Passwords
Information Security
Cyber Security
Other
100

TwinDisc2024 Good or Bad password?

BAD!!!

Although this Password contains a combination of uppercase, lowercase letters, and numbers, this password would be too easy to guess because it includes the company name and the year

100

What are some ways to tell an email is a phishing attempt?

The email is from an unknown or suspicious sender address.

The email contains urgent or threatening language urging immediate action.

The email includes unexpected attachments or links, especially with generic names.

The URL in the email text does not match the actual URL when you hover over the link.

The email comes from a domain that looks similar to a legitimate one but with slight variations.

The email contains offers that seem too good to be true, like winning a lottery you didn’t enter.

100

Which of the following is good cyber security practice?

Having the same password for every account

Providing your email address to any website that requests it

Giving your password to IT if they claim they need it to reset your computer 

Making sure the internet site you click on is legit and secure before clicking

Making sure the internet site you click on is legit and secure before clicking.

It is important to know that IT will never ask for your password

100

While browsing online, you encounter a pop-up message claiming your computer has been infected with a virus and instructing you to click a link to fix the issue. What should you do in this situation?

Do not click on the pop-up message or any links within it. Close the browser window or tab immediately. These types of pop-ups are often a tactic used by cybercriminals to trick users into downloading malware or revealing sensitive information.

200

What all should a password consist of?

14 characters

A combination of numbers, uppercase and lowercase letters, and special characters

200

An employee receives an email from a senior executive in the company, asking for sensitive information about the organization’s clients. The email looks legitimate and urgent, but the employee notices some unusual phrasing and spelling errors. What should the employee do? 

The employee should contact IT and report the email. 

This is an example of social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

200

What percentage of users at Twin Disc clicked on a phishing simulation link this month?

15%

10%

23%

46%

  • 173 people or 23% of the recipients clicked the link
  • 43% of the people clicked the link more than once
  • Only 59 people reported the email to the Help Desk

It is important to understand the complexity of a phish email. If this was a real attack, we would have had been highly susceptible to a ransomware attack. 

200

What is it okay to access on a company computer:

anything related to your job
300

What is the term for a password that is easy for a human to remember but hard for a computer to guess?

Passphrase

As long as your passphrase is multiple unrelated words, and you don't use easily guessable information like birthdays, names, or common phrases this makes it easier to remember and harder to guess.

300

You are browsing the internet and come across a website that prompts you to install a software update to continue using its services. The site claims the update is critical for security. What should you do?

You should not install the update from the website. Instead, contact IT or verify the legitimacy of the update by visiting the official website of the software or use the software's built-in update feature.

300

If you click on a website that looks malicious, what should you do?

Exit the website immediately, contact the IT helpdesk, and they will provide you with the next best steps.

When clicking on a link always hover over the link before clicking to see if the destination is what was expected

300

What is it not okay to access on your company computer especially during work hours?

Anything inappropriate, 

400

Is there something considered too secure for a password?

NO! At least not really, there are ridiculously overly cautious passwords but as long as you are comfortable typing in like a long passcode, Go for it! In fact, long passphrases have been proven to be the most secure

400
What is the difference between spear phishing and phishing?

Phishing is doing fraudulent practices and sending them out to multiple people for a response and spear phishing means they have researched and targeted you specifically and is harder for you to detect.

400

What is the significance of cyber security awareness?

Cybersecurity awareness is crucial because it helps organizations prevent costly data breaches, with the average breach costing $4.24 million. It also mitigates insider threats, which account for 60% of incidents, and reduces the risk of phishing attacks, starting 96% of targeted breaches. Personally, awareness protects against identity theft affecting 7% of adults annually and ensures safer online behavior amid rising cyber harassment and financial fraud rates. Understanding these risks promotes a secure digital environment for all.

400

Is it okay to use a new software for a business need without consulting IT first?

No! Using new software without checking with IT can cause problems like security risks and issues with how it works with other systems. IT helps make sure everything runs smoothly and safely, so it’s important to get their advice before starting.

500

You receive an email from a website asking you to update your password immediately due to a security breach. The email provides a link to click on to change your password. What should you do?

Report the message to IT. They will investigate the legitimacy of the email and provide guidance on how to proceed safely. Avoid clicking on any links or providing any personal information until the email's authenticity is verified.

500

What are the steps to take after you believe you have clicked on a phishing or malicious link?

Report the incident to the helpdesk, they will provide you with the proper next steps depending on the threat. In the meantime, you can use the phish report feature in Outlook

500

On LinkedIn, you often update your job history and connect with colleagues. How can publicly available information on LinkedIn make you a target for cyber threats, and what should you be cautious of?

Publicly available information on LinkedIn can make you a target for cyber threats in several ways. Attackers may use details from your profile, such as job history and connections, to craft convincing phishing attempts or impersonate colleagues. This could lead to credential theft, identity theft, or targeted attacks against your organization. To protect yourself, be cautious of accepting unknown connection requests, sharing sensitive information, clicking on links in unsolicited messages, and regularly review your privacy settings. Stay informed about common cyber threats to avoid falling victim to scams that exploit information from your LinkedIn profile.

500

What did you think of this training? Any suggestions?

Thank you!

M
e
n
u