Survey Results

2107 Cyber Security Survey Q & A

Thank you to all who participated. The Survey questions and answers are below.

October 2-8

October 9-15 

October 16-22

October 23-29

October 25-30

Email Survey October 25 - 30

Of those that participated:

18.5% were faculty; 51.9% were Staff; and 29.6% were Students

Question 1:

On a scale of 1-5 where 1 is "I have no idea." and 5 is "I am a cyber wizard." How confident are you that you can avoid phishing emails?

Answer 1:

% Responses: 1 - 3.7; 2 - 0; 3 - 22.2; 4 - 63; 5 - 11.1

Question 2:

Are you confident that you can create a strong password and keep it secure?

Answer 2:

% Responses: Yes - 92.6; No - 7.4

The rest of the questions in this survey were opinion oriented. ITS will review them to improve and expand Cyber Security training for 2018.

Thank you to everyone that participated in Cyber Security Month events!

Email Survey October 23 - 29

Of those that participated:

13.3% were Faculty; 60% were Staff; and 26.7% were Students

Email 1:

PayPal - We need your help - Your account has been suspended, as an error was detected in your informations. The reason for the error is not certain, but for security reasons, we have suspended your account temporarily - We need you to update your informations for further use of your PayPal account. - Update your information button - You are currently made disabled of: Adding a payment method, Adding a billing address, Sending payment, and Accepting payment.

Question 1:

Look at Email 1 above: Is this a legitimate PayPal email?

Answer 1:

No

% Correct Responses: 93.3

Question 2:

What did you look for to make the determination of legitimacy?

Answer 2:

Spelling, grammar, and punctuation are all things that may indicate legitimacy or the lack thereof in an email.

% Correct Responses: 100

Question 3:

Do you look for red flags in every email?

Answer 3:

Yes

% Correct Responses: 86.7

Question 4:

Where should you begin looking for red flags?

Answer 4:

Inbox

% Correct Responses: 66.7

Question 5:

If you receive an email request to update information from a trusted company, how should you respond?

Answer 5:

Navigate to the company website and sign-in as normal.

% Correct Responses: 100

Email 2:

From:IRS Online <ahr@irxt.com>; Reply-To: "no-reply@irxt.com" <noreply@irxt.com>; Date: Thursday, April 11,2013 12:12 PM; Subject: Final reminder: Notice of Tax Return. ID 13H583326/13 - IRS heading and logo, Department of the Treasury, Internal Revenue Service - Email Body: 04/11/2013, Referance: I3H583326/13, Claim Your Tax Refund Online, Dear Taxpayer, We identified an error in the calculation of your tax from your last payment, amounting to $ 319.95. In order for us to return the excess payment, you need to create a e-Refund account after which the funds will be credited to your specified bank account. Please click "Get Started" below to claim your refund: Get Started link.

Question 6:

If you click on the "Get Started" link, what should happen next?

Answer 6:

Change your passwords

% Correct Responses: 60

Question 7:

Does the IRS send email communications?

Answer 7:

No

% Correct Responses: 100

Question 8:

How many red flags are in Email 2?

Answer 8:

3 or more

% Correct Responses: 80

Question 9:

Is there any reason to believe that the From address <arh@irxt.com> is an IRS email address?

Answer 9:

No

% Correct Responses: 100

Question 10:

Do the ID# in the Subject line and the Reference # in the Message Body match?

Answer 10:

No

% Correct Responses: 53.3

Question 11:

Is the Reply-To address likely to give a response?

Answer 11:

No

% Correct Responses: 100

Question 12:

Would a reputable letter to a specific person use a generic greeting?

Answer 12:

No

% Correct Responses: 100

Email 3:

Subject: Suspicious Login Attempt Denied; Sender: do-not-reply <do-not-reply@linux4.centralnserver.com>; Received at 8:31 AM; Message Body - We detected an unsuccessful login attempt from an unfamiliar location. For the security of your account. This security measure is to forestall any fradulent access to your account. Quickly validate by confirming your identity. Link: www.gmail.com We sincerly regret any inconvenience. Google Mail Team</do-not-reply@linux4.centralnserver.com>

Question 13:

Is Email 3 from Google?

Answer 13:

No

% Correct Responses: 100

Question 14:

Which of the below options are red flags for Email 3?

Answer 14:

Both the sender address and grammar are red flags.

% Correct Responses: 86.7

Question 15:

In a phishing email, using fear or urgency is a tactic of what field of study?

Answer 15:

Social Engineering

% Correct Responses: 13.3

Email Survey October 16-22

Of those that participated:

14.3% were Faculty, 57.1% were Staff, and 28.6% were Students

Question 1:

Malware is short for malicious software. What does malware do?

Answer 1:

All of the above is correct. Malware can damage a computer's operation, gain access to private computer systems for the purpose of doing harm, and gather sensitive or private information.

% Correct Responses: 95.5

Question 2:

What is Adware?

Answer 2:

Adware is a type of malware that allows pop-up ads on a computer system, ultimately taking over a user's Internet browsing.

% Correct Responses: 90.9

Question 3:

A computer may have been compromised if it is...

Answer 3:

All of the above is correct. Compromised computers may become slow or non-responsive, experience unexpected behavior such as programs popping up, and run out of disk space unexpectedly.

% Correct Responses: 95.5

Question 4:

Where can you save a copy of your work on the NSU network?

Answer 4:

L:drive

% Correct Responses: 86.4

Question 5:

Common ways your computer can be compromised include...

Answer 5:

Links in emails, downloaded attachments, and .exe files are all ways your computer can be compromised.

% Correct Responses: 100

Question 6:

What is the number one way hackers steal information?

Answer 6:

Phishing

% Correct Responses: 81

Question 7:

What is a Worm?

Answer 7:

A worm is a type of malware that replicates itself over and over within a computer.

% Correct Responses: 22.7

Question 8:

Spyware is a type of malware that quietly sends information about a user’s browsing and computing habits back to a server that gathers and saves the data. What can spyware collect?

Answer 8:

Spyware can collect information on Internet surfing habits, user logins and passwords, bank or credit account information, and other data entered into a computer. Spyware is often difficult to remove, it can also change a computers configuration resulting in slow Internet connection speeds, a surge in pop-up advertisements, and unauthorized changes in browser settings or functionality of other software.

% Correct Responses: Happily DNA samples received 0%; Internet surfing - 81.8; User logins and passwords - 68.2; and Bank or credit account information - 59.1

Question 9:

To access the NSU network away from campus you will need to install...

Answer 9:

NSU's VPN

% Correct Responses: 95.5

Question 10:

Updates are important because they include...

Answer 10:

Security Patches

% Correct Responses: 42.9

Question 11:

What does VPN stand for?

Answer 11:

Virtual Private Network

% Correct Responses: 100

Question 12:

Spear Phishing targets individuals based on group membership.

Answer 12:

True

% Correct Responses: 86.4

Question 13:

What is a Trojan?

Answer 13:

A trojan is a type of malware that gives an unauthorized user access to a computer.

% Correct Responses: 72.7

Question 14:

Spyware is often difficult to remove, it can also change a computers configuration resulting in slow Internet connection speeds, a surge in pop-up advertisements, and unauthorized changes in browser settings or functionality of other software.

Answer 14:

True

% Correct Responses: 86.4

Question 15:

What is a Virus?

Answer 15:

A virus is a type of malware that has a reproductive capacity and the ability to transfer itself from one computer to another spreading infections between online devices.

% Correct Responses: 63.6

Email Survey October 9 - 15

Question 1:

If you hover your mouse over a link, without clicking, where can you see the address it really goes to?

Answer:

Near the Task Bar on the left side of the Screen.

