cyber security – OpenSesame https://www.opensesame.com/site Mon, 01 Feb 2021 19:05:50 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.2 https://www.opensesame.com/wp-content/uploads/2022/07/opensesame-favicon.svg cyber security – OpenSesame https://www.opensesame.com/site 32 32 The importance of general cyber security awareness https://www.opensesame.com/site/blog/the-importance-of-general-cyber-security-awareness/ https://www.opensesame.com/site/blog/the-importance-of-general-cyber-security-awareness/#respond Mon, 01 Feb 2021 19:05:07 +0000 https://live-marketing.opensesame.com/site/?p=14961 In the cyber universe, there are few threats more prevalent, or more publicized, than phishing attacks. The first half of 2020 alone saw almost 150,000 reported attacks, and phishing was responsible for several of the year’s major breaches. Given that, it’s no surprise that phishing prevention usually plays a big role in organizational security awareness... Read more »

The post The importance of general cyber security awareness appeared first on OpenSesame.

]]>
In the cyber universe, there are few threats more prevalent, or more publicized, than phishing attacks. The first half of 2020 alone saw almost 150,000 reported attacks, and phishing was responsible for several of the year’s major breaches. Given that, it’s no surprise that phishing prevention usually plays a big role in organizational security awareness training. Anti-phishing courses and phishing simulation certainly play a crucial part, and it’s never been more important to ensure that users know how to recognize and respond to a potential phishing attack. However, the ubiquity of phishing threats and the amount of media coverage they get can overshadow other looming threats we should be looking out for, and that our information security programs should be covering. 

In order for our security awareness programs to be as successful as possible, they need to mitigate every threat–not just the ones with top billing. Although phishing attacks are extremely common, there are other threats quickly catching up. The change in priorities and environment brought on by the shift to remote work last year highlighted several areas of weakness that may not be getting enough attention, including password security, network protection, safe web browsing, and general remote work best practices. So, while users may be incredibly adept at spotting phishes, they could be jeopardizing organizational security in a number of other areas without even knowing it. 

Password security

Passwords and authentication are an easily overlooked area of security training simply because they’re so “simple.” Administrators commonly make the crucial mistake of assuming that their employees already understand how password security works. Unfortunately, the number of breaches over the past few years enabled by weak credentials would indicate otherwise. Infamously, the massive Equifax breach, which exposed the personal data of 143 million users, was partially caused by a username/password combo of “admin/admin.” The shift to work-from-home and the increased use of cloud services has also initiated credential-related hacking attempts; if there were ever a time to hone in on password security, it’s right now.

Network protection

Back when everyone still worked from an office, locked-down office networks and an on-site IT team could be counted on to bolster the organizational firewall. Home networks, on the other hand, throw an extra wild card into the mix. While employees may have been instructed how to set things up properly (assuming there were enough time and resources to do so), continued upkeep and proper usage aren’t a given. Many of the habits that ensure secure networks, such as installing updates, need to be repeated often; regular network security training is an effective way to keep best practices top of mind and encourage formation of those habits.

Web browsing

The web has always posed a significant risk to security, from malicious ads infected with malware to fake web pages used to harvest credit card information. Add to that a home/work environment with less oversight and fewer organizational controls, and browsing the web may be even more of a risk than it was before. Even if users theoretically understand the basics of web security and what warning signs to watch out for, the distraction of remote work could cause an inadvertent slipup. Beyond that, the threat landscape in this area is constantly shifting and becoming more sophisticated, putting even the most knowledgeable users at risk.

Remote work security 

Again, remote work introduces a plethora of new security threats that simply weren’t an issue before. The fact that work is suddenly intermingled with kids, remote schooling, even visitors to the house means that employees need to work harder than they would at the office to maintain a secure, separated work environment. Devices are more likely to get lost, damaged, or stolen, sensitive documents can get picked up or misplaced, and conversations may be overheard by people who shouldn’t be hearing them. In general, organizational privacy is a lot more difficult to maintain. If employees haven’t been trained on how to protect their data and devices at home, they need to be, before a major breach occurs.

