Failing the Phish Test

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

These Police Officers Called for Backup… and it was Infected with Ransomware

The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.
Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Contact Us

Reach out to us at (844) 493-0015 so we can optimize your IT to protect you against ransomware and other critical issues.

The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.
Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Contact Us

Reach out to us at (844) 493-0015 so we can optimize your IT to protect you against ransomware and other critical issues.

Here’s a Cost-Effective Alternative to Onboarding Additional IT Staff

An internal IT department serves two primary purposes for businesses. The first is to keep an eye on your technology problems and resolve them. The second is to plan for the future and implement new strategies that will help your organization function more effectively. The problem for the average small business is that their IT department often doesn’t have the luxury of performing both of these tasks.

The root of the problem is that most IT departments are too busy dealing with technology support issues and requests from employees to innovate. Eventually, this lack of innovation could cost your business money.

Do You Know What You’re Paying Your IT Department For?

By definition, your IT department is supposed to plan methods for your business to improve its infrastructure through any means necessary. On the side, they are supposed to help your organization by providing technical support for your assets. By adhering to this model, your IT department should be able to find ways to improve your technology infrastructure, while providing technical assistance for those who need it. The problem is that, as technology becomes more complicated, the help demanded by employees increases.

While it might seem ideal to approach IT support with an internal IT department, it rarely works out. IT departments just don’t have as much time as they need to really work toward improving anything. Often times, these issues are either recurring or resolved simply by rebooting the system, which is a waste of your IT department’s time.

Is Your IT Department Taking Your Company Nowhere?

While your IT department struggles to keep up, your team will naturally need to make forward progress. However, when all they do is respond to problems without making progress in order to prevent them, it’s easy to overlook the fact that many of these problems can be prevented in the future with a little innovation in the present. Plus, when routine maintenance is foregone for the sake of solving short-term problems, you’ll lose out in the long-term due to decreased performance and security issues.

As you can see (perhaps even from your own experience), an in-house IT department is often more distracted by problems that aren’t even theirs to resolve, which pulls them away from work that could make your business better. As a result, many organizations seek to outsource the IT work of their IT department’s in order to make up lost time. This can include innovation, but more often than not, you’ll find that outsourcing routine IT tasks and technology support to be helpful to your company’s overall goals.

After all, your technicians were hired to innovate, so why not give them the opportunity to do so?

Contact Us

To learn more about outsourced IT, reach out to JDL Group. We can provide a help desk, network audits, and so many more valuable IT services that will help your organization improve efficiency. Call us today at (844) 493-0015.

An internal IT department serves two primary purposes for businesses. The first is to keep an eye on your technology problems and resolve them. The second is to plan for the future and implement new strategies that will help your organization function more effectively. The problem for the average small business is that their IT department often doesn’t have the luxury of performing both of these tasks.

The root of the problem is that most IT departments are too busy dealing with technology support issues and requests from employees to innovate. Eventually, this lack of innovation could cost your business money.

Do You Know What You’re Paying Your IT Department For?

By definition, your IT department is supposed to plan methods for your business to improve its infrastructure through any means necessary. On the side, they are supposed to help your organization by providing technical support for your assets. By adhering to this model, your IT department should be able to find ways to improve your technology infrastructure, while providing technical assistance for those who need it. The problem is that, as technology becomes more complicated, the help demanded by employees increases.

While it might seem ideal to approach IT support with an internal IT department, it rarely works out. IT departments just don’t have as much time as they need to really work toward improving anything. Often times, these issues are either recurring or resolved simply by rebooting the system, which is a waste of your IT department’s time.

Is Your IT Department Taking Your Company Nowhere?

While your IT department struggles to keep up, your team will naturally need to make forward progress. However, when all they do is respond to problems without making progress in order to prevent them, it’s easy to overlook the fact that many of these problems can be prevented in the future with a little innovation in the present. Plus, when routine maintenance is foregone for the sake of solving short-term problems, you’ll lose out in the long-term due to decreased performance and security issues.

As you can see (perhaps even from your own experience), an in-house IT department is often more distracted by problems that aren’t even theirs to resolve, which pulls them away from work that could make your business better. As a result, many organizations seek to outsource the IT work of their IT department’s in order to make up lost time. This can include innovation, but more often than not, you’ll find that outsourcing routine IT tasks and technology support to be helpful to your company’s overall goals.

After all, your technicians were hired to innovate, so why not give them the opportunity to do so?

Contact Us

To learn more about outsourced IT, reach out to JDL Group. We can provide a help desk, network audits, and so many more valuable IT services that will help your organization improve efficiency. Call us today at (844) 493-0015.

Helpful Suggestions to Improve Password Security

Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication

2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to JDL Group and ask us about our two-factor authentication solutions.

Password Managers

A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from JDL Group can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

Contact Us

JDL Group can help your business with all of its password managing needs. To learn more, reach out to us at 1-(844) 493-0015.

Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication

2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to JDL Group and ask us about our two-factor authentication solutions.

Password Managers

A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from JDL Group can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

Contact Us

JDL Group can help your business with all of its password managing needs. To learn more, reach out to us at 1-(844) 493-0015.