Information Security Office

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

News from the Information Security Office

The Information Security Office has partnered with KnowBe4 to keep UT Arlington Faculty, Staff and Students educated on keeping your electronic devices secure. Click on the link below to register for the new KnowBe4 platform. It may take a few minutes for content to load.

April 2020 Security Awareness Newsletter – Identity Theft and Data Breaches –
Even if you’re the most security aware person on the planet, massive data breaches can still compromise your confidential data, and result in identity theft. This month’s edition details not only how to prevent those breaches at work, but also the measures that must be taken immediately to ensure a quick recovery in your personal life, should your data fall into the wrong hands.

Scavenger Hunt Questions (and Answers):

1. These are not suggestions and should never be ignored. (organizational policies)
2. If you suspect your data has been breached or that you are a victim of identity theft, you should consider
3. placing a fraud alert or freeze on your _____ . (credit reports)
4. Routinely check these two things for suspicious activity. (bank accounts and credit card statements)
5. Change this immediately if you believe an account has been compromised. (password)
6. True or False: Tax collectors will demand payment via text messages and emails. (False)

February 2020 Security Awareness Newsletter – The Internet of Things – Blurb and Scavenger Hunt Questions

The Internet of Things, or IoT, provides unprecedented interconnectivity between humans and devices. From consumer appliances to smart factories and Industry 4.0, the modern landscape of data flow improves our lives. But it also increases security risks. In this issue, we address those risks and how they impact individuals and organizations alike.

Scavenger Hunt Questions (and Answers):

1. Never miss an important security update by implementing these wherever possible. (automatic updates)
2. Update this immediately when you power up a new device.(default password)
3. Smart humans use _____ _____ when traveling or working remotely. (situational awareness)
4. Smart humans always ____ ____ and ask questions when unsure of something. (follow policy)
5. True or False: The Internet of Things, when successfully attacked, can present mortal danger in certain environments.(true)

While the technical side of cybersecurity, such as firewalls and threat detection services, helps contain various attacks, it’s the human side that poses the most risk. Social engineers know how to manipulate emotions and use them against the victim. Cons and scams work because humans will always have vulnerabilities that cannot be patched by a software update. This edition ends the year by showcasing real-world examples of social engineering attacks and how they can be prevented.

Scavenger Hunt Questions (and Answers):

1. The use of psychological manipulation to trick individuals into divulging sensitive information . (social engineering)
2. You should install this on your all of your personal computers and devices. (antivirus software)
3. To deter scammers from digging up personal information, set these to private. (social media profiles/accounts)
4. To help protect your organization from successful social engineering attacks, always do this. (follow policy)
5. Enable these so your device or computer never misses out on important security patches (automatic updates)

While the technical side of cybersecurity, such as firewalls and threat detection services, helps contain various attacks, it’s the human side that poses the most risk. Social engineers know how to manipulate emotions and use them against the victim. Cons and scams work because humans will always have vulnerabilities that cannot be patched by a software update. This edition ends the year by showcasing real-world examples of social engineering attacks and how they can be prevented.

Scavenger Hunt Questions (and Answers):

1. The use of psychological manipulation to trick individuals into divulging sensitive information . (social engineering)
2. You should install this on your all of your personal computers and devices. (antivirus software)
3. To deter scammers from digging up personal information, set these to private. (social media profiles/accounts)
4. To help protect your organization from successful social engineering attacks, always do this. (follow policy)
5. Enable these so your device or computer never misses out on important security patches (automatic updates)

Security threats come from everywhere. Detecting those threats before they cause damage is paramount to an organization’s success.  Even though some threat detections require technical skills, the ultimate threat detection is you--the human firewall. This month’s newsletter addresses the who, what, and why of enterprise threat detection and highlights two major threats: BEC and ransomware

1. ____________________ monitors internal processes, registry settings, file activity, and network activity. (Endpoint detection and response or EDR)
2. When an attacker impersonates a supplier, they are carrying out what type of BEC? (Invoice scams)
3. Fraudsters who use ransomware are looking for which of the following? (c)
   1. An organization’s financial information
   2. Personal information on CEOs
   3. Large amounts of money
   4. Employees’ email accounts
4. If you receive an email from your boss requesting a money transfer, what should you do? (d)
   1. Fulfill the request immediately
   2. Reply to the email to confirm
   3. Vocally confirm the request
   4. Report the email
5. Malware without _______________ is very rare. (human interaction)

