Having HTTPS-enabled websites is crucial when entering passwords, credit card numbers, or other sensitive information. When accessing unencrypted HTTP-enabled sites, users can fall victim to eavesdropping. In 2020, multiple vendors have begun warning and protecting users who might not know that HTTP is unencrypted and unsafe to use. In July of 2020, Google began flagging all HTTP websites as insecure. In late 2020, Firefox, the 3rd most commonly used browser online today, introduced a brand new security feature called ‘HTTPS-Only Mode‘. Learn more about this Firefox development in this article.
Thanksgiving is here and with it comes the biggest holiday deals of the year on Black Friday and Cyber Monday. As with any other year, it’s a good time to find great deals but it’s equally important to be wary of “too good to be true” deals. Hackers exploit consumer excitement on these big shopping days each and every year! They steal personal information, sell us goods that never arrive, and take advantage of us if we let our guards down.
COVID-19 continues to force companies to deliver their services remotely. A growing threat perhaps unfamiliar to some readers is Vishing. Vishing is the hacking technique in which phone calls and voicemail messages pretending to be from reputable companies convince individuals to give out personal information such as banking or credit card numbers, or other non-public personal information. This is similar to phishing and smishing but uses phone systems and voicemail instead of email.
Did You Know: CyberHoot has NEW Phishing Campaigns?
CyberHoot recently released phishing campaigns for Netflix, DocuSign, and LinkedIn for administrators to use at their disposal. Check out these sample phishing emails and web pages from these domains:
The pyramids in Egypt and the Great Wall of China were built to last forever. Computer hardware and software? Not so much. IT departments typically replace their workstations, servers, and technology infrastructure when they begin to slow down, stop receiving vendor updates, and fall out of warranty. CyberHoot was asked recently why a client should upgrade their aging Windows 2003 server so we looked at it more scientifically and drafted this blog. Take a look at the many reasons behind this common recommendation to upgrade.
The shift to remote work has forced business owners to adapt, establishing technical measures to ensure remote productivity and security. Technical controls are vital to protecting company data, but all the technical solutions in the world aren’t enough to protect businesses if their employees aren’t fully trained in cybersecurity skills needed to protect themselves and one’s business today. This article reviews the many areas of awareness training required to create a strong, confident, productive, and effective Human Firewall in all your employees.
CyberHoot’s Co-Owner Craig Taylor was recently on ‘The Great Debate”, a 10-part webinar series debating the merits and pitfalls of some of the hottest topics in cybersecurity today. Hosted by Axonius CMO Nathan Burke, each webinar will feature two guests, pitted against one another to debate a specific cybersecurity topic. Both guests walked away with $500 to the charity of their choice. Craig donated to the Pan-Mass Challenge, an annual charity bike-a-thon.
Today's cybersecurity pros have too many things to do, too many tools to implement, and not enough time to do it all. This overload leaves us scrambling to figure out which initiatives are worth the time, energy, effort - and budget.
Cybrary Term of the Month
Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. SSO works based on relationships (two-factor authentication) set up between an application and an authenticator, like LastPass or Google Authenticator. This trust relationship is often based upon a certificate that is exchanged between the authenticator and the service provider. This certificate can be used to sign identity information that is being sent from the authenticator to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the user like a user’s email address or a username.
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.