Employee Cybersecurity Knowledge Test

Employee Cybersecurity Knowledge Test

12 – 55 Questions 17 min
This quiz evaluates practical employee cybersecurity behaviors across enterprise email, identity, and endpoint hygiene: spotting phishing, using password managers with multi-factor authentication, keeping devices patched, and protecting sensitive data. It reflects daily decisions around links, attachments, Wi‑Fi/VPN, and incident reporting. Office staff, managers, and IT support benefit from consistent, policy-aligned habits.
Start
Choose quiz length
1What is a commonly recommended minimum length for a work password or passphrase?
2An email that sounds urgent is always a phishing attempt.

True / False

3What is the safest default approach to software updates on work devices (when policy allows)?
4Where should you store sensitive work files so they are protected and regularly backed up?
5Which action best verifies who an email is actually from?
6Before stepping away from your desk, what should you do to protect your workstation?
7Which setting helps reduce risk when traveling with a work laptop?
8Hovering over a link in an email can help you see the real destination before clicking.

True / False

9You clicked a suspicious link in an email and realized it might be phishing. What should you do first?
10You’re at an airport using public Wi‑Fi and need to check a work dashboard. What is the best next step?
11You receive an unexpected email claiming your account will be disabled today unless you act. Select all that apply.

Select all that apply

12Reusing the same password for work and personal accounts is acceptable if it helps you remember it.

True / False

13You must use public Wi‑Fi to work for 20 minutes. Select all that apply.

Select all that apply

14You get an email from “HR” asking you to urgently change your direct-deposit bank details using a link. What should you do?
15You need to share a file that contains sensitive work data with a colleague. Select all that apply.

Select all that apply

16A coworker says they store all passwords in a notes app because it’s faster. What is the best recommendation?
17You find an unlabeled USB drive in the office parking lot. What is the safest action?
18A colleague delays installing security updates for weeks because “it still works fine.” What is the best security reason to update promptly?
19Arrange the best response steps after you realize your company laptop is missing, from first to last.

Put in order

1Document the incident per policy
2Work with IT on remote lock/wipe actions
3Report the loss to IT/security immediately
4Provide last known location and time
5Change passwords from another device (as directed)
20Arrange the steps for handling a suspicious email BEFORE you click anything, from first to last.

Put in order

1Pause and do not click
2Verify the request via a known channel
3Check the full sender address
4Hover to inspect the link destination
5Report using the organization’s phishing process
21Which two-factor authentication (2FA) option is generally strongest for work accounts?
22If you use a VPN on public Wi‑Fi, you can safely ignore other security precautions.

True / False

23Which behaviors reduce risk from unpatched vulnerabilities? Select all that apply.

Select all that apply

24You receive an unexpected document that asks you to “Enable Macros to view content.” What should you do?

Disclaimer

This quiz is for educational purposes only. It does not constitute professional advice. Consult a qualified professional for specific guidance.

Everyday Workplace Security Mistakes That Trigger Incidents (and How to Prevent Them)

Misreading “looks legit” signals in email

Attackers rely on realistic branding, familiar names, and urgent tone. A common error is trusting the display name (e.g., “Payroll Team”) instead of verifying the actual sender address, reply-to behavior, and whether the request matches a known process.

  • Avoid it: Treat unexpected invoices, gift-card requests, password resets, and document-share invites as hostile until verified via a separate channel.

Approving MFA prompts you didn’t initiate

MFA “push fatigue” works because people tap Approve to stop the notifications. Approving an unsolicited prompt can complete an attacker’s login.

  • Avoid it: Deny unexpected prompts and report them immediately; re-authenticate only after you start a login yourself.

Using weak, reused, or shared credentials

Reused passwords turn one breach into many. Shared accounts remove accountability and block meaningful auditing.

  • Avoid it: Use an approved password manager for unique passphrases; request named access instead of borrowing credentials.

Deferring updates and restarts

Skipping patch prompts leaves known vulnerabilities exposed—often the same ones attackers mass-scan for.

  • Avoid it: Schedule a weekly update window, restart promptly, and don’t disable endpoint protections without IT approval.

“Convenience” data handling that breaks policy

Forwarding work files to personal email, copying sensitive data into unmanaged notes apps, or uploading to unapproved cloud storage creates shadow IT and data leakage risk.

  • Avoid it: Use approved sharing tools, label/classify data as required, and encrypt or restrict access when handling sensitive information.

Not reporting near-misses

People often report only after damage is obvious. Early reporting (even if you’re unsure) limits attacker dwell time.

  • Avoid it: Report suspicious messages, accidental clicks, lost devices, or unusual pop-ups immediately—speed matters more than certainty.

Employee Cybersecurity Quick Reference (Printable): Email, Authentication, Devices, and Data

Printable note: Print this page section or save it as a PDF for quick review before taking the quiz and during periodic security refreshers.

Suspicious email/link checklist (60-second triage)

  • Context: Were you expecting this message, attachment, or shared document?
  • Sender: Check the full sender address and reply-to behavior; watch for subtle lookalikes.
  • Request: Be skeptical of urgency, secrecy, payment changes, credential prompts, or “download to view.”
  • Links: Hover/preview destinations; avoid logging in from email links—navigate via known bookmarks instead.
  • Attachments: Treat unexpected files (especially “invoice,” “scan,” “secure document”) as risky; verify first.

Passwords + password managers

  • Use unique passphrases for every account; length beats complexity tricks.
  • Never reuse work passwords on personal sites (or vice versa).
  • Prefer a manager to generate/store credentials; don’t keep passwords in spreadsheets or notes.
  • Change passwords immediately if you suspect compromise or if IT directs you after an incident.

Multi-factor authentication (MFA)

  • Deny unexpected prompts; repeated prompts are a red flag.
  • Prefer stronger factors when available (authenticator app codes, number matching, hardware keys) over SMS.
  • Never share one-time codes or approve sign-ins “to help IT” unless you initiated a verified support session.

Device and software hygiene

  • Update promptly (OS, browser, apps, plugins) and restart when required.
  • Lock your screen when stepping away; use approved auto-lock settings.
  • Only install approved software; request exceptions through IT rather than self-installing tools.

Remote work, Wi‑Fi, and removable media

  • Use VPN when required, especially on untrusted networks.
  • Avoid unknown USB devices; only use organization-issued or approved media.
  • Protect conversations in public: shoulder-surfing and speakerphone leakage count as data exposure.

Incident reporting: what to report immediately

  • Clicked a suspicious link, opened an unexpected attachment, or entered credentials in a page you now distrust.
  • Unexpected MFA prompts, account lockouts, or password reset emails you didn’t request.
  • Lost/stolen devices, exposed documents, or sensitive data sent to the wrong recipient.
  • Any unusual device behavior (new toolbars, persistent pop-ups, sudden encryption/ransom notes).

Phishing and Business Email Compromise Walkthrough: Verify, Contain, Report

Scenario

You receive an email that appears to be from a known vendor: “Updated banking details—please reprocess the attached invoice today.” It includes a PDF and asks you to reply confirming payment.

Step-by-step decision path

  1. Pause and classify the request. This is a high-risk pattern: payment change + urgency. Treat it as potential business email compromise (BEC), even if the vendor name looks correct.
  2. Verify the sender, not the display name. Check the full from-address for lookalike domains and whether the reply-to address differs. A mismatch is a strong indicator of spoofing or account takeover.
  3. Avoid using the email thread to validate. Don’t reply to the message to “confirm.” Use an out-of-band method: call a known vendor contact number from your records (not the email signature) or verify through your procurement system.
  4. Handle the attachment safely. Don’t open the PDF “just to look.” If policy allows, submit the email to your organization’s phishing-report process so security tools can analyze it.
  5. Contain if you interacted. If you opened the attachment or clicked anything, immediately report what happened, what device you used, and what credentials (if any) you entered. Follow IT guidance—do not “self-fix” by deleting evidence or running unapproved tools.
  6. Document the business impact. If any payment was initiated, notify the appropriate finance/management channel immediately; rapid escalation can reduce losses.

What the quiz is testing here

Whether you recognize high-risk social engineering patterns, use verification workflows, and prioritize fast reporting and containment over embarrassment or delay.

Employee Cybersecurity Knowledge Test FAQ: What “Good Security” Looks Like at Work

What’s the fastest way to tell a normal internal email from a phishing attempt?

Start with the process, not the branding. Legitimate requests usually match an established workflow (ticketing, approvals, known portals). Phishing often introduces a new process (“download this file to view,” “reply with codes,” “urgent payment change”) and pressures you to act outside normal channels. For deeper email-specific practice, see Email Security And Compliance.

