100% found this document useful (3 votes)
2K views34 pages

Cybersecurity Workbook

cybersecurity workbook
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (3 votes)
2K views34 pages

Cybersecurity Workbook

cybersecurity workbook
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Cybersecurity - Protecting Yourself

and Your Organization


Project Workbook
First Edition

LearnKey creates signature multimedia courseware. LearnKey provides expert instruction for popular computer software,
technical certifications, and application development with dynamic video-based courseware and effective learning
management systems. For a complete list of courses, visit https://www.learnkey.com.

All rights reserved. Unauthorized reproduction or distribution is prohibited.

© 2023 LearnKey
www.learnkey.com
Table of Contents
Introduction 1
Best Practices Using LearnKey’s Online Training 2
Using This Workbook 3
Skills Assessment 4
Cybersecurity - Protecting Yourself and Your Organization Video Times 5
Domain 1 Lesson 1 6
Cybersecurity and Phishing 7
Reviewing Emails and Attachments 8
Common Attacks 9
Domain 2 Lesson 1 10
Digital Footprints 11
Passwords 12
Domain 2 Lesson 2 13
MFA and OSINT 14
Social Engineering 15
Domain 3 Lesson 1 16
Antimalware 17
Firewalls, Blocklisting, and Allowlisting 18
Domain 3 Lesson 2 19
Internet Safety and Downloading Applications 20
Domain 4 Lesson 1 21
Physical Security 22
Block, Lock, and Pocket 23
Domain 5 Lesson 1 24
Public and Private Wi-Fi Networks 25
Video Meetings 26
Appendix 27
Cybersecurity Checklists 28
Glossary 29
Objectives 31
Introduction

1 | Introduction: Best Practices Using LearnKey’s Online Training Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Best Practices Using LearnKey’s Online Training
LearnKey offers video-based training solutions that are flexible enough to accommodate private students and educational
facilities and organizations.

Our course content is presented by top experts in their respective fields and provides clear and comprehensive
information. The full line of LearnKey products has been extensively reviewed to meet superior quality standards. Our
course content has also been endorsed by organizations such as Certiport, CompTIA®, Cisco, and Microsoft. However, it is
the testimonials given by countless satisfied customers that truly set us apart as leaders in the information training world.

LearnKey experts are highly qualified professionals who offer years of job and project experience in their subjects. Each
expert has been certified at the highest level available for their field of expertise. This expertise provides the student with
the knowledge necessary to obtain top-level certifications in their chosen field.

Our accomplished instructors have a rich understanding of the content they present. Effective teaching encompasses
presenting the basic principles of a subject and understanding and appreciating organization, real-world application, and
links to other related disciplines. Each instructor represents the collective wisdom of their field and within our industry.

Our Instructional Technology


Each course is independently created based on the manufacturer’s standard objectives for which the course was
developed.

We ensure that the subject matter is up-to-date and relevant. We examine the needs of each student and create training
that is both interesting and effective. LearnKey training provides auditory, visual, and kinesthetic learning materials to fit
diverse learning styles.

Course Training Model


The course training model allows students to undergo basic training, building upon primary knowledge and concepts to
more advanced application and implementation. In this method, students will use the following toolset:

Pre-assessment: The pre-assessment is used to determine the student’s prior knowledge of the subject matter. It will also
identify a student’s strengths and weaknesses, allowing them to focus on the specific subject matter they need to improve
the most. Students should not necessarily expect a passing score on the pre-assessment as it is a test of prior knowledge.

Video training sessions: Each training course is divided into sessions or domains and lessons with topics and subtopics.
LearnKey recommends incorporating all available external resources into your training, such as student workbooks,
glossaries, course support files, and additional customized instructional material. These resources are located in the folder
icon at the top of the page.

Exercise labs: Labs are interactive activities that simulate situations presented in the training videos. Step-by-step
instructions and live demonstrations are provided.

