United Training BlogNews and resources on the latest trends in IT training and professional developmenthttps://www.newhorizons.com/resources/blogInstructor Insight – Cybersecurity Q&Ahttps://www.newhorizons.com/resources/blog/postid/95/instructor-insight-cybersecurity-qaAnnouncement,CyberSecurity,Instructor Insight,trainingMon, 10 May 2021 09:24:00 GMT <p> To coincide with the launch of our new eBook <a href="/lp/trends-in-it-2021"> 2021: Trends and Insights for IT Pros</a> , we reached out to our subject matter experts with a few questions on the trending topics for 2021. </p> <p> George Pauwels is a veteran Technical Instructor with over 30 years of experience it the IT industry. He holds several vendor certifications in cybersecurity, and also specializes in Cisco technology. </p> <p><span style="font-weight: 600;">Many companies have seen the benefit of remote work and will be adopting a hybrid work-from-home model in the future. How can businesses prepare for this sweeping change?</span> </p> <p>George: One of the most prominent challenges organizations face is that security issues are addressed on an ad hoc basis without acquiring a complete understanding of what threatens the achievement of their business objectives. </p> <p>For organizations that have developed a formalized risk assessment function, the next step in addressing the risks associated with remote access would be to adopt a standardized industry framework similar to the National Institute of Standards and Technology Special Publication 800-46: Guide to Enterprise Telework, Remote Access, and Bring Your Own Device Security documentation. Documentation of this format will guide the best, industry-standard approaches to address the risks associated with remote access. </p> <p>Without a formalized risk assessment function, organizations will have no idea what threats exist to achieve their business objectives. Addressing this one, not well understood, the perceived threat will have the same result as patching a single hole in a sieve of security vulnerabilities. </p> <p> <span style="font-weight: 600;"> Anyone can be the target of a security breach. What are your recommendations for companies to properly inform their end-users of potential security risks and preventative best practices? </span> </p> <p> There are three activities every organization should engage in to ensure its employees are equipped with the knowledge necessary to address security threats. Those three activities include awareness campaigns, formalized corporate training, and industry-associated education. </p> <p> Awareness campaigns focus on providing constant subtle reminders of what threats exist for the organization and what the employee can do when recognizing those threats in the wild. Awareness campaigns usually follow formalized corporate training. </p> <p> Formalized corporate training is an activity where subject matter experts engage the organization's employees in instruction and discussion of the current corporate threat landscape. Training comes after industry-associated education. </p> <p> Industry-associated education involves a more role-specific evaluation and understanding of security concepts, and for some, the proper operation of security controls to provide adequate protection of company assets. </p> <p> One of the popular misconceptions is that information security is a "Set it and forget it" activity. It is important to remember that people need constant reminders and updates on the importance of protecting corporate information assets. </p> <p><span style="font-weight: 600;"> In our eBook, <a href="/lp/trends-in-it-2021"> 2021: Trends and Insight for IT Pros</a>, we refer to cybersecurity as a "team sport." What do you recommend as a winning IT security strategy for most organizations?</span> </p> <p> Corporate culture is one of the most common reasons an organization's security-related goals are successful and/or are not. If the team members do not have a winning attitude, it is doubtful that they will be successful. Shaping the corporate culture comes from the top. Upper management must create an inclusive environment that is conducive to success. If upper management does not display, encourage, and endorse a winning attitude, the team will flounder if they are distant, non-transparent, and inconsistent. To coin a well-worn quote that some attribute to Mahatma Gandhi, is it vital that they "Be the change they want to see in the world." </p> <p style="margin-top:16px; margin-bottom:16px"><a href="https://unitedtraining.com/lp/trends-in-it-2021"><img alt="" class="img-fluid" src="/Portals/2/blog-images/trend_banner.png" style="width: 800px; height: 200px;" /></a></p> <p><span style="font-weight: 600;"> What are some next steps for those individuals who are not in the IT department or focused on security? What level of security training do you think is necessary?</span> </p> <p> Certainly, for end-users the best choice <a href="/course-outline/courseid/200007702/coursename/cybersafe-extended-edition-2019"> CyberSAFE Extended Edition</a>. It really helps drive security awareness and provides best practices that they can immediately implement. It is also only a half-day in length which is convenient. </p> <p><span style="font-weight: 600;"> And how about for those more advanced that are currently in the IT field? </span></p> <p> Too many to name here since United Training offers a wide variety of security related courses but I can certainly highlight a few. Microsoft recently introduced a new set of courses focused on identity management. You can get those details on our <a href="/find-training/microsoft-security"> Microsoft Security page </a>. CompTIA maintains a cybersecurity certification pathway which is a great option for those a bit more advanced. For experienced cybersecurity professionals I would direct them to the <a href="/course-outline/courseid/200002333/coursename/certified-information-security-systems-professional-cissp"> Certified Information Security Systems Professional (CISSP)</a> course or several courses titles from EC-Council such as <a href="/course-outline/courseid/200002498/coursename/ec-council-certified-ethical-hacker-ceh-v11"> Certified Ethical Hacker (CEH)</a> or <a href="/course-outline/courseid/200002738/coursename/ec-council-computer-hacking-forensics-investigator-chfi-v9-0"> EC-Council Computer Hacking Forensics Investigator (CHFI)</a> . Should also mention <a href="/search/keyword/cisco%20security"> Cisco security</a> as well. So a lot of different options based on your experience option and vendor of choice. </p> <p> Thanks to George for his valuable insight. </p>95Enabling remote access to Appshttps://www.newhorizons.com/resources/blog/postid/53/enabling-remote-access-to-appsCloud,CyberSecurity,General,Microsoft,Modern Workplace,Security,training,Work From HomeWed, 09 Dec 2020 08:00:00 GMT<p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">2020 has pushed organizations to keep moving while protecting against new security threats that have emerged due to the rapid and universal move to remote work. ​Some organizations may be further along when it comes to securing remote work and may only need to fine-tune; others may need more assistance to ensure their remote work situation is secure. Every organization has a ​different starting point. We can help you quickly provide secure and scalable access to your apps, whether they are on-prem or cloud-based.</span></span></span></p> <p style="margin-bottom:11px"><strong><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">Empower remote workers to access the apps they need without compromising security by:</span></span></span></strong></p> <ol> <li style="margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"> Securing access to all your apps from anywhere. ​</span></span></span></li> <li style="margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"> Simplifying end-user app discovery. ​</span></span></span></li> <li style="margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"> Extending secure collaboration to your contractors and partners. ​</span></span></span></li> <li style="margin-bottom:11px; margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"> Enabling strong authentication.</span></span></span></li> </ol> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>The first step to enabling remote access to apps starts with identity</b></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">In our current reality of a highly dispersed remote workforce, now more than ever identity is your control plane to have greater visibility and control over who has access to what, when they should have it, and under what conditions.​ With Azure Active Directory, Microsoft’s cloud-based identity & access management solution, as that control plane you can start that access control by enabling single sign-on to all your apps connected to Azure AD for your users. ​Single sign-on ensures that users only need to log in once to gain access to all their critical productivity resources, and they won’t need to remember passwords to each application account.</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>Why should you manage your identities from the cloud? ​</b></span></span></span></p> <ul> <li style="margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">The cloud is more secure. With the ability to train models and algorithms, and ways to integrate solutions seamlessly, you cannot achieve the same security on-premises. ​​</span></span></span></li> <li style="margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">It is much better for your workforce – the common identity you’ve created across cloud and on-premises delivers a seamless experience​. ​</span></span></span></li> <li style="margin-bottom:11px; margin-left:8px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">It is a much better experience for you too – you can manage all user identifies and protect your apps from a single plane of glass​ with Azure AD as your universal platform.</span></span></span></li> </ul> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>With identity and authentication set, now you can securely access all apps from on-premises to cloud-hosted, and SaaS apps</b></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">With users authenticated through Azure AD and granted single sign-on to their resources, they can seamlessly access any application connected to the service. ​You can connect your software as a service (SaaS) applications, web-based on-premises applications, and line of business (LOB) apps to Azure AD. Most organizations use about 180 apps on average—and this number keeps growing. ​</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">To keep you and your workforce more productive, Azure AD has over 3,300 SaaS applications pre-integrated in the Azure AD App Gallery and you can configure any of them for single sign-on and app security with just a few clicks.