Settings
Language
Color Theme
Cybersecurity for executives
For executives, cyber risks rarely appear as obvious threats. More often, they arrive disguised as routine approvals, urgent decisions, or confidential requests designed to keep business moving.
Why executives are prime targets
Decisions that executives make can directly influence finances, partnerships, strategy, and brand reputation. If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact.
Why do cybercriminals see executives as valuable targets?
Loading...
View Options Again
Using an assistant remove cybersecurity responsibilities from executives
Executives have limited access to systems
Executives are not involved in financial decisions
Executives can quickly initiate high-impact requests involving money and data
Real details can be used to deceive
Cybercriminals will often highly personalize phishing emails when attempting to compromise an executive. As part of this, the attacker will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment.
Is the following statement True or False:
Cybercriminals frequently research real projects and relationships to make phishing attempts more convincing.
Loading...
View Options Again
True
False
Which of the following is a key red flag in a phishing email targeting an executive?
Loading...
View Options Again
A standard quarterly report
A routine project update from a known team member
A request to urgently download a file called "confidential.msi" while keeping the matter confidential
A calendar reminder from your own department
Balancing speed and sound judgment
Strong leaders act decisively, but not blindly. A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents.
Is the following statement True or False:
Pausing to verify a sensitive or suspicious request can reduce cybersecurity risk.
Loading...
View Options Again
True
False
You receive an urgent email from an unknown address tied to a real project asking you to approve a payment immediately. What should you do?
Loading...
View Options Again
Approve it to maintain momentum
Ignore the request until they follow up
Ask your assistant to process it quickly
Pause and verify the request through trusted and known communication channels
Your name carries authority
Requests appearing to come from you can trigger immediate action across finance, HR, legal, and operations. Cybercriminals may attempt to impersonate executives to pressure staff into bypassing approved processes.
Your decisions set precedent
When leaders bypass approved processes or side-step approvals, it signals that process can be overridden. Good cybersecurity starts at the top.
Social engineering extends beyond email
Executives may be targeted through phone calls, text messages, or social media where cybercriminals attempt to build trust outside the workplace.
Social media exposure
Public posts can reveal business relationships, projects, and travel plans that cybercriminals use to craft believable phishing emails. When making public statements or posts, remain conscious of what's said, and how it may be used by malicious individuals.
Is the following statement True or False:
Sharing internal project names or sensitive client details publicly can increase cyber risk.
Loading...
View Options Again
True
False
Wrapping up
Cybersecurity is not about slowing leadership down. By following the practices outlined in this training, you can protect both the organization and yourself from cyberattacks.
Back
Next
Translation Correction
×
Select a translation to correct...
Begin the Guided Tour
[0, "Begin the Guided Tour", "Begin the Guided Tour"],
Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.
[1, "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.", "Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action."],
Compose
[2, "Compose", "Compose"],
Folders
[3, "Folders", "Folders"],
Inbox
[4, "Inbox", "Inbox"],
Starred
[5, "Starred", "Starred"],
Draft
[6, "Draft", "Draft"],
Sent Mail
[7, "Sent Mail", "Sent Mail"],
Spam
[8, "Spam", "Spam"],
Trash
[9, "Trash", "Trash"],
[URGENT] Claim Your Work From Home Set-Up Payment
[10, "[URGENT] Claim Your Work From Home Set-Up Payment", "[URGENT] Claim Your Work From Home Set-Up Payment"],
Human Resources
[11, "Human Resources", "Human Resources"],
to
[12, "to", "to"],
Claim Your Work From Home Set-Up Payment
[13, "Claim Your Work From Home Set-Up Payment", "Claim Your Work From Home Set-Up Payment"],
Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of
[14, "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of", "Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of"],
to ensure that you have a suitable home working set-up.
[15, "to ensure that you have a suitable home working set-up.", "to ensure that you have a suitable home working set-up."],
To receive the payment via payroll
[16, "To receive the payment via payroll", "To receive the payment via payroll"],
you will need to complete this
[17, "you will need to complete this", "you will need to complete this"],
acknowledgement form
[18, "acknowledgement form", "acknowledgement form"],
For more information on how to set up your home office space safely, please look at the
[19, "For more information on how to set up your home office space safely, please look at the", "For more information on how to set up your home office space safely, please look at the"],
Thank you
[20, "Thank you", "Thank you"],
The Human Resources Team
[21, "The Human Resources Team", "The Human Resources Team"],
This is an automatically generated email, please do not reply
[22, "This is an automatically generated email, please do not reply", "This is an automatically generated email, please do not reply"],
Is the following statement True or False
[23, "Is the following statement True or False", "Is the following statement True or False"],
View Options Again
[24, "View Options Again", "View Options Again"],
Email Subject: Urgent Action
[25, "Email Subject: Urgent Action", "Email Subject: Urgent Action"],
Phishing attacks are designed to put a
[26, "Phishing attacks are designed to put a", "Phishing attacks are designed to put a"],
time pressure on us to act fast
[27, "time pressure on us to act fast", "time pressure on us to act fast"],
This can cause us to skip much of the critical thinking we normally apply when browsing our emails
[28, "This can cause us to skip much of the critical thinking we normally apply when browsing our emails", "This can cause us to skip much of the critical thinking we normally apply when browsing our emails"],
Email Sender: Fradulent Address
[29, "Email Sender: Fradulent Address", "Email Sender: Fradulent Address"],
Email Sender: Fraudulent Address
[30, "Email Sender: Fraudulent Address", "Email Sender: Fraudulent Address"],
Attackers will often use
[31, "Attackers will often use", "Attackers will often use"],
obscure email addresses and use display names
[32, "obscure email addresses and use display names", "obscure email addresses and use display names"],
that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information
[33, "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information", "that appear legitimate to the naked eye. Be cautious and carefully inspect email sender information"],
Email Content: Engaging Topic
[34, "Email Content: Engaging Topic", "Email Content: Engaging Topic"],
Attackers often use a
[35, "Attackers often use a", "Attackers often use a"],
broad but important topic
[36, "broad but important topic", "broad but important topic"],
to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.
[37, "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes.", "to increase the likelihood of a victim interacting with the phishing material. These topics may include geographic, political or financial themes."],
Email Link: Phishing Website
[38, "Email Link: Phishing Website", "Email Link: Phishing Website"],
hovering over the link
[39, "hovering over the link", "hovering over the link"],
you'll see the true link location. Often this is enough to see the malicious intent.
[40, "you'll see the true link location. Often this is enough to see the malicious intent.", "you'll see the true link location. Often this is enough to see the malicious intent."],
Wrapping up
[41, "Wrapping up", "Wrapping up"],
If you
[42, "If you", "If you"],
spot anything suspicious
[43, "spot anything suspicious", "spot anything suspicious"],
with the email sender, subject, content, links or attachments
[44, "with the email sender, subject, content, links or attachments", "with the email sender, subject, content, links or attachments"],
Don't take the risk. Report the email to your IT or Security team for review.
[45, "Don't take the risk. Report the email to your IT or Security team for review.", "Don't take the risk. Report the email to your IT or Security team for review."],
Submit
[46, "Submit", "Submit"],
Next
[47, "Next", "Next"],
Back
[48, "Back", "Back"],
Malicious links will often appear with innocent looking text. By
[49, "Malicious links will often appear with innocent looking text. By", "Malicious links will often appear with innocent looking text. By"],
Correct!
[50, "Correct!", "Correct!"],
Incorrect
[51, "Incorrect", "Incorrect"],
True
[52, "True", "True"],
False
[53, "False", "False"],
Change language
[54, "Change language", "Change language"],
Current Language
[55, "Current Language", "Current Language"],
Use Browser Settings
[56, "Use Browser Settings", "Use Browser Settings"],
Select a language
[57, "Select a language", "Select a language"],
Change Language
[58, "Change Language", "Change Language"],
Please select a language
[59, "Please select a language", "Please select a language"],
Language
[60, "Language", "Language"],
Color Theme
[61, "Color Theme", "Color Theme"],
Color Theme And Background Selector
[62, "Color Theme And Background Selector", "Color Theme And Background Selector"],
Colorful Theme
[63, "Colorful Theme", "Colorful Theme"],
Select Theme
[64, "Select Theme", "Select Theme"],
Close
[65, "Close", "Close"],
Dark Theme
[66, "Dark Theme", "Dark Theme"],
Green Theme
[67, "Green Theme", "Green Theme"],
Purple Theme
[68, "Purple Theme", "Purple Theme"],
Light Theme
[69, "Light Theme", "Light Theme"],
Blue Theme
[70, "Blue Theme", "Blue Theme"],
Settings
[71, "Settings", "Settings"],
Theme Selected
[72, "Theme Selected", "Theme Selected"],
This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!
