SOCIAL ENGINEERING
What are two of the indicators of social engineering?
External emails requesting internal information
Links or attachments from unsolicited sources
Urgent or unusual requests
Inconsistent formatting
Spelling or grammar errors
When working in the office, what should you do before leaving your laptop?
Lock the screen and use a cable lock to physically secure your laptop.
What tool enables you to classify and Permissions protect your sensitive documents in just 2 clicks?
Hint: The tool is available in Outlook, Word, PowerPoint, and Excel.
Sensitivity Toolbar (formally known as Permissions Toolbar)
Capital letters, lowercase letters, symbols, and/or numbers, at least 8 characters in length
What category of tools can assist you with creating and remembering a unique password for every account?
What is personal data?
Personal data is any information that can be used to identify an individual.
How do you know if an email to your Accenture account comes from an external sender?
[External] tag in subject line and the External header.
How often should you restart your workstation?
At least once a week and when prompted.
If you share your workstation, you should restart at the end of your workday.
If you are rolling off a client project and have permission to retain some of the work products, what should you do prior to saving them to your OneDrive?
Scrub all sensitive client information.
What category of tools can assist you with creating and remembering a unique password for every account?
Password Managers
What is an example of sensitive personal data?
Government, Social Security, and Similar ID’s, Religious beliefs, biometric data (e.g., finger prints), sexual orientation, political beliefs, criminal offenses.
What is vishing?
Social engineering attack via phone call or voice mail.
If you need to download new software for work, you should check ______________ first.
What is the difference between Highly Confidential and Confidential data classifications?
Confidential materials can be shared broadly across Accenture.
Highly Confidential materials can only be shared with those who have specific business need.
____________ ____________ ____________ adds an extra step to logins that allows you to prove your identity (e.g., code sent to mobile device, biometrics), creating an extra layer of protection between your accounts and someone trying to gain access.
Multi-factor Authentication
Sharing your screen while sensitive information is displayed can be considered a ________ of data.
Transfer
What is smishing?
Social engineering attack via SMS text message.
What is the name of the Accenture tool that helps employees keep their Windows workstations compliant with Accenture security policies?
PROTECT MYTECH TOOL
Can you store Highly Confidential or Restricted client data in Microsoft Teams?
*Assume your client has approved use of MS Teams
Yes, but only in a Private Channel.
True or False. Accenture will never ask for your password via phone, voice mail or by requesting it be shared by replying to an email, text, or Microsoft Teams chat.
True.
If you receive an email asking you to share your password by replying to an email, you should not respond and report the email as phishing. Accenture would never request you share your password by replying to an email, Microsoft Teams chat, text, or over the phone
What kind of information about work should you never post on social media?
Sensitive Accenture or client information (including names of clients).
What happens to Accenture employees who fail 3 phishing tests in a year?
They are enrolled in the Phishing Protection Program (PPP).
Accenture people who have failed any 3 phishing tests in a 12 month period are enrolled in PPP, which provides extra opportunities to learn the indicators of social engineering through more frequent testing and dedicated training.
Name at least one of the 4 components of maintaining a compliant workstation.
A compliant workstation:
1. Has the correct and latest version of security software installed.
2. Has all security services actively running.
3. Is restarted frequently to receive the latest updates and patches.
4. Does NOT have unapproved software like Bit Torrent or P2P as defined in Accenture Policy 57.
What should be done regularly to all SharePoint or Teams site rosters?
Removal of anyone who no longer has business need and no longer needs access.
Are you allowed to store personal logins and Accenture logins in the same password manager vault?
Yes.
Though mixing personal and work-related passwords in the same account is not ideal, it may not be practical for you to maintain separate accounts.
What is the maximum fine for violating the General Data Privacy Regulations or GDPR?
Accenture can be fined up to 4% of our global revenue.