Social Engineering
What is social engineering?
The use of manipulation to trick individuals into disclosing confidential information
What is malware?
Malicious software designed to harm or exploit a system
What is the most common consequence of accidental data loss?
Inability to access important files or data
What is the purpose of encryption?
To scramble data to prevent unauthorised access
Give an example of how phishing can occur through SMS.
A fake text message pretending to be from a bank requesting login information
Name two social engineering techniques.
Blagging and phishing
Identify two types of malware.
Virus and ransomware
How can malicious damage impact a business?
It can result in data loss, financial loss, and reputational damage
How can antivirus software protect against malware?
It detects and removes malicious programs from the system
What is the difference between accidental and malicious data loss?
Accidental is unintentional, e.g., deleting a file; malicious is intentional, e.g., a hacker deleting data
How can shouldering be prevented?
Cover your screen or keypad while entering sensitive information
How does a Trojan horse infect a system?
It disguises itself as legitimate software but contains malicious code
Name a consequence of data theft for an individual.
Identity theft, financial fraud, or loss of personal data
Name a physical security measure that can prevent data theft.
CCTV, door locks, security guards
How can regular backups prevent data loss?
By creating copies of data that can be restored in case of data corruption or loss
How does baiting trick victims into giving away information?
By offering something enticing, like a free download, to lure them in
What is a keylogger?
Malware that records keystrokes to steal sensitive information
Explain how data manipulation can disrupt business operations.
It can alter financial records, leading to incorrect reporting and decision-making
Explain how firewalls work to prevent cyber attacks.
They monitor and filter incoming and outgoing network traffic based on security rules
Describe how a denial of service (DoS) attack works.
Overloads a system with traffic to prevent legitimate access
Explain why social engineering is considered a significant threat to information security.
It targets the human element, often exploiting trust and a lack of awareness, bypassing technological safeguards
Explain how spyware can lead to data theft.
It secretly monitors and collects user data, sending it to the attacker without the user’s knowledge
How can data breaches affect customer trust?
Customers may lose confidence in the company’s ability to protect their information, leading to a damaged reputation and potential loss of business
How can multi-factor authentication (MFA) enhance security?
It requires two or more verification methods, making unauthorized access more difficult
How can an organisation prepare for potential data breaches?
Implement security policies, conduct employee training, and develop a data recovery plan