Social engineering
How do you know if an email to your work account comes from an external sender?
[External] tag in subject line and the External header
True or False: Screen sharing can be considered a transfer of data.
True
What is at least one thing you should do before sending to avoid misdirected emails?
1. Confirm everyone in the email has a business reason for receiving sensitive information
2. Review email addresses for accuracy, especially external ones
3. Open and confirm all attachments are correct
True or False: Friends and Family can use your work devices.
False
How often should you restart your workstation?
At least once a week and when prompted to do so.
What are 3 indicators of phishing?
External emails requesting internal information, links or attachments from unsolicited sources, urgent or unusual requests, inconsistent formatting, spelling or grammar errors
What kind of information about work should you never post on social media?
Sensitive company or client information (including names of clients)
What data classification includes data that is appropriate to share with the public?
Unrestricted
Always change the _________ credentials for your smart home or “Internet of Things” (IoT) devices.
Default
Where should you first look for software to download to your work workstation?
What is smishing?
Social engineering attack via SMS text message
Name an example of sensitive personal data.
Religious beliefs, biometric data (e.g., finger prints), sexual orientation, political beliefs, criminal offenses
Name at least one third party solution that is not approved for sharing and storing company data.
Google Drive, What's App, DropBox
How do you keep secure when making accounts on social websites or non-work related websites?
Set up strong unique passwords and use two-factor or multi-factor authentication whenever available.
Name at least one of the 4 components of maintaining a compliant workstation.
A compliant workstation:
1. Has the correct and latest version of security software installed.
2. Has all security services actively running.
3. Is restarted frequently to receive the latest updates and patches.
4. Does NOT have unapproved software like Bit Torrent or P2P as defined in Policy 57.
What is spear phishing?
Social engineering attack via emails from a known or trusted sender in order to induce targeted individuals to reveal confidential information
What is personal data?
Personal data is any information that can be used to identify an individual.
What tool enables you to label the classification of your data and protect documents with Permissions?
Sensitivity Toolbar (previously known as the Permissions Toolbar)
Can you save work and personal passwords in the same password manager account?
Yes. While it is not ideal to store business and personal passwords in the same account, it may not be realistic to maintain two separate accounts.
What is the name of the company tool that helps employees keep their Windows workstations compliant with company security policies?
Protect myTech Tool
What is vishing?
Social engineering attack via phone call or voice mail
What is the maximum fine for violating any of the Global Data Privacy Regulations (GDPR)?
Our company can be fined up to 4% of our global revenue.
What's at least one type of information regarding work should you never post on social media?
Client names, financial information, sensitive company data, specific project details
What are ways you can secure your router at home?
Update the default name and password the router came with from the manufacturer, turning off remote management, and logging out as the administrator once it’s set up. Also, make sure your router offers WPA2 or WPA3 encryption to maintain the highest level of privacy of information sent via your network.
What tool can you use to view a summary of your secure behaviors at company with personalized actions and resources for improvement?
Secure Behavior Score