</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>Provide a single location for people to discover and access the apps they need to get their work done</b></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">As the number of apps used by organizations keeps growing, it is becoming much harder for end-users to find them. ​It is even more challenging when employees are working remotely, and IT is over-stretched with the new requirements. My Apps make it easy to deploy new apps across the entire organization or dedicated employee groups by creating a consistent, user-friendly experience that lets your employees securely and conveniently launch all the apps they need with just one click.</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>Ensure your external partners still have access, remotely</b></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">Many organizations rely on external resources to execute key aspects of business operations. This could be vendors, partners, or contingent staff. Ensuring that your external partners still have access during this crisis is critical. ​Azure AD enables user-centric collaboration with any user, in or outside of your organization. ​You can easily connect all external users to collaborate in Microsoft Teams – from chats to co-authoring files and project management. ​You can also extend access for your external users to any app that may be required for the remote work scenarios when in-person meetings with suppliers, contractors, and other collaborators are impossible.</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif"><b>Multi-factor Authentication (MFA) ensures secure access to your apps</b></span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">To secure authentication, you must first look at passwords and provide stronger factors for your users to establish trust. Passwords are the weakest link in a security chain and a single point of failure without any additional verification. ​That’s why we believe strongly that if you only do one thing to help protect yourself, it should be to turn on multi-factor authentication (MFA) – which can prevent 99.9% of identity attacks. ​We support a broad range of authentication options to fit the needs of your business and your users.</span></span></span></p> <p style="margin-bottom:11px"><span style="font-size:11pt"><span style="line-height:107%"><span style="font-family:Calibri,sans-serif">United Training is committed to your success when it comes to the importance of securing remote work. For more information on how we can get you trained at any starting point, contact us today for a free consultation on your next steps.<span style="border:none windowtext 1.0pt; color:black; padding:0in"></span></span></span></span></p> 53Why Military Veterans Excel in Security Careershttps://www.newhorizons.com/resources/blog/postid/44/why-military-veterans-excel-in-security-careersCertifications,CompTIA,CyberSecurity,General,News ,Security,trainingThu, 29 Oct 2020 08:00:00 GMT<p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><i><span style="background:white"><span style="color:black">The mission is critical. The job pays well. There are plenty of openings needing qualified people to fill them. As a returning military veteran, does that all sound good to you?</span></span><span style="background:white"></span></i></span></span></p> <div style="border-bottom:double windowtext 2.25pt; padding:0in 0in 1.0pt 0in"> <p style="border:none; padding:0in; margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"></span></span></span></p> </div> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">Damages from cybercrime are estimated to top $6 Trillion by next year. </span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">Depending on whose report you read, there are anywhere from a half-million to 2 million open job requisitions for cybersecurity professionals in the U.S.</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">Entry salaries range from $50,000 to over $100,000 with rapid advancement to well over $200,000 with additional training.</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><a href="https://www.harford.edu/~/media/PDF/Academics/BCAT/CDC/Veterans_Guide.ashx" style="color:blue; text-decoration:underline"><span style="background:white">The Department of Homeland Securities’ Veterans Cybersecurity Training and Education guide</span></a><span style="background:white"><span style="color:black"> tells us:</span></span><span style="background:white"></span></span></span></p> <p style="margin-right:48px; margin-bottom:8px; margin-left:48px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><i><span style="background:white"><span style="color:black">“The demand for cybersecurity professionals is growing at 12 times the overall job market, making cybersecurity one of the most highly sought-after careers in the country. Cybersecurity professionals report an average salary of $116,000—that’s nearly three times the national average. In addition, this career offers you the opportunity to continue to support a mission that protects citizens, critical Information, and even national security. Many jobs in cybersecurity offer rewards that are similar to your military experience, such as the ability to thwart adversaries, make quick decisions in dynamic situations, and help defend your country.”