Professional Documents
Culture Documents
WHMW2 Doc
WHMW2 Doc
WHMW2 Doc
Phishing Section:
Types of phishing
Email = Phishing
Texts = Smishing
Q&A:
Q1: You receive an email that includes a link, that is sent from an unfamiliar sender, with the [External]
tag in the subject line and External email header. Which of the following options is one way to determine
if this is phishing?
Feedback: Excellent! In some cases, you may be unsure if an email is real or a phishing attempt, so it is
important to be extra cautious if it looks suspicious.
A key indicator to look out for is the [External] tag in the subject line and the external email header in
the body of the email.
Never reply directly to the email, never forward it along to others, and only click on links to reputable or
known websites. You can hover over the link to verify authenticity (look for HTTPS, rather than HTTP, as
an indicator that it is a secure link).
Always use the “Report Phishing” button in Outlook if the email, or links within an email, appear
untrustworthy.
a) Unfamiliar senders
b) Emotional motivators
c) Spelling and grammatical errors
d) All of the above
Feedback: Correct! You should look out for all of these things, as they are all key indicators of a phishing
attempt.
Some other warning signs to keep in mind are unfamiliar sender email domain, [EXTERNAL] tag or
external email header, suspicious URLs, attachments, or links, and unusual or inconsistent email
formatting.
Storage Section:
Storage Dos and DON’Ts
DOs
DON’Ts
Don’t keep what you don’t own – delete work products when you roll off or are leaving Accenture
Q&A:
Q1: You have access to financial statements for an upcoming Accenture acquisition. Where is the most
secure and appropriate location to store these materials?
Feedback: Great work! You should always use Accenture or client approved storage locations, such as a
Private Channel of a Private Team, OneDrive, and SharePoint to save your work and when collaborating
with colleagues.
Q2: The purpose of the Sensitivity bar in the Microsoft Office Suite is to:
a) Apply data classification and protection to the content you are creating or handling
b) Easily upload work products to public sites
c) Identify sensitive information that needs to be omitted from the documents you are sending
Feedback: Fantastic! You are responsible for protecting the data in your care. Do this by utilizing the
Sensitivity bar for every document and email you create.
Confirm you are selecting the appropriate data classification and protection by using Accenture’s helpful
resources.
Q&A:
Q1: Which of the following actions can you take to maximize your home network’s security?
a) Guarantee you won’t forget the network password by writing it down on a post-it note and
sticking it to the fridge
b) Ensure your Wi-Fi network is configured with WPA2 or WPA3 encryption
c) Keep the default password that came with your router
Feedback: You got it! Verifying that your Wi-Fi network is configured with WPA2 or WPA3 encryption is
crucial to securing your home network.
It’s also important to update the router’s default password and keep it secure.
But remember, don’t write it down or use the same password you use for other accounts.
a) You receive an email from an unknown sender and delete it without clicking any links
b) A previous teammate requests that you send a reporting template from the project you worked
on together and you are unsure if you have permission to share it
c) You sent the monthly client financial report to the wrong distribution list
Feedback: That’s right! You should call ASOC when you experience any type of security incident,
including a breach of client or Accenture data, lost/stolen devices, a compromised system (such as
malware on your workstation or personal device), and physical or personal safety emergencies.
Be sure you add the ASOC phone number (+1-202-728-0645) as a contact in your mobile device so you
can quickly use it in an emergency, and bookmark the ASOC Portal on your web browser.
Q&A:
Feedback: Correct! Emailing the wrong person or sending the wrong attachment is a very common
mistake.
You can avoid this by always using these email best practices:
Feedback: You got it! Don’t put Accenture or client information at risk by posing sensitive information
that is not yours to share.
In some cases, even the fact that we are working for a specific client can be confidential.
Make sure you obtain permission from account leadership before mentioning client names or
relationships on social media.
You may reference the general nature of the work you do at Accenture, but you must never disclose
sensitive information that could harm Accenture’s brand, clients, or people.
Some examples of sensitive information you must not share publicly include:
Organization charts
Client’s customer names and personal data
Product specifications
Non-public financial information
Workstation compliance section:
Protecting your workstation
Q&A:
Q1: In order to keep your workstation compliant with Accenture’s requirements, make sure to:
a) Restart your computer at least once a week and take action on any Protect myTech notifications
b) Install peer-to-peer file sharing software to easily exchange files
c) Delay the installation of security updates as long as you can
Feedback: Nice job! You’d be surprised by how many computer issues can be resolved by simply
restarting your machine.
On top of a weekly reboot, complying with Protect myTech notifications and emails is a must. They
provide specific directions and reminders on how to keep your workstation from becoming non-
compliant.
Additionally, make sure you always update software whenever prompted and have the latest operating
system updates on your personal devices to protect against vulnerabilities.
Q2: Under what circumstances can you use your personal computer to access client data?
a) If you can’t access the files on your work computer and a deadline is fast approaching
b) If your work computer got stolen and you are waiting to receive a replacement
c) None, client data should never be accessed using a personal computer
Feedback: That’s right! You should never use your personal computer to access client data.
Your Accenture or client provided computer has built in safeguards to ensure your laptop has not been
compromised and is keeping Accenture and client data safe.
Q&A:
Q1: Your Accenture email address can be used in which of the following scenarios?
Feedback: Nice work! Your Accenture email address should only be used for accounts related to your
work at Accenture, such as professional memberships or conferences, third-party tools and any other
work-related accounts.
Use your personal email for any non-business related accounts, such as personal social media or
personal email subscriptions.
Q2: You receive a Multi-Factor Authentication (MFA) prompt that you did not initiate with a call claiming
to be from Accenture Local Technology Support. How should you proceed?
a) Call Accenture Local Technology Support instead so that you can authenticate the request
verbally
b) Enter the code from the call into the Microsoft Authenticator app immediately so Accenture
Technology Support is not delayed
c) Select “No, it’s not me” in the Microsoft Authenticator app
Feedback: You’re right! You should NEVER respond to an MFA prompt you did not initiate, as it may be
an attempt to steal personal, Accenture, or client data.
Accenture Technology Support will never ask you to share a MFA code or your credentials with them
unless it is through an encrypted Accenture site.