Learning Center: Security

Our Security category covers all things cybersecurity. We answer questions like “What if You’re Hacked?”, “How Can I Tell If An Email Is A Scam?” and “What Should I Do When My Business Credentials Get Stolen?”. We also have videos on the importance of training your employees so your company doesn’t fall victim to hackers. Check out “What is Security Awareness Training?” to learn more about training.

Featured

What Are The Different Types of MFA?

In today's digital landscape, securing sensitive information is more crucial than ever. You've likely heard the term "Multifactor Authentication" (MFA) multiple times, but what exactly does it mean, and why is it so important? In this video, we break down the different types of MFA—knowledge, possession, inherence, and location.

In today's digital landscape, securing sensitive information is more crucial than ever. You've likely heard the term "Multifactor Authentication" (MFA) multiple times, but what exactly does it mean, and why is it so important? In this video, we break down the different types of MFA—knowledge, possession, inherence, and location.

Visit our Learning Center to view more videos!

What is Business Email Compromise (BEC)?

In this video, we explore Business Email Compromise (BEC), a modern-day digital con game posing a significant risk to organizations of all sizes. Learn how cybercriminals gain access to corporate email accounts and use them to conduct unauthorized transactions or extract sensitive information.

In this video, we explore Business Email Compromise (BEC), a modern-day digital con game posing a significant risk to organizations of all sizes. Learn how cybercriminals gain access to corporate email accounts and use them to conduct unauthorized transactions or extract sensitive information.

Visit our Learning Center to view more videos!

Microsoft Outage Linked to CrowdStrike Update: Global Impact Explained

Discover the details behind the recent Microsoft outage linked to a CrowdStrike update. Bob Coppedge, CEO of Simplex-IT, breaks down the global impact, affecting airlines, businesses, and emergency services. Learn what this outage means for your organization and the steps you need to take to stay protected.

Discover the details behind the recent Microsoft outage linked to a CrowdStrike update. Bob Coppedge, CEO of Simplex-IT, breaks down the global impact, affecting airlines, businesses, and emergency services. Learn what this outage means for your organization and the steps you need to take to stay protected.

Visit our Learning Center to view more videos!

What is a Secure Email Gateway?

A Secure Email Gateway is a specialized software solution designed to monitor, filter, and protect email traffic entering and leaving an organization's ecosystem. It serves as a virtual checkpoint, sorting through every email to identify and neutralize potential threats before they reach their intended recipients.

A Secure Email Gateway is a specialized software solution designed to monitor, filter, and protect email traffic entering and leaving an organization's ecosystem. It serves as a virtual checkpoint, sorting through every email to identify and neutralize potential threats before they reach their intended recipients.

Visit our Learning Center to view more videos!

What Is Microsoft Security Copilot?

Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products. Microsoft Security Copilot helps security teams respond to cyber threats, process signals, and assess risk exposure.

Microsoft Security Copilot is a generative AI-powered security solution. It provides tailored insights that empower your team to defend your network. It also works with other Microsoft security products. Microsoft Security Copilot helps security teams respond to cyber threats, process signals, and assess risk exposure.

Visit our Learning Center to view more videos!

What is the Difference Between WPA, WPA2, and WPA3?

In the ever-evolving world of technology, securing our wireless networks is crucial to protecting our data and privacy. If you've ever wondered about those cryptic acronyms like WPA, WPA2, and WPA3, this video is here to help you understand the basics of wireless security.

In the ever-evolving world of technology, securing our wireless networks is crucial to protecting our data and privacy. If you've ever wondered about those cryptic acronyms like WPA, WPA2, and WPA3, this video is here to help you understand the basics of wireless security.

Visit our Learning Center to view more videos!

Are QR Codes Safe? Tips for Using Them Securely

QR codes are everywhere nowadays, right? You see them on menus, posters, flyers—pretty much everywhere. They're super handy too! Just whip out your phone, snap a pic, and bam! You're directed to a link, a discount, or even a video. But hold up, there's a sneaky side to these little squares.

QR codes are everywhere nowadays, right? You see them on menus, posters, flyers—pretty much everywhere. They're super handy too! Just whip out your phone, snap a pic, and bam! You're directed to a link, a discount, or even a video. But hold up, there's a sneaky side to these little squares.

Visit our Learning Center to view more videos!

What is Firmware?

Ever received a "Firmware update available" notification and wondered what you're actually updating? In this video, we break down the concept of firmware, the unsung hero embedded in our devices. Firmware is a specialized type of software embedded in hardware devices, dictating how they function.

Ever received a "Firmware update available" notification and wondered what you're actually updating? In this video, we break down the concept of firmware, the unsung hero embedded in our devices. Firmware is a specialized type of software embedded in hardware devices, dictating how they function.

Visit our Learning Center to view more videos!

What is Network Monitoring?

Network monitoring is the process of observing and analyzing the traffic and behavior of computer networks to ensure they are performing optimally and securely. They make sure everything is in order and there are no suspicious activities or potential threats.

Network monitoring is the process of observing and analyzing the traffic and behavior of computer networks to ensure they are performing optimally and securely. They make sure everything is in order and there are no suspicious activities or potential threats.

Pleae visit our Learning Center to view more videos!

What is DomainKeys Identified Mail (DKIM)?

DKIM, DomainKeys Identified Mail, is used to authenticate an email. It uses a digital signature to let the email recipient know the message and content of the email was authorized by the domain owner. How does DKIM work? Actually it's fairly complicated in terms of generating public and private keys in order to verify the content of your email.

DKIM, DomainKeys Identified Mail, is used to authenticate an email. It uses a digital signature to let the email recipient know the message and content of the email was authorized by the domain owner. How does DKIM work? Actually it's fairly complicated in terms of generating public and private keys in order to verify the content of your email.

Visit our Learning Center to view more videos!

What is Sender Policy Framework or SPF?

Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing and spam. It restricts who can use an organization's domain as the sender of the email. In most phishing attacks, threat actors usually spoof the sender's email address to look official. SPF prevents that from being received.

Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing and spam. It restricts who can use an organization's domain as the sender of the email. In most phishing attacks, threat actors usually spoof the sender's email address to look official. SPF prevents that from being received.

Visit our Learning Center to view more videos!

DMARC, Domain-based Message Authentication, Reporting & Conformance, is an email security protocol that verifies email senders by building on the DNS services and the SPF, and DKIM protocols. It was created to block the threat of email spoofing, domain spoofing, email phishing, business email compromise, and other email-based attacks.

DMARC, Domain-based Message Authentication, Reporting & Conformance, is an email security protocol that verifies email senders by building on the DNS services and the SPF, and DKIM protocols. It was created to block the threat of email spoofing, domain spoofing, email phishing, business email compromise, and other email-based attacks.

Visit our Learning Center to view more videos!

What is DMARC the Simplified Version?

Domain-based Message Authentication, Reporting & Conformance. It’s actually a 4 letter acronym that really takes advantage of a 3 letter and a 4 letter acronym, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). So together we have an 11 letter acronym. And if you want emails from your company to be safely delivered, better pay attention.

Domain-based Message Authentication, Reporting & Conformance. It’s actually a 4 letter acronym that really takes advantage of a 3 letter and a 4 letter acronym, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). So together we have an 11 letter acronym. And if you want emails from your company to be safely delivered, better pay attention.

Visit our Learning Center to view more videos!

What is an Insider Threat?

An insider threat refers to the risk or potential harm posed to an organization's data, systems, or security by individuals who have authorized access to the organization's resources. These individuals could be current/ former employees, contractors, or business partners…

An insider threat refers to the risk or potential harm posed to an organization's data, systems, or security by individuals who have authorized access to the organization's resources. These individuals could be current/ former employees, contractors, or business partners who possess knowledge, privileges, and/or access rights within the organization's systems and networks.

Visit our Learning Center to view more videos.

Featured

CMMC Proposed Rules

CMMC Proposed Rule Published with Bob Coppedge, CEO @simplex-it and Tim Golden CEO @compliancescorecard . What's Impacted? What to do? Need to Know More?

CMMC Proposed Rule Published with Bob Coppedge, CEO @simplex-it and Tim Golden CEO @compliancescorecard . What's Impacted? What to do? Need to Know More?

Visit our Learning Center to view more videos!

What do the Abbreviations EDR, MDR, MTR, and XDR Mean?

When talking about cybersecurity solutions, there’s a ton of different acronyms and abbreviations. You’ve probably heard about EDR, MDR, MTR, and XDR. But what do all of these mean? Let’s dive in.

When talking about cybersecurity solutions, there’s a ton of different acronyms and abbreviations. You’ve probably heard about EDR, MDR, MTR, and XDR. But what do all of these mean? Let’s dive in.

Visit our Learning Center to view more videos!

What's the Difference Between an MSP and an MSSP?

Managed service providers (MSPs) and managed security services providers (MSSPs) are two terms that are often used interchangeably in the IT industry, but they are not the same thing. While there may be some overlap in the services they provide, there are significant differences between the two.

Managed service providers (MSPs) and managed security services providers (MSSPs) are two terms that are often used interchangeably in the IT industry, but they are not the same thing. While there may be some overlap in the services they provide, there are significant differences between the two.

Visit our Learning Center to view more videos!

What is a Tabletop Exercise?

A tabletop exercise is an opportunity for your organization to practice what happens in the event of an incident. The most common tabletop exercises are incident response and disaster recovery. This is where people within your organization can work in a simulated environment to resolve a problem using the process and procedures that you should have in place.

A tabletop exercise is an opportunity for your organization to practice what happens in the event of an incident. The most common tabletop exercises are incident response and disaster recovery. This is where people within your organization can work in a simulated environment to resolve a problem using the process and procedures that you should have in place.

Visit our Learning Center to view more videos!

What is a Chief Information Security Officer (CISO)?

