Blog

GettyImages 942413760

Important Warning From The FBI

https fbi warning

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

  • Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
  • If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
  • If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
  • Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

  • Sends Phishing Security Tests to your employees to take on a regular basis.
  • Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
  • Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
  • Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
  • Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
  • Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Important Warning From The FBI Read More »

GettyImages 501530507

Capital One Data Breach Affects More Than 100 Million Customers

Capital One Data Breach Affects More Than 100 Million Customers and Small Businesses in The U.S. & 6 Million in Canada

On July 29, 2019, Capital One reported that their customers’ confidential information was compromised. This includes the Social Security and bank account numbers of more than 100 million people and small businesses in the U.S., along with 6 million in Canada.

Capital One Data Breach

The McLean, Virginia-based bank discovered the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. They waited until July 29 to inform customers.

How Did The Hacker Get Into Capital One’s System?

According to court documents in the Capital One case, the hacker obtained this information by finding a misconfigured firewall on Capital One’s Amazon Web Services (AWS) cloud server.

Amazon said that AWS wasn’t compromised in any way. They say that the hacker gained access through a misconfiguration on the cloud server’s application, not through a vulnerability in its infrastructure.

Capital One says that they immediately fixed the configuration vulnerability that the individual exploited and promptly began working with federal law enforcement.

Who Breached Capital One’s Data?

Paige A. Thompson, a former software engineer in Seattle, is accused of stealing data from Capital One credit card applications.

Thompson was a systems engineer and an employee at Amazon Web Services from 2015 to 2016. In a statement, Amazon said that she left the company three years before the hack took place.

The FBI arrested Thompson on Monday, July 29 for the theft, which occurred between March 12 and July 17. Thompson made her initial appearance in U.S. District Court in Seattle and has been detained pending an August 1 hearing. Computer fraud and abuse are punishable by up to five years in prison and a $250,000 fine.

What Information Was Compromised?

Thompson stole information including credit scores and balances plus the Social Security numbers of about 140,000 customers and 80,000 linked bank account numbers of their secured credit card customers. For Capital One’s Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised.

The largest category of information obtained was that of consumers and small businesses when they applied for one of Capital One’s credit card products from 2005 through early 2019.

Capital One said, some of this information included names, addresses, phone numbers, email addresses, dates of birth and self-reported income.

Other data obtained included credit scores, limits, balances and transaction data from a total of 23 days during 2016, 2017 and 2018.

This is one of the top 10 largest data breaches ever, according to USA TODAY research.

What Is Capital One Saying About The Breach?

They will offer free credit monitoring services to those affected. Capital One said it was “unlikely that the information was used for fraud or disseminated by this individual” but committed to investigating the hack fully.

They’ve set up a consumer website about the breach at www.capitalone.com/facts2019 that you should refer to if you’re worried that your information was compromised.

Capital One expects that this hack will cost them approximately $100 million to $150 million in 2019.

What Should Capital One Customers Do?

If you’re a Capital One customer, you should check your account online. You should also freeze your credit through each of the three main credit bureaus: Experian, Equifax and TransUnion.

It’s important to remain vigilant. Businesses should sign up for Dark Web Scanning to detect whether your confidential business information is there for cybercriminals to use.

Prevention is always the best remedy. Ask your IT provider to ensure your that your firewall is properly configured and to continuously remotely monitor your network for intrusions.

Capital One Data Breach Affects More Than 100 Million Customers Read More »

Screen Shot 2019 04 09 at 6.59.09 AM 1

Using Delayed Delivery With Email to Boost Productivity

Email is one of the best ways to communicate with people in the business world, but it’s also one of the biggest time drains for those same individuals. Some of the most productive people turn their email completely off and only check it a few times a day, but is there more that you can do to stay productive throughout the day without stressing out that you’re missing important messages? This quick email productivity hack may be the answer that will help you stay more organized and less distracted throughout the day.

Delayed Email Delivery

Even though it’s a core part of Microsoft Outlook, few people realize that you’re able to delay the delivery of emails until a later date or time — and even fewer people use this function on a regular basis. Delaying the delivery of your email is a great way to ensure that people receive your message when they are most likely to act upon it. If you need someone to provide a crucial report for you but they’re currently on vacation, sending an immediate email request is likely to get lost in the waves of requests they will be wading through when they return to the office. If you delay the message until a day or two after they are back in the office, you’re much more likely to receive a response without having to follow up again.

Scheduling Your Day

Another great way to stay focused during the day is to schedule all of your emails to go out at a certain time, perhaps around the time you will be leaving for the day. This allows you to answer emails at preprogrammed times throughout the day, but not being a slave to pinging notes back and forth when you would prefer to focus on other tasks. The hope is that others will respond to your requests at the end of their day, and you’ll have a wealth of actionable responses waiting for you when you come into work the next morning. It’s not difficult to schedule emails for delivery at a later time, and this simple productivity hack could save you over an hour each day — providing you with a significantly greater amount of targeted time to pay attention to what you need to accomplish each week.

You’re not getting more hours added to your day, and there’s almost always more than you can accomplish in any given week. Using these simple email scheduling tips to delay your email deliveries helps you eke more work (and fun!) out of the time that you do have available.