[73, "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!", "This training has been translated from English. If there is an inaccuracy, please report the correct translation by clicking here!"],
Translation Correction
[74, "Translation Correction", "Translation Correction"],
Select a translation to correct...
[75, "Select a translation to correct...", "Select a translation to correct..."],
Original Text
[76, "Original Text", "Original Text"],
Correct Translation
[77, "Correct Translation", "Correct Translation"],
Translation to correct...
[78, "Translation to correct...", "Translation to correct..."],
Submissions are reviewed and applied within 48 hours.
[79, "Submissions are reviewed and applied within 48 hours.", "Submissions are reviewed and applied within 48 hours."],
Submit Correction
[80, "Submit Correction", "Submit Correction"],
Submission Successfully Sent
[81, "Submission Successfully Sent", "Submission Successfully Sent"],
Submission Error - Please Try Again
[82, "Submission Error - Please Try Again", "Submission Error - Please Try Again"],
Submission Sending...
[83, "Submission Sending...", "Submission Sending..."],
Mandatory Viewing
[84, "Mandatory Viewing", "Mandatory Viewing"],
Please watch the video from beginning to end before proceeding.
[85, "Please watch the video from beginning to end before proceeding.", "Please watch the video from beginning to end before proceeding."],
Ok
[86, "Ok", "Ok"],
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
[87, "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.", "Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant."],
Language translation for this training module has been disabled and explicitly set to the following language
[88, "Language translation for this training module has been disabled and explicitly set to the following language", "Language translation for this training module has been disabled and explicitly set to the following language"],
I acknowledge
[89, "I acknowledge", "I acknowledge"],
Thank you for providing an acknowledgement
[90, "Thank you for providing an acknowledgement", "Thank you for providing an acknowledgement"],
Cybersecurity-For-Executives
[91, "Cybersecurity-For-Executives", "Cybersecurity-For-Executives"],
Cybersecurity for executives
[92, "Cybersecurity for executives", "Cybersecurity for executives"],
For executives, cyber risks rarely appear as obvious threats. More often, they arrive disguised as routine approvals, urgent decisions, or confidential requests designed to keep business moving.
[93, "For executives, cyber risks rarely appear as obvious threats. More often, they arrive disguised as routine approvals, urgent decisions, or confidential requests designed to keep business moving.", "For executives, cyber risks rarely appear as obvious threats. More often, they arrive disguised as routine approvals, urgent decisions, or confidential requests designed to keep business moving."],
Why executives are prime targets
[94, "Why executives are prime targets", "Why executives are prime targets"],
Decisions that executives make can directly influence finances, partnerships, strategy, and brand reputation. If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact.
[95, "Decisions that executives make can directly influence finances, partnerships, strategy, and brand reputation. If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact.", "Decisions that executives make can directly influence finances, partnerships, strategy, and brand reputation. If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact."],
Why do cybercriminals see executives as valuable targets?
[96, "Why do cybercriminals see executives as valuable targets?", "Why do cybercriminals see executives as valuable targets?"],
Executives can quickly initiate high-impact requests involving money and data
[97, "Executives can quickly initiate high-impact requests involving money and data", "Executives can quickly initiate high-impact requests involving money and data"],
Executives are not involved in financial decisions
[98, "Executives are not involved in financial decisions", "Executives are not involved in financial decisions"],
Executives have limited access to systems
[99, "Executives have limited access to systems", "Executives have limited access to systems"],
Using an assistant remove cybersecurity responsibilities from executives
[100, "Using an assistant remove cybersecurity responsibilities from executives", "Using an assistant remove cybersecurity responsibilities from executives"],
If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact by initiating high-impact requests.
