by Felicien | Jun 17, 2019 | Education
Hackers Now Using HTTPS To Trick Victims Via Phishing Scams
Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.
These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.
Can You Still Count On HTTPS?
The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.
What Should You Do?
Be Suspicious of Email Names and Content
The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.
Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
Don’t click links in any emails from unknown senders.
If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees
This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.
Why Use New-School Security Awareness Training?
Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.
New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.
New-School Security Awareness Training…
Sends Phishing Security Tests to your employees to take on a regular basis.
Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know. It shows stats and graphs for both training and phishing, ready for your management to review.
Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.
Add New-School Security Awareness Training To Your Current Employee Training
The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.
by Felicien | Jun 16, 2019 | Education
Building a worldwide brand takes an army — that’s an army of independent developers if you’re Apple. The latest WWDC (Worldwide Developers Conference) always includes a few unexpected tidbits that make the tech world salivate, and this year is no different. For 2019, Apple pulled out all the stops by not only releasing a new version of its ubiquitous iOS but also bringing a fascinating new iPadOS that promises to change the way you work in the future. From software to hardware to Apple TV Plus shows, here’s a quick recap of the cool new releases at this massive global gathering of Apple worshippers.
Enhancing the iPad
Since November 2, 2012, the iPad has quickly become one of the most universal crossover tools for computing on the market. Originally introduced as a way to consume content, iPads have now reached a new stage of their evolution with the introduction of the iPadOS that brings the tablet one step closer to being the primary computing device for business and creative workers. While the tablet still doesn’t have quite enough computing power to run intensive applications, the iPad Pro introduced in 2018 and now this new OS is allowing the platform to push the boundaries of what you would expect as far as functionality in a tablet. Screens continue to grow in size while the interface becomes more nuanced, with the ability to split the screen, pin widgets to the home screen and multi-task more efficiently. Add in the USB thumb drive support and the ability for software developers to tinker with the programming interface, and you’re inching closer to a viable alternative to a traditional laptop computer.
Apple Introduces a Secure SSO Option
Security is top of mind for individuals and organisations alike, making multi-factor authentication a requirement for business systems. While Apple has been lacking this type of advanced functionality, the new single-sign-on option allows you to authenticate with Apple without releasing your personal information to third-party apps. For consumers who are already utilising Google or Facebook apps, it may be worth the switch to Apple SSO as the software also generates a unique, random email address that will save your inbox from spam — and your devices from malware.
The Apple Watch Becomes More User-Friendly
Love your Apple Watch but really dislike the App Store experience? Apple listened and created a version of the App Store created specifically for the confines of the Apple Watch. The store is chock-full of applications that were built specifically for WatchOS and enhances the Watch to the point that you no longer need the tether to your iPhone for basic functionality. Plus, WatchOS is enhanced with new health-tracking abilities, a calculator, streaming audio and voice memos — all of which are targeted to making this device appeal to a wider swath of the population.
New Toys for Developers
Many of Apple’s latest releases are targeted towards the consumer market, but the software and hardware giant hasn’t forgotten the developers that helped make the brand what it is today. The announcement of ARKit 3 includes state-of-the-art augmented reality features that allow developers to layer AR around users in new and exciting ways in the future. Built to help make AR more interactive for users, it also makes life a bit easier for developers by “allowing green screen-style effects in almost any environment”, according to Apple executives who introduced the new tech during a keynote. Something that’s been missing in previous releases is the ability to simultaneously utilise the front and back cameras to allow users to interact in a more holistic way with virtual elements in a real-world environment.
One thing is sure: Apple’s annual WWDC never disappoints! This highly-anticipated event provides consumers with a glimpse into the future while firing the enthusiasm and creativity of thousands of developers from around the world. Surprisingly, the coolest new introduction at WWDC wasn’t even technical — it was design-focused. It might show you the level of control that Apple has over its OS to learn that there were extensive cheers with the introduction of the system-wide Dark Mode for iPad, as the Apple team noted: “iOS now lives in the dark“.
by Felicien | Jun 15, 2019 | Education
The City of Burlington is out $503,000 because a staff member fell for a phishing scam. After receiving an email request to change banking information, the staff member was tricked into making a transaction to a false bank account.
The email requested that the employee change banking information for someone the City was already doing business with. The staffer transferred $503,000 to the fake bank account on May 16, 2019. The City didn’t learn about this until a week later. At that point, they notified the police.
