eric.lundbohm

Recent Posts

Implementing a Phishing game campaign in your company

One of the most important pieces of security you can have is a great training program. Your employees can be the strongest and the weakest link. To better protect your company’s assets you will need to teach your employees how to look out for and handle Phishing attacks. Now mostly these attacks can be easy to spot, but attackers are starting to get better and it is becoming harder to detect these attacks by the everyday person receiving them. Introducing the phishing game into your everyday training is a fun, interactive way to effectively teach email security.

The whole idea behind this game is to reward the people that report phishing attacks. You will be the one generating this attacks from a false email address or a spoofed phishing tool. Now you can also give rewards for any attacks that they find that are legit as well but that is up to you. You want to pick a set number of attacks you are going to dish out. Then divide the testing groups evenly into 4 groups. So if there are 200 people participating in your company, then there would be 50 people per group. Send out 1 or 2 email phishing attempts to the first group. Space out the attacks to different groups over a month period.

Read More

Security Certifications: Which ones are worth having?

The ever-increasing number and frequency of cyber-attacks on corporations, big or small, all over the world, has generated a great demand for able and efficient information technology and security professionals. All corporate groups are constantly on the lookout for recruiting an experienced and skilled IT professional to help improve their security network and thwart all attacks with ease.

This is good for IT professionals and security experts, for they have many good opportunities. However, things are not so easy, for the growing demand for IT and security professionals has led to many people taking up that field, meaning a lot of competition is on the cards if you are an IT professional applying for a particular firm.

One thing, though, that can set you apart from the other applicants is having the right certifications in your resume. To help you find the important ones, separate the wheat from the chaff so to say, we have compiled a list of security certifications that can prove to be real game changers for you.

Read More

Ransomware FAQs; What's Going on Here?

Ransomware is getting big notice in the press. Frankly, it makes a pretty readable story; organization gets hit by a virus, data is locked up and they pay a ransom to get their data back. Like the plot of a movie, perhaps. Except this is real, happens to people just like you and it's unlikely to stop anytime soon.

To control something like this, it's important to fully understand the issue first. Here are a few FAQs on Ransomware to get started on that understanding.

Read More

Top Suites & Tools for Internal Pen-testing

Beng breached is one of the scariest things that could happen to a security professional. The best strategies to prepare for a situation like this is to actually hack yourself. Whether you hire an external firm to perform a penetration test on your systems or you perform it yourself. It is a best security practice to know completely where you are vulnerable and how to fix it. Below is a short list of the best tools and suites for testing vulnerabilities.

  • Burp Suite
    • Burp Suite is one of the very best web vulnerability scanners on the market. One of the tools included called Intruder, lets the users initiate full pay load attacks on web sites of their choice. If you had one choice of a well-rounded tool to get and learn, this would be the one.
  • Acunetix
    • For those who do not have the time or resources to work with Burp suite, Acunetix is your next best option. This is a great web vulnerability scanner that automatically scans for SQL injections, Cross-site scripting and other high end vulnerabilities that may leave your websites open to attack or data loss. This tool has many options and is very simple to learn. With the ability to create professional reports to your liking, Acunetix is an industry leader in vulnerability scanning.
Read More

10 Security Blogs You Should be Reading

As a security professional, it is your duty to stay constant and up to date with the current news in the industry. Each one of the following blogs/sites offer their own twist with their writers and material. Making a constant effort to visit these sites on a daily or weekly bases will broaden your awareness into the security world.

Read More

5 Ways to Keep your Domain Name Safe from Being Hacked

The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

Read More

Removing the CryptoWall 3.0 Virus: How to Decrypt CryptoWall 3.0 Encrypted Files

CryptoWall 3.0 ransomware has taken the world by storm. The ransomware is capable of encrypting all your personal files if your device is infected. It uses the AES-CBC 256-bit encryption algorithm, which is the RSA 2048 key, to encrypt data on the victim’s computer. The malware then threatens the victim about destroying the data if their ransom of $500 is not paid within the timeframe requested (96 hours). If the ransom is not paid within 7 days then the amount grows up to $1000. Thus, the victim needs to be extra careful with the given timeframe and make the payment in Bitcoins.

But, worry not. If you ever get infected with this cryptographic ransomware, this article will teach you to remove it without breaking a sweat. Keep reading.

Read More

How to Write a Sane BYOD Policy

Depending on what type of industry you are involved in, a BYOD (bring your own Device) policy may or may not be an option. It can be very beneficial to companies that are growing rapidly or want to strive for employee satisfaction. There are also a lot of downfalls that could occur as well. You need to be well prepared with this policy so that you can cover all aspects that could arise from a security perspective.

First step you will want to specify what types of devices are allowed. One problem with this that may occur is employees not liking placing a pin or password setting not only on their device but also having to enter a second method of authentication as well. You may get a little push back on this but this is one of the most important parts of this policy. There is simply too much information available and it would be too easy with mobile phones to have an unnecessary leak or breach of data without a form of secondary authentication.

Read More

Are Apple Devices Still Less Vulnerable?

Mobile users have come to realize in recent years just how insecure their devices are. Although smartphones today house many apps that get a lot more done than was previously the case, the security aspect has been greatly neglected.

Although smartphones run the same web scripts as normal computers and laptops do, the fact that they are not tailored for smartphones, as well as the meagre security features available in most smartphones, make it even simpler for the vulnerabilities in those web scripts to be exploited on such devices. Even other operating systems have been targeted continuously by hackers. However, over the years, Apple devices have been the cause of envy in users and developers of other platforms.

This is mainly because Apple has always branded its devices as immune, or quite close to the word, to malware and other such agents. This claim was much backed up by their superior statistics in the beginning, but of late, even Apple devices are ending up as victims of cyber-crimes. We take a look at how things stand at present.

Read More

3 Easy Techniques to Protect Your Data

Some of the best firms use very simple techniques to protect their companies’ information. These techniques can be very efficient with not only securing company data but also your employee's personal information as well. These may take some time and resources to set up initially, but you will thank yourself down the road.

First you want to implement some sort of yearly or bi-yearly security training program. Something interactive that will keep them involved and teach them the basics of security in the office. Using game-ology or animation in this training will insure that the information sticks with the employees. Not only will you remain compliant with a yearly security training program but you can insure awareness around the main cause of information leaks and breaches; humans.

Read More

Subscribe to Email Updates

About iSheriff

iSheriff is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide.