Corporate Vigilance: Security Awareness In Business Quiz

Opening unexpected email attachments from unknown sources can indeed lead to the spreading of malicious programs. Malicious programs, such as viruses or malware, can be disguised as innocent-looking attachments and can infect a computer or network when opened. By not opening such attachments, individuals can protect themselves and their devices from potential harm. Therefore, the statement "In order to avoid spreading malicious programs through email is to not open unexpected e-mail attachments from unknown sources" is true.

Locking or logging out of your office computer when you leave the place is considered a best practice for security reasons. By doing so, you ensure that unauthorized individuals cannot access your computer and its data in your absence. This helps protect sensitive information, prevent unauthorized use of your computer, and maintain the privacy and security of your work.

Before you enter sensitive data in a web form or on a webpage, look for signs—like a web address with https and a closed padlock beside it—that it is secure.

All of the above message attachments would be wise not to open. This is because a message with an attachment that appears more than once in your Inbox could be a sign of a spam or phishing attempt. Similarly, a message claiming to be a sample copy of a new game from a recognized company e-mail address could be a potential malware or virus. Lastly, an unexpected note from a friend could also be a disguise for a malicious attachment. Therefore, it is best to exercise caution and avoid opening any of these message attachments.

Physical and administrative security standards are important for protecting sensitive information and ensuring the overall security of an organization's assets. Handheld devices, such as smartphones and tablets, are commonly used for business purposes and can store or access sensitive data. Therefore, it is necessary for these devices to comply with the same security standards as other devices within the organization to prevent unauthorized access or data breaches.

Correct! Incorporating Uppercase, Lowercase, numbers and symbols into your passwords makes it more difficult to hack.

You should only access trusted sites (Google, Facebook, Twitter, etc) by entering the URL directly or via a bookmark. Clicking on links in e-mail and from other untrusted sites may allow an attacker to steal or capture your credentials.

A combination of upper and lowercase letters mixed with numbers and symbols is a good way to create a password because it increases the complexity and makes it harder for hackers to guess or crack the password. Including a mix of different character types adds an extra layer of security and makes the password stronger.

Passwords are meant to be secret and only known by you and not shared in any way.

Passwords should never be written down unless they are being stored in a password vault or storage utility and protected by a master password.

C is correct. Decline the request and remind your supervisor that it is against ISI policy. Passwords must not be shared. If pressured further, report the situation to HR. If you have questions, contact the IT Department at [email protected]

Even though email messages get scanned via multiple vendors for malware, spyware and phishing, there is no guarantee that they will catch every instance of malware. It is recommended that you only open attachments and click on links if messages are from an individual you know. Enabling Safe Senders for Outlook is a good way to accomplish this.

The password "App@li" would be the best choice because it includes a combination of uppercase and lowercase letters, as well as special characters. This makes it more secure and harder to guess or crack. The other options either lack complexity or are too common and easily guessable.

Using a password manager with encryption features is one of the ways to secure your password from disclosure. Password managers securely store and encrypt your passwords, making it difficult for hackers to access them. They also often have features like generating strong, unique passwords and automatically filling them in for you, reducing the need to remember or write down passwords. This method ensures that your passwords are protected and easily accessible only to you, enhancing the security of your accounts.

The statement is true because it emphasizes the importance of securing non-public information. It states that employees must ensure that such information is stored in a way that unauthorized individuals cannot access it. This can be achieved by using locked drawers or file cabinets, which provide an additional layer of protection against unauthorized retrieval. By following these guidelines, organizations can maintain the confidentiality and integrity of sensitive information.

A malicious user can rely on email or webpage to launch phishing attacks, virus attacks, and spyware. Phishing attacks involve tricking individuals into revealing sensitive information through deceptive emails or websites. Virus attacks involve spreading harmful software through email attachments or infected webpages. Spyware can be installed on a user's device without their knowledge or consent through malicious emails or webpages, allowing the attacker to monitor their activities. Therefore, all of the mentioned options can be utilized by a malicious user to launch their attacks.

The best time to lie to your information security auditor or officer is never. Lying to cover up someone else's mistakes or faults, distrusting the security auditor, or trying to protect key individuals in your organization are all unethical and can have serious consequences. It is always important to maintain honesty and integrity when dealing with information security.

You should work on business documents on a corporate issued machine by either working on it in the office, or remotely connecting to your work machine and working on them remotely

Phishing is a scheme where criminals send unsolicited e-mail or pop-up messages to deceive and trick unsuspecting victims into providing personal and financial information. This information is then used for fraudulent purposes such as identity theft or financial fraud.

The best course of action is to close the window. This is because the pop-up offering an "anti-spyware product" is likely a scam or a form of malware. Clicking on the link and providing credit card information can lead to identity theft or financial loss. It is always safer to consult with an IT specialist to ensure that you have legitimate and up-to-date anti-spyware software.