In today's digital age, data security has become a top priority for organizations across industries. With the increasing frequency and sophistication of cyber attacks, it's critical for businesses to have a dedicated professional responsible for their overall information security. This is where the Chief Information Security Officer (CISO) comes in.

In today's digital age, data security has become a top priority for organizations across industries. With the increasing frequency and sophistication of cyber attacks, it's critical for businesses to have a dedicated professional responsible for their overall information security. This is where the Chief Information Security Officer (CISO) comes in.

Visit our Learning Center to view more videos!

What Is a Business Impact Analysis?

Business impact analysis (BIA) is an essential component of a company's risk management process. It involves assessing and analyzing potential risks that could disrupt the organization's operations and result in financial or reputational losses.

Business impact analysis (BIA) is an essential component of a company's risk management process. It involves assessing and analyzing potential risks that could disrupt the organization's operations and result in financial or reputational losses.

Visit our Learning Center to view more videos!

What Is Windows End of Life?

Windows end of life is a critical aspect that every individual and organization should be aware of to ensure the safety and security of their systems and sensitive data. In simple terms, Windows end of life refers to the point when Microsoft stops supporting a version of Windows.

Windows end of life is a critical aspect that every individual and organization should be aware of to ensure the safety and security of their systems and sensitive data. In simple terms, Windows end of life refers to the point when Microsoft stops supporting a version of Windows.

Visit our Learning Center for more videos!

Why Do I Need to Update my Technology?

We’ve all been there, going about our day and then we receive the notification ‘An update is available for your software, install now?’ This can be annoying, but it’s actually a critical item to maintain the security of your applications.

We’ve all been there, going about our day and then we receive the notification ‘An update is available for your software, install now?’ This can be annoying, but it’s actually a critical item to maintain the security of your applications.

Visit our Learning Center to view more videos.

What Are Good Password Habits?

In today’s connected world we often have dozens of online accounts – whether it be for banking, shopping, work, or entertainment. But it often seems like every time we turn around another service was compromised or there’s an attempt to hack into accounts. So what can you do to keep your accounts safe and secure?

In today’s connected world we often have dozens of online accounts – whether it be for banking, shopping, work, or entertainment. But it often seems like every time we turn around another service was compromised or there’s an attempt to hack into accounts. So what can you do to keep your accounts safe and secure?

Visit our Learning Center to view more videos.

What Is Endpoint Detection and Response?

At its core, EDR is an evolution of antivirus software. Whereas traditional antivirus tools rely on signature-based scanning to detect known malicious files, EDR takes a more comprehensive approach.

Endpoint Detection and Response (EDR) has become an increasingly important tool in the cybersecurity industry, especially for businesses and organizations that require enhanced security measures. In this blog, we'll delve into what EDR is, how it differs from traditional antivirus software, and why it's so essential in today's threat landscape.

At its core, EDR is an evolution of antivirus software. Whereas traditional antivirus tools rely on signature-based scanning to detect known malicious files, EDR takes a more comprehensive approach. It collects detailed data on every aspect of how files and processes are working on a device, including their behaviors, sub-processes, and interactions with other systems. By centralizing this data in a single location, responders can get a big-picture view of what's happening on the device in question.

For instance, if a user downloads a malicious file that triggers a series of commands, A good example of this is an end user downloads a malicious file, an Excel spreadsheet with the macros enabled, and the person clicks the button to enable it. At this point, Excel is now executing a script which launches command prompt or PowerShell. PowerShell then begins to run a series of commands to do malicious things, such as maybe reaching out to an external server to download an actual malware payload, or it may just begin to adjust permissions and move from there. EDR can not only identify the file but also track the entire chain of events, including the subprocesses launched and the network connections made. This information can be used to both detect and respond to threats effectively.

EDR vendors can differ in terms of the level of data collection they provide. Some tools only offer limited data collection, while others, like the open-source EDR tool allow users to view code execution and specific commands as they happen in real-time.

In addition to EDR, some organizations may use Managed Detection and Response (MDR) services, to help filter through the data collected by EDR tools and determine whether events are malicious or legitimate. MDR services can also take action in response to identified threats, such as isolating infected machines and initiating cleanup procedures.

As the threat landscape continues to evolve, EDR and MDR are becoming increasingly essential for businesses and organizations of all sizes. By providing a comprehensive view of device activity and enabling quick and effective responses to potential threats, these tools can help protect sensitive data and prevent cyberattacks from causing significant damage.

Please contact us if you have any questions about EDR.

Visit our Learning Center to view more videos!

Can I Eliminate Risk?

Not really. There's always going to be some inherent risk in everything we do. But there are different responses that you can take to reduce that risk. For instance, you can mitigate the risk by putting appropriate controls and safeguards in place to decrease the impact of that risk.

Not really. There's always going to be some inherent risk in everything we do. But there are different responses that you can take to reduce that risk. For instance, you can mitigate the risk by putting appropriate controls and safeguards in place to decrease the impact of that risk.

Visit our Learning Center to view more videos.

What Is Security Awareness Training?