Being a human firewall is more than just not clicking on obvious phishing links; it’s a lifestyle choice that improves overall security no matter where you go or what you do. This issue examines the five traits that human firewalls exhibit in their personal and professional lives, as well as seven tools that every human firewall can keep in their metaphorical utility belt. We spend a bit more time looking at the importance of incident reporting and the types of security events that you need to report.

1. __________________ means ensuring that whatever clearance you’ve been granted never gets misused for any reason.    (Respecting access)
2. What is the primary goal of all human firewalls?   (To prevent security events)
3. Which of the following is *not* an event worth reporting?    (A telemarketer calls you)
   • An unknown USB found in the lobby
   • A potential phishing attack you receive
   • A telemarketer calls you
   • An unknown delivery person without a badge hanging around in the cafeteria
4. What is a VPN?   (A Virtual Private Network)
5. Name at least three tools that every human firewall should use at home.    (password manager, VPN, a 3-2-1 backup system, A/V software, authenticator apps, or ad blockers.)

Cybercrime is something that impacts everyone, both professionally and personally. At work, a data breach could permanently damage an organization’s reputation and result in lawsuits and fines. On an individual level, when our sensitive info ends up in the wrong hands, it could lead to identify theft and additional cyber-attacks. This month’s newsletter identifies how data breaches happen, their impact on us personally, and what we can do to prevent cybercrime at work, at home, and on the go. 

1. The massive Yahoo! data breach was made possible by this cyber-attack. (spear phishing)
2. What is the root cause of almost every breach? (human error)
3. In vishing attacks, cybercriminals can spoof this to appear legitimate. (caller ID)
4. To prevent mobile cybercrime, you should treat your smart device like a _____. (computer)
5. Preventing cybercrime starts with common sense and ends with always following these. (policies)

We live in a connected world where sensitive data has effectively become currency. As such, understanding how to protect that information has become an imperative part of our daily routines. This month’s newsletter covers the importance of data classification, then dives into what cybercriminals do with stolen data, and wraps up with compliance regulations and their impact on our lives both professionally and personally.

1. What are the three basic classifications of data?(public, internal, restricted)
2. Name three of four things cybercriminals can do with stolen data. (sell it, launch phishing campaigns, steal identities, attack other accounts)
3. This serves as a learning tool to inform individuals of the rules, guidelines, and laws that impact organizations. (compliance training)
4. What type of data is covered by PCI DSS? (cardholder data)
5. To help protect the PII our organization handles, you should always follow these. (policies)

Culture traditionally refers to the shared customs, arts, and other characteristics of specific groups of people. Similarly, the security awareness culture of an organization refers to the shared human effort of information security. Creating a culture of security aware individuals requires the participation of every employee, from executives to the front desk. In this month’s newsletter, we examine the steps that everyone can take to improve culture and put security first in the workplace.

1. This software can create, store, and sync all of your login credentials across multiple devices. (password manager)
2. To avoid becoming a victim of credential stuffing you should never reuse _____. (passwords/login credentials)
3. If you ever find a random USB device such as a flash drive or cable, never plug it in and, instead, do this. (report it ASAP)
4. To prevent cybercriminals from stealing your data over public WiFi, use one of these to encrypt your connection. (a VPN or virtual private network.)
5. Data is useless if it can’t be _____. (accessed/located)

Like automobiles, buildings, and our own bodies, devices require a bit of maintenance. Ignoring simple actions, such as updating apps and deleting/organizing files, not only leads to degraded performance, it also invites security risks. In this edition, we focus on those risks and highlight how they can be avoided both at work and at home.