Achieving security awareness in all these areas might seem like a difficult task, especially if it means pivoting from a phishing-centric program to a more holistic one. Thankfully, it doesn’t need to be. General security awareness courses are specifically designed to train users across all aspects of security, while being mindful of employees’ time constraints and attention spans. If you haven’t considered general security awareness training, there has never been a better time.


About the author

Larry Cates is the President and CEO of Global Learning Systems, a leading provider of enterprise security awareness and compliance training solutions to Fortune 1000 clients. Working directly with senior-level executives and security officers, Mr. Cates advises and consults on the design and implementation of client-tailored continuous learning and behavior management programs to address key security concerns and prevent security breaches related to inappropriate user actions.. Mr. Cates and the GLS team are actively developing new solutions and capabilities that promote an organizational security culture through user assessments, security metrics and goals tracking, as well as game-based learning, behavioral analytics tools and just-in-time targeted user training. 

The post The importance of general cyber security awareness appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/the-importance-of-general-cyber-security-awareness/feed/ 0
Get your entire team trained for cyber security https://www.opensesame.com/site/blog/get-your-entire-team-trained-for-cyber-security/ https://www.opensesame.com/site/blog/get-your-entire-team-trained-for-cyber-security/#respond Wed, 06 Nov 2019 22:25:22 +0000 https://live-marketing.opensesame.com/site/?p=12270 While National Cyber Security Awareness month just ended, it is always a great time to make sure you’re taking proactive steps to make a plan to train your workforce. Did you know a data breach not only affects your company’s reputation, but can cost your company anywhere from $1.25 million to $8.19 million? And new... Read more »

The post Get your entire team trained for cyber security appeared first on OpenSesame.

]]>
While National Cyber Security Awareness month just ended, it is always a great time to make sure you’re taking proactive steps to make a plan to train your workforce. Did you know a data breach not only affects your company’s reputation, but can cost your company anywhere from $1.25 million to $8.19 million? And new laws and regulations concerning the security of customer data means that cost could only rise in the coming years.

Common areas of vulnerability

While technology has helped automate many  business processes, the opportunities for breaches has multiplied as a result. It is essential that your employees are not only cautious with their computers, but also with their cell phones and USB connections. Something as simple as using a USB plug to charge your phone in a public place can leave your information vulnerable if you don’t take necessary precautions.   

52% of businesses admit that their employees’ biggest weakness is in IT security. Furthermore 46% of cyber security incidents are from careless or under trained staff. 

Check out these courses offered through OpenSesame to get your workforce up to speed: 

In addition, be sure to check out this recent OpenSesame webinar with expert Dr. Robert K. Minitti from OpenSesame course publisher Wolters Kluwer where he outlines how to incorporate fraud and IT security as part of your learning and development strategy. 

OpenSesame helps companies like yours develop the world’s most developed and admired workforces. For more information on how we can help you save time, money, and curate the right courses for your training program, contact us today at info@opensesame.com. 

The post Get your entire team trained for cyber security appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/get-your-entire-team-trained-for-cyber-security/feed/ 0
Protecting your company from fraud https://www.opensesame.com/site/blog/protecting-your-company-from-fraud/ https://www.opensesame.com/site/blog/protecting-your-company-from-fraud/#respond Tue, 05 Nov 2019 21:59:47 +0000 https://live-marketing.opensesame.com/site/?p=12265 Fraud can be costly for your organization, so it is important to educate your employees on what constitutes fraud and what red flags they should look out for. In 2018, fraud cost companies more than $7 billion in total losses with a median of $133,000 in losses per case. For 22% of cases fraud caused... Read more »

The post Protecting your company from fraud appeared first on OpenSesame.

]]>
Fraud can be costly for your organization, so it is important to educate your employees on what constitutes fraud and what red flags they should look out for. In 2018, fraud cost companies more than $7 billion in total losses with a median of $133,000 in losses per case. For 22% of cases fraud caused losses of over $1 million, which is a devastating blow that many organization’s bottom lines cannot recover from. 