Security awareness training is a critical component of any organization's security strategy. It involves training employees on common security risks and how to recognize and avoid them. This includes identifying phishing emails, scam calls, and text messages, as well as learning how to follow electronic funds transfer and more.

Security awareness training is a critical component of any organization's security strategy. It involves training employees on common security risks and how to recognize and avoid them. This includes identifying phishing emails, scam calls, and text messages, as well as learning how to follow electronic funds transfer and more.

Visit our Learning Center to view more videos!

What is Cyber Insurance?

In today's digital age, businesses and individuals face a growing threat of cyber-attacks, data breaches, and other types of cyber incidents. These incidents can cause significant financial and reputational harm to those affected. Cyber insurance is a type of insurance designed to protect against these risks.

In today's digital age, businesses and individuals face a growing threat of cyber-attacks, data breaches, and other types of cyber incidents. These incidents can cause significant financial and reputational harm to those affected. Cyber insurance is a type of insurance designed to protect against these risks.

Visit our Learning Center to view more videos!

Will Simplex-IT Make My Organization CMMC Compliant?

CMMC stands for Cybersecurity Maturity Model Certification. CMMC is a program that the Department of Defense is implementing to ensure the confidentiality of sensitive information.

CMMC stands for Cybersecurity Maturity Model Certification. CMMC is a program that the Department of Defense is implementing to ensure the confidentiality of sensitive information. It's an overall organizational process that involves administrative controls, HR processes, budgeting, and various elements of business planning and management.

Visit our Learning Center to view more videos!

What If We're Hacked?

Ok, first of all, got a cyber response plan? Use it. If you don't? Then if you have cyber insurance, contact your insurance people. If you're not sure, contact your IT support folks. But don't start "fixing the problem. You actually could make it worse.

Ok, first of all, got a cyber response plan? Use it. If you don't? Then if you have cyber insurance, contact your insurance people. If you're not sure, contact your IT support folks. But don't start "fixing the problem. You actually could make it worse.

Visit our Learning Center to view more videos!

How Frequently Should I Back Up My Data?

Backing up data is a critical process for any business to ensure the continuity of its operations in the event of a disaster. The frequency of backups, however, depends on several factors that are unique to each organization.

Backing up data is a critical process for any business to ensure the continuity of its operations in the event of a disaster. The frequency of backups, however, depends on several factors that are unique to each organization. One of the most critical factors is the recovery point objective (RPO), which sets the benchmark for the maximum amount of data that could be lost in case of a disaster.

Visit our Learning Center to view more videos!

MSI Firmware Risk

Last month, the hardware company MSI was compromised by a malicious entity. These bad guys were able to steal source code, development code, and private keys. The big concern comes from the theft of those private keys. What do private keys do?

Last month, the hardware company MSI was compromised by a malicious entity. These bad guys were able to steal source code, development code, and private keys. The big concern comes from the theft of those private keys. What do private keys do?

Visit our Learning Center to view more videos!

How Can I Tell If An Email Is A Scam?

So, you just got an email. We get so many every day, but how can we be sure they’re legitimate? Let’s talk about how to identify a malicious email. The first thing that you need to know is that malicious actors often rely on urgency. No matter what the situation is take your time…

So, you just got an email. We get so many every day, but how can we be sure they’re legitimate? Let’s talk about how to identify a malicious email. The first thing that you need to know is that malicious actors often rely on urgency. No matter what the situation is – and even if the email is real – take your time,

Visit our Learning Center to view more videos!

Should All Businesses Adopt MFA?

If you log into any of your devices and apps with just a username and a password, then you’re using one piece of ID – or one ‘authentication factor’. And that’s just not enough. We recommend using MFA.

If you log into any of your devices and apps with just a username and a password, then you’re using one piece of ID – or one ‘authentication factor’. And that’s just not enough. We recommend using MFA. That’s Multi-Factor Authentication. And it adds extra layers of security to your business.

Visit our Learning Center to view more videos!

Does My Old Exchange Still Work?

Does your organization have an unsupported version of Exchange (2013 or older), or you’re not keeping up with patching? If so, you might be looking at some problems delivering emails to MS 365 in the near future.

Does your organization have an unsupported version of Exchange (2013 or older), or you’re not keeping up with patching? If so, you might be looking at some problems delivering emails to MS 365 in the near future.

Visit our Learning Center to view more videos!

How Does Malware Get Into My Company?

There are a couple of different ways. The most common is via the web. It can be from a malicious ad that you click on, a redirect that takes you to somewhere you didn’t expect to be, or even just from clicking on the wrong link in your search results.

There are a couple of different ways. The most common is via the web. It can be from a malicious ad that you click on, a redirect that takes you to somewhere you didn’t expect to be, or even just from clicking on the wrong link in your search results.

Visit our Learning Center to view more videos.

How Do Hackers Use AI?

Hackers are using AI the same way businesses are starting to use AI. They're looking at those repeatable tasks that that are being done and seeing if there's more effective ways to do it. But we're also seeing it lowering that barrier to entry.

