Is your business at risk from cyber attack because employees aren’t aware of security risks? Find out by asking them to take this quiz! If they score poorly it’s time to put in place some robust cyber security policies, raise awareness of the risk and provide training and support so that your staff are not a cyber risk.
Cyber Security Vulnerability Quiz
Answer the questions below, then scroll down to find the answers and learn more about keeping your organisation safe from cyber attack.
Q1. Which of the following passwords is most secure, according to IT experts?
a. F00tBall1!
b. football
c. 123456
Q2. Which type of cyber-attack is commonly performed through emails?
a. Trojans
b. Phishing
c. Ransomware
Q3. If you receive an email containing an attachment from a sender you don’t recognise, should you:
a. Open it
b. Delete the email
c. Alert the IT security team
Q4. What kind of cybersecurity risks can be minimized by using a Virtual Private Network (VPN)?
a. Key-logging
b. Use of in-secure Wi-Fi networks
c. De-anonymisation by network operators
Q5. Whilst online, you notice a new pop-up window which tells you that a virus has been found on your computer and is harmful. The window provides a button to click, which will allow you to start rectifying the issue. The best thing you can do now is:
a. Hit the back button and see if the pop-up window disappears
b. Hover your cursor over the button and take a look at the URL shown. If the address looks legitimate to you, click on it. If it looks like a scam link, close the window immediately
c. Immediately close down both the browser window and the pop-up window
Q6. When it comes to backing-up your computer, how often should you be doing this, ideally?
a. Whenever you upload new photos, files or create important documents which you don’t want to risk losing
b. Only when you think there might be an imminent problem in retrieving files in future
c. Once a week
Q7. Which of the following could help protect your computer against malware and viruses?
a. Only downloading software from trusted sources
b. Ensuring that, via your IT Team, a credible antivirus program and a two-way firewall is installed
c. Ensuring you always update your computer with system updates when prompted
Q8. What does ‘social engineering’ mean in a security context?
a. A form of social deception driven by gathering information, fraud or accessing systems
b. Particular systems built in a certain way, so that society finds them easier to use
c. Where somebody takes advantage of social media channels in order to steal personal data
Q9. When you’re using public networks, what’s the best way to protect any communications made from your mobile device?
a. Use your browser’s ‘private browsing’ function
b. Turn off your mobile device’s file sharing ability
c. Use a Virtual Private Network or VPN
Q10. Over the last few years, there’s been an emerging IT security threat, and it can happen anywhere in the world. Cyber criminals are able to lock down a user’s computer through the use of malware, and then demand money from the user in order for the access to be restored.
What is this emerging threat called?
a. Botnet
b. CryptoLocker
c. Ransomware
How did you do? Here are the answers to our cyber security quiz:
Q1. Answer – a. ‘F00tBall1!’
According to 2017 stats published by SplashData, ‘123456’ is the most commonly used user password, with ‘football’ ranking 9th.
Answer ‘a’ of ‘F00tBall1!’ however, embodies some best practice tips – including the use of at least one special character, a mixture of numerical characters, uppercase and lowercase letters, and it is at least 8 characters long. Therefore, this is the most secure password you could have chosen out of the three options. (Ideally though, your password won’t be based on any existing word from the dictionary!)
Q2. Answer – b. ‘Phishing’
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, password and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Q3. Answer – c. ‘Alert the IT security team’
You should never open an attachment from an unknown source, and you should also be wary of any attachments send by trusted sources if you’re not expecting them (they may have had their email accounts compromised). If you think it’s a phishing email or is simply not of interest to you, just delete it. But if you think the information may be important but you’re not 100% certain of the source, let your IT support team know.
Q4. Answer – b. ‘Use of in-secure Wi-Fi networks
A Virtual Private Network (VPN) allows users to create an encrypted connection between their devices and the internet, making it much harder for anyone other than the user to see their activity.
Q5. Answer – c. ‘Close the browser window and pop-up window’
It’s the type of situation where it’s best to take no chances. It could be that the website you were on has been hacked without the business’s knowledge – or, it’s a fake site which has been built with the sole purpose of defrauding people. If you think it may be the former, get in contact with the business in question to make them aware of what’s happened – they might not know that their site has been compromised.
Q6. Answer – a. ‘Whenever you upload or create new and important files’
It depends on how often you create new files, documents, upload pictures and so on, but if you’re doing this kind of thing frequently, you ought to back up your system on a regular basis to prevent loss / not being able to revert to an original file if it ever gets corrupted. A good frequency to follow for most people is once a week.
Q7. Answer – a, b and c!
A trick question! The answer here, is all three. These steps should be taken together as ‘bare minimum’ measures to protect your hardware from hacking attempts, malware, data loss and viruses.
Q8. Answer – a. ‘A form of social deception’
Social engineering is a complex form of social deception, which takes advantage of vulnerable people so as to manipulate them with the main aim being to defraud them. An example might be where someone is fooled into revealing their password for something.
Q9. Answer – c. ‘Use a Virtual Private Network or VPN’
Whilst it would be partially correct to have picked ‘turning off your device’s file sharing ability’ as an answer, it would not ultimately prevent risks from the public network. However, ensuring that you’re employing the use of a VPN would be a solution – think of it as a secure, private ‘tunnel’ that is built over a public network. It guarantees that there’s end-to-end communication security.
Q10. Answer – c. ‘Ransomware’
Answer b. – ‘CryptoLocker’ is actually an example of a ransomware. In a nutshell, it’s a type of malicious software (malware) used by attackers to restrict access to computer systems or data. Today, a large proportion of phishing emails link to ransomware.
If you didn’t score as well as expected, speak to your IT team or information security officer about some additional training or support. If you head up your IT department and would like to us to help you protect your systems and data with awareness raising exercises and training, please get in touch.
