Important Notice

Any information you supply is subject to our privacy policy. Access to this content is available to registered members at no cost. In order to provide you with this free service, the Government Executive Media Group may share member registration information with underwriters and partners.

[PAGE 1 OF 4]

All questions must be answered before you can continue.

A stranger asks to be your friend on a social network. What do you do?

Go ahead and accept the request. That’s the point of social networking.

Check to see if we have any friends in common. If so, I accept the request.

Do some online research about the person and then decide.

Ignore the request. Unless we’ve met in person, I don’t accept friend requests.

Your social media profile is a treasure chest for cybercriminals–and they’re frequently exploiting the sites to learn valuable information about people: where you live; where you work; your favorite sports team; maybe even your mother’s maiden name. Don’t be lulled into a false sense of security if you see you have friends in common. Smart hackers are banking that you’re more likely to trust a friend request if you think you have friends in common, so they’re getting more persistent about finding a way into your social network.

Do you use two-factor authentication to log in to your email account?

Yes. I have two-factor enabled on every email account I use.

I have two-factor authentication enabled on most of the email accounts I use. For example, I am required to use two-factor on my work email but don’t have it enabled on my personal email.

Two-factor is too inconvenient for me to use.

What’s two-factor authentication?

Cybersecurity experts have been saying this for years: Usernames and passwords are not enough. Two-factor authentication may be a slight inconvenience–it requires the traditional password as an additional element you have on your person, such as a short code texted to your phone or your fingerprint. Enabling two-factor authentication on all your email accounts is a simple step you can take to keep hackers out of your email. As governments and large businesses have mandated tighter email security, they’re seeing more intruders finding a way in by exploiting vulnerabilities in employees’ personal accounts, which may be less secure.

How often do you reuse the same or similar passwords?

Never. I always use unique passwords for each site.

Rarely. For sites that store personal information, like my online bank account, I use unique passwords. But for social media, and other “less important” sites, I reuse the same ones.

Sometimes. I have a handful of passwords that I occasionally reuse across multiple sites, regardless of how important the website.

Always. For important websites, I reuse the same password, so I never get locked out of my account.

Experts say you’re safest if you create unique passwords for every account your create. Even social networks offer valuable information about you and your acquaintances that hackers can use to gain access to more sensitive details. At a minimum, experts say, you should use unique passwords for sites that store banking information, credit card numbers, Social Security numbers and other sensitive information.

[PAGE 2 OF 4]

All questions must be answered before you can continue.

Mary Smith, a newly hired government employee, is setting up her email account. Select the most secure password she should choose from the options below. Remember, this is a password you should be able to easily recall.

Smith1975

password123

Strawb33ryFieldsForever

4s&7yaoFbf0tcanN

Experts say strong passwords should contain a combination of letters, numbers and symbols, if possible, and not resemble any words found in dictionaries. Why? Because hackers actually use electronic dictionaries to try to crack passwords. Passwords definitely shouldn’t contain personal information like your last name, nicknames or birthday (Answer A). Answer C is better, but hackers are getting more sophisticated and now know to substitute common letter-number combinations, so a clever substitute may not be enough. Experts say you’re better off taking a long phrase you can remember and then substituting numbers and letters, as in Answer D. The long phrase in that example is actually the first letter of each of the words in the opening line of Abraham Lincoln’s Gettysburg Address “Four score and seven years ago…”) with some letter and symbol substitutions. (Experts recommend picking a phrase unique to you.)

Do you lock your computer when you step away from your desk?

Yes, always.

Sometimes, when I remember.

Only if I’m working on something sensitive.

No, never. I trust my coworkers.

It’s always a good practice to lock your computer so no one can access your files or other information. It only takes seconds for someone to change your screensaver–or do something much more serious. And locking your computer is easy: On Windows machines, the command is the Windows Key + L. If you have a Mac, simultaneously press Control + Shift + Eject to lock your screen. For newer Macs without an eject key, press Control + Shift + Power.

Where do you store your passwords?

On a sticky note attached to my computer monitor.

On a piece of paper in a locked drawer in my file cabinet.

In my memory.

I store my passwords in a secure password-storage application. No pencil required.

Sometimes, cybersecurity is about physical security. “Write down your passwords and store them in a secure place away from your computer if necessary,” the U.S. Department of Homeland Security recommends. “For example, passwords locked in your desk drawer are secure, but passwords on a sticky note stuck to the monitor are not.” For convenience, you can also download and use a free password manager.

[PAGE 3 OF 4]

All questions must be answered before you can continue.

You receive an email that appears to come from your organization’s help desk asking for your password or other personal information to reset your account. If you don’t respond to the email within an hour, the email says, you’ll be locked out of your account. What would you do?

If the email looks legitimate, I would provide the information.

