https://www.amazon.com/dp/B08PFXWRJC
Wednesday, December 2, 2020
My second published book!! Chapter 8 Are you as secure as you feel? Why you should be intrusion testing your business network.
Cyber Risk Literacy is Critical for a Strong Defense
Cyber Risk Literacy is Critical for a Strong Defense
Business cyberattack threats have never been higher. Massive increases in phishing (more than 600%), ransomware (more than 150%) and other cybercrime might keep you up at night, but are your staffers aware of exactly how important cybersecurity really is to your business? Your employees might not be on the same page as you are about cybersecurity risks – and that’s a problem that could end up costing you a fortune.
For most people outside of directly technology-related positions, a cyberattack is a vague, hard to understand threat. It just doesn’t seem possible that one misclick on an email could cost a company millions. That’s why making risk literacy a top priority for every employee is crucial to maintaining a strong defense against cybercrime.
One effective way to increase your employees’ risk literacy is with regular, engaging security awareness training that includes phishing threats since phishing is by far the most common delivery system for cyberattacks. Over 90% of incidents that end in a data breach start with a phishing email and no company can afford that right now.
Uncover Cybercriminal Secrets to See How They Trick You Into Falling for Phishing Attacks & How to Fight Back!
BullPhish ID is the ideal choice to increase your staff’s risk literacy with memorable, easy-to-understand security awareness and phishing resistance training in 8 languages. Using engaging video lessons, risk information is served to your employees in bite-sized pieces for easy comprehension no matter how tech-savvy they may be.
Online testing measures their retention of the lessons, giving you the information that you need to see who has a handle on security awareness and who needs more help. More than 80 training campaigns are available for you to use right now, and 4 more are added every month, including content about the latest threats like COVID-19 scams.
Training your staff to be aware of potential threats pays handsome dividends for your business – companies that engage in regular security awareness training have up to 70% fewer damaging cybersecurity incidents. By establishing a strong culture of cybersecurity awareness and giving everyone the help that they need to be part of the team, your company gets a huge overall cybersecurity boost that can make the difference between success and failure for cyberattacks now and in the future.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Monday, November 30, 2020
To Err is Human, But Preventing Expensive Disasters is Divine.
Making mistakes is part of being human. Even your most conscientious employees are bound to screw up at some point. But employee mistakes don’t have to be a gateway to cybersecurity disaster. Putting fail safes in place between your data and cybercriminals can mitigate the risk of employee errors.
While errors like misconfiguration and failure to patch software are dangerous, one particular source of employee error definitely tops the trouble list: passwords. In a recent survey, an outrageous 91% of employees admitted to reusing nor recycling passwords at work and between their work and home accounts, and password sharing is endemic.
Password compromise is by far the fastest, easiest way for cybercriminals to gain access to your systems and data. A password alone, even if it is updated regularly, will not provide strong protection for your systems and data – over 80% of breaches can be attributed to password hacking or password compromise.
Put extra protection between your business and employee errors like poorly made passwords by adding a secure identity and access management solution like Passly to your security plan. An expert-endorsed best practice and a requirement for compliance in many industries, multifactor authentication is your strongest shield against these types of brute force hacking attacks.
Passly also includes other highly recommended security tools like simple remote access control for IT staffers, secure shared password vaults, and single sign-on LaunchPads for every user to boost your endpoint security. This multifunctional dynamo can dramatically reduce your threat risk from employee cybersecurity errors at a price that fits any budget.
Securing the access gateways to your company’s systems and data is the fastest, most effective way to prevent a small mistake from becoming an expensive cybersecurity disaster. Streamline access, improve endpoint security, and add the fail safes that you need to make sure that only the right people are accessing your systems and data in a flash with Passly.
Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.
Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.
Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering.
A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works.
Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.
So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story.
Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over.
This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.
Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awarenesstraining have up to 70% fewer cybersecurity flubs.
BullPhish ID is the answer for your clients. Not only can it be easily configured for companies and test groups of any size, but it’s also ideal for both in-office and remote workforce training. It’s easy to manage and easy to use. Plus, phishing resistance training doesn’t just help companies defend against phishing – it increases overall security awareness too.
The best training is training that people remember. BullPhish ID delivers on that front, with information presented in bite-sized pieces that are easy to understand no matter how tech-savvy your staffers are in 8 languages. Engaging video lessons make BullPhish ID the perfect tool to use when training employees and online testing enables you to quickly determine who needs extra help.
Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated. BullPhish ID has the content you need, with over 80 complete phishing simulation kits are ready to go, with 4 new kits added every month. Plus we add training on all the latest threats, including COVID-19 lures.
Contact us to see how we can help you combat these threats!
Wednesday, November 18, 2020
Ransomware Risks Highest for Remote Workers
Ransomware Risks Highest for Remote Workers
The global pandemic has changed the way that we work, and that’s been good news for cybercriminals. Remote workers are a juicy target for ransomware attacks since they’re more likely to be drawn in by common lures and less likely to be up to date on current phishing scams. So how can you protect your business from ransomware while your staffers are still working remotely?
While we wish there was a magic bullet, the closest we’ve come is a magical solution: phishing resistance and security awareness training. Companies that engage in regular security awareness training that includes information about the latest phishing threats have up to 70% fewer cybersecurity incidents.
The biggest cybersecurity threat of 2020 is phishing, and ransomware almost always arrives on your doorstep paired up with a phishing email. More than 65% of ransomware is delivered through phishing, which has boomed during the global pandemic – Google reports that it’s measured phishing email as up by more than 600% in 2020.
Regular, easy-to-understand phishing training is essential for protecting your business from dangers like spear phishing attacks designed to deliver ransomware. BullPhish ID delivers just what you need with plug-and-play phishing simulation kits to test your staff and engaging video lessons to demonstrate today’s phishing lures, including COVID-19 bait.
Protect your business from phishing-based cybersecurity disasters with simple, sensible tools like security awareness and phishing resistance training using BullPhish ID to transform your staff from cybercriminal targets to defensive assets fast at a price you’ll love.
o Inside the Ink to Get the Inside Scoop on Cybercrime
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Subscribe to:
Comments (Atom)
-
Windows 10 End-of-Life: Why You Must Upgrade Now to Stay Secure and Compliant Microsoft has officially announced the end of support for Win...
-
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In today’s digital landscape, legal firms are prime targets for cyberattacks. With sensitive client data at risk, a single cybersecurity bre...
