Contents | Previous | 4.2 Tasks Expected from Horizon Employees | Next
In order to reach the goal, Horizon employees need to:
- Prevent unauthorized access to financial information of donors
- Prevent unauthorized access to names and personal details of donors.
This requires to know:
- where sensitive information is stored
- how to restrict its access
- what is a legitimate purpose to access sensitive information
- how to replace sensitive information with aggregates or anonymous information when sensitive details is not necessary for the task.
In order to fend off phishing attempts, Horizon employees must:
- not provide credentials to untrusted sources
- not run programs sent by untrusted sources
- not follow instructions of untrusted sources
- confirm any unexpected request received by email through a different channel
- discard or report any suspicious email
- ignore and close pop-up messages unrelated to your current activity
- refuse to run any associated program or script when opening an attachment.
They may also:
- configure a password manager to provide credentials only to trusted sources
This requires to know how to:
- differentiate phishing emails from legitimate work emails
- differentiate trusted from untrusted web pages
- differentiate trusted from untrusted senders of emails
- differentiate expected from unexpected requests for credentials
- differentiate expected from unexpected pop-up windows and notifications
- differentiate an attachment including executable code from a static file.
Contents | Previous | 4.2 Tasks Expected from Horizon Employees | Next