1. This software can create, store, and sync all of your login credentials across multiple devices. (password manager)
2. To avoid becoming a victim of credential stuffing you should never reuse _____. (passwords/login credentials)
3. If you ever find a random USB device such as a flash drive or cable, never plug it in and, instead, do this. (report it ASAP)
4. To prevent cybercriminals from stealing your data over public WiFi, use one of these to encrypt your connection. (a VPN or virtual private network.)
5. Data is useless if it can’t be _____. (accessed/located)

To build a culture of strong human firewalls, it’s important to prioritize not just organizational security, but personal security as well. That’s why this month’s newsletter takes on a personal focus by covering how to protect your family online, how to secure home networks, and what it means to properly maintain mobile devices. When security receives precedence in all facets of life, both organizations and individuals improve their resistance to cybercrime.

1. New or recently reset routers need to have these changed ASAP. (default username and password)
2. What do social engineers use to gather intel on their next targets? (social media)
3. If you want to reduce targeted ads, don’t allow apps to access your device’s _____. (microphone)
4. To avoid spoofed or rogue public WiFi networks, you should disable this specific function. (auto-connect)
5. This software can create, store, and sync all of your login credentials across multiple devices. (password manager)

How do you prevent data breaches at work? What do you do if your personal data is involved in a breach? Is it possible to maintain privacy in a constantly connected world so immersed in technology? In this issue, we address these questions and uncover solutions for maintaining security at work, at home, and on the go. It begins with a field guide to PII, continues with five steps for preventing identity theft, and ends by identifying the most common causes of data breaches—all while highlighting the non-technical, human side of protecting data!

1. Home address, national ID number, and personal phone number are all examples of what? (personally identifiable info or PII)
2. Before recycling old smart devices, you should do this. (delete all data and restore to factory default)
3. True or false: Emails from your boss can always be trusted and are never phishing attacks. (false)
4. Circumventing this, whether intentionally or accidentally, can lead to data leaks. (organizational security policy)
5. If you fear your highly sensitive data has been compromised, you should do this to prevent unauthorized credit checks. (Freeze your credit reports)

Security doesn’t require a robust understanding of networks and computers. Most of it comes down to non-technical actions and using common sense! In this edition, we jump into the simple side of security with a quick overview of what it means to use non-technical security awareness, and why it’s important to separate your professional life from your private life (such as with BYOD, or bring your own device). We wrap things up in the physical world by highlighting a few real-life examples of physical security events.

1. These were developed to protect sensitive data and prevent security breaches. Circumventing them for any reason puts us all at risk. (organizational policies)
2. It’s important to separate your ____ life from your ____ life, such as never using a corporate email to conduct personal business. (work (or professional); personal)
3. If you see a normally secured door left open, you should do this immediately. (report it)
4. A social engineer digging through recycle bins, hoping to find discarded sensitive documents, is an example of what? (dumpster diving)
5. Whether it be your usernames and passwords for devices and accounts, or a key that unlocks a secured area, you should always protect this. (privileged access)

Comprehensive Guide to Security Awareness: Kick the year off with a comprehensive overview of how to prioritize security awareness in your life, both personally and professionally. This guide digs into the specifics of what it means to be a strong human firewall, and why we place so much value on things like strong password practices and following policy.

1. Humans that attempt to leverage emotions and trust against other humans are known as what? (social engineers)
2. To make password management easier in your personal life, you should get one of these. (password manager)
3. If your boss sends you a request to wire money or send sensitive info to someone, you should treat that request with a healthy degree of what? (skepticism)
4. Circumventing ____ undermines our security efforts and could compromise the entire organization. (policy)
5. Avoid connecting to public WiFi networks without the use of this. (a VPN or virtual private network)

Today, mobile refers to a massive web of connected devices (the Internet of Things, or IoT). It isn’t about simply having access while on-the-go. It’s about having control of nearly everything from the convenience of a smart device that fits in your pocket or straps to your wrist. Unfortunately, lost in this world of smart connections is the prioritization of security. New technology rarely comes stocked with features that improve resistance to cybercrime. Quite the opposite, in fact.

In this issue, we address the current state of mobile and subsequent concerns of both professional and personal security. We cover how to secure mobile devices, discuss the price of convenience, and lay out a field guide to help keep remote workers safe. 

