Dark Web Breach Assessment 2.0 Launched

Known for its anonymity, the Dark Web is a dangerous portion of the internet only accessible by using a special browser. This “secret spot” of the internet is intentionally hidden from search engines and uses masked IP addresses, creating a home for many websites dealing in illegal activities.
The Psychology of Falling for a Phishing Email

Phishing is a cybercrime that has been around for many years, where targets are sent malicious emails claiming to be from a legitimate individual or organization to trick them into disclosing their sensitive information. Phishing emails remain a major threat today, however despite increased awareness of the cybercrime, cybercriminals continue to fool their targets into their traps, thus successfully carrying out these attacks. How do these attackers continuously find success in tricking their victims?
Phone-Based 2FA: Not so Secure After All

In a time where data breaches have become the norm, there is no such thing as exercising too much caution when it comes to protecting your online assets, including your login credentials and access to accounts. Two-factor authentication (2FA), a method of confirming a user’s identity via combining two factors is widely accepted and recommended by security experts as a necessity for optimum security online. 2FA is a great added security feature to protect your account because an unauthorized individual is unlikely to supply the factors required to successfully gain access.
Exactis Database Leaks 340 Million Records of Personal Data

There is a good chance you’ve never heard of the major marketing and data aggregation company Exactis, but that doesn’t mean they don’t know you. In fact, Exactis may know a great deal of your personal information, including your email address, your home address, your habits and hobbies, your children’s ages and genders if you have any, and more. Even more alarming, if Exactis does have that information, so too may a hacker who discovered it leaked publicly on the internet. Marketwatch explores the breach and what it means for nearly every American involved.
Ransomware wreaks havoc on towns across the U.S.

Ransomware should be a concern for everyone, from small businesses to large corporations, although the likelihood of suffering from an attack may be dependent on various factors. Cybercriminals often select targets they believe to have the most attractive data and will likely respond quickly to their ransom demands, as well as targets who may have poorly trained employees and overall weak security. Unfortunately, towns across the U.S. are learning the hard way that their municipal systems are just as vulnerable to an attack as any other entity.
Security Awareness Training – Time to Jump on the Bandwagon

Human-error; we talk about it all the time, but what exactly do we mean? Human-error occurs when an individual performs a task or does something with an unintended outcome. It’s easy to point the finger at employee’s as being an organization’s weakest link, but without appropriate security awareness training provided by the employer, how can employees truly know what to watch out for?
10 Predictions: Why You Need Cybersecurity Awareness Training Now
There are so many predictions for 2018 when it comes to cyber security. Gathering them all would make an endless list. So let’s focus on the ones that are more likely to happen.
NY DFS Enforcing Cybersecurity Requirements

If you are a New York Financial Services organization and have not complied with the New York Department of Financial Services (DFS) Cybersecurity Regulations (23 NYCRR 500) you probably received a notice over the weekend. The notices were sent from Maria Vullo from the DFS with the subject: Failure to File Certification of Compliance. The below is an image of the actual email:
Infographic: SMB Security Checklist
Small Business Cyber Security: The Ostrich Effect

The following blog first appeared on the Secure ERP blog. It is reprinted here with permission.
Some small business owners will realize I’m describing them after they read this blog, but then those same c-level guys won’t see it and even if they do, they won’t read it, because they don’t want to know. Actually, that’s not really fair.