July 12, 2022
Good morning, everyone!
Patch All the Things!
Beware of “Prime Day” phishing emails
Security researchers report a 37% increase in phishing emails spoofing Amazon Prime Day specials, and 1900 new Internet domains reserved that mimic amazon.com. Think before you click!
Deepfakes and stolen PII used to apply for remote work positions
The FBI Internet Crime Complaint Center (IC3) has issued a warning that reports of deepfakes and stolen PII are being used to apply for remote work positions, particularly those in IT. (A deepfake is ”a video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”
This may be a good time to review your hiring processes, and make certain that thorough background and reference checks are being done for all new hires, especially remote work and/or work that has access to sensitive information.
Be careful downloading software from the Internet
You know this, right? Cyber criminals routinely hide malware in legitimate free software downloads like this one. Make certain you are downloading an application from a known, safe place, preferably the original source (e.g., if you need a PDF reader, go to adobe.com.
SMBs are not implementing 2FA
A recent survey by the Cyber Readiness Institute (CRI) shows that more than half of all small- and medium-sized businesses (SMBs) have not implemented two-factor/multi-factor authentication (2FA/MFA) at their companies. WHY?!
MFA has been in use for decades and is widely recommended by cybersecurity experts, yet 55% of small and medium-sized businesses (SMBs) surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% small business and medium-sized owners have not discussed MFA with their employees.
Ya’ll know I love 2FA, right? I believe it is the single most effective way to protect online accounts. Clearly I haven’t gotten the word out far enough! If your company doesn’t require 2FA for online accounts, please ask them to talk to me. I’ll explain its value and help them find someone to implement it for them.
Be safe this week! (and always 😉)
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