The 2018 Human Factor report by Proofpoint states that as many as 95% of web-based attacks now incorporate social engineering, or human error factor. So, with that simple fact, how can your organization prevent its employees from releasing confidential and critical information?
As we all work through our holiday gift giving lists this "Cyber Monday," it's important to be cyber aware of "the Grinch" lurking in the corners waiting to steal our confidential information. So, before you begin to cross the names off your list while experiencing that great sense of accomplishment, take a few moments to read through these "cyber shopping" best practices to protect yourself and your personal identifiable information (PII). Nobody wants to spend the holidays recovering their data or identity.
In 2017 alone, $5 billion was extorted from businesses using Ransomware, software that encrypts your files until you pay the criminals off. In another attack that took advantage of the Internet of Things (IoT), cyber criminals were able to leverage 10,000 security cameras and DVRs to take down popular websites across the internet. Not scary enough? It is important to acknowledge that none of us are above these attacks and anything connected to the internet is a potential target for hackers.
When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is that the protection of information and applications is always evolving and, as criminals find new ways to exploit weaknesses, it's tough to stay one step ahead.
It seems we can’t go more than 24 hours without hearing about the latest and greatest data breach that affects millions. So we ask ourselves, “What can we do better?” After all, if the “bad guys” can hack into the federal government, Home Depot, and Target, what hope do small and medium-sized businesses have?
Has anyone at your organization ever received an email that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns in the month of August; or, a note from what appears to be your accounting firm indicating they need you to confirm Social Security Numbers in order to send employee paychecks?
The "Goldeneye" or "Petya" ransomware attack is spreading across Europe and the United States and exploits the same vulnerability as WannaCry (the recommendations we made in the initial SE Alert still apply).
What’s different about this attack is that it has a second method of infecting networks. This method attacks networks via a compromised Microsoft Office or PDF attachment. Here are some good practices to follow when dealing with an attack such as this:
Data breach attacks are only getting more sophisticated and gaining more traction. They're happening to individuals at home, employees within organizations who click on the wrong link, CEOs who are targeted in a Business Email Compromise, and the list goes on. What's even worse is that small- to medium-sized businesses are more of a target than the large corporations. According to Verizon's 2017 Data Breach Investigations Report, 61% of all data breach victims are businesses under 1,000 employees.
By now, it’s not a well-kept secret that IT security is an important consideration in the design and operation of an organization’s network. A lot of things can be centrally managed by your IT administrator, like maintaining current anti-virus software, delivering timely operating system security updates, and web content filtering.
Systems Engineering is happy to host a guest blog series that highlights various expertise in the business community around us. This week, the author, Durward Ferland, Jr., comes to us from Macpage, a certified public accounting firm located in S. Portland and Augusta, ME as well as Marlborough, MA. In this blog article, Durward writes about the importance of Security Awareness Training in business organizations today.