Accreditation Now
Technology and Cybersecurity Training
Note: This training is an overview of technology security within a human
service setting. It is intended to provide a basic understanding of
technology security guidelines and practices for all employees and meet
the CARF accreditation standards for training for all employees. It is not
intended to be a substitute for competency-based training requirements.
Appropriate technology security policies, procedures and practices that
are in accordance with federal and nationally recognized guidelines on
technology security provide the foundation for ensuring a secure work
environment.
Please read through this brief overview of technology security. After
completing this overview, complete the questionnaire that follows.
This questionnaire will provide several scenarios that can occur in
organizations in the area of technology security and are intended to
improve your ability to assist in keeping your organization safe from
breaches in technology security.
This training requires a perfect score to pass. There are only five
questions and you must get each one correct.
Technology Security Overview
Hacking of companies to compromise corporate data or utilize company
computers for malicious activity is on the rise at an alarming pace.
Most of the time these attacks you see in the news stem from an
employee opening an email or attachment they should not have opened.
Although much less frequent, some of the time these attacks happen
because someone answered the phone and gave away information they
should not have, like what vendors you use or what type of equipment
you have.
Phone Call Safety
Telling someone you have WiFi or the name of your phone provider can
give a hacker what they need to get in. For example, new customers of
Cable Company One are known to have their WiFi password default to
their phone number. Once a hacker knows this, knows the name of your
provider and if the default password hasn’t been changed, they have
what they need to access the system.
Email Safety
Email is not inherently secure.
Sensitive or confidential information (For example, Patient/Client social
security information) should not be sent via email. If it needs to be sent
via email, you must use an encrypted email service. Be aware of phishing
attempts.
Phishing is the process of attempting to acquire sensitive information
such as logins, passwords and credit card information by masquerading
as a trustworthy entity.
Emails claiming to be from popular websites are often used to trick you
into entering your information.
Do not open attachments without verifying the source.
Opening a ZIP, DOC, DOCX, XLS, XLSX, EXE or PDF file can
compromise your computer. Be vigilant in confirming you know the
sender and need the file for business usage. If needed, call the sender
and confirm the email is legitimate.
Before clicking a link, confirm it goes where it should.
For example: http://www.accreditation.com
The above link makes you think it will take you to
www.accreditationnow.com
If you click it, that’s not what happens.
You can either hover your mouse over it to see if it goes where it says it
goes or you can simply type the URL in your browser manually.
Five ways to spot a fraudulent email
1. The from email does not match: Email address is xxxx@gmail.com
yet it has a logo of a popular company.
2. Is the email to you? If not, be skeptical unless you can confirm it is
authentic.
3. The links in the email do not actually go to the correct website. You
can hold your mouse over a link, and it will show you what URL
it is going to. If it does not match the company do not go to it.
4. The email appears to be a reply from someone you did not send an
email to.
5. An attachment is on the email from someone who normally would
not send you an attachment or from someone you did not ask
for a file from. Again, if needed, call the sender and confirm the
email is legitimate.
Workstation Safety
Keep your workstation locked if you leave your work area.
If you do not lock your screen, someone can interact with the company
network using your workstation. On a Windows computer use Windows
Key + L to lock your workstation when you get up.
Use a strong password.
Use word phrases that are easy to remember. Include Capital letters,
numbers and special characters with a minimum length of 11
characters.
Keep your password safe.
Do not share your password with others.
Store any password lists in a secure location such as a locked file cabinet
or safe.
Do not store any passwords in a readily available location like a sticky
note on your monitor or in your desk drawer.
Technology and Cybersecurity 1 Questionnaire
Please answer the following questions by selecting yes or no following the question.
1. If you are going across the hall to make a copy of a single document, it is acceptable to
leave your computer unlocked because you will not be away from your desk for more than
five minutes.
❒True
❒False
2. Most of the time companies are hacked because someone gives away private information
over the phone to a hacker posing as a potential vendor or client.
❒True
❒False
3. Most email programs are inherently secure and will determine if any attachment or link has
or points to a virus or insecure website.
❒True
❒False
4. You should always double-check that a link actually goes to the website it says it goes to
because hackers will sometimes make it look like a link is going to one website when, in
fact, it is sending you to a hacker website.
❒True
❒False
5. If someone you know sends you an email with an EXE or ZIP extension, it is fine to open
it since you know the person who sent you the email.
❒True
❒False
Technology and Cybersecurity 1 Answer Key
Please answer the following questions by selecting yes or no following the question.
1. If you are going across the hall to make a copy of a single document, it is acceptable to
leave your computer unlocked because you will not be away from your desk for more than
five minutes.
❒True
❒False
(False)
Tutorial for a “True” answer:
Your answer indicated you believe it is acceptable to leave your workstation unlocked
while away for an extremely short time. This is incorrect. Many things could cause you to
be sidetracked while away from your workstation. Any time you leave your workstation,
it should be locked.
2. Most of the time companies are hacked because someone gives away private information
over the phone to a hacker posing as a potential vendor or client.
❒True
❒False
(False)
Tutorial for a “True” answer.
Your answer indicated that you believe the most common way an organization can be
hacked is via a hacker calling the organization. The majority of hacks happen when
personnel open an email or attachment that they should not open.
3. Most email programs are inherently secure and will determine if any attachment or link has
or points to a virus or insecure website.
❒True
❒False
(False)
Tutorial for a “True” answer.
Your answer indicated that you believe most email systems are inherently secure. They
are not. Although many email systems do provide some security protection, many do not
and you should never count on an email system to be secure. You need to always be
extremely careful when receiving emails.
4. You should always double-check that a link goes to the website it says it goes to because
hackers will sometimes make it look like a link is going to one website when, in fact, it is
sending you to a hacker website.
❒True
❒False
(True)
Tutorial for a “False” answer.
Your answer indicated that you believe there is no need to ensure a link goes to where it
says it is going. You should always double-check this. If a link goes to a different site than
it claims, it is a dead giveaway that you have received an email from a hacker who is
trying to attack your system.
5. If someone you know sends you an email with an EXE or ZIP extension, it is always fine
to open it since you know the person who sent you the email.
❒True
❒False
(False)
Tutorial for a “True” answer.
Your answer indicated that you believe it is OK to open an attachment because you know
the person who sent it. Hackers will oftentimes pose as someone you know and trust in
order to get you to open an attachment that contains malware or a virus. You should
always know what is contained in an attachment before opening. If there is any doubt,
pick up the phone and call the individual to ensure the email is from them.