Insights
Training
On-demand
INSIGHTS
All Topics
Quiz: Do you know how to prevent a cyber attack?
14 Mar 2025by Laura Stanley
Test your knowledge of the five core controls recommended by the Cyber Essentials scheme to mitigate cyber threats in the charity sector
Sharelines
Test your cyber security knowledge with our quizDo you know how to prevent a cyber attack?Quiz: The five core controls to prevent a cyber attack
Charities of any size can experience a cyber breach. Around a third of charities in the UK reported experiencing some sort of cyber attack or breach over the last 12 months, according the UK Government’s 2024 Cyber Security Breaches Survey.
Fortunately, there are measures that charities can take to mitigate against this risk. The Cyber Essentials certification scheme, delivered by IASME in partnership with the National Cyber Security Centre, centres around five core controls that will reduce the impact of common cyber attacks:
With these controls in place, charities can apply for the Cyber Essentials certification, allowing charities to take stock of their cyber security, communicate to their audiences how seriously they are taking it, and ultimately reduce the impact of common cyber attacks by up to 80%.
During October, which is Charity Cyber Security Awareness month, if you are a registered charity and you sign up and pay for Cyber Essentials between 1 and 31 October you will receive a discount to the price of certification. Working in partnership with selected Certification Bodies around the UK and Crown Dependencies, IASME will be offering free support and guidance to help charities achieve certification.
To test your knowledge on the five core controls that help protect against cyber threats, we’ve set six questions for charities to answer, helping them to understand more about how the Cyber Essentials requirements can help strengthen their cyber security.
Start the quiz below!
Question 1: Cyber security in the UK charity sector
What percentage of charities experienced a cyber breach or attack over the last 12 months, according to the 2024 Cyber Breaches report?
Question 2: User access control
User access control regulates who can access your data and services and what level of access they have. Charities should only provide privileged access to people who need it for their roles, keep track of who has these accounts and regularly review these privileges.
For example, while an IT professional may have an administrator account, allowing them higher levels of control over devices and systems, a volunteer only has access to the digital tools they need for their day-to-day roles.
What actions can an administrator account take that a standard user account can’t?
Question 3: Malware protection
Charities can use anti-malware software to scan web pages and files when downloaded or opened to identify and deactivate viruses or malicious software before it can cause damage.
Only approved applications should be used on each device. Organisations should have a robust approval process that includes keeping a regular list of apps that are allowed and what they can access.
What is an “allow list”?
Question 4: Secure configuration
Secure configuration refers to the way a computer is set up to minimise the ways a cyber criminal can find a way in. This includes the use of passwords, multi-factor authentication, and the removal of software and accounts that you do not use.
When an account is protected by a password alone, according to the Cyber Essentials requirements, what is the minimum length of that password?
Question 5: Firewalls
Firewalls are like a security filter between the internet and your network and on your device. Firewalls check and monitor data in both directions as it moves through the network and can block or permit the data according to the predefined firewall rules.
Which of these statements about firewalls is false?
Question 6: Security update management
Within a piece of software’s functioning life span, as soon as an error or ‘vulnerability’ is discovered, the manufacturer creates an update that that will fix and close the opening to prevent its exploitation by cyber criminals. The process of applying an update is known as security update management or “patching”.
How soon should high risk and critical software updates be applied after their release?
Answers
-
Incorrect!
32% of charities reported experiencing a cyber breach or attack in the previous 12 months, according to the 2024 Cyber Breaches survey.
-
Incorrect!
Administrator accounts provide a high level of control over systems. Unlike regular user accounts, they alone are able to create, modify, and delete user accounts, install new software, and change system settings.
-
Incorrect!
An “allow list” is a list of applications that you know are safe to use and that you need to access.
-
Incorrect!
In most cases, 12 characters is the minimum length of a password or pin code for Cyber Essentials. Exceptions include when unlocking a device (6 characters) or where multi-factor authentication is in use (8 characters).
-
Incorrect!
The false statement is that a firewall is a physical device only. A firewall can also be a piece of software found in most common desktop and laptop operating systems.
-
Incorrect!
All modern software will need to ‘update’ on a regular basis as part of its maintenance, ensuring that vulnerabilities are patched within 14 days of the update.
-
Correct!
Well done!
-
Correct!
Well done!
-
Correct!
Well done!
-
Correct!
Well done!
6. Correct!
All modern software will need to ‘update’ on a regular basis as part of its maintenance, ensuring that vulnerabilities are patched within 14 days of the update.
You’ve completed the quiz!
Sounds like you’re ready for Cyber Essentials. Check out the Cyber Essentials Readiness Tool to understand whether the cyber security in your organisation meets the requirements for Cyber Essentials.
Follow-up questions for CAI
How do firewalls filter and control network traffic to enhance security?What steps ensure secure configuration minimizes cyber attack vulnerabilities?How does user access control limit data access to necessary personnel?What role does malware protection play in preventing cyber threats?How quickly should critical software updates be applied to maintain security?
Laura Stanley
Laura Stanley
More on this topic
Related Content
Recommended Products
Recommended Products
Our Events
11 Feb 2026Online
Masterclass: Working smarter with AI: A practical introduction
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