After realizing this on May 23, the City says it immediately notified their bank and Halton Regional Police. A full investigation has been launched into how this happened and their current processes.
Since then, the City has put “additional internal controls” in effect to prevent this from happening again. They reported in their press release:
“These types of targeted attacks are all too common and can take many forms…Governments are just as prone to scams as are individuals,” they said.
Could Your Government Agency Or Business Be A Target?
Since January 2019, nearly 100 phishing campaigns have been tailored specifically for Canadian targets, according to researchers.
Criminals are spoofing well-known Canadian companies and organizations. They are using French-language phishing lures to increase their chances of tricking Canadian employees.
The most common forms of malware used in these Canadian phishing campaigns are banking Trojans called Emotet and Ursnif. They steal information and deliver other types of malware such as IcedID, Trickbot, Dridex, and GandCrab ransomware, and a keylogger called Formbook.
Canadians need to be on the lookout for more than just generic phishing spam.
What Should You Do?
Get New School Security Awareness Training
You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-school security awareness training will provide the knowledge they need to defend against these attacks.
What’s Wrong With Every-Day Security Awareness Training?
Old-School Security Awareness Training doesn’t hack it anymore (no pun intended). Today, your employees are frequently exposed to sophisticated and ever-changing phishing and ransomware attack methods.
Old-School Security Awareness Training is static. It’s a one-time event without follow-up. You need cybersecurity training that’s backed up with phishing tests performed on a regular basis to create a real change in behaviour.
What Is New-School Security Awareness Training?
More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.
With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.
And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your users can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.
With New-School Security Awareness Training You’ll…
Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.
Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.
New-School Training…
Sends Phishing Security Tests to your users and you get your phish-prone percentage.
Rolls out Training Campaigns for all users with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
Uses Advanced Reporting to monitor your users’ training progress, and to watch your phish-prone percentage drop.
Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs they find.
Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
Can We Use New-School Security Awareness Training Along With Our Other Training?
This is what many organizations and municipalities are doing. They are supplementing their current training content with New-School Security Awareness Training. Upload your own compliant-training and video content, and manage it alongside your other training all in one place. Now you have your very own Learning Management System.
Don’t wait until your employees get tricked into giving away your money. Educate them with New-School Security Awareness Training.
by Felicien | Jun 15, 2019 | Education
The introduction of electronic health records (EHR) has caused a transformational change in medicine, but there is an even larger movement in the future that caregivers across the world are glimpsing — robots and the Internet of Things (IoT). It took more than 50 years for EHRs to progress from their early beginnings in the 1960s to their extensive use today. While the next full wave of the robot revolution may take decades, the technology challenges of early introduction of cloud computing and IoT are already emerging. From cybersecurity to data consolidation and connectivity, see how IoT and the adoption of cloud computing are already changing the healthcare landscape.
Providing Secure Connections for Disparate Data Sources
Electronic health records may be stored in various systems within a single organization, making it a challenge to ensure that each separate system has the full complement of security necessary to protect the important information being stored within. Managing communication between the platforms, ensuring that the endpoints are all secure and keeping access limited to “need to know” individuals can keep legions of technology teams busy for years — but is it enough? Recent attacks on major hospitals and other healthcare organizations have proved that cyberattackers are specifically targeting these organizations due to the richness of the data that is stored within their platforms. Without help from Orange County IT services personnel who are able to focus on data security and connections, it can be challenging for your organization to ensure that your sensitive patient and financial data is fully protected. It is increasingly important that you are able to view all data and security needs through a single pane of glass: aggregation software that allows you to tightly manage your disparate data sources and applications.
Safeguarding Patient Data . . . and Revenue
Your healthcare organization’s revenue is tightly tied to your patients, and you stand to face significant losses in productivity and patient trust in the event of a highly-publicized data breach. A recent IBM study shows that it takes an average of 191 days for organizations to identify a data breach, much less begin remediation. It is easy to imagine the amount of devastation that an unsavory actor could bring upon your sensitive business systems and data within that amount of time. Remediation would need to be triggered as soon as possible, and can take weeks or even months before your systems are back to a high level of security and stability. Each day that you’re losing productivity can cost thousands of dollars for small businesses and many times that amount for major hospitals. When you add in the cost of lost patients, notifications and any additional services that may need to be provided for those affected by a breach or data loss — the losses can run into the millions of dollars. Unfortunately, many healthcare organizations are not budgeting the necessary dollars for cybersecurity and data consolidation to protect against this type and scale of loss.
