Every year about this time, cyber-criminal groups start to ramp up for the annual income tax fraud season. As we enter tax season, its good to remember the following tips to ensure your tax refund is not claimed by a scam artist.
There is a new tool available to all of us this year. Anyone can, and should, for ...
Continue Reading →
What if you could eliminate 95% of cybersecurity exploits by doing one thing better? Would you do it? Social Engineering in its many forms accounts for 95% to 99% of common exploits that cybercriminals use to gain initial access to your information assets. There are two simple security controls that you can put in place that would virtually eliminate the threats caused by social engineering.
Social engineering is the use of ...
Continue Reading →
Keeping our connected devices secure has become easier – and harder! Easier because we have more tools to defend our online assets, and harder because the opposition has grown much larger and become more sophisticated. And the enemy is not limited to criminals, there are terrorist groups, nation-state sponsored cyber operations teams, hacktivists, and other with malicious intent and nefarious schemes.
When I started writing this blog in October 2006, almost ...
Continue Reading →
Losing control of a major online shopping account like your Amazon account is a huge problem. An account hijacker could purchase all sorts of high end goods, jewelry, electronics, gift cards. Really, almost anything is for sale on Amazon. If you have a Prime membership, an attacker also has access to your video and music streaming account as well. This access can ...
If you use Google for anything (and who doesn’t), it is a good idea to periodically check your your Google account security settings. If you have an Android phone, then there is a Gmail account attached to the phone, whether you use it or not. This account is tied to the GPS location history generated by your phone. It is also attached to Google Calendar, Google Contacts, Google Photos, any ...
I have been predicting the death of the password for several years now, but all of us are still using them, even if they are easily stolen, cracked, or bypassed. A password by itself is not all that secure anymore. But there are several simple steps you can take to make them more secure.
Do not:
Is your computer technology Managed Service Provider (MSP) the weakest link in your supply chain security program? Are they the easiest point of entry for an attacker? Your contracted tech support provider holds keys to your computer network that are coveted by cyber-attackers. MSPs are commonly targeted by cyber-criminal groups and other bad actors because MSPs ...
A quick Saturday digest of cybersecurity news articles from other sources.From the desk of Thomas F. Duffy, MS-ISAC Chair
It’s that time of year again, holiday shopping has begun! Everyone is looking for those unique gifts, hot toys and cool electronics. Whether it is a hard-to-find toy for kids or the latest 4K ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.The idea of hacking back against those who hack you has been called a lot of things. The terms “goofy idea” and “illegal” are some we’ve heard. But for a ransomware victim in Germany, you can add the words “sweet revenge.” And not ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords ...