1-866-245-5224 info@globallearningsystems.com
Tue, April 25, 2017 Twitter LinkedIn

Compliance Training Blog

Security is everyone's responsibility

GLS Wins SC Magazine’s Best IT Security-Related Training Program

Global Learning Systems Wins SC Magazine's
Best IT Security-Related Training Program
Security Awareness Training Program is Professional Award Winner

Feb. 15, 2017

Global Learning Systems (GLS) — an online custom elearning, security and compliance training company — won SC Magazine’s 2017 professional award as Best IT Security-Related Training Program. What made GLS stand out among its competitors was the “quality and diversity” of its programs, along with its “focus on overall client satisfaction” and “measuring success using its products and services,” according to the magazine. The award was presented during the 21st annual SC Awards Gala on Tuesday, Feb. 14, 2017, produced by SC Media.

GLS President Larry Cates said: “We are honored to receive this award from an esteemed publication like SC Magazine. We are pleased that the industry is recognizing the value of the GLS Human Firewall program to raise user awareness of today's cyber security threats and create a positive behavior change environment for our customers.”

Last year GLS was also one of five finalists in the same award category. The individuals, programs and teams selected as winners in the Professional Award categories are run through a rigorous judging process that includes testimonials, industry assessments and additional research. Winners in the Professional Award categories were hand-picked by a panel of judges for their outstanding service, qualifications and advancements to the cybersecurity industry.                                                            

GLS prides itself on its ability to provide not only a flexible consultative approach for its clients, but also as SC Magazine notes, “a comprehensive suite of 40 targeted end-user courses and modules designed to educate and drive positive behavior change within an organization.” The company’s Security Awareness Training (SAT) program includes specialized courses geared to the requirements of each client’s needs, whether it be to educate and train users, test and assess progress, provide ongoing instruction and best practices, or offer more advanced programs to targeted groups.

Professionals can choose from a full spectrum of tools to protect information, including email and internet safety, mobile security, identify theft, physical security and phishing/social engineering. GLS’ Anti-Phishing Essentials Training and role-based courses are particularly in demand.  

The SC Awards are recognized throughout the cybersecurity industry and are the crowning achievement for IT security professionals and products. Each year, hundreds of applications are reviewed and narrowed down to a select group of finalists that represent the best solutions, services and professionals working around the clock to protect today’s businesses from an ever-changing landscape of security threats.                                                            

GLS is an award-winning eLearning and blended-learning solutions provider with over 25 years’ experience offering off-the-shelf and customized learning programs.

866-245-5224 or 410-800-4000
Monday — Friday
8:30 a.m. to 5:30 p.m. (EST)


Connect with us on our blog, Twitter and LinkedIn to receive security and compliance course updates, industry news, network with security professionals and more.


Newest Phishing Scams

As time marches on, we are going to be ever more vigilant about cybercrime, which is quickly overtaking the nation as a leading cause of economic crime. High on the list of cybercrime methodology is Phishing, in which a fraudster posing as a trustworthy individual, attempts to gain sensitive or confidential information from another individual using electronic/digital means.

Enter the Newest Phishing Scam

Ironically, as we enter the first quarter of 2017 and embark on tax season, the national news is awash with warnings of cyber criminal activity — notably a virulent form of phishing that appears to be sweeping the country. It is so prevalent this year that the Internal Revenue Service has issued an alert about a new threat that involves workers getting emails purportedly from their employers that ask for W-2 information and other personal data such as Social Security Numbers.

Armed with this information, the cyber thieves file for refunds in the name of their unwitting victims. The scam reaches up to the levels of senior management in companies, who themselves also receive requests for this information from what they perceive as their top management officers. All the requests are couched in the form of familiarity and the "feel" of the actual management official, making the mail look very real to recipients. This tends to throw recipients off guard and have them believing the request is valid.

Ironically, this increase in phishing scams is thought to be a result of success in the consumer arena in combating point-of-service (POS) crime with the new chip technology. Foiled at the counter, the cyber criminals reverted to increasing their attacks online, and have been largely successful. According to ABC World News, for example, in 2016 approximately 22,000 people were victims of this new approach, and some 3.2 billion dollars were lost.

