Tag: security

29 Aug 2023

Why Your Business Needs to Beef Up Employee Security Awareness

We all have a tendency to avoid our weaknesses. When we do that, we never progress or get any better.

Jocko Willink

In today’s rapidly evolving landscape of cybersecurity, organizations are increasingly recognizing the critical importance of fortifying their defences. Despite substantial investments worldwide to repel digital threats, malicious actors persistently exploit vulnerabilities, even within the most fortified systems. Their primary focus? Employees. These individuals are regarded by cybercriminals as the weakest link in the cybersecurity chain. However, a solution exists—a beacon of hope in the form of a “beefed-up” security awareness training.

Enhancing security awareness among employees is undeniably a top priority. In this article, we will delve into the motivations behind cybercriminals’ fixation on employees and explore the profound implications of enriching their security knowledge. By acknowledging vulnerabilities and taking proactive measures, businesses can significantly reduce risks and empower their workforce to effectively counter cyber threats.

The Vulnerabilities Within – Identifying the Challenges

Does your organization grapple with these common challenges?

1. Lack of Awareness: The unfortunate reality is that many employees remain unfamiliar with cybersecurity hazards, tactics used by cybercriminals, and essential best practices. Malicious actors exploit this knowledge gap to launch deceptive campaigns, distribute malicious software, and orchestrate elaborate social manipulation tactics.

2. Privileged Access: Employees often possess access to critical systems, sensitive data, and administrative privileges coveted by cybercriminals. Breaching these accounts can provide malicious agents with access to valuable assets, leading to significant disruptions.

3. Social Manipulation: Cybercriminals excel at manipulating human emotions, trust, and curiosity. They employ these tactics to coerce employees into divulging confidential information, sharing login credentials, or unknowingly compromising security protocols.

4. BYOD Risks: The “Bring Your Own Device” (BYOD) trend introduces additional risks to businesses. Personal devices lacking robust security measures create vulnerabilities that cybercriminals are eager to exploit.

5. Remote and Hybrid Work Challenges: The shift to remote and hybrid work environments presents novel challenges. Home networks with weaker security, shared devices, and domestic distractions make employees more susceptible to digital attacks.

Constructing a Cyber-Resilient Workforce: Best Practices

To build a solid foundation for cyber resilience within your organization, consider these best practices:

1. Assess the Landscape: Gain a deep understanding of the specific cybersecurity risks your organization faces. Identify areas where employees are most vulnerable.

2. Define Objectives: Clearly define the knowledge and skills your employees need to acquire through your security awareness program.

3. Develop Engaging Content: Craft compelling content that captivates your employees’ attention and seamlessly integrates cybersecurity concepts. Use real-world scenarios to instill cybersecurity wisdom.

4. Tailor Content: Customize your content to address unique challenges within your organization. Align the material with employees’ roles and responsibilities.

5. Embrace Continuity: Establish a consistent rhythm of instruction to reinforce cybersecurity principles. Keep your workforce updated on emerging threats and countermeasures.

6. Measure Effectiveness: Regularly assess the impact of your security awareness program through behavioural outcomes, evaluations, and feedback. Use data to refine and improve your program continuously.

7. Foster a Cybersecurity Culture: Encourage proactive engagement by fostering open communication, providing spaces for incident reporting, and emphasizing shared responsibility for protecting the digital realm.

Uniting for a Secure Future

We stand united in our mission to usher in a new era of digital guardianship. Let us seize this opportunity to transform our employees into an unwavering bulwark against cyber threats. The investment in employee security awareness serves as the crucible in which our defences are honed, ensuring a future marked by unwavering resilience. As the cybersecurity landscape evolves, the empowerment of our workforce will prove instrumental in safeguarding our business from the persistent threats of the digital age.

16 Aug 2023

Avoid the Common Mistakes Your Cybersecurity Training

Leadership and learning are indispensable to each other.

John F. Kennedy

In today’s fast-paced digital landscape, the importance of employee cybersecurity training cannot be emphasized enough. It acts as the first line of defence against cyber threats, arming your team with the knowledge and skills to identify and counter potential risks. However, to ensure the efficacy of your training program, it is crucial to sidestep common errors that can compromise your efforts.

Navigating Common Mistakes for Effective Cybersecurity Training

Let’s take a deep dive into these pitfalls and develop avoidance strategies. By proactively addressing these challenges, you can magnify the impact of your employee cybersecurity training, fostering a culture of security awareness that empowers your workforce to stand guard against cybercriminals. Together, we will empower your team with the competencies needed to safeguard your organization.

