Test your security smarts with our 10-question quiz. Ready, set, go!
You get an email that appears to be from Microsoft asking you to click a link and enter your login credentials. This could be an example of:
- Nothing to worry about
- Typical communication from Microsoft
Phishing tries to steal sensitive information such as usernames, passwords, and credit card details by impersonating a trustworthy person or company. It can be carried out via email, phone call, or even instant message. A phishing message often directs you to enter details into a fake website whose look and feel are almost identical to the legitimate one. The fake website may also infect your device with malware.
If you’re asked to enter a code after you’ve already entered your username and password, this is known as:
- Single sign-on
Answer: 2-Factor Authentication (2FA)
Authentication is the process of identifying a person or system with a username or password. It authorizes users or systems based on their identity. 2FA adds a second step to the log-in process. Once you enter your username and password, you take one additional action depending on the type of 2FA you use. It could be entering a code sent as a text message or accepting a prompt on your smartphone.
If you want to remove as many cyber risks as possible from your network, you should start:
- Throwing your hands up in despair
Hardening a system reduces security risk by eliminating potential attack vectors and making the system’s attack surface as small as possible. By removing unneeded programs, accounts, functions, applications, access, and the like, attackers have fewer opportunities to gain a foothold in your network. In short, a hardened system is a more secure system.
You just received a phone call from someone saying they’re your boss’s boss. They sound very stressed and need you to send them an account number – even though it’s not something you’d typically be asked to do. What’s going on here?
- A legitimate request from your boss
- Your coworkers playing a prank on you
- Social engineering
Answer: Social Engineering
Hackers use social engineering to manipulate people into giving up confidential information, such as a password or bank account number. Common examples of social engineering include emails that sound legitimate asking you to click a link, download a file, or enter your login credentials.
What’s one of the strongest cybersecurity tools available today?
- Hyperconverged infrastructure
- End-point protection
- Human firewall
Answer: Human Firewall
Your users are your biggest security liability – but they can also be your greatest strength. A human firewall is an additional layer of protection around your network made up of your users. With proper training, your employees can follow best practices for preventing and reporting data breaches or suspicious activities.
What’s the overarching term referring to cyberattacks that try to crack user passwords?
- Brute force attack
- Credential stuffing
- Bulk phishing
Answer: Brute Force Attack
A brute force attack uses a computer to crack passwords. It’s like trying every key on a key ring until they find the one that unlocks the door. Brute force attacks can involve reusing credentials from other data breaches to try to break into your system. They can use “password” for the password and try to brute force a username to go along with this all-too-common password. Or they can try every possible combination of every possible character to find the right combination that matches your password.
The operating system on your computer is a couple versions old and hasn’t been updated since its installation. Your OS software needs to be:
- Uninstalled and reinstalled
Patching is the process of updating software to the latest version. It’s essential for removing bugs that hackers can exploit to slip into your system.
Even though your organization already has an official collaboration app everyone uses, you recently installed Trello on your corporate laptop to help you stay organized. This would be an example of:
- Shadow IT
- Part of your personal IT profile on the network
Answer: Shadow IT
Shadow IT refers to any technology (application or device) deployed within an organization without approval from the IT department. Common examples of shadow IT include productivity apps like Trello, messaging apps like WhatsApp on corporate-owned devices, and flash drives or other external drives. These non-sanctioned applications and devices introduce vulnerabilities into the infrastructure that can leave the organization open to cyberattacks.
You’re doing some work at the local library. They have free Wi-Fi, but you know it’s not wise to trust public Wi-Fi. What’s the safest, most private way to connect to the internet?
- Tor (The Onion Router)
Answer: Virtual Private Network (VPN)
VPN connects you to the internet via an encrypted tunnel. This ensures your online privacy and protects your sensitive data. A VPN is often used to create secure connections to public Wi-Fi, hide IP addresses, and keep your browsing private.
You notice a user’s correct credentials have been entered into a program multiple times over the last few days when typically that user only logs into the program once a month at most. You become suspicious that this could be:
- Masquerade Attack
Answer: Masquerade Attack
A masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organizational computer. Masquerade attackers can impersonate legitimate sources to trick victims into giving out their personal and financial information. These attackers can also use stolen credentials to pretend to be a legitimate user and gain access to a corporate network.
Congratulations – you made it to the end! How’d you do? If you’re feeling a little disappointed in your results, don’t worry. The experts at Elevity can keep your organization at the cutting edge of cybersecurity. Find out if your current security protections are strong enough by requesting a FREE network assessment.
Love quizzes? See how you score on our Cybersecurity Risk Assessment.