It is not legal to copy software from an Office PC to your laptop or home PC without proper authorization. Software is protected by copyright laws, and copying it without permission is a violation of those laws. It is important to obtain the necessary licenses or permissions to use the software on each device separately.

Passwords are used as a first line of defense against hackers because they provide a layer of security for accessing sensitive information. By requiring a password, it becomes more difficult for unauthorized individuals to gain access to personal accounts or systems. This helps to protect against potential threats and unauthorized access, making passwords an essential security measure in today's digital world.

When the URL/address of a website starts with "https://", it indicates that you are shopping online in a secure manner. The "https://" protocol ensures that the data exchanged between your browser and the website is encrypted and cannot be easily intercepted by hackers. This helps to protect your personal and financial information while making online transactions.

The most responsible thing to do in this situation as a cyber-savvy individual is to report the malicious post to Facebook. By reporting the post, you are taking action to prevent the spread of inappropriate content and protect yourself and your mutual friends from potential harm. Untagging yourself and deleting the post may address the immediate issue, but reporting it to Facebook ensures that appropriate measures are taken to address the violation of community guidelines and prevent similar incidents in the future. Unfriending the person or scolding them may be appropriate actions as well, but reporting the post takes a proactive approach to address the larger issue.

To ensure the security and privacy of the private information being sent and received via email, it is important to use an encryption method. Encryption converts the information into a code that can only be deciphered by authorized parties, thus protecting it from unauthorized access. This is crucial when dealing with sensitive data such as medical records, salary information, social security numbers, and passwords, as it reduces the risk of the information falling into the wrong hands.

Correct! Passwords should be changed at least every six (6) months, and in order to maintain security you should not use the same password for multiple log-ins or the same password within the same year.

These types of e-mails are called 419 or 411 scams. These are e-mails that try to encourage you to perform fraudulent activities on behalf of someone in another country (such as laundering money).

When it comes to official e-mail provided to employees, it is true that email is considered company property. This means that the company has ownership and control over the content of the emails. Additionally, it is also true that email may be retrieved and reviewed for any number of reasons, including legal subpoenas. This implies that the company has the right to access and review employee emails if necessary, such as for legal investigations or compliance purposes.

The correct answer is to disconnect from Starbucks' WIFI network. This is because the redirection from the legitimate Google Mail website to a different website (http://www.googlemail.andrew.net) is suspicious and could indicate a potential security threat. It is important to prioritize the security of personal information and avoid connecting to potentially malicious networks.

A good practice to avoid email viruses is to delete unexpected or unsolicited messages, as they may contain harmful attachments or links. Using anti-virus software to scan attachments before opening them is also recommended, as it can detect and remove any potential viruses. Additionally, deleting similar messages that appear more than once in your Inbox can help to avoid opening duplicate or potentially malicious emails. Therefore, the answer "All the above" is correct as all of these practices contribute to avoiding email viruses.

If you are not careful about your internet browsing, it can result in various negative consequences such as the installation of spyware or adware on your device, browser hijacking, and information or identity theft. This means that all of the options mentioned in the question can be potential outcomes of careless internet browsing.

All of the Above.

Security is the responsibility of everyone within the office and each person needs to be diligent about protecting their usernames, passwords, and any other sensitive, confidential and personally identifiable information.

The most responsible thing to do in this situation as a cyber-savvy individual is to report the malicious post to Facebook. By reporting the post, you are taking action to address the inappropriate content and potentially prevent it from spreading further. This not only helps protect your own reputation but also ensures the safety and well-being of your mutual friends who may have also been tagged in the post. Untagging yourself and deleting the post may not be enough to address the issue, and scolding your friend may not effectively resolve the situation.

Keylogging is the action of recording the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. It is a method used by attackers to gather sensitive information such as passwords, credit card numbers, or personal data. Keyloggers can be installed through malicious software or hardware devices, allowing the attacker to track and collect every keystroke made by the user. This information can then be used for various malicious purposes, such as identity theft or unauthorized access to accounts.

Trojans are a type of program that appear to have useful or desirable features but actually contain damaging code. Unlike viruses and worms, which can replicate and spread on their own, Trojans rely on users to unknowingly install them. Once installed, Trojans can perform a variety of malicious actions, such as stealing personal information, damaging files, or allowing unauthorized access to a computer. Adware, on the other hand, is a type of software that displays unwanted advertisements, but it is not typically considered to contain damaging code.

Malware is the correct answer because it is a broad term that encompasses various types of malicious software designed to exploit computer users. This includes computer viruses, worms, Trojans, adware, and other harmful programs. Malware can infiltrate a computer system without the user's consent and cause damage, steal personal information, or disrupt normal computer operations. It is important for users to have antivirus software and regularly update their systems to protect against malware threats.

