Category Archives: Cyberawareness

phishing / a fish hook on computer keyboard with email sign / computer crime / data theft / cyber crime

Tips to Combat Phishing via Social Media

Tags :

Category : Cyberawareness

Phishing, the practice of trying to lure unsuspecting victims to click on links to install malware or divulging confidential information, is a tactic which unfortunately involves more than just malicious emails. Phishing attacks can also take place in other environments such as via texts, phone calls, or social media.

Facebook, in particular, seems especially prone to these types of nuisances, such as those involving fake websites set up by scammers in the hopes of tricking people into divulging their account information. Facebook does offer some tips to combat these efforts (such as being on the lookout for sloppy messages, messages which claim to have attached passwords, malicious links, or requests for confidential information). However, the threats also involve fake charity requests for victims of the latest natural disaster.

How can you avoid phishing? Below are tips from email security organization Proofpoint for both consumers and IT departments, which I combined with commentary based on my own experiences

Be wary of fake news
Social media con artists use divisive political content to enrage voters and spread misinformation. Avoid “fake news” or news of dubious accuracy and refrain from clicking on links sent to you or posted on social media. Think like a newsroom: You need to confirm accuracy. If you see a news story, verify it on an online news site. Never blindly repost information without checking for accuracy, no matter how much you might wish it to be true.

Be wary of bots

Keep an eye out for bot accounts and block them since they aren’t likely to promote honest or legitimate content. Be cautious of any Twitter and Facebook accounts where something doesn’t look quite right, or he/she seems especially aggressive. Telltale signs of a bot include accounts with random names/numbers, accounts which frequently repost items, accounts posting material which doesn’t seem relevant to the context of a discussion or thread, and accounts which contribute no actual content but just share/retweet other accounts.

Investigate details behind questionable ads

Use Facebook’s “Info and Ads” to determine the motivations behind ads. For instance, when you see a political ad on Facebook which seems suspect or sensational, click the ad and then click the page associated with it. Facebook’s goal is provide “increased accountability for bad actors, which will help to prevent abuse on Facebook” and to “bring additional transparency to Pages and the ads they’re running.”

If the ad comes from a less-than-reputable source, disregard future content from this page or entity as phishing attempts are more likely from these types of accounts.

Avoid clicking links
Do not click on Twitter Direct Message (DM) or Facebook Messenger links unless you are positive they are reputable. They might contain malware or direct you to credential phishing sites that will attempt to steal your passwords or financial information or install malware on your system or device.

Links can also be obfuscated by adding a bunch of unnecessary words or random characters to what seems like a legitimate site in the hopes that you’ll be fooled into opening them. For instance, a link to www.americanexpressfinancialserviceadvice.com or www.citibank2018BBB.com might seem OK at first glance but look closer. You can highlight the link and press Ctrl-C to copy it, then open a text editor like Notepad and press Ctrl-V to paste it in for closer inspection.

Use a quality filter
If it is not already on, activate your quality Twitter filter. This tool (which is enabled by default) helps you locate the quality tweets amongst the noise generated by bots and other low-value entities.

To check your setting, click your profile picture at the top right of the Twitter site and then choose “Settings.” At the “Settings” screen, select “Notifications” from the left column. Check the “Quality filter” box to enable the filter.

Note, Twitter states this “does not filter notifications from people you follow or accounts you’ve recently interacted with.”

Also, verify that Twitter accounts purportedly owned by famous people or governmental officials really are who they say they are by ensuring there is a blue circle with a check in it next to their name or Twitter handle.

Finally, unfollow pages of dubious accuracy or pages prone to promoting sensationalistic “click bait” ads or posts.

Want to read the full article? https://www.techrepublic.com/article/10-tips-to-combat-phishing-via-social-media-platforms/?ftag=TREa988f1c&bhid=22565946068539068551870113317293


7 Red Flags for email

7 Red Flags You NEED to Educate your Staff on for each email they receive







Email hacking is one of the most common forms of cyber attacks today. It takes place every day and throughout the world. You may be familiar with the email attack that occurred in 2016 during the Presidential Election. John Podesta fell for a phishing attack, which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.

Situations like this happen to businesses of all sizes, and the rate of these cyber attacks is only increasing. Your goal is to protect your business against these attacks, which can be difficult if the employees are not properly trained to identify potential threats. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. However, here is a list of seven red flags to look out for and include in your security training for your staff.

1. “From” Line

The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.

Real Email: amanda@wellsfargo.com
Spoofed Email: amanda@welsfargo.com

Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.

2. “To” Line

Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.

3. Hyperlinks

Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.

4. Time

Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.

The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.

5. Attachments

Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.

6. Subject

Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.

7. Content

The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.

So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.

It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult to properly secure an environment. However, you can use these tips to educate employees both within your company to reduce the risks of a cyber attack.

If you want to see how susceptible your company is, we have a whole suite of free tools for you to measure your vulnerability. See how phish prone your employees are, how strong passwords are or whether or not your domain can be spoofed.

http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools


password

Important Tips for Improving Password Security







Sometimes it is the simplest or most obvious things that can be easily overlooked or taken for granted in life. The IT space is no different and many of the most basic elements, like password management, can often times be overlooked. While it’s not the sexiest of topics, passwords are something we use every day and should be at the forefront of any security plan.

Passwords are the first line of defense against malicious activities in the digital space.

We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess. However, the actual execution of these recommended practices is often lacking. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. Here are some simple, yet highly effective tactics to keep the bad guys out of your information and IT systems.

Hackers’ Tricks
Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these folks use to crack the password code and get the proverbial “keys to the kingdom.”

Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing.
Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a gas station (debit card PINs are vulnerable).

Password Security Tips
So what is your company to do? Educate employees on strong password practices. There is simply no way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.

Some best practices to be teaching employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’
  7. Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. 

What else can be done? Here are some “do’s” and “don’ts” for password safety.

Do:
1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
2. Keep corporate and personal passwords separate.
3. Change your passwords often (ideally every month)
4. Always log off your computer or lock it when you leave it for any period of time

Now Some Don’ts:
1.Don’t write passwords down or store then in the office

2.Don’t store passwords on any device

3.Don’t give passwords in emails or IMs

4.Don’t give your manager your password

5. Don’t discuss passwords with others

6. Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed

After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilizing these recommended practices and you may not even know what data may currently be exposed or at risk.

Changing your passwords and using the above techniques can help protect you and your staff from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your business.


Cyber secuirty

Cyber security myths you should stop telling yourself







While many cyber security myths persist, some are more damaging than others, here are four common cyber security myths and their impact on risk.

Cyber security preparedness is one of the major obstacles facing businesses today, and due to its importance, it can be a magnet for myths. Attacks emerge and cripple systems availability or swipe data quickly and unexpectedly. It happens so fast that the myths so many businesses hold onto as facts are only apparent in the aftermath of an attack.

Myth 1: Small organisations are low-value targets for hackers.

Thinking you’re not a target is one of the biggest mistakes a company can make. According to data collected from more than 2,200 confirmed data breaches, 58 per cent of security event victims were small businesses. But why would malicious actors target small companies?

Compute resources are valuable – malicious actors seek out available computing resources as network nodes to expand their bot networks, which they use to initiate DDoS attacks, for crypto-jacking, to propagate ransomware and spam or for numerous other crimes. Malicious actors build their networks by leveraging free resources, and your systems might be among them.

No matter the size of an organisation, data is valuable and power. Every organisation stores some data that’s critical to its business but holds little value to others. Malicious actors exploit this by unleashing ransomware that cuts off data access, availability, or both, crippling the organisation. Malicious actors then generate revenue through ransom payments.

Small businesses can be an indirect victim and used as a stepping stone into other targets. Malicious actors might target seemingly innocent, low-risk third-party vendors to get to those vendors’ customers. This has been evidenced by the cyber-espionage group known as Dragonfly, which successfully “trojanised” legitimate industrial control system (ICS) software. To do so, the group first compromised the websites of the ICS software suppliers and replaced legitimate files in their repositories with their own malware infected versions. Subsequently, when the ICS software was downloaded from the suppliers’ websites it would install malware alongside legitimate ICS software.

Myth 2: There’s no reason to invest in security when organisations with tight security controls still experience security breaches.

Some organisations rationalise a small cyber security budget by arguing that investing in security is a losing game. They hear about security breaches at large organisations, with presumably large cyber security budgets, and assume if these organisations can fall victim, then what chance does their organisation have?

Tools are just one pillar of a solid security strategy, people and process are equally important. An organisation allocating budget toward security might not be focussing it to the most effective areas. An organisation can have a big budget for tools but if it lacks the right cyber security talent or its processes are faulty, it can still get hit.

Research has illustrated how long it can take before an intrusion is detected. The time taken by firms to detect breaches increased by 40 per cent from 2016 to 175 days on average in 2017, according to the latest M-Trends report by security firm FireEye. Organisations that invest in reactive security controls, in combination with proactive security controls such as Intrusion Prevention Systems (IPS), may identify suspicious behaviours earlier and limit the damage.

Organisations that shrug off tight security controls are focusing solely on the immediate effects of infiltration, not on the total cost of the security incident. Granted, security controls are not 100 per cent effective at detection and prevention, but they can save significant time and money during each of the subsequent incident response stages: analysis, containment, eradication, recovery and post-incident activities.

Myth 3: Our organisation has not been breached before, so we’re still safe.

Often, organisations incorrectly assume their security risks remain relatively static, when they don’t have a way to effectively evaluate those risks. Projecting future risks based on historical events can be dangerous.

Defining the scope of what to secure requires identifying exactly how many applications, servers, network devices, storage devices and more are within an organisation. When faced with either insufficient or overwhelming amounts of data, the scope may be simplified, and assumptions drawn that can lead to vulnerabilities.

Organisations might assume a particular server doesn’t contain sensitive data and is less likely to be the target of an attack. But it might not be data that malicious actors are after, as mentioned; servers might be valuable as a foothold into another environment. Lastly, people often underestimate risk due to future aversion – the problem of assuming that because the future is unknown it cannot be tested.

Myth 4: Security is an expense, not a revenue generator.

Organisations prioritise investment in services that generate revenue, especially when budgets are tight. This can leave cyber security, viewed as an expense, on the back burner, when it should be considered a revenue generator.

Data breaches continue to rise globally, and cyber security will influence buying decisions. Organisations that store personal, financial and other sensitive data need to ensure that it is secure. So, businesses can influence customers’ perception of security by proactively marketing the high level of security they adhere to, differentiating their company from their competitors.

Data breaches are only one impact from an adverse security incident. Another is downtime. Consumers can’t purchase products or pay for services if a web site, or the infrastructure that supports web transactions, is unavailable. When the global ransomware WannaCry attack crippled the NHS, hit international shipper FedEx and infected computers in 150 countries in 2016, NHS staff in the UK were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

During the same attack, operations of FedEx’s TNT Express unit in Europe were disrupted by the attack and the company’s following published earnings revealed the cost of falling victim to the attack to be an estimated $300 million in lost earnings.

Whether it’s assuming that an organisation is not a target or that security spend is only ever an expense, buying into these common cyber security myths can set a business up for serious disruption, unhappy customers, a tarnished reputation, not to mention the cost of recovery.

Want some help? Download our free tools and see how your company compares!

By  Security 


Cyber hygiene

Do you have good cyber hygiene?







 

It is cyber security month. Here are the habits that every computer user needs to maintain for good cyber hygiene.

We know it’s important to have good habits in many parts of our lives, from our work to our daily hygiene. However, quite a few of us forget that we need to have good computer habits, too. Developing wise practices in connection with our computers and smartphones can make our lives much easier and help us to stay much safer on the internet.

Back Up Your Files

One thing that many people fail to do is back up their files. All it takes is one catastrophic computer crash and days or even months of work can be lost. Priceless family photos, fun videos with friends, key work files, and important school assignments that were a work in progress can be lost. Backing up your files isn’t that hard nor is it expensive. And, to make things even better and easier, you have many different options from cloud-based backups (such as GoogleDrive, OneDrive, or DropBox), convenient USB thumb drives, portable hard drives, and even specialized backup drives. A good practice is to make sure your files are backed up daily, or at least weekly.

Keep Your Software Updated

Software updates can be a pain, but they are vital to ensuring that your computer and software runs smoothly. In fact, one of the major reasons that updates are released is to fix bugs and issues that could make your computer vulnerable to cyber threats. Hackers know about these bugs and vulnerabilities. If you don’t allow your system to install the patches and fixes, then you are making yourself a prime target for a cyber attack.

Keep in mind that you don’t have to perform updates in the middle of your work anymore. Most software (and smartphones) will give you options for when the update should take place, so you can choose times when you aren’t busy on your computer.

Be Smart When Using Public Wi-Fi

Public Wi-Fi in places like fast food restaurants and coffee shops can be tempting to use when you need an internet connection, but they can also be dangerous. These public Wi-Fi networks are a common target of hackers, and even hackers with minimal skill can quickly figure out things like your social media credentials and more.

If you do have to use public Wi-Fi, take safety precautions such as turning off network discovery, file sharing, and printer sharing and make sure your firewall is turned on. Don’t be an easy target for hackers.

Make Use of Antivirus Software and Passwords

Would you leave your front door unlocked if you lived in a high-crime neighborhood? Well, the internet is a high-crime neighborhood. Failure to use updated anti-virus software and good passwords is the same as leaving your door unlocked. You can’t afford to make it easy for the wrong people to access your personal and financial information.

Your first line of defense lies in the passwords you choose. Don’t use easy to guess passwords, and don’t use the same passwords for everything. Include letters and symbols with your passwords to make them harder to crack, and add some numbers for good measure.

Your second line of defense, much like a deadbolt for your front door, is anti-virus and firewall software. They don’t have to be expensive in order to do a good job of protecting your computer. It is also vital that you keep your anti-virus and firewall software updated and don’t ignore alerts they provide.

Be Careful with Email

Going back to our analogy of living in a high crime area: if your doorbell rang in the middle of the night, would you fling the door open and invite whoever it was inside? You would probably want to make sure who it was, and even check their ID if they claimed to be some kind of official demanding access to your home. Strangely enough, far too often we inadvertently provide access to individuals with malicious intentions when we click on links in emails without making sure where those emails are really from.

In short, don’t open an email unless you have a good idea of who it is from, and beware of clicking links in emails even if they seem to be from friends. Be cautious about opening attachments, too. In short, be as careful with your email as you are with your front door.

Conclusion

You work hard to keep yourself safe from physical dangers such as criminals and disease. It makes sense that you should work just as hard to keep your electronic devices safe, too. Backing up files (including documents, photos, and videos), keeping your software updated, and being smart when on public Wi-Fi is a good start. Add to that antivirus and firewall software, robust passwords, and the careful use of email and you are on the road to developing excellent computer habits that will keep your files, data, and personal information safe.


UCaaS in Chicago

3 Ways to Increase Laptop Security While On-The-Go







  1. Physical Security

There are ways to lock your laptop down from outside of the machine. First, be sure that your laptop bag is always on your person, or that you use a padlock to keep the zipper securely closed. Most work benches at the airport have legs that you can easily secure the carry strap to. Or you can utilize a cable lock to secure it to something like a chair fastened to the ground or a building pillar.

Second, always keep a Kensington lock in your bag, and break it out every single time that you use your laptop in a public area. These are inexpensive, and you can always ask your IT provider if they have any spares. Trust us, if you’re showing initiative to protect company assets, your company will listen.

If you are in a hotel, a good way to keep your belongings safe is to put the ‘Do Not Disturb’ sign on the door. If that is posted, then the only foot traffic that should be in your room is your own. If something turns up missing and you and the Hotel are the only people with keys to your room, then this helps narrow down the search for the thief.

  1. Software Security

We’re not talking about McAfee or Norton here, but something more along the lines of location software. Some examples of this may be Lojack for Laptops if you have a Windows machine, or Find My Mac if you are an Apple user. To help protect your information, these applications will setup passcodes that the thief will have to hack to bypass. Also, they can provide the location of your device if it’s missing or stolen.

  1. Backup Solution
    If, in fact, your device does go missing, you know as well as we do that your work can’t be put on hold. It will continue to pile up – causing a mess of inconveniences – but the world doesn’t stop, even if your laptop is stolen. You need to be able to back up your most valuable data and recover it at a moment’s notice with a legitimate backup solution. And we’re not just talking about a file backup like Dropbox or Google Drive. A truly reliable backup solution allows for virtualizations of your laptop, so you can login to this virtual copy of your machine and it’s just like you’re sitting in front of it again.

cyberattacks

Understanding the Different Types of Cyber Attacks







 

There are three kinds of businesses: those that have been attacked, those that are being attacked and those that are clueless and don’t know anything about cyber attacks.

In today’s high-tech world, we are constantly vulnerable to cybersecurity threats. The ability to identify different types of cyber attacks is a useful way to protect yourself.

There are several types of attacks that commonly occur on the Internet. These attacks include Denial of Service (DoS), Man in the Middle (MitM), phishing and spearphishing.

Denial of Service (DoS) Cyber Attacks

A denial of service attack overwhelms a system’s resources so that it cannot respond to service requests. This type of attack is launched from a large number of host machines infected by malicious software and controlled by the hacker.

Unlike other types of attacks, DoS attacks do not provide hackers with access to personal information. Usually, they are done simply for the satisfaction of causing harm to a company. The may also be launched by a competitor trying to damage the company’s business.

Common types of DoS attacks include:

There are various ways to protect against DoS attacks and the method you choose will vary depending on the type of attack you want to avoid. Firewalls can be useful in TCP SYN and ping-of-death attacks, while various types of filtering can protect against botnets. To protect against teardrop and smurf attacks, you will have to disable various components of your computer system.

Man in the Middle (MitM) Attacks

These attacks occur when the hacker inserts himself or herself between the communications of a client and a server. Session hijacking and Internet Protocol (IP) spoofing are both forms of cyber attacks where the attacker mimics an IP address so that the victim believes that he or she is communicating with a trusted source. The attacker can use this method to gain access to valuable information.

With these types of cyber attacks, encryption can be used to protect yourself. Encryption ensures that any communications come from a trusted source.

Replay attacks are also common MitM attacks. A hacker will save old messages and try to resend them at a later time, once again mimicking a trusted source. These attacks can be avoided by using session time stamps or nonce (a random number of character strings that changes with time).

Phishing and Spearphishing

Phishing involves an email that appears to be sent from a trusted source. However, it is actually delivered with the intent of gaining access to personal information or to panic the user into opening an attachment or clicking on a link.

Often, the attachment or link loads malicious software into the computer. Spearphishing is a similar type of attack, but is personalized to the chosen victim.

Protect Yourself through Common Sense and Sandboxing

Luckily, many attacks can usually be circumvented by using common sense. If you see an email that looks suspicious, stop before opening it. Analyze the email and the header. Hover over links to see where they will take you before clicking on them.

You can also use sandboxing to protect yourself. Testing an email in a sandbox environment allows you to safely open attachments and click on links without making yourself vulnerable to an invasion. Another option is to forward a suspicious email to your IT department for analysis.

Protecting your personal information on the Internet is not easy, but it can be done if you are familiar with the various types of threats and know how to avoid them. Stay safe!


Keep your networks and users secure from internal and external threats

9 Signs That Your End Point Security is NOT up to Par







Take a look at this list. If any of these nine signs sound familiar, it’s time to re-evaluate your current endpoint protection.

1. Scans and updates slow your system to a crawl.
One of the leading complaints about endpoint
security is that it negatively impacts speed and
performance. Some endpoint security solutions
will indeed slow your systems and impact
productivity. When evaluating solutions, be sure
to check independent test results that measure
performance and system impact. Look for the lowest
numbers, which indicate light footprint solutions
that won’t affect speed or cause interruptions.

2. Employees complain about using
the antivirus solution.
If resentment builds up, employees will eventually
bypass the solution altogether on their
company-issued or bring-your-own devices,
which can affect both performance and
security for the whole network.

3. Your solution is underperforming.
It isn’t detecting viruses or other pieces of malware
or it’s flagging non-malicious files as malware; it
has a high footprint that equals slower scanning; it
creates AV storms on virtual machines or has high
bandwidth usage that bogs down the entire network.

4. Your solution alerts on too many files or
links that aren’t actually malicious.
Alerting on multiple files or links that are
not actually malicious results in a high
rate of so-called false positives.
Even one false positive can cause serious problems.
If an antivirus solution is configured to immediately
delete or quarantine infected files, a false positive
in an essential file can render the operating
system or crucial applications unusable.
Even if false positives don’t shut down your
system, each one requires an investigation
that wastes valuable IT resources.

5. Removing malicious files and dealing with false
positives is too complicated.
A 2017 study by the Ponemon Institute found that:
• Nearly half of all security alerts are false positives
• 3 out of 4 organizations report having more
difficulty managing endpoint security risks
• Organizations see false positives as the #1 “hidden”
cost of endpoint protection
You need a solution that delivers silent quarantines and
automatic removal of malicious files, not more work
for your IT team.

6. Infections come back after you’ve removed them.
This means the solution isn’t doing a good job of
cleaning or updating its detection often enough.

7. It’s difficult to manage the solution across all your
platforms and devices.
In today’s environments, you need a security solution
that’s easy to manage so the burden of protection is
minimal. Look for a endpoint security product that
includes remote administration, so you can control
your entire network of workstations, servers and
smartphones from a single location.

8. Security event alerts or pop-up prompts interrupt
presentations and sales demonstrations.
This impedes productivity. Every employee needs
uninterrupted computer access. This means having
a malware solution with a “silent” or “presentation”
mode that’s easy to use, as well as a dependable tool to
restore regular mode when the presentation is over.

9. Getting technical support and customer service is
inconvenient, or communicating with the vendor is
difficult.
If it’s challenging to get reliable, customer-oriented
support or you’re having any issues with call centers
outside the U.S., that will impact productivity for
IT teams and end users. It will also contribute to
frustrations that could lead employees to circumvent
your security solution, opening their devices—and your
network—to cyberattacks.

Sign up for a FREE Network Security Assessment

 

Are you at risk? Get a FREE Dark Web Search

 

Free Cyber Awareness Tool Kit


Airport computer use

Airport Travelers BEWARE of Data Security







This article appeared in Tech Republic. Since the summer is when a lot of people travel, a re-post and share is necessary.

Business travelers beware: Connecting your company device to airport Wi-Fi networks could open up a host of cybersecurity issues. While this is a risk on any insecure Wi-Fi network, some airports have more vulnerabilities than others, according to a Wednesday report from Coronet, and professionals should take extra caution when traveling through them.

It’s much easier for attackers to access and exploit data from devices connected to airport Wi-Fi than to do so within the confines of a well-protected office, the report noted. Hackers can use the poor cyber hygiene and insecure Wi-Fi at many airports to inject advanced network vulnerabilities like captive portals, Evil Twins, ARP poisoning, VPN gaps, honeypots, and compromised routers.

