Dear Friend,


You may notice that this month's issue is displaying on your screen with wider than usual spacing. We have been in touch with Constant Contact and they have confirmed that it is a glitch on their end, and they are working to resolve the problem. They hope to have a solution soon, and hopefully, next month's issue and all other subsequent issues, will display correctly on your screen.


We apologize for any inconvenience, and as always, we are grateful for your partnership.


Sincerely,

AaSys Group, Inc.

June 2022
SOLUTIONS

The Definitive

Email Cybersecurity

Strategy Guide



A people-centric approach to stopping ransomware, malware attacks, phishing and email fraud.


Email: Your Most Critical Threat Vector


Every day around the world, a silent battle wages on in one of the most

familiar and central features of modern work: the email inbox. As the top malware delivery vector and fertile ground for all kinds of fraud, email is the channel where cyber attackers are most likely to compromise their targets. They trick users into clicking on an unsafe link, giving away their credentials, or even carrying out commands directly (such as wiring

money or sending sensitive files).


It’s not hard to see why attackers prefer email. It uses a decades-old architecture that wasn’t designed with security in mind. It’s universal. And unlike computer hardware and infrastructure, email attacks exploit vulnerabilities that can’t be patched: people.


The challenge is growing even more complicated amid a shift to the cloud and remote work. Organizations spend billions every year on security tools designed to harden the network perimeter, detect network intrusions and secure endpoints. And yet the volume—and costs—of ransomware, business email compromise (BEC), credential phishing and malware-fueled data breaches have never been higher. That’s because today’s attacks hack human nature, not just technology. And email is the easiest way to reach people.


Cyber Attacks Are Evolving Faster Than Traditional Defenses



Safeguarding email is the key to protecting the enterprise. But it’s a complex challenge. That’s because email threats are numerous and wide-ranging. Attack techniques are constantly evolving. And human nature—the weak link in every organization—is a perpetual target. It’s no wonder that solutions built for fighting the attacks of just two to three years ago are struggling to keep up.


Here are just some of the ways cyber attackers target people.


Ransomware

Ransomware is an old threat that persists as a modern-day problem. This type of malware—which gets its name from the payment it demands after locking away victims’ files—is a major issue for modern businesses. It’s one of today’s most disruptive types of cyber attack.


Major incidents involving fuel, food and health infrastructure in 2021 showed that no target is off limits.


About three-quarters of ransomware starts, directly or indirectly, with a phishing email. These emails trick users into opening a malicious attachment or clicking a malicious URL.


Email fraud and business email compromise (BEC)

Business email compromise (BEC), also known as email fraud, is one of

cybersecurity’s costliest and least understood threats. The fast-growing category of email fraud doesn’t always garner as much attention as other high-profile cyber crimes. But in terms of direct financial costs, BEC easily overshadows other types.


In 2020 alone, BEC schemes cost organizations and individuals more than $1.8 billion. That’s up more than $100 million from 2019 and a full 44% of total cyber crime losses.


BEC attacks are hard to detect. They don’t include the usual payloads—malicious URLs or file attachments—to analyze. Instead, fraudsters rely on impersonation and other social engineering techniques to trick people.


Many of today’s BEC schemes are highly sophisticated, well-funded and backed by careful planning and research. A growing number of attackers are focusing their efforts on supplier invoicing fraud and large business-to-business (B2B) transactions they can hijack.


BEC attacks prey on human nature. They exploit people’s trust.


Account compromise/takeover

Account compromise is the act of maliciously gaining control over a legitimate user’s email or cloud service account—giving the attacker wide-ranging access to data, contacts, calendar entries and email.


Beyond the compromised user’s data, the attacker can use the account to

impersonate the user in social engineering attacks both inside and outside of the organization. These include BEC, supply-chain attacks and more.


Threat actors can access sensitive data, persuade users or outside business partners to wire money or damage an organization’s reputation and finances.


Worse, they can also install backdoors to maintain access for future attacks.


How the Threat Landscape Has Changed


Today’s remote and hybrid workforces are powered by cloud and mobile technologies.


The hardened perimeters and traditional network structures of the past are all but gone. People are the new perimeter.


Unfortunately, most security budgets—tied to other priorities and product categories—haven’t kept up.


Organizations may understand the multifaceted, people-centric nature of today’s threats and invest in security tools to cover every potential risk.


But unless those tools are working together in a coordinated fashion, they can’t offer the visibility and insight security teams need to manage risk. true people-centric security requires a holistic, coordinated approach.


Focus on Your Riskiest Users


The first step to protecting users is identifying which ones pose the most risk. While every organization may weigh various risk factors differently, all should comprise some combination of vulnerability, attacks and privilege.


Vulnerability is a way of determining who’s most likely to fall victim to a threat. An attack analysis can reveal who in your organization is being targeted, how heavily and by what types of threats. And privilege can help predict how harmful a successful attack would be to the organization.


Focus on users who represent a higher-than-normal risk based on any combination of these factors. Their status calls for extra attention by the security team and stakeholders who should know how and why they’re at risk.


This level of visibility in all three areas is essential to people-centric security. Without it, organizations have no way of knowing who needs additional layers of security or how best to protect them.


A people-centric approach keeps everyone protected by applying controls that correspond to their level of risk.


And it works in a unified way across every platform people use, against every tactic attackers employ and within every threat vector that matters.