[101, "If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact by initiating high-impact requests.", "If an executive has their work account compromised, cybercriminals can inflict immediate and severe organizational impact by initiating high-impact requests."],
Real details can be used to deceive
[102, "Real details can be used to deceive", "Real details can be used to deceive"],
Cybercriminals will often highly personalize phishing emails when attempting to compromise an executive. As part of this, the attacker will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment.
[103, "Cybercriminals will often highly personalize phishing emails when attempting to compromise an executive. As part of this, the attacker will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment.", "Cybercriminals will often highly personalize phishing emails when attempting to compromise an executive. As part of this, the attacker will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment."],
Cybercriminals frequently research real projects and relationships to make phishing attempts more convincing.
[104, "Cybercriminals frequently research real projects and relationships to make phishing attempts more convincing. ", "Cybercriminals frequently research real projects and relationships to make phishing attempts more convincing. "],
Cybercriminals will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment.
[105, "Cybercriminals will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment.", "Cybercriminals will research real projects, vendors, suppliers, or upcoming initiatives in an attempt to craft a convincing lure and entice executives to click a link or download an attachment."],
Which of the following is a key red flag in a phishing email targeting an executive?
[106, "Which of the following is a key red flag in a phishing email targeting an executive? ", "Which of the following is a key red flag in a phishing email targeting an executive? "],
A request to urgently download a file called "confidential.msi" while keeping the matter confidential
[107, "A request to urgently download a file called "confidential.msi" while keeping the matter confidential ", "A request to urgently download a file called "confidential.msi" while keeping the matter confidential "],
A routine project update from a known team member
[108, "A routine project update from a known team member ", "A routine project update from a known team member "],
A calendar reminder from your own department
[109, "A calendar reminder from your own department ", "A calendar reminder from your own department "],
A standard quarterly report
[110, "A standard quarterly report", "A standard quarterly report"],
Urgency combined with secrecy is a common manipulation tactic used to get a victim to perform an adverse action without seeking verification from IT or security teams. Additionally, obscure file types, such as those with a ".msi" extension, can be used to install malicious software when opened.
[111, "Urgency combined with secrecy is a common manipulation tactic used to get a victim to perform an adverse action without seeking verification from IT or security teams. Additionally, obscure file types, such as those with a ".msi" extension, can be used to install malicious software when opened.", "Urgency combined with secrecy is a common manipulation tactic used to get a victim to perform an adverse action without seeking verification from IT or security teams. Additionally, obscure file types, such as those with a ".msi" extension, can be used to install malicious software when opened."],
Balancing speed and sound judgment
[112, "Balancing speed and sound judgment", "Balancing speed and sound judgment"],
Strong leaders act decisively, but not blindly. A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents.
[113, "Strong leaders act decisively, but not blindly. A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents.", "Strong leaders act decisively, but not blindly. A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents."],
Pausing to verify a sensitive or suspicious request can reduce cybersecurity risk.
[114, "Pausing to verify a sensitive or suspicious request can reduce cybersecurity risk.", "Pausing to verify a sensitive or suspicious request can reduce cybersecurity risk."],
A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents.
[115, "A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents.", "A brief pause at critical moments can prevent attempted cyberattacks from becoming incidents."],
You receive an urgent email from an unknown address tied to a real project asking you to approve a payment immediately. What should you do?
[116, "You receive an urgent email from an unknown address tied to a real project asking you to approve a payment immediately. What should you do? ", "You receive an urgent email from an unknown address tied to a real project asking you to approve a payment immediately. What should you do? "],
Approve it to maintain momentum
[117, "Approve it to maintain momentum ", "Approve it to maintain momentum "],
Ask your assistant to process it quickly
[118, "Ask your assistant to process it quickly", "Ask your assistant to process it quickly"],
Pause and verify the request through trusted and known communication channels
[119, "Pause and verify the request through trusted and known communication channels", "Pause and verify the request through trusted and known communication channels"],
Ignore the request until they follow up
[120, "Ignore the request until they follow up", "Ignore the request until they follow up"],
Cybercriminals rely on speed and routine. By verifying unexpected requests, you can prevent a potential cyberattack from turning into a cyber incident.