Hackers are using AI the same way businesses are starting to use AI. They're looking at those repeatable tasks that that are being done and seeing if there's more effective ways to do it. But we're also seeing it lowering that barrier to entry. One thing that security researchers have noted with ChatGPT is asking it "can you write malware for me", or "can you write up a malicious program to do something for me like this?"

Visit our Learning Center to view more videos!

Should I let my web company host my DNS?

Ok, you’ve hired a company to create and maintain your web site. Everything is going great. They’re creating a web site that represents your organization properly, there’s all sorts of graphics some videos, you’re getting close to public release! And suddenly…they reach out to you with a request.

Ok, you’ve hired a company to create and maintain your web site. Everything is going great. They’re creating a web site that represents your organization properly, there’s all sorts of graphics some videos, you’re getting close to public release! And suddenly…they reach out to you with a request. They want to host and control the DNS for your organization. Good idea? NO!

Visit our Learning Center to view more videos!

Should I be worried about the 3CX compromise?

Ok, you may have heard something about the 3CX hack. Lets talk about this. First of all, this video was recorded less than 24 hours after the public disclosure of the compromise. So we might be out of date already. And a shout out to our Voip partner BVoip for keeping us up to date on things.

Ok, you may have heard something about the 3CX hack. Lets talk about this. First of all, this video was recorded less than 24 hours after the public disclosure of the compromise. So we might be out of date already. And a shout out to our Voip partner BVoip for keeping us up to date on things. And this is going to be a very general 30,000 foot view of the situation.

Visit our Learning Center for more videos!

What Are 7 Ways to Increase Productivity Through IT?

Here is the list of 7 Ways to Increase Productivity Through IT. What you do with it is up to you. Need help? Email us at BobC@Simplex-IT.com to schedule a call. And feel free to share this with your internal IT department.

Here is the list of 7 Ways to Increase Productivity Through IT. What you do with it is up to you. Need help? Email us at BobC@Simplex-IT.com to schedule a call. And feel free to share this with your internal IT department.

Visit our Learning Center to view more videos!

Should I Encrypt My Laptop?

Laptop encryption is an important security measure for businesses that want to ensure their data is safe and secure. It prevents unauthorized access to files in the event that a laptop is lost or stolen. It also allows business owners to easily recover any lost data.

Laptop encryption is an important security measure for businesses that want to ensure their data is safe and secure. It prevents unauthorized access to files in the event that a laptop is lost or stolen. It also allows business owners to easily recover any lost data. Additionally, laptop encryption helps to protect confidential information from cybercriminals.

Visit our Learning Center to view more videos!

Has Your Data Been Exposed in A Recent Data Breach?

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life and can have costly consequences for individuals. Hackers can steal things like identities and compromise bank accounts, to name a couple.

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life and can have costly consequences for individuals. Hackers can steal things like identities and compromise bank accounts, to name a couple.

Visit our Learning Center to view more videos!

Is my Microsoft 365 data backed up?

Microsoft states that their “backup” goal is the availability of data. So it ensures that your 365 data is stored in at least two data centers located in geographically different places. Now if something happens to the servers in one data center (or the entire center or geographic region), there’s another copy.

Microsoft states that their “backup” goal is the availability of data. So it ensures that your 365 data is stored in at least two data centers located in geographically different places.

Now if something happens to the servers in one data center (or the entire center or geographic region), there’s another copy.

But is that a true backup? Nope.

Visit our Learning Center to view more videos!

What is Conditional Access?

Conditional access is also known as contextual access. It is a method of controlling user access. You can think of it as several “if/then” statements, meaning “if” this thing is present, “then” do this. Conditional access allows you to add many conditions to the process of user access to a system. It is typically used with MFA.

Conditional access is also known as contextual access. It is a method of controlling user access. You can think of it as several “if/then” statements, meaning “if” this thing is present, “then” do this. Conditional access allows you to add many conditions to the process of user access to a system. It is typically used with MFA.

Visit our Learning Center for more videos!

What is a Simulated Phishing Attack?

Let’s start by saying that phishing is a way of contacting someone by posing to be someone else, usually in the form of an email, text message or even phone call. But what is "simulated" phishing? Organizations use simulated phishing attempts to identify employees that may require additional training.

Let’s start by saying that phishing is a way of contacting someone by posing to be someone else, usually in the form of an email, text message or even phone call.

But what is "simulated" phishing? Organizations use simulated phishing attempts to identify employees that may require additional training. Unlike your average phishing attacks, simulated phishing attempts are perfectly safe. They are designed to look like real phishing emails or even text messages. Nothing terrible happens if a user ‘falls’ for it.

Visit our Learning Center for more videos!

Featured

Should I Get Rid of or Update Flash?

Adobe Flash was an add-on to most web browsers back in the day. It really enabled web sites to do a lot. It especially makes it easier for bad guys to do bad things. In fact, both Microsoft and Adobe (and honestly everybody else in the industry strongly recommended removing Flash from all computers and web sites.

