50 quiz questions about cyber security

One of the best ways we learn is by quizzing - when we gamify learning, we remember better. And that way we can strengthen our cyber security and awareness of both GDPR, whistleblowing and cyber security.

Below we give you examples of good quiz questions in the three main categories in the cyber world. You can use the quiz questions for awareness training or just to challenge your colleagues' knowledge of cybersecurity and GDPR.

To give you a little help, we provide you with possible answers where the correct answer will be marked with bold.

Educational quiz on cyber security

Cybersecurity is on most companies' agendas, if they haven't already brought focus upon it. Cybersecurity is essentially the security of your technology and data (both physical and digital security). Hackers are often looking to steal data in order to resell or exploit it and ultimately make money from it.

In our cyber security category, we have four parts:

• Basic cyber security
• Network security
• Hacking
• Best practices

The basics of cyber security

• What is the purpose of cyber security? (Prevent unauthorized access to data, monitor social media, improve computer performance).

• How do you make a strong password? (I use my pet's name, I use special characters, numbers and letters, I use my name and birthday).

• What is the biggest cause of cyber attacks? (Bad IT department, human error, system failure).

• What does encrypting data do? (Locks the data, makes it easier to share the data, makes it unreadable to unauthorized people).

• What is the most commonly known strategy of cybercriminals? (social engineering, smishing, man-in-the-middle method).

Network Security

• What is a VPN? (A tool that shares your activity, a tool that increases internet speed, a tool that anonymizes your activity).

• What does the "S" stand for in HTTPS? (Secure, standard, strong).

• Where should you place your router? (Out to the street, far away from the street, it doesn't matter where it's placed).

• Why are public networks dangerous? (Everyone can access them - even the hacker, they're free - so it's a bad connection, they're unstable so you lose your data).

• Which WiFi should you use when working in a café, for example? (Their internet, a random one you can get on, your phone's hotspot).

Hacking

• Which hacking method is most commonly used against employees? (Ransomware attacks, phishing attacks, DDoS attacks).

• What malware disguises itself as legitimate software? (Worms, Zero day attacks, trojans).

• What is a ransomware attack? (The hacker demands a ransom, the hacker offers money for the data, the hacker shares the data with his colleagues).

• What is a white-hat hacker? (A malicious hacker, a hacktivist group, a hacker on the right side of the law).

• What type of phishing does the hacker use when pretending to be a manager? (barrel phishing, whale phishing, vishing).

• What do you call the malicious software that hackers install? (Malware, adware, spyware).

Best practices

• How often should you update your software? (Every 6 months, every 12 months, as soon as there is an update).

• Why is MFA (multi-factor authentication) recommended? (It provides an extra layer of security, it encrypts the data, it makes IT the administrator).

• Why is it a good idea to have access control? (It restricts access to the data, it gives everyone access to the data, it's not necessary to have).

• What best equips you to fight the cyber threat? (New work computers, training on hacking methods, awareness training).

• What tool can you use to strengthen your password security? (password managers, notes - where you write down your passwords, the Slack portal).

• What's always good to have when it comes to securing your data? (a screenshot of your contacts, passwords in notes, a backup of your data).

Quiz questions for GDPR (General Data Protection Regulation)

GDPR was adopted by the EU in 2018. It's a law to protect our personal data by describing how companies can collect, process and store sensitive personal data. Among other things, GDPR describes how we, as private individuals, can expect our data to be processed - ensuring that personal data is not shared illegally without consent and ensuring that it's not compromised.

• What does GDPR stand for? (Global Data Privacy Rights, General Data Protection Regulations, General Data Processing Rules).

• Which type of data does GDPR protect? (Company data in the EU, personal data of non-EU citizens, personal data of EU citizens).

• What is the main purpose of the GDPR? (To share personal data, to protect business data, to protect personal data and privacy).

• What is NOT considered personal data? (IP addresses, health data, purchase history data).

• Consent must: (Be provided for sensitive personal data, be explicitly given, be given only once and be valid indefinitely).

• When can a company get a GDPR fine? (If they don't process personal data correctly, when encrypting data, there are no GDPR fines).

• What does GDPR allow individuals to do? (Access their data only once a year, access, rectify and restrict processing, share personal data with friends and family).

• What is a data processor? (An employee who processes personal data, an employee who discloses personal data, a public body that issues fines).

• What should you do in the event of a data breach? (Hide the breach to avoid a bad reputation, nothing - data breaches don't fall under GDPR, notify the Data Protection Agency within 72 hours).

• What characterizes personal data (It's data that identifies people, it's data used by companies to find customers, it's data shared in the cloud).

• What is one of the GDPR's key principles? (Vigilance, accountability, encryption).

• What is included in "data processing"? (You send data to a company, the actions performed involve personal data, data is run through software for security checks).

• What is important about consent? (it must be valid indefinitely, it cannot be withdrawn, it must be voluntarily given).

• What can a company get a GDPR fine for? (Not providing sufficient info about data processing, deleting data upon consent, encrypting the data upon processing).

• Who is the administrative authority in EU for GDPR? (The police, Center for Cyber Security, the Data Protection authorities).

Quiz questions about whistleblowing

Whistleblowing is for many a frowned upon phenomenon that is often misunderstood as betrayal. We need to move away from that mindset. Whistleblowing should create a sense of security and transparency in the workplace so that wrongdoing is reported. This creates awareness of violations and issues, which can ultimately be rectified through whistleblowing.

Ultimately, whistleblowing is for sharing knowledge of wrongdoing in a company, not for sharing rumors and gossip between colleagues - that's why a whistleblowing policy is essential in the workplace.

• What is whistleblowing? (Sharing personal data, reporting wrongdoing, sharing workplace gossip).

• What should a whistleblowing scheme do? (Protect employees when reporting misconduct, support keeping secrets at work, promote unethical behavior).

• Where do you typically see whistleblowing schemes? (In the private sector, in healthcare, in the public sector).

• What does whistleblowing help with? (Preserving corporate secrets, suppressing working conditions, preventing and shedding light on corporate fraud).

• What does whistleblowing improve at a workplace? (work environment, data processing, relationships between managers).

• Whistleblowing is seen as a form of: (unethical behavior, trust in employees, monitoring employees).

• Whistleblowers are typically protected by what when reporting wrongdoing? (company policies, withholding information, whistleblower schemes and laws)

• Which famous whistleblower released government documents in 2013? (Mark Felt, Edward Snowden, Julian Assange).

• Whistleblowing is a good way to: (Increase corruption, decrease customer trust, identify wrongdoing in the workplace).

• How would you typically report misconduct? (via email, via letter, tell your colleague).

• Where is it a requirement to have a whistleblower scheme? (US-based companies, UK-based companies, EU-based companies).

• How should you report misconduct? (In encrypted messages, in understandable and concrete reports, you don't have to do anything in particular).

• What should you do after reporting a breach? (Investigate the matter further yourself, leave it to the union representative, talk to colleagues about it).

• What are the signs of misconduct in the workplace? (Business as usual, colleagues talking more than usual, secretive colleagues).

• When is the first documented whistleblowing case? (1777, 1885, 1987).

We hope to challenge and test your knowledge of the cyber world!