It is also a good idea to provide a class on the proper use of the Internet for employees who have Internet access. I have worked in many organizations that have adopted an excellent policy that states: "Any employee needing Internet access must attend an Internet security class (see Table B.2) before such access will be permitted." Having this requirement provides two essential advantages:
Table B.2. Topics for Internet Security for End-Users Class
Recommended Topics to Cover | Estimated Time |
|---|
Begin by presenting some fascinating statistical projections about Internet security. Wow them with how incredibly unsecure the Internet really is, and how many hackers are out there waiting for an opportunity to strike. Here we want to simply get the audience's attention and show how big an issue Internet security is. | 3 minutes |
Discuss some of the dangers of the Internet and what a hacker can do: Malicious Web-based scripts Unencrypted communications and email Malicious downloads, viruses, back doors, Trojan horses Browser attacks and reply worms such as NIMDA
Here we are want the end-users to understand how much responsibility they have for the security of the organization. They should understand that their desktops could very well be the weak link that allows a hacker in. | 6 minutes |
Discuss good security practices that end-users can follow: Never trust anything or anyone on the Internet Never send confidential company information across the Internet or through external email Never download or execute Internet-based files Never install file-sharing applications or any other unauthorized software Never choose to "trust" a Web site unless absolutely sure it is legitimate Never share an Internet account with others Never access the Internet from an unauthorized system When in doubt, ask the local security team /expert
| 15 minutes |
Review how an end-user should handle an incident: Give the reporting chain and contact list, including who to call during a suspected incident Explain the need for silence until the matter is investigated Explain that all actions across the Internet will be monitored by the organization
| 3 minutes |
End by having each user take a copy of the "Internet Usage Policy." Each user should sign the policy before being granted Internet access. | 3 minutes |