Proper employee training can prevent your company from falling victim to the most common types of fraud, including asset misappropriation, corruption, and financial statement fraud. Furthermore, dedicating time to train your entire workforce on fraud sends the message that this is an issue that your company takes seriously and will not be tolerated. 

It is equally important to educate your employees on how to prevent fraud from sources outside your company as it is to recognize potential red flags within it. Threats like ransomware, spoofing, and phishing are on the rise and every employee that uses a computer, company smartphone, or email is a potential entryway for these dangerous types of malware. 

OpenSesame helps protect companies like yours with the most comprehensive catalog of elearning courses to train and develop your workforce on topics such as fraud and IT security. Check out these courses, offered through OpenSesame, today to get started. 

Be sure to also check out this recent OpenSesame webinar with expert Dr. Robert K. Minitti from OpenSesame course publisher Wolters Kluwer to gain additional insights on multiple types of fraud schemes, including asset misappropriations, corruption, financial statement fraud and cyber frauds, as well as methods of employee fraud prevention training to keep your company compliant and how to incorporate fraud as part of your learning and development strategy. 

For more information on how OpenSesame can help you save time, money, and curate the right courses for your training program, contact us today at info@opensesame.com

 

The post Protecting your company from fraud appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/protecting-your-company-from-fraud/feed/ 0
What is ransomware? https://www.opensesame.com/site/blog/what-is-ransomware/ https://www.opensesame.com/site/blog/what-is-ransomware/#respond Thu, 17 Oct 2019 22:11:17 +0000 https://live-marketing.opensesame.com/site/?p=12209 Well, if some recent, devastating cyber attacks are any indication, it may be today’s phishing vector of choice. Just a few weeks ago, the city of Baltimore was hit by a massive ransomware attack from a virus called “Robbinhood.” The hackers demanded $76,000 from the city as ransom for the data they stole—in keeping with... Read more »

The post What is ransomware? appeared first on OpenSesame.

]]>
Well, if some recent, devastating cyber attacks are any indication, it may be today’s phishing vector of choice. Just a few weeks ago, the city of Baltimore was hit by a massive ransomware attack from a virus called “Robbinhood.” The hackers demanded $76,000 from the city as ransom for the data they stole—in keeping with standard protocol, the city refused to pay the ransom. In a similar attack in Riviera Beach, Florida, the ransom was for $600,000. Hedging their bets, Riviera Beach did pay their ransom.  For both cities, the cost of these attacks was incredibly high—Baltimore is facing almost 20 million dollars in lost revenue and expenditures to restore their data, while Riviera Beach both paid their ransom and demonstrated to hackers everywhere that they can’t afford not to pay a ransom. If they had only had certain processes and knowledge in place prior to the attacks, both of these cities could have fared far better. 

As most of us are aware, phishing attacks can take many different forms, from Business Email Compromise scams that mimic employee emails and request money or information, to fake emails from trusted business that use bad links or attachments to steal data. Ransomware takes a more direct route by installing malware, stealing data, and then requesting some form of payment to—ostensibly—restore the data to its owner. In some attacks, the data is in fact restored after the ransom is paid. Other times, hackers accept the ransom but never give the files back—which is why security professionals typically advise against paying the ransom. Either way, ransomware means a huge risk to personal data and—more likely than not—exorbitant costs to get systems up and running again. It’s important that we be able to protect ourselves and our organizations against these scams—but how do we do that?

First of all, like other phishing scams, email is the most common attack vector for ransomware. When a malicious link or attachment is clicked on, the virus runs a payload on the computer and encrypts files so that the owner can’t access them. What this means is that—typically, at least—preventing ransomware is as simple as preventing any other phishing attack. Don’t click on any strange links or attachments in unexpected emails, and remember to check for warning signs that the email may be malicious. If it’s unexpected, comes from a strange or incorrect email address, or requests unusual information, it’s probably a scam. When in doubt, delete the email and verify its contents externally—it could mean the difference between continued security and a ransomware nightmare.  

