Information Security
67 articles on Information Security.
Understanding the Importance of Your Security Awareness Training Goals
Explore why setting clear objectives in security awareness training is crucial for strengthen your organization’s defense against cyber threats.
Email Phishing and Security: A Detailed Overview of Types and Techniques
Discover the ins and outs of phishing emails with our comprehensive guide. Learn to identify different types, spot common techniques, and protect yourself with real-world examples and expert advice. Stay ahead of cyber threats today
Understanding Phishing: How to Recognize and Prevent Phishing Attacks
Learn how to recognize the signs of phishing attacks & Cybersecurity and arm yourself with effective strategies to prevent falling victim.
Why protecting yourself from supply chain attacks is so important
Top US law enforcement agencies have cautioned MSPs against targeted cyberattacks from malicious hackers. Along with other agencies from the Five Eye intel
Why it’s important for you to follow phishing guidance actively
Even though presented in different forms, the most important phishing guidance would always remain the same – Check all emails with an embedded link thorou
How cyber security awareness helps defend against phishing?
Since 2020, cyber security awareness has become a driving force against phishing attacks on businesses. And as we continue to work from home in 2022 as wel
How Zero Trust security protected Microsoft from a cyberattack
Recently, the Nobelium threat group tried to breach Microsoft accounts across 36 countries. About half of them were in the US and the UK. The attacks conce
How a business email compromise attack targeted businesses with a gift card scam
Microsoft has exposed a large Business Email Compromise attack targeting businesses across the globe. The attackers are trying to trick people into buying
Defending Against Ransomware Attacks: The Importance of Strong Password Practices
Explore the critical role of password practices in defending against ransomware attacks. Ensure your business stays protected with robust security habits.
Why you need to beware of phishing attacks using fake traffic violations
Phishing emails that use fake traffic violations as a bait are on a rise, CISA and FBI warn. Victims are being tricked into downloading Trickbot, a dreaded
How the latest IBM report on spear phishing can help protect your business
Yesterday, IBM Security X-Force warned of more spear phishing attacks against companies involved in the COVID-19 vaccine supply chain. This warning was iss
How bad was the cyberattack on the Accellion FTA software
Last week, the University of California joined the list of institutions affected by the cyberattack on Accellion FTA, the file transfer application used by
How Phishing attacks are exploiting the pandemic to target your business
As the pandemic relief and stimulus checks begin to head out, the threat of phishing attacks targeting Social Security beneficiaries is deemed to rise. Thi
How this tool could help protect your hospital from ransomware
In a positive development, last week, MITRE unveiled a ransomware resource center for the healthcare sector. The online resource aims at aiding healthcare
How easy was it for hackers to breach 150,000 security cameras
As the dangers of the Microsoft Exchange Server attacks continue to become clearer, Bloomberg has reported on another hacking incident with serious implica
How the new exchange mitigation tool can help protect your business
Finally, Microsoft has released the Exchange mitigation tool that small businesses can use to protect against attacks on their emailing service. The tool w
How to protect your Exchange Servers as the threat escalates
With the count of global victims of the Microsoft email services crossing 250,000, another troubling scenario is raising its head. As per the developing st
Why stopping credential stuffing attacks is so difficult for businesses
Last week, we learned that Npower, one of the largest energy firms in the UK, has been hit by fraudsters . As per the news, the criminals managed to hack i
Why you need to patch your Microsoft email service immediately
Within a quarter of US businesses and government agencies being rocked by the SolarWinds cyberattack, another major attack on US businesses via Microsoft’s
Comprehensive Guide to Recognizing and Combating Phishing Scams in Business
Learn essential strategies to safeguard your business from phishing attacks in our comprehensive guide. Understand what phishing is, identify real-life examples of phishing emails, and explore foolproof measures to enhance your online security in 2023
How work from home exposes your office network to criminals
Don’t expect the task of securing your office network to become easier anytime soon. Security analysts predict an escalation in ransomware and malware atta
How you can protect your business from ransomware in 2021
How troubling could ransomware become in 2021? As per security analysts, all organizations should prepare themselves for such attacks. They predict that ev
Why Protecting Employees Working Remotely is so Important for You?
In 2020, all businesses recorded a troubling increase in attacks on work-from-home employees. Security firms note that criminals made more than 29 billion
IC3 Recovery Asset Team recovers $192.7 million in 2018
As per the 2018 Internet Crime Report (ICR), the newly established IC3 Recovery Asset Team (RAT) was able to recover about 75% of the $257.1 million lost t
DMARC: Defenses against Business Email Compromise Attacks
“The best way to stop these is to switch on DMARC with the strongest policy (“p=reject”) as default.” – Phil Muncaster (Infosecurity-Magazine) Phil Muncast
Ransomware Attacks Could Soon become a Felony with Maryland Bill
Ransomware attacks in Maryland could soon attract fines of up to $100,000 and 10 years in prison. Maryland Senate bill 151, cross-filed with House bill 211
The Essential Eight – Strategies to Mitigate Cyber Threats
While going through articles published on ZDnet by Stilgherrian , I came across one of his old articles published in 2017 on a cyber-heist incident involvi
How to Protect Your Network Against SamSam Ransomware Attacks
Note : We request users and network administrators to go through the documents listed at the bottom of this article, and share them with your cybersecurity
Preventing BEC Scams: Manual controls and multi-person authorization
In an article last week, we highlighted the case of a Dutch firm that lost €19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea o
Phishing Trends Report a Jump in Phishing Attacks Using Encryption
The 2 nd quarter phishing activity trends report published by the anti-phishing working group (APWG) has reported a jump in the number of phishing attacks
7 Security Measures Against BEC You CANNOT Neglect
I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise busines
RDP access is too risky to use, IC3 warns
On September 27th, with a public service announcement, the Internet Crime Complaint Center ( IC3 ) has warned businesses and individuals that RDP accesses
Iowa Clinic Ends Ransomware Attack without Paying
Recovering from a ransomware attack without paying ransom is BIG news – especially for small healthcare providers whose operations could get disrupted inde
What makes strong passwords so important?
On Sept 5, 2018, law enforcement alerted Inova Health of a data breach. It appears that their billing systems were accessed by a bad actor using an employe
Major Security Firms Detect a Surge in Phishing Attacks on Corporate Email Accounts
“ Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes… The malware’s key objective is to steal passwords f
Business Email Compromise – How it Works?
Of the 229 breaches added this year to the HHS “wall of shame”, the largest one is the attack on UnityPoint Health. The Iowan company fell victim to a busi
Don’t Ignore Data Destruction
Two articles that I came across today highlight the serious risk of poor data destruction procedures. The National Health Service in Surrey (UK) has been f
Sometimes Hackers Use Hardware
Hackers don’t always try to break into computer systems through the Internet, or by using malicious software (malware) in email attachments. If they can ga
Medical Identity Theft – Advice from the FTC
The FTC has posted a useful guide to "medical identity theft" for health care providers and insurers. Medical identity theft occurs when someone obtains he
Stealing Passwords from a Locked iPhone – More Smart Phone Insecurity
Another reminder – as if we needed it – that smart phones and mobile devices are increasingly the targets for hackers. This time, it’s an iPhone issue. Ger
HIPAA Happens – A Video from UNLV
Looking for a video to show your staff some of the ways that they might breach the HIPAA Privacy and/or Security rules? Here’s a short (5 minute) YouTube v
Security Benefits of Cloud Computing
Cloud computing is filled with buzzwords and, for many people, fear of the unknown. And a lot has been made of the security risks that might result from cl
Privacy and Security Rules Cover Information – Not Technology
With few exceptions, rules relating to privacy and security such as HIPAA and GLBA (Gramm Leach Bliley) cover the information, and don’t specifically relat
Even If You Expect An Email Attachment, It’s Not Always Safe
The FBI recently issued a warning about malware included in email attachments responding to online job postings. They quote the case of a US business that
Smart Phone (In)Security
Even if you don’t issue your staff with smart phones, and you prohibit them from storing sensitive data on them, they’re still very likely to use them to e
‘Tis the Season for … Hoaxes and Scams
It’s that time of year again – when fraudulent and nuisance emails, and online hoaxes and scams start making the rounds even more quickly than usual. Sopho
SSL All The Time? Secure Web Application Development
Paul Ducklin at Sophos has published a very nice review article discussing why web applications which use SSL (encrypted) connections for login processing
Why You Need a Strong Password for Your Cell Phone
You don’t store any confidential information or account numbers or your Social Security number on your phone – you just use it for calling, text messaging,
The Duhs of Security – A Free Security Awareness Video
The Commonwealth of Virginia posted a nice security awareness video to YouTube. The video makes good use of humor incorporating impressions of celebrities
‘Who’s Viewed Me?’ on Facebook
People keep falling for this one, so it’s worth reminding them – there isn’t a way to see who’s viewed your profile on Facebook, and any application that o
Security Awareness and Social Networks: Why You Should Care, and What You Should Teach
You might have been avoiding it until now – thinking that social networking (Facebook, MySpace, LinkedIn …) is just a passing trend, or it’s only used by
10 Laws to Mention in Your Acceptable Use Training
If you’re developing an "Acceptable Use of IT Resources" training course (or even developing the policy itself), this blog post from TechRepublic is a very
Security Awareness Training for Call Center Reps
Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and ban
Security Problems with Acrobat and PDF Files
PDF documents are no longer the security panacea we thought they were. And security awareness training needs to catch up with this. For years, IT and secur
Social Engineering Using Facebook
Banning social network use DOESN’T prevent it being used for social engineering attacks. An excellent article in Dark Reading describes how a security cons
URL Shortening as a Security Threat?
Most of us are familiar with URL shortening websites such as bit.ly , tinyurl.com , and is.gd . It’s one of the technologies that’s fuelling the explosive
Photocopiers and Information Security
Are you covering the security risks of photocopiers (and multi-function machines) in your security awareness training? A recent news report from WINK-TV in
Phishing URLs at All-Time High
SC Magazine reports that MarkMonitor , an internet fraud and brand-protection vendor, has determined that the number of phishing URLs reached a record high
Data Exchanged Between Employees Could be a Security Breach
The Washington Post recently reported that an employee in the National Finance Center sent an Excel spreadsheet of employees’ personal information to a cow
IBM 2009 Mid-Year Trend and Risk Report
If you’re responsible for developing computer security training, the 2009 Mid-Year Trend and Risk Report from IBM should be required reading.
Social Engineering Attacks Still Alive and Well
CNET News recently reported that the AT&T account of convicted hacker turned security consultant Kevin Mitnick had been breached for the second time. Repor
Fax Insecurity
Recently, I was working on a Cosaint end-user awareness course about fax security – when it’s safe to use a fax, how to protect faxed information … But,
Security Questions – Good, Bad and Just Plain Ugly
Most of us, at one time or another, have forgotten a password for a website. So we go to the ’Forgot Your Password’ link, answer a simple question, and the
Best Practices for Security Awareness Training
We recently completed a security training needs assessment for one of the states here on the West Coast. Part of the study was to identify a list of accept
Earthlink and Process Insecurity
About a year ago, I opened a dialup Internet access account with Earthlink using their ’secure live sales chat’ feature. "Why a dialup account in this day
Identity Theft? That’s Not Our Problem!
A couple of years ago, Cosaint rolled out a course called "Avoiding Identity Theft". Since that date, most of our clients have picked it up and provided it
Spear Phishing?
In today’s news, phishing is still on the rise. The trends are inexorable and disturbing – shown here are figures from the Anti Phishing Working Group’s mo