If I clicked a suspicious link but didn’t type my password, do I still report it?

Yes. Clicking can trigger device fingerprinting, token theft attempts, drive-by downloads, or route you into a convincing credential capture flow later. Report quickly with the message details and what you clicked so security can block the destination, review logs, and validate your endpoint.

Why is approving an unexpected MFA push such a big deal?

An unsolicited MFA prompt can mean your password is already compromised. If you approve it, you may complete an attacker’s login in real time. The correct behavior is to deny the prompt, stop what you’re doing, and report it—especially if prompts repeat.

Should I change my password regularly “just in case”?

Follow your organization’s policy. In many environments, forced frequent rotation can lead to predictable patterns and weaker choices. What consistently helps is using unique long passphrases, a password manager, and MFA, and changing credentials immediately when compromise is suspected or confirmed.

Is public Wi‑Fi safe if I’m using a VPN?

A VPN reduces risk by encrypting traffic between your device and the VPN endpoint, but it doesn’t make unsafe behavior safe. You still need to avoid unknown USB devices, keep your OS/browser patched, and verify you’re connecting to the intended network. If a task involves highly sensitive data, use a trusted connection when possible.

How do I decide whether a file contains “sensitive data” that needs extra protection?

Use your organization’s data classification rules (examples: customer personal data, financial reports, credentials, internal-only strategy docs). When in doubt, treat it as sensitive: restrict sharing to named recipients, use approved storage, and avoid copying into unmanaged apps. For policy-focused practice, see Data Protection Quiz.

Five Non-Negotiable Cybersecurity Actions Employees Should Practice Daily

  1. Verify high-impact requests out of band. Payment changes, credential prompts, and access requests should be confirmed through known channels (ticketing system, directory, or a phone number from your records), not by replying to the email.
  2. Use a password manager + MFA as the default. Unique long passphrases stored in an approved manager, combined with MFA, reduces the blast radius of inevitable credential leaks.
  3. Deny and report unexpected MFA prompts immediately. Treat “I didn’t log in but got an MFA request” as a potential account-compromise signal, not a nuisance.
  4. Patch fast; restart when required. Delayed OS/browser/app updates are a primary path to compromise because attackers target known vulnerabilities that already have fixes.
  5. Report near-misses, not just confirmed breaches. A quick report of a suspicious email, accidental click, or lost device enables containment and protects coworkers from the same lure.

Workplace Cybersecurity Glossary: Terms You’ll See in the Quiz

Phishing
Social engineering that uses messages or websites to trick you into revealing credentials, opening malware, or approving access. Example: “Your mailbox is full—sign in to re-activate.”
Business Email Compromise (BEC)
A targeted scam that impersonates executives, vendors, or finance staff to redirect payments or obtain sensitive data. Example: “Use this new bank account for the next wire transfer.”
MFA push fatigue
An attack pattern where repeated MFA prompts pressure a user to approve one. Example: Multiple “Approve sign-in?” notifications appear while you’re in a meeting.
Least privilege
Granting only the access needed to do a job, no more, and removing it when it’s no longer needed. Example: A contractor gets read-only access to one folder, not the entire shared drive.
Data classification
Labeling information by sensitivity to determine required handling controls (sharing, storage, encryption, retention). Example: Marking a customer export as “Confidential” and restricting recipients.
Patch management
The process of applying updates to fix vulnerabilities in operating systems and applications. Example: Restarting promptly after a security update to ensure the patch is applied.
VPN
A secure tunnel that encrypts traffic between your device and an organizational network or gateway. Example: Using VPN before accessing internal tools from a hotel network.
Incident reporting
Notifying the correct internal team quickly when suspicious activity occurs so they can investigate and contain it. Example: Reporting that you entered credentials on a page you now suspect was fake.

Authoritative Cybersecurity Awareness References (CISA, NIST, FTC, FBI)

Related Quizzes

Basic Networking & Cybersecurity Quiz Basic Networking & Cybersecurity Quiz Cyber Security Quiz With Certificate Free Cyber Security Quiz With Certificate Free Cybersecurity Basics Quiz Cybersecurity Basics Quiz Employee Ethics Training Quiz Employee Ethics Training Quiz Airport Security Awareness Quiz Airport Security Awareness Quiz