May 26, 2017 by The GLS Team
Webinar GLS May 25, 2017
Phishing — Exploit of choice for cybercriminals and what can be done about it
Global Learning Systems (GLS) hopes you enjoyed and profited from our webinar on Wednesday May 25, 2017, and would like to provide you with an overview of the session if you attended, and a summary of it if you were not able to do so.
Two co-presenters welcomed participants to the webinar.
Keith Murphy, product manager for GLS’s popular security package PhishTrain™, opened the presentation and provided details on his background, which includes close to 20 years in product development. He described PhishTrain as a “dynamic phishing simulator that is integrated with the GLS portal and helps to enforce the awareness level of clients and end users through a variety of testing.”
Co-presenter Jeff Bernstein, currently a managing director of T&M Protection Resources in New York, which is a global provider of security consulting solutions focused on “protection of people, property and information.” He said in his role he helps “oversee and help clients’ overall security postures,” through “the delivery of tactical and strategic information for security assurance, response, compliance and training programs,” noting that his firm has partnered with GLS for four years, and closely aligned with GLS for seven years.
Murphy provided an overview of GLS, which has 30 years in learning and development, and 16 years as an award-winning InfoSec partner. The company offers a comprehensive security and compliance product library, a robust cloud-based learning management assessment and phish-testing program, and custom learning development and program management services. Among the company’s offerings are “short courses that are highly engaging … and meant to drill down on a specific element like phishing awareness or working safely from home.” Keeping cybersecurity “top of mind all year” is the main objective of the company, Murphy said.
He spoke about the “State of the Phish,” which is “pretty alarming.” He covered recent events and provided a number of statistics and examples supporting the need for advanced awareness and training, such as the monetary cost of compromised information, as well as loss of reputation and customers.
Bernstein said that the statistics of cybercriminal activity include only those who have come forward, and reminded the audience of all those many instances that are not reported. A case study was presented, and Bernstein asked what could be done about stopping the cybercriminality, but “the long and short of it is that it comes down to the security of your data…it depends on people making the right decisions, not making the wrong decisions, and being educated to tell the difference between the two.”
Bernstein then provided overviews of some of the types of courses available to educate people in protecting themselves and their data. “We’re not just about information security, we also cover HIPPA, PCI, data protection, and a lot of other topics. We have office training and skills, OWASP, roll-based training, and also a wealth of topics around HR.” He also provided in-depth details of how some courses would work and the benefits.
GLS presented its anti-phishing solution, which includes a number of items such as an unlimited SaaS phishing platform access with admin dashboard analytics and reports, simulations, a customizable landing page template library, and much, much more.
Murphy then took questions, such as the ability for an individual company to create its own templates and what size company was appropriate for the anti-phishing courses (to which the answer was that the courses are always scalable and localized to that particular company and/or region of the world.) Every size organization could benefit from the type of education offered by GLS. Prices fit every budget, and GLS tries to be a true partner in crafting that “specific solution” that will meet a particular company’s needs.
More information in detail was presented to participants by Bernstein, who stressed once more the importance of educating people, “which is what the Global Learning Platform does.” Murphy concurred with his assessment, and said in conclusion that “this is real life… and a problem to a large degree that can be mitigated through continuous education” as well as “structuring a deliberate and methodical plan… of trying to move your culture from reactionary to owner-operator when it comes to the security of your data.” He urged people to contact GLS and “let us talk about how we can help strengthen your human firewall.”
The entire presentation is available to you at:
May 15, 2017 by The GLS Team
More than 200,000 computers in over 150 countries were struck with a worm-like ransomware known as “WannaCry” as they were booted up their systems around the world. As word spread, experts interviewed on television said that not having sufficient protection and allowing outdated software to reside on computers contributed to the effectiveness of the attack.
According to the Associated Press, experts urged organizations and companies to immediately “update older Microsoft operating systems, such as Windows XP” with a patch released by Microsoft Corp. “The patch limits vulnerability to a more powerful version of the malware or to future versions that can't be stopped,” the AP said.
GLS provides security awareness training as well as many other services to help protect and upgrade your current protetction or systems. Providing such services to your company is not just a nicety, but a necessity in an age where armies of malware promoters are working to disrupt business as usual wherever and however they can.
According to Vikram Thakur, technical director of Symantec Security Response, “Just one click on an infected attachment or bad link would lead to all computers in a network becoming infected.” GLS has repeatedly stressed the importance of a company’s defending itself against phishing attacks, which reportedly was used to begin the “WannaCry” outbreak.
CyberheistNews warned: “If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: "‘When in doubt, throw it out!’"
GLS’ ransomware solutions and advice can provide companies with the kind of security that is needed in today’s treacherous malware environment. Don’t take chances with your data or your company! Help Strengthen Your Human Firewall™ today!
Take a brief moment to watch a clip from our ransomware Security Short Video
May 04, 2017 by The GLS Team
Google took an unprecedented step this week by publicly warning followers on Twitter and other channels about a sophisticated new phishing scheme targeting Google Doc users. Like all phishing scams, this one attempted to gather information and gain access to your accounts; unlike most phishing attempts, this one was polished and sophisticated.
Designed to look like an email from someone you know and trust, the latest scam asks you to click on a “Google Doc” link to access a file or document. Since the email was very convincing and seemed to be from someone you know – either a coworker, friend or family member – it was fooling quite a few users into taking the bait.
How the Google Docs Scam Works
The emails sent to victims were created using OAuth credentials from real Google accounts, so they looked exactly like you would expect an email from a friend or colleague to look. A look at the headers and the sending address wouldn’t reveal the attack; the messages legitimately came through the Gmail system.
Once you clicked “Open in Docs” you were presented with a real looking page asking you to tie your real Google account to a fake (but convincing) Google Docs page. Once you agreed, the fake app then requested to access your Google account.
Spreading Like the Common Cold
Once the fake app had control of the victim’s email address, it didn’t stop there. It began automatically creating new messages or versions of itself, sending the same convincing message to everyone in the victim’s contact list. Once sent, the messages would be deleted from the “sent” folder in the victim’s Gmail account, leaving no trace of the activity behind. This delivery method caused the phishing attack to spread through organizations and social groups in record time.
Key Takeaways from the Google Docs Attack
What can we learn from this recent attack?
Hackers are becoming more sophisticated – you can’t rely on poor spelling or even a quick look at the header to reveal the signs of a scam.
The right attack will spread quickly, too quickly even for a large, invested organization like Google to stop it before it impacts you.
Never click on a link in an email you did not specifically ask for or that you were not already expecting and don’t grant access to your Gmail account for any reason.
Access to your email account could be access to everything from your sensitive work files to your personal bank account, so this type of phishing attack can have a big impact on victims.
Protect yourself and your Business from Phishing
While the heads’ up from Google was helpful, you can’t rely on a big provider to let you know there’s a problem or threat every time one arises. Educating yourself and your staff about the ways a cybercriminal could try to infiltrate your business or identity can keep you from becoming a victim. If you are worried about the increasing sophistication of phishing scams and concerned about falling for one, we can help. Our anti-phishing training is designed to help you spot a phishing scam with ease and stop a would-be scammer in his tracks. Contact us to learn how easy it is to protect your assets and network from sophisticated criminals seeking to do you harm.