</span></span><span style="background:white"></span></i></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">At the same time, employers are preferring those with military experience for many of these positions. CyberSecurityGuide.org tells us:</span></span><span style="background:white"></span></span></span></p> <p style="margin-right:48px; margin-bottom:8px; margin-left:48px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><i><span style="background:white"><span style="color:black">“Cybersecurity employers also see the same qualities in veterans that so many others do: discipline, dedication, and team orientation. Today’s military forces utilize some of the most technologically advanced digital systems in the world. And military computer systems and networks are probably the most heavily targeted high-value assets in the world for hackers. Given this, any active-duty service members involved directly with these systems, and particularly with defending these systems from attack, will be extremely well prepared for private sector work in cybersecurity.”</span></span><span style="background:white"></span></i></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">Some of the attributes that make members of the Armed Services and military veterans sought-after candidates for cybersecurity jobs include:</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Learning agility and problem solving</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Leadership capabilities and experience</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Experience working in high-pressure situations</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Experience working in roles where lives and safety are at stake</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Understands the importance of discipline and process</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Ability to obtain and maintain security clearance</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Mission-driven: accustomed to working with a shared sense of purpose</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • High personal drive; motivated by the pursuit of excellence</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">            • Loyalty, dedication, and teamwork</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">There are few organizations in the world, across the history of the world, that do a better job of instilling these qualities in a person than the U.S. Armed Forces. Literally, the only thing missing is cybersecurity training, and that’s very easy to obtain.</span></span><span style="background:white"></span></span></span></p> <p style="margin-bottom:8px"><span style="font-size:10pt"><span segoe="" style="font-family:" ui=""><span style="background:white"><span style="color:black">United Training Academy prides itself on being the best learning resource for those with military experience who are looking to apply everything they learned while serving a role where they can make a living and make a difference. To find out about funding available to you, and courses of study which will quickly prepare you, contact us today for a free consultation on your next steps.</span></span></span></span></p> 44Can You Spot a Phishing Attack?https://www.newhorizons.com/resources/blog/postid/38/can-you-spot-a-phishing-attackCyberSecurity,General,News ,SecurityThu, 22 Oct 2020 09:55:00 GMT<p>Depending upon whose surveys you consult you’ll find that 83% of cybersecurity attacks involve phishing and ransomware. The stats don’t stop there:</p> <p style="margin-left: 40px;">- Two-thirds of companies have experienced a phishing attack.</p> <p style="margin-left: 40px;">- 97% of users tested could not identify a sophisticated phishing email, but only 3% actually report one when they do detect it.</p> <p style="margin-left: 40px;">- 56% of decision-makers believe phishing attacks are their top security threat.</p> <p style="margin-left: 40px;">- A single phishing attack costs $1.6 million on average.</p> <p><strong>What is Social Engineering?</strong></p> <p>The lexicon of cybersecurity includes terms like Direct Denial of Service (DDoS), data injection, spoofing, masking, firewall, malware, encryption, and many others. All of these are involved in digital attacks.</p> <p>But, phishing is not a digital attack. This category of attack is called “social engineering” and it simply means finding ways to convince users to click on a link or open an attachment, or take some other action that allows the bad-actor to enter their network and make mayhem.</p> <p>The attack begins with the arrival of a phishing email in the user’s inbox. When opened it usually looks like it came from a familiar brand. Perhaps the user’s bank, or a retail company, or a known associate. The logos, typography, color palette and more all look genuine, but they’re not. A more careful look at the sender’s email address and you might catch Co1umbia or even C01umbia, instead of Columbia.com. Character substitutions, misspellings, and other tricks are used to render a domain name that looks authentic.