Training employees on phishing attacks.

Breaking Down a Phishing Attack

Dearest Reader,

You’ve caught me at a very critical moment. It is in both of our best wishes for me to extend a lucrative business opportunity forward to you. My name is Prince Obviouso Phishingscamman. My father, King Blantanto Phishingscamman has tucked away his massive fortune of over $15 million. Unfortunately, the wicked Fakemenistan regime has locked him away for good, with bail set at $3 million.

However, with your help, I can exploit a loophole where I can send money overseas to you. I received your email address from a very reliable source so I know you can be trusted. Once my father is free from his prison, I will send the remaining $12 million to your bank account as a show of good faith. All I require is for you to open an bank account within our borders. It will require a small fee of $500 and some information of yours.

Please make the haste. I am looking forward to working with you in the near future.

The most regards,

Prince Obviouso Phishingscamman

What Just Happened?

If you’ve been around for more than 20 years, you’ll probably recognize the format of the “email” above as the classic Nigerian prince email scam. While it seems far-fetched, many people fall for this kind of email all the time. It’s known as a phishing email, named aptly so because it tried to “phish” for information by getting you to spill the beans willingly. In fact, 91% of cyberattacks and resulting data breaches begin with a phishing email.

Let’s take a look at some of the signs that shouted “phishing scam” in the email above.

1st Sign: Your Email

I received your email address from a very reliable source so I know you can be trusted.”

The chance of someone stumbling across your email is low. The chance of them getting your email from a faraway foreign land where you have no ties? Even lower.  These cybercriminals typically use sophisticated tools to harvest email addresses from the internet. They also purchase lists that contain many thousands of email addresses. Once they’re ready with the email, they send it out to everyone they can.

2nd Sign: The Spelling

“All I require is for you to open an bank account.”

It’s not a rule set in stone, but emails from phishers often come filled with typos. The sentence structure is sometimes fragmented, and they don’t always get their point across clearly. This particular email wasn’t really poorly written (aside from the occasional and purposeful spelling mistake here and there), but some phishing scams can be absolutely flawless.

3rd Sign: The Catch

It will require a small fee of $500 and some information of yours.”

As with any scam, there’s a catch. Phishing emails will always require more information from you. In this case, the scammer asked for money and information, which happens often. Sometimes, the criminal is more patient; they don’t ask for anything on the first email or so, but if you respond to them and keep the conversation going… things begin to get dicey. They build a huge backstory, complete with numbers that you can call and businesses that you can look up.

In other words, the longer the communication goes on, the harder it is to break away from it.

Defending Against Phishing Scams through Employee Training

So what is the best way defend against these emails? Time and time again, studies have shown that employee training is the way to go. When employees know what to look out for, they can identify and flag the phishing attempts without putting your company at risk of a breach.

You should train your employees by showing them real examples of phishing attacks. Some companies go as far as to employ people to run a “friendly” phishing attack on their business to see who falls for it.
If you’d like to learn more about how we can help increase your employees’ security awareness, reach out to us today. Our comprehensive network security plans will ensure that both your company and your employees alike stay protected against any cyberattack that comes your way.

End User Security Tips

6 Helpful End User Security Tips

Cybercriminals are tricky fellows. They try their best to sneak into your organization’s network and wreak havoc. Often, their goal is to steal your company data and hold it for ransom. From an IT department’s perspective, there are many things that can be done on the system level to prevent such cyberattacks. You can upgrade to a newer firewall, utilize different anti-malware programs, and deploy network monitoring tools, among many other things.

 

But in the end, the cybercriminals aren’t targeting the hard-to-crack IT department.

 

They’re targeting the end users.

 

It makes total sense; end users don’t have the technical know-how to spot malicious attacks. They are by far the most likely to be in direct contact with cyberattacks, and they’re the ones most likely to interact with the attackers. Statistics show that 30 percent of phishing emails get opened. With so many end users dealing with these cybercriminals, you must ask yourself:

 

Are you training them well enough to deal with these attackers?

 

It’s vital to have employee training to minimize the risk of attacks affecting your company. We’ve compiled six helpful end user security tips to guide them to better security practices for your company.

1. Lock It Up

Many people simply get up from their computer and walk away. That’s an open invitation for someone to jump onto it and do whatever they want. Instead, make it a habit to teach employees to lock their computer every time that they move away from it, and adjust their automatic lock setting in case they forget. If your car is full of stuff, you definitely wouldn’t leave it unlocked in the middle of a busy street.

 

Why wouldn’t you do the same for your computer?

2. Open Sesame

A no-brainer, but it still needs to be mentioned from time to time. Picking a good password is critical to securing your data. In a similar vein, leaving your password on a sticky note near your computer is a big no-no. Literally anyone can walk by and access your data.

 

Stop doing that.

3. Triple-Double Check

Why is the CEO of your company asking for your bank information and social security number? They shouldn’t do that, and you know that. Often times, they aren’t even the ones asking. They may be the victim of email spoofing or may have had their email compromised entirely. Always call or contact the person (or their assistant) directly to double-check for legitimate requests.

 

A simple phone call can save everyone from a massive data breach.

4. The Latest and the Greatest

Software updates contain patches to security holes. Keeping your software updated to the latest edition is your best bet for keeping cyberattackers away from your data. If you don’t have administrative rights on your computer, let your IT department know that you need updates.

 

Better safe than sorry.

5. Easy on the Downloads

When you download things, especially programs, you need to make sure that they’re completely safe. Installing a malicious program on your computer could spell doom for not just you, but anyone connected to your computer on your network. When downloading files, make sure that they come from a trusted source.

 

Don’t get your download privileges removed.

