Posts

Cybersecurity Tips

Cybersecurity TipsCybersecurity Awareness Month, now in its 19th year, aims to raise awareness about the importance of cybersecurity in both our professional and personal lives.

Held every October, Cyber Month is a collaborative effort between government and industry to ensure that individuals, organizations, and businesses have the cybersecurity tips and resources they need to be safe and secure online.

Every year, led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month sends a clear message about security and the importance of partnership between government and industry, from the White House to individuals.

Doing our part to help raise awareness, Coretelligent will be sharing information and resources to help keep your business safe from cybersecurity threats.

To kick things off, we have put together a list of cybersecurity tips as a quick introduction to persuade your team to assess your firm’s current security readiness from a cyber attack. Stay tuned throughout October for more cybersecurity tips and resources.

Cybersecurity Tips for Good Corporate Cyber Hygiene

  1. Double (or triple) up on login protection.

    Enable multi-factor authentication (MFA) across your organization for all accounts and devices to ensure that only authorized users gain access to your secure data. CISA’s Multi-Factor Authentication (MFA) How-to-Guide is a good resource for more information.

  2. Shake up your password protocol.

    According to the NIST guidance, users should consider using the longest password or passphrase permissible. Encourage end-users to switch up passwords across applications, accounts, and websites. Using unique, strong passwords can make it more difficult for cybercriminals to gain access and protect your organization in the event of a breach.

    A password manager and online password generator can be employed to generate and for remembering different, complex passwords. Another solution is to employ SSO to control passwords centrally and avoid user password sprawl across various platforms, which can lead to poor password choices, reuse, and insecure safekeeping.

  3. If you connect, you must protect.

    Whether it’s a laptop, smartphone, or another networked device, the best defense against viruses and malware attacks is to perform updates on a regular basis to verify that the latest software updates get applied to your software, browser, and operating systems.

    A plan that includes the automatic security update is a critical layer of security and part of a multi-layered defense strategy.

  4. Don’t get hooked.

    Cybercriminals use phishing tactics, hoping to fool their victims. So if you’re unsure who an email is from—even if the details appear accurate— or if the email looks phishy, do not respond, and do not click on any attachments or suspicious links in emails.

    Instead, report the phishing attempt to help your IT team and email provider block other suspicious fake emails before they arrive in your inbox. In addition, the use of random phishing simulations is a valuable exercise to help end-users spot phishing attempts.

  5. Beware of social engineering traps.

    Many people don’t realize that many of the posts seen on social media asking for seemingly random details are created by criminal networks. They use these posts to gather data that can be mined for potential passwords and other secure information.

    For example, posts like, “What car do you wish you still had?” or “Tag your childhood best friend” can be used to help criminals work out the answers to your security questions.

    Not only can these tactics impact personal data, but are used to target employees in order to gain access to corporate networks. Read CISA’s Social Media Cybersecurity Tip Sheet for more information about good social media and cybersecurity practices.

  6. Don’t forget about mobile.

    Most connected Internet of Things devices are supported by mobile applications. Mobile devices are often filled with suspicious apps running in the background, or using default permissions users never realized they approved, which are gathering personal information and login credentials without the user being aware.

    A robust cybersecurity posture should include a plan for protecting data from employees using compromised mobile devices to access to corporate networks.

  7. Stay protected while connected.

    Utilizing Virtual Private Network (VPN) for employees remotely connecting is the best way to protect networks. A VPN creates a secure connection that encrypts information so that it’s hidden as it travels. This connection makes it harder for attackers to see and access data.

    VPNs are essential when accessing sensitive data like personally identifiable information (like social security numbers) or protected health information, especially when using public wi-fi networks. In today’s hybrid workplace, VPNs are a must to protect against suspicious activity.

From a phishing attack to a ransomware attack, cyber threats are constantly evolving. If you are unsure whether your firm employs good cybersecurity hygiene practices or not, then it may be time for a security check-up.

Remember, cybercriminals will use any security vulnerabilities they can find to gain access and steal data. You can start with these cybersecurity tips and move on to using our free Cybersecurity Checklist to review your security measures.

Coretelligent is here to help with advice from our cybersecurity experts. Protect your business and learn more about our enhanced managed cybersecurity services designed specifically for small-to-mid-sized companies. Reduce your risk from security incidents – contact us today for help responding to your cybersecurity gaps.

Why are Phishing Emails so Dangerous and How Can You

Though it’s been around for a while, phishing attacks continue to be one the most common attacks and a favorite among hackers for their effectiveness and simplicity. These types of malicious attacks account for 90% of all data breaches.

Phishing schemes target the weakest link in the security chain–individual users. Phishing messages usually look like legitimate emails and include suspicious links or a malicious attachment made to look like legitimate links or a document from a trusted source. Use these resources to educate yourself and your end-users on better recognizing fraudulent emails.