I would ask a co-worker. If they also received a similar message, then I would conclude it must be legitimate.

I would reply to the email, asking for more information, and wait to contact the help desk until I heard back.

I would call the help desk or my IT office–or stop by in person–to alert them to the email.

It pays to be skeptical. Most IT organizations would never ask for your password or personal information in an email. Even if the email address looks legitimate, be aware it could be spoofed by hackers. Be on the lookout for grammar and spelling mistakes, too-good-to-be-true offers or an urgent or threatening tone. Those are often dead giveaways for phishing emails. If you receive a suspicious email, it’s best to contact your IT office right away.

When using a website that collects personal or payment information, there’s an easy way to tell if information you submit is sent via a secure connection. What is it?

Instead of http:// the Web address begins with https://

The Web address ends in .com, .gov, .edu or .mil. Those sites are secure.

The Web address ends with “/secure.” For example, www.routefifty.com/secure.

There is no way to tell.

Look for https at the beginning of the Web address. That ensures the site you’re visiting hasn’t been spoofed by hackers and the information you submit via the site won’t be intercepted in what’s known as a man-in-middle hack. For most legitimate websites, the use of https is now standard, although it never hurts to double-check. Most browsers also include a padlock icon in the address to let you know the site uses https. Many governments have made a big push to use https across all of their websites.

When do you use PGP?

When I am writing emails to family members.

When I am sharing health records with my doctor.

When I am on a Windows PC.

What is PGP?

PGP (Pretty Good Privacy) is a widely accepted encryption tool that shields email from interception by hackers, including criminals, ex-spouses, and spies from countries with authoritarian governments. "Encryption should be enabled for everything," cryptologist Bruce Schneier says. People who only encrypt medical data signal to hackers that their email is valuable. Windows is not considered a safe environment to store the private key code used for unlocking encrypted email. Experts suggest if you must use a Windows machine, store your keys on a separate safe device, such as a thumb drive.

[PAGE 4 OF 4]

All questions must be answered before you can continue.

After opening a Web browser you have never used before, what is the first thing you do?

Ensure the browser is the newest version available.

Clear the browsing history and schedule the browser to delete website data frequently.

Disable the Adobe Flash feature.

Make sure the browser is authentic by clicking the logo on the browser’s home screen.

Browsers are periodically updated to fix software bugs. The faster you update, the better your chances of fixing the vulnerabilities before hackers take advantage of them. Cleaning your history, or "browsing data," clears your browser of passwords and other personal data on websites you have visited in the past. Disabling Flash, known for being a common trajectory for malware, improves your overall security. Clicking on a link without doing the above things first is asking for trouble.

You receive a call from a phone number you recognize as coming from within the building. The individual on the other end of the line identifies herself as a technical support employee from your department. She says there is a security problem with your system that she needs to address by remotely logging in. What do you do?

Provide her with your credentials to troubleshoot the problem.

Ask her to come to your floor to fix the issue or offer to bring the device to her office.

Hang up the phone.

Visit your office's IT staff in person to report the incident.

Divulging your password to someone over the phone who you have never met could make you a victim of social engineering, the deception of someone to obtain sensitive information. If your credential falls into the wrong hands, a hacker could compromise your machine or your department’s network. It's possible your colleagues are or will be experiencing similar fraud. Hackers sometimes target multiple people in an organization until they get the secrets they are after. Best to tip off your IT security folks to the call.

When connecting to public Wi-Fi in a hotel, airport or other shared space, what do you do?

I often log into Facebook and other social networks.

I email with colleagues while on business travel.

I make sure the connection requires a password from the building.

I do not use public Wi-Fi.

On a public network, anyone, including snoops and thieves, can be connected. It’s easy for busybodies to capture the communications you send. Password-restricted Wi-Fi can reduce the number of people on the network, but the same kinds of attacks would still occur in the same way. The good news is that just because bad guys can easily intercept data, it doesn't necessarily mean they can make sense of it. Facebook and many e-commerce websites use secure webpages that scramble the data you enter. Look for a padlock icon displayed next to the webpage address to be sure.

[ LOADING ]

Assessment Complete! You are:

—

Share Your Results:

ADDITIONAL RESOURCES FROM Centurylink

The Digital Forerunners: A Survey Report on Network Infrastructure in State and Local Government

Download »

When you download a document your information may be shared with the presenters or underwriters of that document.

Almost There! Help us tailor content specifically for you:

Full Name

Agency/Department

Organization Function

Organization Name

Job Function

Phone number

Zip code

Country

Country Name

Yes, Route Fifty can email me on behalf of carefully selected companies and organizations.

I agree to the use of my personal data by Government Executive Media Group and its partners to serve me targeted ads. Learn more.

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information

Accept Cookies

Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings

Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

Functional Cookies

Performance Cookies

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

Targeting Cookies