How Using the SLAM Method Can Improve Phishing Detection

email phishing

There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email. 

Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example. 

If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords. 

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher. 

Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they’ve learned, and cybersecurity suffers as a result. 

Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification 

What is the SLAM Method for Phishing Identification? 

One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it. 

These are: 

S = Sender 

L = Links 

A = Attachments 

M = Message text 

By giving people the term “SLAM” to use, it’s quicker for them to check suspicious email. This device helps them avoid missing something important. All they need to do use the cues in the acronym. 

Check the Sender

It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing. 

In this phishing email below, the email address domain is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the real company’s URL inside their fake one. 

You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more. 

Doing a quick search on the email address, quickly reveals it to be a scam. And a trap used in both email and SMS phishing attacks.  

It only takes a few seconds to type an email address into Google. This allows you to see if any scam warnings come up indicating a phishing email.  

 

Hover Over Links Without Clicking

Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code. Instead, it links to a site that does. 

Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam. 

 

When looking at email on a mobile device, it can be trickier to see the URL without clicking on it. There is no mouse like there is with a PC.  In this case, it’s best not to click the URL at all. Instead go to the purported site to check the validity of the message. 

Never Open Unexpected or Strange File Attachments

File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar word document and open it without thinking. 

It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.  

Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening. 

Read the Message Carefully

We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake. 

Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it? 

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate 

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs. 

 

Article used with permission from The Technology Press.  

The Critical Importance of Virtualized Infrastructure Security (And 4 Ways to Enhance It)

Virtualized Infrastructure Security

A torn-down virtual infrastructure creates risks for any business. And it can have a significant impact on how quickly you can retrieve your data and resume operations following an attack.  

These days, many businesses use virtualized infrastructure for more straightforward data storage. It’s because this approach is superior to physical solutions due to enhanced flexibility, straightforward provisioning, and affordable pricing.  

However, this model also requires a comprehensive approach to security.  

There’s a much greater risk of data loss, as many tools and practices for physical data protection are nearly useless in the virtual setting. Virtual threats are different, that’s why you need to think beyond traditional perimeter protection.  

So, if you’re using a virtualized infrastructure for data storage, keep reading.  

This article discusses the risks of improper virtualized infrastructure security and talks about ways you can improve it.  

DON’T LEAVE YOUR VIRTUALIZED INFRASTRUCTURE TO CHANCE

Virtualization security is crucial for every business’s security strategy. After all, we now live in a world of virtualized environments and need to apply security to all its layers.  

Let’s explore three of the most common virtualization security issues. 

ISSUE #1. EXTERNAL ATTACKS

These are a real threat to virtualized infrastructure.  

If hackers enter your host-level or server management software, they can easily access other crucial parts of your system. They can create a new user, assign admin rights, and then use that power to extract or destroy your company’s sensitive data.  

ISSUE #2. FILE SHARING AND COPY-PASTING

Host and virtual machine (VM) sharing is normally disabled. The same goes for copy-pasting elements between the remote management console and the VM. You can tweak the default settings by tweaking the ESXi host system, but this action isn’t recommended.  

Why? 

Because if a hacker gains access to your management console, they’d be able to copy data outside your virtual environment or install malware into your virtual machine. 

ISSUE #3. VIRUSES

Virtual machines, or VM, are prone to many attacks, with ransomware being among the most popular ones. For this reason, it’s crucial to keep regular backups of your website data and store them off-site at a place where they can’t be encrypted by hackers.  

If you fail to perform backups, you may find yourself in a situation where hackers could ask you for money to decipher your data.  

Restoring a VM is quite tricky even if you perform regular backups. Therefore, you need to educate your team members on alleviating the risk of getting ransomware and other viruses. 

Optimizing Your Virtualized Infrastructure Security 

Now that you’re aware of the 3 common issues a business can face if they have an unprotected virtual infrastructure, here are 4 tips on bolstering its security. 

TIP #1. MANAGING VIRTUAL SPRAWL

Virtual sprawls are often associated with growing virtual environments. The concept simply means that the more you expand, the bigger the need to keep your VMs secure. However, the number of machines can outgrow your ability to do so.  

To manage your virtual sprawl, consider doing the following: 

  • Create an inventory of all your machines at all times 
  • Set up lookouts featuring multi-location monitoring 
  • Monitor IP addresses that have access to your VMs 
  • Look for table locks 
  • Don’t use database grant statements to give privileges to other users 
  • Keep both on- and off-site backups 
  • Assess your virtual environment regularly and determine which machines you need and which ones aren’t necessary 
  • Have a central log of your systems and log all hardware actions 
  • Create a patch maintenance schedule for all machines to keep them up to date 

TIP #2. FOCUSING ON VIRTUAL CONFIGURATION SETUP

If you use virtual servers, you risk major configuration defects.  

That’s why it’s essential to make sure initial setups are free from security risks. This includes unnecessary ports, useless services, and similar vulnerabilities. Otherwise, all your virtual machines will inherit the same problems.  

The truth is that many businesses have poor virtual network configurations. You can avoid being one of those by ensuring all virtual applications that call the host (and vice versa) have proper segmentation. This includes databases and all web services.  