Adobe Flash was an add-on to most web browsers back in the day. It really enabled web sites to do a lot. It especially makes it easier for bad guys to do bad things. In fact, both Microsoft and Adobe (and honestly everybody else in the industry strongly recommended removing Flash from all computers and web sites.

And yet...there are still millions of users, especially in the web-based game world, still using Flash.

Visit our Learning Center for more videos!

Can Anyone Fall Victim to a Hack?

Everyone – and I mean everyone – can fall victim to a hack! Hacking attempts are an issue that should be taken seriously. Why? Well, 43% of cyber hacks are aimed at small businesses. And 60% of companies who fall prey to a hack experience a complete crash in the following six months.

Everyone – and I mean everyone – can fall victim to a hack! Hacking attempts are an issue that should be taken seriously. Why? Well, 43% of cyber hacks are aimed at small businesses. And 60% of companies who fall prey to a hack experience a complete crash in the following six months.

And that’s just for starters.

Now, there are a lot of things you can do to avoid becoming a victim of hackers. But it all starts with understanding what those cyber attackers are after.

Visit our Learning Center for more videos!

What is a Keylogger?

Keyloggers are programs that capture everything you type. Passwords, credit card numbers, the webpages, answers to security questions – all by logging your keyboard strokes. The program is installed on your computer, usually through some form of spyware, and records what you type.

Keyloggers are programs that capture everything you type. Passwords, credit card numbers, the webpages, answers to security questions – all by logging your keyboard strokes. The program is installed on your computer, usually through some form of spyware, and records what you type. All of this is then sent to the the bad guys use it to in a number of their bad guys ways.

Visit our Learning Center for more videos!

LastPass Hack.... Worse Than We Thought?

So we talked about the security vendor, basically a password vault, LastPass was breached. At that time, both LastPass and we said it was not that big of a deal because they didn't get much. Well, it turned out not entirely accurate.

So we talked about the security vendor, basically a password vault, LastPass was breached. At that time, both LastPass and we said it was not that big of a deal because they didn't get much. Well, it turned out not entirely accurate.

LastPass recently has said the bad guys did get more, and they pulled out data vaults. Data vaults are basically the containers with all the credentials and information that LastPass clients were holding, but they didn't have the credentials. So it was all heavily encrypted. So no problem, right? Well, no, not really, because they can try to attack it.

Visit our Learning Center for more videos!

What is Distributed Denial of Service (DDoS)?

A DDoS attack stands for “denial of service” attack, where the bad guys try to overwhelm a network or server with a ton of traffic. This will typically cause whatever they hit, like your website, online platform, or application, to crash.

A DDoS attack stands for “denial of service” attack, where the bad guys try to overwhelm a network or server with a ton of traffic. This will typically cause whatever they hit, like your website, online platform, or application, to crash.

The server can’t handle the traffic, resulting in total system shutdown, corrupted data, and exhausted or misdirected resources. It becomes unavailable, thereby restricting legitimate users’ access.

Visit our Learning Center to view more videos!

What is a Botnet?

What is a botnet? We talked recently about what a bot (short for robot) is (usually a computer that’s been compromised to do bad things quietly in the background). But what’s a botnet?

What is a botnet? We talked recently about what a bot (short for robot) is (usually a computer that’s been compromised to do bad things quietly in the background). But what’s a botnet? They’re both related. A botnet is…wait for it…a network of bots. Yup, it’s a collection of computers that could be on entirely different networks (heck, different continents), all running the bots, the same forms of malware.

Visit our Learning Center to view more videos!

What is a bot? A bot is short for robot, but that part you probably knew. These days the term “bot” is used most often for cyber security.

What is a bot? A bot is short for robot, but that part you probably knew. These days the term “bot” is used most often for cyber security. In cyber security, a bot refers to a computer that’s been compromised to push out spam or DDOS attacks or one with specific instructions to do something equally evil, such as stealing passwords or exploiting other vulnerabilities.

Visit our Learning Center to view more videos!

What is Cloud9?

Cloud9 is the name of a lot of things. Unfortunately, it is now the name of a new botnet. Oh, that’s a network of computers all running malware applications, usually without the knowledge or permission of the computer owner.

Cloud9 is the name of a lot of things. Unfortunately, it is now the name of a new botnet. Oh, that’s a network of computers all running malware applications, usually without the knowledge or permission of the computer owner.

Visit our Learning Center to view more videos!

What Should I Do When My Business Credentials Are Stolen?

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web. The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.

Visit our Learning Center to view more videos!

How to Choose the Right Password Manager?

First it must be protected by end-to-end encryption. This means even if your data is intercepted, no one can read it. Next, make sure the manager works across all applications.

How to Choose the Right Password Manager? First it must be protected by end-to-end encryption. This means even if your data is intercepted, no one can read it. Next, make sure the manager works across all applications and browsers on all devices. And finally, make sure you retain central control over your business's password manager.

Visit our Learning Center to view more videos!

What is Authentication?