</p> <p>The email usually offers a great reward if you click on a link and follow instructions or open an attachment and respond to it. Often there are no instructions or forms to fill out. Instead, clicking the link or opening the attachment trigger an invasion by the actual sender who either steals, encrypts, or otherwise corrupts your data. Soon another email arrives inviting you to get your data back by paying a ransom. Recently, the ransom requests have actually been lowered to increase the likelihood of getting the victim to pay.</p> <p><strong>Is That What Makes the User Such a Threat?</strong></p> <p>Exactly. The attacker is depending upon the user to be deceived. This really cannot be considered the “fault” of the end-user. They don’t purposely do anything wrong. The good news is anyone can learn to spot suspicious threats. All users must be trained and constantly reminded to carefully inspect incoming emails to detect possible phishing frauds. The attackers are constantly becoming more sophisticated, so this training must constantly be updated.</p> <p><strong>Learn to Spot Threats to Stop Attacks</strong></p> <p>There are preventative actions that can be taken to prevent the majority of attacks happening in the threat landscape today. Training in the identification of phishing messages has proven to be very effective in reducing the number of ransomware activities dramatically. More and more users are becoming very attuned to spotting suspicious emails almost immediately and taking proper action. Get your team the knowledge they need to spot and stop attacks. <a href="https://unitedtraining.com/course-outline/courseid/200007702/coursename/cybersafe-extended-edition-2019" target="_blank">Check out our half-day CyberSAFE class</a>!</p> <p> </p> <p><a href="http://unitedtraining.com/cybersecurity-awareness" target="_blank"><img alt="" class="img-fluid" src="/Portals/2/blog-images/cybersecuritybanner.jpg?ver=GWbzRP4Af_3nqWsLO4yeKA%3d%3d" /></a></p> 38Keeping Users & Data Safe When Everyone is Working From Homehttps://www.newhorizons.com/resources/blog/postid/37/keeping-users-data-safe-when-everyone-is-working-from-homeCyberSecurity,General,News ,SecurityThu, 15 Oct 2020 09:56:00 GMT<p>When everyone is in the office, at their desk, and working on their computers its hard enough to make sure corporate data, the network, and those users remain safe and protected. Having everyone work from home makes it much more difficult. IT support personnel must be prepared to perform activities they’ve never had to before. Your network’s attack surface has just grown to include every home involved, with consumer internet providers and their variable security provisions, and users on computers that haven’t been under your control. Here are some of the biggest issues to be concerned about.</p> <hr /> <p>If you know anyone who works as an IT manager or network manager let them know you appreciate them!. They are changing the way we work every day. </p> <p>With everyone going to work from home (WFH) everyone experienced some high emotions. Some were thrilled to be able to work from home and not have to commute! Others started anticipating what life would be like at home all day with the kids, the dogs, the doorbell, the spouse…</p> <p>For many IT professionals, their world turned upside down. All their users were accessing their network on unknown devices with varying security provisions and using residential internet services. Precious corporate data could easily be exposed. Their hardened network went soft. Literally, everything needed to be reconfigured to absorb the shock.</p> <p>Once all that was done came the question of how the data center was going to be supported when nobody can safely get to it. Those who had completed their migration to the cloud thanked their stars.</p> <p><strong>What Can You Do To Help Protect Your Company?</strong></p> <p>The answer to this question will vary widely depending upon how your corporate network is organized and operated. However, we can take a look at the issues that are likely involved.</p> <p><strong>Passwords</strong></p> <p>You’re the first endpoint on the path along your network.</p> <p>Don’t share your passwords with anyone! Now would be a good time to update them with newer, stronger ones. No more “123455”,”password” or your spouse’s or pet’s name. These actually constitute about 80% of passwords in use today. Don’t be one of those.</p> <p>If you’ve been asked to enable multi-factor authentication- do so. Every time you login you’ll receive a code on your mobile device that you will enter into the login dialog as instructed. This combines something you know, your password, with something you have, your mobile phone.</p> <p><strong>Download Responsibly</strong></p> <p>If you download corporate data there’s a chance you may redistribute it outside the company. This destroys the effectiveness of all those security investments. During the transition to WFH, you may have greater access to download data or store it on thumb drives and other USB storage devices. There are many ways your IT department can enable you to download important company data without compromising security.  