Cybersecurity Awareness

Questions and Answers

What are attackers frequently targeting to gain unauthorized access to a company's infrastructure and sensitive data?

• Company's financial resources
• Company's infrastructure
• Company's physical assets
• Company's employees (correct)

Who has a crucial part to play in protecting a company against cyber risks?

• IT department
• Every employee (correct)
• Company's management
• Security personnel

Which device could potentially be a security risk these days?

• Only company-owned devices
• Only personal mobile devices
• Only desktop computers
• Every device that connects to the internet (correct)

What was the key concern around cybersecurity in previous years?

Desktop antivirus software performance and slowdown (C)

What will you learn from this presentation?

Practical strategies for protecting your company and yourself from common cybersecurity threats (A)

What term is often used to describe the use of unauthorized devices or software without the approval of the IT department?

Shadow IT (C)

Which of the following actions can pose a threat to cyber security?

Transferring corporate data to personally managed cloud storage accounts (C)

Why is the use of unauthorized devices or software a threat to cyber security?

Because they are not under the control of the IT department (B)

What should you do if you are unsure about installing a particular software on your work device?

Consult the IT Department (A)

What is the company's stance on the installation of applications on company devices?

Employees should only install applications related to their job functions (C)

What can make widely used platforms, services, and applications insecure?

Lack of visibility and control by the corporate IT department (A)

What should employees do with shadow technology that fulfills a highly desired need in the workplace?

Advocate for its official adoption (B)

What technology should be used in the workplace and on work laptops?

Only technology approved by the IT Department (B)

What is Phishing?

A method of using fake emails to compromise accounts and steal data (B)

What does Vishing involve?

Launching attacks via phone calls or text messages (C)

What is Social Engineering in the context of cybercrime?

The act of convincing an employee to provide confidential information (C)

What percentage of data breaches is Phishing responsible for?

33% (D)

What is a common method used in both Phishing and Vishing attacks?

Social engineering (C)

Flashcards

Employee Vulnerability

Employees are often targeted by attackers to gain unauthorized access to a company's infrastructure and sensitive data.

Employee Responsibility

Every employee plays a crucial role in protecting a company from cyber risks.

Internet-Connected Devices

Any device connecting to the internet can potentially be a security risk.

Shadow IT

The use of unauthorized devices or software without the approval of the IT department.

Personal Cloud Storage

Transferring corporate data to personal storage accounts poses a cyber security threat as it bypasses company security controls.

Unauthorized Software and Devices

Unauthorized software and devices are a threat to cyber security because they are not subject to the company's IT security policies.

Software Installation Policy

Consult the IT department before installing any software on your work device.

Application Installation Guidelines

Only install applications on company devices that are directly related to your job functions.

Lack of IT Visibility and Control

Lack of visibility and control by IT over platforms, services, and applications increases the security risk due to potential vulnerabilities and lack of security updates.

Advocate for Shadow Technology Adoption

If a shadow technology fulfills a genuine need in the workplace, advocate for its official adoption by the IT department.

IT Approved Technology

Only use software and devices that have been approved by the IT department for your work.

Phishing

Phishing is a method of using fake emails to trick people into revealing confidential information or granting access to their accounts.

Vishing

Vishing involves launching attacks through phone calls or text messages to gain unauthorized access or steal information.

Social Engineering

Social engineering is the act of manipulating people into providing confidential information or granting access to their systems.

Phishing Breach Statistics

Phishing attacks are responsible for 33% of data breaches, highlighting their significant impact on cyber security.

Social Engineering in Phishing and Vishing

Social engineering is a common tactic used in both phishing and vishing attacks.

Study Notes

Unauthorized Access and Cybersecurity Risks

• Attackers frequently target a company's infrastructure and sensitive data to gain unauthorized access.

Cybersecurity Protection

• Employees play a crucial part in protecting a company against cyber risks.

Security Risks

• Personal devices can potentially be a security risk to a company's infrastructure.

Historical Cybersecurity Concerns

• In previous years, the key concern around cybersecurity was the threat of unauthorized devices and software.

Presentation Overview

• This presentation will teach you about cybersecurity risks and how to protect your company.

Unauthorized Devices and Software

• Shadow IT refers to the use of unauthorized devices or software without the approval of the IT department.
• Installing unauthorized software on work devices can pose a threat to cybersecurity.
• If unsure about installing software, employees should consult the IT department before doing so.
• The company prohibits the installation of unauthorized applications on company devices.

Insecure Platforms and Applications

• Outdated or unsupported platforms, services, and applications can make them insecure.
• Employees should use approved technology in the workplace and on work laptops.

Cyber Attacks

• Phishing involves using emails, text messages, or instant messages to trick victims into divulging sensitive information.
• Vishing involves using voice calls to trick victims into divulging sensitive information.
• Social Engineering is the use of psychological manipulation to deceive individuals into divulging sensitive information.
• Phishing is responsible for approximately 90% of data breaches.
• A common method used in both Phishing and Vishing attacks is the use of urgency to prompt the victim into taking action.