The correct answer is to not click the link and try to check the URL using an online tool that checks where it really takes you. This is because shortened URLs can be used to hide malicious websites or phishing attempts. By checking the URL before clicking, you can ensure that it is safe and avoid potential security risks.

Writing down your password is not recommended because it increases the risk of it being discovered by someone else. Even if you think you have hidden it well, there is always a chance that someone may find it. It is best to memorize your passwords or use a password manager to securely store them.

The correct answer is "All of the above." In this situation, it is important to ask the customer representative what bank or company they came from to ensure their legitimacy. Additionally, verifying if your credit card has actually expired is important as expiration dates are placed on credit cards. Lastly, it is crucial to not give out personal and credit card information without sufficient information about the representative or the bank. By following all of these steps, you can protect yourself from potential fraud or scams.

Backing up data is important for several reasons. Firstly, it ensures that data is available when it is needed to be accessed. This is crucial in case of any accidental deletion, hardware failure, or system crash. Secondly, backing up data helps in recovering quickly if there is a malware infection. Malware attacks can corrupt or delete data, and having a backup ensures that the data can be restored easily. Lastly, backing up data ensures the safety of the data. In case of any natural disasters, theft, or physical damage to the storage devices, having a backup ensures that the data is not lost permanently.

The correct answer is "A program that is secretly installed onto your computer and makes copies of itself which consumes your computer resources." This accurately describes a virus, which is a type of malicious software that replicates itself and consumes computer resources. It does not protect the computer from hackers or monitor internet use.

4 is correct.
Attachments can contain viruses and other malicious programs that can infect your computer, so opening or clicking on an unexpected or unknown attachment can be risky.

If you can tell that this is spam, delete the E-Mail message. If you are unsure, contact the IT Department for further instructions.

Do not open, reply to or forward suspicious emails or attachments.

Enabling Two-Factor Authentication increases your security because it adds an extra layer of protection to your account. It requires you to provide not only something you know (like a password) but also something you have (like a physical device or a unique code). This makes it much more difficult for unauthorized individuals to access your account, even if they manage to obtain your password. By combining these two factors, it significantly reduces the risk of unauthorized access and enhances the overall security of your account.

When an employee transfers within an organization, it is important to review all access permissions. This is necessary to ensure that the employee only has access to the necessary resources and information in their new role. By reviewing access permissions, the organization can prevent any unauthorized access and maintain the security of their systems and data. This step is essential in maintaining the integrity of the organization's security measures and protecting sensitive information from potential breaches.

End users are considered the biggest vulnerability to computer information security because they are often unaware of the risks and best practices for maintaining security. They may unknowingly click on malicious links or download infected files, making them susceptible to malware and phishing attacks. Additionally, end users may have weak passwords or fail to keep their software and devices updated, creating further vulnerabilities. It is crucial to educate and train end users on security measures to minimize the risk of breaches and protect sensitive information.

Installing an antivirus program and a firewall can help mitigate malwares and viruses from infecting your PC. Antivirus programs can detect and remove malicious software, while firewalls can block unauthorized access to your network and prevent malware from entering your system. By having both of these security measures in place, you can significantly reduce the risk of malware and virus infections on your PC.

Internal employees tend to be the cause of the most information security breaches

4 - Delete the Message

This scenerio has four (4) big risks:

1) Some screen savers contain viruses or other malicious software and it is risky to put unknown or unsolicited programs or software onto your computer;

2) Also, in some cases just clicking on a malicious program can infect a computer, so unless you are sure a link is safe- don't click on it.

3) Email addresses can be faked - or hacked. There is no way to be certain of this without checking.

4) Finally, some websites and links look legitimate, but they're really hoaxes designed to steal your information.

Rootkits are computer programs that are specifically designed by attackers to gain root or administrative access to a targeted computer. They are malicious software that allows unauthorized users to control and manipulate the system without being detected. Rootkits often operate stealthily, hiding their presence and enabling attackers to carry out various malicious activities, such as stealing sensitive information, modifying system configurations, or installing additional malware. Unlike other options listed, backdoors and antiware may be components of a rootkit, while malware is a broader term encompassing various types of malicious software.

Employees have multiple responsibilities when it comes to information security. They must complete all required training to ensure they have the necessary knowledge and skills to protect sensitive information. They are also expected to adhere to established policies and procedures, which serve as guidelines for maintaining information security. Additionally, if employees come across any suspicious activity or encounter a potential disclosure of non-public information, they should promptly report it to the IT department or their manager. Following company guidelines is another important responsibility employees have in order to ensure information security.