August 30, 2016 by The GLS Team
One of the worst-case scenarios a company faces is a data or security breach. Because of this, organizations go to great measures to protect their software, data, and sensitive information from outside threats. While doing so is necessary and a good business practice, it’s also important that companies protect themselves from insider threats. No one wants to think that they have an employee who would harm the business intentionally, but it does happen, so it is important to know the warning signs as well as how to protect your company.
What is Insider Threat?
Insider threat is defined by the National Cybersecurity and Communications Integration Center as a current or former employee, contractor, or business partner who has authorized access to an organization’s network, system, or data, and intentionally misuses that access to harm the confidentiality, integrity, or availability of information or information systems.
Some types of insider threats include:
Theft of intellectual property such as trade secrets, strategic plans, and other confidential information
Information Technology (IT) sabotage
How to Protect Your Company
Any type of insider threat mitigation program requires the support and involvement of senior leadership, and it is important that all members of your company or organization are active in the education and awareness required to prevent insider threat.
Recognize the Signs
There should be a baseline for normal employee behavior. This will make it easier for you to detect deviations in normal behavior. Here are some behavioral signs to watch for:
Passive-aggressiveness or rebellion
Inability to assume responsibility for mistakes or negative actions
Lack of empathy
Computer access or login times outside of normal hours, or an eagerness to work odd hours
Unexplained increases in wealth
Deterioration of job performance
What Insider Threat is Not
Sometimes an unhappy employee is just that. However, it is a good idea to monitor employees who are disgruntled to ensure that they do not cause problems by discouraging other employees or becoming increasingly unhappy themselves.
Additionally, the following procedures and training should be implemented in your business to help build awareness and education among your employees:
Mandatory training on how to use information and information systems properly and how to report incidents (Global Learning System’s Security Awareness Training is an excellent option.)
Training focused on social engineering, unintentional leaks, and social media safe practices so your staff learns how to protect information in the office and at home
Training that helps cut down on human error causing security concerns by improving your Human Firewall
Required Ethics Training for all employees
Global Learning Systems provides an entire suite of training products to address any type of security concern you have within your company. Companies must protect themselves from threats coming from both inside and outside of the business’ walls. By implementing an insider threat mitigation program, you could potentially save your business from financial and information loss as well as a ruined reputation.
August 26, 2016 by The GLS Team
Phishing is not new, but the tactics of fraudsters continue to evolve with technology. Personal data, such as usernames, passwords and account information remain at risk. When an attacker attempts to solicit sensitive information or money by posing as a trustworthy source via electronic communication, you become a potential victim of phishing.
Recent Phishing Scams
The tactics continue to change, making phishing a difficult crime to keep up with from a user perspective. One marker of scams is to reference, or play off of, recent breaches or events. This tactic often promotes the perception of legitimacy and feeds on the fear created by current events. A few of the recent phishing trends include:
- ID Expirations:These are texts claiming a phone ID has expired and the user is asked for his or her username and password; the phone’s owner is urged to confirm personal details before the contract is terminated.
- Tax Scams: The just finished tax season brought an onslaught of tax scams. Emails suggested to recipients that tax fraud occurred and that account verification was needed using the last four numbers of the Social Security Number.
- Death Threats: As horrible as it sounds, emails circulate warning recipients that they are targeted under a contract killing. Money will stave off the hitman, but not until after emptying the victim’s bank account. The victim is cautioned not to contact police.
- Bank Texts: Texts from “banks” that look legitimate ask users to visit a website. However, the bogus site then requires sensitive information to “verify” accounts. Other emails might request a return call to clear bank account issues; the callback number then routes to a fraudulent line.
Prevention is the key to stopping victimization of electronic communication users. If the fraudsters’ attempts prove unfruitful, the behavior will diminish. Areas of prevention include:
- Making people aware of scams, as well as teaching them how to recognize and deal with them
- Encouraging safe practices by modifying browsing habits, avoiding hyperlinks, and heading directly to the intended site by typing the web address into the browser
- Employing anti-phishing measures as features of browsers and software
Currently, however, the problems continue to grow. Although listing and staying current with all of the phishing scams might seem impossible, warning signs for detecting malicious intent exist. Be suspicious of:
- Requests for personal or sensitive information in response to email or text
- Requests for money
- Links or attachments in emails from unknown sources
- Links in any email source
- Emails from a familiar source that contain no personal information
Finally, be aware that even if all looks right, it might not be right. Attention to detail is crucial.
How To Protect Yourself
Be in the know! Educating yourself provides the greatest protection against victimization in the broad realm of phishing.
