March 09, 2016 by The GLS Team
Thank you to all who made RSA 2016 a success for our team. We enjoyed each conversation with information security leaders from organizations across the globe. Thank you all for your interest in partnering with our team to strengthen your human firewall® with award-winning security awareness training programs. Here is our RSA 2016 “highlights” video, starting with an interview on Ransomware with our CEO and President, Larry Cates.
If you have trouble viewing the video in the post click here. If you missed us at RSA this year but are interested in a demo of our security awareness assessments, PhishTrain platform, or courses, let us know!
March 08, 2016 by The GLS Team
Cybersecurity is the top priority for most businesses who store digital files and information on their computers. The problem is that new viruses and other security threats are constantly appearing - and among these is ransomware, one of the fastest-growing forms of malware. According to the FBI, ransomware costs businesses, individuals, and organizations over $1 million every month to remove - and many times, it often comes at the cost of users’ files and data. Thankfully, there are ways you can avoid falling victim to this malware by taking a few steps towards threat assessment and data recovery.
What is ransomware?
Ransomware is a type of malware that infects users’ computers and takes their files hostage, encrypting them and preventing the user from accessing documents, photos, music, and other digital information stored on their computer. Unless the user pays a ransom by a specified time, the affected files are impossible to decrypt.
One of the most well-known ransomware types is Cryptolocker, which was brought down by a Department of Justice investigation in 2014. According to Today Money, a computer infected with Cryptolocker can demand around $500 for the user to regain access to his or her files, with the figure rising to $1,000 as the countdown approaches zero.
According to a report from Forbes, ransomware incidents have been increasing in recent years and the malware has even targeted organizations such as police departments, which have been forced to pay ransoms to receive their files.
How does it happen?
This attack begins when a user clicks a link or attachment in an email, text message or malicious website and downloads the malware to his or her system. Ransomware creators are notorious for crafting realistic-looking emails; you might think that an email is from your bank or from the IRS, when it is actually a trap for downloading ransomware. Once a ransomware virus has been installed on your computer, it can be removed, but there is nothing you can do to recover your files aside from paying the fee (many times in the form of Bitcoin).
How can you prevent you and your organization from falling victim?
Although ransomware is one of the most subversive and persistent forms of malware, it is also one of the easiest to guard against - mainly, by backing up your files. If hackers can’t claim exclusive access to and control over your documents. As a result, making copies of your files (backing them up) in the cloud or in an external hard drive is the best solution. The only caveat is that if the hard drive is connected to your computer, it can be infected as well - so make sure to disconnect when opening emails. Using antivirus software that specifically looks for ransomware is another way to detect this form of malware and get rid of it before it becomes a problem.
Another way to prevent yourself or your business from falling victim is to know what to look for and avoid opening emails or downloading attachments that are likely to contain ransomware. Do not download attachments that look suspicious or are from anyone that you do not know; the same goes for clicking on links and advertisements. We at Global Learning Systems offer a security short training video for organizations wanting to educate their employees on how to recognize and avoid ransomware attacks. Contact us today!
March 07, 2016 by The GLS Team
As we end the first quarter of 2016, this is a great time to think and reflect on the security measures you took in 2015, how they can be improved, and what you’re doing to implement any improvements this year.
Everyone on your team should know how important passwords are. When your password is weak, the business that relies on you to protect information with that password can be hurt.
There is a lot of science behind the art of secure passwords, but most of the most important information you need to know is common sense. Don’t make your password a version of your name, or a play on your birth date. Don’t use your social security number, or anything that you frequently write down. Randomize your passwords: don’t go in the order of your keyboard characters (i.e. “qwertyuiop” or “1qaz2wsx”).
Here are a few specific ideas on how to strengthen your accounts, from the security experts:
- Longer is better. Your password should ideally be above 12 characters.
- Skip the alphabet. The more characters you use outside of the standard 26 “A-B-C’s,” the better. Capitalization and punctuation matters as well, so mix it up as much as you can. The more unexpected your key combinations are, the stronger your password will be.
- Change it up. Make sure that your passwords are different for different sites. Especially when access means that sensitive information can be compromised, your passwords should be entirely unique.
- Going Beyond the Password: Beyond password safety recommendations, it is important to enable two-factor authentication when possible. For example, Google texts you a unique code every time you log in, so even if your password is stolen, the attacker cannot access your account without that text message. Some systems and devices also have security questions or fingerprints as multifactor authentication options. When these options are available, use them.
Avoid the “Worst Passwords”
Every year, TeamsID releases a list of the “worst passwords” on the internet, and the entries are usually similar with subtle changes. Every year this lists reminds us of two things: plenty of people don’t feel the urgency to create strong passwords, and people aren’t changing their passwords, even after years of this list coming out.
Here are a few of the “worst” passwords that people are still using on the internet to protect their security:
Here are some of the new “worst passwords” on the list:
As you can see, many of the “worst” passwords that make lists like this are comically bad (adding onto the thread 123456 with a 7890, doesn’t improve the security). But even silly passwords like “password“ demonstrate something important. Most people don’t take password security seriously enough, and don’t think about how big of an effect something as small and simple as a bad password can have.
It’s easy to make passwords that are long enough to be secure, and to remember to change these passwords regularly. There are also secure password storage systems to help you remember and easily store all your different passwords.
By taking simple steps, you can help enhance the security of yourself, your team, and your company. So, resolve to be more secure in your digital life, and remember our tips for improving your passwords!