It’s also worth mentioning that most virtualization platforms only offer three switch security settings: forged transmits, MAC address changes, and promiscuous mode. There’s no protection for virtual systems that connect to other network areas.  

So, make sure to investigate each virtualization platform that allows this kind of communication, including all memory leaks, copy-paste functions, and device drivers. You can also tweak the system monitoring assets to look out for these pathways.  

TIP #3. SECURING ALL PARTS OF THE INFRASTRUCTURE

It’s imperative that you properly secure all of your infrastructure’s parts. This includes its physical components (switches, hosts, physical storage, routers) and virtual and guest systems. Don’t forget about all your cloud systems as well.  

When it comes to protecting different infrastructure parts, here are some things you can do: 

  • Install the latest firmware for your hosts. Virtualized infrastructure needs to have the latest security patches. So, keep all your VMware tools updated.  
  • Your active network elements such as routers, switches, and load balancers should use the latest firmware. 
  • Patch all operating systems with automatic updates. Schedule patch installations outside of your work hours and include automatic reboots.  
  • All virtualized environments should have reliable anti-malware and antivirus software installed (and regularly updated).  

TIP #4. HAVING A ROBUST BACKUP PLAN

Proper disaster recovery (DR) and backup plans are crucial in ensuring your business can continue operating after an attack. It’s because both your physical and virtual components can equally suffer from damage done by hacker attacks, hurricanes, etc.  

Ideally, you want to have a DR site located at a faraway data center or in the cloud. This way, you’ll alleviate the risk of being shut for a long time if your vital data gets compromised.  

Also, make sure to back up your VMs and your physical servers. Fortunately, you can back up your physical systems that operate on Windows or Linux, as well as your VMs that run on any OS.  

Additionally, you want to make at least three copies of your data and store two of them in different virtual places. And make sure to keep one backup off-site.  

If you want to take things to another level, you can replicate your VMs to a different data center for emergencies.  

PRIORITIZE THE SECURITY OF YOUR VIRTUAL INFRASTRUCTURE

If you never gave much importance to virtualized infrastructure security, doing so should be your priority now. Given the number of possible threats, protecting your VMs from unauthorized data sharing, viruses, and other types of attacks is crucial.  

All aspects of your physical and virtual components need to be protected to avoid issues. If this topic is all Greek to you, you’re not alone. The reality is that many business owners have struggled with the same problem.  

However, you can reach out to us for a 10-15-minute chat where we can discuss how you can bring the security of your virtualized infrastructure to the next level.  

 

Article used with permission from The Technology Press.  

Cybersecurity Training: How Often Is Enough?

cybersecurity training shield

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link. 

You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough. 

People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by. 

So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security. 

Why Is Cybersecurity Awareness Training Each 4-Months Recommended?

So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security. 

Employees took phishing identification tests at several different time increments: 

  • 4-months 
  • 6-months 
  • 8-months 
  • 10-months 
  • 12-months 

 

The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.  

 

To keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy. 

 

Tips on What & How to Train Employees to Develop a Cybersecure Culture

The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured. 

This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.  

The report states the following, 

“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.” 

Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods. 

Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan: 

  • Self-service videos that get emailed once per month 
  • Team-based roundtable discussions 
  • Security “Tip of the Week” in company newsletters or messaging channels 
  • Training session given by an IT professional  
  • Simulated phishing tests 
  • Cybersecurity posters 
  • Celebrate Cybersecurity Awareness Month in October  

When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training. 

Phishing by Email, Text & Social Media

Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams. 

Credential & Password Security

Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools. 

Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager. 

Mobile Device Security

Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app. 

Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated. 

Data Security

Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.   

Train employees on proper data handling and security procedures. This reduces the risk you’ll fall victim to a data leak or breach that can end up in a costly compliance penalty.  

Need Help Keeping Your Team Trained on Cybersecurity?

Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene. Get in touch to learn how BDS can help!  

Article used with permission from The Technology Press.  

Making Your VoIP Network Bulletproof (Six Tips to Protect Your VoIP from Cyberattacks)

Hardly any phone call system in a business beats VoIP when it comes to efficiency and flexibility. However, it’s not immune to cyberattacks. Discover how you can secure your VoIP ASAP. 

What kind of communication system are you using for your business? 

I asked because many modern-day businesses have now switched to the Voice Over Internet Protocol (VoIP). This technology allows employees to perform voice calls using only their internet connection.  

It’s often a wise choice considering that using VoIP comes with several benefits to a business. 

Among its benefits include lower operating costs, greater convenience than traditional services, increased accessibility, higher scalability, and the ability to multitask. VoIP also comes with advanced features for teams of all sizes, is completely portable, and offers superior voice quality.  

However, VoIP systems also have limitations, with cyberattacks being their number one downside.  

The good news is that it’s possible to protect a business’s VoIP system from hackers. And if you already implemented this in your business, it’s not too late to secure it. 

Read on to discover the most common threats to your network and tips on preventing them. 

THE NEED FOR VOIP PROTECTION

All VoIP systems require a stable internet connection to function properly. Unfortunately, their reliability on the internet makes them vulnerable to various security issues. 