Post-assessment: The post-assessment is used to determine the student’s knowledge gained from interacting with the
training. In taking the post-assessment, students should not consult the training or any other materials. A passing score is
80 percent or higher. If the individual does not pass the post-assessment the first time, LearnKey recommends
incorporating external resources, such as the workbook and additional customized instructional material.

Workbook: The workbook has various activities, including fill-in-the-blank questions, short answer questions, practice
exam questions, and group and individual projects that allow the student to study and apply concepts presented in the
course videos.

2 | Introduction: Best Practices Using LearnKey’s Online Training Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Using This Workbook
This project workbook contains practice projects and exercises to reinforce the knowledge you have gained through the
video portion of the Cybersecurity – Protecting Yourself and Your Organization course. The purpose of this workbook
is to further your understanding of cybersecurity and the roles users play in protecting themselves and their organizations
and have a checklist for basic means of protection for your passwords and devices.

The projects within this workbook follow the order of the video portion of this course. To save your answers in this
workbook, you must first download a copy to your computer. You will not be able to save your answers in the web version.
You can complete the workbook exercises as you go through each section of the course, complete several at the end of
each domain, or complete them after viewing the entire course. The key is to go through these projects to strengthen your
knowledge in this subject.

Each project is based upon a specific video (or videos) in the course and specific test objectives. The materials you will
need for this course include:

• LearnKey’s Cybersecurity – Protecting Yourself and Your Organization courseware.

For Teachers
LearnKey is proud to provide extra support to instructors upon request.

Notes
• Extra teacher notes, when applicable, are in the Project Details box within each exercise.

• Exam objectives are aligned with the course objectives listed in each project, and project file names correspond
with these numbers.

• Refer to your course representatives for further support.

We value your feedback about our courses. If you have any questions, comments, or concerns, please let us know by
visiting https://about.learnkey.com.

3 | Introduction: Using This Workbook Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Skills Assessment
Instructions: Rate your skills on the following tasks from 1-5 (1 being needs improvement, 5 being excellent).

Skills 1 2 3 4 5
Avoiding email scams

Authentication and intelligence

Types of protection

Types of physical security

Wi-Fi and video settings

4 | Introduction: Skills Assessment Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Cybersecurity - Protecting Yourself and Your
Organization Video Times
Domain 1 Video Time
Avoiding Email Scams 00:10:53
Total Time 00:10:53

Domain 2 Video Time


Authentication and Intelligence Part 1 00:08:21
Authentication and Intelligence Part 2 00:08:21
Total Time 00:16:42

Domain 3 Video Time


Types of Protection Part 1 00:09:53
Types of Protection Part 2 00:08:05
Total Time 00:17:58

Domain 4 Video Time


Types of Physical Security 00:06:12
Total Time 00:06:12

Domain 5 Video Time


Wi-Fi and Video Settings 00:10:13
Total Time 00:10:13

5 | Introduction: Cybersecurity - Protecting Yourself and Your Organization Video Times Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 1 Lesson 1

6 | Domain 1 Lesson 1: Cybersecurity - Protecting Yourself and Your Organization Video Times Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Cybersecurity and Phishing Project Details
Project file
To protect electronic data, users must protect the devices that use electronic N/A
data and the locations in which these devices are used. One common area of
Estimated completion time
concern for cybersecurity is email. Email communications are prone to
5 minutes
cybersecurity risks such as phishing. Learning to recognize phishing can help
users protect their data. Video reference
Domain 1
Purpose Topic: Avoiding Email Scams
Subtopic: What is Cybersecurity?;
Upon completing this project, you will better understand cybersecurity and Phishing
phishing.
Objectives covered
1 Protecting Email
Steps for Completion 1.1 Avoiding Email Scams
1.1.1 What is cybersecurity
1. What is cybersecurity?
1.1.2 Phishing
a. Notes for the teacher
It may be beneficial to reiterate to
students that phishing is not exclusive
to email.
2. What is phishing?

a.

3. Give an example of phishing.

a.

4. How can users protect themselves against phishing?

a.

7 | Domain 1 Lesson 1: Cybersecurity and Phishing Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Reviewing Emails and Project Details
Project file
Attachments N/A

Estimated completion time


Spam emails often contain clues identifying them as such. When receiving 10 minutes
emails, users should investigate the account from which the email was received, Video reference
the subject line, the body of the email, and any attachments to help determine if Domain 1
the email is legitimate. Topic: Avoiding Email Scams
Subtopic: Looking for Details;
Purpose Attachments

Upon completing this project, you will better understand how to check emails Objectives covered
and attachments for potential security risks. 1 Protecting Email
1.1 Avoiding Email Scams
Steps for Completion 1.1.3 Looking for details
1.1.4 Attachments
1. Determine whether the email is suspicious.
Notes for the teacher
It may be beneficial to reiterate to
a. The email contains a correctly spelled subject line.
students the importance of only
opening email attachments that appear
b. The email is from a known free email account. safe and are expected from someone
the user knows.

c. The body of the email contains misspellings and unusual


spacing.

2. What should users check before selecting a link received in an email?

a.

3. What is a best practice when it comes to opening attachments from emails?

a.

4. Why should users be wary of files containing macros?

a.

5. Why should users be wary of zip files?

a.

6. Why should users be wary of executable files?

a.

7. Determine whether the file extension is probably safe or one to be wary of.

a. .rar

b. .xlsx

c. .docm

d. .exe
8 | Domain 1 Lesson 1: Reviewing Emails and Attachments Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Common Attacks Project Details
Project file
Phishing is a common attack that can occur via email. However, there are other N/A
types of phishing attacks that can occur, such as spear phishing, whaling,
Estimated completion time
vishing, and smishing. Pig butchering, a form of social engineering, is another
5 minutes
common attack that can occur.
Video reference
Purpose Domain 1
Topic: Avoiding Email Scams
Upon completing this project, you will better understand some of the common Subtopic: More Terms
cyber attacks that can occur.
Objectives covered
Steps for Completion 1 Protecting Email
1.1 Avoiding Email Scams
1. Match the attack to its description. 1.1.5 More terms

Notes for the teacher


A. Spear phishing C. Vishing E. Pig butchering
If time permits, you may choose to
B. Whaling D. Smishing present students with specific scenarios
a. An attempt to get information from someone via a to have them identify which type of
text message. attack is taking place.

b. An attacker entices a user to invest money with the


promise of a huge return.

c. A targeted attack against a specific person or group to gain compromising information.

d. An attempt to get information from someone via a phone call or voicemail.

e. An attempt to get information from high-profile people, such as a CEO or celebrity.

9 | Domain 1 Lesson 1: Common Attacks Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 2 Lesson 1

10 | Domain 2 Lesson 1: Common Attacks Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Digital Footprints Project Details
Project file
When using computers and phones, users leave a trail of information, whether N/A
they mean to or not. To protect this information, users should make sure their
Estimated completion time
email accounts, social media accounts, and other digital communications are as
10 minutes
secure as possible.
Video reference
Purpose Domain 2
Topic: Authentication and
Upon completing this project, you will better understand what a digital footprint Intelligence
is. Subtopic: Digital Footprint

Steps for Completion Objectives covered


2 Protecting Information
1. What is a digital footprint? 2.1 Authentication and Intelligence
2.1.1 Digital footprint
a.
Notes for the teacher
Ensure students understand that they
should never assume that information
2. Why should users not have the same username and password for posted on the internet is private.

multiple websites?

a.

3. What information can be included in the metadata of an image?

a.

4. Review the list of items that can contribute to a digital footprint. List some items that may be contributing to your
digital footprint.

a.

