AFS Password Safety
What criteria are required for your AFS HQ password?
At least 10 characters long, and 3 of the following 4; uppercase, lowercase, symbols, and numbers.
What is a phishing email?
A fake email that tries to trick you into giving away personal or company information.
Why lock your AFS workstation?
To prevent unauthorized access when you step away from your desk.
Why avoid clicking unknown links?
They may lead to malicious websites or download malware.
Why is it important to tap your badge when entering and exiting the building, even if the door is open?
To ensure accurate access records, and support emergency accountability.
Why shouldn't you reuse passwords across AFS systems?
If one account is compromised, all others using the same password are at risk.
What should you do with a suspicious email?
Don’t click anything—report it with the Phish Alert button in Outlook.
What to do if you lose your AFS laptop?
Report it to IT immediately so they can lock or wipe it.
What is safe browsing at work?
Visiting only work-related, trusted websites and avoiding risky or personal browsing.
Why is it important that AFS employees update their software regularly?
Updates fix security flaws and keep systems protected.
What does MFA stand for and what does it do?
It stands for multi-factor authentication, and it requires you to use multiple forms of authentication.
i.e. RSA token, SMS verification, password, fingerprint.
What is identity theft and how can it affect AFS clients?
When someone steals personal data to commit fraud, which can damage client trust and AFS’s reputation.
What is the AFS policy for removable media (USBs)?
Only use approved USBs and never plug in unknown devices.
How can you identify a secure website?
A site that uses HTTPS, shows a padlock icon, and has a valid security certificate.
What are two smart habits you should follow when stepping away from your workstation, even briefly?
Locking your screen and securing any sensitive documents or devices.
What is a password manager and how can it help AFS staff?
A secure tool that stores and generates strong passwords so you don’t have to remember them all.
What is spear phishing?
A personalized phishing attack aimed at specific employees.
What is encryption and why does AFS use it?
It scrambles data, protecting sensitive financial information or other sensitive data.
What is a suspicious email attachment, and what are two signs that can help you identify one?
A file from an unknown or unexpected source that could contain malware.
Signs- unknown senders, file names, extensions, time of day.
Why report security incidents immediately, and who should you report it to?
Fast reporting helps limit damage and allows IT to respond quickly, report to security.
What are two key reasons why rotating your AFS password is critical to maintaining security?
To reduce the risk of phishing or data breaches, and to limit the window of access if a password is exposed.
What is a business email compromise (BEC)?
A targeted scam where attackers impersonate executives to trick employees into sending money or data.
What is data classification at AFS?
A system for labeling data based on sensitivity, so it’s handled and stored properly.
What does VPN stand for and when are AFS employees required to use it?
A Virtual Private Network encrypts your internet connection—use it when working remotely.
What is the “least privilege” principle at AFS?
Employees should only have access to the data and systems they need to do their job.