RiskRadar Quiz

1. Locking Your Phone or Computer

• A: I don't use any password, PIN, or lock.• B: I have a simple PIN or short password.• C: I use a strong password, fingerprint, or face lock.

2. Creating Passwords

• A: I pick something easy (e.g., 123456 or simple words).• B: I use a few strong passwords but sometimes reuse them.• C: I create long, unique passwords for each account.

3. Sharing Passwords

• A: We sometimes share or email them without protection.• B: We avoid sharing, but if needed, we do it in person.• C: We never share passwords, or use encrypted methods if we must.

4. Using Personal Devices for Work

• A: No policy; everyone uses personal devices any way they like.• B: We prefer passwords on personal devices, but it's not enforced.• C: We have a rule: personal devices must have locks & updates.

5. Access to Shared Computers

• A: We all log in under the same account.• B: We have separate accounts but sometimes share them.• C: Each staff has their own account; we log out when done.

6. Physical Security of Devices

• A: I leave my device unlocked when stepping away.• B: I lock it sometimes, but not always.• C: I always lock or secure my device if I'm not using it.

1. Sharing Sensitive Information

• A: I send it via normal text messages or email attachments.• B: I sometimes password-protect files, but not always.• C: I use secure messaging or password-protected file sharing.

2. Data Backup

• A: I never back up important files.• B: I back them up occasionally (e.g., USB drive).• C: We have regular, automated backups stored safely.

3. Document & File-Sharing Tools

• A: We email attachments with no extra protection.• B: We use cloud services but no special security settings.• C: We use cloud services with restricted access.

4. Handling Very Sensitive Data

• A: We keep it in plain docs/spreadsheets, no passwords.• B: We add simple passwords for some critical docs.• C: We use encryption or restricted access for sensitive info.

5. Using Public Wi-Fi

• A: I connect freely without worrying.• B: I try not to open confidential files on public Wi-Fi.• C: I use a secure connection (VPN) or wait for a safe network.

6. Encrypting or Protecting Attachments

• A: I rarely encrypt or password-protect attachments.• B: I do it only for very important documents.• C: I regularly protect sensitive files before sending.

1. Recognizing Suspicious Links

• A: If it looks interesting, I click it.• B: I check the sender/URL, but sometimes I still click.• C: I'm very cautious; I don't click unless I verify.

2. Handling Email Attachments

• A: I open attachments from anyone if they say "urgent".• B: I usually ask a colleague if they think it's safe.• C: I never open unexpected attachments without confirming.

3. Suspicious Phone Calls

• A: If "tech support" calls, I give info if they sound real.• B: I'm cautious, but I might share small details.• C: I never share sensitive info unless I'm sure who's calling.

4. Installing New Apps or Software

• A: I install anything I find, no checks.• B: I install from official stores but sometimes from unknown.• C: I only install apps from trusted sources or ask for guidance.

5. Anti-Malware or Antivirus

• A: We don't have any antivirus on our devices.• B: Some devices have antivirus, not all.• C: All devices have up-to-date antivirus protection.

6. Managing Organization's Email or Social Media

• A: We share one username/password for all.• B: We have separate emails, but still share social logins.• C: We have separate accounts for each person or role.

Section D: Organizational Policies & Staff Management (Questions 19–24)

1. Existence of a Security Policy

• A: No written guidelines on digital security.• B: Some informal notes, but not official.• C: A formal, written security policy everyone follows.

2. Security Trainings or Workshops

• A: Never had a training session on digital security.• B: A one-time workshop in the past, not regular.• C: We hold regular sessions or updates on digital safety.

3. Staff Knowledge on Digital Security

• A: Most have little to no idea about digital safety.• B: Some are aware, but it's inconsistent.• C: Everyone knows basics like good passwords, avoiding scams.

4. Staff Exit or Offboarding Procedures

• A: We don't change or remove their accounts when they leave.• B: We sometimes change passwords if we remember.• C: We remove/update all logins so they lose access.

5. Incident Response Plan

• A: We have no official plan if we get hacked.• B: We have some ideas, but not written or tested.• C: We have a clear plan and review it occasionally.

6. Budget or Resources for Security

• A: No specific budget for security.• B: A small amount or only free tools.• C: We allocate funds for security tools and training.

Section E: Overall Awareness & Additional Security (Questions 25–30)

1. Priority of Digital Security

• A: We rarely discuss it; it's not a focus.• B: We know it's important but often put it off.• C: We treat digital security as a key priority.

2. Awareness of Local Data Protection Laws

• A: Not aware of any specific laws.• B: Heard of them but haven't done much.• C: We know and follow the local privacy requirements.

3. Checking for New Security Threats

• A: We never look for new viruses or scams.• B: We sometimes read about them but not consistently.• C: We do routine checks or follow security bulletins.

4. Separating Personal and Work Accounts

• A: We mix personal emails or social media with work.• B: We try to separate them, but sometimes overlap.• C: We strictly keep personal and official accounts apart.

5. Handling Financial Transactions Online

• A: We use any network, no special checks.• B: We try to be careful but have no strict procedures.• C: We ensure a secure connection (HTTPS) or trusted apps.

6. Secure Websites or Online Forms

• A: Our site/forms don't use HTTPS.• B: We have HTTPS but not well maintained.• C: We use valid HTTPS certificates for data encryption.