Video Blog
Recent Post
Categories
- Account Security (16)
- Apple (1)
- Back up (18)
- Business (30)
- Business Continuity (22)
- Business Intelligence (33)
- Business Value (24)
- Cloud storage (3)
- Computers (16)
- Cyber Awareness (1)
- cybercrime (34)
- dark web (1)
- Email Security (12)
- Employee Monitoring (5)
- eTechTip (2)
- From the CEO (13)
- Healthcare (5)
- HIPAA (6)
- identity theft (6)
- Internet Social Networking and Reputation Management (2)
- Management (1)
- Marketing (12)
- Microsoft 365 (9)
- News (32)
- Newsletter (16)
- Office (4)
- Our Company (32)
- Overheating Devices (1)
- Preparation (1)
- Remote Working (1)
- Security (75)
- Security and Compliance Training (8)
- Servers (3)
- Social Media (5)
- Social Media – Facebook (2)
- Technology (13)
- Uncategorized (52)
- Video (39)
- VoIP (1)
- Web & Cloud (1)
- Windows (7)
Archives
Are You Meeting Compliance Requirements? Time for a Second Opinion!
When it comes to protecting your organization, you need to find a company that has a different mindset & focuses on compliance.
Cybersecurity Questions Every Business Owner Should Be Able To Answer “Yes” To
Here are questions that every business owner should easily be able to answer “yes” to as well as already have in place.
7 Reasons Why You Need a Cybersecurity Training Program in Your Business
Here are 7 reasons why you need to start a cybersecurity training program in your business today. Watch this video from Phillip Long!
What is the Repetitive Nature of Cybersecurity Attacks on Businesses?
Continuing on with our email security series we’re going to talk about Spoofing today. What is email Spoofing and how can you protect yourself from it?
Email spoofing is whenever somebody sends on behalf of someone else and they spoof you, they make you think that you’re receiving an email from one party when in actuality it’s a totally different party. This is something that has been around a very long time and a lot of times you can hover over the link of the sender’s email address and you’ll see the actual email address. This has been around a really long time.
One time full disclosure here, this happened a long time ago. So I think the laws have passed on any kind of punishment that could happen to me. But we were messing around with a guy in the office and he was talking about a whole bunch of money he made and all this. So we sent him an email from the IRS questioning this money that he received right. And we spoofed it. We sent an email and we changed the from address basically to IRS gov. And whenever he got the email he totally freaked out because his was 25 years ago or whatever and he didn’t know what it was and he thought oh gosh, now the IRS knows about all this money I’ve gotten. So it’s really that simple.
So how do you protect yourself from that? Well first off you can usually hover over that link and you can see that it didn’t come from the person that it says it came from. Another thing that you can do is and it’s more effective because it doesn’t require human intervention. Because we got to think about more than just beyond ourselves. A lot of you guys that watch me have employees and there’s varying levels of cybersecurity acumen amongst these folks so you want to safeguard them, what I say above their head and you do that with a proper email spam filter with your email properly set up.
We use Barracuda. It’s a cloud based product and it has an anti spoofing component to it that actually checks from address if you will, where you see it like say an Outlook or wherever you’re checking your email and the actual header where the actual email is.
Again I sent that email from an account that looked like IRS gov but in reality it was coming from me. So it compares those two on the very simplest it does a lot more things than that but on the very simplest level there are anti spoofing products out there that will guard your mailboxes. Not just for you because I talked to a lot of you guys and you guys got it figured out, but for your employees if nothing else. And I just shot a video a second ago and 85% of companies have had some form of security breach over the past twelve months. So we know that these bad actors are successful.
So stay safe out there. If you have questions or concerns I’m always here to help. I’d like to talk to you about a cybersecurity email bundle that you need really to protect your email. It’s your biggest risk for most small to mid-size companies.
What is Email Spoofing?
Continuing on with our email security series we’re going to talk about Spoofing today. What is email Spoofing and how can you protect yourself from it?
Email spoofing is whenever somebody sends on behalf of someone else and they spoof you, they make you think that you’re receiving an email from one party when in actuality it’s a totally different party. This is something that has been around a very long time and a lot of times you can hover over the link of the sender’s email address and you’ll see the actual email address. This has been around a really long time.
One time full disclosure here, this happened a long time ago. So I think the laws have passed on any kind of punishment that could happen to me. But we were messing around with a guy in the office and he was talking about a whole bunch of money he made and all this. So we sent him an email from the IRS questioning this money that he received right. And we spoofed it. We sent an email and we changed the from address basically to IRS gov. And whenever he got the email he totally freaked out because his was 25 years ago or whatever and he didn’t know what it was and he thought oh gosh, now the IRS knows about all this money I’ve gotten. So it’s really that simple.