Second of all, in the event you do fall victim to a ransomware attack, it’s critical to have certain security measures in place to help you deal with the fallout. As IT expert Sean Gallagher notes, backups are key when it comes to surviving ransomware. If data is properly backed up to an external location, it can be recovered in the event that it’s stolen from the device itself. In addition, companies need a “disaster recovery (DR) plan,” something that plans for a potential worst-case scenario—not just low-level security snafus—and lays out ahead of time how the recovery process would work. A good DR plan minimizes loss and allows for a smoother recovery process in the event that a disaster does occur. (For more information on how to create a solid disaster recovery plan, see this article.)

What happened in Baltimore and Riviera Beach should serve as a serious wake up call. Ransomware attacks not only happen, they’re on the rise—and they could mean financial ruin or irrecoverable loss of data. As organizations or even as individuals, it’s important that we take the appropriate steps to recognize and prevent—or at least be able to deal with the consequences of —a breach. And the first step is awareness. Company leadership needs to be aware that ransomware could be a serious threat, and that concrete steps are needed to avoid disaster. Similarly, all company employees, down to the lowest level, must be familiar with phishing attacks and how to prevent ransomware from the first click. With that awareness in place, alongside strong communication between teams, maintaining and strengthening security—and keeping ransomware at bay—becomes much easier.

For more information on ransomware and cybersecurity check out available courses from Global Learning Systems in the OpenSesame course catalog.


Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change, protect your organization and Strengthen Your Human Firewall®. In addition to carefully tailoring program materials to client needs, we offer an online learning platform, phishing simulation tool, courseware customization and high-touch customer service.

The post What is ransomware? appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/what-is-ransomware/feed/ 0
California’s new Consumer Privacy Act effective 1 January 2020 https://www.opensesame.com/site/blog/californias-new-consumer-privacy-act-effective-1-january-2020/ https://www.opensesame.com/site/blog/californias-new-consumer-privacy-act-effective-1-january-2020/#respond Thu, 03 Oct 2019 18:07:54 +0000 https://live-marketing.opensesame.com/site/?p=12112 This January the Consumer Privacy Act (CCPA) will go into effect in California. While this is a California law, it has ramifications both across the United States and globally because it applies not just to all California based companies, but also to anyone who collects and uses the personal data of any California residents. Even... Read more »

The post California’s new Consumer Privacy Act effective 1 January 2020 appeared first on OpenSesame.

]]>
This January the Consumer Privacy Act (CCPA) will go into effect in California. While this is a California law, it has ramifications both across the United States and globally because it applies not just to all California based companies, but also to anyone who collects and uses the personal data of any California residents. Even if your company is not based in California, you will be affected if you: 

    • Have annual gross revenues over $25 million.
    • Annually buy, receive, sell, or share personal information of over 50,000 California consumers, households, or devices.
    • Derive at least 50% of annual revenue from selling California consumers’ personal information.
How does the law work?

Californians will be able to request information from your company about what data is collected about them, why it was collected, how you received their information and who it was shared with or sold to. California residents will also have the right to bring a direct lawsuit if their unencrypted or unredacted personal information is subject to a data breach as the result of a business’s failure to implement reasonable security. If a company is found to be in violation of the CCPA, they have 30 days to comply with the law once regulators notify them of a violation. If the issue isn’t resolved, there’s a fine of up to $7,500 per record which can add up quickly when the volume of consumer records at a company is considered.

Start preparing now for the law to limit penalty 

The new law goes into effect 1 January 2020, with an enforcement date of 1 July 2020. Don’t scramble at the last minute to keep your company compliant and customer data legally safe. Now is the time to guarantee your employees are well-versed in consumer privacy and data security best practices.  Check out these courses offered through OpenSesame to get your workforce up to speed: 


OpenSesame helps companies like yours develop the world’s most developed and admired workforces. For more information on how we can help you save time, money, and curate the right courses for your training program, contact us today at info@opensesame.com.