11 | Domain 2 Lesson 1: Digital Footprints Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Passwords Project Details
Project file
Passwords are used to protect data and systems, but there are sophisticated N/A
devices that can crack passwords. Understanding the ways in which attackers
Estimated completion time
can steal passwords can help users know how to protect their passwords.
5 minutes

Purpose Video reference


Domain 2
Upon completing this project, you will better understand how to manage and Topic: Authentication and
protect passwords. Intelligence
Subtopic: Managing Passwords;
Steps for Completion Keeing Passwords Safe

1. What is the dark web? Objectives covered


2 Protecting Information
a. 2.1 Authentication and Intelligence
2.1.2 Managing passwords
2.1.3 Keeping passwords safe

Notes for the teacher


2. Determine whether each statement is true or false. If time permits, review the statistics
regarding password complexity and ask
a. Users should use the same password students which statistics apply to them.
whenever possible.

b. Passwords should be stored in an encrypted


password manager.

c. Passwords should include uppercase letters, lowercase letters, numbers, and symbols.

d. Passwords do not need to be at least eight characters long as long as they are unique.

12 | Domain 2 Lesson 1: Passwords Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 2 Lesson 2

13 | Domain 2 Lesson 2: Passwords Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
MFA and OSINT Project Details
Project file
Authentication is the act of verifying one’s identity on a system. To better N/A
protect data, users should implement multifactor authentication (MFA) when
Estimated completion time
possible. According to Microsoft, using MFA can lower possible attacks on one’s
5 minutes
data by up to 99.9%.
Video reference
A large amount of information gathering on people does not require any illicit Domain 2
effort from an attacker. This information gathering is known as Open Source Topic: Authentication and
Intelligence (OSINT). Users should be careful when sharing any information Intelligence
online, as that data could be discovered by an attacker. Subtopic: Multifactor
Authentication (MFA); Open Source
Intelligence (OSINT)
Purpose
Objectives covered
Upon completing this project, you will better understand MFA and OSINT.
2 Protecting Information
2.1 Authentication and Intelligence
Steps for Completion 2.1.4 Multifactor authentication
(MFA)
1. What is MFA?
2.1.5 Open Source Intelligence
(OSINT)
a.
Notes for the teacher
If time permits, you may choose to
2. What are the three main factors of authentication? review hypothetical scenarios in which
people share information online with
a.
students to have them identify what
OSINT could be gathered by an
3. List two types of OSINT that attackers can find on webpages. attacker.

a.

4. How can companies prevent attackers from getting OSINT from an email address posted on a company website?

a.

14 | Domain 2 Lesson 2: MFA and OSINT Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Social Engineering Project Details
Project file
Phishing is one form of a more significant issue: social engineering. Other forms N/A
of social engineering include impersonation, pretexting, and baiting. Users
Estimated completion time
should guard their information and not give it out unnecessarily.
5 minutes

Purpose Video reference


Domain 2
Upon completing this project, you will better understand social engineering. Topic: Authentication and
Intelligence
Steps for Completion Subtopic: Social Engineering

1. What is social engineering? Objectives covered


2 Protecting Information
a. 2.1 Authentication and Intelligence
2.1.6 Social engineering

Notes for the teacher


2. Match the social engineering type to its description. If time permits, you may want to discuss
some methods of reducing social
A. Impersonation B. Pretexting C. Baiting engineering attacks, such as verifying
a. A person claiming to be in sales at a company says the identity of a person wanting
they need money transferred to a vendor by the end of the day; information.

otherwise, the company may lose the vendor.

b. A person leaves a USB drive labeled as containing important company documents in the lobby
of the company’s office.

c. A person claiming to be an employee at the company’s internet service provider says that they
need an employee to give them the company’s account details to fix an issue with the internet service.

