5 Cybersecurity Tips to Keep You Safe at Home & Work

#1 – Practice Good Password Hygiene  

To practice good password hygiene, you will want to use strong and unique passwords and enable two-factor or multi-factor authentication. If you’re worried about having to remember a large number of unique passwords for all your accounts, Jessica suggests downloading the free password manager “Last Pass” on your desktop or mobile device.  

 

#2 – Know Your Risk Factors  

Be aware that there is a cybersecurity risk of just browsing the internet or having an email address – it’s low, but it’s there. Jessica suggests using haveibeenpwned.com to check if an email address, password, or website has been compromised and how frequently. From here, you can make more knowledgeable decisions on website subscriptions or update your accounts with higher-strength passwords.  

 

#3 – Perform Regular Updates  

Hopefully, your IT department is frequently performing these on your work devices, but it should be done on personal devices as well. For a Windows device, you can type “Windows Update Settings” in the search bar and check for updates. A good rule of thumb is every 30 days to ensure your device works as efficiently as possible.  

 

#4 – Have a Backup Solution  

Be proactive rather than reactive. If you don’t have something in place now, it will be too late when you do get hacked. Back up essential documents using cloud-based methods such as Google Drive or iCloud. If you are someone with a vast amount of data to store, Jessica suggests a paid backup solution: BackBlaze is only $6/month for unlimited storage.  

 

#5 – Think Before You Click  

Be wary of unsolicited messages – emails, texts, online ads. Hackers send these in hopes of gaining access to your credentials or to prove your domain is credible. Jessica suggests you do not respond, do not click on links, and always delete. Also, mark as spam, block sender and notify your IT department. It’s better to be safe than sorry.  

 

Topics: Phishing, Cybersecurity

Don't Be The Next Big Catch: Register For Your .Bank Domain

 BANK

.BANK is not just another way to change up your domain name, it's a proactive and protective measure put in place to give you peace of mind that your customers are protected. Phishing in the financial industry is all too common, as it is the #1 cyberattack and starting point of most breaches. This reason alone is why .BANK domains are so important to implement.

If you'd like to skip straight to a downloadable flier that further explains how .BANK protects your customers, click here.

Not convinced yet or want more information? Here's why you should register for a .BANK domain:

VERIFICATION

Having a .BANK domain provides extra verification for your organization, as only verified members of the global banking community are approved for these domain names. These domain names make it easy for your customers to distinguish authentic emails or communications from your financial organization in comparison to a phishing attempt.

According to Kaspersky Lab, in 2017 the share of financial phishing increased from 47% to 54% of all phishing detections, which is a record-breaking high for financial phishing. You want your customers to confidently recognize and communicate with your organization, and without a .BANK domain nothing is promised. Anyone can register for a generic domain such as .COM or .NET, but only legitimate financial organizations can register for a .BANK domain name.

Related: What is Phishing?

EXTRA SECURITY MEASURES

Kaspersky Lab also found that more than every 4th attempt to load a phishing page was related to banking phishing. Financial organizations are the "big catches" when it comes to phishing, which is why extra security measures must be taken. These special domains include those extra security measures, from further authentication, to an increased level of encryption, to abuse monitoring and compliance enforcement so that only verified financial organizations can utilize .BANK domains.

Further authentication is just another road block in recognizing and stopping malicious attempts to steal personal information. If your customers see something linked to a .BANK domain, they know they can trust it. An increased level of encryption will help to drastically decrease the chance that customers are redirected to sites disguised as your own that could steal their account information. .BANK domains also come with compliance and requirements to maintain a strong level of security, so financial institutions must allocate a point of contact from their organization to help continue to verify their organization.

Related: Fight Cybercrime With User Awareness Training

.BANK domains play a huge role in preventing cybercrime in the financial industry. Phishing attempts are becoming more and more common, and financial institutions are the big catches. With the security, verification processes, and requirements of obtaining a .BANK domain, you can ensure your customers that anything from your domain name can be trusted and that their data is safe with you.

 

For more information on how .BANK protects your customers through verification, domain name integrity/domain name system security extensions, and strong encryption, click below.

Click here: Protecting Your Customers With .Bank

 

 

 

 

 

 

 

 

 

 

Topics: Security, Outsourced IT, Phishing, Cybersecurity, Financial

Spam Filtering: Why It's Important And How It Works

SPAM

Once spam hits your email inbox, you become a target. When it comes to technology, humans tend to be the weakest link in most IT security situations. Attackers will constantly try to trick them, manipulating users to click on things that they shouldn't through a variety of methods. Oftentimes, these "tricks" are via email, as email platforms can target a very large number of people and is a very "budget-friendly" attack. If users happen to click the wrong thing within the spam email, bullseye, internal data then becomes exposed.

Since email is commonly used as a way to exploit users and their data, spam filtering has grown in importance and relevance. Organizations must utilize a spam filter to reduce the risk of users clicking on something they shouldn't, in turn keeping their internal data shielded from a cyber attack.


Related: What is Phishing?