Know the Lingo
Often scam detection requires only one cautious read of an email or text. Discrepancies in the text can be bypassed due to curiosity piqued by the email. Look out for the following clues:
- Misspelled words and poor, even outright bad, grammar (Even one error should alert readers, especially if the source is a reputable business.)
- Rambling sentences or sentences that make no sense
- Wrong or suspicious factual information
- Lack of a personal greeting or reference (Often phishing correspondences begin with a generic greeting such as “Dear account holder” or “Good news dear.”)
- Flowery or stilted language
- Foreign language or character use
- Purposefully jumbled words (Intentionally scrambling words sets emails up to bypass spam filters!)
- Use of all capital letters, at least in parts of the message
- Typical scam words, for example “processing fee,” “tax” or “customs”
- Word choices that draw curiosity, for example, “confidential” or that evoke urgency, even panic, such as “deadline,” “act now” or “termination.”
Know the Face of a Good Email
Emails from allegedly prominent organizations and businesses might contain some personal reference such as your username or partial account number. The IRS, banks and credit card companies do not send emails or texts, nor to they contact through social media requesting money or sensitive information.
Suspicious emails purportedly from the IRS or associated agencies such as Electronic Federal Tax Payment System (EFTPS) require reporting to [email protected]. The same holds true for banks and credit card companies. Contact the institution directly to question or report suspicious correspondence.
Especially beware of emails claiming to be from Western Union, Moneygram or other big businesses such as Gmail and Hotmail. While the companies themselves are legitimate, they do not use addresses to solicit money or purchases in this way.
Know Where You Are Headed
Awareness with each click of the mouse protects users. Check the link destination before clicking. Shortened or slight misspellings in URLs indicate a misdirect to a potentially dangerous site. Hover your cursor over a link and the target appears at the bottom left of the screen.
Still, be cautious and avoid unfamiliar links; be watchful as you click around a browser. Not all browsers allow for verifying link destinations and some phishing tactics override this option.
The takeaway? Be educated. Global Learning Systems provides classes and products to arm yourself against phishing attacks.
August 23, 2016 by The GLS Team
The extent to which our mobile devices contain our lives should tell us of the need for mobile security. Just as we lock and secure our homes, protect our computers and click the key fob as we leave the car, the emotional and financial valuables within mobile devices require attention as well.
Awareness plays a vital role in securing mobile devices. While it’s true that an abundance of information is available on the web, Global Learning Systems specializes in raising awareness of mobile security issues and can help you prevent attackers from making real on possible threats.
Mobile Security Threats
Lost or stolen devices bring inconvenience, but also can mean the loss of sensitive information such as account numbers and confidential work. But, loss and theft comprise only part of the threat. Phishing scams, malware and spyware, Quick Response (QR) codes and unsecured WiFi networks raise issues as well.
But wait, there is more. The value of digital assets stored on mobile devices in 2013 was estimated at over $35,000. Still, over 20 percent of people remain unaware of cyber risks. Plus, 75 percent of smartphone users and 86 percent of tablet users do not protect them comprehensively.
If you are among those people not recognizing the need for mobile security, it may be time to listen carefully. Mobile threats are on the increase.
Mobile Best Practices
An uninvited guest roaming your house while you are away would be more than uncomfortable for you. The same holds true for your cyber home. You typically lock the front door of your house, so you should lock your device. Personal identification numbers (PINs) and passwords prevent unauthorized access. Do not store passwords and usernames in your browser or on apps. This practice leaves the door open for thieves to access your accounts.
Good practice includes locking your mobile screen and setting passwords and user privileges for any installed apps. Average thieves cannot bypass the locked screen protecting your information. Auto-locking features may prove annoying for some users, but are significantly valuable in mobile security.
Mobile antivirus installation protects your devices by detecting and stopping existing and emerging threats. These apps play the role of bodyguard for your device. Many free app options exist to protect phones and tablets from malware, viruses and hackers.
Be aware that not all in the cyber world has good intent. Shop wisely at reputable app stores. Research an app and its publishers before downloading any content. Privacy policies inform users of the access an app gains once downloaded. Use the privacy policies and look for the amounts and types of data the app accesses as well as what third-party sharing permissions are involved. These cautions can prove valuable in mobile safety. Review and use a rating aid in this research as well. The warning: If you are at all uncomfortable or nervous about the source, do not download.
While most sensitive information is not protected in this way, backing up data reduces the inconvenience of restoring the information or starting from scratch. Modern device capabilities simplify this process, even wirelessly.
Software updates sometimes can make us leery or seem inconvenient. But updates correct security gaps and ensure optimal protection. Also, tampering with the limitations of your device or software opens security holes. Leave the provider’s restrictions in place.
While shopping or banking, be sure to click “log off” when finished and before closing the browser. This practice shuts the door to thieves should your device be stolen. Also, be aware that unsecured WiFi networks put you at risk. Banking and shopping transactions should be left for networks with security measures in place. Public connections rarely provide protection. Perhaps window shopping remains the safest bet until a secure network is reached.
Know where you are going. Check site URLs before typing sensitive information, even passwords. This practice applies to banking and shopping sites as well as unsolicited text and email attachments. Shortened URLs and QR codes lead to potential danger. Turning off WiFi, location services, and Bluetooth capabilities when not needed closes yet another door to cybercriminals. Remember that unsecured networks can make your device a mark for thieves.
The fact remains that mobile devices are just that -- mobile. And, they can walk off in hands that are not yours. The cold truth tells that 3.1 million Americans were victims of smartphone theft in 2013. While inconvenient, your mobile device can be replaced. Unfortunately, data left in unsavory hands is what puts you at risk. So, what measures can you take when a device is stolen? First, implement the tips above. Second, most devices support a remote wipe feature through which you can erase your data upon giving notice that the device is missing.
There are several ways to accomplish this task depending on whether you use the Apple iPhone, Google Android, Microsoft Windows or others. Researching on the web or contacting customer service for your device can walk you through the steps. Global Learning Systems also provides services and courses addressing these issues, so contact us today!
August 19, 2016 by The GLS Team
Leaving your network unprotected is like leaving your doors unlocked. We need to think of the internet as windows and doors into our homes. If left at risk, perpetrators can sneak in and take what they want before we ever become aware. Unfortunately, the stolen information and damage left behind can be far more serious than a stolen TV. Fortunately, ways exist to secure your internet in the same way you can protect your home and your family.
Staying informed and acting on informed information goes a long way toward keeping your data safe. To assist digital users, Global Learning Systems offers products for and courses on internet safety.
Follow these five steps to establish a secure internet connection.
Put Up A Wall
Firewalls block unsolicited incoming connections, a valuable protection for your computer. Much like the fire-rated drywall in your garage, a computer firewall stops a virus (a “fire”) from spreading should it lodge in your system. Use the firewall on your computer or install a third-party product, and be sure to configure them correctly.
Install Security Software
While not foolproof, the best means of keeping your information safe on the computer involves listening to the advice of experts. Installing and maintaining security software is similar to equipping your home with an alarm system. Antivirus software protects your computer system from unknown attackers.
Encryption scrambles information over the internet to prevent the content from being deciphered. Choosing the strongest form of encryption that your devices support provides the best protection for your data. Another helping aid is not to name networks with words that tell something about you, your personal life, or divulge your geographic location.
Maintain Current Software And Updates
Using a secure, supported operating system and updating software keeps you protected. Software updates identify and correct security issues. Left unpatched, these problems could allow attackers to find gaps in your computer security. Updating, even allowing automatic updates, protects you.
Set Guest And Internal Networks
Creating two accounts enables guests to use your connection without access to personal files. Think of it as letting your guests sit at your table, even sleep over, but not giving them the freedom to explore the file cabinet. Guest network passwords require simplicity to be user-friendly, but should change regularly to block unwanted access and bandwidth drain.
Once you have taken the proper steps to secure your internet connection it’s imperative that you take the necessary steps to stay protected.
Practice Password Know-how
The strength of your password protects accounts. A reasonably long combination of letters, numbers and symbols guard against password fraud. Personal or business names should not be used in passwords. Also, changing passwords regularly further protects your information.
Password security also includes varying your passwords. A breach at one site leads to at-risk accounts across the board if you use the same login. Commercial password managers can help you track your passwords and reduce the inconvenience.
Finally, and most importantly, do not share your passwords!
Handle Sensitive Data Sensitively
Sensitive data by definition should be handled with care and consideration. When creating files, avoid labeling with Social Security Numbers or data specific to a person. Limit user access to information that each employee needs to do the job effectively. Access to unnecessary sensitive data presents risks.
Be On Guard
Employees should be made aware of ways to guard against internet security breaches. The behavior of employees on company devices and in the office may put your business at risk.
Limit Information Shared
One primary means of securing your data involves limiting the quantity and quality of personal information you share over the web. Attackers cannot access what was never put out there. This includes social media such as Facebook!
Be Alert To Scams
Phishing is a criminal activity in which attackers gather sensitive information through email. Be aware that banks and credit cards do not request personal information through email. Be sure to question claims of this kind. Contact the institution directly, not using any link in the suspicious email, to confirm the email and always log in to the company’s site directly.