1. To display the full URL of a link on a mobile device, you can do this. (long-press or press and hold the link)
2. These two things need to be changed immediately after booting up new devices. (Username and password)
3. Never connect to public WiFi without using this. (a VPN or virtual private network)
4. You can avoid automatically connecting to a spoofed network by disabling what? (auto-connect)
5. Social engineers sometimes leave these laying around in busy areas with hopes that someone will find and access them. (USB flash drives)

From advance-fee scams to spoofed email addresses, phishing has long been the go-to attack in the social engineer’s playbook. In this month’s issue, we cover why phishing works via a real-life example, and highlight the obvious signs of an attack with a phishing identification checklist. From there, we cover the perils of ransomware attacks, which have surged in 2018, and wrap things up by illustrating how organizations can defend against the ever-dangerous Advanced Persistent Threats.

1. Name three signs of a phishing email. (Bad grammar/spelling, unrealistic offers, threatening language, a sense of urgency, unexpected attachment, a call-to-action, unrecognizable address)
2. True or False: if an email comes from someone you know, there’s no way it’s a phishing attack. (False)
3. With one wrong click, this type of attack could lock up our entire organization’s networks. (Ransomware)
4. Never allowing someone else to use your credentials for any reason is an example of what? (Respecting privileged access)
5. By always doing this, you help strengthen our organization’s security posture and prevent unnecessary risks. (Following policy)

How much damage can a security incident cause in one minute? How much damage can that same security incident cause if left unreported for one hour? Is that 60 times the potential damage? Or what about one day or even a week or longer?

Incident response is a vital part of mitigating the damage caused by security events and preventing similar events in the future. Users need to know when and how to report any incidents they may encounter in their daily routines. This month’s issue focuses on that issue and highlights the importance of incident response as matter of policy.

1. One of the top ways to prevent future incidents is by doing this. (reporting incidents ASAP)
2. Name at least two types of incidents to report immediately. (phishing emails, vishing, random USB drives, unfamiliar person)
3. Every person must always do this in order to keep our organization secure. (Follow policy)
4. Social engineers have been known to plant these hoping someone will find and access them. (USB drives)
5. Individuals who fail to follow policy are known as what? (Insider threats)

Passwords have been around for centuries… ever since humans felt the need to password-protect something (the right to enter or pass, for example). Fast-forward to today and the need for strong identification and authentication is more important than ever. Access to nearly every part of our online lives is protected by nothing more than a username and a string of characters. The strength and uniqueness of those characters is all that stands between cybercriminals and sensitive data.

With that in mind, this month’s issue focuses on the importance of strong passwords, addresses the concerns with standard password practices, and analyzes updated password guidelines.

Scavenger Hunt Questions (and Answers):

1. Find the piece of expert password advice that rhymes. (Longer is stronger)
2. Name at least two types of privileged accounts. (local admin, application, privileged user, domain admin)
3. Name at least one thing that you can do to respect privileged access. (Respect the access you’ve been granted. Use common sense and think before you click. Remember that physical security is an important part of information security.)
4. Provide an example of a good password following the new NIST guidelines. (Answers will vary, but should be something along the lines of: thedogwantstoplayfetch)
5. What do experts advise you use on personal devices and at home for better password security? (A password manager)

There is no shortage of technical solutions for defending organizations against cyber threats. A quick internet search yields many options for threat detection, threat prevention, and a variety of other services aimed at keeping data secure. But security, at its core, is a people process. People create strong passwords. People use common sense to avoid falling for phishing scams. People develop security software to help defend other people (from people). Focusing on the human elements of cybersecurity, from both an end-user and cybercriminal perspective, makes it easier to understand what end-users are up against daily, and also gives a face to a complex topic that many think is highly technical.

1. People that use strong situational awareness and common sense to prevent security incidents are known as what? (Human Firewalls)
2. _______________ is the art of manipulating or deceiving individuals to gain unauthorized access, both physical and digital. (Social Engineering)
3. This type of phishing attack targets specific people and organizations. (Spear Phishing)
4. Organizations hire ___________ to break into their networks and buildings and expose flaws. (Penetration Testers)
5. What does BEC stand for? (Business Email Compromise)

The number three surrounds us. We find it in mathematics and science. Only three primary colors are needed to mix most other colors (red, yellow, blue). The three-act structure is the predominant model used in screenwriting (the setup, the confrontation, the resolution).

