How Cybersecurity Aware Are You? #CyberAware
October 19, 2015
Did you know that 95% of all security incidents involve human error?1 Successful security attacks are often the result of insiders within an organization unwittingly providing attackers with access to sensitive information. Best of breed security technologies cannot help protect your organization unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. Cybersecurity is no longer an issue for employers and business owners, recent hacks have resulted in the theft of employee social security numbers, salary details and other sensitive data.
Employees with an unhealthy cybersecurity awareness often expose their business to security threats through:
1. Exposure of sensitive data
2. Theft of intellectual property, and
3. The introduction of malware.
President Obama has designated October National Cybersecurity Awareness Month. This week, we will be shining a spotlight on cybersecurity awareness for employees. How "cyber aware" are you? Take our quiz below to boost your cybersecurity knowledge and learn how to best protect yourself and your business.
- An IP address is the Internet equivalent of?
- What is the most common delivery method for viruses?
- You call your IT manager and ask him/her to help you with your connection to Outlook. They ask you for your password to check if they can connect. What should you do?
- Why is it important to have a complex password with 8 or more letters, special characters and both upper and lower case characters?
- What is the best way to allow your family to use your business laptop?
- Which of the following message attachments would you be wise not to open? A message with an attachment that:
- You receive an email from someone that appears to be within your organization linking you to something on your corporate website. It reads: "Hey you might want to take a look at our website, something looks off: http://www.yourcompany.com - John" You should:
- You receive an alert on your office computer telling you that one file on your computer will be destroyed every 5 minutes unless you purchase a specific program or input a credit card number. You should:
- Should you store personal information on a mobile device?
- How should you work on your business documents at home.
- B) Your mailing address. An IP address is equivalent to your mailing address. Each computer has a unique address similar to the way street addressing works. On the internet, this is called your IP (Internet Protocol) address. It can be used to track the host computer and where it is located.
- B) Social Engineering. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and ransomware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst. Since it relies on human interaction and human error, it is often the greatest threat to any organization.
- D) Ask them to reset your password and then try again. The best course of action would be to have the IT manager reset the password and try again, as this does not involve giving away your personal password. Once the password has been reset and you have regained access you should change your password to something only you know.
- B and C. B) Passwords that are not complex are easier and quicker to hack using brute force techniques. C) Passwords that are not complex are easier to hack using “Dictionary” methods. Brute force techniques are employed by hacker groups using a trial and error application program to decode encrypted data such as passwords through exhaustive effort (trying multiple passwords). Dictionary methods are used to decrypt passwords by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. By creating a complicated password it is less likely that your password can be cracked.
- C) You shouldn’t share your business laptop with your family. As a general rule, one should not use business computers for personal use and vice versa.
- D) All of the above. A) Appears more than once in your Inbox. B) Is an attachment from a recognized company e-mail address. C) Comes attached to an unexpected note from a friend. According to US-Cert, in order to protect yourself and others in your address book you must be wary of unsolicited attachments, even from people you know. It also helps to keep your software up to date, trust your instincts, and save and scan all attachments before opening them.
- A and B. A) Hover over the link with your mouse to determine its true target. B) Copy the link and paste it into a new browser. There are two parts to a link, the part that you can see and the part that you can't see, or the target. While you may see <u>http://www.yourcompany.com</u> the links HTML code may be targeting a malicious website. Two ways to check the validity of the link is to paste the link into your browser and to hover over the link to check the target before clicking. Even though you may recognize the email address of the sender, email addresses can be cloaked as easily as links.
- B and C. B) Walk to your IT office and notify the team right away. C) Unplug your computer from the network immediately. Do not panic and do not respond to the ransom demands. You should inform your IT team right away and unplug your computer from the network in order to stop the ransomware from spreading further into the organization.
- D) Yes, provided the device is encrypted. Some companies have a BYOD (bring your own device) policy, which allows employees to bring in and use their personal mobile devices rather than company provided ones. Please check with your company cyber security policy, but generally, the device is okay to use as long as it is encrypted.
- C) Bring home your company laptop to work on your business documents. You should not open business documents on a machine that is not company property or encrypted by your IT team. Generally, if you must work on a document outside of work, you should be provided with a company machine. Always check with your IT administrator for company policy.