1) General Rules a) If it sounds too good to be true, it is. b) Need to know. Only give information to those people who need to know it and whose identity and security rights are known. c) People visiting our company in person should be watched carefully.

2) Around the Office d) Do not leave your computer logged in while you are not present. e) Do not allow a visitor to access your computer. f) Do not allow a visitor to plug a flash drive or CD into your computer g) Do not leave your computer logged in while you are not present. h) Shred all computer printouts as they are discarded. i) Shred all letters, memos and other paper. j) If in doubt SHRED IT! k) Computer Rooms should be locked at all times. l) Report suspicious behavior to security at once

3) On Your Computer m) Password Recommendations i) Passwords must be changed every 30 days ii) Passwords must be a least 8 characters. Characters should include at least 1 Capital Letter, 1 Small Letter, 1 number and 1 special character like; @#?|<>)(*&^%$ iii) Forgotten passwords can only be reset by visiting the help desk or IT support department in person and provide company identification card.

n) Recognizing Phishing and Online Scams iv) If it sounds too good to be true, it is. v) If the message does not appear to be authentic, it probably is not. vi) Does the content of the message appear in a search engine results? vii) Seeing silly typos, formatting, or grammatical errors a professional would not make.

o) How to Avoid Being a Victim of Phishing viii) Do not use work email for personal correspondence. ix) Do not reveal personal or financial information in an email. x) Do not respond to email solicitations for this information. This includes following links sent in email. xi) Do not send sensitive information over the Internet before checking a Web site's security. If the URL starts with HTTPS: the “S” stands for secure. xii) Pay attention to the URL of a web site. Malicious Web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). xiii) If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.

p) What to do if You Think You are a Victim of Phishing xiv) Report it to your supervisor. They in turn will report it to the appropriate people within the organization, including network administrators xv) If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s). xvi) Watch for any unauthorized charges to your account. xvii) Consider reporting the attack to the police, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

q) How to tell if a site on the internet is bad. xviii) Most browsers have internet web page rating services or advisors. (1) IE has Trusted Sites. This should be turned on. (2) Firefox add on Web-of-Trust (WoT) this rates websites; (a) green=good (b) yellow=questionable (c) red=bad (3) McAfee’s SiteAdvisor has a listing of sites reputation.

4) At Home

r) Protecting and Managing Your Digital Identity on Social Media xix) Review and use privacy settings xx) Don’t share information that can help people steal your identity or locate you xxi) Limit who can see photos or video tagged with your name xxii) Restrict the delivery of information to your circle of your friends

s) Identifying Hoaxes and Urban Legends xxiii) it suggests tragic consequences for not performing some action xxiv) it promises money or gift certificates for performing some action xxv) it offers instructions or attachments claiming to protect you from a virus that is undetected by anti-virus software xxvi) it claims it's not a hoax xxvii) there are multiple spelling or grammatical errors, or the logic is contradictory xxviii) there is a statement urging you to forward the message xxix) it has already been forwarded multiple times (evident from the trail of email headers in the body of the message) t) Places to check to see if the Email is a Hoax xxx) Urban Legends and Folklore - http://urbanlegends.about.com/ xxxi) Urban Legends Reference Pages - http://www.snopes.com/ xxxii) TruthOrFiction.com - http://www.truthorfiction.com/ xxxiii) Symantec Security Response Hoaxes - http://www.symantec.com/avcenter/hoax.html xxxiv) McAfee Security Virus Hoaxes - http://home.mcafee.com/VirusInfo/VirusHoaxes.aspx u) Credit Card Safety xxxv) Never use your Credit or Debit Cards on the Internet. xxxvi) Your Credit Card is actually safer to use while shopping because of the exposer of your PIN number associated with a Debit Card. xxxvii) Current Credit Card laws allow better protection for the consumer then Debit Card laws. xxxviii) Always review your Credit and Debit card purchases using your monthly bank statement. Watch for unauthorized purchases of any amount. Many scams may just take a small amount each month.