Any of these network vulnerabilities could allow an attacker to access credentials for Microsoft Office 365, G Suite, Dropbox, and other cloud apps, or to deliver malware to the device and the cloud, the report found. The attacks could also potentially give adversaries access to the entire organization, leading to damages like operational disruption and financial losses.

“Far too many U.S. airports have sacrificed the security of their Wi-Fi networks for consumer convenience,” Dror Liwer, Coronet’s founder and CISO, said in a press release. “As a result, business travelers in particular put not just their devices, but their company’s entire digital infrastructure at risk every time they connect to Wi-Fi that is unencrypted, unsecured or improperly configured. Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger.”

The report collected data from more than 250,000 consumer and corporate endpoints that traveled through the 45 busiest airports in the US over the course of five months, and analyzed the device vulnerabilities and Wi-Fi network risks to assign each airport a threat score. Coronet classified any score above 6.5 as unacceptable exposure.

Here are the least cybersecure airports in America, according to the report:

  1. San Diego International Airport, San Diego, CA (Score: 10)
  2. John Wayne Airport-Orange County Airport, Santa Ana, CA (Score: 8.7)
  3. William P Hobby Airport, Houston, TX (Score: 7.5)
  4. Southwest Florida International Airport, Fort Myers, FL (Score: 7.1)
  5. Newark Liberty International Airport, Newark, NJ (Score: 7.1)
  6. Dallas Love Field, Dallas, TX (Score: 6.8)
  7. Phoenix Sky Harbor International Airport, Phoenix, AZ (Score: 6.5)
  8. Charlotte Douglas International Airport, Charlotte, NC (Score: 6.4)
  9. Detroit Metropolitan Wayne County Airport, Detroit, MI (Score: 6.4)
  10. General Edward Lawrence Logan International Airport, Boston, MA (Score: 6.4)

In terms of the most secure airports, Chicago-Midway International Airport, Raleigh Durham International Airport, Nashville International Airport, and Washington Dulles International airport topped the list, the report found.

Do you want to see if your email credentials have been compromised? Get a free Dark Web scan from us!


Your employees

Why don’t your Employees Care About Cyber Security

Tags :

Category : Cyberawareness







Whether you realize or not, your employees are a critical part of your layered defense against phishing attacks, malware, ransomware, and more. So why aren’t they concerned?

In just about every news story you read today about another phishing attack, malware infection, ransomware attack, or data breach, there’s a part of the story that’s either covered or implied – a user was involved. The user – whether malicious, negligent, or unwitting – clicked on a link, opened an attachment, visited a webpage… something that allowed a cybercriminal access to execute their malicious actions.

And with attacks having devastating results, like the most recent ransomware attack on global shipper Cosco, that has brought operation to its knees, the question should be raised:

Why don’t employees care about CyberSecurity?

It all comes down to one reason: your company doesn’t have a security culture. In essence, they don’t care, because the organization hasn’t told them they need to care as part of their job. Hire someone to do accounts payable and what do they think their job is? To do accounts payable. That’s it, security is IT’s job, not theirs. But hire someone into accounts payable in an org that has a security culture, and they now do account payable, but are also constantly watching for cyberattacks, phishing scams, and the like.

So, what does it take to create a security culture?

I’m going to abbreviate the 10 tips to make your employees care about cybersecurity found over at TechRepublic down to just 3 high-level steps:

Make Employees Aware – The average employee doesn’t brush up on cyberattack methodologies on their own, you know. They need to be made aware that cyberthreats to the organization exist… and that they are the target.

Communicate Expectations – Beginning with their first day of employment, employees need to understand that the organization requires a level of employee vigilance when it comes to cyberthreats. Help employees to better understand how they are at risk at home and work – and how their actions can make the difference in both locations.
Train and Test Them – Using Security Awareness Training, employees need to regularly go through online training, with phishing testing used to identify where your organization’s weakest links are.

While there’s much more you can do to create a more formal security awareness program, the steps above provide the basics necessary to create a security culture.