HERE'S HOW IT WORKS

Spam filtering uses a filtering solution within your email run by a set of procedures that help determine which incoming emails are spam and which are safe for the user to open. According to Spamhaus, the United States is ranked #1 among which countries have the most live spam issues. Spam is getting sent to users, and it's getting sent a lot.

The main types of filtering analyzes the source of the email, whether the source of the email has had any complaints or has ever been blacklisted, the content of the email, and subscriber engagement. All of this is tracked and sorted before hitting a users' inbox. Spam filtering solutions can be hosted in several ways to support organizations, whether it's through a cloud service, on-premise technology, or software installed on organizational computers that can collaborate with email platforms. 

WHY IT'S IMPORTANT

Implementing spam filtering is extremely important for any organization. Not only does spam filtering help keep garbage out of email inboxes, it helps with the quality of life of business emails because they run smoothly and are only used for their desired purpose. Spam filtering is essentially an anti-malware tool, as many attacks through email are trying to trick users to click on a malicious attachment, asking them to supply their credentials, and much more.

Related: Be Prepared to Fight Cybercrime With User Training

According to Radicati Research Group Inc., email spam costs businesses up to $20.5 billion each year, and that number will only continue to rise. Spam filtering prevents these spam messages from ever entering an inbox in the first place, keeping organizations from adding to the growing statistic of lost revenue.

Graymail. Another important aspect of spam filtering is the ability to eliminate "graymail" from user inboxes as well. Graymail is an email that a user has previously opted to receive, but doesn't really want or need in their inbox. Graymail isn't considered spam, as these emails aren't used to infiltrate an organization. What is considered graymail is determined by the actions of the user over time, and spam filtering platforms will pick up on that to determine what is or is not wanted within an inbox. A good spam filtering platform lets users adjust to block a lot of graymail, rather than having to manually unsubscribe from every single one.

PROOFPOINT

According to Proofpoint, 40% of organizations targeted by email fraud received between 10 and 50 attacks in the beginning of 2018, and the number of companies receiving more than 50 attacks rose by 20% in comparison to 2017. Five Nines has utilized Proofpoint as its' spam filtering platform for a couple different reasons.

First, Proofpoint is hosted as a spam filtering cloud service, this is preferred as inboxes get filtered before getting inside the Five Nines or client networks, which cuts down on malicious traffic immensely. Because spam and email attacks are constantly evolving, the threat response must continuously evolve as well, which is why Proofpoint spends a lot of time and money improving their spam filtering platform continuously.

Without spam filters, an organization's email setup wouldn't function properly, and internal data would have a higher risk of exposure to a cyber-attack. Consult with an IT team about properly implementing a spam filtering system for the well-being of your organizational email system, the safety of your data, and the peace of mind of your users.

 To learn more about the red flags users should watch for when navigating their email inbox through a free downloadable graphic, click below.

Download The Social Engineering Red Flags Flier

Topics: Security, Phishing, Cybersecurity, Spam Filtering

Be Prepared To Fight Cybercrime With User Training

Cyber Crime Blog Reformatted

In the tech industry today, even the most reliable tools can be used against you. Five Nines has recently discovered phishing attempts that are in the form of an Office 365 verification email. Wouldn’t you be enticed to click on the links in this email?

Phishing Example.png

Unfortunately, just because it is Office 365, and just because many Office 365 tools are hosted online, does not mean it is any safer. When it comes to cybercrime, you must have a healthy paranoia about everything. Anything is open game.

WHAT TO LOOK FOR

A lot of these phishing attempts happen through email, mobile messages, or unprotected webpages. Here are a few quick tips we recommend:

  • Double check the sender’s email address, is it from a suspicious domain? Are there any tiny grammatical errors? (EX. micorsoft-support.com)
  • Why is the sender asking you to click on a link? Is it to avoid negative consequence or to gain something of value? Think twice about whether it’s a link you should be clicking on.
  • Did you receive the email at an unusual time that is not during business hours?
  • Are there misspellings in hyperlinks?
  • Does the attachment in the email relate to the content of the message?

Download The Social Engineering Red Flags FlierWe have put together a complete flier full of even more red flags to look for when it comes to phishing attempts. Download the flier, read it over, and share it with your team. P.S. it’s free.

Keep in mind, phishing attempts may be in the form of reputable organizations and programs, such as Microsoft and their Office 365 software. For consistent FBI updates on current cybercrime schemes, click here. 

WHAT TO DO ABOUT IT

There are a couple of important components that must be put into place to keep your organization protected from clever cybercrime tactics. First, the antivirus you use is very crucial in protecting your business. Five Nines utilizes Cylance, if you don’t know a lot about this antivirus Five Nines just hosted a Cylance webinar, download it here.

Cylance Power Hour

Antivirus aside, one of the more impactful solutions to prepare for potential cybercrime attempts like the one above is user training and awareness implementation. Five Nines believes giving users the confidence to navigate their devices with the knowledge to identify real threats plays a huge role in fighting against cybercrime. It only takes one wrong click to cause a breach in your IT environment.

Situational training is very helpful, as it provides real scenarios of actual phishing attempts and puts your employees to the test to see if they can identify these attempts themselves. Giving your teams the right tools they need to not only be efficient and productive, but also aware and alert will give your IT environment a significant advantage.

