Know your stuff? Collect these badges during the video

Please note: This experience works best in Google Chrome with headphones.

Start

Explore this video and check out the do’s and don’ts of Cyber Safety

Continue

Anyone can be targeted with cyber threats. They’re out to get IAG data or tarnish our reputation, especially if you: Can access customer data Have privileged system access Can access non-public corporate data Make or can authorise payments Have high influence within IAG Have a high public profile It’s important for you to know how you can avoid being an unwitting player in a cyberattack and help stop everyone from being impacted by cyber threats.

Higher level of computer access than normal users e.g. system administrators have privileged access.

Ok, that one was easy. Let’s see how you go with the next one! 

Nah! You are wasting my time, I’ll just delete the email.

What do you do with the gift card offer?

Smells phishy. I better report it with my Report Phishing button.

For me? Yes, please, send it to me!

Live long and prosper...it’s just unfortunate your files won’t. Your files are now encrypted and you are asked to pay a ransom to get your access to them back.

Go Back

I don’t think we’re in Kansas anymore Toto. We seem to be someplace else…someplace where hackers are having a field day… Reporting a phishing attempt helps us stop the hackers dead in their tracks before they get through the IAG network and potentially affect your colleagues. Skip back and try again

You eat cyber threats for breakfast and right now you’re very hungry. You correctly identified the phishing email and know to report it with your              Report Phishing button in Outlook. Or you emailed it as an attachment to Cyber Threat Detection & Response (CDAR) team (cybersecurity@iag.com.au). You know the phishing email tell tales: 1. Sender details and URLs in the email do not match the domain name it claims to belong to. 2. If you hover your mouse over the email (or tap and hold in iOS), the URL doesn’t point to the right place. 3. The email may use poor English like missssssspelled words and grammatical errors. 4. The email content is not relevant to you. 5. Emails with generic greetings? Computer says No. 6. You are asked to click, open or action something urgently ‘or else…’ 7. They use emotional scare tactics – they may threaten legal action or quote (usually false) legislation. 8. Closer inspection of the phone, email, address or other contact details helps you realise they are not real.

What do you do? You are required at the meeting right now.

It can wait until I get back from my meeting.

This sounds urgent, but I am already running late for the meeting. I’ll give her my logon details instead.

One week later…

Please sir, can I have some more? Nope – not when it comes to passwords! Sharing passwords is a very BAD idea. You never know what has been done on your behalf. Rewind. Go back and try again.

By reaching this level, you already know that you shouldn’t ever share your passwords. Life is like a box of chocolates, you never know what you’re going to get. And that’s how you should treat your passwords. When accessing sites outside of IAG, if you use the same password on many sites, your security is only as strong as the weakest site, so use a unique password for each site, a password manager, and multi-factor authentication.

Where more than one authentication factor is used e.g. a password and secret question.

Complex and hard to guess, mixes letters, numbers and special characters, has no personal info or names and is not re-used for multiple sites or logons.

Take off immediately to the meeting. Leave computer as it is.

Lock the computer and go to the meeting.

You completely forgot the meeting and it is starting right now. What do you do?

You return from your meeting…

I know what you're thinking. Did he press CTRL+ALT+DEL or did he not? Well, to tell you the truth, in all this excitement, I've kinda lost track myself. But being as this is a work computer, you've got to ask yourself one question: "Do I feel lucky? Well, do ya punk?" OK, cut the drama. It wasn’t a good idea to leave your computer unlocked. Leaving your computer unlocked is like leaving a wallet full of cash sitting around. And you wouldn’t do that would you? Put your wallet away – we’ll pay for this round. Go back and try again.

You’ve got it, kid. You know you should always lock your computer when it’s unattended. We probably don’t need to tell you that physically tying down laptops and desktops to your desk with a security lock is the latest craze to stop theft? Righty-o then! And that mobile phone and portable storage device you’re staring at right now? They like to live in a secure home too. Why don’t you send him home? His bags are packed. He has his plane ticket. Bring him to the airport. Send him home…Send him home. Seriously though - if you do lose your IAG laptop, mobile, or tablet, report it immediately to Labs Service Desk on 1800 809 079 (Ext 28888).

Uh oh! More friends is not merrier when you do not know who they are and what they want from you. You’ve hit scam alley. Go back and try again.

No. I decline. I do not know anyone called Max. I'll also change my privacy settings not to show my details to public.

What do you do with Max’s request to connect?

Why not? The more, the merrier. Can’t have enough friends, right?

My precious. My precious. You know that random connections are not precious. They could be scammers trying to steal your identity or worse. Another tip? Make sure that the person is who they say they are and not someone who may have impersonated them. Finally, let’s avoid the battle for Middle Earth altogether and set all your sensitive information and posts to private.

Transfer the call to Joe now.

Get the card details from the customer and give them to Joe later on.

The customer is in a hurry and wants to get off the phone quickly. What do you do?

5 minutes later...

Are you not entertained? OK, we might have some bad jokes in here but well done you! You know how to handle sensitive information. I’ve heard you keep your desk clear, you don’t write down sensitive information, credit card details are masked and sensitive data is transmitted in line with the correct information security classification framework. Mouthful or what?

You return from lunch…

Did you just write down credit card details in full??!! Just keep swimming, swimming, swimming. Go back and try again.

Replay

Or close your browser window to quit.

Congratulations! You’re a Cyber Safety Superstar