% correct responses: 42.9

Question 2:

Which of the following items should be possible red flags indicating an email may not be from a reputable source.

Answer:

All of the above - It contains an attachment I was not expecting; The message was Forwarded and there is no explanation as to why it was sent to me; and When I hover over a link to see where it goes, it goes to a Google Doc and not the website it says

% correct responses: 97.6

Question 3:

What is the number one way hackers steal information?

Answer:

Phishing

% correct responses: 85.7

Question 4:

Which of these is a secure password?

Answer:

4SkoR&7yrs@go

% correct answers: 100

Explanation: 12345678910 and abcdefgABCDEFG are not strong passwords because they are sequential in a very predictable way. mypetsname@myaddress! is not a safe password because it is personal information of the type we strive to protect and is considered easy to guess by hackers collecting information.

Question 5:

Security settings on social media accounts don't really matter.

Answer:

Strongly disagree - Security settings matter in every app and on every device you use.

% correct answers: 69

Question 6:

The IT Service Desk will never ask for your ________?

Answer:

Password

% correct answers: 97.6

Question 7:

It is fine to use public Wi-Fi to do anything online.

Answer:

False - Never open or sign into accounts on unsecured or public Wi-Fi.

% correct responses: 100

Question 8:

Given an inbox message line with the information: Sender - Olga; Subject - hello; Start of message - Hello, dearest! It's me, Olga from Moscow. How are you doi... What question(s) should you ask yourself when deciding to or not to open this email?

Answer:

All of the above - Who is Olga?; Do I know anyone in Moscow?; What address did this come from?

% correct answers: 100

Question 9:

The Email Team image is what kind of email?

Answer:

Spear phishing targeting an educational institution - NSU does not send out this kind of email. NSU will send out an email reminder to change your password. If your account is reported as compromised ITS will have the computer randomly generate a new password for you that you will need to change in Password Manager before you may log in again. This is an example of phishing called Spear Phishing. It is spear phishing because it comes from a .edu extension and is meant to fool the user into thinking it comes from their school.

% correct responses: 45.2

Question 10:

If you receive an email with a link to login and review recent activity, what should you do?

Answer:

Delete - Send to Spam - Send to IT Service Desk; This example is from a Spear Phishing email and should not even be opened. Even if a company you have an account with sends you a link, open a new tab an navigate to the site the way you would usually do so to sign-in.

% correct responses: 100

Question 11:

If you open an email to view the message but do not click on any links you can get a virus?

Answer:

False - At this time it is safe to open an email, just not to click on links in the email.

% correct responses: 47.6

Question 12:

Referring to the Email Team message described above - ITS sends out this kind of email all the time?

Answer:

False

% correct responses:100

Question 13:

Locking your computer and signing-out are the same thing.

Answer:

False - Locking your computer by hitting the Windows key and the L key, or by clicking on the start button then selecting the user icon and selecting Lock leaves your computer ready for you and only you to sign back in quickly using only your password. This should only be used if a computer is only used by you. Example: A staff members desk computer. Never lock a computer in a lab or class room that others use. In common areas always choose Sign out or Log off so the next user does not have to waste time shutting down and restarting the computer.

% correct responses: 92.9

Question 14:

Assume you have an account with American Bank. You receive an email from Arnerican Bank saying that they now provide a great new service and asking you to follow the link and sign-in for details. What should you do?

Answer:

*Two answers are correct for different reasons and I did not catch it before the form went live. - Look closely at the name of the sender. A-r-n-e-r-i-c-a-n using an r and an n to look like an m (rn), this is fraudulent. If you said Open a new browser tab and navigate to the site, that would be correct if you are going to report the fraud to the bank. Deleting it is always a good idea and the correct way to go.

% choosing a new tab: 31

% choosing to delete: 52.4

Question 15:

Two-step verification offers very little protection and should be avoided.