This aptly named “Rule of Three” represents a big part of how we think, make sense of, and cluster information. In this month’s issue, we highlight that core human trait to demonstrate how triads help people understand and visualize security awareness.

1. What does CIA stand for? (Confidentiality, Integrity, Availability)
2. Personal, Professional, and Mobile combine to make this security triad. (Many Lives Triad)
3. What are the three elements of the Domains Triad? (Cyber, Physical, People)
4. Every organization needs to consider these three fundamental components when creating a successful culture of security. (Processes, People, and Technology)
5. You receive a text message warning you that your bank account has been locked due to fraudulent activity and instructs you to click on a link to fix it. his is likely an example what kind of social engineering attack? (Smishing or SMS Phishing)

The social media explosion over the last several years has created a cultural phenomenon where seemingly everything is documented. From dating apps to neighborhood watch groups, information has never been more accessible, nor has its life cycle been so infinite. What happens on the internet, stays on the internet.

Social media can be fun and friendly but the darker side employs scams, fake news, fake friends, bullying, harassment and countless other risks. In this issue, we cover how organizations and individuals can defend themselves against the unsocial aspects of social media.

1. This common scam involves fake pages offering bogus promotions or free products in exchange for a like or a share. (Like-farming)
2. A software program that creates, stores, and syncs passwords across multiple devices is known as what? (Password manager)
3. This security setting requires an additional code or pin which is typically sent to you via email or text. (Multi-factor or two-factor authentication)
4. Using you fingerprint to unlock your smart device is an example of what? (Biometrics)
5. By the year 2021, how many users are expected to be on social media? (3 billion)

Last year, cybersecurity took center stage not just in boardrooms, but in the media. It’s not just a C-level concern, but something that affects every one of us, at both professional and personal levels. And if the first few months of 2018 are any indication, it’s not slowing down.

In this month’s issue, we focus on the threats and cybercrime that almost every organization faces, including those that come from within. External and insider threats require different kinds of awareness, and both deserve the same level of attention!

1. When cybercriminals rent or sell their tools or services to less-experienced criminals, it is known as what? (Crime-as-a-Service or CaaS)
2. To see the full URL of a link, you should always perform this easy function. (Mouseover)
3. What does GDPR stand for? (General Data Protection Regulation)
4. When organizations hire a third party to break into their networks it is known as what? (Penetration Testing)
5. This regulation officially takes effect on May 25, 2018. (GDPR)

Cybercriminals target organizations of all shapes and sizes. But we also must contend with insider threats, whether they be accidental or malicious. Ensuring that sensitive information stays safe throughout its lifecycle means assessing our vulnerabilities both internally and externally. In this month’s issue, we analyze the most common threats we face and demonstrate the most common solutions to preventing those threats from compromising our objectives as security aware organization. 

1. What does APT stand for? (Advance Persistent Threat)
2. What type of phishing attacks target specific people and organizations? (Spear phishing)
3. Hiring someone to break into networks and report vulnerabilities is known as what? (Penetration Testing)
4. Anyone with inside access to our organization is considered to be this type of threat.  (Insider)
5. These types of attacks take down servers and networks by flooding them with more information than they can handle. (Distributed denial-of-service (or DDoS))

Whether you have to follow compliance mandates for work or not, across the globe we are all affected by their rules and regulations. Consider the amount of data you must provide for general services like utilities and health care. Have you ever wondered who has access to that data, or how it’s being protected? The answer to those questions is compliance regulations. From health care to financial entities, regulatory commissions develop and enforce the standards for how organizations are required to protect our sensitive data!

