Site icon BitVPN Blog

Ask Your Employees These Questions to Easily Test Their Cybersecurity Awareness

October of each year witnesses Cybersecurity Awareness Month that has gone through 18 years since its advent. The month aims to improve the awareness and knowledge of all Americans while they are using the Internet. For business owners or employers, employees’ cybersecurity awareness should never be neglected or underestimated since it’s closely related to the online security of the whole organization and determines whether it’s able to smoothly run or not.

Therefore, it’s dramatically important to test employees’ cybersecurity awareness and constantly train them. The questions below will easily tell you where your employees’ cybersecurity awareness stays right now so that you’ll be able to know what to do next.

7 Common Scenarios to See Your Employees’ Cybersecurity Awareness

Cybersecurity awareness may sound so abstract but it can be easily known from actual scenarios.

Scenario 1. An employee temporarily isn’t available in front of the computer.

It’s truly wrong to leave a computer without any action. Employees’ computers should be logged out if they need to leave a little while and it’s better to set the computer to be automatically logged out to prevent data breaches.

Scenario 2. An employee should know when phishing attacks arrive.

As a normal method to be used via the Internet, phishing attacks occur whenever they can in the form of phishing emails or phishing links. Your employees should know or be alert when phishing attacks occur.

Scenario 3. What type of password do your employees use?

Passwords are a top easy method to secure accounts but it’s quite common that stupid passwords are used by employees. Sometimes, employees don’t think it significant to protect their company accounts so the simplest passwords are usually used like their birthday, their pet’s name, etc. Worse still, some employees even use the same password everywhere and once one of the accounts gets hacked, is it possible for others to keep safe?

Scenario 4. What devices are used by employees to transfer data?

Data transmission is becoming increasingly important and necessary now in the world of connections. When it comes to employees’ cybersecurity awareness, company devices are suggested while personal devices aren’t. In addition, secure devices are suggested while insecure ones aren’t.

Scenario 5. Do your employees share passwords, even with their employers?

Your employees should never share passwords even with their employers or bosses. That’s the bottom line of cybersecurity awareness they should stick to. Once passwords are shared, the data breach pandora box will be instantly opened, which is a thing no one would like to see.

Scenario 6. Have your employees received useful cybersecurity awareness training?

It’s of great necessity to train your employees’ cybersecurity awareness at intervals. Keep in mind, do provide useful and efficient cybersecurity awareness training and say goodbye to boring and effect-free cybersecurity training. That can do nothing but increase your budget and slow down your business’s running.

Scenario 7. You have an attached file to click.

Employees that have high cybersecurity awareness should never click any attached file from unknown sources. The attached file is also a leading startup of phishing attacks.

A Detailed Question List to Test Your Employees’ Cybersecurity Awareness

The above just covers some leading scenarios when the Internet is used by employees. Here comes a detailed question list below to accurately test your employees’ cybersecurity awareness.

Q1. Choosing the strongest password from the following.

  1. spiderman
  2. cmy123123
  3. Cf9753!

Q2. Choose the weak password from the following.

  1. 000000
  2. PassWord
  3. LoveYou123
  4. All of the above

Q3. Choose the most suitable period to change your password from the following.

  1. Never
  2. Monthly
  3. Yearly
  4. Only when receiving alerts about the risk of account theft

Q4. Can all websites have the same type of password for security?

  1. Yes
  2. No

Q5. What is the right thing to do when website data is leaked?

  1. Do nothing
  2. Change the password of the current network account only
  3. Change all account passwords that are the same as the current network              account’s password

Q6. Which of the following characteristics does a strong password typically have?

  1. Long, simple
  2. Short, random
  3. Long, random, complicated

Q7. Which method is more secure for you to share your password with others?

  1. Share via email
  2. Share via phone call
  3. Share via text message
  4. None of the above

Q8. What should you do when backing up for security?

  1. A backup on an external hard drive and a backup in the cloud
  2. Two backups on two external hard drives
  3. A backup in the cloud

Q9. What is true about the padlock in the browser bar of web pages (the lock icon in front of the URL)?

  1. It informs me that the website is completely safe.
  2. The connection between my browser and the website’s server is encrypted.
  3. Nobody knows which websites I visit, not even my Internet Service Provider.
  4. It’s possible that this is a phishing site.

Q10. Can you use the public network inside KFC or McDonald’s to handle the banking business?

  1. Yes. It is safe
  2. No. It is dangerous

Q11. Can you enter your personal information (data of birth, identification number) on a website entered through the URL?

  1. Yes
  2. No
  3. It depends

Q12. Which statement is true about trace-less browsing or incognito mode?

  1. No one, not even my Internet Service Provider, has access to the websites I   visited
  2. Others who use my device will not be able to see which websites I visited
  3. I’m anonymous for that website

Q13. What should you do if your business email account is compromised or leaked?

  1. Change your password immediately
  2. Notify the security team of your organization
  3. Both of above

Q14. Does antivirus software on Your Android Phone work?

  1. Yes, even if you downloaded the software from a third party
  2. No, unless you downloaded the software from the official

Q15. Select the option below that belongs to personal information under GDPR (multiple choice)?

