Phishing
This is the most common type of cyber attack, where criminals send fraudulent emails pretending to be from legitimate organisations to steal your information.
What is phishing?
Mort & Co’s password policy requires that your password is at least this many characters.
What is 12 characters
Your cybersecurity training emphasises you should always use this three-letter secure connection when accessing work systems remotely.
What is a VPN (Virtual Private Network)?
This is the psychological manipulation technique used by attackers to trick people into revealing confidential information or performing actions that compromise security.
What is social engineering?
Your cybersecurity training recommends you enable this basic security feature on your mobile device to prevent unauthorised access if it's lost or stolen.
What is a passcode lock (or PIN/biometric lock/face ID/fingerprint)?
Before clicking any link in an email, you should always hover over it to check this, which reveals the true destination of the link.
What is the URL (or web address/hyperlink)?
A strong password should include a mix of these four types of characters.
What are uppercase letters, lowercase letters, numbers, and symbols (or special characters)?
When working from home or a café, you should avoid connecting to these types of unsecured wireless networks for work activities.
What are public Wi-Fi networks (or free Wi-Fi)?
In this social engineering tactic, an attacker creates a fabricated scenario or pretext to trick you into providing information, such as pretending to be from IT support needing your password.
What is pretexting?
Before downloading any app on your work or personal mobile device, cybersecurity training advises you to check these user-submitted evaluations and ratings.
What are reviews (or app ratings)?
Phishing emails often create this feeling to make you act without thinking carefully, such as saying your account will be suspended or you've won a prize.
What is a sense of urgency (or panic/fear)?
Instead of using a single complex password, security experts now recommend using this type of longer, memorable phrase made up of multiple words.
What is a passphrase?
When working remotely, you should ensure your home router has this feature enabled, which scrambles your internet traffic to prevent eavesdropping.
What is encryption (or WPA2/WPA3)?
Your cybersecurity training warns about this tactic where attackers follow authorised personnel through secure doors without using their own credentials.
What is tailgating (or piggybacking)?
According to your training, you should only download apps from these trusted sources, not from unofficial websites or third-party app stores.
What are official app stores (or Google Play Store/Apple App Store)?
If you receive a suspicious email, you should never do these things.
What are click links, open attachments, or reply to the sender?
This security feature, involves using two different types of verification before accessing an account.
What is multi-factor authentication (or MFA/two-factor authentication/2FA)?
According to cybersecurity training, when working in public spaces like cafés, you should be aware of people attempting to do this to view sensitive information on your screen.
What is shoulder surfing (or visual hacking)?
Attackers often exploit these human traits to manipulate victims: the desire to be helpful, trust in authority figures, and this emotion that makes people act without thinking.
What is fear (or urgency/panic)?
This mobile security feature, covered in your cybersecurity training, allows IT to remotely erase all data from a lost or stolen device.
What is remote wipe (or remote data wipe)?
This type of targeted phishing attack is aimed at specific individuals or organisations, often using personalised information to appear more legitimate.
What is spear phishing?
According to best practice, you should use this type of secure tool to generate and store unique passwords for all your different accounts.
What is a password manager?
Your cybersecurity training recommends that when working remotely, you should lock your computer whenever you do this, even if you're only gone for a moment.
What is leave your desk (or step away from your computer)?
According to your cybersecurity training, if someone calls claiming to be from IT and asks for your password or other sensitive information, you should do this before providing any details.
What is verify their identity (or hang up and call them back through official channels)?
Your cybersecurity training warns against doing this with your mobile device while it's charging in public places, as it could expose your device to malware or data theft.
What is using public USB charging stations (or juice jacking)?