Source: Proofpoint

Banking: Successfully managing your remote agents & relationship managers

60% of companies will have agents and relationship managers working from home for the foreseeable future. Many banks that used to serve clients through branches and contact centers are now servicing their clients through remote/work-from-home agents. In light of the pandemic some banks have adopted a hybrid workforce model where a portion of the team is back at the office and the other portion is remote. This can be a daunting task for banks that adhere to high security standards, in order to protect client privacy and prevent data breaches leveraging VPNs and other software that may not be as flexible for a remote installment.


Use this checklist to help you operate more efficiently in the new normal, by empowering your agents, relationship managers and contact centers overall to provide banking-on-the-go.


Banking client service agents and relationship managers need state-of-the-art tools

The first step is making sure everyone from client service agents to leaders, such as the head of distribution and head of client operations, have the necessary equipment and connectivity to perform their job.


Banks need to establish remote work policies and best practices for security & compliance

Whether your team is working in the office or remotely, it’s important to create and clearly communicate new policies, operating procedures and remote security guidelines.


Develop rigor with streamlined processes and coaching development

Without the ability to connect face-to-face, you’ll need a combination of technology and engagement strategies in order to effectively onboard new agents and manage and develop your workforce.


Integrate new omnichannel technologies with core banking systems to exceed client demands

Consider new strategies enabled by cloud-based technology that can help keep operations running smoothly and reduce costs, while maintaining an exceptional client experience.



Provide flexibility and agility to your client service agents

All work-from-home scenarios are not created equal. Be flexible with your team’s diverse situations and do your best to keep morale high.


Source: TalkDesk

Securely Gaming Online



What makes online gaming so fun is that you can play and interact with others from anywhere in the world, often you don’t even know the people you are playing with. While the vast majority of people online are out to have fun just like you, there are those who want to cause harm.


Securing Yourself


The greatest risk to online gaming is not the technology itself but the interactions you have with strangers.


  • Be cautious of any messages that ask you to take an action, such as clicking on a link or downloading a file. Attackers will use in-game messaging or phishing emails in an attempt to fool you into taking actions that can infect your computer, steal your identity, or your gaming accounts. If a message seems odd, urgent, or too good to be true, be suspicious that it may be an attack.
  • Many online games have their own financial markets where you can trade, barter, or buy virtual goods. Just like in the real world, there are fraudsters who will attempt to trick you and steal your money or any virtual currency you have. Deal only with people that have established, trusted reputations.
  • Use a strong, unique passphrase for any gaming accounts. This way attackers cannot simply guess your passwords and take over your accounts. If your game/platform offers two-step verification, use it. Can’t remember all your passwords? Use a password manager.


Securing Your System


Attackers may attempt to hack into or take over the computer or device you are gaming on, you need to take steps to protect it.


  • Secure your devices by always running the latest version of the operating system and the gaming software or mobile app. Outdated software has known vulnerabilities that attackers can exploit and use to hack into your device. Enable automatic updating when possible. By keeping your devices and gaming applications updated, you eliminate most of those known vulnerabilities.
  • Download gaming software and game add-on packs from trusted websites only. Attackers will often create fake or infected versions, then distribute it from their own server. In addition, if any game or add-on requires you to disable any security tools or settings, do not use it.
  • Underground markets have sprung up to support cheating activity. Besides being unethical, many cheating programs are themselves malware that will infect your device. Never install or use any type of cheating software or websites.
  • Check the website of whatever online gaming software you are using. Many gaming sites have a section on how to secure yourself and your system.


For Parents or Guardians


Education and an open dialogue with your kids is the most effective step you can take to protect children. One approach is to ask them to show you how their games work, have them show you what a typical game looks like. Perhaps even play the game with them. In addition, have them describe the different people they meet online. Quite often online gaming can be a big part of your child’s social life. By talking to them (and them talking to you) you can spot a problem and protect them far more effectively than any technology. Some additional steps include:


  • Know what games they are playing and make sure you feel the games are age appropriate for your child.
  • Limit the amount of information your kids share online. For example, they should never share their password, age, phone number or home address.
  • Consider having their gaming device in an open area where you can keep an eye on them. In addition, younger children should not game in their rooms or late at night.
  • Bullying, foul language, or other antisocial behaviors can be a problem. Keep an eye on your kids, if they seem upset after playing a game they could have been bullied online. If they are bullied online, report it to the game site and have them play online games with trusted friends only.
  • Learn if your child’s games support in-app purchases and what sorts of parental overrides they provide.



Source: Charlie Goldner, founder of CyberNV, SANS instructor, June 1, 2022

2022 Company Holidays

Monday, June 20, 2022 - Juneteenth National Independence Day

Monday, July 4, 2022 - Independence Day

Monday, September 5, 2022 - Labor Day

Monday, October 10, 2022 - Columbus Day

Friday, November 11, 2022 - Veterans Day

Thursday, November 24, 2022 - Thanksgiving Day

Saturday, December 24, 2022 - Christmas Eve Day

Monday, December 26, 2022 - Christmas Day (Observed)

Monday, January 2, 2023 - New Year's Day (Observed)
AaSys Group, Inc.
11301 North US Highway 301
Suite 106
Thonotosassa, FL 33592
(813) 246-4757 Phone
(813) 246-4576 Fax
AaSys Group, Inc. | 11301 North US Highway 301, Suite 106, Thonotosassa, FL 33592
Unsubscribe newsletter@aasysgroup.com
Update Profile | Constant Contact Data Notice
Sent by newsletter@aasysgroup.com powered by
Trusted Email from Constant Contact - Try it FREE today.
Try email marketing for free today!