WHEN HARRIE MET WILL 2

Phishing Section:
Types of phishing

Email = Phishing

Phone call = Vishing

Texts = Smishing

Look out for:

 [EXTERNAL] tag or external email header

 Unfamiliar sender
 Sender’s domain
 Spelling and grammatical errors
 Unusual/inconsistent formatting
 Emotional motivators
 Suspicious URLs, attachments, or links

Q&A:

Q1: You receive an email that includes a link, that is sent from an unfamiliar sender, with the [External]
tag in the subject line and External email header. Which of the following options is one way to determine
if this is phishing?

a) Reply to the email sender

b) Hover over the link to check if it’s legitimate
c) Forward the email to your colleagues and get their opinion

Feedback: Excellent! In some cases, you may be unsure if an email is real or a phishing attempt, so it is
important to be extra cautious if it looks suspicious.

A key indicator to look out for is the [External] tag in the subject line and the external email header in
the body of the email.

Never reply directly to the email, never forward it along to others, and only click on links to reputable or
known websites. You can hover over the link to verify authenticity (look for HTTPS, rather than HTTP, as
an indicator that it is a secure link).

Always use the “Report Phishing” button in Outlook if the email, or links within an email, appear
untrustworthy.

Q2: What are some of the key indicators of a phishing attempts?

a) Unfamiliar senders
b) Emotional motivators
c) Spelling and grammatical errors
 d) All of the above

Feedback: Correct! You should look out for all of these things, as they are all key indicators of a phishing
attempt.

Some other warning signs to keep in mind are unfamiliar sender email domain, [EXTERNAL] tag or
external email header, suspicious URLs, attachments, or links, and unusual or inconsistent email
formatting.

Storage Section:
Storage Dos and DON’Ts

DOs

Do use Accenture-approved or client provided storage locations

Do use approved solutions to limit access

Do only use approved client or Accenture tools

DON’Ts

Don’t use personal accounts to send or store Accenture files

Don’t send or store Accenture data on client systems or public sites

Don’t forget to classify and protect your documents

Don’t keep what you don’t own – delete work products when you roll off or are leaving Accenture

Q&A:

Q1: You have access to financial statements for an upcoming Accenture acquisition. Where is the most
secure and appropriate location to store these materials?

a) Personal Google Drive

b) Private Channel of a Private Team
c) Directly on your desktop for quick access

Feedback: Great work! You should always use Accenture or client approved storage locations, such as a
Private Channel of a Private Team, OneDrive, and SharePoint to save your work and when collaborating
with colleagues.

Q2: The purpose of the Sensitivity bar in the Microsoft Office Suite is to:

a) Apply data classification and protection to the content you are creating or handling
b) Easily upload work products to public sites
c) Identify sensitive information that needs to be omitted from the documents you are sending

Feedback: Fantastic! You are responsible for protecting the data in your care. Do this by utilizing the
Sensitivity bar for every document and email you create.
Confirm you are selecting the appropriate data classification and protection by using Accenture’s helpful
resources.

Working Securely Section:

Working Securely

 Passwords stronger than Schwarzenegger

 Enable WPA2 or WPA3 encryption on your home internet
 Some public networks are best avoided
 Remember, HTTPS god, HTTP bad
 Avoid the use of public USB charging stations
 Keep your distance from others when working in public
 Use screen protectors when needed and keep your screen locked while away
 Some geographies have local numbers that connect to ASOC. Click here to learn more

Q&A:

Q1: Which of the following actions can you take to maximize your home network’s security?

a) Guarantee you won’t forget the network password by writing it down on a post-it note and
sticking it to the fridge
b) Ensure your Wi-Fi network is configured with WPA2 or WPA3 encryption
c) Keep the default password that came with your router

Feedback: You got it! Verifying that your Wi-Fi network is configured with WPA2 or WPA3 encryption is
crucial to securing your home network.

It’s also important to update the router’s default password and keep it secure.

But remember, don’t write it down or use the same password you use for other accounts.

Q2: In which of these situations should you call ASOC?

a) You receive an email from an unknown sender and delete it without clicking any links
b) A previous teammate requests that you send a reporting template from the project you worked
on together and you are unsure if you have permission to share it
c) You sent the monthly client financial report to the wrong distribution list

Feedback: That’s right! You should call ASOC when you experience any type of security incident,
including a breach of client or Accenture data, lost/stolen devices, a compromised system (such as
malware on your workstation or personal device), and physical or personal safety emergencies.

Be sure you add the ASOC phone number (+1-202-728-0645) as a contact in your mobile device so you
can quickly use it in an emergency, and bookmark the ASOC Portal on your web browser.

Sharing Responsibly section:

Sharing Responsibly
  Double (maybe even triple) check before sending
 Don’t forget to use the Sensitivity Bar to appropriately classify and protect the information
 Only share files with those who have a business need, and be sure to share securely
 Always verify business need, confirm sharing is allowed and scrub before sharing or reusing work
products
 If you don’t need it, remove it
 Don’t post Accenture or client data on social media

Q&A:

Q1: Before sending an email, it’s important to:

a) Double check the recipient list

b) Use the Sensitivity Bar to determine how the content should be used and protected
c) Open any attachments to confirm the correct document is included
d) All of the above

Feedback: Correct! Emailing the wrong person or sending the wrong attachment is a very common
mistake.

