General Cybersecurity Awareness Quiz

Questions and Answers

Which of the following is the biggest cybersecurity threat to organizations?

• Software vulnerabilities (correct)
• Insider threats
• Natural disasters
• External hackers

What can happen if you plug a personal device into a work computer?

• Nothing, it's perfectly safe
• It could introduce malware to the network (correct)
• Personal data will be backed up automatically
• Work files will be copied to the device

True or False: A VPN ensures complete immunity from cyberattacks.

False (B)

What is the most secure password?

LongPhraseWithNumbers123! (C)

What should you do before updating software?

Verify updates through official channels (B)

What is PII?

Personally Identifiable Information

Which of the following is NOT an example of PII?

Business phone number (A)

What is the best way to protect sensitive data?

Encrypt it (B)

True or False: Sharing PII without encryption is acceptable for internal use.

False (B)

Why is protecting PII important?

All of the above (D)

Which of the following is a common sign of a phishing email?

All of the above (D)

What is social engineering?

Manipulating people to gain sensitive information

What should you do if you suspect a phishing attempt?

Report it to IT security (C)

Which is NOT a social engineering tactic?

Enabling 2FA (D)

What is the first step to protect against phishing?

Enable email spam filters (C)

What does ransomware do?

Encrypts files and demands payment (C)

How can you prevent malware infections?

All of the above (D)

What should you do if a ransomware attack occurs?

Disconnect the infected device (A)

True or False: Paying the ransom guarantees recovery of your data.

False (B)

Which of the following is NOT a type of malware?

Firewall (B)

What is a common risk of remote work?

All of the above (D)

What tool should you use when connecting to public Wi-Fi?

VPN (C)

What is a secure practice for remote work?

Using strong, unique passwords (A)

How can you secure your home Wi-Fi network?

All of the above (D)

What should you do if you suspect a security breach while working remotely?

Report it to IT immediately (C)

What is the first step in responding to a suspected security incident?

Report it to the IT team (A)

Which of the following should be included in an incident report?

All of the above (D)

Why is it important to report security incidents immediately?

All of the above (D)

True or False: Incident response is solely the responsibility of IT.

False (B)

What should you NOT do when responding to a security incident?

Tamper with evidence (C)

Why is it important to regularly update software and tools?

To fix security vulnerabilities (B)

Which is NOT a secure way to share sensitive files?

Using public file-sharing services (B)

What is the purpose of a password manager?

To store strong passwords securely (B)

How can you ensure the safe use of collaboration tools like MS Teams?

All of the above (D)

What is the primary purpose of a VPN?

Encrypt and secure communication (D)

Flashcards

Insider Threat

The biggest threat to organizational cybersecurity comes from individuals within the organization, intentionally or unintentionally.

Personal Device Risk

Introducing a personal device to a work network can expose the network to malware, viruses, and other security risks, even if the device appears clean.

VPN Limitation

Using a VPN alone doesn't completely eliminate the chance of cyberattacks. It simply adds a layer of protection, not a full-proof shield.

Secure Password

A strong password is long, uses a combination of uppercase and lowercase letters, numbers, and symbols, and is easy to remember for the user.

Software Update Verification

Always verify any software update through official channels before installing it to avoid risks from malicious updates.

What is PII?

Personally identifiable information (PII) refers to any data that can be used to identify a person.

Non-PII Example

While a business phone number might identify a company, it doesn't directly identify a specific individual.

Encryption: Data Protection

Encryption scrambles data, making it unreadable without the correct key, providing strong protection for sensitive information.

Unencrypted PII Sharing

Sharing PII without encryption even within an organization can lead to security breaches and legal issues.

Why Protect PII?

Protecting PII is crucial as it ensures compliance with regulations, maintains trust with users, and prevents financial penalties.

Phishing Email Red Flags

Urgent language, mismatched email domains, and unexpected attachments are common indicators of a fake (phishing) email.

Social Engineering

Social engineering is a psychological manipulation tactic to trick individuals into revealing sensitive information.

Phishing Suspicion Response

If you suspect a phishing attempt, report it to your IT security department immediately for prompt action.

2FA: Not Social Engineering

Enabling two-factor authentication is a security measure, not a social engineering tactic.

Phishing Prevention: Filters

The first line of defense against phishing attacks is to use email spam filters to block suspicious emails before they reach your inbox.

Ransomware Function

Ransomware is a type of malware that encrypts files on your device and demands payment to decrypt them.

Malware Prevention Strategies

Keeping software updated, using antivirus software, and avoiding clicking unknown links are key to preventing malware infections.

