Cyber security training once a year isn’t working

Cyber security training once a year isn’t working

Cyber security training once a year isn’t working

We all know how important it is to keep our people up-to-date on the latest cyber threats. After all, with cyber attacks on the rise, staying one step ahead is crucial to protect your business from potential breaches.

But here’s the thing – annual cyber security training just isn’t cutting it anymore.

Sure, it’s become a routine part of the calendar for many organisations. And it’s great that it’s happening at all. But ask any security leader, and they’ll tell you… employees find it time-consuming and uninspiring. From clicking through slides to skimming through videos at double-speed, it’s usually seen as just another box to tick.

And let’s be honest, even for those who do engage with the training, there’s little evidence it leads to real behaviour change.

That’s because the traditional approach lacks interactivity and doesn’t connect with employees on a personal level. It’s more about ticking boxes than building a culture of cyber security vigilance.

Guess what? There’s a better way. It’s all about small, regular, human-centric interventions. Think of it like the speed signs you see when you’re driving. They remind people to stop and think before they engage in risky behaviour. Just as the signs work for driving, this kind of training makes your employees more aware of what they’re clicking.

By nudging employees toward safer decisions in real-time, we can help them develop better cyber hygiene habits without overwhelming them with information overload. It’s about empowering them to make smarter choices every day.

And with the amount of Generative AI and third-party tools we’re surrounded with right now, it’s more important than ever to give employees the guidance they need to navigate potential risks. Whether it’s through real-time coaching or policy reminders, we can help employees understand the importance of safeguarding sensitive data.

So, while there may be a place for annual training, it’s time to think about using a more proactive approach to cyber security education.

This is something we can help you with. If you want to learn more, get in touch.

Uh oh! You’re at greater risk of malware than ever before

Uh oh! You’re at greater risk of malware than ever before

Uh oh! You’re at greater risk of malware than ever before

Here’s something not-so-fun but incredibly important to talk about: Malware attacks.

And it’s bad news. These scary cyber threats are hitting small and medium-sized businesses (SMBs) harder than ever before. That means you need to know how you can defend your business.

First things first, what exactly is malware?

Think of it as the digital equivalent of the germs that make you sick. Malware, short for malicious software, is like the flu virus of the cyber world. It’s designed to sneak into your computer systems or network and wreak havoc in all sorts of ways.

So, what kinds of malware are we talking about here?

Well, according to a recent report, there are a few major troublemakers: Information-stealing malware, ransomware, and business email compromise (BEC).

You might be wondering why you should care about malware. Let me set the scene. You’re running your business smoothly, minding your own business, when BAM! A malware attack hits.

Suddenly, your files are encrypted, your systems are locked down, and you’re being held hostage for ransom.

Sounds like a nightmare, right?

That’s the reality for many SMBs facing malware attacks. It’s not just about losing money – it’s about the potential damage to your reputation, your operations, and your customers’ trust.

But there are plenty of ways to fight back against malware and keep your business safe and sound:

Educate your team

Teach your employees to spot phishing emails (an email pretending to be from someone you trust), suspicious links, and other sneaky tactics used by cyber criminals. A little awareness goes a long way.

Armour up your devices

Make sure all your computers and devices are equipped with the best software to prevent attacks.

Back up, back up, back up

Regularly back up your data to secure offsite locations. That way, if you are attacked, you’ll have a backup plan (literally) to restore your files.

Fortify your network

Improve your network security with firewalls, encryption, and other powerful weapons. We can help with all of that.

Stay sceptical

Be cautious of suspicious emails or requests for sensitive information. When in doubt, double-check the sender’s identity and never click on risky links or attachments.

Have a plan

Prepare an incident response plan for dealing with malware attacks. Think of it as your emergency playbook, complete with steps for containing the threat, recovering your data, and reporting the incident. That’s a lot to take in, but remember, knowledge is power. These are all things we help our clients with, so they don’t have to worry about it. If we can help you too, ge

Is this the most dangerous phishing scam yet?

Is this the most dangerous phishing scam yet?

Picture this: You’re going about your day, checking your emails, when suddenly you see a message from a company you trust.

You think, “Great! That’s safe to read”. But hold on just one minute… this email is not what it seems.

It’s part of yet another scam created by cyber criminals to trick you into clicking malicious links or giving up sensitive info. It’s called “SubdoMailing,” and it’s as dangerous as it sounds.

What’s the deal?

Just like regular phishing attacks, cyber criminals pretend to be trusted brands.

But here’s how it works: These cyber criminals scour the internet for subdomains of reputable companies. You know those extra bits in a web address that come before the main domain? Such as experience.trustedbrand.com. That ‘experience’ bit is the subdomain.

They find a subdomain that the brand is no longer using and is still pointing to an external domain that’s no longer registered.

Then they buy the domain and set up the scam website.

So, you believe you’re clicking on experience.trustedbrand.com… but you have no idea it automatically redirects to scamwebsite.com.

The criminals are sending out five million emails a day targeting people in businesses just like yours.

And because these emails are coming from what seems like a legit source, they often sail right past usual security checks and land in your inbox.

Here’s our advice to keep you and your data safe and sound:

  • Be wary of any emails that seem even remotely suspicious. If something looks fishy, it probably is.
  • Before clicking on any links or downloading any attachments, take a moment to verify the sender. Look for red flags like spelling mistakes or unusual email addresses.
  • Make sure your employees understand the latest phishing tactics and know how to spot a scam. A little knowledge goes a long way in keeping your company safe.
  • Consider investing in top-notch security software to keep the cyber criminals at bay. It might seem like an extra expense, but trust us, it’s worth it.

As always, if you need help with this or any other aspect of your email security, get in touch.

Cyber attacks: Stronger, faster and more sophisticated

Cyber attacks: Stronger, faster and more sophisticated

A new security report has revealed some alarming trends.

First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year.

This is not good news.

Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company.

And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence.

But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks.

They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.

Or they pretend to be someone your team trusts. This is called social engineering.

So, what can you do to protect your business from these cyber threats?

  • Educate your employees

Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes.

  • Implement strong password policies

Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in).

  • Keep your systems updated

Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.

  • Invest in cyber security software

Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).

  • Back-up your data

Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss.

When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch.

And the award for most common phishing scam goes to…

And the award for most common phishing scam goes to…

If there’s one thing that’s 100% certain when it comes to protecting your business data, it’s that you need to be aware of phishing emails.

First things first, what exactly is a phishing email? Picture it as a wolf in sheep’s clothing, posing as a legitimate communication to deceive unsuspecting recipients. These emails often contain malicious links, attachments, or requests for sensitive data, all disguised as a business or person you already know and trust.

And you know what they say: Knowledge is power. One of the best ways to stay safe is to stay informed. We can do that by looking at the most common phishing emails of last year.

There are three main categories of phishing themes: Major, moderate, and minor.

Major themes

The biggest category is finance-related phishing emails, making up a huge 54% of attacks. These emails often contain pretend invoices or payment requests, aiming to lure recipients into giving away financial information.

Following closely are notification phishing emails, making up 35% of attacks. These emails prey on urgency, claiming your password is about to expire or you must take some urgent action.

Moderate themes

Document and voicemail scams take centre stage here, accounting for 38% and 25% of attacks respectively. These tactics involve deceptive files or messages designed to trick you into compromising your security.

Minor themes

While less common, minor phishing themes still pose a risk to people who don’t know what to look out for. These include emails related to benefits, taxes, job applications, and property.

Why should you be concerned about phishing emails? Falling victim to these scams can have serious consequences, including financial loss, data breaches, and damage to your company’s reputation. It’s essential to educate your employees about the dangers of phishing and put in place robust cyber security measures to protect your business.

Awareness and vigilance are your best defences against phishing attacks. By staying informed, training your employees, and using strong security protocols, you can safeguard your company’s valuable assets from cyber threats.

We help businesses like yours stay safe. If you’re not 100% sure you’re fully protected… let’s talk.

Which ransomware payment option is best? (Hint: none)

Which ransomware payment option is best? (Hint: none)

Picture this: Your business gets hit by a ransomware attack, and your valuable data is locked away by cyber criminals demanding a huge ransom fee.

You can’t afford to pay it. But there’s a twist – just like those “buy now, pay later” schemes, some ransomware gangs are offering victims payment extension options.

Recent research reveals that ransomware groups are getting creative with their extortion strategies. One group is even offering victims various choices when it comes to their ransom demands. These “choices” include:

Paying to delay the publication of their stolen data, with a standard fee of $10,000… or paying to have their stolen data deleted before it’s made public.

