are *critical* 
to your computer's well-being. They are your computer's armor, its bodyguard, its healthcare professional. It's 
what stands between you and possible *doom*.  
 
Back in 2002, hackers created a computer virus that could bypass firewalls and other security measures. While 
Microsoft released a patch, many people neglected to patch their servers. As a result, over 75,000 servers were 
impacted, causing network outages that led to canceled airline flights, as well as bank ATM failures and more. 
 
While software developers spend a lot of time testing products before release, it's usually impossible to catch 
everything. Flaws happen and hackers spend their time looking for ways to exploit them. No computers or 
software are immune. Everything from your operating system to your applications can be vulnerable to attack. 
 

Best Practices 
● Make sure any critical security updates have been installed on your operating system. 
● Verify that all browsers used by you are updated to the latest version, as well as any extensions or 
themes that you have added to them. 
● Keep your applications updated so that hackers don't gain access to your personal information. 
● Always reboot your computer after applying updates/patches. 
 
 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​4 of 12 
 

 
TM Computer Security Module 

Data Classification And Protection 


Working from home, you may consider your computer and other devices to be the most valuable asset in your 
home; however, the data stored on these devices, or within the cloud, may be even more valuable! Identity 
thieves can use your address, driver's license details, and social security number to access your bank accounts, 
credit cards, etc. There is no such thing as being overly cautious when it concerns your personal data. It is 
important to take the steps necessary to protect your data from online hackers. The failure to do so may result 
in having your money or your identity stolen, among other things. 
 

Best Practices 
● Use an anti-virus software and make sure it's kept up to date. 
● Keep your software and operating system up to date. 
● Use a different, complex, unique password for all your accounts. 
● Never reply directly to emails requesting your personal information and be suspicious of any links to 
websites they may contain. When in doubt, go directly to the institution using another means. 
● If you're sharing personal information or paying for something online, make sure the website is secure 
with the https:// prefix. 
● Encrypt sensitive data, especially if you're saving it to a portable device, and archive or delete personal 
data that is no longer needed. 
● Finally, regularly monitor your online accounts, such as banks and store accounts. If you notice unusual 
activity, report it immediately and change your password.  
 
 
 
 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​5 of 12 
 

 
TM Computer Security Module 

Screen Locking 
You've been working hard, but now it's lunchtime. You're right in the middle of transcribing, so you don't want to 
shut anything down. You want to leave everything where it is so you can pick up right where you left off! And off 
you go! While you're gone, someone in your household walks in, sees your transcription screen open and thinks 
you forgot to submit it, and they submit it for you. Or, they want to be funny, and they type garbled nonsense 
intending to leave it for you to find, but they accidentally hit submit. Or, a repairman is at the house, and he sees 
confidential client information that he later passes on and someone down the line posts it on social media. And 
just like that, you've had a data breach.  
 
Before walking away from any computing device, always check that the screen is locked. Leaving them unlocked 
and walking away is an open invitation for someone to cause damage to your reputation, your identity, your 
business, and/or your computer. Therefore, all users need to be aware of the importance of locking their device 
screen when they are no longer nearby and are not in immediate control of their devices. 
 

Best Practices 
● Always, ALWAYS, lock computing devices before leaving the vicinity. 
● Make sure you are required to authenticate before your device will unlock. 
● Verify that should you forget, your device will automatically lock after less than 10 mins. 
● For smartphones and tablets, make sure that you're not releasing personal or work information on your 
lock screens so that anyone looking at your device doesn't have access to information they shouldn't. 
 
 
 

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​6 of 12 
 

 
TM Computer Security Module 

Safe Browser Use 


It's easy to forget in these days of the smartphone and other computer devices that the internet can actually be 
a scary place, full of high-risk activity. You're going along, transcribing audio, when you need to do some 
research. You open a tab and do a search, and suddenly there's a popup telling you that your computer has a 
virus! So you download it's suggested software and run it. BOOM. Your computer is now infected.  
 
Logging in to all these internet accounts, it's hard to remember your password! Therefore, you just use the same 
password for everything. One day, you try to log into TranscribeMe and your account has been blocked! It turns 
out that a website you've forgotten you ever joined has been hacked and someone has been using your details 
and wreaking havoc on your accounts. BOOM. Your information is in the hands of the wrong people.  
 
It is imperative that you take every possible precaution to protect your computer, your privacy, and your data.   
 

