Simulation de cybersécurité

Cybersecurity Simulation

Hello, I am Álvaro and I belong to the HR department.

I am an expert cybersecurity bot and I am here to help you

start

* EDIT OR DELETE THIS LOCUTION

What will we learn?

In this session, we will learn about the fundamental aspects that will help us avoid cybersecurity attacks on accounts and devices.

Keys

Use strongand unique passwords

Activate two-stepverification

Keep your operating system and antivirus

Always check the sender and links before clicking

Do not share personal datawithout being sure of the recipient

continue

Context

You are working normally when you start receiving suspicious emails and messages. Some seem to come from your bank, others from the accounts department, and one even appears to be from your company's IT department. You don't know whether to open them… So, you decide to consult the bot with some questions about a possible cybersecurity attack on your account.

continue

Bot, I just received a somewhat suspicious email. It appears to be from the technical support department, but I'm not sure if it's real or could jeopardize my account's security.

Okay, let's review it. Can you provide me with the email you received? I need to analyze it in detail.

email

📧

continue

What conclusions can we draw from this email?

After carefully analyzing the email, what do you think about its legitimacy?

The email includes several concerning signals: an executable file .exe, an urgent action request without prior confirmation through other channels, and a generic sender without a real name or signature. These elements combined are typical in malware attacks and impersonation scams.

Although the message mentions urgent an update, it is common for the technical department to send this type of instructions. The email appears well written, and there are no spelling errors, which lends it legitimacy.

The confirmation request after executing the file indicates follow-up by the sender, which suggests it is an official procedure. The tone is formal and technical, so it does not seem suspicious.

continue

Wow! It seems to be a cyberattack on my email account.

Yes, you should strengthen security to prevent future mistakes that could put documents and important company data at risk.

Can you help me improve it?

Sure, here are some recommendations:

• Use a password with a minimum of 12 alphanumeric characters in lowercase and uppercase that is unique for each account.
• Passwords should not contain personal data.
• It is best to generate it with a password manager.
• Keep your operating system and antivirus updated.
• Activate two-step verification on your accounts.

continue

Which of the following actions is the most effective to improve cybersecurity daily?

Avoid connecting to public Wi-Fi networks whenever possible, and if you do, do not open any browser to reduce the risk.

Use unique passwords for each account, enable two-factor authentication, and keep your devices and software updated regularly.

Use the same password for all your accounts, but make sure it is very long and complex, so it is easier to remember.

continue

Great! I will apply all this knowledge right away, so all the data I have access to will be much better protected.

Remember that after some time, you will need to set some new passwords with the security criteria mentioned above.

continue

What have we learned?

Throughout this session, we have learned many of the most important keys to avoid cyberattacks on our accounts and devices, avoiding very common mistakes.

Keep your operating system and antivirus updated.

Use secure and unique passwords.

Activate two-step verification.

Updates fix security flaws that cybercriminals might exploit. Do not ignore them: update regularly to keep your device protected.

Add an extra layer of security to your accounts. Even if someone guesses your password, they will need a second code to access. It is easy to activate and very effective.

Avoid reusing passwords and create long keys with letters, numbers, and symbols. This way, you better protect your accounts. Use a manager to remember them without hassle.

Do not share personal information unless you are sure of the recipient's identity.

Always review the sender and links before clicking.

Before sharing any personal information, it is essential to ensure that the recipient is who they claim to be. It is important to use secure channels to share sensitive information.

Many attacks come through emails that appear legitimate. Verify the sender's address and hover over links to check if they are trustworthy.

continue

Which of the following practices is safest to protect a password?

What should you do if you receive an email from an unknown source with a suspicious link?

Why is it important to keep operating systems and applications up to date?

Is it safe to use the same password across multiple websites if you have a complex password?

Congratulations!

From now on, you will be able to put into practice everything you have learned about cybersecurity and optimize your accounts to prevent attacks.

From: support.technical@mycompany.com To: [you@mycompany.com] Subject: 🔐 Mandatory Security Update – Action Required Before 6:00 PM Hello Álvaro, The Technical Support Department has detected a vulnerability related to the access credentials of several users. To ensure the security of your data and the corporate system, it is mandatory to apply a security update before today at 6:00 PM. Please download and run the attached file on your device: Attachment: Security_Update_TI.exe Once the update is completed, reply to this email with “UPDATED”. Thank you for your cooperation, Technical Support Department – mycompany.com support.technical@mycompany.com