Blog

Categories
Security Alerts Cybersecurity - Detection and Response Blog

Patching the Spectre & Meltdown security vulnerabilities

You may have heard about the Spectre and Meltdown security vulnerabilities recently. While there’s no evidence of anyone exploiting the security flaw, we want to make sure our clients are aware of how it’s being resolved.

Categories
Blog Cybersecurity - Detection and Response Cybersecurity - Prevention

A compilation of cybersecurity predictions for 2018

Forbes just released a compilation of 60 cybersecurity predictions for 2018. While no one can predict the future, we’re sure that cybersecurity is going to stay in the headlines and at the top of our list. We’ve curated the predictions most likely to interest or impact our clients’ organizations here:

Categories
Cybersecurity - Detection and Response Blog

Cyberattacks target schools, too.

NBC News recently shared this report about schools in Columbia Falls, Montana that were targets of a cyberattack. Hackers accessed students personal data—social security numbers, phone numbers—and threatened to release that data and hurt children unless a ransom was paid. The hackers also accessed school security cameras and could watch everything going on. This school district lies in a quiet town at the foot of Glacier National Park, showing that threats can affect any organization, anywhere.

Categories
Security Alerts

“Krack” Wi-Fi security vulnerability and what it means for you

This week we found out about a Wi-Fi security vulnerability that affects all modern protected Wi-Fi networks. Read this article for a great (and not-too-technical) overview of the vulnerability.

A few important points:

Categories
Blog Cybersecurity - Prevention Employee-friendly Content

Hey, I found a USB stick.

A good reminder from our partner, KnowBe4, on USB sticks (aka thumb drives). We’ve stopped giving out branded USB sticks at events to make sure we don’t encourage folks to plug in an unknown drive. If you find one, be sure to give it to an IT professional (like your friendly WorkSmart consultant) so he or she can test it safely off the network.

Categories
Employee-friendly Content

Wait, the new password guidelines are simpler?

The National Institute of Standards and Technology (NIST) recently updated their Digital Identity Standards. I bet you haven’t read them, but the NIST guidelines affect how sites and apps create password requirements, and they affect the advice we share with you. And guess what? The new password guidelines are a lot more relaxed than before. But hackers aren’t taking a break, so what gives?

Categories
Cybersecurity - Prevention

The Top Five IT Security Risks: Threat One, End Users

It’s an unfortunately common scenario—someone has downloaded and executed CryptoLocker, and now, half of the company’s data is encrypted. The backups are not working, and the CEO is contemplating paying the $40,000 it’s going to take to get the password to unencrypt the data. Now seems like a good time for the world’s most epic facepalm.

Categories
Employee-friendly Content Blog

One Phish, Two Phish, Oops Phish…

Cyber-security is getting tougher every day. Hackers are smarter. Technology is advancing faster. And the losses businesses experience as a result of cyber-crime are astronomical. A quick Google search shows that the cost of cyber-attacks in 2015 was estimated at $400 billion, and ransomware alone cost businesses $209 million in just the first 3 months of 2016. That’s bananas.

Categories
Cybersecurity - Prevention Blog

Is two-step authentication the only way?

With all the recent hacking scares all over the world, you know and understand that your cyber security and your business’s cyber security are extremely important. However, when it comes to authentication processes, you may not be sure what the real deal is. There are two seemingly similar types of authentication that are often confused. Those are, of course, two-step and two-factor authentication. Find out more about the differences between the two here to ensure your cyber security will always be top of the line.

Categories
Cybersecurity - Prevention Employee-friendly Content

Cyber-crime and social engineering

For as long as there have been cybercriminals, there have been social engineers, or people who use tricks and scams to force other people to volunteer sensitive information. There are several ways to use social engineering to acquire valuable information like account passwords and bank accounts, but avoiding these scams comes down to one thing: training. Let’s take a look at some of the easiest ways for your employees to avoid one of these scams.