Best Practices 
 
● Always make sure before you share personal information or pay for something online, that the website 
is secure with the https:// prefix. 
● If you receive an email requesting personal information or that asks you to login and update your 
personal information, be suspicious! Go directly to the institution using another means. If you DO click 
on a link in an email, make sure that the URL that you're on belongs to the company you're attempting to 
deal with. Chase bank's website is w ​ ww.chase.com​. If you click on a link that takes you to 
www.chaseonlinebank.com​, then you're on a phishing site. It may look like Chase's website, but its intent 
is to steal your information. 
● Any downloaded file could contain malware. Make sure that you know and trust any source that asks 
you to download files or to execute a file; however, realize that any website can be compromised, so 
always make sure you know exactly what it is that you're downloading. When in doubt, cancel the 
download or executable file. 
● Links offering to clean your computer or pop-ups that say a website has found a virus on your computer, 
are probably trying to get you to download spyware. 
● Sites advertising free items may be trying to lure you into providing personal information so that they 
can break into your personal or work accounts. 
● Use different, unique passwords for every site and use a secure program to manage those passwords. 
 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​7 of 12 
 

 
TM Computer Security Module 

Password Safety 
You know that using good passwords for online accounts is important. You know the best passwords are long, 
strong, and unique. But these days we have so many online accounts that it's become harder to remember the 
passwords for them all. To make things easier, all too often, we reuse the same password over and over and 
over again, making our accounts vulnerable to attack. 
 
You may think that you don't have anything online that anyone else would want, and that no one is going to go 
to the effort of figuring out your passwords; however, most cyber security attacks are random. They don't target 
specific individuals. They aim to get as much information as possible and use that for their gain. 
 
Passwords in particular are easy for attackers to get through data breaches that leak your email addresses and 
passwords, lists of passwords are bought and sold online, and some attackers use software to guess passwords 
through brute force. 
 
Suppose you use the same email address and password for your email account that you with several other 
online accounts. Someone has purchased a list with this email address and password. Consider the 
consequences, if:   
 
● The purchased email address and password are used on all your social media accounts. 
● You have passwords for other accounts saved in your emails. 
● The contact details for your friends and family are all in there. 
● You have details of work, contracts, or other sensitive information stored in your account. 
 
This information is all useful to an attacker. With it, they can cause difficulties for you, as well as your friends and 
family. With access to this information, the attacker can: 
 
● Send emails on your behalf with links to download malware, such as ransomware. Anyone receiving this 
email would trust it because it appears to come from you. 
● Click the "Forgot password" option on another account. The reset password email would allow them to 
reset it, giving them full control over your account, while you'd be completely locked out. 
 

Best Practices 
● Use a password manager. 
● Use a different, unique password for every online account you have. 
● Make your password long and strong - a string of four or more words is just as strong as a 10 character 
password that uses a mix of numbers, letters and symbols. 
● Use two-factor authentication ​(2FA) w
​ henever possible. 
● Don’t use personal information to create your accounts. Use password reset questions carefully and 
avoid using personal information such as your mother's maiden name. 
 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​8 of 12 
 

 
TM Computer Security Module 

Email Handling And Acceptable Use 


While email is one of the best ways to communicate digitally with others, especially in a work environment, email 
is also a major target for scams and malicious activity.  
 
It is up to everyone to use their emails responsibly. For instance: 
 
● Do NOT intentionally access other people's email. 
● Do NOT send spam, chain letters, or other similar types of unsolicited emails. 
● Do NOT create multiple emails to impersonate someone else or to bypass TranscribeMe's requirements. 
 
When working with email from any device, be vigilant and cautious, as scammers are always finding new ways to 
trick potential victims. 
 

Best Practices 
● Be slightly skeptical of any unexpected email. 
● Don’t click on a file attachment you weren’t expecting. Contact the sender first to confirm the source. 
● Never click on an unexpected internet link without verifying that the URL is legitimate. 
● Don’t enable “active content” in emails from untrusted sources. 
● Don’t click ‘Reply All’ from large email posts. 
 
 
 
 
 
 
 
 
 

   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​9 of 12 
 

 
TM Computer Security Module 

Social Engineering 
Phishing is one of the most widespread cyber attacks, targeting everyone from businesses to consumers to 
children. If you are on the internet, you are a potential target. But what is it? Phishing is a type of online social 
engineering tactic that attempts to trick you into giving out or granting access to confidential information. 
Attackers are looking to steal data, load malware, install ransomware, or to use your device for larger crimes 
such as distributed denial of service attacks, etc. 
 

Phishing, Smishing, Vitiating, oh my!  