Avoid The Unfamiliar And Random
Like a lesson about “stranger danger” would teach a child, it is important to understand that you only should download and run software from reliable software companies or official company sites. The same holds true for emails and attachments. Do not open attachments from unfamiliar senders. Also, avoid random links as they may take you to other places with harmful consequences. Verify all links and emails before clicking by checking with the purported company through its official website, or phone it.
Stay Away From The Pirated
Pirates are not known for their stellar reputations. Pirated or cracked software carries significant risk with its shady reputation as well. Malicious programs hidden in unauthorized software wreak havoc on computer systems. Make sure you trust the distributor before downloading.
Getting Information Back
Once information enters cyberspace, retrieval is not easy. You can take steps to delete it yourself from the internet, but those steps are not for the faint of heart or technologically insecure. Tenacity is required.
If the damage might already have been done, Global Learning Systems can help to educate you in preventing future situations. It offers courses, training and products to bring companies to awareness in secure internet protection.
Closing and locking the wireless access points of your business may seem an impossible task. Gather information. Act on what you learn. That way, reasonable protection of secure data will lie within your realm of possibility.
August 16, 2016 by The GLS Team
Email is practically a universal way of communicating — especially within companies. However, that doesn’t mean that everyone knows how to use electronic mail correctly or safely. When your employees know the best practices for email safety, that knowledge can go a long way in safeguarding your company. It is up to company leaders to teach their employees how to handle their email responsibly, and with these tips and coordinating courses from Global Learning Systems, you’ll have a good start in making sure your company’s email practices are secure.
What are some best practices for email safety?
The best place to start in securing your workplace email is in educating your staff on the basics of email safety. While some of these tips might seem like common sense to most people, you cannot assume that all of your employees will follow these practices.
Do not share confidential information
Chances are your workplace is not using encrypted email. Since emails pass through a variety of servers on their way to the recipient, anything sent unencrypted is at risk of being intercepted by hackers. You should never send the following information in email:
If your business’ email gets hacked and the hackers retrieve sensitive client or company information, you could be facing major financial and legal issues. If you do need to send private information through the internet, be sure that the message is encrypted. The best way to do that is by putting the information into a file and compressing the file into a password-protected, encrypted .zip archive file. Then, email that file to the recipient.
Do not use any illicit or inappropriate language
Business email etiquette, and professional etiquette in general, dictates that you conduct yourself with professionalism using email correspondence. If employees are using language that is too casual or inappropriate, it reflects poorly on your business and leaves a bad impression on the recipients, which could hurt your company. Depending on the recipient, emails containing illicit or inappropriate language may be viewed as a form of sexual harassment, which could open your company up to costly lawsuits.
Some staff members might be in the habit of writing emails in the same manner that they would speak. If that’s the case, they should be encouraged to write in a more formal tone. One surefire way to ensure the email is written in a professional and friendly tone is to re-read it several times before clicking “Send.” Alternatively, the staff member could ask another trusted employee or manager to check the email for appropriateness. If employees continue to use inappropriate language in their emails, you might need to take disciplinary action. Depending on the severity of the offense, you can start with a written warning and move up to probation, suspension, and possibly termination if the problem behavior cannot be solved.
Global Learning Systems offers an Ethics Training course that covers areas in your company that might be an issue; the course also helps reinforce professionalism in emails.
Double-check email recipients before clicking “Send”
One of the most important things to do before clicking “Send” on both personal and business emails is to check the email address of the recipient. For business purposes, you never want sensitive information falling into the wrong hands or accidentally share client information with the wrong person. A common way that this mistake happens is by typing in a first name and choosing the wrong recipient from the pop-up options.
Fortunately, if you use Outlook for company emails, you can set up a rule to defer emails for a couple of minutes to prevent any “oh no!” reactions after sending an email. This trick is especially useful if you have contacts with similar names, as it will give you a second chance to double-check the recipient.
If employees are following the first two guidelines and not sending confidential information or inappropriate language, sending an email to the wrong person probably won’t do too much damage. However, if something inappropriate or confidential does get sent to the wrong person, it is best to confront the issue head-on and notify the recipient immediately.
How can Global Learning Systems help?
Email issues are a common problem in businesses, and when employees are not following company email procedures, it can potentially do damage to your business’ finances and reputation, as well as cause legal trouble. Keeping your employees educated and up to date on company policies and procedures through training courses is an excellent way to prevent problems regarding email use from occurring.
Global Learning Systems offers an on-demand learning management system that allows you quickly and easily to create, deliver, and track training for your employees. You’ll have access to all of our custom and off-the-shelf courses, including email-related courses such as phishing awareness and training, ethics training, and more.
By providing consistent and relevant training to your employees, you can ensure that your staff is using the best practices when it comes to email safety.