Personal Cybersecurity Assessment
SORRY! SOMETHING WENT WRONG ON OUR SIDE.
PLEASE TRY AGAIN LATER.
Important Notice
Any information you supply is subject to our privacy policy. Access to this content is available to registered members at no cost. In order to provide you with this free service, the Government Executive Media Group may share member registration information with underwriters and partners.
A stranger asks to be your friend on a social network. What do you do?
Your social media profile is a treasure chest for cybercriminals–and they’re frequently exploiting the sites to learn valuable information about people: where you live; where you work; your favorite sports team; maybe even your mother’s maiden name. Don’t be lulled into a false sense of security if you see you have friends in common. Smart hackers are banking that you’re more likely to trust a friend request if you think you have friends in common, so they’re getting more persistent about finding a way into your social network.
Do you use two-factor authentication to log in to your email account?
Cybersecurity experts have been saying this for years: Usernames and passwords are not enough. Two-factor authentication may be a slight inconvenience–it requires the traditional password as an additional element you have on your person, such as a short code texted to your phone or your fingerprint. Enabling two-factor authentication on all your email accounts is a simple step you can take to keep hackers out of your email. As governments and large businesses have mandated tighter email security, they’re seeing more intruders finding a way in by exploiting vulnerabilities in employees’ personal accounts, which may be less secure.
How often do you reuse the same or similar passwords?
Experts say you’re safest if you create unique passwords for every account your create. Even social networks offer valuable information about you and your acquaintances that hackers can use to gain access to more sensitive details. At a minimum, experts say, you should use unique passwords for sites that store banking information, credit card numbers, Social Security numbers and other sensitive information.
Mary Smith, a newly hired government employee, is setting up her email account. Select the most secure password she should choose from the options below. Remember, this is a password you should be able to easily recall.
Experts say strong passwords should contain a combination of letters, numbers and symbols, if possible, and not resemble any words found in dictionaries. Why? Because hackers actually use electronic dictionaries to try to crack passwords. Passwords definitely shouldn’t contain personal information like your last name, nicknames or birthday (Answer A). Answer C is better, but hackers are getting more sophisticated and now know to substitute common letter-number combinations, so a clever substitute may not be enough. Experts say you’re better off taking a long phrase you can remember and then substituting numbers and letters, as in Answer D. The long phrase in that example is actually the first letter of each of the words in the opening line of Abraham Lincoln’s Gettysburg Address “Four score and seven years ago…”) with some letter and symbol substitutions. (Experts recommend picking a phrase unique to you.)
Do you lock your computer when you step away from your desk?
It’s always a good practice to lock your computer so no one can access your files or other information. It only takes seconds for someone to change your screensaver–or do something much more serious. And locking your computer is easy: On Windows machines, the command is the Windows Key + L. If you have a Mac, simultaneously press Control + Shift + Eject to lock your screen. For newer Macs without an eject key, press Control + Shift + Power.
Where do you store your passwords?
Sometimes, cybersecurity is about physical security. “Write down your passwords and store them in a secure place away from your computer if necessary,” the U.S. Department of Homeland Security recommends. “For example, passwords locked in your desk drawer are secure, but passwords on a sticky note stuck to the monitor are not.” For convenience, you can also download and use a free password manager.
You receive an email that appears to come from your organization’s help desk asking for your password or other personal information to reset your account. If you don’t respond to the email within an hour, the email says, you’ll be locked out of your account. What would you do?
It pays to be skeptical. Most IT organizations would never ask for your password or personal information in an email. Even if the email address looks legitimate, be aware it could be spoofed by hackers. Be on the lookout for grammar and spelling mistakes, too-good-to-be-true offers or an urgent or threatening tone. Those are often dead giveaways for phishing emails. If you receive a suspicious email, it’s best to contact your IT office right away.
When using a website that collects personal or payment information, there’s an easy way to tell if information you submit is sent via a secure connection. What is it?
Look for https at the beginning of the Web address. That ensures the site you’re visiting hasn’t been spoofed by hackers and the information you submit via the site won’t be intercepted in what’s known as a man-in-middle hack. For most legitimate websites, the use of https is now standard, although it never hurts to double-check. Most browsers also include a padlock icon in the address to let you know the site uses https. Many governments have made a big push to use https across all of their websites.
When do you use PGP?
PGP (Pretty Good Privacy) is a widely accepted encryption tool that shields email from interception by hackers, including criminals, ex-spouses, and spies from countries with authoritarian governments. "Encryption should be enabled for everything," cryptologist Bruce Schneier says. People who only encrypt medical data signal to hackers that their email is valuable. Windows is not considered a safe environment to store the private key code used for unlocking encrypted email. Experts suggest if you must use a Windows machine, store your keys on a separate safe device, such as a thumb drive.
After opening a Web browser you have never used before, what is the first thing you do?
Browsers are periodically updated to fix software bugs. The faster you update, the better your chances of fixing the vulnerabilities before hackers take advantage of them. Cleaning your history, or "browsing data," clears your browser of passwords and other personal data on websites you have visited in the past. Disabling Flash, known for being a common trajectory for malware, improves your overall security. Clicking on a link without doing the above things first is asking for trouble.
You receive a call from a phone number you recognize as coming from within the building. The individual on the other end of the line identifies herself as a technical support employee from your department. She says there is a security problem with your system that she needs to address by remotely logging in. What do you do?
Divulging your password to someone over the phone who you have never met could make you a victim of social engineering, the deception of someone to obtain sensitive information. If your credential falls into the wrong hands, a hacker could compromise your machine or your department’s network. It's possible your colleagues are or will be experiencing similar fraud. Hackers sometimes target multiple people in an organization until they get the secrets they are after. Best to tip off your IT security folks to the call.
When connecting to public Wi-Fi in a hotel, airport or other shared space, what do you do?
On a public network, anyone, including snoops and thieves, can be connected. It’s easy for busybodies to capture the communications you send. Password-restricted Wi-Fi can reduce the number of people on the network, but the same kinds of attacks would still occur in the same way. The good news is that just because bad guys can easily intercept data, it doesn't necessarily mean they can make sense of it. Facebook and many e-commerce websites use secure webpages that scramble the data you enter. Look for a padlock icon displayed next to the webpage address to be sure.
Do Not Sell My Personal Information
When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.
Manage Consent Preferences
Strictly Necessary Cookies - Always Active
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Sale of Personal Data, Targeting & Social Media Cookies
Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link
If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.
Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.
Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Strictly Necessary Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Functional Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Performance Cookies
We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.
Sale of Personal Data
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Social Media Cookies
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.
Targeting Cookies
We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.