Basic Cybersecurity Awareness

Enter email to receive results:

Question 1 of 18

1. Which members of our organization are responsible for basic cybersecurity?

Management is ultimately responsible for ensuring that employees follow best practices.

Owners are the ultimate authorities within the organization and need to be aware of basic cybersecurity principles and implement necessary safeguards to reduce the risk of cyber attack.

All staff members should have some basic knowledge of cybersecurity to reduce risk of cyber attack.

IT team members are in the best position to be knowledgeable about and promote cybersecurity within the organization.

Question 1 of 18

Question 2 of 18

2. Regularly scheduled backups of critical data, when kept offline or in a separate cloud infrastructure, can help to mitigate damage from a cyber attack on the organization.

True

False

Question 2 of 18

Question 3 of 18

3. Which of the following offers the best possible protection for sensitive company data?

Update software throughout the organization annually.

Only share your passwords with trusted coworkers, vendors, or customers.

Keep passwords in a hidden place, such as a post-it note beneath your keyboard, or under other paperwork in a desk drawer.

Implement multi-factor authentication as a requirement for accessing sensitive data.

Question 3 of 18

Question 4 of 18

4. Small organizations are in less danger of being targeted for cyber attacks. True or false?

True

False

Question 4 of 18

Question 5 of 18

5. What is the safest way to dispose of paper files containing sensitive information?

Sensitive paper documents should only be disposed of in locked trash bins.

Sensitive paper documents should be eaten when their contents are no longer important to the organization.

Sensitive paper documents should be designed to self-destruct after a predetermined period of time.

Sensitive paper documents should be cross-cut shredded onsite before disposal or should be handled via engagement of an appropriately licensed disposal company.

Question 5 of 18

Question 6 of 18

6. True or false? Using built-in Windows functionality to delete sensitive electronic files from your computer when they are no longer needed is the safest way to ensure they can't be accessed by unauthorized personnel in the future.

True

False

Question 6 of 18

Question 7 of 18

7. Only employees who have access to sensitive data need to be concerned with the physical security of devices and files.

True

False

Question 7 of 18

Question 8 of 18

8. Physical security relates to which of the following:

Paper files and USB drives.

Paper files.

Computers.

All of the above.

Question 8 of 18

Question 9 of 18

9. Choose the most correct statement from a cybersecurity perspective:

IT personnel should not implement limited login attempts, required password changes, or automated account lockouts. These restrictions give unnecessary headaches to users and provide no real benefit to the organization.

The best way to protect sensitive information is to ensure that no device is ever lost or stolen.

Key business devices should share a common password: this ensures that high-level employees are able to access them in an emergency.

Require the use of MFA (multi-factor authentication) to access parts of the business network that house sensitive information.

Question 9 of 18

Question 10 of 18

10. You've received an email from your manager, requesting a list of the company's top ten clients along with their addresses and credit card numbers. The email is flagged as urgent and you've been instructed to reply ASAP. You should do that. True or false?

True

False

Question 10 of 18

Question 11 of 18

11. Keeping in mind that some, none, or all parts of the following statements may be correct, choose the most correct statement:

If an email looks like it comes from someone you know, you can click links and download attachments as long as you have antivirus and a spam blocker.

If an email from the HR department asks you to provide personal information ASAP, you should first contact HR to be sure the email is genuine and the requester is authorized to handle personal and/or sensitive information.

If a coworker emails you asking for your password, you should only reply and provide your password if the email says it's urgent or an emergency.

As long as an email contains a customer's logo and address, you can be certain it originated with with the customer.

Question 11 of 18

Question 12 of 18

12. You've fallen for a phishing scam. What's the best way to start limiting the damage?

Delete the email. Really, really quickly.

Contact your manager and the IT department, and begin changing any potentially compromised passwords.

Unplug your computer immediately to remove any malware.

Question 12 of 18

Question 13 of 18

13. True or false? Tech support scammers only target individuals, rather than large or small businesses. Individuals are more apt to fall for the scams because they don't have an IT department.

True

False

Question 13 of 18

Question 14 of 18

14. Which of the following describes a tech support scam?

You receive a phone call indicating that your computer has a problem. The caller can, however, resolve this problem if you follow steps he can provide to give him remote access to your computer.

While browsing the Internet, an urgent popup warns you that there's a problem with your computer. A link is provided so that you can visit a website offering tech support to resolve the issue.

A caller from Microsoft notifies you that viruses have been found on your system. This can be remotely resolved without access to your system, and requires only your credit card information.

All of the above.

Question 14 of 18

Question 15 of 18

15. Which of these represents the best steps to be taken when selecting a business partner (vendor or customer) who will have access to your sensitive information?

Only partner with well-known, respected, established businesses.

Confirm that the potential partner understands the importance of cybersecurity.

Ensure vendor/customer contracts include provisions for cybersecurity controls where required, including plans to regularly evaluate and update cybersecurity systems.

Be certain that your prospective partner understands your cybersecurity compliance requirements.

Question 15 of 18

Question 16 of 18

16. Which of the following represents best practices related to devices connecting to the company's network?

Use a single Wi-Fi network with a secure password, shared with customers and guests. This allows everyone to be on the same network and facilitates sharing resources.

When installing a new router, switch, or other network device, keep the default password to minimize chances that it will be lost or forgotten.

Ensure that company-issued smartphones are configured to automatically connect to open public Wi-Fi hotspots to help reduce the cost of data plans.

Deploy full-disk encryption on laptops and other mobile devices.

Question 16 of 18

Question 17 of 18

17. Through your workstation, you have access to sensitive company information. You're about to go on lunch break. You should:

Leave the computer logged in and unlocked, in case anyone needs any information while you're at lunch.

Lock your workstation before leaving.

Question 17 of 18

Question 18 of 18

18. Which of the following passwords is the most secure?

1qaz2wsx

Sample123

2l2!iX92

MydaughterwasbornApril,1993.

Question 18 of 18