15 | Domain 2 Lesson 2: Social Engineering Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 3 Lesson 1

16 | Domain 3 Lesson 1: Social Engineering Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Antimalware Project Details
Project file
Every device needs protection from malware. A good way to find and remove N/A
malware is to use antimalware software. Windows Defender is a popular
Estimated completion time
antimalware software for Windows devices, but other malware tools are
10 minutes
available from vendors such as Malwarebytes, AVG, Avast, Norton, Bitdefender,
McAfee, and Kaspersky. Video reference
Domain 3
Purpose Topic: Types of Protection
Subtopic: Antivirus Protection
Upon completing this project, you will better understand how to protect devices
Objectives covered
from malware.
3 Protecting Devices
NOTE: Step 4 is optional and mainly applies to those who do not have 3.1 Types of protection
3.1.1 Antivirus protection
antimalware software running on their device..
Notes for the teacher
Steps for Completion Ensure students understand that there
are many different antimalware
1. List two warning signs of malware on a device. software options they can use.

a.

2. What is the difference between malware and a virus?

a.

3. What must be kept updated to keep antimalware software working as expected?

a.

4. If you do not have a solid antimalware app running on your device, research reputable antimalware apps (many are
free) and then download and install one. This site: https://alternativeto.net/category/security/anti-malware/ can
help you choose an antimalware app.

17 | Domain 3 Lesson 1: Antimalware Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Firewalls, Blocklisting, and Project Details
Project file
Allowlisting N/A

Estimated completion time


Firewalls are one way to protect devices and networks. All devices should have 5 minutes
an active firewall. Video reference
Domain 3
Another way to keep networks, devices, and data secure is to use blocklisting
Topic: Types of Protection
and allowlisting. However, blocklisting and allowlisting are not exclusive to Subtopic: Firewalls; Allow vs. Deny
businesses, especially when it comes to email. Businesses should focus on
building strong opt-in email lists, avoiding spam tactics, and complying with Objectives covered
email regulations to help ensure the intended recipients receive emails. 3 Protecting Devices
3.1 Types of protection
3.1.2 Firewalls
Purpose
3.1.3 Allow vs. deny
Upon completing this project, you will better understand firewalls, blacklisting, Notes for the teacher
and whitelisting. If time permits, you may choose to have
students discuss how they would
Steps for Completion prevent a business’s email from being
blacklisted.
1. What is a firewall?

a.

2. What is allowlisting?

a.

3. What is blocklisting?

a.

4. What is an example of blocklisting for email accounts?

a.

5. What is the CAN-SPAM Act?

a.

18 | Domain 3 Lesson 1: Firewalls, Blocklisting, and Allowlisting Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 3 Lesson 2

19 | Domain 3 Lesson 2: Firewalls, Blocklisting, and Allowlisting Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Internet Safety and Project Details
Project file
Downloading Applications N/A

Estimated completion time


Browsing the internet can be risky, even with a firewall and antimalware. Users 10 minutes
easily be taken to a site that looks legitimate but contains spyware or another Video reference
type of malware. With all of these potential risks, users should utilize safe Domain 3
browsing behaviors, including downloading applications from reputable sources. Topic: Types of Protection
Subtopic: Internet Safety;
Purpose Downloading Apps

Upon completing this project, you will better understand how to keep yourself Objectives covered
safe when using the internet and downloading applications. 3 Protecting Devices
3.1 Types of protection
Steps for Completion 3.1.4 Internet safety
3.1.5 Downloading apps
1. Determine whether each statement is true or false.
Notes for the teacher
If time permits, you may choose to have
a. Users should only send personal information
students clear the cookies and cached
online if the website is an HTTP address. images on one of their devices.
b. Users should synchronize web browser
bookmarks across devices to lessen the risk of accessing an
unsafe website.

c. Web browsers and plug-ins should only be updated when a new security risk is
discovered.

d. Users should ensure their web browser settings allow pop-up ads.

e. A best practice when using a web browser is to disable activity tracking.

f. Web browsing in Incognito mode makes a user’s activity completely anonymous.

g. Users should only download applications from third-party websites if the address is an
HTTPS address.

2. What are cookies?

a.

3. What are cached images?

a.

4. Where can users go to download applications on Windows devices safely?

a.

