Protect Your Clients - A Practical Guide to Cybersecurity (Oregon)

Protect Your Clients - A Practical Guide to Cybersecurity (Oregon) Protect Your Clients - A Practical Guide to Cybersecurity (Oregon) Quiz 1: Reasons for Cybersecurity A hacker who can be hired to assist your company with identifying weaknesses in the cybersecurity protections is known as a: A) Grey Hat Hacker. B) White Hat Hacker. C) Hacktivist. D) Black Hat Hacker. B) White Hat Hacker. White hat hackers are hackers who sell their services and skills to "test" the firewalls and security methods your company has put in place. White hat hackers will not invade your company's security mechanisms without approval; while grey hat hackers will breach systems without permission before informing your company. According to the National Cyber Security Alliance, what percentage of small or midsized companies go out of business within six months of being hacked? A) 30% B) 50% C) 60% D) 90% C) 60% The NCSA estimates that some 60% of small and midsize companies go bankrupt within a half year of being hacked. This is typically because the companies must pay for the forensics and insurance. Modern technology has begun to link digital consumer goods, such as cell phones, smart printers, and computers, allowing machines to learn your patterns or otherwise connect all devices together for ease of use. What is the term we use for this network? A) The Internet of Things B) The Smart Connect C) The device-web D) The Digital Network A) The Internet of Things The Internet of Things refers to the connected web of consumer digital devices. While the Internet of Things can be convenient and assist a company's efficiency, it also opens up different avenues for hackers to exploit vulnerabilities within that digital network. All of the following are broad descriptions of cyber-attacks EXCEPT A) attacks on integrity. B) attacks on confidentiality. C) attacks on availability. D) attacks on personnel. D) attacks on personnel. Attacks on availability, confidentiality, and integrity are the broad descriptions of cyberattacks. Attacks on availability limit access to networks, attacks on integrity limits the credibility of your systems;,and attacks on confidentiality are violations of your company's privacy. A real estate agent's email account was compromised. The hacker was able to send an email to a client explaining that "last-minute closing changes" required a "correction" to a bank account number being used to hold closing cost funds. The client followed the email's instructions and transferred the money to pay for closing costs to the updated bank account. When the client was contacted by the real estate agent and learned that the earlier email was a spoof, they soon discovered that the transferred money had been removed from the account and was unrecoverable. What would this sort of attack be considered? A) Attack on availability B) Attack on confidentiality C) Advanced persistent threat D) Attack on integrity D) Attack on integrity This would be an example of an attack on integrity because it uses the credibility of the real estate agent's email account to convince the client to change closing information. Quiz 2: Cyber Threats Which of the following best describes baiting? A) Directing a client to transfer their closing funds to an escrow company B) Sending an email with the subject line, "YOU ARE A WINNER!" C) Intentionally leaving a trojan-infected USB device on the sidewalk D) Searching for unsecured wifi networks to use as the source for an attack C) Intentionally leaving a trojan-infected USB device on the sidewalk Baiting is oftentimes a very simple form of social engineering where a cd, laptop, or USB stick is left in the open to tempt the victim into using the device. Brute-force password attacks can break through a password by randomly guessing the codes. Which of the following measures would best prevent a successful password attack? A) Making the password longer than 10 characters B) Using words that are commonly found in a dictionary C) Using a combination of uppercase and lowercase letters D) Adding a letter to the end of a 4-digit numeric password A) Making the password longer than 10 characters Longer passwords are more difficult to crack with brute force password programs. In general, a longer password will be harder to crack than a password with symbols or upper case/lower case letters. A Distributed Denial of Services (DDoS) attack oftentimes involves simultaneously using a large number of computers and digital devices to send an unsustainable amount of traffic to a single website. Those computers are controlled with assorted malwares that are controlled from a host computer. What do we call the collection of computers that performs the DDoS? A) A distributed strike B) A digital horde C) A remote swarm D) A botnet D) A botnet The collection of computers and devices like phones and tablets is known as a botnet. It is usually a remotely controlled network of slave devices that can be sent en masse to a target site. Tyrone received an email that read, "You are included in a settlement for overcharging at Local Gas Station." The email explained that the local gas station had lost a lawsuit for overcharging customers. Anyone who lived around Local Gas Station was to receive a $150 check, so long as they could prove they bought gasoline there in the past four months. The email asked for proof of address and a credit card number that investigators could cross-check with Local Gas Station purchase records. When Tyrone Googled "Local Gas Station lawsuit" there were no articles or information about any lawsuit. What is this email likely an example of? A) A phishing scheme B) A Quid Pro Quo arrangement C) A contact spamming scheme D) A doxing attack A) A phishing scheme An email claiming to provide money in exchange for personal or financial information is often a clear example of a phishing scheme. By investigating the information a little, Tyrone was able to discover that the information in the email was not real. Which of the following would be an example of a Quid Pro Quo attack? A) A hacker buys an old, decommissioned work laptop from a company and locates a draft document hidden deep in the laptop's archives that has a current server password. The hacker uses that password to break into the company's servers. B) A hacker calls every business in the area pretending to be tech support. When one company responds that they were waiting to hear back from tech support, the hacker proceeds to assist the company with the problem, but requests passwords and