Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked.Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).Make Sure to Patch Any of These…

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.Well, a new report by cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.Why Are Smaller Companies Targeted More?There are many reasons why hackers see small businesses as low-hanging fruit. And why they are becoming larger targets of hackers out to score a quick illicit buck.Small Companies Tend to Spend Less on CybersecurityWhen you’re running…

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.A cybercriminal may want to steal employee login credentials. Or wish to launch a ransomware attack for a payout. Or possibly plant spyware to steal sensitive info. Sending a phishing email can do them all80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams. Many employees are now working from home. They don't have the same network protections they had when working at the office.Why has phishing continued to work so well after all these years? Aren’t people finally learning what phishing looks like?It's true that people are generally more aware of phishing emails and how to spot them than a decade ago. But it's also true that these emails are becoming harder to spot as scammers evolve their…

Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.The information they hold is more personal than even that which is in your wallet. It's because of all your digital footprints. This makes a lost or stolen device a cause for alarm.It’s often not the device that is the biggest concern. It’s the data on the device and access the device has to cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.If it's a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware…

There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email.Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example.If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they've learned, and cybersecurity suffers as a result.Want to give employees a “hook”…

How many text messages from companies do you receive today as compared to about two years ago? If you’re like many people, it’s quite a few more.This is because retailers have begun bypassing bloated email inboxes. They are urging consumers to sign up for SMS alerts for shipment tracking and sale notices. The medical industry has also joined the trend. Pharmacies send automated refill notices and doctor’s offices send SMS appointment reminders.These kinds of texts can be convenient. But retail stores and medical practices aren’t the only ones grabbing your attention by text. Cybercriminal groups are also using text messaging to send out phishing.Phishing by SMS is “smishing,” and it’s becoming a major problem.Case in point, in 2020, smishing rose by 328%, and during the first six months of 2021, it skyrocketed nearly 700% more. Phishing via SMS has become a big risk area. Especially as companies adjust data security to a more remote and mobile workforce.How Can I Text Myself?If you haven’t yet received…

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.Why Is Cybersecurity Awareness Training Each 4-Months Recommended?So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus…