SOCIAL ENGINEERING
WORKSTATION SECURITY
SHARING & STORING INFORMATION
PASSWORD
SAFETY
UNDERSTANDING DATA PRIVACY
100

What are two of the indicators of social engineering?

External emails requesting internal information
Links or attachments from unsolicited sources
Urgent or unusual requests
Inconsistent formatting
Spelling or grammar errors

100

When working in the office, what should you do before leaving your laptop?

Lock the screen and use a cable lock to physically secure your laptop.

100

What tool enables you to classify and Permissions protect your sensitive documents in just 2 clicks?

Hint: The tool is available in Outlook, Word, PowerPoint, and Excel.

Sensitivity Toolbar (formally known as Permissions Toolbar)

100

Capital letters, lowercase letters, symbols, and/or numbers, at least 8 characters in length

What category of tools can assist you with creating and remembering a unique password for every account?

100

What is personal data?

Personal data is any information that can be used to identify an individual.

200

How do you know if an email to your Accenture account comes from an external sender?

[External] tag in subject line and the External header.

200

How often should you restart your workstation?

At least once a week and when prompted.

If you share your workstation, you should restart at the end of your workday.

200

If you are rolling off a client project and have permission to retain some of the work products, what should you do prior to saving them to your OneDrive?

Scrub all sensitive client information.

200

What category of tools can assist you with creating and remembering a unique password for every account?

Password Managers

200

What is an example of sensitive personal data?

Government, Social Security, and Similar ID’s, Religious beliefs, biometric data (e.g., finger prints), sexual orientation, political beliefs, criminal offenses.

300

What is vishing?

Social engineering attack via phone call or voice mail.

300

If you need to download new software for work, you should check ______________ first.

300

What is the difference between Highly Confidential and Confidential data classifications?

Confidential materials can be shared broadly across Accenture.
Highly Confidential materials can only be shared with those who have specific business need.

300

____________  ____________  ____________ adds an extra step to logins that allows you to prove your identity (e.g., code sent to mobile device, biometrics), creating an extra layer of protection between your accounts and someone trying to gain access.

Multi-factor Authentication

300

Sharing your screen while sensitive information is displayed can be considered a ________ of data.

Transfer

400

What is smishing?

Social engineering attack via SMS text message.

400

What is the name of the Accenture tool that helps employees keep their Windows workstations compliant with Accenture security policies?

PROTECT MYTECH TOOL

400

Can you store Highly Confidential or Restricted client data in Microsoft Teams?

*Assume your client has approved use of MS Teams

Yes, but only in a Private Channel.

400

True or False. Accenture will never ask for your password via phone, voice mail or by requesting it be shared by replying to an email, text, or Microsoft Teams chat.

True.
 
If you receive an email asking you to share your password by replying to an email, you should not respond and report the email as phishing. Accenture would never request you share your password by replying to an email, Microsoft Teams chat, text, or over the phone

400

What kind of information about work should you never post on social media?

Sensitive Accenture or client information (including names of clients).

500

What happens to Accenture employees who fail 3 phishing tests in a year?

They are enrolled in the Phishing Protection Program (PPP).

Accenture people who have failed any 3 phishing tests in a 12 month period are enrolled in PPP, which provides extra opportunities to learn the indicators of social engineering through more frequent testing and dedicated training.

500

Name at least one of the 4 components of maintaining a compliant workstation.

A compliant workstation:
1. Has the correct and latest version of security software installed.
2. Has all security services actively running.
3. Is restarted frequently to receive the latest updates and patches.
4. Does NOT have unapproved software like Bit Torrent or P2P as defined in Accenture Policy 57.

500

What should be done regularly to all SharePoint or Teams site rosters?

Removal of anyone who no longer has business need and no longer needs access.

500

Are you allowed to store personal logins and Accenture logins in the same password manager vault?

Yes.

Though mixing personal and work-related passwords in the same account is not ideal, it may not be practical for you to maintain separate accounts.

500

What is the maximum fine for violating the General Data Privacy Regulations or GDPR?

Accenture can be fined up to 4% of our global revenue.