Many small businesses today are at risk of losing their data and getting their systems taken over because of cyberattacks. In fact, according to the Verizon Business 2020 Data Breach Investigations Report, almost a third of data breaches in 2020 involved small organizations. This is why you must improve your company’s cybersecurity now more than ever.
But how prepared is your business for cyberattacks? Take our cyberattack readiness quiz to find out. Each question is designed to test your comprehension of various cybersecurity concepts and best practices for businesses. At the end of this quiz, you should be more knowledgeable in preparing your business for the most common cybersecurity incidents.
1. True or false: Social media cannot compromise your business's cybersecurity.
A. True
B. False
C. Unsure
Correct answer: B. False
Social media can help you increase your brand awareness and reach out to current and prospective customers. But because it relies on interacting with people, you also have to ensure that your data is safe from attackers looking to steal it.
For instance, cybercriminals may hack your social media accounts and distribute malware and phishing emails to your customers and partners. Your competition can also take over your accounts and post defamatory content that may ruin your reputation.
To prevent social media attacks, avoid revealing too much personal information online and use a unique password for each of your accounts. Also, make sure that only those managing your social media initiatives have access to your company’s accounts.
2. Who should participate in a cybersecurity awareness training session?
A. Everyone
B. Just the IT department
C. The staff only, excluding the C-level executives
Correct answer: A. Everyone
Cybersecurity awareness training is the process of educating employees about various cybersecurity threats as well as your company’s procedures for preventing and addressing these. It’s important to ensure participation at every level; doing so sends a clear message that cybersecurity is everyone’s responsibility and not just the IT department’s or business owner’s.
Regularly conduct cybersecurity awareness training sessions to ensure that your employees are up to date with the latest cybersecurity trends and best practices. You can also use risk calculators to monitor your success rate and modify your training to address any concerns.
3. Which of these is the better password, according to the National Institute of Standards and Technology (NIST)?
A. scorpion clapped bristle nuttiness
B. U>Lv4U)=m>3QK’XW:
C. Neither
Correct answer: A. scorpion clapped bristle nuttiness
It’s important to secure accounts with strong passwords so they can't be accessed by unauthorized users. The common perception of what a strong password should be is one with upper- and lowercase letters, numbers, and special characters. However, the NIST recommends moving away from this system, as such passwords can be difficult to remember.
Instead, the institute suggests the use of passphrases, or passwords composed of a sentence or a combination of words. A passphrase like “snowman afterglow implicit linguist” or “correcthorsebatterystaple” is hard for hackers to guess, but can still be recalled easily, compared to a password like “ZV[PqxC98>YhMvs*”.
Aside from using passphrases, enable multifactor authentication (MFA) to add another layer of protection to your online accounts. MFA adds an extra authentication step on top of passwords, such as a smartphone notification, a facial or fingerprint scan, a physical key, or an authentication app code. Even if an attacker steals a user’s login credentials, they won’t be able to access the account without providing the subsequent authentication requirements.
4. True or false: Antivirus and anti-malware are not the same.
A. True
B. False
C. Unsure
Correct answer: A. True
Antivirus and anti-malware are different security solutions. While both are designed to detect and protect against malicious software, the former often protects against the most common forms of malware and can only identify known threats. The latter, on the other hand, focuses on more advanced threats like zero-day attacks, and proactively protects and removes any suspicious activities.
Because an antivirus protects your computers against traditional threats and anti-malware detects new threats, the two complement each other to ensure maximum protection for your systems. Install them on all your computers, along with robust firewalls and intrusion detection systems, to optimize your cyberdefenses.
5. Which of the following is NOT an ideal backup solution to protect your data from ransomware?
A. Local hard drive
B. Cloud
C. External hard drives
Correct answer: A. Local hard drive
Many ransomware variants can render systems inoperable, making it difficult for users to restore from a local hard drive backup. This is why it’s ideal to back up your data to devices places other than your computers, such as external hard drives and flash drives. Because they are not connected to your devices, they cannot be affected by the ransomware attack.
In addition to that, You should also keep your backups in the cloud. Many cloud solutions can detect ransomware activity and suspend them to keep data safe. Others have versioning capabilities that can restore encrypted files to their original state.
6. Which of these email subjects indicate a potential phishing scam?
A. Online Banking Alert: Your Account Will be Deactivated
B. USPS: Failed Package Delivery
C. Both
Correct answer: C. Both
Phishing is a cyberattack where cybercriminals send fake but legitimate-looking emails to steal users’ private information for their own gain. Cybercriminals aim to create a sense of urgency in the subject of phishing emails to pique the interest of their victims and get them to take action.
For instance, if an unknowing user receives an email with a subject like “PayPal URGENT: Please Reactivate Your Account,” they might immediately comply with the request without verifying that it actually came from PayPal. This can compromise their personal data, which can be used for identity or financial theft.
According to the Anti-Phishing Working Group, about 200,000 new phishing sites appear every month, with campaigns imitating more than 500 different brands. Remember that any legitimate company will never ask you to click on a link to verify your account or provide information. To check if a link is legitimate, hover your cursor over it. If it shows a suspicious URL like “www.paypal-login.com[.]top,” do not click on it. Also, do not download any attachment from unsolicited emails, as they could contain malware.
7. True or false: Using personal mobile devices for work poses no threats to your business’s cybersecurity.
A. True
B. False
C. Unsure
Correct answer: B. False
Personal mobile devices such as smartphones and tablets have helped people become more productive because of their familiarity, compared to company-provided devices that are configured more securely. If you fail to regulate the use of employee-owned devices, however, you can expose your business to cyberattacks. For instance, if an employee unknowingly connects a virus-infested tablet to your office network, the malware can spread to other computers and compromise your sensitive data.
Implement mobile device management (MDM) to mitigate the risks that come with personal mobile devices. MDM normally involves managing, monitoring, and securing all mobile devices deployed across multiple service providers.
An effective MDM solution should include acceptable use policies and data access control, and security features like the ability to remotely wipe devices in case of loss or theft, and to detect rooted or jailbroken phones.
How did you do?
5–7 correct answers: Congratulations! Your business is prepared for cyberattacks.
3–4 correct answers: You understand a few concepts, but there’s more to learn!
0–2 correct answers: You need to improve your business’s cybersecurity preparedness.
Need the best cybersecurity solutions for your small business ? Healthy IT can help. We will monitor your networks 24/7 to detect cyberthreats before they become an issue. We will also perform behind-the-scenes maintenance of your systems so you can focus on what you do best . To learn more cybersecurity best practices for your business, download our FREE eBook today.