Delayed Delivery With EMail

Using Delayed Delivery With Email to Boost Productivity Read More »

GettyImages 637079020

How To Encrypt an Email In Microsoft Outlook

Encrypt Email In Outlook

There is any number of reasons to encrypt an email in Microsoft Office Outlook, anything from details about your salary to negotiations to purchase a business. With the state of cybersecurity, you need to know that you are protected from individuals who may attempt to hijack your email as it is in transit between locations, too. Fortunately, Outlook has the functionality built in that will allow you to quickly and easily encrypt your email as well as stop people from forwarding the email message.

Why Is Email Encryption Important?

The rise of malware and ransomware has made many users wary of opening emails, and definitely can make you question opening any attachments — even those from a known user. One of the key reasons for utilizing email encryption is to prevent an attacker from intercepting emails and reading them, or even adding a questionable attachment that could be infected with malware. While there are some web-based encryption platforms, the most effective are often those that are built directly into the email platform being used by staff members on a daily basis.

Email Encryption in the Enterprise

Email encryption options have been around for years and can provide your email and attachments an added level of security that could be necessary for sensitive conversations. In the past, it’s been a bit more challenging to apply encryption and even required an add-in or separate application in order to ensure that your corporate emails are safe in transit. As far back as Office 2007, there’s been the ability to add one-click encryption that applied to a single message. You also have the option to encrypt all outgoing messages, a crucial addition for financial and legal organizations. Network eavesdroppers will be thwarted by this advanced function of Microsoft Outlook. If you are using the Office 365 suite, you can find instructions for encrypting your emails on Microsoft’s help site.

How Does Email Encryption Work?

It’s important to understand that email encryption is a two-way street. Not only is it required that you have the software options available to encrypt messages that you are sending, but your recipient must also be able to remove the encryption with a key in order to view the message or attachment. In Outlook, there is a certificate generated that allows you to store the email in your Sent items as well as provides recipients with a way to respond to the email — as you’ll have to open the encrypted file when it is returned to you. This can become problematic when you have multiple people on a distribution list for your email. When recipients are within your organization, Exchange server stores a copy of the encryption key for each individual on the server for ease of use.

Microsoft Outlook is one of the most widely-used email platforms in the country, especially for business professionals. The simple instructions for email encryption and the quick application of the rule for all emails means it is easier than ever to protect your confidential messages.

How To Encrypt an Email In Microsoft Outlook Read More »

Screen Shot 2019 05 03 at 9.02.42 AM

Have You Heard of DuckDuckGo?

DuckDuckGo

The self-proclaimed “search engine that doesn’t track you,” DuckDuckGo is likely the most successful search engine available when it comes to privacy and security.

While Google remains the most popular search engine by far, many users are concerned about its practice of collecting and using your personal data. Namely, Google tracks what you search (yes, everything), stores it, and uses it to provide you with a personalized user experience. Oh, and they also make a profit from it.

What Are the Specific Benefits of Switching to DuckDuckGo?

No Tracking

Of course, this is the biggie. DuckDuckGo doesn’t track you or what you look up online. All searches are 100% anonymous.

No Ads

Google tries to trick users by situating ads at the very top of the page — ads, by the way, that look like search result listings. The only difference is a little box that says “Ad” next to the web address. DuckDuckGo foregoes ads like these, generally starting at the very top of the page with your first search result listing.

Minimalist Interface

Speaking of no ads, DuckDuckGo provides an overall clean and minimalist appearance. Like Google’s results pages, you can toggle between “Web,” “Images,” “Video,” etc. at the top. You can also filter results by region, “Safe Search” mode (for strict or non-filtered adult content), and time period.

Non-personalized Search Results

“Why wouldn’t I want personalized search results?”

Well, you might. But the advantage of not having personalized results is that you’ll see exactly what everyone else sees. In other words, when you search “cocktail recipes” in Duluth, Minnesota, you’ll get the same results as someone searching for “cocktail recipes” in Lyon, France.

Seriously, What’s Actually So Bad About Search Tracking?

Many people’s argument against worrying about Google and other tech giants tracking them (hi, Alexa) is this: “I don’t do anything bad or shameful on the Internet, so why should I care if I’m tracked and my data’s stored?”

That may be true. Certainly, for some, the sheer fact that you’re being listened to, your movements are being tracked, and essentially everything about you (from your age and income to your shoe size and favorite local bar) is being stored … well, it’s alarming and disturbing.

But if that still doesn’t make you ponder the importance of personal data tracking and storing, consider this: Google is using your data to get rich, like, really rich. They’re monetizing everything you do through their platform and making billions in annual profits as a result. The stuff their using? Your shopping habits (Google Express), your online searches (Google Search), your personal conversations (Google Assistant and Google Hangouts), where you go (Google Maps), the news you read and your political leanings (Google News), and much more.

To make matters worse, in many ways, they’re being less than honest about their tactics. For example, their so-called “incognito” mode is far from fully private. Your employer and ISP can still track your searches when you’re in incognito. Furthermore, Google documents you’ve “deleted” and searches you’ve “cleared” aren’t really gone. Google stores them … indefinitely.

Consider a Switch to DuckDuckGo

There’s no doubt that companies like Google provide useful services to individuals and businesses of all kinds. Their search engine is definitely useful as well. Extensive, highly complex algorithms can help you find exactly what you’re looking for, often faster than other search engines.

But if you’re at all concerned with privacy and security for your business and/or at home, consider a search engine switch to the up-and-coming DuckDuckGo. Set it as your homepage, try it out, and see what you think.

Have You Heard of DuckDuckGo? Read More »

Call Now Button