Phishing can occur several ways and the number of attempts are growing exponentially daily. The US, 
unfortunately, is targeted more than any other country in the world because statistics show that people in the 
US fall easily for phishing scams. Six of the most common types of phishing scams are: 
 
● Using email messages to trick their intended victims into clicking on links or open attachments. 
● Increasingly, scammers are attempting to phish via phone calls. IRS and Tech Support scams are 
widespread. 
● Using voice mail messages to say they represent your bank or other financial institution, urging you to 
call them back immediately, or to send them sensitive data to perform certain operations. This is called 
vitiating. 
● Some phishing scammers have turned to website forgery, setting up fake websites that look legitimate, 
tricking people into thinking they're at their bank or an online retailer. 
● Smishing! This term is used for phishing scams that are sent via text messages (​ otherwise known as SMS 
messages)​. 
● The number of social media tricks being used is also growing - everything from setting up fake customer 
service Twitter accounts, posting fake comments on social media posts, posting messages that look like 
they come from people you know, posting fake live stream videos, and more. 
 
Other terms to be aware of are spear phishing and pharming. Spear phishing targets specific companies, 
groups, or people, so it's very narrowly focused. Pharming, on the other hand, collects as much information as it 
can from as many people as possible, so it's broad in scope. 
 

Best Practices 
● If you receive a message - email, voice, or text - and you do not recognize the sender, it's often a phishing 
attempt. You can often put the sending account address into a search engine and find that it's definitely 
a phishing account. 
● If you are sent a link, verify that it's correct before you click on it. Attackers will vary the URL address of 
legitimate sites to make phishing sites look legitimate. 
● Undisclosed recipient messages often indicate that there is an urgent matter that you must immediately 
address but you are not listed as the specific recipient. Do not fall for it. 
● Similar to undisclosed recipient messages, your name won't appear in the body of the email, instead it 
will say Hello or Hello dear or something similar, and then request that you specifically need to to 
something. Delete those messages. They're phishing attempts. 
● Cyber criminals will convey a sense of urgency to get you to act quickly and without thinking. Watch out 
for phrases like, "Hey, can you get me this information in the next 10 minutes? I need it for a meeting I'm 
heading into." 
● Fake emails are often loded with speling and grammaticle errors. It will often use information that is out 
of context or use an unprofessional tone. The formatting itself may look odd or unprofessional and the 

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​10 of 12 
 

 
TM Computer Security Module 
sender's address may not look like a typical account address. 
● If you receive uncharacteristic messages from familiar senders, it's possible that a phishing scammer has 
used data from a breach to make it look like messages are coming from people you know. If it's 
uncharacteristic of the sender, don't click on any links or download any files. 
● Have you been contacted by the relative of a Prince who needs you to receive several million dollars of 
which they'll give you half? If it's too good to be true, then skip it as it's a phishing attack. 
● Similarly, if you're receiving threats or warnings that look like they are coming from the government, law 
enforcement, collection agencies, etc, and you are unaware of any reason they might be contacting you, 
do not provide them information. Go directly to the source through other means and verify what you 
were told. 
 
Sadly, there is no way to keep from getting phishing attempts as there are unlimited ways that they can be sent; 
however, you can limit those you receive by using up-to-date anti-malware and security tools and by not putting 
your contact information online. Be aware at all times before you act or click on any type of communication! 
 
 
 
   

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​11 of 12 
 

 
TM Computer Security Module 

Security Incidents 
A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction 
of information. This includes interference with information technology operations. Users are generally aware of 
a computer security incident long before a company is aware. Remember: If you see something, say something. 

Examples of security incidents include: 

● Computer system breach 


● Unauthorized access to, or use of, systems, software, or data 
● Unauthorized changes to systems, software, or data 
● Loss or theft of equipment storing institutional data 
● Denial of service attack 
● Interference with the intended use of IT resources 
● Compromised user accounts 

It is important that actual or suspected security incidents are reported as early as possible so that TranscribeMe 
can limit the damage and cost of recovery. Include details regarding the system breach, vulnerability, or 
compromise of your computer when submitting your report, and we will respond with a plan for further 
containment and mitigation. 

Reporting 
Beacon: You can reach our support team by sending a message via the beacon located on the bottom left-hand 
side whilst logged into the TranscribeMe WorkHub.  

Email: s​ upport@transcribeme.com 

Information to include in the report: 

● Your name 
● WorkHub email address 
● Description of the information security problem 
● Date and time the problem was first noticed (if possible) 
● Any other known resources affected 

We will respond to you with an appropriate course of action. 

 
Updated 01-Jan-2020 Confidential Property of TranscribeMe! TM Security Module ​12 of 12