Ask about it! Downloading software is risky and could contain hazardous viruses or malware. Before you take advantage of that free download, check in with your IT department to make sure it's safe. </p> <p><strong>Encryption Alway</strong><strong>s</strong></p> <p>The very best last line of defense is data encryption. Work with your IT department to make sure the data you access is always encrypted. Not just when it travels between you and the data center, but also when it's sitting at rest in storage preferably in the data center, but possibly local to you. Don’t share your decryption keys with anyone. When anyone appropriates your encrypted data they get garbled nonsense.</p> <p><strong>Remember That the Biggest Source of Vulnerability is… You!</strong></p> <p>Unfortunately, it's true. Nothing in the network is as dangerous as you. You’re human. You can be fooled. The most frequent form of attack today is phishing which leads to ransomware. You receive an email that looks totally genuine from a known source. You’re asked to click a link or open an attachment. When you do you’ve opened the door to invasion. Your data is literally stolen and held for ransom until you pay. It’s called social engineering and it’s the biggest danger in computing today.</p> <p>By knowing the risks and asking the right questions, you can set your IT team up for success.</p> <p><a href="http://unitedtraining.com/cybersecurity-awareness" target="_blank"><img alt="" src="/Portals/2/blog-images/cybersecuritybanner.jpg?ver=GWbzRP4Af_3nqWsLO4yeKA%3d%3d" style="width: 700px; height: 146px;" /></a></p> 37If You Connect It, Protect Ithttps://www.newhorizons.com/resources/blog/postid/40/if-you-connect-it-protect-itCyberSecurity,General,News ,Security,trainingFri, 09 Oct 2020 08:00:00 GMT<body> <!--title--> <!--content with links--> <!--instead of bold use <span style="font-weight: 600;">Content</span>--> <!--hyperlink <a href="#">Link Content </a>--> <!--paragraph 1--> <p> If you connect it, protect it. The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. Internet-connected devices have impacted our lives and empower all users to own their role in security by taking steps to reduce their risks.  </p> <!--paragraph 2--> <p> <span style="font-weight: 600;">Multiple Connections Increase Risk </span> </p> <!--paragraph 3--> <p> To truly be CyberSmart you must start thinking more deeply about risk, because that’s what all cybersecurity is meant to protect against. </p> <!--paragraph 4--> <p> It’s easy to immediately think about the web. Everything and everyone tells you about those dangers. People are lurking online trying to steal your identity, your personal information, your data, and more. There are plenty of products out there to help protect you, from firewalls to anti-malware to multi-factor authentication and more.  </p> <!--paragraph 5--> <p> But, these days your biggest risk travels with you wherever you go…  </p> <!--paragraph 6--> <p> It’s your mobile phone.   </p> <!--insert CTA--> <!--paragraph 7--> <p> For you as a consumer this is an open door to stealing information about you- banking passwords and account numbers, home address, phone, and more. For companies it's an entryway into their entire network that could negate all the measures they take to protect it.   </p> <!--paragraph 8--> <p> <span style="font-weight: 600;">Each Connection Opens a Door to Security Endpoints  </span> </p> <!--paragraph 9--> <p> Whether it's your mobile phone, your tablet, your laptop, even your desktop computer or game console- each device is connected at some point at the very end of a network. It’s a doorway. It needs to be locked. Double locked. When you consider any of your endpoints the first thing you need to ask yourself is “how well do I have this locked and protected?”  </p> <!--paragraph 9--> <p> <span style="font-weight: 600;">A Single Connection Starts a Chain    </span> </p> <p> A firewall is an excellent device for enforcing your security policy. But a firewall is just one brick in the wall of safety. The chain starts with the user. Here are a few things to keep in mind:  </p> <p> The operators immediately begin asking for feedback from the users, documenting their problems and requests thoroughly. At first stunned, the users find themselves encouraged by how concerned the IT department is in their satisfaction. </p> <p> The operators immediately convey the feedback back to the development team which wastes no time coding changes, fixes, and additions. Still, they’re not looking for perfection, just better working software. </p> <p> The developers once again handoff the changes in record time and the operators just as rapidly deploy the updated code. Guess what they do next!! </p> <p> <span style="font-weight: 600;">It’s Iterative!!! </span> </p> <p> Yes, they immediately solicit feedback from the users, documenting it carefully. </p> <p> Yes, they then convey the new feedback back to the developers. </p> <p> Yes, the developers immediately begin coding new changes and… </p> <p> Yes, the entire cycle repeats. </p> <p> <span style="font-weight: 600;">Improvement </span> </p> <p> The DevOps cycle iteratively repeats and repeats and each time it does the software gets better. Better as defined by those who use the software. Who better? </p> <p> In other words, the continuous development being continuously deployed creates constant improvement, and that’s what CI/CD means. Continuous improvement through continuous development and deployment. Feedback from users