If you’d like to see examples of how Five Nines implements user training, click here for our free Gone Phishing webinar recording.

AN ONGOING PHENOMENON

Cyber crime and phishing attempts will not be going away anytime soon, in fact this phenomenon is predicted to get worse each year. It’s a threat everyone needs to be aware of and prepared for.

According to Cybersecurity Ventures, cybercrime is currently the greatest threat to every company in the world. By 2021, cybercrime is predicted to cost the world up to $6 trillion on an annual basis. These costs derive from destruction of data to productivity loss to the restoration of hacked data systems.

The statistics are scary and intimidating, but you don’t have to fight cybercrime alone. Avoid having someone on your team click on something like the email above by implementing user training within your organization.

Five Nines offers user awareness training to make sure all teams are prepared for the possibilities of phishing attacks and other cybercrime initiatives. If this is of interest to you, click the button below and we will start the conversation about how to train your team.

Cybercrime is growing, but so are protective measures. Take action and prioritize cybercrime prevention to avoid being part of the statistics.

Preparing Your Team With User Awareness Training

Topics: Outsourced IT, Managed IT Services, Phishing, Threat Landscape, Cybersecurity

The Future of Financial Technology in 2018

THE FUTURE OF FINANCIAL TECHNOLOGYTechnology will continue to impact change within the financial services industry throughout 2018. According to a survey conducted by Deloitte, there are differing opinions from financial services leaders about how technology will drive change. Over two-thirds of respondents from this audience believed technology innovation will push for change within the industry, while one-half claimed that regulation will be the pressing factor.Regardless of how technical changes will impact the industry - whether it's instant, or gradual, there will be changes not only in 2018, but within the next 5 years.
 

SECURITY

Research conducted by IBM states that the financial services industry was within the top 2 industries targeted the most by cyber-attackers throughout 2017. This means financial organizations experienced 65% more attacks than the average company. This jarring statistic means that financial companies need to continue to take preventative action in 2018. First, don't allow employees to fall victim to a cyber-attack. Implement the right awareness and training to prepare all teams. The 2017 State of Cybersecurity in Small & Medium-Sized Businesses Report by Keeper Security shows that 48% of SMBs experienced a phishing attack last year, so it's recommended to develop a plan to address phishing scams ahead of time. Finally, ensure that all of your cybersecurity tools are up-to-date and working together.

MOBILE PAYMENTS

Mobile payments and transfers will continue to grow in 2018. Millennials prefer the use of their on-the-go digital devices whenever possible, which is why mobile within the financial industry will continue to skyrocket. This digital demand will push the industry to newer heights, as they will have to continue to streamline and implement efficient mobile payment systems. Applications such as Apple Pay and Android Pay, PayPal, Venmo, as well as banking applications will continue to grow in use and popularity, and will need to have the ability to work together seamlessly.

MODERNIZATION

There are many technical resources that banks are using to keep track of their assets. Modernizing core IT infrastructures so that operations run smoothly will become a trend in 2018 as technology continues to be implemented in different ways. Companies within the industry must maximize the use of their tools while minimizing the amount of tools they are using to ease confusion and streamline the overall environment.

Staying on top of industry changes and being open-minded to technological changes is extremely important when maintaining a successful and efficient IT environment. There's a pattern when it comes to workplace technology, change makes users uncomfortable, especially in the banking industry. Organizations don't want to compromise their processes or make their clients uncomfortable. As we have seen technology evolve throughout the years, however, one thing remains clear. Companies always have to evolve their technology eventually.

Be proactive, don't be afraid to make changes, and continue to keep workplace technology top of mind in 2018. Download our free Network Health Check today to briefly assess the quality of your IT environment. 

Click Here For Your Free Network Health Check

Topics: Phishing, Cybersecurity, Business Continuity, Financial

Your Digital Shield: How Cyber Insurance Protects You

 

How Cyberinsurance Protects You

Who needs it? The answer is everyone. Unfortunately, cybercrime is not a matter of "if", but a matter of "when." Learn more about how to utilize cyber insurance for your business, the common misconceptions in regards to cyber liability, and how insurance helps you respond to a potential cybercrime.

Miss the NE Tech Summit? Through a presentation by Unico Group, read about why the common trends of cybercrime, and how cyber insurance can help. 

Presenters: 

Dan Mickells - UNICO

Tom Champoux - UNICO

 

Sit back and learn about the NE Tech Summit Session on Cyber Insurance.

 Click Here for Free Presentation Download

 

Topics: Phishing

Gone Phishing: How To Protect Against Phishing Attacks

 

Gone Phishing

Global Drug Trade makes around $435 billion dollars a year. What about Cybercrime? $450 billion dollars a year. Don't lose your business dollars to cybercrime.

Miss the NE Tech Summit? View screenshot examples of how you can create fake phishing links to see if your team members take the bait, and how to best implement security awareness training within your organization.

Presenter: 

Marshall Ford - Training and Development Manager at Five Nines

 

Sit back and learn about the NE Tech Summit Session on Phishing and Security Awareness.

 Click Here for Free Presentation Download

 

Topics: Phishing