Learning Center: Security
Our Security category covers all things cybersecurity. We answer questions like “What if You’re Hacked?”, “How Can I Tell If An Email Is A Scam?” and “What Should I Do When My Business Credentials Get Stolen?”. We also have videos on the importance of training your employees so your company doesn’t fall victim to hackers. Check out “What is Security Awareness Training?” to learn more about training.
In this video, we explore Business Email Compromise (BEC), a modern-day digital con game posing a significant risk to organizations of all sizes. Learn how cybercriminals gain access to corporate email accounts and use them to conduct unauthorized transactions or extract sensitive information.
Discover the details behind the recent Microsoft outage linked to a CrowdStrike update. Bob Coppedge, CEO of Simplex-IT, breaks down the global impact, affecting airlines, businesses, and emergency services. Learn what this outage means for your organization and the steps you need to take to stay protected.
A Secure Email Gateway is a specialized software solution designed to monitor, filter, and protect email traffic entering and leaving an organization's ecosystem. It serves as a virtual checkpoint, sorting through every email to identify and neutralize potential threats before they reach their intended recipients.
Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products. Microsoft Security Copilot helps security teams respond to cyber threats, process signals, and assess risk exposure.
In the ever-evolving world of technology, securing our wireless networks is crucial to protecting our data and privacy. If you've ever wondered about those cryptic acronyms like WPA, WPA2, and WPA3, this video is here to help you understand the basics of wireless security.
QR codes are everywhere nowadays, right? You see them on menus, posters, flyers—pretty much everywhere. They're super handy too! Just whip out your phone, snap a pic, and bam! You're directed to a link, a discount, or even a video. But hold up, there's a sneaky side to these little squares.
Ever received a "Firmware update available" notification and wondered what you're actually updating? In this video, we break down the concept of firmware, the unsung hero embedded in our devices. Firmware is a specialized type of software embedded in hardware devices, dictating how they function.
Network monitoring is the process of observing and analyzing the traffic and behavior of computer networks to ensure they are performing optimally and securely. They make sure everything is in order and there are no suspicious activities or potential threats.
DKIM, DomainKeys Identified Mail, is used to authenticate an email. It uses a digital signature to let the email recipient know the message and content of the email was authorized by the domain owner. How does DKIM work? Actually it's fairly complicated in terms of generating public and private keys in order to verify the content of your email.
Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing and spam. It restricts who can use an organization's domain as the sender of the email. In most phishing attacks, threat actors usually spoof the sender's email address to look official. SPF prevents that from being received.
DMARC, Domain-based Message Authentication, Reporting & Conformance, is an email security protocol that verifies email senders by building on the DNS services and the SPF, and DKIM protocols. It was created to block the threat of email spoofing, domain spoofing, email phishing, business email compromise, and other email-based attacks.
Domain-based Message Authentication, Reporting & Conformance. It’s actually a 4 letter acronym that really takes advantage of a 3 letter and a 4 letter acronym, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). So together we have an 11 letter acronym. And if you want emails from your company to be safely delivered, better pay attention.
An insider threat refers to the risk or potential harm posed to an organization's data, systems, or security by individuals who have authorized access to the organization's resources. These individuals could be current/ former employees, contractors, or business partners…
CMMC Proposed Rule Published with Bob Coppedge, CEO @simplex-it and Tim Golden CEO @compliancescorecard . What's Impacted? What to do? Need to Know More?
When talking about cybersecurity solutions, there’s a ton of different acronyms and abbreviations. You’ve probably heard about EDR, MDR, MTR, and XDR. But what do all of these mean? Let’s dive in.
Managed service providers (MSPs) and managed security services providers (MSSPs) are two terms that are often used interchangeably in the IT industry, but they are not the same thing. While there may be some overlap in the services they provide, there are significant differences between the two.
A tabletop exercise is an opportunity for your organization to practice what happens in the event of an incident. The most common tabletop exercises are incident response and disaster recovery. This is where people within your organization can work in a simulated environment to resolve a problem using the process and procedures that you should have in place.
In today's digital age, data security has become a top priority for organizations across industries. With the increasing frequency and sophistication of cyber attacks, it's critical for businesses to have a dedicated professional responsible for their overall information security. This is where the Chief Information Security Officer (CISO) comes in.
Business impact analysis (BIA) is an essential component of a company's risk management process. It involves assessing and analyzing potential risks that could disrupt the organization's operations and result in financial or reputational losses.
Windows end of life is a critical aspect that every individual and organization should be aware of to ensure the safety and security of their systems and sensitive data. In simple terms, Windows end of life refers to the point when Microsoft stops supporting a version of Windows.
We’ve all been there, going about our day and then we receive the notification ‘An update is available for your software, install now?’ This can be annoying, but it’s actually a critical item to maintain the security of your applications.