5. Where can users go to download applications on iOS devices safely?

a.

6. Where can users go to download applications on Android devices safely?

a.
20 | Domain 3 Lesson 2: Internet Safety and Downloading Applications Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 4 Lesson 1

21 | Domain 4 Lesson 1: Internet Safety and Downloading Applications Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Physical Security Project Details
Project file
Physical security can be broken down into two main areas: personal security and N/A
equipment security. Workplaces should have secure areas for sensitive data and
Estimated completion time
devices. They should also have workstations that are positioned with security in
10 minutes
mind. To keep workplace devices safe, users should also be aware of methods
for keeping those devices physically secure. Video reference
Domain 4
Purpose Topic: Types of Physical Security
Subtopic: Personal Security;
Upon completing this project, you will better understand how to keep data and Equipment Security
devices physically secure.
Objectives covered
4 Physical Security
Steps for Completion 4.1 Types of Physical Security
4.1.1 Personal security
1. What should be required in secure areas of workplaces?
4.1.2 Equipment security
a. Notes for the teacher
If time permits, you may choose to have
students look around their environment
2. How might data be stolen if a workstation is not positioned
and consider how they would set up a
appropriately? workspace to keep their data secure.

a.

3. List one way of keeping confidential information safe in a workplace.

a.

4. What type of networking equipment should be kept in a secure area?

a.

5. What can be used to keep a laptop secure in a workplace?

a.

6. List one way to keep printers secure.

a.

7. What is the principle of least privilege?

a.

22 | Domain 4 Lesson 1: Physical Security Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Block, Lock, and Pocket Project Details
Project file
The block, lock, and pocket method is a useful tool for understanding how to N/A
keep devices safe. By understanding the block, lock, and pocket method, users
Estimated completion time
can keep their devices physically safe from intruders and the environment.
5 minutes

Purpose Video reference


Domain 4
Upon completing this project, you will better understand the block, lock, and Topic: Types of Physical Security
pocket method. Subtopic: Block, Lock, and Pocket

Steps for Completion Objectives covered


4 Physical Security
1. What should a computer and other peripherals be plugged into? 4.1 Types of Physical Security
4.1.3 Block, lock, and pocket
a.
Notes for the teacher
If time permits, you may choose to have
2. List two ways in which people can keep workplace devices safe in their students set up a screen lock on one of
environment. their devices.

a.

3. List one way to keep workplace devices locked from intruders.

a.

4. List one way to keep information safe by keeping it to yourself.

a.

23 | Domain 4 Lesson 1: Block, Lock, and Pocket Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 5 Lesson 1

24 | Domain 5 Lesson 1: Block, Lock, and Pocket Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Public and Private Wi-Fi Project Details
Project file
Networks N/A

Estimated completion time


With remote work becoming more common, it is more important than ever that 15 minutes
employees know how to keep work data secure. Using public Wi-Fi networks Video reference
tends to have many security risks, such as connecting to an evil twin. While Domain 5
private Wi-Fi networks tend to be safer than public ones, there are still security Topic: Wi-Fi and Video Settings
measures that users can take to better protect their data. Subtopic: Public Wi-Fi; Private Wi-
Fi
Purpose
Objectives covered
Upon completing this project, you will better understand how to keep your 5 Working Remotely
5.1 Wi-Fi and Video settings
devices safe on public and private Wi-Fi networks.
5.1.1 Public Wi-Fi

Steps for Completion Notes for the teacher


If time permits, you may choose to
1. What is an evil twin? explore VPN options for students to use
on their devices.
a.

2. What is a sign of an evil twin when connecting to public Wi-Fi?

a.

3. How can users change their Wi-Fi settings to protect their devices from public Wi-Fi networks?

a.

4. How can users protect their devices when using public Wi-Fi networks?

a.

5. How can users protect private Wi-Fi networks in their homes?

a.

6. Why should users consider setting up a guest network for their homes?

a.

