Welcome to the 4 Common Security Best Practices Online Training Course
Disclaimer 2
Introduction Information Security means protecting information from unauthorized access, use, disclosure, inspection and recording. Much of this information is transmitted through email which, if not securely used, could result in unauthorized interception of confidential data. This presentation will outline 4 of the most common best practices seen within Flextronics today and how these common practices should be implemented to improve our Information Security. 1. Internal Emails 2. Confidential Information Tagging 3. Email Distribution Lists 4. Password Protecting Key Emails 3
Internal Emails Sending Confidential Information Internal Emails refers to emails sent from one Flextronics email user to another Flextronics email user. Practice: Users will often attach confidential documents to emails and send them internally. Even though we have many security solutions in place, these confidential documents can still be retrieved by unauthorized persons in the company. Better Practice: Supply a secured link (hyperlink) to the document within the email that requires the recipient to click the link and authenticate to view the information. Flextronics utilizes a large Sharenet/eRoom/document management architecture to store confidential documents. If an unauthorized user intercepts the email, they must also have the appropriate permissions to click the link and view the document within the Flextronics document management repository. 4
Internal Emails Creating a Link to a Document Save the document to a secure Flextronics Repository (such as sharenet). Right-Click the document in the repository and select Copy Shortcut. Type the email message, right-click a word, normally the word here as seen in the screen shot and select Hyperlink. Alternatively, simply past the shortcut into the email, http://www.flextronics.com/finance.xls for example. In the address field of the Edit Hyperlink window, paste the shortcut that was copied from the online repository, then click OK. When the recipient reads the email, he must then click the link, which will only open the document if the user has the appropriate permissions. Links appear in blue and are normally underlined. If you do not have access to a document repository, this can requested through Service-Now. Catalog Item New Sharenet Site. Or click the request access link on an existing sharenet site. 5
Confidential Information Tagging Confidential Information Tagging is the process of using a watermark or disclaimer to indicate a document is confidential. Tagging raises awareness to the importance of maintaining the confidentiality of the information to any user with access to the information. Practice: Users do not consistently tag all confidential data. Better Practice : Always tag documents containing confidential information and if sending the document through email, also mark the email as confidential. Many Office Productivity applications offer a confidential watermark feature. A disclaimer similar to that shown on slide 2 of this presentation can be added to the document as well. In Microsoft Outlook, when composing the email, click the options button on the message and select Confidential. 6
Email Distribution Lists Many users create email distribution lists for ease of collaboration with a larger group of individuals. Practice: Users will create a distribution list and continue to use it without periodically updating the members of the distribution list and by sending information to an out-of-date distribution list can result in unauthorized users receiving confidential data. Better Practice : Periodically (e.g., quarterly) review email distribution lists to ensure confidential documents and emails are only sent to people that have a business reason to receive the information. Keep distribution lists small, maximum of 10 people for ease of review. Ensure you can identify each user on your distribution lists. There should be no guessing as to whether or not a person in the distribution list is authorized to receive the information. Create separate distribution lists for internal email users and external email users. 7
Password Protecting Key Emails Password protection is a very simple way to mitigate the risk of unauthorized access to confidential data. Email is very easy to intercept on the internet, password protecting all confidential documents within an email will make it much more difficult for this information to be retrieved. Practice: Users do not password protect confidential files sent via email. Better Practice : Always password protect confidential files sent through email. Microsoft Office Products allow the creation of a password on the file directly. If the file cannot be directly password protected, use a zipping application (7zip) which will allow for password protection. Send the password protected zip file or document in one email without the password and a second email to the recipient with the password. If one of the two emails is intercepted by a 3rd party, they will only have either the password protected document or just a password. Without both the password and the password protected document, it is much more difficult to exploit the confidential information. 8
Password Protecting Key Emails How to Password Protect Microsoft Office Documents? 1. Open the Word, Power Point, or Excel document you wish to password protect. 2. On the menu, Select File -> Save As. 3. Select Tools -> General Options from the Save As Window as shown below. Left: Office 2003 Right: Office 2007 4. A new window will pop up displaying two fields, Password to open and Password to modify. 5. Create a password with one mandatory special character (@#$% for example); one upper case letter, one lower case letter and a number. (minimum 8 character password recommended). 6. Click OK, then click Save when finished. This will be the password protected document to be sent in email. Reminder: Send the password protected document in a separate email from the password. 9
Password Protecting Key Emails How to Password Protect Documents using 7zip? 1. 7zip is the selected Flextronics approved zipping program. It can be installed from here: Approved Software Applications or by contacting your Help Desk. 2. Once 7zip is installed, zipping and adding a password to the zipped file is a simple process. 3. Right click on the file you wish to compress (zip) and password protect and click Add to archive. 10
Password Protecting Key Emails How to Password Protect Documents using 7zip? 4. On the window that appears, select Archive Format Zip from the drop down. 5. In the Encryption Section of the window, enter a complex password containing a mandatory special character, at least one upper case letter, lower case letter and number. The more complex the password, the safer the file. 6. Click OK once completed and 7zip will create a zipped version of the file. Example Zipped File 11
Thank You You can now close the browser to exit the course Download Course file(s)