Answer:

False - Two-step verification often requires "something you know" like a password, and "something you have" like a cell phone that can be texted a new code every time you sign in. When two-step verification is offered, it is best practice to use it.

% correct responses: 90.5

Back to Top

 

Email Survey October 2-8

Of those that participated:

15.8% were Faculty, 60.5% were Staff, and 23.7% were Students

Question 1:

How often should you change your NSU password?

Answer:

NSU ask that you change your password twice a year.

% of correct responses - 28.9

Question 2:

A fingerprint scanner is more secure than a strong password.

Answer:

False -Fingerprint scanning is still too unreliable. There are videos on YouTube that show how to defeat scanners in less than 15 minutes.

% of correct responses - 78.9

Question 3:

What options below should never be part of your password?

% response to options available: Pets Name - 50%, Children's Name - 57.9%, Your Address - 71.1%, Your Phone Number -71.1%, Your Social Security Number -100%

Answer:

None of these options should ever be used as your passwords or PINs. This is all personally identifiable information that in the world of cyber crime qualifies as easy to guess.

Question 4:

Where do you change your NSU password?

Answer:

Password Manager is the correct answer. You may get to Password Manager from the My NSU link on NSU webpage, from the Quick Links in goNSU, or from the IT Service Desk webpage.

% of correct responses - 94.7

Question 5:

It is alright to share your password with a student worker.

Answer:

False - Never share your password with anyone.

% of correct responses - 100

Question 6:

Using the same or similar passwords on different accounts is alright if it is a strong password.

Answer:

False - Using the same password on multiple accounts makes it less secure because hackers only need to crack one password to access multiple accounts. Your reputation and information have value and should be protected as much as possible.

% of correct responses - 92.1

Question 7:

What is Malware?

Answer:

Malware is short for Malicious Software. You can learn about many types of Malware on the ITS Cyber Security webpages.

% of correct responses - 100

Question 8:

How often is it important to update your Operating System and apps?

Answer:

Turn on Automatic Updates is the correct answer for following best practices. If you have automatic updates on your personal device but have set it to notify you before installing, remember to check and install the updates or it will not protect your devices.

% of correct responses - 84.2

Question 9:

Which would you look for before entering credit card information on a website?

Answer:

https:// - http stands for Hypertext Transfer Protocol and it is the agreed upon collection of rules and language used to move data through the World Wide Web. When the s is added it means that encryption security has been added. Never enter your personal information on a site that is not encrypted.

% of correct responses - 73.7

Question 10:

Phishing only happens in emails.

Answer:

False - Phishing is the act of soliciting knowledge or action from a target for profit or other gain by a malicious actor. It can be done in person, online, or over the phone.

% of correct responses - 92.1

Question 11:

Assume that you know and like Kevin Hahn and worked on a project with him last semester. He has sent you an unexpected email with a link to a Google Doc. How should you proceed?

Answer:

Kevin is someone you know and trust. However you are not expecting this Google Doc and know nothing about the document. You should call Kevin and make sure he sent it, because his contacts list could have been compromised.

% of correct responses - 63.2

Question 12:

If you clear your cookies, are you untraceable?

Answer:

No, clearing your cookies does not make you untraceable.

% of correct responses - 100

Question 13:

What are the elements of a strong password?

Answer:

All of the above is the correct answer and includes upper and lower case letters, numbers, symbols, and at least 12 characters in length.

% of correct responses - 100

Question 14:

When downloading an app, clicking "I Accept" is just a step that does not mean anything.

Answer:

False - Clicking "I Accept"is the same as signing a contract.

% of correct responses - 100

Question 15:

If you find a lost USB drive, what should you do?

Answer:

Option 1 and 3 is the correct answer - Turn it in to Campus Police or the IT Service Desk. Many buildings on campus, like the library, have staffed desk that you may turn in lost and found items that will be sent to Campus Police.

% of correct responses - 92.1

Back to Top