Cyber Awareness Challenge which of the following is an example of a strong password
Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros. Show
Too often, enterprises classify cybersecurity as an IT-only activity and discuss risk management exclusively in terms of technology or tools. Yet, multiple studies continuously prove that insiders pose one of the greatest risks to an enterprise's security. Whether accidental or malicious, insider threats can cause enormous financial and reputational damage -- for example, through data loss or exfiltration or falling victim to a phishing attack. Organizations may instinctually turn to technology as the solution to insider threat prevention. While tools such as data loss prevention, firewalls and email filters may alleviate the symptoms of insider threats, they do nothing to address the root cause. To treat the issue of user-caused incidents at its core, IT leaders need to implement comprehensive and consistent security awareness training. This security awareness training quiz's questions and answers are designed to test and reinforce understanding of infosec fundamentals. By taking this quiz, IT professionals will be in a better position to educate employees on security best practices at their own organization. Next StepsCybersecurity employee training: How to build a solid plan 10 common types of malware attacks and how to prevent them Enterprise cybersecurity hygiene checklist for 2022 The 7 elements of an enterprise cybersecurity culture Top 5 password hygiene tips and best practices This was last published in April 2021 Dig Deeper on Risk management
Passwords, when used correctly, are an extremely simple and effective way to protect data and IT systems from unauthorised access. However, many individuals continue to use passwords in a way which exposes them to risk, and IT policies do not always encourage better user behaviour. This article summarises some simple ideas for individuals and businesses to improve their use of passwords and prevent them being cracked. How are passwords cracked?There are a number of methods criminals can employ to crack passwords, including:
These methods help to highlight some basic precautions which users can take to protect themselves. How can individuals prevent their passwords being cracked?A key recommendation is to use a strong, non-predictable password. What makes a good password (and what doesn’t) is discussed further below. It is also important not to use the same password for everything. Different websites have different levels of security - if you use the same password all the time then a criminal could crack this on a low security site and use to access important information on higher security sites. On average, users use the same password across four different sites. Ideally, you should have a different password for every site and system you access. However, it can be difficult to remember that many passwords in practice. As a minimum you should use a different password for the most sensitive sites you visit – such as email, online banking, and any other sites that hold confidential or financial information. Alternatively, you could set up a system for passwords, for example using a core password which is complex and then adding letters or numbers to this relevant to the website name. Other recommendations for individuals include:
What makes a good password?The main thing is to avoid using predictable passwords. Passwords should be easy to remember, but hard for somebody else to guess. The National Cyber Security Centre (NCSC) recommends that a good rule is to make sure that somebody who knows you well couldn’t guess your password in 20 attempts. Passwords that are easily cracked tend to include:
The most common passwords include 123456, password, 12345678, qwerty, 12345 and football. Strong passwords will:
Very long and complex passwords are often viewed as being the strongest, but this is often not the case in practice. Such passwords are hard to remember and this can lead to people using coping mechanisms (such as writing passwords down or using the same password multiple times) which, ironically, make them more vulnerable to cyber criminals. The NCSC, in conjunction with Cyber Aware, advise that an easy way to create a secure password is to use three random words – for example coffeetrainfish or walltinshirt. The words you pick can be memorable, but shouldn’t be easy to guess (i.e. onetwothree) or too personal (e.g. pet names, childrens’ names). How can businesses support staff users?It is important for businesses to ensure that their staff use passwords effectively to protect IT systems and data. However, you need to be careful that IT policies do not lead to users having password overload. The average UK citizen has 22 online passwords which they need to remember, so enforcing passwords where they are not needed should be avoided. Businesses can also help their staff cope by:
The NCSC no longer recommends requiring users to change passwords frequently, or requiring them to have several different complex passwords. The cost of forcing users to regularly change passwords outweighs any protection it may give – staff often end up using weaker passwords as a result, making only minor changes to previous passwords or having to ask for a password reset more frequently. Instead, the NCSC recommend asking staff to concentrate on:
Other measures which businesses can take to increase security include:
Where to go for more informationThe new National Cyber Security Centre offers a wide range of guides on all areas of cyber security. Their guidance on passwords can be found here. Cyber Aware, a cross-government initiative aimed at promoting secure online behaviours for small businesses and individuals, also provides tips on how to create strong passwords. What are some examples of malicious code cyber awareness challenge?Malicious code includes viruses, Trojan horses, worms, macros, and scripts. Malicious code can be spread by e-mail attachments, downloading files, and visiting infected websites.
What is a common indicator of a phishing attempt Cyber Awareness 2022?Suspicious Links or Attachments
Suspicious links and attachments can also be common signs of phishing. Phishing websites are designed to look like the real thing but are actually malicious sites designed to steal your sensitive data or financial data causing a data breach.
Which of the following is true about cookies cyber awareness?Cookies may pose a security threat, particularly when they save unencrypted personal information. Cookies also may track your activities on the web. Note: Not all https sites are legitimate and there is still a risk to entering your information online.
How does cyber awareness challenge protect sensitive information?Protecting PII/PHI
Avoid storing sensitive information in shared folders or shared applications (e.g., SharePoint, Google Docs) unless access controls are established that allow only those personnel with an official need-to-know to access the information.
|