I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.
Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization.
Most users are familiar with Microsoft Exchange Online only as an application for accessing their email inboxes. However, by default, all users also have access to a system called Exchange Online PowerShell. This feature, designed primarily to assist IT administrators, allows a user to programmatically perform actions on a Microsoft 365 (M365) tenant. The specific actions a user can perform depend entirely on the user’s assigned roles.
For those in the security space or at C-level, you’ve likely seen a recommendation about how to manage encryption and corresponding keys. Or at least something about encryption needing further consideration. Chances are, if you’re reading this you have at least an interest in the topic and are researching relevant products.
With the ever-evolving landscape of email security services comes the ‘question’… ‘what are the top email security gateway services’? Our website analytics show that this term is searched for more regularly than most other general searches. A key indicator is that many top email gateway services brands have been tried and tested previously…market research is required to check for innovation – Is there anything you haven’t tried?
October is Cybersecurity Awareness Month, the U.S. government’s annual reminder that information security is something everyone needs to consider. Each week of the month has a specific theme, and this week’s topic should be of interest to every CISO: Fight the Phish! There are many layers of defense that organizations can put in place to mitigate phishing, and DevSecOps can be part of that effort. But more on that later. First, let’s look at the current phishing landscape.
Cybersecurity would be so much simpler if criminal groups would stick to the same old tried and tested methods. Sadly, that’s never going to happen – they’re persistent and creative. Instead, cybersecurity teams need to keep up to date with the latest tricks in the criminal playbook. There’s no standing still when it comes to cybercrime.
It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal cybersecurity advice.