Damage That Unchecked Phishing Can Do

A prime example of the huge damage that phishing can do is seen in the email "scandal" of Hillary Clinton's campaign when the email of the candidate's campaign chairman, John Podesta, was hacked. In early 2016, an email carrying a warning that his password had been hacked landed in the "Spam" folder of the chairman. It looked every bit like a valid Gmail warning, and consequently after a user clicked the "Change Password" link, the door was opened to 60,000 emails being hacked by what we now know were Russian civilian and military intelligence services.

Digital Safety Requires Vigilance

Phishing was one of the earliest forms of scamming and cyber criminal activity, and apparently it has not lost its charm for cyber miscreants who are never at a loss to come up with new twists and turns in the scam to part victims from their money. This makes it incumbent on consumers in all areas to increase their computing protection and vigilance.

Global Learning Systems (GLS), one of the leaders in the field of security and compliance, provides a path to safety amongst the treacherous shoals of cyber criminal activity. GLS' PhishTrain product — a phishing exploit testing Software-as-a-Service (SaaS) platform — ensures that your company won't be vulnerable to cyber attacks by training, testing and assessing employees' ability to combat the attacks. This product is integrated with its OnDemand Learning Management System (LMS); it enables your organization to simulate an attack, and intervene with just-in-time training. It then automatically enrolls users in different levels of anti-phishing training based on their reactions to various Phishing threats.

Advantages of using PhishTrain include a tripartite unfolding of the product in which simulated exploits that look identical to real malicious threats are pushed to users. If the user falls for the simulated phish, he or she is moved to a page explaining the dangers of that action. Depending on the behavior of the user, he or she is guided to one of several options that will help change the behavior of the user. In the third phase, administration is provided with custom reports outlining facets of the user's behavior, which enables managers to remedy deficiencies.

GLS will be participating and providing demonstrations at the RSA®Conference 2017 from February 13 through 17 at Booth # 619.

As 2017 moves on, keep in mind some elementary protection against phishing:

Scrutinize emails to make sure they are legitimate. This includes checking  the email for anomalies such as misspelled words, grammar errors, non-personalized introductions ("Dear Customer," "Hi," "Hello," etc.), or threats/urgency in moving on the issue.
Check the sender's actual web address by hovering or resting (NOT clicking) your cursor on the web URL to see if it differs from the purported sender address.
Look to see if the email is from a popular company or one with which you deal (for example, Microsoft®, Gmail, an internet provider, etc.), as these companies' popular names are often used as an entree into a scam.
Beware of "too good to be true" news, such as a prize winning, lottery or sweepstakes. These hooks are often used to bait users.
Be cautious about succumbing to "scareware" or rogue security software scams, which purport to be good protection software against cyber criminals, but is in actuality the very hook that lets them in!
And last, never click a link in any unsolicited email; go to the internet instead, find the company and check with it to see that the email is valid. 




We’ll be exhibiting at booth 619 in the South Hall and look forward to seeing you.

We are scheduling demos and meetings so if you or anyone from your organization will be attending the conference, we would look forward to coordinating a time to meet one-on-one.  

Book a meeting in advance!




Take advantage of our special exhibitor discount when you register for RSA Conference 2017. Use code XE7GLLRSYS for $100 savings or a Complimentary Exhibit Hall Only Pass.  Be sure to visit our booth when you’re at the Conference!


How to Use Two-Factor Authentication and Why You Should Use It

Do you want to reduce the risks of your customers' sensitive information like stored credit card numbers to get hacked? Assuming you said yes, then for the greater good of your organization's security and integrity you need to jump on the two-factor authentication bandwagon. Both businesses and customers have grown accustomed to  laziness with passwords when they should be stronger, but simply telling your customers and staff to set up strong passwords isn't enough to deter hackers. Two-factor authentication isn't a magic bullet solution, but it can ​help make your data more secure.




What is an Authentication Factor?

Authentication factors are types of credentials used to verify your identity. There are several independent categories of credentials, but here are the three most common types of factors:

Knowledge: You know or memorize this factor. The most common modes are passwords and PIN codes.

Possession: A physical token like a key, card, or device. You need to have this token to proceed.

Inherence: What you are. This is really biometric authentication, where something uniquely belonging to your body is used to confirm your identity. It can be fingerprints, retinal scans, facial recognition, voice patterns, DNA samples, or other biological means of verification.   

What is Two-Factor Authentication?

Two-factor authentication (or 2FA) is a security process that goes beyond a simple password. It requires that users provide two means of identification. Most commonly, 2FA entails one factor being a physical token (think of swiping a key card at a gym or hotel) while the second factor will be a password or code. Basically, one factor is something you have and the other factor is something you know. Swiping a debit card at a store is another example of 2FA because you need to physically swipe your card, then enter your PIN code. You have the card, and you know the PIN code.

However, you can use any type of credentials in 2FA. Single-factor authentication, on the other hand, is what most people use day-to-day such as a single password to open their email, social media account, or wifi network where the only credential required is a password. Logging into a bank or credit card account is another form of 2FA that is essentially two passwords, because these institutions will want both a password and an answer to a question like your hometown or the name of your favorite teacher.

In the wake of their massive data breach, Target adopted the use of PIN numbers with their store credit cards to make customers feel more secure. Email providers have also began to enable 2FA in the form of extra passwords, codes, and even facial or voice recognition as it would be difficult to use a physical card to log into your email.

For keeping incredibly sensitive data secure, you may want to employ multiple-factor authentication (MFA) which is essentially the same as 2FA, but it uses more than two factors.

Is 2FA a Fail-Safe Defense from Hackers?

While 2FA and MFA are excellent methods of keeping your data secure, it does not wholly prevent breaches from happening. You still need to educate your employees on security procedures and proper handling of tokens and data. 2FA does significantly reduce risks compared to single-factor authentication because there is simply more for hackers to get around. However, risk is still present from both the attack surface as well as the fact that most people are employing knowledge factors opposed to inherent or possession factors.

Global Learning Systems can help you design a custom 2FA solution for your business and educate you and your employees on 2FA effectiveness, so that your customers can have peace of mind. Contact us today!


How Your Business Can Benefit From SecureGenius™

Keeping your sensitive data safe from hackers and internal threats is one of your top concerns in running your business. Even if you have skilled and conscientious employees and a training program in place, they still need to be kept up to date on security skills. A workplace that has regular training and education opportunities also fosters a culture of learning which helps make your organization more competitive and innovative. For security purposes, key concepts should also be covered at least once or twice a year. But you don't have all the time in the world to retrain employees on your own, or have middle management take time out for assessment and training of skills gaps. If your business is home to a great deal of data that needs to be kept secure at all times, SecureGenius™ is the solution for turning all of your employees into a Human Firewall®.

Why You Need Periodic Security Skills Assessments Through SecureGenius™

  • More acute awareness of mitigating enterprise risk. Risk management is one of the primary goals of IT and information security skills assessment. Technological and regulatory risk changes so much in the course of just a year. Since SecureGenius™ trains your employees multiple times throughout the year, we educate your best and brightest to stay one step ahead of hackers.

  • Efficient and tailored education solution for employees of all skills levels. When setting up training programs in-house or using a "pre-packaged" outsourced training module, it may be too prefabricated for all of your employees' skills levels and needs. With SecureGenius™' on-demand library, you can customize your training program based on skills gaps or other criteria.

  • Our experts can design a training plan for you after assessing your staff. You may be unsure what an information security assessment should contain and what type of assessment is best for your organization. We create and manage the plan for you so that you and your management team can focus on running and growing your organization. Whether you need a general user or role-based training, our instructional design team can create a custom SecureGenius™ plan at any stage of the training cycle that best fits your organization's needs.

  • SecureGenius™ isn't just a test. Once one of your employees completes an assessment, they can immediately view the results and get links for related educational content based on areas that they tested poorly on. By receiving a visual cue to do this right away, this allows your employees will immediately follow up on addressing these skills gaps.

  • SecureGenius™ works at any point in the training cycle. SecureGenius™ assessments can be done prior to any training to determine security awareness knowledge and can tailor the program to your organization's needs. Our assessments can also be done within the training program to gauge skills gaps and how it is affecting your staff's knowledge and awareness. SecureGenius™ assessments can also be a "final exam" at the end of the training cycle to demonstrate that your staff has increased their knowledge in security best practices.

Whether you need a year-round information security update solution, one-time refresher courses and video training, or onboarding assessments Global Learning Systems has the right solution for you. Call us today to see what SecureGenius™ can do for your business and have peace of mind that your employees are receiving quality security awareness education.