The exact amounts charged are often negotiated with victims, adding a chilling dimension to the whole ordeal.

To increase the pressure on victims, these ransomware groups have added some terrifying features to their web sites. These include countdown timers displaying how much time businesses have before their data is released, view counters, and even tags revealing the victim’s identity and description.

It’s all designed to make victims feel cornered and more likely to give in to the demands.

You might be tempted to pay that ransom to protect your business data. Not so fast. Paying is always a bad idea and here’s why…

Paying doesn’t guarantee that you’ll get your data back or that the cyber criminals won’t demand more money later.

By paying, you’re essentially funding criminal activities, encouraging them to continue their attacks on others.

Paying a ransom might even get you into legal trouble, as some governments have made it illegal to pay cyber criminals.

So, what can you do to safeguard your business from falling victim to ransomware?

  • Ensure you have regular, secure backups of your data. This way, you won’t be at the mercy of cyber criminals.
  • Educate your staff about the risks of ransomware and train them to recognise phishing emails and suspicious links.
  • Invest in robust cyber security software and keep it up to date.
  • Keep your systems and software updated with the latest security patches.
  • Segment your network to limit the spread of ransomware if one device gets infected.
  • Develop a clear incident response plan, so you know exactly what to do if you’re ever hit by a ransomware attack.

Paying cyber criminals rarely makes things better, and we’re seeing businesses that do pay become targets time and time again. Instead, invest in the proactive measures above to help you stay secure. And if we can help you with that, get in touch.

Don’t think your business is a target? Think again

Don’t think your business is a target? Think again

Don’t think your business is a target? Think again

You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that’s where the big bucks are, right?

Think again.

Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from independent shops to global enterprises. And they’re doing it with the help of something called “botnets.”

You may have heard about the rise of malicious botnets, and you’re probably wondering, “what on earth is a botnet, and why should I care?” Botnets are the secret weapons of cyber criminals. They’re armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart fridge. Yes, even your fridge can be turned into a cyber weapon.

A new report observed “massive spikes” in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that’s a hundred times the usual levels of botnet activity.

Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That’s a lot of compromised devices.

And it didn’t stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on the 5th and 6th of January there were spikes of more than a million devices!

Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems.

Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific “ports” that serve as entry points.

What can you do to protect yourself from these cyber threats?

It’s all about strengthening those doors and windows. Here are a few simple steps:

  • Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities.
  • Install a good firewall and reliable antivirus software to protect your devices.
  • Educate your employees about cyber security best practices, such as avoiding suspicious links and emails.
  • Enforce strong, unique passwords for all your accounts and devices.
  • Regularly back up your data to prevent loss in case of a cyber attack.
  • Keep an eye on your network for any unusual activity.
  • Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures.

If we can help you keep your business better protected, get in touch.

Are you ready for next-gen email security? (YES!)

Are you ready for next-gen email security? (YES!)

Google has unleashed a powerful new tool to make your Gmail inbox a safer and spam-free haven, and it’s called RETVec.

But what exactly is RETVec?

Well, let’s break it down in simple terms. RETVec stands for Resilient and Efficient Text Vectorizer. Fancy. In plain English, it’s a tool that makes Gmail even better at spotting annoying spam emails that try to sneak into your inbox.

Did you know that the people behind spam emails can be very smart to try to avoid detection? Some use invisible characters, something called LEET substitution (like “3xpl4in3d” instead of “explained”), and intentional typos to get past our defences. But RETVec is trained to be resilient against all these tricks.

Google explains it as mapping words or phrases to real numbers and then using these numbers for further analysis, predictions, and figuring out word similarities. In short, it’s like giving Gmail a supercharged spam radar.

How does this benefit you? Gmail’s spam detection rate shot up by an impressive 38% with RETVec on the scene. Plus, Gmail’s false positive rate dropped by nearly a fifth (that’s 19.4% fewer false alarms).

I know that some of you might be wondering if there’s a catch. Well, there’s a tiny caveat you should be aware of, especially if your business sends promotional emails.

With RETVec’s increased vigilance, some legitimate emails might get caught in the crossfire. It’s a good idea to keep an eye on your email analytics to ensure your messages reach their intended recipients.

