Category Archives: Cybersecurity


Social Media Red Flags

In this new Internet age, consumers are spending more and more time online. Every time you sign up for a social media account, post a picture, or update your status, you are sharing information about yourself. How can you be proactive and “Do Your Part. #BeCyberSmart”? These simple steps will help you connect with confidence and safely navigate the social media world.

Common Red Flags

 

Someone you don’t know following you or your co-workers inside the office.

Actions to Stay Safe

Contact security about unknown individuals.

 

Someone looking at your screen or watching what you type.

Pay attention to your surroundings and safeguard organizational information.

 

Someone you don’t recognize looking through a desk.

Keep confidential information and devices locked-up/secured when not in use.

 

Social media connection requests from someone you don’t recognize.

Don’t accept unsolicited requests; report them to the service.

 

Receiving an unusual request from someone you know.

Read the rest

10 Ways To Improve Cyber Security Awareness

Cyber security is a big deal. If you’re not taking it seriously, you’re probably going to get hacked. Cyber criminals can trick employees into giving them access to sensitive information. For example, 90% of all cyber attacks are caused by human error. That’s why companies need to make sure employees know about how to protect themselves and their company on the internet.
 
To protect your company from cyber threats, you must educate and empower your employees. You can achieve this by taking the right steps to improve their cyber security awareness.
 
In this article, I share 10 ways to help you improve your cyber security awareness program.
 
 

Achieve CEO and Leadership Buy-in

 
The recent rise of cybercrime has led to an emphasis on cyber security in the boardroom. As companies realize how much data is at risk, they’re now forced to manage their cyber risks. The number of data breaches
Read the rest

One in three IT security managers don’t have a cybersecurity incident response plan

According to the Data Security Report, information security incidents are more prevalent than ever, especially for businesses. Security breaches are no longer the fault of the careless employee, but rather attackers who specifically target companies, looking for vulnerabilities that they can exploit.

In a survey of over 900 employees, the top three security threats identified were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

  • Respondents reported a significant increase in the effectiveness of phishing emails. In surveys, they said that these emails are now much harder to spot, and thus much more dangerous.
  • Ransomware attacks have increased by 25% over the past year. This is especially true for businesses in the banking, financial services, and construction industries. Receiving a ransom demand was significantly higher than average for these businesses.
  • What was revealed in a report is something everyone should know. The study showed that
Read the rest

How to Build a Incident Response Plan in 7 Steps

According to a recent report, almost all companies have experienced at least one cloud data breach. The report also found that companies were more aware of the cloud security threats and that 60% of them considered lack of visibility and inadequate identity and access management as a major threat.
 
 
Cyber-attacks are not rare anymore. They’re happening all across the world. The bad guys are getting smarter and sneakier. Their attacks are well-planned and devastating. And the victims of these attacks? They’re not just big companies. They’re small businesses, too. Whether you know it or not, you, too, could be a victim of cybercrime at any time. But don’t worry! There’s a solution to this online security epidemic. See if you can guess what it
 
 
Now more than ever, organizations must protect themselves against hackers. They’re clever. They know how to access accounts with weak passwords. Or they know how to
Read the rest

Google Chrome Releases Two Zero Day Patches

Google has released an emergency update Chrome 94.0.4606.71 that fixes two zero-day vulnerabilities being exploited in the wild. These are the second and third zero-day vulnerabilities found this year. A total of twelve zero-days have been found in the browser since January. The new version will be released on all three platforms, Windows, Mac, Linux, to fix these issues.
 

Google stated the following:

“Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,”
 
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in Thursday’s security update. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
 
 

Here are details on the two zero-days:

  • CVE-2021-37976 Google Project Zero found a bug in a critical component of Chrome. The bug was
Read the rest

5 Tips For Cyber Security Risk Management

Cyber Security risk management shouldn’t be tedious or painful, but instead an easy-to-understand process that is similar to choosing the right insurance plan. Just as you might choose a certain plan because it offers better coverage for your family, you should choose a certain cyber risk management policy because it prevents cyberattacks from occurring in the first place.

