Scenarios
As an H&R Block associate, you are elated when you see an email sent from an Jeff Jones, with a "Click here" button telling you to sign up for a free Royals ticket. Upon examining and realizing the email is not legitimate, what is your next step?
What is reporting an email as phishing?
Employees should do this before leaving their digital company or personal devices unattended.
What is locking your device?
A fake, but seemingly legitimate email sent to employees, used as cybersecurity training?
What is a phishing simulation?
This is the most common and costliest type of record lost, at about $180 per record.
What is Customer Personal Identifiable Information (PII)?
A way to check if a link in an email is legitimate.
What is hovering over a URL?
You are needing to send sensitive, personal information via email. You should do this before sending the message.
What is encrypt it?
The act of secretly listening in on someone else's private conversation.
What is Eavesdropping?
When working remotely, H&R Block employees may need to access remotely stored secured files. This tool allows you to securely connect to company resources.
What is a VPN? /
What is Cisco AnyConnect?
This is the most common type of attack.
What is phishing?
A website H&R Block employees can use to help access cybersecurity resources and training?
What is KnowBe4?
You walk to your coworker's cubicle to ask a question about the team project, and see them whispering on the phone and hurriedly shutting off their laptop when they see you. What form of a security risk could this be?
What is an insider threat?
Type of physical attack involving criminals looking over the victims' shoulder, at their device containing sensitive data / credentials.
What is shoulder surfing?
The authentication method used to access related, but independent company applications without having to authenticate multiple times?
What is SSO login?
This is the percentage of phishing targets that were C-Suite, VP, or Finance Associate at H&R Block from January – April 2022.
What is 74%?
An authentication method requiring users to provide multiple verification methods, such as login information + a PIN or authentication token.
What is multifactor authentication?
As you are entering the office someone calls out for you to hold the door. You notice they do not scan their badge as the come through and do not appear to have one on their person. They now present a security risk known as this.
What is Unauthorized Physical Access?
The act of allowing someone into a secured area with restricted access without scanning their badge.
What is tailgaiting?
The defensive technology located on networks that's purpose is to block unknown or potentially malicious traffic from entering a secured network? This may be software or hardware based.
What is a firewall?
This is the average cost of a ransomware attack for a company.
What is $4.62 million?
The process of converting sensitive information into a code to prevent unauthorized access?
What is encryption?
A member of a marketing team borrows a company USB drive to take their presentation home and continue working on it. At home they plug the USB into their personal laptop. Once back at the office, they re-inserted the USB into their work computer and later notices the work computer has low performance and is not working well. This is what could have infected the USB and later been spread to the work computer.
What is Malware?
The mobile application H&R Block employees use on their phone or mobile device to retrieve an RSA token to access the VPN off campus.
What is SecurID authentication?
A form of malware that holds a user's system hostage and encrypts the system files, requiring those affected to pay to retrieve their files?
What is ransomware?
Small businesses account for this percent of all cyber attacks.
What is 43%?
A service that can be used to store passwords, usually protected by a form of strong encryption.
What is a password manager?