Recently, there has been a lot of chatter from people concerned that their devices connecting to the internet may be compromised or experiencing issues.
For many of these devices, you might not need to be concerned, as long as you are making a habit of following a few ‘good housekeeping’ best practices when it comes to cybersecurity.
I want to take a few minutes to remind you of a few easy ways you can make sure your devices—both in the office and at home—are secure.
Even if your device hasn’t been hacked, your accounts may be vulnerable because your email addresses and passwords have been compromised, published on the Dark Web.
continue reading
I was reading an article on cybersecurity the other day that had argued that cybercrime is inevitable.
Whatever you did, someone is bound to find a way in. The article briefly mentioned an attack that compromised nearly 773 MILLION email accounts and credentials and was underscoring a theme that has grown far too common among cybersecurity professionals: there is no hope.
I want to be clear here: I am NOT one of those professionals. There is certainly more than just hope when it comes to protecting your business or your personal information.
While this article suggested we not digitize everything and revert back to paper, what it misses is that most people do not follow through on very simple techniques to keep data secure.
continue reading
Before I delve into how many backups are enough I want to start with a little story from a hospital that hit the news cycle about a year ago.
Hollywood Presbyterian Medical Center paid the equivalent of 17 thousand dollars to cybercriminals because their network’s data was entirely encrypted. Every single file was locked down and no one—not even the IT Department—was able to decipher heads or tails of the situation.
Their best recommendation? Pay the ransom.
continue reading
A backup server run by the Oklahoma Department of Securities had exposed terabytes of sensitive data. The server was misconfigured. Millions of sensitive records were released. Citizens of Oklahoma were notified that their identities may have been compromised.
What I want you to realize is that the State of Oklahoma is NOT the only organization with misconfigured servers. When we are asked to assess an organization’s security, nearly 9 times out of 10 they have a server that is misconfigured leaving them vulnerable to a ransomware attack or data breach.
The server at Oklahoma Department of Securities was discovered in early December of last year. The simple mistake was that it was set to public access—allowing anyone to ping it and get information out of it. If a hacker was scanning organizations for open ports or ways to get in, this would be the equivalent of a box office at the movies giving away free seats.
continue reading
Cybersecurity experts discovered a malicious campaign that takes less than a minute to execute that has proven to give BIG paydays to the criminals using it. The attack ends with you getting a pretty awful strain of ransomware—leading to your files completely encrypted and your workers unable to get essentially anything done.
Discovered late in December, this attack has been spreading through cybercrime rights. It steals documents, browser histories (including cookies that may be storing your online passwords or filled in information), currency, data from 2 Factor Authentication programs, including messages with verification codes. On top of all of this, this new methodology also can take screenshots of your computer, imaging and sending away any sensitive information that could be up on your screen.
continue reading
Cybersecurity experts just revealed yet another way criminals are trying to deceive your users.
The culprit?
A sneakier phishing attack that has been hard to detect.
You see, this phishing attack uses a new technique to hide the malicious code on the page to where a link in an email takes a user. This attack has led to numerous thieves stealing user credentials from all sorts of secure organizations ranging the gamut from banks to hospitals.
This attack evades detection using a never-seen-before trick that leverages a customized font to cover up any sign that it a malicious attack.
Recent research discoverers new credential-harvesting malicious phishing attack
continue reading