The post California’s new Consumer Privacy Act effective 1 January 2020 appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/californias-new-consumer-privacy-act-effective-1-january-2020/feed/ 0
Navigating Your IT Security Certifications, Part 2 https://www.opensesame.com/site/blog/navigating-your-it-security-certifications-part-2/ https://www.opensesame.com/site/blog/navigating-your-it-security-certifications-part-2/#respond Sun, 19 May 2019 06:15:51 +0000 https://www.opensesame.com/site/?p=11014 Welcome back. Previously we discussed some of the basic certifications you will need to jump start your journey into the IT Security field and open many opportunities for you. But what if you want to take it to the next level. Perhaps you are aspiring for a Director of Security or CISO role. What certifications... Read more »

The post Navigating Your IT Security Certifications, Part 2 appeared first on OpenSesame.

]]>
Welcome back. Previously we discussed some of the basic certifications you will need to jump start your journey into the IT Security field and open many opportunities for you. But what if you want to take it to the next level. Perhaps you are aspiring for a Director of Security or CISO role. What certifications lay the foundation to purse that direction?

There are actually many other specialty areas in security available for us to discuss (like those created by industry leaders like Cisco, GIAC, SANS, ISACA, (ISC)2 and many others). But for the interest of brevity, I’d like to highlight some of the more popular ones. The first two I’d like to introduce are from ISACA and are favorable certifications for those who wish to move into management positions. Those two are: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

There are more than 140,000 professionals certified globally with CISA and it is one of the top paying IT certifications of 2018 as reported by Global Knowledge. As companies are faced with increasingly more security challenges including new global threats (e.g. ransomware), new government regulations (e.g. GDPR), and new technologies to secure; they are under enormous pressure to hire the right talent to manage it. With the CISA certification, you will be recognized as someone that can take a comprehensive view of information systems and their relationship to a success business-wide security initiative. In addition to passing the exam, this certification requires the submission of a formal application which requires certain levels of education and work experience. Check out their web site for more information.

The CISM certification is different and comes at security from a company policy standpoint. It covers four key areas: information security governance, Information risk management, information security program development and management, and information security incident management. Passing this certification demonstrates that you understand security and how it relates to the overall business goals. It shows that you not only understand security, but also how to build and manage an information security program within the company.

But perhaps you’re looking to achieve an even higher position, one that leads all of the company’s security needs, such as Chief Information Security Officer (CISO) and Director of IT Security. Moving into these roles require digging much deeper into all the individual niches in the security field. The first one to consider is CompTIA’s Advanced Security Practitioner (or CASP). CASP is a relatively new certification from CompTIA and is meant to test the student on a broad range of security skills. In fact, it meets the ISO 17024 standard and is compliant with regulations in the Federal Information Security Management Act (FISMA).

Once you pass the CASP certification, you’ll likely be feeling pretty good about your skills, a Luke Skywalker of Security experts if you will. But what if you want to go for Yoda status? One of the top respected certifications is undoubtedly the (ISC)2 Certified Information Systems Security Practitioner (or CISSP), which is not your average certification and will require significant work to achieve. It is meant to demonstrate a clear and deep knowledge of all things security and is fast becoming a requirement for many of the very top positions in IT security.

Although CASP and CISSP are great options for some of the top IT positions and cover a broad range of security topics, they are very different in what the exam covers. The CASP exam tests whether you know HOW to implement many of common security concepts, so their questions will be mostly unambiguous. For example, “what command line tool is used to create a 128-bit hash?” The CISSP exam, on the other hand, tests whether you know what the best practices are when dealing with complex security situations. Here, the options available to choose from may, in fact, all be technically correct. For example, take the following question, “Which of the following is the PRIMARY advantage of data classification for an organization?” Here, all the options could be valid examples of legitimate advantages, but the correct answer is the one that has the most advantages.

Be sure to check out many of the training titles we have in security, and good luck my young Jedi.