[121, "Cybercriminals rely on speed and routine. By verifying unexpected requests, you can prevent a potential cyberattack from turning into a cyber incident.", "Cybercriminals rely on speed and routine. By verifying unexpected requests, you can prevent a potential cyberattack from turning into a cyber incident."],
Your name carries authority
[122, "Your name carries authority", "Your name carries authority"],
Requests appearing to come from you can trigger immediate action across finance, HR, legal, and operations. Cybercriminals may attempt to impersonate executives to pressure staff into bypassing approved processes.
[123, "Requests appearing to come from you can trigger immediate action across finance, HR, legal, and operations. Cybercriminals may attempt to impersonate executives to pressure staff into bypassing approved processes.", "Requests appearing to come from you can trigger immediate action across finance, HR, legal, and operations. Cybercriminals may attempt to impersonate executives to pressure staff into bypassing approved processes."],
Your decisions set precedent
[124, "Your decisions set precedent", "Your decisions set precedent"],
When leaders bypass approved processes or side-step approvals, it signals that process can be overridden. Good cybersecurity starts at the top.
[125, "When leaders bypass approved processes or side-step approvals, it signals that process can be overridden. Good cybersecurity starts at the top.", "When leaders bypass approved processes or side-step approvals, it signals that process can be overridden. Good cybersecurity starts at the top."],
Social engineering extends beyond email
[126, "Social engineering extends beyond email", "Social engineering extends beyond email"],
Executives may be targeted through phone calls, text messages, or social media where cybercriminals attempt to build trust outside the workplace.
[127, "Executives may be targeted through phone calls, text messages, or social media where cybercriminals attempt to build trust outside the workplace.", "Executives may be targeted through phone calls, text messages, or social media where cybercriminals attempt to build trust outside the workplace."],
Social media exposure
[128, "Social media exposure", "Social media exposure"],
Public posts can reveal business relationships, projects, and travel plans that cybercriminals use to craft believable phishing emails. When making public statements or posts, remain conscious of what's said, and how it may be used by malicious individuals.
[129, "Public posts can reveal business relationships, projects, and travel plans that cybercriminals use to craft believable phishing emails. When making public statements or posts, remain conscious of what's said, and how it may be used by malicious individuals.", "Public posts can reveal business relationships, projects, and travel plans that cybercriminals use to craft believable phishing emails. When making public statements or posts, remain conscious of what's said, and how it may be used by malicious individuals."],
Sharing internal project names or sensitive client details publicly can increase cyber risk.
[130, "Sharing internal project names or sensitive client details publicly can increase cyber risk.", "Sharing internal project names or sensitive client details publicly can increase cyber risk."],
Public information gives cybercriminals material to personalize and strengthen phishing attacks.
[131, "Public information gives cybercriminals material to personalize and strengthen phishing attacks.", "Public information gives cybercriminals material to personalize and strengthen phishing attacks."],
Wrapping up
[132, "Wrapping up", "Wrapping up"],
Cybersecurity is not about slowing leadership down. By following the practices outlined in this training, you can protect both the organization and yourself from cyberattacks.
[133, "Cybersecurity is not about slowing leadership down. By following the practices outlined in this training, you can protect both the organization and yourself from cyberattacks.", "Cybersecurity is not about slowing leadership down. By following the practices outlined in this training, you can protect both the organization and yourself from cyberattacks."],
[134, "", ""],
Original Text (English)
Correct Translation (English)
Submissions are reviewed and applied within 48 hours.
Color Theme And Background Selector
×
Colorful Theme
Select Theme
Blue Theme
Select Theme
Light Theme
Select Theme
Purple Theme
Select Theme
Green Theme
Select Theme
Dark Theme
Select Theme
Note: The Colorful, Blue, Light, and Dark Themes are all WCAG 2.2 Level AA conformant.