Authentication is a process to validate the identity of someone (or something). For this conversation we’re talking strictly in the cyber world.

Authentication is a process to validate the identity of someone (or something). For this conversation we’re talking strictly in the cyber world. So let’s say you’re using a computer and want to connect with and use a resource that’s…somewhere else. And it’s operated by a completely different organization. How do they verify that you’re…you?

Visit our Learning Center to view more videos!

Are Cyber Criminals Entrepreneurs?

Think about the bad guys behind cybercrime. Do you think of the evil genius writing evil stuff living in moms basement? Or the head of an organization with employees, products and marketing strategies making millions of dollars?

Think about the bad guys behind cybercrime. Do you think of the evil genius writing evil stuff living in moms basement? Or the head of an organization with employees, products and marketing strategies making millions of dollars?

Visit our Learning Center to view more videos!

How Can I Tell If an Email Is a Scam?

I want to show you something that we just received that is actually kind of funny. Spoiler alert it's bad guys trying to get us to give them money and we foiled it. We will show you how!

So how can you tell when an email from a business could be fake? So, I want to show you something that we just received that is actually kind of funny. Spoiler alert it's bad guys trying to get us to give them money and we foiled it. We will show you how!

Visit our Learning Center to view more videos!

What Should You Do If Your Organization Has Been Breached?

Does your organization have data backups or an incident response plan? If you already have an organization with a strong cybersecurity background, contact them immediately and follow their lead. If you’re on your own, here are some steps you can follow.

Does your organization have data backups or an incident response plan? If you already have an organization with a strong cybersecurity background, contact them immediately and follow their lead. If you’re on your own, here are some steps you can follow.

Visit our Learning Center to view more videos!

Should You Care About Uber Being Hacked?

Should You Care About Uber Being Hacked? The quick answer is yes-ish. So far Uber has not come forward with any claims of any meaningful user data but the jury is still out to a certain degree. So what should you do?

Should You Care About Uber Being Hacked? The quick answer is yes-ish. So far Uber has not come forward with any claims of any meaningful user data, credit card information, personal information, or trip history but the jury is still out to a certain degree. So what should you do?

Visit our Learning Center to view more videos!

Am I Too Small For Cybercriminals?

The bottom line is you’re “big enough” to warrant attention. Everyone is. And your organization is “big enough” to warrant the same attention from the bad guys. All organizations are. It’s time for you to take security seriously!

Am I too small for cybercriminals? Amazon knows everything about you, but you're too small for a cyber attack? The bottom line is you’re “big enough” to warrant attention. Everyone is. And your organization is “big enough” to warrant the same attention from the bad guys. All organizations are. It’s time for you to take security seriously!

Visit our Learning Center to view more videos!

Why shouldn't everyone have access to everything?

The principle of least access is the idea that an employee only should have access to the bare minimum amount of technology systems they need to do their job. Applying the principle of least access will limit the amount of information that is compromised during an attack.

The principle of least access is the idea that an employee only should have access to the bare minimum amount of technology systems they need to do their job. Applying the principle of least access will limit the amount of information that is compromised during an attack.

Visit our Learning Center to view more videos!

Should I Be Concerned About LastPass And Their Data Breach?

So, you've heard us (and lots of other folks) warn you over and over again...use a password manager to protect your...ummm...passwords. Like LastPass. You know, the cloud-based password manager that was hacked two weeks ago.

Should I be concerned about LastPass? So, you've heard us (and lots of other folks) warn you over and over again...use a password manager to protect your...ummm...passwords. Like LastPass. You know, the cloud-based password manager that was hacked two weeks ago.

Visit our Learning Center to view more videos!

Types of Phishing Attacks and How to Avoid Them

Here are a few types of phishing campaigns and how they work. And the best way to protect against phishing is to protect your information and your technology by using multifactor authentication, and train your employees.

Let's talk about some different types of phishing campaigns and how they work. Now hopefully you already understand that phishing, is essentially an attempt for bad guys to misrepresent themselves and trick you into giving away credentials or even worse. And the best way to protect against phishing is to protect your information and your technology by using multifactor authentication, and train your employees.

Visit our Learning Center to view more videos!

Who Are NIST and CISA and Why Do They Matter?

NIST stands for National Institutes of Standards and Technology and they're the ones that define all these industry standard practices. They're the ones that define what exactly is a pound, but they also write cybersecurity frameworks and compliance frameworks.

NIST stands for National Institutes of Standards and Technology and they're the ones that define all these industry standard practices. They're the ones that define what exactly is a pound, but they also write cybersecurity frameworks and compliance frameworks usually in the form of special publications with a string of numbers and letters attached to it. It’s important for people to be aware of them and especially if compliance obligations come into play, they may specifically say to reference a NIST standard.

CISA stands for the Cybersecurity and Infrastructure Security Agency; they are a division of the Department of Homeland defense and they're responsible for making sure cybersecurity infrastructure stays secure. They're managing those vulnerabilities especially for the federal government and saying what is important.