About the author: Martin Schaeferle is the Vice President of Technology for LearnNowOnline. Martin joined the company in 1994 and started teaching IT professionals nationwide to develop applications using Visual Studio and Microsoft SQL Server. He has been a featured speaker at various conferences including Microsoft Tech-Ed, DevConnections and the Microsoft NCD Channel Summit. Today, he is responsible for all product and software development as well as managing the company’s IT infrastructure. Martin enjoys staying on the cutting edge of technology and guiding the company to produce the best learning content with the best user experience in the industry.

The post Navigating Your IT Security Certifications, Part 2 appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/navigating-your-it-security-certifications-part-2/feed/ 0
Navigating Your IT Security Certification, Part 1 https://www.opensesame.com/site/blog/navigating-your-it-security-certification-part-1/ https://www.opensesame.com/site/blog/navigating-your-it-security-certification-part-1/#respond Sun, 19 May 2019 06:11:54 +0000 https://www.opensesame.com/site/?p=10984 You don’t have to read many news articles to know that internet security is on everyone’s mind. Major corporations are also taking notice: Gartner is forecasting worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. It is no wonder with 50% of respondents reporting an increase in... Read more »

The post Navigating Your IT Security Certification, Part 1 appeared first on OpenSesame.

]]>
You don’t have to read many news articles to know that internet security is on everyone’s mind. Major corporations are also taking notice: Gartner is forecasting worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. It is no wonder with 50% of respondents reporting an increase in the number of cyber attacks from last year and four out of five indicating it was likely or more likely their enterprise will experience a cyber attack in 2018 (2018 ISACA State of Cybersecurity Study). Even this past election cycle isn’t immune to accusations of stolen emails and hacked servers.

For the IT professional, this is a great climate for those looking to update their skills and join the relatively new and growing sector of IT security. Don’t believe me? In a March 2018 article posted by Forbes, five of the top 15 most valuable IT certifications are security based. Security certification has become a serious and well-respected career.

If you’re attempting to enter a security field and IT is not a current profession or hobby, then I’d suggest tackling a couple of certification courses to get you started as an introduction. The first is CompTIA A+ offered by LearnOnlineNow through OpenSesame, which focuses on learning the standard computer hardware, basic operating system functionality, and general troubleshooting. From there, I’d recommend getting certified in CompTIA Network+, which will get you familiar with basic networking concepts like IP addresses, DNS, domains, routing—essentially everything that defines the framework that Internet security relies on.

Okay, you are now an IT expert! What’s next? It’s good to start with the basics of security, and the best certification for that also comes from CompTIA. Their Security+ covers all the core concepts in IT security from Wi-Fi passwords and firewalls to employee best practices.

After you have Security+ finished, start considering some specialty certifications. One of the most popular next steps is EC-Council’s Certified Ethical Hacker (CEH) certification and Certified Security Analyst (ECSA). Once certified, you will understand the tools and techniques that you can use to assure companies that their systems are indeed secure.

Another very popular certification is EC-Council’s Computer Hacking Forensic Investigator (CHFI) certification. Like the television show CSI, it is an area of the security field that focuses on how to collect and analyze digital evidence to detect when something is about to or has happened. Most companies know that it’s not if you will be hacked, but when. This certification is about learning the skills for detecting or mitigating the aftermath of a successful hack.

For more online courses on how to get started in IT Security, how you can protect your company with trained and certified IT professionals, or ways to develop your current skillset, check out LearnNowOnline through OpenSesame, or contact OpenSesame at (503) 808-1268.


About the author: Martin Schaeferle is the Vice President of Technology for LearnNowOnline. Martin joined the company in 1994 and started teaching IT professionals nationwide to develop applications using Visual Studio and Microsoft SQL Server. He has been a featured speaker at various conferences including Microsoft Tech-Ed, DevConnections and the Microsoft NCD Channel Summit. Today, he is responsible for all product and software development as well as managing the company’s IT infrastructure. Martin enjoys staying on the cutting edge of technology and guiding the company to produce the best learning content with the best user experience in the industry.

The post Navigating Your IT Security Certification, Part 1 appeared first on OpenSesame.

]]>
https://www.opensesame.com/site/blog/navigating-your-it-security-certification-part-1/feed/ 0