6. Check That WiFi

Often a company will allow their employees to connect to an office WiFi network. This network is typically secured and comes with various built-in security protocols. Malicious cybercriminals can (and will) create open WiFi networks with a similar name as the real one. This means that you might connect to their network, which would allow them access to all of your data on the connected device.

 

Don’t give hackers your data through WiFi.

End User Security with Diverge IT

So there you have it. Six perfectly good security tips to help your end users navigate the dangerous internet a little bit better. With those tips in use, you’ll see greatly reduced numbers of successful cyberattacks.

And if you thought those were useful, you should see what we can do for your company. Reach out to us and we’ll work out a detailed security plan that will keep your business more protected than ever before.

information security analysts consulting

Top Threats an Information Security Analyst Protects You Against

There are many, many threats out there in the cyber world. And it’s not just hackers. Some threats can come unintentionally from an accidental click on the wrong link. Your network is precious and carries vital business information, so these risks can be extremely damaging and potentially destroying if the power falls into the wrong hands.

With the rise in data breaches taking a hold of businesses all over the nation, your company needs an information security analyst now more than ever.  

An information security analyst is trained to protect your network against dangers such as malicious hackers and virus threats. They are always researching and staying up to date on the latest IT news, gadgets, compliance and legal regulations, and hacking methodology. They also take it very seriously to promote security awareness within your company. You won’t find a more reliable source of IT security anywhere else.

Information security analysts take a variety of measures to keep your top-secret, personal information safe from outside, and inside, threats. Some of the main ways we do this are through:

  • Risk and Vulnerability Assessments – These scan your network and illuminate any weak points that may be increasing the amount of risk you’re at. This makes it easier to quickly address and strengthen what needs to be.
  • Defense Planning – This consists of installing protections such as firewalls, site blocking rules, and data encryption.
  • Establishing a BDR Plan – In case the worst happens and you don’t have access to your information on-site anymore, information security analyst will make sure your data is always backed up and protected at an alternate location so that you always have a copy of your data somewhere.
  • Constant Monitoring – If any of your systems or applications ever need upgrades, an information security analyst will make sure to get it done so that you are always performing at the best of your ability with minimal risks.

Here are Some of the Top Threats an Information Security Analyst Protects Against

The Internet of Things

The Internet of Things, or IoT, is a phrase that refers to devices connected through the internet that can also communicate with each other. This can include anything from printers, televisions, refrigerators, security systems, phone, smart watches, and anything else accessible via the internet. Gartner predicts that by 2020, there will be 50.1 billion internet-connected devices.

Why is the IoT a threat? Well, all of these additional devices create more and more access points for hackers to target. If all these devices are connected to your company’s network, this puts your network at an even greater risk. This makes it even harder to implement a concise and effective security strategy to properly protect everything your network needs. 

This is when our information security analysts step in. With our always current knowledge and dedication to your specific enterprise workflow, we will be able to assess your network and determine which systems to implement to protect your network and your devices.

Viruses

Sometimes, you catch a virus by total accident. Maybe you’re browsing the internet and you see an interesting article title, so you click on it. It didn’t look suspicious to you, but suddenly, all these windows start popping all over your screen and your eyes widen in horror as your realize what you’ve done.

An information security analyst can protect mistakes like this by implementing certain site-blocking measures. This precaution will automatically block work computers from viewing sites that aren’t the safest. It’s better to be safe than sorry.

Hackers

Of course, we all know about this threat. Hackers are malicious, ruthless, and cunning. They can damage your reputation, make your clients lose trust in your, and cost you hundreds and thousands of dollars. However, our information security analysts are ready. Because of our extensive knowledge and experience, we know how hackers think, and we know how to best them.

Protect Your Network with Diverge IT

At Diverge IT, our information security analysts are experts on fighting the toughest battles of the cyber world. Any of the above threats won’t stand a chance. Protect your network by contacting us today.

two guys consulting

Why Hiring an Information Security Analyst is Right for Your Business

There are a lot of things that can be bad for your business. Hiring unqualified people, neglecting important tasks, not paying your bills, letting your data be easily accessed by anyone… the list goes on and on.

However, there are also a lot of things that can be good for your business, one of which is an information security analyst. With all the threats out there in the cyberworld, you need someone who really understands network security and what could possibly threaten it. This level of expertise is a huge advantage an information security analyst can bring to your business.

What is an Information Security Analyst?

An information security analyst is like that friend you had in school that knew everything about your weakest subject and would always study with you and help you ace that course. However, the subject now is security, and the test is whether your information will survive a hacker attack.

As the name suggests, an information security analyst is a professional that will analyze the security of your business data. Then, they will strategically monitor your network for any security breaches or abnormal behaviour. Because they we will know your network and its data from the inside-out, whenever something weird pops up, a red flag will immediately flash in their minds and they will address it immediately.  

And when we say that your security will be in the hands of the best, we mean it. An information security analyst doesn’t earn that title just like that. Usually, these experts have a degree in computer science, programming, or a similar field. They also may be required to earn certain certifications at the job.

How Exactly Does an Information Security Analyst Protect Your Business?

At Diverge IT, our experts will protect your critical assets against threats, outages, and losses with proactive network monitoring, 24/7/365 support, and the implementation of various security applications such as Firewall, routing supporting, and site blocking abilities. We will also:

  • Run risk assessments to discover any areas that need strengthening
  • Establish a network disaster recovery plan in case the worst were to happen
  • Train your staff on network and data security best practices
  • Constantly upgrade your network with the most up-to-date solutions and services

Hackers are getting smarter by the day, but no matter how smart they get, they are no match for the expertise and skill of an information security analyst. Hiring our security professionals will always be a right for your business. If you would like to discuss this more in detail, get in touch! It’ll be one of the smartest choices you’ve ever made for your business.