NetworkSecurity_774.png Executives Are Users, TooExecutives have become a major target because obtaining their credentials opens a wider attack surface than most other users’. In its recently released “2019 Data Breach Investigations Report,” Verizon determined that senior executives are 12 times more likely to be attacked through social interactions and nine times as likely to be the target of social breaches as compared to previous reports. Most of the attacks dealt with financial threats, which represented about 12% of the total. Phishing Is Top of the ListIn my previous No Jitter post, “Enterprises Not Doing Well on Net Protections,” I reported that phishing with social engineering was the primary method for obtaining credentials (46% of the threats) and access to IT systems and networks. You may be able to thwart some of these threats with software, but the ultimate prevention method is user avoidance of the threats. This is where adequate and consistent training will succeed. If you don’t conduct an employee vulnerability assessment, you’re missing one of the best preventative steps available. Using simulated phishing techniques, you can assess what users would do when they’re sent phishing emails. This helps uncover poor behavior and vulnerabilities. Make Teams, Slack, Other Collaboration Tools Ultra-Secure Sorell Slaymaker August 21, 2019 Read how Hotshot adds location and time elements to its MFA strategy and discover how you can protect your enterprise with a zero-trust architecture. Keeping Your Communications Systems Safe Takes Practice Gary Audin August 29, 2019 Don’t assume you’re ready for a security attack if you’ve never exercised what you have in place. Don’t Make It PainfulWhen I was in military intelligence, security was of paramount interest. I attended many security classes, but unfortunately some of them were extremely boring and didn’t motivate me very well. On the other hand, the penalties for breaking security were so severe that I paid attention. What Can a Dark Web Scan Do?You probably don’t know which users’ accounts are located on the dark web, which is made up of hidden websites that are accessible with special software. To find out, you can use a tool like Have I Been Pwned? This free tool will tell you whether your email address or password appears in one of more than 300 data dumps from websites, and it will notify you when your email address appears in a new data dump. Cybercriminals increasingly target users rather than infrastructure. You train your users about cybersecurity. You may test them, but do you consider that a passing grade that’s not a perfect score means some users didn’t learn all required cybersecurity skills? What they missed on the assessment test equals vulnerabilities that they still may respond to, thereby opening your network to attack. As many studies show, generally about half of all data breaches are caused by human mistakes or activities. In most cases, these result from poor training. What you want is the user to act as a human firewall and protect your organization. Don’t Forget the ContractorsOrganizations rely on contract workers, developers, consultants, VARs, and MSPs. The nature of contract jobs results in a feeling of impermanence that permeates throughout processes and policies. Contract workers are potential cyberattack victims, which means they need training to the same degree as full-time employees. Many contractors may have high levels of access and privileges, meaning that they have credentials that are more valuable than the average user. If you’re looking to discover if your credentials have been compromised, this is a useful service. Most pay-for services that say they scan the dark web are actually looking at data dumps. Am I Taking a Risk?If you discover an email address associated with one or more external data breaches, you should take immediate action to minimize the risk. You should change all the passwords associated with those accounts and employ stronger passwords. You need to make sure that the security training you deliver is positive, motivates, and engages users, and informs them of the risks that occur if they don’t apply the training they’ve received. Provide meaningful assessment feedback as part of the training. Your organization should foster a culture in which it is safe to raise concerns when users see or suspect something that can impact corporate security. Commit to continuous training. Ensure your users accept that cybersecurity in the workplace is everyone’s responsibility. Phish-Prone Testing, Keep Your Enterprise Secure Scott Murphy August 21, 2019 Phishing testing teaches employees to detect and respond to malicious emails, helping to create a culture of security. Train, test, and assess — that’s the best advice for keeping hackers from successful attacks against all of your user constituencies.Tags:News & Viewscybersecurityphishinguser trainingSecurityNews & Views Articles You Might Like The Threat of Toll Fraud Persists Irwin Lazar September 16, 2019 With a toll fraud prevention and mitigation strategy, enterprises can identify and mitigate potential toll threats – sometimes before they even happen. See All in Security » What Do I Train On?Once you’ve conducted the vulnerability assessment, you can improve your protections with education and training. The training should include: IT Security Refresh: The Cyber Defense Matrix Terry Slattery October 02, 2019 With the Cyber Defense Matrix, enterprises can measure their security coverage and discover gaps in their IT strategy. How to recognize phishing and phone scamsWhat the dangers are when using social media and how a user can spot scamsA rundown of corporate policy and guidance on the use of a company email address to register, post, or receive social mediaInformation on how to create strong unique passwords for every accountDiscussion of why your users aren’t allowed to install unlicensed software on any company computer, since free software commonly contains malwareHow to avoid using business emails for personal activitiesHow to protect mobile devices such as smartphones, laptops, tablets, and USB drivesMessaging that instills the concept that the door should always be locked Log in or register to post comments
The experts have made a number of urgent appeals to the Iranian Government about the denial of medical care and mistreatment of blogger Mohammad Reza Pourshajari and religious cleric Sayed Hossein Kazemeyni Boroujerdi. However, a formal response from the Government to the most recent appeals is yet to be received, the experts noted in a news release. “We are gravely concerned about the worsening health condition of Mr. Pourshajari and Mr. Boroujerdi, who require urgent access to specialist medical treatment outside prison,” they stated. “The prison authorities have so far denied this fundamental right, despite prison physicians recommending such urgent care.”Mr. Pourshajari (aka Siamak Mehr) was arrested for blogging in September 2010, and is currently serving a four-year prison term in Ghezal Hesar prison in Karaj. He had a heart attack and has been suffering from prostate disease, and has kidney stones, high sugar level, breathing problems, and high blood pressure.Mr. Boroujerdi, currently held in Evin Prison, was arrested for his religious beliefs on 8 October 2006 and is serving 11 years in prison. He suffers from Parkinson’s disease, diabetes and high blood pressure, breathing and walking problems, kidney stones and a heart condition. According to the news release, the two men’s health condition, deemed to require urgent hospital transfer, has deteriorated due to “physical abuse, poor prison conditions, prolonged solitary confinement, and other forms of repeated torture and ill-treatment.”The experts reminded the Iranian Government of its obligations under international standards to respect the prisoners’ right to health and to ensure humane treatment, which requires transferring sick prisoners who need specialist medical care to a specialized institution or civil hospital.“Mr. Pourshajari and Mr. Boroujerdi were imprisoned for peacefully exercising their rights to freedom of expression. They should not only receive urgent medical treatment but also be released,” said the experts. The Special Rapporteurs on Iran, Ahmed Shaheed; on the right to health, Anand Grover; on torture, Juan Méndez; on freedom of expression, Frank La Rue; and on freedom of religion, Heiner Bielefeldt are all appointed by the UN Human Rights Council in Geneva and charged with monitoring, reporting and advising on human rights issues in an independent and unpaid capacity.