The Havoc Shield Blog
Totally Avoidable Work-From-Home Security #Fails
For years, work from home security took a backseat to office security. Then suddenly, everything changed. Work from home security became just as important (and sometimes more important) than office security. As companies grapple with how to make the dream of work from home security a reality, there are a handful of totally avoidable work from home security failures that have come to the forefront. Here are some of the biggest ones.
The 3 Most Misunderstood Cybersecurity Terms
We’ve got a problem with the cybersecurity terms that we see in industry articles and whitepapers. The language of cybersecurity has become so nuanced and intricate that it’s enough to frighten away everyone other than industry insiders. And that’s exactly the opposite of what we all need. A more inclusive discussion around cybersecurity — one that draws in curious non-experts — helps spread an understanding of cybersecurity that improves all of our safety. Here are the worst three terms that deserve a place on the “wall of shame” in the cybersecurity dictionary.
Budget Denied: Information Systems Security Officer Role
We spend most of our time talking with small businesses that do not have an Information Systems Security Officer. In fact, most small businesses we work with have never contemplating getting one. ZipRecruiter refers to the Information Systems Security Officer role as a role with an average annual salary of approximately $108,686/year, having the following responsibilities: “An information systems security officer (ISSO) protects the IT infrastructure of companies, organizations, or agencies. Your duties include taking proactive security measures, assessing risks, and responding to security breaches.”
So why aren’t small business owners on the hunt for talented cybersecurity professionals to file a role of this title and description?
How can I limit G Suite Calendar Sharing to Free/Busy?
G Suite calendar sharing can lead to the leakage of confidential information. As a G Suite administrator, you can help your employees avoid accidentally disclosing sensitive information by putting some reasonable guardrails on what sharing settings they are (and aren’t) allowed to use to share their calendar.
5 Small Biz Cybersecurity Survival Tips for Cyber Monday
This year, for many small businesses, a strong Cyber Monday is crucial for survival. With the wild gyrations in purchasing patterns and demand for particular products or services this year, there are a great many small businesses who have a lot of ground to make up on Cyber Monday 2020. With online sales. And it CAN’T go wrong. With that in mind, this post is for those of you that have an especially “high stakes” Cyber Monday ahead. Amongst all of the pressures related to your email and web promotional materials, your online ads, and your communications with existing customers and prospects, we know it’s easy to forget about cybersecurity. The problem is that if cybersecurity goes wrong on Cyber Monday, there is no way to turn back the clock and regain the opportunity to “win big” on that incredibly high-traffic online shopping day. With that in mind, here are the five things that you absolutely need to do to get ready for a strong (and SAFE) Cyber Monday:
9 Foolish Ways to Erode Your Password Manager Security
If you roll out a password manager in your business, there are many great benefits that should improve the security of your organization. Password managers make it easy to generate strong, unique passwords. Password managers make it easy to revoke access to passwords to key company resources when an employee leaves the company. Password managers reduce the frustration of trying to mentally develop memorization systems or notepad / post-it style approaches to recording / recalling passwords.
Still, to get the full benefit of a companywide password manager rollout, there are some common mistakes that are important to avoid. The mistakes that we’ll describe here are ones that significantly erode password manager security. So, without further ado, here are nine mistakes to avoid in your organization’s password manager practices.
113 of our Favorite Phishing Simulation Emails
What makes a great phishing simulation email? We’ll share our perspective, and reveal the top 113 phishing simulation emails that we use at Havoc Shield.
How BYOD Policies Catch You Up to Reality
Does your company have BYOD policies? For those unfamiliar with the term, BYOD is “Bring Your Own Device” — and BYOD policies relate to what the company does (and doesn’t) allow in terms of handling company business from your own devices. When the term BYOD first entered the vernacular of IT and compliance teams, it often referred to employees using their own smartphone or tablet. However, more recently it’s adopted a meaning that includes any personal device — including laptops, tablets, smartphones, and anything else.
Good Security Programs Begin and End with Policy?
You may have heard the advice “Good Security Programs Begin and End with Policy” — an assertion that is being popularized by at least one online cybersecurity training program. We disagree. Here, we’ll share why.
Email Security Best Practices for Employees
We learn as kids not to talk to strangers, but as adults, we sometimes forget this lesson when we engage with emails. That’s why it is so crucial to put email security best practices in place in order to protect your data, customers and company as a whole.
The Hidden Link between UNC Path Injection and Phishing
UNC Path Injection is an attack that we consider to have originated in the 1990s. It’s exact origins are difficult to trace, but the mid-1990s were a period of tremendous growth in terms of adoption of the Windows NT operating system, and anecdotally that seems to be the operating system that some of the early UNC Path Injection attacks occurred on.
Culture Club: Creating a Company Culture for Security
Everyone knows how important security is to companies and organizations. There were about 1,500 data breaches in the US in 2019 alone. But there are a number of organizations out there that have not adopted a security culture.
Phishing Training: A Holistic Approach
Phishing training requires a holistic approach that is often overlooked by companies racing to “check the box” in terms of offering training on this increasingly important topic. A big mistake would be to treat phishing training the way that companies treat many other kinds of training. We’ve heard of far too many company training events that involve a manager speaking for 30 minutes, with slides in the background, followed by everyone going back to what they were doing.
If that approach sounds a bit like what your company does for phishing training, please read on.
What does WFH minus DNS Filtering equal?
Here’s a math problem (sort of). What does “WFH” minus “DNS Filtering” equal? Before you answer, let’s get the basics out of the way on the terminology front.
Business Email Compromise 💗s Urgency
Business Email Compromise is an interesting waiting game. At first, it might involve a high degree of patience on the part of the cyber attacker, but then, an incredible amount of urgency. That pattern is central to some of the most effective Business Email Compromise attacks we’ve seen. We’ll explain.
Email Security Best Practices for Avoiding Common Threats
Email Security Best Practices to Avoid Cyberattacks Over Email
HIPAA & Media Sanitization: Clear, Purge, and Destroy
If you are subject to HIPAA (either as a Covered Entity or as a Business Associate), you may have heard that you have Media Sanitization obligations. Anytime you take a storage device (like a laptop with a hard drive) and dispose of it, sell it, or otherwise transfer it, you need to pause briefly to make sure you follow your media sanitization obligations. We find much of the material on this to be written in a way that is extremely hard for anyone but an IT / HIPAA specialist to understand, so we’re writing this article in plain language to cover some of the key points.
Protected Health Information: A Cybersecurity Perspective
If your organization has HIPAA obligations — either as a Covered Entity or a Business Associate — you’ve probably heard the term Protected Health Information. Often referred to as PHI amongst industry insiders, understanding this term is crucial to standing up a strong cybersecurity perimeter to honor your HIPAA obligations. Although your HIPAA obligations are a mix of privacy and security obligations (and beyond), here we’ll talk mostly about security of three particular types of information that are definitely a part of the patient records covered by HIPAA.
How to Create an Email Policy to Protect Your Company
Every company approaches email policy differently. It’s important for modern small businesses to understand key areas to include in an email policy and how to implement it.
The Dangers of Working from Home for Cybersecurity
Worried about the dangers of working from home for cybersecurity during the pandemic? Record numbers of employees are working from home for the time being, with a whopping 42 percent of the U.S. labor force now working remotely full-time. And as homes become offices,...