Security and Ethics - SS3 ICT Past Questions and Answers - page 2

A phishing attack is a type of cyberattack where attackers use deceptive emails, messages, or websites to trick individuals into revealing sensitive information, such as login credentials or financial details. An example of a phishing attack is receiving an email that appears to be from a reputable bank, asking you to click a link and enter your account details. The email and website may look legitimate, but they are designed to steal your information.

Common practices to strengthen password security include:

Using complex and unique passwords for each account.

Avoiding easily guessable passwords, such as "123456" or "password."

Using a combination of upper and lower-case letters, numbers, and special characters.

Changing passwords regularly.

Using a reputable password manager to generate and store passwords securely.

The consequences of a security breach for an organization can be severe and may include:

• Loss of sensitive data and customer trust.
• Financial losses from legal actions, fines, and system repairs.
• Damage to the organization's reputation.
• Disruption of business operations.
• Legal and regulatory consequences for failing to protect customer data.

• Mitigating insider threats involves a combination of technical, organizational, and human-focused measures, including:
• Implementing access controls to limit employees' access to sensitive data.
• Conducting background checks during the hiring process.
• Providing cybersecurity training and awareness programs.
• Monitoring employee behavior and system logs for suspicious activities.
• Encouraging a culture of transparency and reporting of potential threats.

Regularly updating software and operating systems is essential for security because updates often include patches for known vulnerabilities. Without updates, systems become more susceptible to exploitation by cybercriminals. Hackers can target these vulnerabilities to gain unauthorized access, steal data, or cause other forms of damage. Keeping software up-to-date helps protect against these threats and ensures the latest security features are in place.