Viewing entries tagged
Email Security

User Training... Security's First Line of Defense

User Training... Security's First Line of Defense

"Hi Linda, this is Rob in IT. We are troubleshooting an issue on the back-end.  I need your password to test functionality".

  • 60% of small to medium businesses are out of business within 6 months of a cyber-attack

  • 52% of data security breaches are caused by human error

Regularly occurring employee security training is a key first step in turning your company's greatest security liability into the greatest security asset.

Internet usage policies, data handling, labeling policies, security violation reporting, proper password creation and usage, and environmental awareness are just a fraction of security holes that can be filled by training users in proper security hygiene.

Basic security training does not need to be presented as an overwhelming flood of information.   Depending on your company’s business sector and internal culture, it should start as small as possible and be delivered in a simple manner to all users, while becoming increasingly more specific for smaller groups and departments as needed.  Small bites are easier to digest.

A baseline for all users should include a few basic steps:

  • Never write down your password

  • Never give your password to anyone, including IT

    o   Your boss and the IT department should not need your password for access or testing

  • Utilize Multi Factor Authentication (MFA)

  • Be aware of your environment

o   do not enter usernames and passwords over unsecured networks (airports & hotels)

o   do not enter usernames and passwords in view of other people

  • Confirm all attachments with the sender before opening

o   unless specifically expecting an attachment, double check, even if the sender’s address is known

  • Never plug unknown devices into your computer

o   found devices, such as USB drives (thumb drives), may contain viruses from someone with bad security hygiene, or planted purposely by bad actors

  • Report any antivirus or workstation update issues to IT as soon as possible

  • Avoid shared login accounts

  • Report strange information requests or odd behavior

  • Do not follow emailed web links to external sites

o   redirected or spoofed web links can easily lead to malicious sites

ZAG is experienced in security training and can assist you in evaluating the best options that meet your business needs. Our mission is to “enable our clients to succeed”.

Contact us now to schedule staff security training: 408-383-2000

Email Security-What’s in a Domain Name?

There is a trending epidemic related to your company's email security.  Criminals are setting up fake domains by doing things like replacing the letter “m” with “r n” in the domain name (i.e. example.com is replaced with exarnple.com).

Your company’s Exchange Administrator may take a shortcut and simply block incoming emails from these types of domains, but we believe this is shortsighted. This only protects your business from attacks coming in. Lack of aggressive action may cause threats of attacks occurring against your customer base.

Companies must be mindful of criminals using look-alike domains, or your customers may suffer the consequences. Fake domains could allow these criminals to steal money from your company and/or your customers. If money is stolen from your customers in this manner, the company-customer relationship will be negatively impacted, despite not having done anything wrong yourselves.

ZAG has had at least four clients hit by one of these attacks within the last three weeks alone. Fortunately, none of them have suffered losses from this, but there have been cases where they have come close to falling victims to this scam.

Companies need to be mindful of this threat. We recommend that businesses acquire registration for domain names that are similar to their own. We also recommend confirming ACH changes through multiple factors to achieve true financial security. 

This risk is real and must be addressed immediately. And though this may be an outside-the-box approach, we feel this solution can greatly protect you. If you want to be secure, you must stay vigilant.

To learn how to obtain IT security, contact a ZAG representative today.