In today’s connected world we often have dozens of online accounts – whether it be for banking, shopping, work, or entertainment. But it often seems like every time we turn around another service was compromised or there’s an attempt to hack into accounts. So what can you do to keep your accounts safe and secure?
At its core, EDR is an evolution of antivirus software. Whereas traditional antivirus tools rely on signature-based scanning to detect known malicious files, EDR takes a more comprehensive approach.
Not really. There's always going to be some inherent risk in everything we do. But there are different responses that you can take to reduce that risk. For instance, you can mitigate the risk by putting appropriate controls and safeguards in place to decrease the impact of that risk.
Security awareness training is a critical component of any organization's security strategy. It involves training employees on common security risks and how to recognize and avoid them. This includes identifying phishing emails, scam calls, and text messages, as well as learning how to follow electronic funds transfer and more.
In today's digital age, businesses and individuals face a growing threat of cyber-attacks, data breaches, and other types of cyber incidents. These incidents can cause significant financial and reputational harm to those affected. Cyber insurance is a type of insurance designed to protect against these risks.
CMMC stands for Cybersecurity Maturity Model Certification. CMMC is a program that the Department of Defense is implementing to ensure the confidentiality of sensitive information.
Ok, first of all, got a cyber response plan? Use it. If you don't? Then if you have cyber insurance, contact your insurance people. If you're not sure, contact your IT support folks. But don't start "fixing the problem. You actually could make it worse.
Backing up data is a critical process for any business to ensure the continuity of its operations in the event of a disaster. The frequency of backups, however, depends on several factors that are unique to each organization.
Last month, the hardware company MSI was compromised by a malicious entity. These bad guys were able to steal source code, development code, and private keys. The big concern comes from the theft of those private keys. What do private keys do?
So, you just got an email. We get so many every day, but how can we be sure they’re legitimate? Let’s talk about how to identify a malicious email. The first thing that you need to know is that malicious actors often rely on urgency. No matter what the situation is take your time…
If you log into any of your devices and apps with just a username and a password, then you’re using one piece of ID – or one ‘authentication factor’. And that’s just not enough. We recommend using MFA.
Does your organization have an unsupported version of Exchange (2013 or older), or you’re not keeping up with patching? If so, you might be looking at some problems delivering emails to MS 365 in the near future.
There are a couple of different ways. The most common is via the web. It can be from a malicious ad that you click on, a redirect that takes you to somewhere you didn’t expect to be, or even just from clicking on the wrong link in your search results.
Hackers are using AI the same way businesses are starting to use AI. They're looking at those repeatable tasks that that are being done and seeing if there's more effective ways to do it. But we're also seeing it lowering that barrier to entry.
Ok, you’ve hired a company to create and maintain your web site. Everything is going great. They’re creating a web site that represents your organization properly, there’s all sorts of graphics some videos, you’re getting close to public release! And suddenly…they reach out to you with a request.
Ok, you may have heard something about the 3CX hack. Lets talk about this. First of all, this video was recorded less than 24 hours after the public disclosure of the compromise. So we might be out of date already. And a shout out to our Voip partner BVoip for keeping us up to date on things.
Here is the list of 7 Ways to Increase Productivity Through IT. What you do with it is up to you. Need help? Email us at BobC@Simplex-IT.com to schedule a call. And feel free to share this with your internal IT department.
Laptop encryption is an important security measure for businesses that want to ensure their data is safe and secure. It prevents unauthorized access to files in the event that a laptop is lost or stolen. It also allows business owners to easily recover any lost data.
There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life and can have costly consequences for individuals. Hackers can steal things like identities and compromise bank accounts, to name a couple.
Microsoft states that their “backup” goal is the availability of data. So it ensures that your 365 data is stored in at least two data centers located in geographically different places. Now if something happens to the servers in one data center (or the entire center or geographic region), there’s another copy.
Conditional access is also known as contextual access. It is a method of controlling user access. You can think of it as several “if/then” statements, meaning “if” this thing is present, “then” do this. Conditional access allows you to add many conditions to the process of user access to a system. It is typically used with MFA.
Let’s start by saying that phishing is a way of contacting someone by posing to be someone else, usually in the form of an email, text message or even phone call. But what is "simulated" phishing? Organizations use simulated phishing attempts to identify employees that may require additional training.
Adobe Flash was an add-on to most web browsers back in the day. It really enabled web sites to do a lot. It especially makes it easier for bad guys to do bad things. In fact, both Microsoft and Adobe (and honestly everybody else in the industry strongly recommended removing Flash from all computers and web sites.
Everyone – and I mean everyone – can fall victim to a hack! Hacking attempts are an issue that should be taken seriously. Why? Well, 43% of cyber hacks are aimed at small businesses. And 60% of companies who fall prey to a hack experience a complete crash in the following six months.
