There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email.Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example.If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they've learned, and cybersecurity suffers as a result.Want to give employees a “hook”…

How many text messages from companies do you receive today as compared to about two years ago? If you’re like many people, it’s quite a few more.This is because retailers have begun bypassing bloated email inboxes. They are urging consumers to sign up for SMS alerts for shipment tracking and sale notices. The medical industry has also joined the trend. Pharmacies send automated refill notices and doctor’s offices send SMS appointment reminders.These kinds of texts can be convenient. But retail stores and medical practices aren’t the only ones grabbing your attention by text. Cybercriminal groups are also using text messaging to send out phishing.Phishing by SMS is “smishing,” and it’s becoming a major problem.Case in point, in 2020, smishing rose by 328%, and during the first six months of 2021, it skyrocketed nearly 700% more. Phishing via SMS has become a big risk area. Especially as companies adjust data security to a more remote and mobile workforce.How Can I Text Myself?If you haven’t yet received…

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.Why Is Cybersecurity Awareness Training Each 4-Months Recommended?So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus…

The number of internet-connected devices in homes has been growing. It's increased exponentially over the last decade. A typical home now has 10.37 devices connected to the internet. PCs and mobile devices make up a little over half of those and the rest are IoT devices.IoT stands for Internet of Things. It means any other type of “smart device” that connects online. IoT devices in a home can be everything from your streaming stick to your smart refrigerator. Smart baby monitors and Alexa voice assistants are also IoT.There's also been another change that has happened over the last couple of years. It has been the increase in remote and hybrid work. The pandemic caused a major shift in where we work, turning the standard office paradigm on its head.Now, working remotely has become the norm for many companies around the world. This has put increased scrutiny on the security of all those IoT devices. They are now sharing a Wi-Fi network with business data and…

Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.What Are the Three Main Methods of MFA?When you implement multi-factor authentication…

Smartphones and tablets are often the preferred device for communications, web searching, and accessing many types of apps. They’re more portable and can be used from anywhere.We’re seeing the takeover of many activities that used to be performed on traditional computers. Now, people are using mobile devices instead.For example, Microsoft estimates that up to 80% of the workload in many enterprise organizations is now done via mobile devices. Over half of all web searches are also now conducted from a mobile device rather than a desktop PC.This has caused mobile devices to become more targeted over the past few years. As hackers realize they’re holding many of the same sensitive information and app access as PCs, they’ve been creating mobile malware and other exploits to breach mobile devices.In 2020, approximately 36.5% of organizations were impacted by mobile malware and 2.5 million people unknowingly downloaded multiple mobile adware apps.It’s important to start treating mobile devices in the same way as you do computers when it comes…

Approximately 34% of businesses take a week or longer to regain access to their data and systems once hit with a malware attack.Malware is an umbrella term that encompasses many different types of malicious code. It can include:VirusesRansomwareSpywareTrojansAdwareKey loggersAnd moreThe longer that malware sits on your system unchecked, the more damage it can do. Most forms of malware have a directive built in to spread to as many systems as possible. So, if not caught and removed right away, one computer could end up infecting 10 more on the same network in no time.Early detection is key so you can disconnect an infected device from your network and have it properly cleaned by a professional.Keep an eye out for these key warning signs of malware infection so you can jump into action and reduce your risk.Strange Popups on Your DesktopSome forms of malware can take on the disguise of being an antivirus app or warranty notice that pops up on your screen. Hackers try to…

Any cyberattack is dangerous, but the particularly devastating ones are those on supply chain companies. These can be any supplier – digital or non-digital – of goods and services.We’ve seen several attacks on the supply chain occur in 2021 that had wide-reaching consequences. These are “one-to-many” attacks where victims can go far beyond the company that was initially breached.Some recent high-profile examples of supply chain attacks include:Colonial Pipeline: A ransomware attack caused this major gas pipeline to be shut down for nearly a week.JBS: The world’s largest supplier of beef and pork products was hit with ransomware that caused plants in at least three countries to shut down for several days.Kaseya: This software company had its code infected with ransomware, which quickly spread to IT businesses that used its products and to roughly 1,500 of their small business customers. Why do you need to be worried about supply chain attacks even more so than in the past? Because they’ve been growing and are expected to continue…

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For example, hacked social media accounts will go for between $30 to $80 each.The rise in reliance on cloud services has caused a big increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.Having either a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft, and more.To make matters more challenging, users are still adopting bad password habits that make it all too easy for criminals. For example:34% of people admit to sharing passwords with colleagues44% of people reuse passwords across work and personal accounts49% of people store passwords in unprotected plain text documentsCloud accounts are more at risk of a breach than ever, but there are several things you…

Phishing is the number one method of attack delivery for everything from ransomware to credential theft. We are very aware of it coming by email, but other types of phishing have been growing rapidly.In recent years, phishing over social media has skyrocketed by 500%. There has also been a 100% increase in fraudulent social media accounts.Phishing over social media often tricks the victims because people tend to let their guard down when on social platforms like Facebook, Instagram, Twitter, and LinkedIn. They’re socializing and not looking for phishing scams.However, phishing scammers are out there looking for you and will reach out via friend requests and direct messages. Learn several ways you can secure your social media use to avoid these types of covert attacks.Make Your Profile Private on Social PlatformsPhishing scammers love public profiles on social media because not only can they gather intel on you to strike up a conversation, but they can also clone your profile and put up a fake page for…