Some of the most frequent ones include: 

SECURITY ISSUE #1. DENIAL OF SERVICE

Denial of Service (DoS) is a common threat to VoIP systems comprising attacks designed to shut down a machine or network and make it inaccessible for use.  

When this happens, legitimate users of VoIP technology may not be able to access their information systems and devices. And call centers can be affected by lower call quality, uptime, and latency.  

SECURITY ISSUE #2. WAR DIALING

War dialing is an attack that controls the company’s private branch exchange (PBX) and scans for other phone networks. This means hackers can dial numbers and connect to modems and other extensions. 

SECURITY ISSUE #3. TOLL FRAUD

Toll fraud is a threat that consists of making calls to outside lines from a company’s existing system.  

For example, hackers will dial costly international numbers intending to rack up toll charges to your business. 

SECURITY ISSUE #4. PHISHING

This is a common threat wherein attackers send fraudulent messages designed to trick victims into revealing sensitive information. Often, the unsuspecting victims would divulge information about passwords, internal IP networks, and similar data.  

SECURITY ISSUE #5. MALWARE

It’s a threat where attackers install malicious software via email or phone. A file or code gets delivered over a network and has the goal of infecting, stealing, or exploring the information contained within a system.  

After infecting the system with malware, VoIP hackers can enter your network and access critical business information 

SECURITY ISSUE #6. CALL INTERCEPTION

The call interception attacker uses unsecured networks to intercept the Session Initiation Protocol (SIP) traffic that serves to initiate, maintain, and terminate real-time voice and video sessions.  

A victim of a call interception attack can be redirected to another line hosted by the hacker, for example 

6 TIPS FOR BOOSTING VOIP SECURITY

Given the variety of threats imposed by attackers on VoIP systems, it’s necessary to optimize your VoIP security ASAP.  

Here are 6 valuable tips to get you started. 

TIP #1. SET UP A FIREWALL

Secure firewalls are necessary for all VoIP systems. It’s important to make your VoIP software and hardware firewalls scan information that goes in and out of the system and ensure it’s secure.  

If spam or a threat comes your way, the firewall will identify and gain control over it, shielding your system shielded from the attack. 

Also, a good firewall will allow the data packets you send to travel unhindered. 

TIP #2. USE STRONG PASSWORDS

Your VoIP system is no different from any other software or platform you use for handling sensitive information. For this reason, it needs to be protected with strong and regularly updated passwords.  

Aim for combinations of at least 12 characters, including numbers, upper- and lower-case letters, and special symbols. And for ultimate protection, go for passwords consisting of a random character series.  

It’s crucial to set a password as soon as you configure your VoIP system. Otherwise, you’re likely to forget about it later.  

Also, remember that some VoIP phones come with pre-set passwords, often available publicly. That’s why you should change yours as soon as you get a chance.  

Ideally, try to change your passwords every three months. 

TIP #3. RESTRICT CALLING

Many VoIP attacks happen due to toll fraud. So, if your business runs locally, there’s no need to have the international call option enabled. This allows you to be on the safe side and avoid paying expensive bills you weren’t even responsible for making.  

You can let your VoIP service block 1-900 numbers to avoid toll fraud 

TIP #4. ENCOURAGE YOUR TEAM TO REPORT SUSPICIOUS BEHAVIOR

Many of the VoIP attacks arrive due to irresponsible behavior. To prevent this from happening, educate your team on how they can best do their job without affecting the system’s security.  

For starters, they should know how to spot unusual network activity, handle passwords, and report suspicious behavior. They should also report ghost calls and missing voicemails whenever received. Staff also shouldn’t store voicemail for too long.  

The reality is that sometimes, cybersecurity training during onboarding often isn’t enough. That’s why you should do periodical training to keep your VoIP safe at all times.  

TIP #5. DEACTIVATE WEB INTERFACE USE

Ideally, you should deactivate the web interface used for your VoIP system.  

Why? 

Using phones on a desktop computer opens an area of weakness to attackers. It’s enough for a single phone user falling prey to leave the whole system exposed to an external party. All your data can be stolen in text format as a result.  

So, unless it’s absolutely necessary for you to use the web interface, be sure to secure it very strictly. 

TIP #6. USE A VPN FOR REMOTE WORKERS

Virtual Private Networks (VPNs) are great software that encrypts traffic regardless of your employee’s location.  

You can set up such a network for your remote staff to prevent data leaks and breaches. The good news is that using this service won’t degrade the call quality.  

(RE)GAINING CONTROL OVER YOUR VOIP SECURITY

VoIP systems are a fantastic alternative to landlines. After all, they offer many more features and flexibility at a fraction of the cost. However, their reliability on the internet also makes them susceptible to cyberattacks.  

If you have just set up a VoIP system for your company or are thinking of starting one, securing it should be your number one priority. Don’t risk falling prey to toll fraud, malware, phishing, and other attacks. Take some time to secure your business by following the tips from this article.  

And if you need more help to implement these changes or would like to further discuss securing your business’s VoIP system, reach out to us and we can set up a 10-15-minute chat 

 

Article used with permission from The Technology Press.