7. If you have a data plan that allows for hotspot usage on a mobile device, navigate to your device’s hotspot
settings and enable the hotspot.

8. If possible, connect another device, such as a laptop or tablet, to the hotspot.

9. Open an application or web browser to ensure the hotspot connection is working.

10. Disconnect the device from the hotspot. Turn off the hotspot on your mobile device.

25 | Domain 5 Lesson 1: Public and Private Wi-Fi Networks Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Video Meetings Project Details
Project file
Video meetings are common occurrences for people working remotely. Users N/A
should understand how to keep their video meetings secure so that sensitive
Estimated completion time
information stays confidential. This prevents information leaks to unwanted
10 minutes
sources which is the definition of cybersecurity.
Video reference
Purpose Domain 5
Topic: Wi-Fi and Video Settings
Upon completing this project, you will better understand how to have secure Subtopic: Video Meetings
video meetings.
Objectives covered
Steps for Completion 5 Working Remotely
5.1 Wi-Fi and Video settings
1. List three things people should do to prepare for video meetings. 5.1.3 Video meetings

a. Notes for the teacher


Ensure users understand that they
should prepare for video meetings a
few minutes early to allow time for
ensuring information is secure and that
equipment is working as expected.

2. What are three video conferencing platforms?

a.

3. What should users avoid doing during video meetings?

a.

26 | Domain 5 Lesson 1: Video Meetings Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Appendix

27 | Appendix: Video Meetings Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Cybersecurity Checklists
Checklist #1: Passwords
1. How strong are your passwords? Are they using uppercase letters, lowercase letters, numbers, and symbols? Are
they long enough to minimize the possibility of their being cracked?

2. If they are not strong, take the time to strengthen them now.

3. How many different passwords are you using across your websites, apps, and systems?

4. Are you using a password manager to store your passwords securely? If not, you should be.

5. Challenge: Use as many different passwords as possible across your websites, apps, and systems.

Checklist #2: Antimalware software and firewalls


1. What are you using for an antimalware app? If you don’t have one, get one and install it before reading any
further.

2. When was the last time you verified that the definition files are being updated regularly for your antimalware
software?

3. What are you using for a firewall?

4. Is the firewall on? If not, it should be.

Checklist #3: Wireless access points (only do this if you have one set up and in use)
1. Have you changed your wireless access point’s default network, username, and password?

2. Have you set up your own named SSID (network name) for your wireless access point?

3. Is port forwarding on? If so, turn it off unless you know why it needs to be on.

4. Is your wireless access point serving as a hotspot for your internet provider? If so, you may want to turn that off.

Checklist #4: For video meetings


1. Have you tested how you and your background look on camera?

2. Are your presentation materials ready? Are you comfortable using them?

3. Has your equipment, such as your camera and mic, been tested?

4. Have you cleared out any AutoFill entries from your web browser?

28 | Appendix: Cybersecurity Checklists Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Glossary
Domain 1

Term Definition
Attachment A file added to an email.
Cybersecurity An act or series of acts one takes to prevent the unauthorized use of electronic data.
Phishing A method of coercion used to attempt to get people to give up personal information via email, a
website, or a text message.
Pig Butchering A form of social engineering where one attempts to entice money from an individual with the
promise of a huge return.
Smishing A type of phishing that attempts to get information from someone via Short Messaging Service
(SMS).
Social A group of techniques used to attempt to obtain confidential information from a person.
Engineering
Spear Phishing A targeted phishing attack against a specific person or group used as an attempt to obtain
compromising information from that person or group.
Whaling A type of phishing that goes after high-profile people.

