{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Why Your Employees Should Be the First Line of Network Security Defense

by Jason Blalock on December 21, 2017

network security

We talk a lot on this blog about various types of cyber-attacks and the various ways technology can help reduce your risk factor, but there's one uncomfortable fact which can undermine even the best tech-based network security:  roughly ninety percent of successful cyber-attacks involve some degree of human error or negligence. 

Want to test your employee's network security knowledge?  Our social engineering test will help find any holes in your human network.

Simply put, no matter how much money you have invested into hardware, it could all go to waste if you aren't also training your staff to be security-smart.

So today, we wanted to run down some of the most common ways of defeating security by exploiting the human element, often called social engineering.  You should be looking to train your staff to recognize, avoid, and report these methods of attack - or possibly even looking to bring on consultants to help solidify that training.

sophos phishing Common Security Attacks Targeting Human Weakness

1 - Phishing

"Phishing" refers to emails (or, less frequently, phone calls) that attempt to trick the target into revealing critical pieces of information, such as passwords or credit card numbers.  They almost always attempt to represent themselves as some form of authority figure.  There's even a variation involving CEO impersonation, where the criminal has gained access to a C-level executive's email and is using it to directly ask for such protected information.

The best solution here is to simply establish protocols for properly and securely transmitting protected information, and never deviating from them.  If your staff gets a request that doesn't follow the protocols, report it immediately - even if it seems to come from the CEO personally.

2 - Stolen Devices

An amazing number of data breaches come via the most old-fashioned method possible: plain old pick-pocketing.  If a smartphone has access to your network, or has business data on it, it's vulnerable to physical theft.

The solution is don't let it happen.  Never set devices to auto-logon to protected networks without multi-factor authentication.  Never store protected info on portable devices.  And have security procedures in place for quickly locking out and\or wiping a device should it ever be stolen.

3 - Trojan Horse Files

We frankly can't believe how many intrusions are still committed by tricking people into opening compromised files in their email box.  Seriously, this should be business security 101:  Never ever open a file in your email box unless you are certain you know who sent it.  There's just no excuse for an employee to get tricked by this one any more.

Plus, don't forget that online advertisements can also be used as vectors for trojans.  So don't click on banner ads either.

4 - Malicious Employees

It's not something anyone likes to think about, but there's always a chance that someone in your organization is disgruntled, opportunistic, and\or compromised.  Some of the biggest data thefts in history have been "inside jobs." 

This is another area where having set protocols will help a lot.  Define what information each job role is allowed access to, and don't deviate.  Encourage employees to report internal requests for information that seem even a little iffy.  Better safe than sorry is the watchword here.  

Take Your Security Further With Penetration Tests

Do you want to know how effective your security training is?  Want to see whether you've got gullible employees who could be security liabilities?  Want to give your security measures a real "live fire" test?

Then have a penetration test conducted.  These are professionally-conducted "white hat" hacking attempts, done with your consent, specifically for the sake of testing your security.  Any and all methods of intrusion can be used, and the resulting report will show where you need better security.

penetration test

Contact Hummingbird Networks today to learn more.

Topics: Network Security, IT Services