Visit our Learning Center to view more videos!

Should Users Have Admin Rights?

What are “Local Admin Rights” for computers, and do I want my end users to have them? Every time you log onto your computer, you’re doing so with your “User Account”. That’s not just your user name and password. It’s all of the setting specific to your account.

What are “Local Admin Rights” for computers, and do I want my end users to have them?

Every time you log onto your computer, you’re doing so with your “User Account”. That’s not just your user name and password. It’s all of the setting specific to your account. Some of it’s about how programs should behave. Some of it’s about security.

And one of the most important settings about your User Account? Whether you have…”Local Admin Rights”.

If your account has these rights, you can essentially do…anything…to your computer. Install and uninstall programs. Install other components. Change anything. Add other users. Oh, and delete other users as well. Change passwords. Patch and update pretty much any part of the system. Heck, nuke the entire system.

Visit our Learning Center to view more videos!

What is a Pen Test?

Pen testing is short for penetration testing, which is where you hire the good guys to act like the bad guys and break into your network. A good pen tester will do some information gathering, which is referred to as reconnaissance, ahead of time.

Pen testing is short for penetration testing, which is where you hire the good guys to act like the bad guys and break into your network. A good pen tester will do some information gathering, which is referred to as reconnaissance, ahead of time. Their goal is to figure out what their targets are in the network and how they're going to try to break in.

Visit our Learning Center to view more videos!

Can Your Cyber Insurance Claim Be Denied?

Insurance companies are getting stricter in what their clients need to do on the security front before offering a cyber security policy.

Do we have to tell the truth when it comes to Cyber Insurance?On July 5 in the U.S. District Court for the Central District of Illinois, Travelers said it would not have issued a cyber insurance policy earlier this year to an electronics manufacturing services company if the insurer (Travelers) knew the company was not using MFA as it said.

Visit our Learning Center to view more videos!

Why Do I Still Get Spam if I Have a Spam Folder?

The simple answer is that computers aren't perfect. The bad guys are using low-tech emails from using common email addresses from a legit email provider like Gmail or Yahoo.

Why Do I Still Get Spam if I Have a Spam Folder? The simple answer is that computers aren't perfect. The bad guys are using low-tech emails from using common email addresses from a legit email provider like Gmail or Yahoo.

Visit our Learning Center to view more videos!

New Exchange Threat, Should I be Worried?

What is the new exchange threat? Should I be worried about the new exchange threat? How can I protect myself against the new exchange threat?

What is the new exchange threat? Should I be worried about the new exchange threat? How can I protect myself against the new exchange threat?

Fear not, CyberMattLee and Bob Coppedge are here to save the day. Session Manager uses the same vulnerabilities that were discovered last year. Microsoft patched the Exchange server to protect against that vulnerability. So if your organization has kept up with patching your Exchange servers you're actually already protected from this threat.

Visit our Learning Center to view more videos!

What is Follina?

In a nutshell Follina is where bad guys send a malicious document, usually as an email attachment. That document would open up a URL (a web address) and start executing code located on that web site to take control of the system that opened up the document.

In a nutshell Follina is where bad guys send a malicious document, usually as an email attachment. That document would open up a URL (a web address) and start executing code located on that web site to take control of the system that opened up the document.

You can read more about it here: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Visit our Learning Center to view more videos!

What is TPM and Why Should I Care?

So you’re wondering whether it’s time to replace your desktops and/or laptops. Or you’re buying new computers but want to save as much money as you can. Why should the term “TPM” mean anything to you?

So you’re wondering whether it’s time to replace your desktops and/or laptops. Or you’re buying new computers but want to save as much money as you can. Why should the term “TPM” mean anything to you?

Visit our Learning Center to view more videos!

Can you Completely Outsource Cybersecurity?

Cybersecurity is complicated. As we’ve discussed before, every opportunity to get data flowing between applications, devices, organizations, anything…is an equal opportunity for a bad actor to access that data.

Cybersecurity is complicated. As we’ve discussed before, every opportunity to get data flowing between applications, devices, organizations, anything…is an equal opportunity for a bad actor to access that data. And by access, I mean steal, modify, encrypt, destroy. And they’re just as financially motivated as you or any other businessperson to come up with new ways to do this.

Visit our Learning Center to view more videos!

Doesn't IT Handle All Cybersecurity?

Doesn't IT handle all cybersecurity? In a word no. This video is a great explanation as to why cybersecurity is more than just the IT department or MSPs responsibility.

Doesn't IT handle all cybersecurity? In a word no. This video is a great explanation as to why cybersecurity is more than just the IT department or MSPs responsibility.

Visit our Learning Center for more videos!

Why is Cyber Security Always Changing?

IT has developed incredible ways to increase productivity for organizations where they bring value throughout the organization and for all their customers and stakeholders.

IT has developed incredible ways to increase productivity for organizations where they bring value throughout the organization and for all their customers and stakeholders. However as companies have evolved to increase their use of IT, organized crime has also evolved.

Visit our Learning Center for more videos!