Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

Awareness Module 4 Cheat Sheet (DRAFT) by

This cheat sheet summarizes the key concepts from Module 4 to help with quiz preparation.

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Types of Social Engine­ering

Phishing
Deceptive emails with fake links/­att­ach­ments.
Vishing
Phone/­voi­cemail scams (“This is your bank, confirm PIN”).
Smishing
Fake texts with malicious links/­apps.
Tailgating
Entering secure areas by following someone with a badge.
Piggyb­acking
Gaining entry when someone lets you in.
Impers­onation
Pretending to be an authorized person to gain access.
Eavesd­ropping
Listening to private conver­sat­ions.
Shoulder surfing
Watching screen­s/k­eys­trokes to steal data.
Dumpster diving
Retrieving sensitive data from trash.
Physical theft
Stealing device­s/d­ocu­ments.
Baiting
Enticing offers like free USBs or downloads hiding malware.
Defenses:
- Verify requests through official channels.
- Don’t click unknown links, open attach­ments, or plug in unverified USBs.
- Use privacy filters to block shoulder surfing.
- Challenge unknown people in restricted areas.
- Shred sensitive documents; securely destroy old devices.
- Encrypt hard drives­/USBs; lock unattended devices.
- Be cautious with calls/­tex­ts/­emails that use urgency or fear.

Multif­actor Authen­tic­ation (MFA)

Process of authen­tic­ation that requires 2+ creden­tials (e.g., password + code) to keep Stronger identity verifi­cation and block unauth­orized logins.
Examples
1. Password + SMS code.
2. Password + app-based push notifi­cation.
3. Password + biometric (finge­rpr­int­/face scan).

Benefit
- Protects against stolen passwords.
- Required for compliance and cyber insurance.

Cyber Concerns for MFA

Phishing
SIM Swapping
Device Cloning
Service Compro­mising
MFA User Fatigue
MFA isn't foolproof. Skilled attackers use social engine­ering to target employees, steal creden­tials, and launch MFA fatigue attacks.
  

Virtual Private Network (VPN)

A VPN encrypts internet connec­tions for secure data transm­ission, preventing unauth­orized access. Organi­zations use VPNs for safe remote access, even on untrusted networks like public Wi-Fi.

Benefits of VPNs

Encryption and Privacy
VPNs encrypt connec­tions to protect data, creating a secure tunnel for safe sending and receiving of data.
Access to restricted content
VPNs allow employees to securely access an organi­zat­ion’s network remotely from approved locations.
Protection against cyber threats
VPNs encrypt data to prevent eavesd­ropping and block cyber threats.

Public Wi-Fi Risks

Snoopi­ng/­Eav­esd­ropping
Others can view your activity.
Phishi­ng/­Malware
Attackers on the same network may send malware
Rogue Access Point
Fake Wi-Fi set up to steal info.

Organi­zation Approved Softwares

Software that are vetted, patched, and supported by IT

Why use only approved?
Regular updates, reduced vulner­abi­lities.
Protects sensitive data (encry­ption, access controls)
Ensures compliance (HIPAA, GDPR, etc.)
Avoids crashes and compat­ibility issues.
Prevents malware from untrusted apps.
IT can provide support.
Best Practices
- Verify with IT before instal­ling.
- Report unauth­orized software immedi­ately.
- Review policies regularly.

Cybers­ecurity Concerns of BYOD

System and data Security
Legal and compliance
Mixing of personal and profes­sional life
Device compat­ibility
Old Software
Lack of security controls
Best Practices:
- Always check your agency’s BYOD policy.
- Encrypt personal devices (espec­ially laptop­s/p­hones).
- Keep OS/sof­tware updated and patched.
- Separate work and personal data.
- Partic­ipate in cybers­ecurity awareness training.