CoreTech Blog

I remember the first time my dad gave me a box of tools. I was moving out for the first time, and he gave me a box filled with an old hammer, two screwdrivers (one flathead, the other Phillips head), a rusty wrench, and a tape measure. It wasn’t much but it showed me that he wanted to make sure that I was ok. He gave me those tools so that I could fix any problems that came up in my time away from him. Well, I want to do the same for you but with cybersecurity. Now I’m not your father, but that doesn’t mean that I don’t want you to be safe online and there are tons of tools online that can help you strengthen your cybersecurity.

Listed below are seven powerful tools, normally be found bundled together in one cybersecurity awareness program, that will turn your company’s digital security from zero to hero!

1. Continuous Dark Web Monitoring: As we went over in the last blog the dark web can be a terrifying place. Cybercriminals use it as a home base for malware attacks, phishing schemes, and all sorts of other digital terror activity. It’s not recommended that you ever delve into that Marianas Trench of the Internet, but you should know if your data is being passed around down there. A dark web monitoring service will alert you if certain emails, names, passwords, usernames, and more appear in the deep web. This will give you the chance to change passwords or back-up data before an attack occurs. A service like this could save you from having your identity stolen down the line.

2. Simulated Phishing: Over 1/5 of all data breaches involved phishing schemes in some way (source), so there is never too much protection against it. In a phishing simulation, you and your employees will receive fake phishing emails disguised as real emails to help you learn how to identify when you are being scammed. If you fall for the phishing scam, often you are prompted to take a training course on how to avoid them in the future. But congratulating those who pass is just as important as educating those that don’t. Positive reinforcement and gamification are invaluable aspects of simulated phishing that make it that much more effective. This tool builds habits that will only benefit your company in the long run.

3. Email Analysis Tool: Phishing attacks are one of the most prevalent scams on the Internet. Not only that but they can be very hard to catch if you are not paying attention. With an email analysis tool, however, you only have to be suspicious of an email to know if it is a phishing attempt. An email analysis tool allows employees to test whether an email has signs of phishing just by clicking a button. Once triggered, these tools tell the employee what parts of the email make it likely to be a phishing attempt and what they can look for in the future. Save IT some time and possibly yourself some grief with a tool that will put the power to uncover phishing schemes into the palm of your hand.

4. Weekly Micro Training Videos: One of the most important parts of strong cybersecurity is constant and regular training. Many training programs provide an annual training course that covers the basics, but if you let that information fall into the recesses of your mind it isn’t going to do you any good. That’s why short weekly trainings can be extremely helpful for your business. Reminding your employees every week of the dangers that lurk on the Internet and the ways with which they can combat them is extremely important. These trainings will also keep your employees informed on the newest trends of cybercrime. Cybercriminals are constantly evolving so you and your employees must remain constantly educated. These trainings tend to be 5 minutes or less and they are normally sent directly to your inbox. Five minutes for exponentially stronger cybersecurity sounds like a good deal to me!

5. Gamification & Employee Engagement: As you read through this blog, you may be thinking, there’s NO WAY my busy employees have time for all of this...and there’s no way you have time to nag them the entire way. That’s why a training program that puts gamification and employee engagement first is a HUGE key to a program’s success. That, and participation from upper management of course. When looking for a training program, make sure it’ll make your life easier, not harder. With positive reinforcement, gamified training, and a competitive leaderboard, you’ll do less nagging and more celebrating.

6. Simplified Management: Implementing a training program can seem daunting. All the time it would take you to rummage through all your employee’s data sounds IMPOSSIBLE. But if you find the RIGHT program that helps you, and doesn’t hurt you, you’ll be on your way to cybersecure in no time. Find a program that simplifies all the messy metrics into one, easy-to-understand risk score to help your management team understand where their company’s cybersecurity stands. No more data overwhelm, just one score indicating whether an employee is high, medium, or low risk and how to improve. Adding a metric to your employee evaluations has never been easier.

