In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns.
In this first segment of a two-part video blog, Wombat brings end users up to speed on the concept of social engineering. Viewers will understand what this threat is and the ways they might encounter social engineers in their work and personal lives, including phishing attacks, smishing text messages, social media fraud, vishing calls, and imposter scenarios.
- Have multiple layers (and different AV engines) of malware scanning in place; the firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different AV engine for your firewall, your mail server/email gateway and your endpoint AV. Then filter out almost all email attachment types except a few essential ones. Check out which AV engines your vendors use, because there is a lot of OEM-ing going on in the AV space, which might result in you using the same engine, but with a different label. Not good.
- Step your users through effective security awareness training and follow up with regular simulated phishing attacks which will keep them on their toes with security top of mind.
- Have good backup routines that are constantly tested to ensure if your data is lost that it can be easily recovered.
This spring break, students and families will step away from school and travel to warmer locales.
Before you jet to your spring break destination, don’t forget to pack your passport, sunscreen, and these mobile safety tips from Stop.Think.Connect.:
Keep a Clean Machine. Ensure all devices that connect to the Internet, including smart phones, tablets, and laptops, have the latest mobile security software, web browsers, and operating systems. This is the best way to defend against viruses, malware, and other online threats.
Protect Your Personal Information.Keep your phone securely locked (with a passcode) and in your possession. Disable geotagging features on your phone and applications so that your movements are not tracked and broadcast. Only give your phone number to people you know, and don’t share your friends’ numbers without their permission.
Connect with Care. While conducting online banking or shopping, look for websites that begin with “https.” These sites have taken extra measures to secure your information. Also, be wary of using public Wi-Fi or Internet hotspots to conduct sensitive online activities, such as banking and shopping.
Be a Good Online Citizen. Think before you upload photos or videos. What you put online can have consequences in the future. Ask your friends’ permission before uploading photos of them as well.
For more cybersecurity tips for those on the go, download the Stop.Think.Connect. Mobile Safety Tip Sheet.This information was published by GovDelivery on behalf of the US Department of Homeland Security in a March 2014 newsletter email.
- only allowing employees to connect devices with a certain mobile operating system to the corporate network
- not permitting workers to use jailbroken or rooted phones
- prohibiting users from changing the SIM cards in their phones and tablets
- banning specific tools and services, such as cloud vendors and MiFi hotspots
- enforcing certain levels of encryption that let EMM tools hook into users’ devices
How and why do employees circumvent IT policies?Admins often give users who violate policies the benefit of the doubt because employees don’t always break the rules for malicious or vindictive reasons. Rather, workers may not even know that certain actions break a company policy. That being said, thousands of breaches occur daily, and they can cost companies millions of dollars. Breaches can occur when employees store company information in third-party cloud services or when they use a blacklisted app, jailbroken phone or other device that does not meet the company guidelines. Employees who violate policies usually do so to be more productive. For example, many companies require workers to “remote-in” to access files from a mobile device. An employee may find it easier to store those files in a personal Dropbox account and then access them from anywhere, even though that action may violate a corporate policy. Additionally, restrictions on device model and OS version can cause strife for employees who may buy a personal device based on price. If the device they choose falls below the standards that the IT department set, that employee only has a few options: get no work done, upgrade his phone to gain access to the tools he needs, or go around IT blocks.
What should IT admins do?Today’s users are smart, and they will do what they need to so they can get work done, but there are steps you can take to combat employees circumventing IT policies. Create policies based on employees. Interview users to learn how they work, find out which devices and apps they like and then form policies around that research. When the guidelines for devices, services and applications mirror the way people really work, they won’t need to go around restrictions. For example, whitelist a note-taking app that you are comfortable with supporting, rather than blacklisting all note-taking apps. You’ll only have to manage one app, and employees can still get work done. Educate users. You might find that some employees are still new to smartphones and tablets. Education is key for these employees, and it doesn’t hurt to refresh the memories of seasoned mobile device users. Make sure workers know how to get the most out their devices, teach them about the risks of exposing company data and explain why your company’s policies are in place. Focus on data, not devices. Although you may need to create specific device guidelines so you can continue to use your EMM tools on all the devices that access your network, it’s more important to keep data safe. Operating systems change and update frequently, and it can be difficult to keep up.
This is a reprint from an article first published in February 2014 by Matt Schulz on SearchConsumerization.com