Category Archives: Security Awareness


How To Protect Your Healthcare Institutions Against Cyber Attacks

Healthcare has become a top priority due to the pandemic and with so many wheels turning to keep up with demands several things fall through the cracks and one of them being cyber security.

Healthcare cyber attack breaches and leaks not only hurt the institutions financially but also hurt its patients for the rest of their lives. Therefore, everyone needs to do their part and take the necessary precautions and try to keep ahead of threats. Here are some simple cyber security measures you can take.

Vulnerability Management

Hackers love to find exploits and unpatched vulnerabilities in the IT infrastructure they are attacking so they can ensure the success of their attempt. You will need to make sure that all the security patches and device firmware are updated regularly. Overlooking even a small vulnerability in your healthcare’s IT security can have severe ramifications. Conducting periodic Vulnerability Assessment and Penetration Testing … Read the rest


The Strategy Behind Ransomware Attacks

Everyone Hates Ransomware Attacks and we should learn their strategy. Ransomware is a type of malware that is installed onto computers through malicious emails. The ransomware encrypts the computers data and then requires the victims to purchase a decryption key. Once the data is encrypted the hackers will demand a ransom, which can set you back a few hundred dollars to a few thousand which are payable in Bitcoin.

There are a number of attack vectors through which ransomware can gain unauthorized access into computer systems. One of the most common ways used to access computers is via phishing emails and email attachments. Hackers make these emails look really legitimate and trick the users to open them. Once these emails are opened and attachments are downloaded, the attackers take over the victims’ computers. 

Hackers can also access your network through Remote Desktop (RDP) that are open directly to the public. … Read the rest


Phishing Facts Every Business Should Know.

Have you asked yourself, are you doing enough to protect your business from phishing attacks? if your second guessing yourself you are most likely have been or going to be a victim of a phishing attack. Read these shocking phishing facts you may or may not know–and how these facts may apply to your own vulnerability against a phishing attack.

 

 

Interesting Phishing Facts

Phishing Fact Source

33% of breaches included social attacks Verizon Data Breach Investigations Report (DBIR) 2019
65% of attacker groups used spear phishing as the primary infection vector Symantec Internet Security Threat Report (ISTR) 2019
29% of breaches involved use of stolen credentials Verizon Data Breach Investigations Report (DBIR) 2019
48% of malicious email attachments are Office files Symantec Internet Security Threat Report (ISTR) 2019
94% of malware was delivered via email Verizon Data Breach Investigations Report (DBIR) 2019
32% of breaches involve phishing Verizon Data Breach
Read the rest


The Risks Of Sharing Passwords At Work

Did you know that 81% of Data Breaches happen due to poor password practices and one of are due to human errors like password sharing which can lead to massive data breaches.

I’m sure your open minded just like me and when you read these statics it will provide the criticality of password security in today’s date:

  • Did you know that 81% of the data breaches have been reported because of poor password security.
  • Fun fact, by the end of 2020, password usage across the globe will grow by 300 billion. 
  • Just about 25% of employees use the same password for all their login accounts.
  • About 61% of companies have accounts with non-expiring user passwords.
  • Around 54% of the small and medium-sized businesses don’t check up on their employee password practices.

Do Not Share Your Work Password.

How would you feel giving your personal password to someone? You wouldn’t do … Read the rest


Digital Weapons You Must Know About!

What is this Digital Weapon?

This type of Malicious Software Weapon is called or for short Malware. This type of software is designed intentionally to hurt and infect your network and computers and their are many type in the wild.

Types of Digital Weapon Threats

There are many types of malware however the weapons mostly used today are not directly installed on your device but instead hackers use loopholes that they exploit to launch scripts.

What are the types of digital weapon payloads?   

  • Social Engineering: 

When an attacker manipulates the user to extract sensitive information for personal gains, it is known as social engineering. Sometimes the malicious links or malicious files are sent to the victim during social engineering. As soon as the victim clicks on the malicious link or downloads the malicious file, the malware gets installed in the victim’s device.

  • Email: 

The attacker sends lucrative emails that tempt … Read the rest


Cyber-Response Ethical Guidelines is a must read.

Now this was an interesting read from the website ethicsFIRST. They guide you through 12 ethical duties which are listed and explained. Of course some of it seems to be a little on the nose and why did you not ethically choose this path to begin with? Regardless these steps are great for people that seen to lack a cyber security ethics plan and path and could bring some confidence to your teams decision making. 

The guidelines were launched on Oct. 21, Global Ethics Day, by FIRST.

For more, read here.

Read the rest

Achieving Security with IoT (Internet of Things)

Our lives have been taken over with many many WiFi enabled capable devices. The internet of things (IoT) has quite a flaw which is security.  Many vendors lax on providing security updates to their software that are used in smartphones, tablets, PC’s , Game Consoles , TV’s , your Fridge and many other devices. This day in age we have to maintain a due-care and due-diligence approach on security for all these IoT devices.

With this in mind, here are seven best practices on security for IoT:

  1. Use security gateways: They have the ability to inspect and audit the communications of your network.
  2. Use VLans: Put all IoT devices in a separate Vlan outside primary business network.
  3. Use strong authentication: Change those consumer devices default passwords!
  4. Disable services: Many devices use telnet, FTP and other risky services that may be exposed to the internet.
  5. Use secure protocols
Read the rest

Why You Need Security Education and Awareness Training.

One of the greatest threats to information security could actually come from within your company or organization. Inside ‘attacks’ have been noted to be some of the most dangerous. It is not always disgruntled workers who are a threat. Often, it is the non-malicious, uninformed employees.

1.  It is the first line of defense against security risks

You cannot protect yourself against something that you are oblivious of its existence. So, you must be really aware of threats to both physical and information security. This is the only way you can prevent them. And you cannot achieve this except with security awareness education.


2.  You will be complying with regulatory requirements

The number of laws that require employees of organizations to undergo certain forms of security awareness training is now on the increase. And if this law isn’t presently binding on your business or employer, chances are high that the … Read the rest


Maintaining Security with Internet of Things

Our lives have been taken over with many many WiFi enabled capable devices. The internet of things (IoT) has quite a flaw which is security.  Many vendors lax on providing security updates to their software that are used in smartphones, tablets, PC’s , Game Consoles , TV’s , your Fridge and many other devices. This day in age we have to maintain a due-care and due-diligence approach on security for all these IoT devices.

With this in mind, here are seven best practices on security for IoT:

  1. Use security gateways: They have the ability to inspect and audit the communications of your network.
  2. Use VLans: Put all IoT devices in a separate Vlan outside primary business network.
  3. Use strong authentication: Change those consumer devices default passwords!
  4. Disable services: Many devices use telnet, FTP and other risky services that may be exposed to the internet.
  5. Use secure protocols
Read the rest