Oct 11, 2022
Phishing attacks are on the rise and becoming increasingly complex! According to the 2022 X-Force Threat Intelligence Index, phishing is the most common way for cybercriminals to penetrate an organization. Once accessible, larger-scale attacks are launched, like ransomware, to paralyze the company by stealing data or inflicting financial loss. Today, phishing accounts for roughly 90% of data breaches and on average costs an organization $5 million!
While these statistics are troublesome, there are proactive measures business owners can take to protect their assets and reputation. The most popular preventative measure is instituting security awareness training – it’s a powerful defense asset with impressive ROI that maximizes your security spending while protecting your bottom line. Security awareness training programs are aimed at educating users (employees) to understand the role they play in helping to combat security breaches. Effective training programs should be ongoing and continuous while providing your users with best practices for good cyber hygiene, outlining the security risks associated with their actions, and ways to identify potential threat characteristics in email and on the web. Some training programs even incorporate simulated phishing campaigns to allow for testing and measuring employee vulnerability.
All in all, security awareness training enables your users to make smarter security decisions in their day-to-day roles, helping you manage the ongoing problem of social engineering and strengthening your human firewall.
There are hundreds of security awareness training programs available, but not all are created equal. When it comes to choosing the right training program for your organization, William Vaughan Company Technologies (WVCT) can help you determine which best suits your business needs. Contact us today to learn more and find out why should you devote a portion of your security budget to security awareness training.
Connect With Us.
Categories: IT & Risk Services
Aug 08, 2022
What Does This Mean?
Effective October 1, 2022, Microsoft will permanently disable Basic Authentication (Basic Auth) due to security concerns and outdated technology. The planned replacement is called none other than, Modern Authentication (Modern Auth). So, what does this mean for your organization?
Basic Authentication & Security Issues
Basic Auth simply means an application sends usernames and passwords over the Internet as encoded text. These credentials are also often stored or saved on the device.
While the credentials are encoded, meaning converted to characters or symbols, this form of authentication can expose usernames and passwords. Hackers may intercept the transmission, decoding and stealing the information. Since Microsoft announced its disablement of Basic Auth in September of last year there has been a notable spike in high-level attacks by cybercriminals. According to Microsoft, “As a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Every day [you have] Basic Auth enabled; you are at risk from attack.”
Furthermore, Basic Auth does not support multi-factor authentication (MFA) which is the best protection against cyber-attack and is now required under Presidential order 14028. To learn more about MFA, check out our previous blog here.
Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server. With Modern Auth comes additional security features like MFA, smart cards, etc. Modern authentication doesn’t let apps save account credentials and is better designed for Internet-scale and management.
If your organization has not begun the transition to Modern Authentication, it is mission-critical that you begin doing so now.
The US Cybersecurity and Infrastructure Security Agency (CISA) is strongly encouraging organizations to make the move immediately and to enable multifactor authentication.
WVC Technologies can assist you in this transition. Our partner, DMC Technology group and their certified team of technicians can walk you and your team through the process.
Connect With Us.
Senior Client Executive
Categories: Risk Services