Online Safety
You receive an email from an online shopping site claiming that you were incorrectly charged for your last purchase and are due a refund. The email asks you to click a link where you will submit the necessary information. What should you do?
Answer: Do NOT click the link! Check the sender’s address and search the document for spelling/grammar mistakes. If you notice anything suspicious, the email is likely a scam. Even if it seems legitimate, navigate to the site yourself rather than clicking any links.
True or false: Automatically updating your machine poses a significant security concern, as it could install unwanted programs/features that disrupt your network or harm your computer.
Answer: False. Although updates can occasionally cause problems, they also contain vital patches to help protect your machine against attackers. Keep your machine up-to-date and install new patches as soon as possible. Don’t click, “Remind me later,” twelve times.
According to JJ Taylor's password policy all passwords must be changed
[A] Monthly basis
[B] Every other month basis
[C] Quarterly basis
[D] Semi-annual Basis
What is: [C] Quarterly basis
What is the term for harmful software that seeks to damage or exploit the machines that run it?
Answer: Malware. This stands for “malicious software,” and refers to a large variety of software-based attacks.
Which United States federal agency has been tasked with improving national cybersecurity and protecting the nation’s critical infrastructure?
Answer: The Department of Homeland Security. Specifically, the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats.
You’ve just settled into your new hotel room when you realize you need to transfer some funds from your savings account to your checking account. In order to do this, you will need to connect your laptop to the hotel’s public Wi-Fi and log in to your online bank. Should you risk it?
Answer: It depends. In general, it is never safe to transmit PII (Personally Identifiable Information), especially financial information, over a public network. If you find yourself in a situation where you may need to do so, first consider all your options, including using your mobile data or a VPN (Virtual Private Network) to help protect your browsing.
True or false: Although they operate similarly to computers, most mobile devices (cell phones, tablets, etc.) are not full computers and do not require software, such as anti-virus, to be secure.
Answer: False. Almost all consumer devices, especially cell phones and tablets, are simply miniature computers. They contain important data (contacts, financial information, calendars) and require protection like any other device.
Which of the following are strong password practices? (Choose all that apply.)
1.Passwords should contain a mixture of upper and lower case letters, numbers, and special characters.
2.Passwords should have personal meaning to you (e.g. a relative’s birthday) so that you can remember them more easily.
3.You should immediately change your password in the case of a known data breach.
4.You should store your passwords on paper or in a text document, giving you a backup in the event that you forget them.
Answer: 1 & 3. While it is helpful for passwords to have some level of personal relevance, anything concrete or publicly-available (high schools, birthdates, pets’ names, etc.) can be easily researched and guessed by an attacker. Storing your passwords physically or in a text-document is also ill-advised, as someone could gain access to the copy.
An attacker goes to a local coffee shop and creates a wireless network using the shop’s name, hoping unsuspecting customers will log on. What is this type of attack called?
Answer: Spoofing. This kind of attack can come in many forms (email, GPS, caller ID), but is most commonly known with regards to fake and malicious wireless networks. Before logging onto a public network, be sure it is the correct one.
Approximately how many attempted cyber attacks are reported to the Pentagon every day? (Closest answer wins.)
Answer: Over 10 million.
You have a long commute. Thankfully, your train just installed public Wi-Fi. Now you can listen to your favorite music or podcast. However, when you check for social media updates around lunch, you find that your account has been hacked. What steps could you take to prevent your mobile device or laptop data from being compromised in the future?
Answer(s):
•Turn off Wi-Fi and Bluetooth when not using them. These technologies leave you open to remote attacks.
•Make sure the network is legitimate. Hackers love to create fake networks that mimic real ones, enticing unsuspecting users to log on.
•Don’t connect. Though perhaps drastic, one near-certain way to circumvent the dangers of public Wi-Fi is simply to avoid using it whenever possible.
Which of the following devices could potentially be exploited by an attacker?
•Desktop computer
•Laptop computer
•Cell phone
•Television
•Refrigerator
•Digital assistant
Toaster
Answer: All of them. Yes, even the toaster – possibly.
On social networks like Facebook and Twitter – you can control your posts and who can see these posts by:
[A] Assuming it is safe from prying eyes
[B] Assuming nothing and doing nothing
[C] Assuming nothing and carefully check the privacy settings
[D] Assuming anti-virus software will make it safe and secure
What is: [C] Assuming nothing and carefully check the privacy settings?
You bring your laptop to a local restaurant. Without your knowledge, the customer at the table behind you watches you log in to your email, thereby learning your username and password. What is this type of attack called?
Answer: Shoulder surfing. It is important to remember that not all cyber attacks require the direct manipulation of technology. Attackers can often obtain important information by simply observing people, asking questions, or piecing together facts to learn or guess something private.
In May 2017, this worldwide cyber attack used ransomware to exploit approximately 400,000 unpatched machines, resulting in damages totaling to over $4,000,000,000 (4 billion USD).
Answer: WannaCry. This ransomware attack propagated through an exploit called EternalBlue. Infected machines had their data involuntarily encrypted, with a demand of Bitcoin payment.
Passwords often have complex requirements, and most online citizens will need to remember numerous different passwords to access their internet services. What is a way to help you keep track of all these different passwords?
Answer(s):
•Use a password manager. These are apps, devices, or cloud services that store your passwords in an encrypted vault that can only be unlocked with a single master password.
•Use a “password pattern.” This is simply a pattern (recognizable only to you) that you can use to help remember your passwords.
What is the method of access control by which users must present multiple, separate pieces of identification, such as a password and keycard, in order to access a system?
Answer: Multi-Factor Authentication (MFA). MFA greatly increases the security of access control. Even if a password is learned or an ID is stolen, it will not be enough to compromise a system. Many online services allow MFA options, such as requiring a one-time login code as well as a password.
The City of Jupiter, FL has following security policies:
[A] Information Security Policy
[B] Information Privacy Policy
[C] Information Security Standards
[D] Social Media Use Policy
[E] All the above
What is: [D] Social Media Use Policy?
After clicking an advertisement on an unsecure website, your computer freezes. A message appears, demanding you pay a certain amount of money to unlock your computer. What is this type of attack called?
Answer: Ransomware. This type of attack has grown more common in recent years, especially against institutions that need to recover their data as soon as possible.
What was the estimated global cost of cybercrime by the end of 2020? (Closest answer wins).
Answer: $6 Trillion USD.