Domain 2

Term Definition
Authentication The act of verifying a person or device’s identity to an app, network, or system.
Baiting A form of social engineering where a trap is set and used as an attempt to perform malicious activity
on a device or get a person to give up information.
Biometrics The reading of a bodily measurement, such as an eye retina, fingerprint, or voice used for
authentication purposes.
Dark Web A group of private computer networks that is a common haven for the sharing of confidential
information and for illegal cyberactivity.
Decryption The act of unscrambling, using a key, encrypted data to its original form.
Digital Footprint A person’s overall information stored on computers and servers throughout the world.
Encryption The act of scrambling data to make it unreadable without a decryption key.
Impersonation A form of social engineering in which an attacker pretends to be a person of authority to get
information from a person or group.
Multifactor Two or more authentication methods are required to verify identity to a network, app, system, or
Authentication device.
OSINT Open Source Intelligence (OSINT) is the gathering of information about a person or place using
available public sources of information.
Password An app that is used to store a person’s passwords using encryption.
Manager
Pretexting An act of impersonation that plays on people’s emotions to attempt to get information.

29 | Appendix: Glossary Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Domain 3

Term Definition
Allowlisting A list that defines which devices and IP addresses are approved to be on a network.
App Store A software app from which apps for iOS, the primary operating system for iPhones and iPads, can be
downloaded.
Blocklisting A list of specific devices and addresses not allowed on a device or network.
Cached Image An image saved from a web browser so that it does not need to reload every time someone views the
webpage containing the image.
Cookie A text file that stores user information from a website on a device, with the intent being that the
website remembers the user on their next visit to the website.
Firewall A hardware device or software app that protects a device or network from unwanted inbound and
outbound traffic.
InPrivate Web browsing that does not store where a person is browsing in their browsing history.
Browsing
iOS The operating system present on iPhones and iPads.
Malware Malicious software or code used to disrupt, delete, or change data on a device or network.
Microsoft Store A software app used to obtain Windows apps securely.
Play Store An app that Android devices access to obtain apps for those devices.
Pop-Up Blocker An app or tool that prevents unwanted advertisements from displaying in separate windows on
webpages.
Spam Filter A tool used to attempt to prevent malicious emails from reaching a client’s inbox.
Virus A form of malware that needs a carrier to propagate through a system.

Domain 4

Term Definition
Principle of Least A permission state in which people only have the permissions they need to access resources
Privilege necessary to perform their job duties.
Shoulder Surfing A form of social engineering in which a person captures what another person is doing through
surveillance, often over the victim’s shoulder.

Domain 5

Term Definition
Evil Twin A wireless access point used for malicious purposes that has the same Service Set Identifier (SSID) as
a nearby legitimate access point.
Personal Hotspot A mobile device mechanism that allows one to use that mobile device as an access point to the
internet.
SSID A Service Set Identifier (SSID) is a setting used to identify a wireless network.

30 | Appendix: Glossary Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition
Objectives
Cybersecurity - Protecting Yourself and Your Organization Objectives
Domain 2
Domain 1 Protecting Your Domain 3 Domain 4 Domain 5
Protecting Email Information Protecting Devices Physical Security Working Remotely
1.1 Avoiding Email 2.1 Authentication and 3.1 Types of 4.1 Types of 5.1 Wi-Fi and Video
Scams Intelligence Protection Physical Security Settings
1.1.1 What is 2.1.1 Digital footprint 3.1.1 Antivirus 4.1.1 Personal 5.1.1 Public Wi-Fi
cybersecurity 2.1.2 Managing passwords protection security 5.1.2 Private Wi-Fi
1.1.2 Phishing 2.1.3 Keeping passwords safe 3.1.2 Firewalls 4.1.2 Equipment 5.1.3 Video meetings
1.1.3 Looking for 2.1.4 Multifactor authentication 3.1.3 Allow vs. deny security
details (MFA) 3.1.4 Internet safety 4.1.3 Block, lock,
1.1.4 Attachments 2.1.5 Open Source Intelligence 3.1.5 Downloading and pocket
1.1.5 More terms (OSINT) apps
2.1.6 Social engineering

31 | Appendix: Objectives Cybersecurity - Protecting Yourself and Your Organization Project Workbook, First Edition

You might also like