Security Awareness Training Module

Step by Step Guide How to reset your own Email & Computer Login password Passwordreset.cfsgroup.com (ADSelfService Plus) offers end users the ability to perform the following tasks without IT intervention: Self-Password Reset: The flagship feature of this portal/application; ensures that IT don't have to deal with password reset calls anymore. Self-Account Unlock: Allows end users to unlock their locked out accounts by themselves. Change Password: Grants end users the ability to change their logon passwords. Mobile-based Password Management: Enables end users to manage their passwords 'on the go' from their mobile devices. ADSelService Plus offers native Android and iOS apps, as well as a mobile WebApp for other mobile platforms. Password Expiry Notification: Notifies end users whose passwords are about to expire so that they can change the passwords before they expire. Benefits of this solution: •       Enhanced employee productivity: As users do not have to wait for the IT to reset their passwords or unlock their accounts, they can have uninterrupted access to the appropriate resources, which improves their productivity.  •       Users will be notified well in advance about password expiry dates, they can also avoid password related issues, and have continuous access which will also improve their productivity. •       Reduced IT workload: Since end users can reset their passwords, unlock their accounts. IT can focus on the more Business critical tasks.    Launching the Portal for password Self Service: ( https://passwordreset.cfsgroup.com/ ) From the web browser of any devices follow the steps below: Open a web browser  Type the URL of Password Self Service portal.: Enter https://passwordreset.cfsgroup.com in the address bar.  Login with your current email credentials to change or reset your password. Please enroll yourself with 3 simple security questions and email verifications. The following functionalities are supported by the website app:  Reset Password Unlock Account Change Password Enrollment Push Notification       Setting up the iOS and Android Apps To configure their ADSelfService Plus mobile app manually, users have to perform the following steps: Open ADSelfService Plus mobile app Tap Server Settings In the Server Settings page, enter the Server Name or IP Address - passwordreset.cfsgroup.com Enter the Port number - 443 By sliding the ‘Protocol’ toggle to HTTPS Tap Save to finish Happy Supporting.

Continental I.T. Security Policy

Since we have implemented the Single sign-on (SSO) in our organization and it refers to the ability for employees to log in just one time with one set of credentials to get access to all Microsoft Apps, Computer login, Support portal website, and data for which they have permission. Henceforth we are happy to inform you that you can use your same login credential for the SSL VPN. Here are the steps you might need to change in SSL VPN client.   Existing Users   Open FortiClient, on the Remote Access tab, select the JLT VPN connection. Enter your username and password.  Eg:  Username: gajan.radhakrishnan@cfsgroup.com (should be lower case) Password: your current password Click the Connect button. After connecting, you can now browse your remote network. FortiClient displays the connection status, duration, and other relevant information. Click the Disconnect button when you are ready to terminate the VPN session.     Note: If you want to save your email ID always in the Username field. Please follow the steps:   To modify SSL VPN connection: On the Remote Access tab, click on the settings icon and then Edit the selected connection.  Select SSL-VPN, then configure the following settings:  Connection Name JLT VPN Description JLT Remote Gateway continentaljlt.fortiddns.com Customize port 10443    (Click on the Checkbox) Client Certificate None Authentication Select Save Login Username Your email ID (lowercase) Make sure the Checkbox (Do not Warn Invalid Server Certificate selected) clicked & save the VPN connection. That’s it. Should you need any further assistance, kindly drop me a mail to itsupport@cfsgroup.com or create a support ticket on https://support.cfsgroup.com

In an effort to further enhance our company’s cyber defenses, we want to highlight a common cyber-attack that everyone should be aware of – Whaling.  Whaling is a type of scam aimed at getting an employee to transfer money or send sensitive information to a hacker acting as a trusted source via email. Whaling is extremely easy to fall for and can result in significant financial losses. These e-mails can be difficult to catch because they appear to be harmless, and have a normal, friendly tone and no links or attachments. They will appear to come from a high-level official at the company, typically the CEO or CFO, and often ask you to disclose sensitive information or initiate a wire transfer. Example: Message received today for some of our users. A few things to watch out for in a typical whaling attempt: Doppelganger: Whalers may utilize fake e-mail domains that look similar to our domain. Watch out for things like: [EMAIL]@[VARIATION ON COMPANY DOMAIN] A hurried tone: Whalers will often ask you to send money immediately, stating that they’re busy or in a meeting, and can’t do it themselves. E-mail only: Since whaling relies on impersonating an employee via a fake, yet similar email address, they will ask you not to call with questions and only reply through e-mail. If you receive an e-mail that you suspect to be a whaling attempt, or if you are unsure of an e-mail’s legitimacy, please do not respond. Instead, do inform IT Support on 04 5091545 or report the incident in https://support.cfsgroup.com Remember, nobody from CONTINENTAL will ever request personal information, usernames, passwords, or money from you via email. 😊 Thanks again for helping to keep our network, and our people, safe from these threats. Please let us know if you have any questions.

"Phishing" is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. What You Can Do To avoid these phishing schemes, please observe the following email best practices: Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types. Do not provide sensitive personal information (like usernames and passwords) over email.  Watch for email senders that use suspicious or misleading domain names. Inspect URLs carefully to make sure they’re legitimate and not imposter sites. Do not try to open any shared document that you’re not expecting to receive. If you can’t tell if an email is legitimate or not, please contact IT Support Engineer on 045091545 or report the incident in https://support.cfsgroup.com Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.         Example of Phishing attack How to Submit spam, non-spam, and phishing scam messages through Microsoft Outlook Please do report the email by clicking Report Message & select Phishing. Thanks again for helping to keep our network, and our people, safe from these cyber threats. Please let us know if you have any questions.