Passwords
TwinDisc2024 Good or Bad password?
BAD!!!
Although this Password contains a combination of uppercase, lowercase letters, and numbers, this password would be too easy to guess because it includes the company name and the year
What are some ways to tell an email is a phishing attempt?
The email is from an unknown or suspicious sender address.
The email contains urgent or threatening language urging immediate action.
The email includes unexpected attachments or links, especially with generic names.
The URL in the email text does not match the actual URL when you hover over the link.
The email comes from a domain that looks similar to a legitimate one but with slight variations.
The email contains offers that seem too good to be true, like winning a lottery you didn’t enter.
Which of the following is good cyber security practice?
Having the same password for every account
Providing your email address to any website that requests it
Giving your password to IT if they claim they need it to reset your computer
Making sure the internet site you click on is legit and secure before clicking
Making sure the internet site you click on is legit and secure before clicking.
It is important to know that IT will never ask for your password
While browsing online, you encounter a pop-up message claiming your computer has been infected with a virus and instructing you to click a link to fix the issue. What should you do in this situation?
Do not click on the pop-up message or any links within it. Close the browser window or tab immediately. These types of pop-ups are often a tactic used by cybercriminals to trick users into downloading malware or revealing sensitive information.
What all should a password consist of?
14 characters
A combination of numbers, uppercase and lowercase letters, and special characters
An employee receives an email from a senior executive in the company, asking for sensitive information about the organization’s clients. The email looks legitimate and urgent, but the employee notices some unusual phrasing and spelling errors. What should the employee do?
The employee should contact IT and report the email.
This is an example of social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
What percentage of users at Twin Disc clicked on a phishing simulation link this month?
15%10%
23%
46%
It is important to understand the complexity of a phish email. If this was a real attack, we would have had been highly susceptible to a ransomware attack.
What is it okay to access on a company computer:
What is the term for a password that is easy for a human to remember but hard for a computer to guess?
Passphrase
As long as your passphrase is multiple unrelated words, and you don't use easily guessable information like birthdays, names, or common phrases this makes it easier to remember and harder to guess.
You are browsing the internet and come across a website that prompts you to install a software update to continue using its services. The site claims the update is critical for security. What should you do?
You should not install the update from the website. Instead, contact IT or verify the legitimacy of the update by visiting the official website of the software or use the software's built-in update feature.
If you click on a website that looks malicious, what should you do?
Exit the website immediately, contact the IT helpdesk, and they will provide you with the next best steps.
When clicking on a link always hover over the link before clicking to see if the destination is what was expected
What is it not okay to access on your company computer especially during work hours?
Anything inappropriate,
Is there something considered too secure for a password?
NO! At least not really, there are ridiculously overly cautious passwords but as long as you are comfortable typing in like a long passcode, Go for it! In fact, long passphrases have been proven to be the most secure
Phishing is doing fraudulent practices and sending them out to multiple people for a response and spear phishing means they have researched and targeted you specifically and is harder for you to detect.
What is the significance of cyber security awareness?
Cybersecurity awareness is crucial because it helps organizations prevent costly data breaches, with the average breach costing $4.24 million. It also mitigates insider threats, which account for 60% of incidents, and reduces the risk of phishing attacks, starting 96% of targeted breaches. Personally, awareness protects against identity theft affecting 7% of adults annually and ensures safer online behavior amid rising cyber harassment and financial fraud rates. Understanding these risks promotes a secure digital environment for all.
Is it okay to use a new software for a business need without consulting IT first?
No! Using new software without checking with IT can cause problems like security risks and issues with how it works with other systems. IT helps make sure everything runs smoothly and safely, so it’s important to get their advice before starting.
You receive an email from a website asking you to update your password immediately due to a security breach. The email provides a link to click on to change your password. What should you do?
Report the message to IT. They will investigate the legitimacy of the email and provide guidance on how to proceed safely. Avoid clicking on any links or providing any personal information until the email's authenticity is verified.
What are the steps to take after you believe you have clicked on a phishing or malicious link?
Report the incident to the helpdesk, they will provide you with the proper next steps depending on the threat. In the meantime, you can use the phish report feature in Outlook
On LinkedIn, you often update your job history and connect with colleagues. How can publicly available information on LinkedIn make you a target for cyber threats, and what should you be cautious of?
Publicly available information on LinkedIn can make you a target for cyber threats in several ways. Attackers may use details from your profile, such as job history and connections, to craft convincing phishing attempts or impersonate colleagues. This could lead to credential theft, identity theft, or targeted attacks against your organization. To protect yourself, be cautious of accepting unknown connection requests, sharing sensitive information, clicking on links in unsolicited messages, and regularly review your privacy settings. Stay informed about common cyber threats to avoid falling victim to scams that exploit information from your LinkedIn profile.
What did you think of this training? Any suggestions?
Thank you!