Using a single, highly secure firewall to protect an organisation

Implementing multiple layers of security controls to mitigate threats

Keeping all software up to date to prevent attacks

Disconnecting critical systems from the internet entirely

A phishing email that compromised employee credentials

A denial-of-service (DoS) attack that overwhelmed their servers

An insider threat from a disgruntled employee

A ransomware attack that exploited an unpatched system

Shoulder surfing

Smishing

Dumpster diving

Baiting

It targets a large group of people randomly

It includes fake advertisements to trick users

It is highly targeted towards a specific individual or organisation

It only uses phone calls instead of emails

Ignoring software updates to maintain compatibility

Disabling unnecessary services and closing unused ports

Using public Wi-Fi to improve accessibility

Storing passwords in a text document for easy access

By training employees not to click on suspicious links in text messages

By installing antivirus software on desktop computers

By setting up a firewall to block suspicious emails

By encrypting all company data

Only using security measures when an attack is detected

Installing firewalls and forgetting about security threats

Allowing employees to set their own security protocols

Regularly updating passwords and software to reduce vulnerabilities