Increasing Awareness for Cyber Security in the Corporate Sector

The age of computer advancement has caused a revolutionary change in the corporate sector. From on-campus working hours to remote work from home scenarios, from meetings in a conference room to meeting online in a virtual environment, things are changing continuously in the corporate environment. This paper tries to educate and generate awareness about cyber security in the non-technical human resource and try to make them understand the potential risks to their organization which can be caused because of not giving much attention to smaller details. This paper concentrates on those attacks which can be mitigated by any non-technical employee and which are easy to understand and give preventive measures for the same.


I. INTRODUCTION
In this age of digitalization, the corporate sector has modified itself in a very big way. From moving an entire enterprise to a cloud platform to creating work-from-home opportunities for people, the corporate sector is drastically changing and is constantly shifting towards rapid digitalization. Due to this rapid shift, there is an ever-growing concern towards maintaining a secure digital space which will attract more people towards this change. The current scenario in the corporate field is that many are not aware of the risks of not having adequate cyber security and the loss which can happen if they have a system breach in their organization. Technical aspects of these cyber-attacks are known to professionals who have a career in the field of security, but the majority of the people working in the corporate field may or may not have sufficient knowledge on trying to prevent/mitigate risks which can allow criminals to bypass the organizational security boundaries and perform a crime. The human resource which works in the organization should be made aware of the attacks which are simple to execute but once executed will cause great damage to the organization. This paper aims to create awareness towards such types of attacks which have a big human factor in them and has some methods which will help them to mitigate such attacks to keep their organization safe from such attacks. 172 II. METHODS AND MATERIAL As this paper focuses on security risks and attacks which have a simple plan of execution and has a more human-centric approach in their execution, we will be looking at some attacks which affect the corporate space more often and which can be mitigated at the employee level if the necessary precautions are taken at the right time.

A. Phishing:
Phishing is a very well-known security attack that has a very human-centric approach. It is a subcategory of social engineering attacks. Social engineering attacks are security attacks that are more human-centric and which try to entrap the victim by giving false promises or by intimidation.
Phishing is a security attack where the suspect/hacker will try to try to act as a sender of a legitimate E-mail and will try to persuade the victim to do some tasks which will benefit the suspect. Usually, phishing is done to gain entry into an organization via a weak human link by making the end-user(victim) share their user credentials with the suspected attackers.
Some of the reasons why an employee of an organization falls into the trap of a phishing email are: 1. the email appears to be sent from a legitimate source.
2. the email which has been received by the employee contains a link which when clicked takes the employee to a site that asks for the employee's login credentials and guarantees the employee that if the employee does enter his credentials, they will get an appraisal or some sort of benefit from the organization.
3. the email demands the recipient to take some urgent action, disobeying the mail would result in some penalty.
The above reasons may be too realistic and genuine, but they may be a setup for a possible cyber-attack on the whole organization. To minimize these risks, employees of a particular organization should be made aware to look for these things in an email: 1. Are there words that imply a sense of urgency in the email?
2. Is the email address from where the email has been sent valid?
3. Does the received mail contain any links to some websites which belong to some organization?
In case a suspicious email has been reported for phishing, the technical/security team should look for these signs in a phishing email: The main issue is on how to create a password that is a strong password and how to keep it in our memory.
Organizations should follow the password guidelines which are provided by NIST. A weak password is a password that has only alphabets, alphabets that are recurring in the password, the password is related to the user, for example, his name, date of birth, etc.
Whereas a strong password may be completely unrelated for the user, will be containing more than 15-20 alphanumeric characters, it would not store in written or on the internet. [3] Human memory plays a major part in the creation of a password. Everybody wants to create a password that can be easily remembered but also wants it to be strong and secure. These things don't go hand in hand.
Due to this, most people create passwords in such a way that they will remember them for a longer period.
For that purpose, people create short passwords which are related to them and if they don't change their passwords from time to time, they fall victim to a cyber-attack.  There are many aspects that an organization has to take care of while considering insider threats. The main area of concern is human behavior and the   The curriculum should follow these three principles: