Don’t Just Phish

Recently, a fellow CISO asked a group of us if we “punished employees who consistently failed to recognize phishing emails.” This created a great discussion with most folks agreeing that punishment rarely works and often has negative effects (including potential for legal action). After all, hackers take advantage of people’s willingness to be helpful or…

Protect Yourself by Protecting Your Smartphone

Talk to any Chief Information Security Officer and they’ll tell you that the weakest link in their organization is always the individual. Take smartphones for example. They’re designed with security in mind but that protection is compromised each and every day. 70 million smartphones are lost each year, with only 7 percent recovered Users are…

Be Cautious Using Google Search

The “bad guys” constantly look for ways to trick users into giving up information or download malicious software that will steal information.  One of the easiest ways for them to do this is to get you to click on links that show up using a search engine.  Given the popularity of Google search, bad actors…

SMiShing

No, this isn’t a typo. SMiShing is the SMS version of phishing scams but instead of a bad email, you get a bad text message on your smartphone.  While smishing has been around for years, its use has increased significantly since March, all thanks to the Coronavirus.  According to the FTC, 52,500 Americans have filed…

Qbot: Using the Election as Bait

Yes, we are talking about Phishing… again!  The complex methods used by Threat Actors today makes me long for the days when malicious emails were comprised of either very poor English, or someone telling me that I was being gifted $1,000,000 by some person I never heard of in some far away country! The current…

Multifactor Authentication: What I Know + What I Have

Multifactor authentication (MFA) or Two-Factor authentication (2FA) works on the principle of “something you know” plus “something you have (or are).” “Something you know” is your username and password. “Something you have” can be a smartphone, USB security key, your fingerprint or face, or other physical object in your possession that can be used to…

EMOTET: This Trick is No Treat

October is Cybersecurity month, so there’s no better time to talk about the scary reality of constant hacker attacks and threat actor tricks. While one should always be vigilant, every day, every email, this month you need to be especially diligent. The cybercommunity has seen a significant increase in the last few weeks of the…