Key Blunders to Dodge

1. Treating Security Training as a One-time Occasion:

Resist the urge to treat cybersecurity training as a mere checkbox to tick. Instead, foster an environment of perpetual learning by consistently offering opportunities for employees to stay abreast of the latest threats and best security practices. Elevate security awareness to an ongoing journey rather than an isolated event.

2. Providing Stale, Unengaging, and Irrelevant Training:

Engagement is the linchpin of effective training. Steer clear of dry and outdated content that fails to captivate employees’ attention. Strive to deliver training that is timely, captivating, and relatable. Harness interactive platforms and user-friendly tools to craft an immersive learning experience that resonates with your team.

3. Prioritizing Activity Over Behavioral Outcomes:

Avoid the trap of focusing solely on tracking training completion rates or the number of simulated phishing exercises. While these metrics offer insights, they only reveal part of the story. Shift your attention to measuring behavioural outcomes, showcasing a genuine grasp of security principles and driving concrete changes in employee conduct.

4. Nurturing a Culture of Blame and Mistrust:

Approach security training as a conduit for growth and improvement rather than a finger-pointing exercise. Foster a nurturing atmosphere where employees feel at ease reporting security concerns and seeking clarification. Promote a collective sense of responsibility, emphasizing that cybersecurity is a shared responsibility.

5. Lack of Leadership Support and Engagement:

Leadership wields substantial influence in setting the tone for your security training initiative. Without visible endorsement and active involvement from executives and managers, employees might perceive security as a peripheral concern. Rally leadership to champion security endeavours and actively participate in training, showcasing their dedication to safeguarding the organization.

6. Hesitating to Seek External Aid:

Crafting and managing a comprehensive training program can be daunting, particularly when internal resources are limited. Do not hesitate to solicit assistance from external experts or specialized IT service providers versed in cybersecurity training. They possess the expertise and guidance required to implement a robust and impactful program.

A Collaborative Journey Towards Success

By proactively addressing these potential missteps, you possess the capability to instill a resilient security culture within your organization. If support is required, do not hesitate to seek it. We are here to provide the necessary aid. Our wealth of experience and expertise perfectly align with your needs, making security training a minor concern.

Additionally, we invite you to walk through our Assessing the Strength of Your Cybersecurity Culture checklist to gauge your progress along the right trajectory. Together, we can fortify your defences and shield your enterprise from the ever-evolving landscape of cyber threats. Your organization’s security is our shared commitment.

04 Aug 2016
data security

Data Security Class

We are protecting your digital assets with firewalls, passwords and other digital methods. We detect intrusion attempts and virus attacks with special software that runs on the firewall and your workstations. We respond to your calls when you have a problem or when we a problem is detected. Between protection, detection and response, which is the most important? We believe it’s detection – as would you if you didn’t detect a large man with a big knife was standing over your bed at until you opened your eyes!! The best investment you can make in your security is to train your staff. Give them the tools and training necessary to detect attempted data breeches by signing up for our Security Awareness class. The content is updated with current events and true stories all the time. 

The class is 1 hour long, $250 for 1-25 people.

04 Aug 2016
multi-factor authentication

Multi-factor Authentication

You’ve seen this already. You try to access your Gmail account and you have to put in a code Google texted to your phone; or you add a credit card to Apple Pay on your iPhone and you have to approve the addition from another Apple device. Everybody has passwords – and they’re getting longer and more complex all the time! We all hate it. The answer coming down the pike is multi-factor authentication (MFA). Here’s the idea. Instead of just providing your password to access your data (email, files, etc.) you provide at least two of the following: Something you know (like your password), something you have (like a code from your mobile device) or something you are (like your fingerprint.)

MFA is being used more and more. There are apps that you can put on your mobile device that generate a code every 30 seconds. Your bank may require you to put in a code that was texted to your mobile device. Your online shopping site may require you to put in a PIN to login. You can receive a code via text message. You can use facial recognition (read about the Enterprise-grade security of Windows Hello here.) You can use the fingerprint scanner on the home button of your iPhone.

Get used to it. MFA is here and it will become the norm. If you want to increase security, give us a call. 704-814-8819

04 Aug 2016
mobile device management

Mobile Device Management

How do you deal with the fact that your digital assets are on your employee’s phone? What if they lose the phone? It can not only be bad for business, it may be against the law, depending on your market and the data that has been compromised. Mobile Device Management (MDM) is built into Office 365. Even if your employees own their own devices (which is most common) you can have them register their device with Office 365 in order to have email on the device. Then you control access to the data. You can use MDM for Office 365 to do a selective wipe to remove only organizational information, or a full wipe to delete all information from a mobile device and restore it to its factory settings.