7 Ways to Combat Phishing Emails

  1. Humans play a critical role in data breaches. Phishing scammers look for human errors to exploit and use social engineering tactics to obtain sensitive information and login details. Learn more by reading Cybersecurity and the Human Element.
  2. With email being the primary communication tool of business, it’s no surprise that it remains a top security risk. Attackers favor email messages because they can go around technical security measures by focusing their efforts on end-users. Discover more about how scammers use the phishing technique in Email Security Threats: You’ve Got Malware.
  3. Ransomware attacks are on the rise for financial services, according to the SEC’s OCIE. Attackers use phishing scams to gain access to your organization’s systems or data. Once they have access, they lock you out by encrypting your data, demand a ransom for the return of control, and may threaten to publish sensitive data if payment is not made. Read more in Ransomware on the Rise for Financial Services.
  4. Read Top 10 Cybersecurity Recommendations for a list of ten recommendations and best practices that can help better protect your business from fraudulent activities and evolving cyber threats.
  5. Does your organization know how to identify a spear phishing attempt? 6 Steps to Take to Reduce Phishing describes potential scammers’ strategies and the tell-tale signs of email phishing.
  6. In Most Common Types of Cyber Attacks & How to Prevent Them, we share cybersecurity tips to prevent some of the most common types of cyberattacks by proactively managing your risk profile.
  7. The End-User Awareness Training guide makes a case for end-user awareness training to mitigate human error and help users recognize suspicious activity. In addition, you will learn how to spot types of phishing attacks and other social engineering attacks.

Cybersecurity Awareness Month is a great time to reevaluate your security risk profile, reinforce your posture with additional security measures, and educate your team on. We hope these resources will help increase awareness and prevent future data breaches. Reach out to learn how Coretelligent can help protect your business with our robust cybersecurity solutions.

How to Spot a Phishing Email

How to Spot a Phishing EmailEmail phishing activity reached a new high in Q1 of 2022, especially in the financial services sector. According to KnowBe4 in 2022, the overall phish-prone percentage baseline average across all industries and size organizations was 32.4%.

Common attacks are nothing more than online scams involving gift cards, while some are targeted spear phishing campaigns with the goal of gaining access to corporate networks. The best defense against fraudulent emails is educating end-users on how to spot a suspicious email. Phishing schemes often have signs that can trigger recipients to question their veracity. The key is to slow down and pay attention to the details. To that end, we have put together a list of ten common phishing email characteristics.

10 Signs of a Phishing Scam

  1. It just doesn’t look right – Is there something a little off with the emails? Too good to be true? Trust your instincts about the warning signs of potentially suspicious activity.
  2. Generic salutations –  Instead of directly addressing you, phishing messages often use generic names like “Dear Customer.” Using impersonal greetings saves the cybercriminals time so they can maximize their number of potential victims.
  3. Links to official-looking sites asking for sensitive data – These fake websites are often very convincing, so before revealing personal information or confidential data, examine the site to make sure it’s not a fraudulent website.
  4. Unsolicited email that uses personal details about you – Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and then used to make a phishing email more convincing.
  5. Unnerving phrases – Thieves often use phrases meant to scare you (such as saying your account has been breached) to trick you into acting without thinking, and in doing so, revealing information you ordinarily would not.
  6. Bad grammar or spelling – Grammar mistakes and misspelled words are a dead giveaway in a basic phishing attack. The use of unusual syntax is also a sign that something is wrong.
  7. Urgent request – For example: “If you don’t respond within 48 hours, your account will be closed.” By convincing you the clock is ticking, phishing scammers hope you’ll make a mistake by clicking on a phishing link or opening a malicious attachment.
  8. You’ve won the grand prize – This phishing technique is common but easy to spot. A similar, trickier variation asks you to complete a survey (thus giving up your personal information) in return for a prize.
  9. Verify your account –  These types of phishing attacks spoof real emails asking you to verify an online account with a site or organization. Always question why you’re being asked to verify – there’s a good chance it’s a scam.
  10. Cybersquatting – Often, cybercriminals will purchase and squat on website names that are similar to an official website in the hopes that users go to the wrong site, such as www.google.com vs. www.g00gle.com. Always take a moment to check out the URL before entering your personal information.

Coretelligent’s Recommendation:

It is essential for your organization to have comprehensive solutions for cybersecurity designed by a trustworthy, proactive provider. Our CoreArmor solution offers 24/7 intrusion detection and monitoring, in-depth assessment to identify vulnerabilities, best-in-class phishing testing and end-user awareness training, and more. Your organization must be protected against emerging email threats in 2022 and beyond. Contact us today for strategic guidance on how to mitigate the security risk from phishing attempts.