How Well Do You Know Cyber Security?
A recent Pewinternet article talks about the cyber security knowledge of the average person. In the article (which will be linked below), you can take the same quiz as the people who provided the data sample. Being aware of cyber security is a skill that has real world, practical applications. According to the poll data provided by the article, 73% of people polled scored a 40% or less. The poll asks a variety of simple questions, all of which the average person could reasonably expect to be aware of. We’ll briefly touch upon each question, the correct answer and why it’s important that you know it.
Question 1: Can you identify the strongest password?
Why it’s important to you: This one should be obvious, a strong password is critical if you want to stay secure. The ideal password is at least 6 characters, isn’t a word from the dictionary, has symbols as well as numbers in it and has a mixture of upper and lower case letters. A common tactic is to think of a story and use the first letter of each word as the password. ROYGBIV for example could be turned into R0ygB!V.
Question 2: Is password protected Wifi safe for personal use?
Why it’s important to you: Short answer, NO. Just because WiFi has a password on it, doesn’t make it safe for use with personal information. You have no way of knowing whether or not someone has uploaded an illicit program to the router hosting the WiFi since they have the password as well. Or, and this is common enough, someone could have set up a “password” protected WiFi network with the explicit intention of collecting the traffic. Don’t access your bank account, email account or anything else sensitive in public.
Question 3: What’s a phishing attack?
Why it’s important to you: If you don’t know what a phishing attack is, go read these articles first. Phishing attacks are commonplace in this modern world, they’ve appeared extensively in recent cyberattacks. Being able to spot a suspicious email is cyber security 101, and if you have any sensitive information on your personal computer you need to know how not to get phished. Never open an email from an unknown source, never follow links from someone you don’t trust and never let those websites download anything. Virus get packaged in “kids” games, usually from online flash websites, all the time. Make sure to set up parental locks if your kids are using your device.
Question 4: If the GPS is off, can your phone be tracked?
Why it’s important to you: The government, though usually the Police, can track your phone with the GPS turned off. Your phone will even tell you that, if you dig into its settings. There’s an option, usually under “Emergency Services” or “E11” that will be grayed out but checked that lets EMS ping your device. There are a multitude of reasons you’d want this feature, and why it can’t be disabled by you. This feature saves thousands of lives, prevents kidnappings and the like because the FBI can see someone’s phone in real time. Just be aware that it can happen to you, and someone with a technical knack could conceivably do it as well.
Question 5: How many credit reports can you get per year?
Why it’s important to you: You can get one free credit report per year, which won’t damage your credit score. Keep in mind that repeated credit checks will damage your credit score, however, so try to avoid opening a dozen credit cards in a few months.
Question 6: What is Ransomware?
Why it’s important to you: Petya. WannaCry. The Utility Attack. Ransomware has been a part of at least three major cyberattacks within the last year, and is a sort of evergreen favorite of hackers. Ransomware encrypts the infected computer, holding it hostage for a ransom (get it?) that gets the user the decryption key.
Question 7: Is your email encrypted automatically?
Why it’s important to you: Nope. Some services may automatically encrypt it, but don’t count on it. You’ll have to download a plug-in or tweak a few settings if you want your email traffic to be encrypted. Here’s an important tip about encryption, if you want to use if you have to encrypt everything. If you only encrypt sensitive information, then anything you send that’s encrypted is sensitive and thus worth spending the time cracking. If you encrypt everything you send however, then it makes finding the important bits of information much harder. That goes for everything you do involving encryption, if you encrypt a single folder on your computer it’s obvious that one is important. Instead, encrypt them all. Another thing to keep in mind, even if your email is encrypted the connection yours sending it over may not be. If your connection is compromised, your encrypted emails can still be caught and decrypted.
Question 8: How “Private” is Private Browsing?
Why it’s important to you: You’ve used Google’s private browsing feature before, but have you read the disclaimer it displays on a fresh Incognito tab? It clearly states that while your computer won’t remember where you went or what you searched for, it in no way stops your ISP or your router from seeing what you’re doing. If you’re using private browsing at work, anyone in the IT department can see what you’ve looked at. This is important to remember when working with sensitive information as well, someone with access to the router will be able to see what you’re doing.
Question 9: Is WiFi traffic normally encrypted?
Why it’s important to you: Just like your email, no WiFi traffic isn’t normally encrypted. Your router probably has a setting that encrypts all your traffic however, which is a good first step towards keeping your information secure. If someone breaks into your WiFi network, and the traffic isn’t encrypted then your other security measures are going to be tested in short order. Don’t rely on encrypting just your WiFi traffic, someone may penetrate your network and you’ll be defenseless. A strong password is key here, it will help keep your network security intact.
Question 10: What’s the “s” in HTTPS mean?
Why it’s important to you: We’ve previously covered the topic of HTTPS, or “Hyper Text Transfer Protocol Secure.” That “s” means all the difference when it comes to your web traffic. If you go to any store, bank or other financial institute and you don’t see “HTTPS” then you need to leave that site immediately. HTTPS means that your data is secure from prying eyes, and that someone hasn’t sniffed out your IP and is watching everything you send the website. Again, layering your protections works quite well here. Using a VPN and an encrypted router makes your HTTPS connection that much more secure.
Question 11: What is a botnet?
Why it’s important to you: Simply put, a botnet is a network of computers that has been setup for criminal activities. They’re commonly used in DDOS (Distributed Denial of Service) attacks, where swarms of computers overwhelm a websites ability to respond to the traffic and goes down. Millions of computers have been infected with malware who’s sole purpose is to link them together into massive botnets. The malware does nothing else, it simply waits to activate the infected device to get them all to cooperatively take down the target website.
Question 12: What’s the point of a VPN?
Why it’s important to you: A VPN, Virtual Private Network, allows you to counteract some of the risks that come from insecure WiFi traffic. Put simply, it creates a “tunnel” to your destination, which allows your data to stay secure. A VPN provides some measure of security if you have to access or transmit sensitive data across an insecure connection like a public WiFi hotspot. VPN’s are available for mobile devices as well, and premium ones can be had for a few hundred dollars. These paid for services provide security updates and tech support, for a single life time fee.
Question 13: What is multi-factor authentication?
Why it’s important to you: Your work email probably requires it, and you may have enabled it for your personal email. Multi-factor authentication is when logging into your email service requires more than just a password. Usually, a text message or phone call is sent to the phone number you provided when you made the account. This is an effective measure against an intrusion attempt, as it’s unlikely that the attacker also has your personal phone with them.
Let us know how you did in the comments below, and if you have any questions you’d like answered please leave them in the comments as well.
Link to the Pewinternet article: What the Public Knows About cyber security
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.