leads to better code, and better, and better, and better. </p> <p> Instead of upgrades coming once every six months or so, companies like Amazon are releasing new upgrades at the rate of 30 or more per day. </p> <p> <span style="font-weight: 600;">Depends Upon Participation </span> </p> <p> Whenever you want something to move fast you need to remove all obstacles and anything else that might slow down the process. Assuming that the developers and the operators are all committed to DevOps principles, the only other component of the process that might engender latency is the user community. </p> <p> The user community or communities may encompass all departments of the company. This means that everyone must be successfully encouraged to enthusiastically cooperate and participate in providing their feedback rapidly. Loosely defined, that’s called a culture change. And culture is among the hardest things to change in any company. </p> <p> <span style="font-weight: 600;">It Takes a Village </span> </p> <p> From the moment a company decides to undertake a DevOps initiative those leading the process must immediately recognize that it will take a village, perhaps their entire “village”, to create the cultural change needed to willingly and enthusiastically share feedback more frequently than they ever have before. The reward will be better software than they’ve ever used before, software developed specifically to fulfill their expectations, and that continuously improves to help them be more productive and more efficient than ever before. </p> 40Why We Need NCSAM – National CyberSecurity Awareness Monthhttps://www.newhorizons.com/resources/blog/postid/36/why-we-need-ncsam-national-cybersecurity-awareness-monthCyberSecurity,General,News ,SecurityWed, 30 Sep 2020 08:00:00 GMT<p>The need for this 17th year of CISA’s National CyberSecurity Awareness Month (NCSAM) has never been greater. CISA is the Cybersecurity & Infrastructure Security Agency, part of the US Department of Homeland Security. Each October they focus attention to help raise awareness of what each of us can do to promote safe computing.</p> <p style="text-align: center;"><strong>STOP. THINK. CONNECT.™</strong></p> <p>Connecting to the network should never be a casual act. The danger is far from trivial, it's serious. The most prevalent threat in CyberSpace today is ransomware, a “social engineering” threat in which you are encouraged to click a link or open an attachment by an email that looks very real from a sender you know well. When you click the link on this fake email you open the door for hackers to steal your data. The next thing you receive is a ransom note.</p> <p>One of the reasons this is the technique most used to invade networks is that it focuses on the most fallible, most difficult network segment to manage; the user. Human beings are far easier to exploit than digital systems, and hackers know it. Your awareness of the potential danger is your first, best artillery in the war against bad-actors.</p> <h3><strong>Security is Everyone’s Responsibility</strong></h3> <p>Many people think their internet service provider (ISP) is responsible for data and network security. But ask yourself who suffers most when security is compromised and data is lost. You do, or your company does. In very practical terms this means that you and your company own the greatest bottom-line responsibility. Fiduciary responsibility to your stakeholders.</p> <p>More to the point, when an intruder gets past your ISP's security and accesses your highest value data assets who stands the best chance of being fired from their job?</p> <h3><strong>Stop. Think. Connect. But What Should I Think About?</strong></h3> <p>The main theme of NCSAM this year is, ”Do Your Part. #BeCyberSmart” encouraging everyone to own their role and do their part taking personal accountability for helping protect the internet and all it services. Each week in October NCSAM explores a different topic. United Training will be publishing information all month with recommendations for how you can put these themes to good use.</p> <h5>· <strong>Week of October 5 (Week 1):</strong> If You Connect It, Protect It</h5> <h5>· <strong>Week of October 12 (Week 2):</strong> Securing Devices at Home and Work</h5> <h5>· <strong>Week of October 19 (Week 3):</strong> Securing Internet-Connected Devices in Healthcare</h5> <h5>· <strong>Week of October 26 (Week 4):</strong> The Future of Connected Devices</h5> <p>United Training offers many courses on data and network practices and products. Many companies send their personnel to these courses to better assure the safety of corporate data. In these courses, you’ll learn what security layers exist along the path of data traveling across your network, from the multi-factor authentication of users to network access control (NAC), intrusion prevention systems (IPS), anti-virus, anti-spam, anti-malware, firewalls, encryption and more. There’s a lot to learn, but all easily accessible. If you think only the techies need to know all this, think again. Everybody needs to #BeCyberSmart!</p> <p><a href="https://unitedtraining.com/cybersecurity-awareness" target="_blank"><img alt="cyber security month" class="img-fluid " src="/Portals/2/blog-images/cybersecuritybanner.jpg?ver=GWbzRP4Af_3nqWsLO4yeKA%3d%3d" style="width: 700px; height: 146px;" /></a></p> 36