You can avoid this by always using these email best practices:

 Confirm email addresses and recipients are accurate

 Set necessary email and document permissions using the Sensitivity Bar
 Include links to documents instead of attachments when possible
 Open any documents (including attachments and linked documents) to confirm they are correct

Q2: What is an example of an acceptable update to post on LinkedIn?

a) Resharing a post by Accenture’s CEO about our commitment to corporate sustainability

b) A screenshot of a deliverable you are responsible for and want to show off
c) A photo of you and your teammates at your client’s office with your client’s company tagged

Feedback: You got it! Don’t put Accenture or client information at risk by posing sensitive information
that is not yours to share.

In some cases, even the fact that we are working for a specific client can be confidential.

Make sure you obtain permission from account leadership before mentioning client names or
relationships on social media.

You may reference the general nature of the work you do at Accenture, but you must never disclose
sensitive information that could harm Accenture’s brand, clients, or people.

Some examples of sensitive information you must not share publicly include:

 Organization charts
 Client’s customer names and personal data
 Product specifications
 Non-public financial information
Workstation compliance section:
Protecting your workstation

 Give your workstation some love with a weekly reboot

 Don’t forget to apply patches provided by CIO Technology Services
 Don’t manipulate security controls
 Watch out for unexpected software installation alerts. If in doubt, log a ticket with CIO, contact
local technology services, or ASOC
 Only use reputable sources to download new apps
 Don’t access sensitive data on your personal computer
 Return your tech once you’re no longer using it
 Search ‘Protect MyTech’ to open the app, then click ‘Diagnostics Tools’ for instructions

Q&A:

Q1: In order to keep your workstation compliant with Accenture’s requirements, make sure to:

a) Restart your computer at least once a week and take action on any Protect myTech notifications
b) Install peer-to-peer file sharing software to easily exchange files
c) Delay the installation of security updates as long as you can

Feedback: Nice job! You’d be surprised by how many computer issues can be resolved by simply
restarting your machine.

On top of a weekly reboot, complying with Protect myTech notifications and emails is a must. They
provide specific directions and reminders on how to keep your workstation from becoming non-
compliant.

Additionally, make sure you always update software whenever prompted and have the latest operating
system updates on your personal devices to protect against vulnerabilities.

Q2: Under what circumstances can you use your personal computer to access client data?

a) If you can’t access the files on your work computer and a deadline is fast approaching
b) If your work computer got stolen and you are waiting to receive a replacement
c) None, client data should never be accessed using a personal computer

Feedback: That’s right! You should never use your personal computer to access client data.

Your Accenture or client provided computer has built in safeguards to ensure your laptop has not been
compromised and is keeping Accenture and client data safe.

Protecting your Credentials section:

Protecting your credentials

 Keep your password to yourself

 Use different passwords for different accounts
 Never write them down
  Never store them in a unencrypted location or your internet browser
 Always use MFA (Multi-Factor Authentication)
 Never share your MFA code with others if they ask for it

Q&A:

Q1: Your Accenture email address can be used in which of the following scenarios?

a) Accenture business purposes only

b) Accenture business purposes and non-business related social media accounts
c) All online accounts

Feedback: Nice work! Your Accenture email address should only be used for accounts related to your
work at Accenture, such as professional memberships or conferences, third-party tools and any other
work-related accounts.

Use your personal email for any non-business related accounts, such as personal social media or
personal email subscriptions.

Q2: You receive a Multi-Factor Authentication (MFA) prompt that you did not initiate with a call claiming
to be from Accenture Local Technology Support. How should you proceed?

a) Call Accenture Local Technology Support instead so that you can authenticate the request
verbally
b) Enter the code from the call into the Microsoft Authenticator app immediately so Accenture
Technology Support is not delayed
c) Select “No, it’s not me” in the Microsoft Authenticator app

Feedback: You’re right! You should NEVER respond to an MFA prompt you did not initiate, as it may be
an attempt to steal personal, Accenture, or client data.

Accenture Technology Support will never ask you to share a MFA code or your credentials with them
unless it is through an encrypted Accenture site.

End of Course Quiz:

1. If you receive a suspicious text with a link from an unknown number, you should check if it is a
legitimate message by clicking the link.
a. True
b. False
2. Spelling errors, unusual formatting, and emotional motivators in an email can be an indication of
a phishing email.
a. True
b. False
3. It is acceptable to upload work products to personal sites, like your Google Drive, if you work
with contractors and external stakeholders who require easy access.
a. True
b. False
4. When rolling off a project, you should physically destroy hard copies of project-related data that
you don’t have permission to retain, but there is no need to manually delete sensitive
information from your workstation.
a. True
b. False
5. When you’re working in public, using your mobile hotspot is the most secure option for
accessing the internet.
a. True
b. False
6. If you realize that you sent sensitive client information to the wrong person, the first thing you
should do is call ASOC.
a. True
b. False
7. It is more secure to share file links from data repositories like SharePoint or a private channel of
private Team, instead of emailing attachments
a. True
b. False
8. It is acceptable to post confidential Accenture or client information on your social media, since
it’s your own personal account outside of Accenture.
a. True
b. False
9. If you need to download any software or new applications, only do so from reputable sources
such as Accenture’s Company Portal, Apple’s App Store or the Google Play Store.
a. True
b. False
10. If you receive a Protect myTech pop-up notification on your workstation screen reminding you to
take action, it’s okay to wait until the Accenture Technology Support team contacts you directly.
a. True
b. False
11. It is acceptable to use your Accenture email address for social media sites you use for non-
business purposes such a Instagram or Twitter.
a. True
b. False
12. You only need to use multi-factor authentication (MFA) for business purposes. Your social media
and other personal accounts don’t require any additional layers of protection.
a. True
b. False