7. Security Risk Assessment: You can’t fix a leaky roof if you don’t know where the water’s coming from. You can’t repair your engine if you don’t know what broke. It’s impossible to fix a problem if you don’t know what the problem is. That is where a Security Risk Assessment comes in. This examination will tell you where the holes in your cybersecurity are and how best to plug them up. There’s no point in guessing with something as important as cybersecurity, go through an SRA to get a more confident answer.

Anything can happen at any time. That is the sentiment with which my father gave me his toolbox. He understood that being prepared is extremely important in life. That is exactly why you should always be prepared for a criminal to pounce. All these tools will keep your staff on their toes and prevent your business from falling victim to the next digital villain’s master scheme. The only thing I’m asking of you, is to have the foresight to open the toolkit and use them.

But you don’t need to go to your dad for a toolbox when we’ve got everything that you need right here! CoreTech can provide everything mentioned above so that your company never has to worry about cybersecurity again. Contact us to learn how your company get can the jump on cybercriminals with one easy-to-use program that’s automated, ongoing and easy to use!

It can be too easy to overlook the importance of technology and its security, particularly in industries that are deeply steeped in tradition, regardless of how crucial that security may seem when actually considered. Just consider the modern law firm, where technology, data, and the security of such is paramount.

When you think about the workweek, there’s a good chance that some iteration of the 40-hour week, broken into 9-to-5 shifts on the weekdays is what comes to mind. It’s just the way things are done. However, this may not be a good thing. Let’s consider the origins of our modern work schedule, and how changing it could provide us all with some serious benefits.

Let me ask you something: how many people do you fundamentally trust? Well, in a zero trust network, that number is reduced to zero. The idea of such a network is that everyone, whether they’re operating inside of the network or out, needs to be verified… and as you might imagine, it has proven effective in preventing data breaches. 

October is Cybersecurity Awareness Month, but it also well known, among the vernacular of the younger generation, as Spooky Season. Most people are more concerned with ghosts, ghouls, and goblins than they are with the dangers lurking in the dark corners of the Internet. Which is understandable, it’s more fun to think about the fake monsters than the real ones who could change your life in an instant. So, let’s make a compromise. We’re going to list the 7 scariest ghosts and monsters when it comes to cybersecurity, and we’ll try to make it as spooky as possible.

Social Engineering: The definition of social engineering is the manipulation of people in order to get access to confidential information. This malicious practice has been used for centuries but it has gotten even more effective in the Internet Age. Examples of social engineering include sending an email disguised as your friend or a trusted source, baiting you with free goods, and catfishing you into a fake romantic relationship. Once the needed information is obtained, the social engineer can then sell it or use it to line their own pockets. Think of them as shapeshifters who change their form in order to get what they want out of you.

Phishing: While many of the items on this list are types of software, phishing is more of an attack vector. Cybercriminals most often craft an email or text message that appears convincing but once interacted with (through clicking on attachments or links) could prompt you to enter login credentials or install software that is infected with malware. Imagine someone installing a listening device into your home by packaging it in a box from a store you would normally shop with. Sounds a lot scarier now, doesn’t it?

Malware: Malware is a broad term encompassing any type of intrusive software designed to damage computer systems. It has many different subsets, but malware is the umbrella under which they all live. Malware is a lot like another M-word: monster. There are many different types of monsters, but in the end, they are all monsters.

Viruses: We all know about the viruses that can infect your body, but what about the ones that infect your computer? They are often attached to a file sent to you by a cybercriminal. These malicious chunks of code spread from device to device, damaging your software and stealing your data. Think about it this way, how much scarier would biological viruses be if they could record your thoughts and give them to someone else?

Keylogger: This specific form of spyware can be extremely dangerous. Keyloggers allow hackers to see the keystrokes made on their victim’s keyboard. This information could lead them to usernames, passwords, bank information, and other personal data. It’s like if there was someone learning all your personal secrets by reading through your texts and emails. Just the idea of it sends shivers right down your spine.

