Security Awareness Month Quiz

Your work password should never be shared with anyone; even your manager.

These types of scams are common when an e-mail account has been hacked. The first course of action is to try and contact the person (not via e-mail) and confirm if they really need money and let them know that their e-mail account may have been hacked.

Web content should always be filtered for children. OpenDNS provides DNS-based protections for free. Other Anti-Virus companies also provide protections and filters for children accessing the Internet.

Before you enter sensitive data in a web form or on a webpage, look for signs—like a web address with https and a closed padlock beside it—that it is secure.

GIS should be contacted to clean the device or you can contact Security to put the drive in lost and found.

You should only access trusted sites (Google, Facebook, Twitter, etc) by entering the URL directly or via a bookmark. Clicking on links in e-mail and from other untrusted sites may allow an attacker to steal or capture your credentials.

If it looks suspicious it is safest to delete the message and not expose yourself and SAS to risk.

Cases like this is when someone is trying to social engineer you for information about your workplace.

These types of e-mails are called 419 or 411 scams. These are e-mails that try to encourage you to perform fraudulent activities on behalf of someone in another country (such as laundering money).

Even though email messages get scanned via multiple vendors for malware, spyware and phishing, there is no guarantee that they will catch every instance of malware. It is recommended that you only open attachments and click on links if messages are from an individual you know. Enabling Safe Senders for Outlook is a good way to accomplish this.

Passwords are meant to be secret and only known by you and not shared in any way.

If you are prompted to download a file when simply browsing the internet, then chances are you've navigated to a site that is infected and is trying to infect you. It is best to cancel the download, close the browser and run a full AV scan on your machine.

Auto-forwarding rules are prohibited by company policy. You can forward individual mails to your personal account as long as the communications are not company confidential.

Passwords should never be written down unless they are being stored in a password vault or storage utility and protected by a master password.

You should limit the personal information you post about yourself and your family on Twitter, Facebook and other social media sites. This information could be used in order to perform social engineering on you or your family. You should configure privacy settings to be as strict as possible on such sites to limit prying eyes. All information posted to social media sites should be considered permanent, no matter what the privacy policies of the sites state.

Know what you've posted about yourself. A common way that hackers break into financial or other accounts is by clicking the "Forgot your password?" link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, home town, high school class, or mother's middle name. If the site allows, make up your own password questions, and don't draw them from material anyone could find with a quick search.

Anti-virus is not a replacement for regularly applying patches and security updates.

Encrypting the information before sending it through email ensures that the data is protected and cannot be accessed by unauthorized individuals. Encryption converts the information into a code that can only be deciphered with a decryption key, making it extremely difficult for anyone else to read or understand the content of the email. This helps to maintain the confidentiality and integrity of the private information being transmitted.

You should never choose your work password to be the same as any other accounts. You should also not use family birthdays, names, or other publicly available information about you or your family as part of your password.

You should work on business documents on a corporate issued machine by either working on it in the office, or remotely connecting to your work machine and working on them remotely

Information Security has a request form that will walk you through the process of accepting 3rd party data.

Internal employees tend to be the cause of the most information security breaches

MAC filters are not protection from an intruder as MAC information can be obtained via wireless sniffers and this information be spoofed. Hiding your SSID will also not keep intruders out since the SSID can still be detected via a wireless sniffer. WEP is not a suitable wireless protection mechanism because this encryption technique can easily be cracked in a number of minutes. WPA2 Pre-shared key with a lengthy key is the preferred standard.

Social Engineering is when an attacker tries to gain information about an attack based on information they already know about you or pretending to misrepresent themselves to you in hopes that you will trust them.

Hackers are now using Graphics cards in order to help brute force passwords. The 8 character keyspace can be traversed in under 24 hours with multi-GPU machines: http://arstechnica.com/security/2012/08/passwords-under-assault/