1. What are the three elements of the CIA Triad? (Confidentiality, Availability, Integrity)
2. This compliance standard applies to every organization that accesses personal data of EU citizens. (GDPR)
3. “An organized process of reacting to a potential security incident with the intentions of reducing negative impacts, and preventing future incidents” is the definition of what important security process? (Incident Response)
4. If you notice a someone who doesn’t have a badge or authorized credentials in a controlled access area, what should you do ASAP? (Report it/them)
5. Identify, Protect, Detect, Respond, and Recover are the five components of what framework? (NIST Cybersecurity Framework)

Every organization has a unique culture—a shared behavior that shapes the way employees and business partners interact with each other. One of the most important parts of that culture is security awareness. From the way we address external security threats, to the access controls we place on our internal networks, it all works together as on ongoing effort to defend our organization. And we all play a role in improving our culture of security awareness. Find out what that means, how it applies to our professional and personal lives, and what happens when culture is undervalued.

1. Gandhi once said that “A nation’s culture resides in the hearts and in the soul of its ____.” (people)
2. Over 145 million individuals had personal information stolen as a result of this massive data breach in 2017. (Equifax)
3. This company tried to cover up a data breach by paying the cybercriminals a lump sum of cash. (Uber)
4. What does NCSAM stand for? (National Cyber Security Awareness Month)
5. In what year did the Association for Computer Security create “Computer Security Day”? (1988)

Do you know the difference between privacy and security? Understanding how these two concepts work together, and how they differ, is key to improving our overall defense. From policies and compliance regulations, to using common sense and staying alert, privacy and security have one common goal in mind: guaranteeing the confidentiality, integrity, and available of sensitive data. Achieving that goal is a responsibility we all share!

1. People who have been granted access, from sensitive data to controlled rooms and buildings, are considered to be what? (Insider Threats)
2. When someone moves on from an organization, they must go through this process. (Offboarding)
3. What does HIPAA stand for? (Health Insurance Portability and Accountability Act)
4. How many people were impacted by the Equifax data breach? (Over 143 million)
5. Full names, credit card numbers, and date of birth are examples of what?(PII or personally identifiable information)

Cybersecurity is a human process that social engineers attempt to exploit in many different ways. From phishing to tailgating to dumpster diving, we need to be aware of the threats we face in all three domains (cyber, physical, people). Understanding the psychology of a scam and how cybercriminals target their victims is key to staying secure!

1. This type of social engineering attack targets specific individuals or companies. (Spear Phishing)
2. This type of social engineering attack targets senior executives and high-profile individuals. (Whale Phishing)
3. What does BEC stand for? (Business Email Compromise)
4. Victor Lustig fraudulently sold this iconic structure… twice. (Eiffel Tower)
5. This is the practice of developing fabricated scenarios to trick victims into giving up sensitive information. (Pretexting)

Imagine a world where your refrigerator orders groceries on your behalf, which are then delivered by computer-controlled drones or driverless vehicles. It may sound like science fiction, but in reality, the Internet of Things, or IoT, is already on that path. We live in an age of access and convenience, and it’s only a matter of time before everything we own is connected.

But we need to consider the dangers and consequences of that convenience. With each new device that comes online, a new attack surface presents itself to cybercriminals. Until developers prioritize security over convenience, it’s on the rest of us to upgrade privacy efforts, both at work and at home.

1. An army of compromised smart devices used to launch DDoS attacks is known as what? (Botnet)
2. What does DDoS stand for? (distributed denial-of-service)
3. True or False: Hiding your SSID is a great security feature of routers that we should all utilize. (False)
4. How many smart devices are projected to be connected by the year 2025? (75 billion)
5. What’s the name of the malware strain responsible for the largest DDoS attack to date? (Mirai)

It’s often said that passwords are the first line of defense when it comes to information security. But is that still the case? And what does the future hold for identification and authentication? Are biometrics any better?Understanding how we access accounts and how we protect networks and the Internet of Things (IoT) is vital to security. From proper password construction to respecting privileged access, it all works together, and we all play a role.

1. What does SNL stand for in regard to passwords?(Symbols, Numbers, Letters)
2. This software stores and syncs all logins and passwords across multiple devices. (Password Manager)
3. Fingerprint scanners and facial recognition are both examples of what? (Biometrics)
4. If you use your credentials to unlock a door, and then hold that door open for someone else, what did you just allow that person to do? (Piggyback)
5. What are the three common types of insider threats? (Malicious, Accidental, Negligent)