Ransomware: All malware is dangerous, but there is not a subset more directly harmful than ransomware. This code-based demon infects your computer by encrypting the data stored on the device and forces the owner to pay a ransom to get it back. These types of attacks can occur on a personal or business level. To make a spooky comparison, ransomware is like a demon possessing your friend and forcing you to give up your soul in order to get them back.

The Dark Web: The Dark Web may not be something that can infect your computer, but it is definitely something you should be scared of. The Internet we use is only the tip of the iceberg, with the Deep and Dark Web taking up the rest. This shadowy hive of villains and ne’er-do-wells is where many attacks are launched from and where a lot of the stolen data is sold. There isn’t a good enough spooky metaphor for this one because the Dark Web is terrifying enough on its own.

There they are! Seven terrifying digital ghouls that will be haunting you for weeks to come. Join us next week to learn some techniques and tools that will help you avoid these possible threats! If you have any questions about cybersecurity, contact us!

The Internet browser is easily one of the most-used applications in this day of cloud-hosted resources and online content… but for all that use, is it also one of the most-secured applications? In some ways, yes… but there’s always a few extra steps that can help you improve your protections.

Authentication has been a major talking point for the past few years, particularly as the value of data has only increased and security has correspondingly increased in importance. As a result, more secure and reliable means of identity verification have also become more critical. Now, voice authentication is being considered as such a means.

If you’ve watched any sci-fi movie, you probably understand the perceived dangers of the digital world. Primarily the unrealistic dangers of artificial intelligence. Now, I’m not saying that AI won’t be a threat in the future but it’s important to note that right now the people using the Internet pose a much bigger threat than an incoming Robo-Apocalypse. And I’m not just talking about cybercriminals. Regular, everyday human error is what poses the most dangerous threat to your company’s cybersecurity. Don’t believe me? Well then, let’s take a quick look.

• If one of your employees is involved in a data breach and they happen to use the same password across all their accounts, that could give cybercriminals access to your whole network of data including employee W2’s and customer billing information.
• If just one person isn’t paying enough attention to their email and falls for a phishing scam, it could expose your company to a data breach or ransomware attack. Something like that could shut down your company for days or even weeks. Think about how much that could cost you in revenue and reputation.
• A less than thought out photo posted to social media with PII (Personal Identifiable Information) or PHI (Personal Health Information) visible in frame could lead to a data breach or a HIPAA violation. You don’t want a poorly timed selfie to be the reason you have to deal with an onslaught of lawsuits.
• Something as simple as a lost phone could be fatal if that employee used their personal phone for work. A hacker could use that hardware to break into your integral systems that hold employee and customer data. Not as easy to fix as a trip to Best Buy.

All these missteps are unintentional, but that doesn’t mean that you shouldn’t plan ahead for them. Make sure that you’re giving your staff proper cybersecurity training and making your digital policies well-known. Be an active participant in making sure no one falls for scams.

Luckily for you, this Cybersecurity Awareness Month we’ve got you covered. Visit our Cybersecurity Resource Page to book a complimentary Cybersecurity Business Review. We will help your business determine where your cybersecurity efforts stand.  Contact us today, we will put you on a path to less human error and stronger cybersecurity!

Virtual private networking, while maybe not the most familiar term to everyone, at least seems to be pretty straightforward. Such a specific-sounding term must apply to one aspect of technology and that one aspect alone, right?

Well, kind of, sort of, not really. In actuality, there are two kinds of VPN. Let’s go over what makes them different, and which your business should utilize.

The cyberattack on SolarWinds was devastating for many reasons, and Microsoft has officially uncovered yet another type of malware used in the attack on the software provider. This time, it is a backdoor threat they have named FoggyWeb. What does this threat do and why is it so important to look at this incident even now?