Security Challenges with IoT and Cloud Adoption
As robots and other IoT are introduced into the healthcare world, there are added layers of security that must be considered. Data that is stored in the cloud can be accessed by healthcare assistants, such as the relatively new TUG4 by Aethon. This “tugboat” of an assistant is strictly meant to move items from one location to another such as trays of food and laundry. However, in order to be successful, these robots need to be programmed with the layout of the hospital or clinic — meaning they will have access to where other items are stored within the building. This information is not only stored locally but can be accessed by mobile devices and other remote locations, which means it could potentially be attacked. This doesn’t mean that healthcare organizations should stop adopting these future technology solutions, simply that endpoint and cloud security should be included in the same conversation.
How Orange County IT Services Can Protect Healthcare Data
Creating a comprehensive data and endpoint security strategy allows your organization to be confident that your business is protected from the potential losses that can occur as the result of a cyberattack. Your Orange County IT services professionals at The Orange Crew have extensive experience working with healthcare organizations and can help navigate the various regulatory issues while providing secure solutions that can help protect your business. Active monitoring can help reduce the impact of any threats that work their way through the security net with immediate remediation activities.
Protecting your data and endpoints starts with a firm understanding of your technology strategies and rollout plan, The technical professionals at The Orange Crew will work closely with your technology and business teams to understand what you are trying to accomplish and the timeframe, as well as creating a strategy that will work within your budgeting plan. Contact us today at 888-670-5066 or fill out our quick online contact form to claim your complimentary initial consultation.
by Felicien | Jun 14, 2019 | Education
The role of CMOs has been changing rapidly in recent years with the introduction of numerous technologies. Social media platforms, CRM software and diverse multimedia channels all offer businesses remarkably effective tools for creating and maintaining a brand while connecting with customers in ways that were never before possible. While the increased pace of tech adoption among businesses has been startling enough on its own, for CMOs the need for taking on new roles and responsibilities has been equally surprising. CMOs are being forced to bridge marketing and tech to facilitate the success of their companies, leading to a greater range of obligations and opportunities for professionals who once focused solely on the standard roles of the chief marketing officer.
Fortunately, the increased need for CMOs to have a major role in technology decisions brings rewards and well as challenges. CMOs are able to accomplish more than ever and play a bigger part in how their companies operate. They also get the opportunity to form powerful relationships with CIOs to increase their ability to achieve the goals of their department and the goals of the company as a whole.
The Role of the CMO is Evolving
Until recently, being a good CMO meant creating effective advertisements and cultivating relationships with various individuals and groups like media partners and advertising agencies. While these tasks still pertain to the role of CMO, the responsibilities of the CMO have greatly expanded due to the incorporation of various technology tools. Market research, advertising and brand management are still major responsibilities, but they have become only part of the duties faced by today’s CMO.
Now, CMOs are challenged by social media, immense amounts of data, changing demographics among consumers and a seemingly endless number of channels and devices available for marketing purposes. Navigating through the proliferation of data and tech tools while still ensuring that the original responsibilities of the position are seen to is no easy task. Yet CMOs are doing just that. They are rising to the challenge presented by the shift in their roles and excelling.
One of the key ways that CMOs are adapting is by forming a closer relationship with CIOs.
The CMO and CIO Partnership
The marketing team today has more technology at its fingertips than ever before, and the availability of innovative technology tools is only expanding. While CMOs tend to learn how to use the tech tools they need to use relatively quickly, they are still marketing professionals—not tech professionals. They understand the importance of having an expert available to help unravel the complexities of the options they are faced with. That is why many CMOs are seeking to open up lines of communication with CIOs and ultimately to develop relationships with CIOs so they can work together on answering questions of technology, marketing and how the two connect in their particular business.
There are a lot of tech options available to CMOs now, which can make it difficult to determine which tool is the right fit. Marketers might be experts in advertising, but that does not mean that they are immune to the effects of it. CMOs take advantage of the knowledge of CIOs to clear away the promotional message and get to the heart of what a tool can or cannot accomplish, and whether it even makes sense to adopt the tool based on the business and its goals.
CIOs tend to have strong discipline when it comes to technology. They are used to being told that the latest technology tool will transform the way they do business. They know how to conduct the necessary research to uncover the reality of what is on offer. The insight they offer CMOs is invaluable when it comes to making technology decisions.
The Role of CMOs in Tech Decisions
Every company today can benefit from including CMOs in technology decisions. CMOs should not be forced to make the decisions on their own, however. The real winning strategy for businesses is to combine the expertise of the CMO and the CIO to make joint decisions on what is the best choice to help the business achieve its objectives. CMOs know how to seek those objectives from a marketing standpoint. CIOs know how to achieve the objectives from a technology standpoint. Working together, they can create something that is greater than the sum of its parts.
As CMOs and CIOs learn to work together, they can begin to anticipate the perspectives and needs of each other’s departments. The CMO will gradually grasp issues like compatibility with existing technologies, while the CIO will come to understand how the CMO works towards objectives through marketing strategies.
Moving forward, CMOs will serve as experts in Martech, or marketing technology. They will use what they learn through their own work and through their relationships with CIOs to gain a better grasp of what marketing technology has to offer and how to utilize the power of the tools at their disposal. They can play a major role in the technology decisions of their company and the company will benefit significantly from their input.
by Felicien | Jun 14, 2019 | Education
CFOs have long been challenged by the value proposition of capital technology investments, often requiring in-depth analysis and reviews before making the plunge. While the lower monthly costs of cloud-based computing may overcome this inertia in some instances, CFOs are understandably nervous about committing to “rentals” of software or services that don’t have an extended life beyond the end of the subscription. While the CFO may not be reviewing each purchase for IT fit, they are likely intensely interested in whether they are getting the expected value from any technology purchases that are made. The CFOs leaning may help influence purchases for quite some time, making it vital to ensure that your CFO fully understands the benefits of moving to the cloud so you can break through their paralysis of analysis. Here are 4 of the sticking points that are pushing CFOs away from adoption of a more agile, extensible model for technology.
1. Communicate Key Risk Factors for Adoption
Like any technology, cloud platforms are only truly valuable if you gain widespread adoption throughout your user base. CFOs may have been burned in the past with projects that had an extensive upfront cost, yet didn’t deliver the expected business value after an extended implementation period. CIOs and other IT leaders can help mitigate this risk by addressing the root causes behind the poor adoption rates. Cloud solutions can be particularly challenging to sell, simply because they are predicated on the concept of continual change — something that is a struggle for many organizations.
2. Reassure CFOs That Technology Will Be Analyzed and “Rightsized” for Cloud
Financial business leaders are rarely happy with having assets on the books that aren’t being utilized, but legacy technology has a way of hanging around long after its useful life has been expended. When you reassure CFOs that you won’t simply be transferring efficiency problems to a new type of infrastructure — that you’re first resolving and appropriately sizing the solutions for your future business needs — they are more likely to be open to the conversation about a move. Gaining efficiencies and improving operations are always topics near and dear to the heart of CFOs. This could manifest in a variety of ways such as analyzing server and peak memory usage, looking for system vulnerabilities that can be addressed and reducing overall software licensing requirements.
3. Yes, There Are Ongoing Variable Costs — But They Are Balanced by Added Value
Traditional software models include an upfront purchase cost and an associated ongoing maintenance fee to obtain upgrades. Over the life of a contract, maintenance fees can increase and there may be charges over time for significant upgrades that aren’t covered in your service model. Newer options are introduced to the market on a regular basis, but a high sunk cost in a particular platform serves to discourage new investments in other platforms. With cloud-based platforms you may still have a multi-year contract, but once that time is over it may be significantly easier to shift to a new platform. Granted, there are likely integration costs and training and general disruption to your business to consider, but you may be able to recognize compelling benefits by changing to a new cloud-based service. Plus, most cloud software has the benefit of regular releases that will provide enhanced usability, resolve bugs and create a more secure computing environment. The financial equation becomes slightly more difficult to sell to your CFO if your usage is expected to vary considerably from month-to-month, as it can make cash flow more difficult to project.
4. Cloud Performance Has Improved Dramatically in This Decade
Sure, there are still some platforms that are not fully optimized and don’t run as quickly as they would on a local server — but we are no longer in a world where “cloud” equates to poor performance, latency and a lack of security. Ultra-fast connections throughout the country and the world and high-performance data centers offer a new level of service deliverability. While it’s still important to carefully review contracts to ensure that SLAs and reliability levels are up to your expectations, these should no longer be used to deliver a no-go decision on moving to the cloud.
Having an honest internal conversation with top leadership helps determine which — or all — of these concerns are holding back your CFO from approving cloud-based projects. While financial considerations are often top of mind, there are other risk factors that need to be openly addressed in a way that communicates the overall value to the organization.