So how do you protect yourself from that? Well first off you can usually hover over that link and you can see that it didn’t come from the person that it says it came from. Another thing that you can do is and it’s more effective because it doesn’t require human intervention. Because we got to think about more than just beyond ourselves. A lot of you guys that watch me have employees and there’s varying levels of cybersecurity acumen amongst these folks so you want to safeguard them, what I say above their head and you do that with a proper email spam filter with your email properly set up.
We use Barracuda. It’s a cloud based product and it has an anti spoofing component to it that actually checks from address if you will, where you see it like say an Outlook or wherever you’re checking your email and the actual header where the actual email is.
Again I sent that email from an account that looked like IRS gov but in reality it was coming from me. So it compares those two on the very simplest it does a lot more things than that but on the very simplest level there are anti spoofing products out there that will guard your mailboxes. Not just for you because I talked to a lot of you guys and you guys got it figured out, but for your employees if nothing else. And I just shot a video a second ago and 85% of companies have had some form of security breach over the past twelve months. So we know that these bad actors are successful.
So stay safe out there. If you have questions or concerns I’m always here to help. I’d like to talk to you about a cybersecurity email bundle that you need really to protect your email. It’s your biggest risk for most small to mid-size companies.
What is Business Email Compromise?
Continuing on with our Tuesday Tech Tip email security series, we’re going to talk about business email compromise. What is it? How does it happen? And most of all, how do you protect your company from it? Stay tuned.
Business email compromise is really more of an outcome or means by which the bad actors are exploiting email. There are multiple tactics, multiple ways that they get a business email compromise to happen. it can simply be from somehow scanning your password and what we call account takeover and then being able to compromise you. It could be a spearfishing attack where they target specific people, the CEO and the CFO. It could be through other means by which there’s a man in the middle attack. But ultimately, business email compromise is a class that is set for the highest of risk and therefore the highest payoffs for the bad actors. Whenever a business email compromise happens, it’s going to cost you a lot of money or your cyber liability insurance a lot of money, and the bad actors are going to make some money.
Slet’s talk a little bit about what is password takeover. That’s ultimately where somebody and sometimes they can get this just by sending an email saying, hey, your account is almost full All you have to do is click here and you’ll get unlimited space. And all you have to do is put in your email address and your password, and then boom, you got unlimited space. Well, Microsoft 365, you just gave them the keys to the Kingdom, and they can now rape and pilfer your entire Microsoft 365 environment. a lot of people look at that as just their email But there is a whole ecosystem behind the scenes that’s happening in Microsoft 365. So there’s a lot of room for exploits.
I’ll tell you one quick story with a financial planner that we work with to help secure their email. One of the financial planner guys had his account taken over and the bad actors went out and made forms on the Microsoft 365 platforms. it was really like all of the demographics being asked for, the Social Security numbers, the spouses, the phone numbers, the email addresses, the date of birth, you name. It was in this long questionnaire. The bad actors simply sent the questionair email to all of the contacts within the business that they had from the financial planners email account. The financial planners had a shared contact database. These bad actors sent out to all of the people saying, “hey, we’re doing some spring house cleaning. We want to update all of your records. Here’s a link. Please go out and fill out all of this information for us.”
Well, what happened was that goes out to all of their clients and the clients click. They see this form that has their domain name. The financial planner’s domain name on a Microsoft form looks very legit because A: it is legit. But the bad guys took over the account. Many clients filled out a ton of information and hit submit. The bad actors raked all that information. Now, boom, they got a ton more targets to go after and a lot of data to sell for a lot of money.
So business email compromise you really want to have multi factor authentication turned on your email. really on anything nowadays anything that has one too many where there’s one username, one password and you’re logging in, you have access to many records. You need to Enable multi factor authentication is your biggest way. You also really need to be monitoring and watching those 360 accounts because again, that ecosystem is much broader than most people think. If you have questions, I’m here to help. Thank you for watching.
New Microsoft Office Zero-Day Threat
I want to talk to you about a Zero-Day threat that is out. It is called Follina. This is a Microsoft attack that
What is DMARC?
For our Tuesday tech tip, we’re continuing in the email security series and we’re going to talk about DMARC. DMARC is a component
How Much is Email Used?
https://youtu.be/dNmv9DWtc_U For this Tuesday’s Tech Tip, I’m going to start a series that’s going to run for ten weeks. We’re going to talk
What is The ATT&CK Framework?
Today we’re going to talk about what is the ATT&CK framework and why you need to understand it so that you can protect your
