Narrator: At his desk, Chris receives a message from one of his co-workers advising him to take his social media post down. His co-worker explained that it contained a private company password and should not be shared. Chris gets more and more worried as he remembered that he did not recognize one of the accounts engaging with his posts. What if this unknown viewer had malicious intents? Chris decides to delete his posts and let the IT and Security Team know what has happened.

Anon: Wow, this guy really messed up. Seriously, Phish, this is going swimmingly. Let’s see, just from having his social media accounts set to public, I can already tell where he works and who he works with, as well some classified company information. Chris has led us to the jackpot! There's going to be some money in this one Phish. Let's just figure out how to set my traps.

Narrator: Feeling uneasy about what he had done, Chris watches some of the videos and completes the modules on CyberSecurityOntario.ca to improve his knowledge about cyber safety.

Vidéo: Understanding the type and value of the information managed by the organization is crucial to defining the types of protections needed. The information classification process involves considering legal and business requirements to protect the confidentiality of the information, as well as the harm and injury that may be caused by the information’s unauthorized access, manipulation, or inadvertent disclosure.

Narrator: Chris decides to implement some of the cyber safety tips he learned by reviewing Instagram’s privacy, security, and data collection policies, and turning his social media accounts private. He also decides to remove people he doesn’t know from his followers. He then decides to review his old posts to make sure there’s no sensitive information that shouldn’t have been shared online. Finally, Chris turns off his location services so that his social media apps can’t see his location. While he wishes he had known these security tips sooner, he also knows it’s never too late to start being cyber safe.

Narrator: Feeling much better after beginning to learn how to be cyber safe, Chris decides to send all of his co-workers a reminder on the importance of cyber security and keeping up to date with their cyber security awareness training. As someone who has now began to learn about cyber security, Chris is ready to work towards becoming a cyber defender not only for himself, but for those around him. Chris begins to turn into his superhero persona and spins up into the air.

Anon: Hmm, it looks like Chris has turned his profiles private. Well, that won’t stop me now! Thanks to using open-source intelligence gathering, I already have enough information about his coworkers and place of work that I can begin my first attack.

Phish: Open-source intelligence gathering is the process of collecting information from published or publicly available sources.

Anon: These names look familiar, this is definitely Chris’s team. Why just go after Chris when I could go after the entire organization. Get ready, Phish, I think this one’s going to be a hook, line, and sinker

Anon: Sorry, Phish, I didn’t mean it literally.