You can’t avoid bad days or negative events, but you can plan for them. Policies that protect against bad days are analogous to cybersecurity risk management. These policies help people recover from negative events.

In today’s competitive business landscape, cybersecurity is a necessary topic for all companies. Whether you are just getting started or already have a lot of experience, there are several critical tips that will help you defend your business against cyberattacks.

 
 

1.  Deploy Cyber Security Frameworks

Did you know that ISO 27001, a well-known cybersecurity framework that defines best

Read the rest

Phishing Leveled Up with Phishing As A Service

Phishing has always been an issue and quite of an annoyance and now with phishing leveling up to Phishing As A Service gives criminals the ability to subscribe to working phishing templates that are sure to trick every day regular people. 

Microsoft found a service that makes it easy to create phishing attacks. It’s called PhaaS, or Phishing-as-a-Service. The service is mostly used by hackers to create quick phishing attacks. Microsoft discovered the service is responsible for many recent phishing attacks against corporations.

 

The group of cyber criminals started this phishing service, and it even offers an email delivery service. The group’s name is BulletProofLink (or Anthrax). It sells phishing kits and templates under a subscription or single payment-based business model. In addition, it offers credential theft and hosting services and says that its links to websites will not be detected by search engines.

 

Why I’m Worried

In the past, … Read the rest


Basics of FERPA – School Compliance

FERPA stands for the Family Educational Rights and Privacy Act. It was designed to protect both the privacy and security of certain kinds of educational records. It gives students, former students, auditing students, and others, certain privacy rights with respect to personally identifiable educational records.

 

What are Educational Records?

FERPA defines educational records as any records maintained by an educational agency, institution, or person acting for such that can identify a student on an individual level.

 

What is Directory Information?

Directory information refers to information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed (such as grade level or field of study). Grades, student IDs, social security numbers, disciplinary records, GPAs, and the like should not be considered “directory information,” and therefore, should not be disclosed.

 

What rights do parents have under FERPA?

For kids under 18, … Read the rest


Pentester Insight On Phishing

Even if your company secures its website and business network, it is still vulnerable to phishing attacks. This is because humans are the weakest link in security. Cybercriminals know that humans are much easier to manipulate than to hack into technology. The situation becomes even graver as the COVID-19 crisis continues. Everyone is worried about cyberattacks, and that gives hackers more advantage over businesses and individuals.

In a recent report by the Anti-Phishing Working Group, the number of reported phishing attacks doubled from 2018 to 2020. In business email compromise scams, the average fraudulent wire transfer request increased from $48,000 in Q3 to $75,000 in Q4 of 2020. Verizon says 36% of all confirmed breaches in 2021 involved phishing.

A strong defense is the best offense. The most reliable way to build defenses is to learn about phishing attacks. Penetration testing gives you specific actionable insight into how phishers trick … Read the rest


Apple users to update immediately. Apple Zero-Click Exploit

The Citizen Lab has discovered a zero-click zero-day flaw in all Apple products. The new zero-day flaw is called ForcedEntry, and it affects iPhones, iPads, Macs, Apple Watches, and even AirPods. Citizen Lab urges all Apple users to update their devices immediately.

Apple released a Security update on Monday. The iOS 14.8 for iPhones and iPads includes patches for vulnerabilities, which may have been exploited by hackers. Also included are Apple Watch and macOS updates.

 

Citizen Lab, a digital watchdog, discovered a new kind of spyware that is used to illegally monitor activists’ iPhone communications. It’s allegedly been used by the NSO Group to target the communications of people in Bahrain. The researchers called this new zero-click attack ForcedEntry. Citizen Lab said it had identified nine Bahraini activists whose iPhones had been targeted with Pegasus spyware between June of 2020 and February of 2021. These phones suffered zero-click attacks that … Read the rest