RETVec isn’t just about better security. It’s more efficient too. Google reports that the Tensor Processing Unit (TPU) usage of the model dropped by a whopping 83%. Smaller models mean reduced computational costs and faster delivery, which is a game-changer for large-scale applications and on-device models. So, it’s a win-win situation.

Spam is a go-to weapon for cyber criminals and now RETVec can help keep us better protected. It blocks malicious emails, keeping our data safe and our inboxes clutter-free.

If you don’t use Gmail, don’t feel too left out. It’s likely we’ll see other email providers including Microsoft bringing similar protection in the future.

In the meantime, if you’d like us to review your business’s email security, get in touch.

SHOCK STAT: A third of business owners don’t trust their staff

SHOCK STAT: A third of business owners don’t trust their staff

Do you trust your employees with confidential information?

If you do, you’ll be surprised by this stat…

For a third of small and medium-sized business leaders, the answer is a resounding “no”!

Maybe it’s because Jim from accounting still has his password on a Post-it note under his keyboard? Or perhaps it’s because they’ve been burnt in the past?

Either way, it’s clear that trust isn’t enough when it comes to data security.

We believe the problem isn’t your employees; it’s the lack of good training and security measures.

So, what can you do about it?

Booking training for everyone is an easy first step. It empowers employees with the tools, techniques, and best practices they need to spot potential threats and take appropriate actions.

Think of it this way: well-trained staff pose less of a risk to the overall security of your business’s digital network. They become your first line of defence, helping to improve your company’s security, and significantly reducing the risk of a breach.

Next, there are your security measures. Many companies admit they don’t have sufficient technology or checks to protect confidential information.

This is where we come in. We can help set up your company’s system so that people can only access the data they’re supposed to.

But our job wouldn’t stop there. We can also ensure that your company has adequate policies relating to information sharing, gaining access to confidential data, and what happens when an employee leaves. By doing this we help you create a more secure working environment for everyone.

Here’s the truth: trust isn’t enough in data security. But with the right training and security measures in place, you can transform your employees from potential security risks into your greatest assets.

Are you ready to move from a place of fear and mistrust to one of empowerment and confidence? Get in touch.

It’s time to say goodbye to traditional passwords

It’s time to say goodbye to traditional passwords

Did you ever imagine a world where the lengthy, complicated passwords people often forget would become a thing of the past?

It seems that day might be arriving sooner than we anticipated.

Google has officially made Passkeys the default sign-in method for all personal accounts on its network, signalling the beginning of a new era in online security.

What’s a Passkey, you ask?

It’s the next big thing in internet safety. And as a business owner with staff, you should pay attention to this game-changing innovation.

Here’s everything you need to know.

What are Passkeys?

Imagine logging into your account using just a four-digit PIN or your biometric data like fingerprints or facial recognition. That’s precisely what a Passkey is.

Simple, isn’t it?

But don’t let the simplicity fool you. This new technology significantly reduces the likelihood of having your credentials stolen or your account taken over by cyber criminals.

How do Passkeys work?

Creating a Passkey is easy. Head over to Google’s official Passkeys website, create a PIN or connect your biometrics (fingerprint or face), link your smartphone, and you’re done.

Just remember, your PC needs to run at least Windows 10, or your Mac should have macOS Ventura or above. And on your phone, you need Android 9 or iOS 16.

As of now, this tech works only on Microsoft Edge, Safari, and Google Chrome browsers.

What are the benefits of Passkeys?

According to Google, 64% of people find Passkeys easier to use than traditional login methods.

Not only are they simpler and more secure, they’re also faster. Logging in with a Passkey is 40% quicker than using a regular password.

What’s next?

Google’s decision to make Passkeys the default sign-in method is just the beginning. The tech giant is already working with select partners to make this new login usable across Chrome and Android. It’s already available on Uber and eBay, with plans to expand to WhatsApp soon.

So, it might be wise to start thinking about how Passkeys can benefit your business. After all, Google could soon roll out this feature for business accounts too.

Meantime, if you’re not quite ready to embrace Passkeys, you can still opt-out. Just head to the Sign-in options page, find “Skip Password When Possible”, and toggle off the switch.

We’d recommend you give it a try and see how much easier – and more secure – it can make things. And of course, if you need any help, get in touch.