Keyloggers are programs that capture everything you type. Passwords, credit card numbers, the webpages, answers to security questions – all by logging your keyboard strokes. The program is installed on your computer, usually through some form of spyware, and records what you type.
So we talked about the security vendor, basically a password vault, LastPass was breached. At that time, both LastPass and we said it was not that big of a deal because they didn't get much. Well, it turned out not entirely accurate.
A DDoS attack stands for “denial of service” attack, where the bad guys try to overwhelm a network or server with a ton of traffic. This will typically cause whatever they hit, like your website, online platform, or application, to crash.
What is a botnet? We talked recently about what a bot (short for robot) is (usually a computer that’s been compromised to do bad things quietly in the background). But what’s a botnet?
What is a bot? A bot is short for robot, but that part you probably knew. These days the term “bot” is used most often for cyber security.
Cloud9 is the name of a lot of things. Unfortunately, it is now the name of a new botnet. Oh, that’s a network of computers all running malware applications, usually without the knowledge or permission of the computer owner.
You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.
First it must be protected by end-to-end encryption. This means even if your data is intercepted, no one can read it. Next, make sure the manager works across all applications.
Authentication is a process to validate the identity of someone (or something). For this conversation we’re talking strictly in the cyber world.
Think about the bad guys behind cybercrime. Do you think of the evil genius writing evil stuff living in moms basement? Or the head of an organization with employees, products and marketing strategies making millions of dollars?
I want to show you something that we just received that is actually kind of funny. Spoiler alert it's bad guys trying to get us to give them money and we foiled it. We will show you how!
Does your organization have data backups or an incident response plan? If you already have an organization with a strong cybersecurity background, contact them immediately and follow their lead. If you’re on your own, here are some steps you can follow.
Should You Care About Uber Being Hacked? The quick answer is yes-ish. So far Uber has not come forward with any claims of any meaningful user data but the jury is still out to a certain degree. So what should you do?
The bottom line is you’re “big enough” to warrant attention. Everyone is. And your organization is “big enough” to warrant the same attention from the bad guys. All organizations are. It’s time for you to take security seriously!
The principle of least access is the idea that an employee only should have access to the bare minimum amount of technology systems they need to do their job. Applying the principle of least access will limit the amount of information that is compromised during an attack.
So, you've heard us (and lots of other folks) warn you over and over again...use a password manager to protect your...ummm...passwords. Like LastPass. You know, the cloud-based password manager that was hacked two weeks ago.
Here are a few types of phishing campaigns and how they work. And the best way to protect against phishing is to protect your information and your technology by using multifactor authentication, and train your employees.
NIST stands for National Institutes of Standards and Technology and they're the ones that define all these industry standard practices. They're the ones that define what exactly is a pound, but they also write cybersecurity frameworks and compliance frameworks.
What are “Local Admin Rights” for computers, and do I want my end users to have them? Every time you log onto your computer, you’re doing so with your “User Account”. That’s not just your user name and password. It’s all of the setting specific to your account.
Pen testing is short for penetration testing, which is where you hire the good guys to act like the bad guys and break into your network. A good pen tester will do some information gathering, which is referred to as reconnaissance, ahead of time.
Insurance companies are getting stricter in what their clients need to do on the security front before offering a cyber security policy.
The simple answer is that computers aren't perfect. The bad guys are using low-tech emails from using common email addresses from a legit email provider like Gmail or Yahoo.
What is the new exchange threat? Should I be worried about the new exchange threat? How can I protect myself against the new exchange threat?
In a nutshell Follina is where bad guys send a malicious document, usually as an email attachment. That document would open up a URL (a web address) and start executing code located on that web site to take control of the system that opened up the document.
So you’re wondering whether it’s time to replace your desktops and/or laptops. Or you’re buying new computers but want to save as much money as you can. Why should the term “TPM” mean anything to you?
Cybersecurity is complicated. As we’ve discussed before, every opportunity to get data flowing between applications, devices, organizations, anything…is an equal opportunity for a bad actor to access that data.
Doesn't IT handle all cybersecurity? In a word no. This video is a great explanation as to why cybersecurity is more than just the IT department or MSPs responsibility.
IT has developed incredible ways to increase productivity for organizations where they bring value throughout the organization and for all their customers and stakeholders.
In today's digital landscape, securing sensitive information is more crucial than ever. You've likely heard the term "Multifactor Authentication" (MFA) multiple times, but what exactly does it mean, and why is it so important? In this video, we break down the different types of MFA—knowledge, possession, inherence, and location.
Play Video
In today's digital landscape, securing sensitive information is more crucial than ever. You've likely heard the term "Multifactor Authentication" (MFA) multiple times, but what exactly does it mean, and why is it so important? In this video, we break down the different types of MFA—knowledge, possession, inherence, and location.
Visit our Learning Center to view more videos!