Ransomware Attack Response

If a ransomware attack occurs, disconnecting the infected device is a crucial first step to prevent further spread.

Ransomware: Paying Doesn't Guarantee Recovery

Paying the ransom for ransomware does not guarantee the recovery of your data. Attackers can renege, demand more, or release malware again.

Firewall: Not Malware

A firewall, a security feature that protects your network, is not a type of malware.

Remote Work Security Risks

Working remotely introduces risks like device theft, access to unsecured networks, and exposure of sensitive data.

VPN: Public Wi-Fi Security

When connecting to public Wi-Fi, using a VPN is essential for secure communication and to protect sensitive data from hackers.

Strong, Unique Passwords for Remote Work

Using strong, unique passwords for all your accounts, especially when working remotely, is a fundamental security practice.

Securing Home Wi-Fi

Securing your home Wi-Fi by using a strong password, enabling WPA3 encryption, and updating your router firmware regularly is essential.

Remote Work Security Breach Reporting

When a security breach is suspected while working remotely, immediate reporting to the IT team is crucial for prompt investigation and mitigation.

Incident Reporting: First Step

The first step in responding to a suspected security incident is to report it to the IT security team for a coordinated response.

Incident Report Contents

Incident reports should include a description of the event, date and time of occurrence, and actions taken to address it.

Why Report Incidents Promptly?

Prompt reporting of security incidents is vital to minimize damage, enable quick mitigation, and prevent further attacks.

Incident Response Collaboration

Responding to security incidents is a collaborative effort involving various stakeholders, not solely the responsibility of the IT team.

Tampering with Evidence (Security Incident)

Tampering with evidence associated with a security incident can hinder investigation efforts and compromise the integrity of findings.

Software and Tools Updates: Security

Regularly updating software and tools is crucial to address security vulnerabilities and patch known weaknesses that attackers might exploit.

Public File-Sharing Services: Risk

Using public file-sharing services for sensitive files increases the risk of unauthorized access and data leaks.

Password Managers: Secure Storage

Password managers store and manage strong, unique passwords securely, reducing the burden of remembering complex passwords.

Collaboration Tools Security

Securing collaboration tools like MS Teams involves avoiding clicking unknown links, restricting access to sensitive content, and using strong passwords.

VPN: Secure Communication

VPNs encrypt and secure communication, protecting your data from interception and snooping, especially when using public Wi-Fi.

Study Notes

General Cybersecurity Awareness

• Biggest cybersecurity threat to organizations: Software vulnerabilities.
• Personal device plugged into work computer: Could introduce malware to the network.
• VPN and cyberattacks: A VPN does not guarantee complete immunity from cyberattacks.
• Secure password: Long phrases with numbers and symbols.
• Software updates: Verify updates through official channels before applying them.

Protecting Personally Identifiable Information (PII)

• PII definition: Personally Identifiable Information.
• PII example (not): Business phone number.
• PII examples: Credit card number, Social Security number, email address.

Phishing and Social Engineering

• Phishing email red flags: Urgent language, mismatched email domains, unexpected attachments.
• Social engineering: Manipulating people to gain sensitive information.
• Responding to a suspected phishing attempt: Report it to IT security.
• Not a social engineering tactic: Enabling 2FA.
• Protecting against phishing: Enable email spam filters.

Ransomware and Malware

• Ransomware action: Encrypts files and demands payment.
• Preventing malware infections: Keep software updated, use antivirus software, avoid clicking unknown links.
• Ransomware attack response: Disconnect the infected device.
• Ransom payment and data recovery: Paying the ransom does not guarantee data recovery.
• Not a type of malware: Firewall.

Remote Work Security

• Remote work risk: Unsecured networks, device theft, sensitive data exposure.
• Public Wi-Fi security: Use a VPN.

Incident Reporting and Management

• First step in security incident response: Report it to the IT team.
• Incident report components: Description of the event, date and time of the incident, actions taken in response.
• Importance of immediate incident reporting: Minimizes damage, allows quick mitigation, prevents further attacks.
• Incident response responsibility: Not solely the responsibility of IT.
• Security incident actions to avoid: Tampering with evidence.

Secure Use of Software and Tools

• Software updates importance: To fix security vulnerabilities.
• Secure file sharing: Use encrypted file-sharing platforms, secure email, password-protected links.
• Password manager purpose: To store strong passwords securely.
• Collaboration tools security: Avoid clicking unknown links, restrict access to sensitive channels, use strong passwords.
• VPN purpose: To encrypt and secure communication.