  1. Your IP address
  2. Your birthdate
  3. Your home address
  4. Your first name

Q16. Can you disclose personal bank account information to a caller claiming to be a bank clerk?

  1. Yes
  2. Never
  3. Only if I can confirm his or her identity

Q17. How should you respond to an email message that says you can receive “$7billion from Bill Gates by providing your phone number and full postal address?

  1. Reply with my phone number and show appreciation
  2. Call back and check if it is true
  3. Forward the email to friends and share your happiness
  4. Ignore it

Q18. What should you do while browsing a random website and a free Netflix window pop up?

  1. Follow the pop-up instructions to get the free resource
  2. Close the pop-up page and ignore it

Q19. What should you do about the email from ‘hajhsyye@sound.ocn.ne.jp’ that asks you to reset your Hyundai password?

  1. Change my password immediately according to the instructions given
  2. Ignore the content and delete the email

Q20. Whether should you lock your machine or not when leaving your desk for information security?

  1. Yes for sure
  2. No. It is too annoying

Q21. What should you do with a phone call claiming to be Microsoft technical support?

  1. Follow their instructions
  2. Provide them with your password
  3. Call them back
  4. Hang up

Q22. How do you deal with a suspicious email you’ve received?

  1. Reply
  2. Open the attachments
  3. Click the links
  4. Ignore and delete the email

Q23. What should you do with a text about delays in parcel delivery?

  1. Click the link provided directly
  2. Check your own purchasing history and go to the official website to check the package logistics.
  3. Ignore it and delete it

Q24. Is it true that it is better to delay updating the operating system in order to save time?

  1. Yes, updating is always a waste of time
  2. No, frequent updates can enhance system security and safety

Q25. Choose the correct statement from the following.

  1. Types of phishing attacks range from classic email phishing schemes to more      inventive approaches such as spear phishing and smishing
  2. Phishing is a form of social engineering
  3. Phishing is to steal your personal details
  4. All of above

Q26. As a corporate finance officer, what should you do about an email from your CEO asking you to transfer millions to a designated account?

  1. Call or meet in person with your CEO to reconfirm this transfer order, including the account and amount.
  2. Execute the transaction directly and then reply to your CEO by email.

Q27. Should you participate in the campaign by seeing the free gift drawing page?

  1. Yes. I’m lucky. It’s a free gift.
  2. No. It might be a trick. I won’t click that.

Q28. Which one is true about phishing email?

  1. This email appeared out of the blue
  2. There is no context and no previous contact with the sender
  3. A free gift or service
  4. All of the above

Q29. What should you do with an SMS from the seller that asks you to click on a link to renew the contract?

  1. Click the link or download the file without worrying
  2. Check with your seller through another channel

Q30. Which month is Cyber Security Month?

  1. September
  2. October
  3. November
  4. December

Q31. What are people who carry out social engineering attacks called?

  1. An Information Engineer
  2. A Social Engineer
  3. A Social Media Activist

Q32. What should you do with a working USB device you find in the hallway?

  1. Check what’s on the USB device and try to identify its owner.
  2. Leave it in the hallway or take it to the reception desk.
  3. Pick it up and hand it to your IT department because it could be a USB device containing malware that can infect your company’s systems.

Q33. Which of the following is Google’s URL?

  1. https://google.com
  2. https://gogle.com
  3. https://gooogle.com
  4. All of above

Q34. Select the URL below that cannot resolve the Typosquatting Attack.

  1. http://microsoft.com
  2. http://mircosoft.com
  3. http://miroosoft.com
  4. All of the above

Q35. Whether or not you should believe the content of an email that says it came from a trusted sender?

  1. No. See if the content of the email involves money transfers, personal privacy,     etc. If so, reconfirm with the sender by other means.
  2. Yes. People I trust won’t lie to me.

Q36. What attitude should you take when receiving an email offering to participate in a quiz and get a free cup?

  1. I happen to need a cup. I’ll try it then
  2. This is a bad idea. It might be a scam to steal my personal information

Q37. Which of the following helps to judge the credibility of an online shopping platform?

  1. The site’s address starts with ‘HTTPS://’
  2. Do some research to see if the site has a good reputation
  3. Read and look for positive reviews from other customers on the site

Q38. Which of the following is best used when shopping online?

  1. Paypal
  2. A credit card
  3. A debit card

Q39. Which of the following will happen if you do not use a PIN on your phone?

  1. When my phone is not with me, all my information and applications can be accessed by finders.
  2. When my phone is unattended, miscreants can access all my online accounts through my email address.
  3. When my phone is stolen, thieves can access all of my information and applications.
  4. All of the above.

Q40. Is it advisable to pay criminals to run ransomware to encrypt files on computers? How about the reason?

  1. Yes, because you know you’ll be able to access your data again.
  2. Yes, because you don’t have to be concerned about backups.
  3. No, because there is no guarantee that you will be able to access your data again.
  4. No, since criminals may attack you again later if they are still active on your network after you have your files back.

Your employees may not have as much cybersecurity awareness as you think. Regularly promoting cybersecurity-related knowledge can improve the security of your company’s network. Cybersecurity Month is a perfect time of year to do this.