If you’re interested in learning more about MDM, give us a call. 704-814-8819

15 Jul 2016

Windows 10 for free?

Windows 10: Quo Vadis strongly recommends a Windows 10 upgrade (if you haven’t already!) – especially in the next 2 weeks while it’s still free!

Remember, Windows 7 is 7 years old, Windows 8 is 5 years old, and Windows 10 is already 2 years old!

Steps to upgrade: Confirm with your mission-critical software vendors that they support Windows 10. If they do, then make a good backup of your data, and upgrade just one computer. Any speed-bumps can be worked out before you upgrade the rest of your office.

Generally, if your workstation will run Windows 7 or 8 comfortably, it’ll run 10 just fine.

Fun fact: Windows 10 includes Microsoft Edge – a built-from-the-ground-up new browser from Microsoft. It has extremely low power consumption, and is currently the only web browser than can stream 1080p.

15 Jul 2016

Do you hate changing your password?

HERE’S A TIP:At Quo Vadis we don’t have to worry about the constant password change. We use 1Password, a helpful, easy-to-use, secure app that stores all your logins, passwords, and more!

Tired of remembering all those passwords? Tired of the constant change? Do you want just one password for everything?

1Password.

Who doesn’t? As hackers become more real and more prevalent, passwords need to be much more complex. If you’ve taken the Security Awareness Class you know the danger, and you know how critical your password security is.

Every one of your businesses are connected to the internet, which makes you a target for cyber-attacks. Unfortunately, small businesses have a misconception that they are an unlikely target, but a quick Google search will produce a number of results showing small and medium businesses are attacked at nearly the same rate as enterprise level. Hackers know many companies don’t take cyber security seriously – and they’re right. It has come to our attention that many of you have simple passwords equivalent to having a key code entry of 1234! This is completely unacceptable.

It may be that, when you signed up for Network Care, you dismissed our counsel to implement strong passwords for your users. It’s time to reconsider. Ensure that you’re using strong passwords! Use these helpful guidelines to help create complex and secure passwords:

  • 8 characters long
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • Simple enough to remember without writing it down

Of course, additional security measures are always encouraged, like adding special characters and making the password longer. Make sure your password doesn’t include your name, and avoid generic ones like “Password1”. If you’d like us to enforce complex networks in your network or if you have any other questions or concerns, please call the Help Desk to discuss.

10 Jun 2016

Ransomware

If you’ve been following our Facebook page or scrolling through the tech news, you’ll know that Ransomware is running rampant through the business community. For those not ‘in the know’, there are a few common families of the malicious software often dubbed the Locky virus. Don’t let the pleasant sounding ring of Locky fool you. This virus is extremely effective at disrupting businesses by encrypting data as securely as banks do. Upon completion of its mission, the virus then informs you that it has locked your files and allows you to purchase the decryption key for a large sum of money.

The business model has worked and ransomware campaigns are becoming more and more popular, targeting businesses in wealthy countries. The virus has gone through several evolutions and continuously adapts to increase efficaciousness. There is presently no AntiVirus endpoint protection software capable of detecting the presence of Locky on your system. The detection occurs when you attempt to access a file…and can’t. Concerned? You should be.

We’ve helped approximately 20% of our clients recover from the aftermath of these ransomware attacks.  However, you should educate yourself and your staff. Start implementing the following practices to mitigate the effects of an infection:

  • Regular Backups: There are three ways address your encrypted files: (1) Pay the thieves for the decryption, (2) Forget about the data and move on, or (3) Restore your files to the last backup.  If you would like to discuss your current backup strategy, let us know.
  • DON’T enable macros in a document received through email: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
  • DON’T open attachments or links from unsolicited emails, even if it is from someone you know. It could be that their email account was compromised and the crooks are using it to entice you to open the document.
  • Avoid Mapped Drives: Microsoft no longer recommends using mapped drives and neither do we.  Right now, the only path the virus has to your server is through your mapped drives.  In the image below, you can see that there is a mapped Q drive to QVTools highlighted in blue.  This allows a path for the virus to the server.  The better method is to make a shortcut under the Favorites section (highlighted in yellow).  It may be that you have programs which require mapped drives.  Please let us know if you need any help implementing these changes.