Week 1: Passwords

Welcome to our Cybersecurity Series!

We've collected, curated, and sourced some of the best cybersecurity resources out there.
Packed with videos, infographics, and lots of quick reads, there's bound to be something for you in every email. Enjoy!


VIDEO: Anatomy of a Strong Password


Our CEO Paul Hager shows you how to create a password so strong it would take a computer millions - yes, millions - of years to crack. WATCH THE VIDEO >>>


Is Your Password Strong Enough?



There’s a super easy online tool that can answer that for you.
 
https://howsecureismypassword.net
 
Simply enter a password and this tool will tell you how quickly it can be cracked. The longer it takes to crack, the more secure the password. Plus, it gives you suggestions for strengthening your password. Don’t worry – any passwords you enter into the tool won’t be stored or sent over the internet.


The Worst Passwords of 2019

Year after year, the same passwords keep showing up on lists of the year’s worst passwords. That means too many of us are still using ridiculously-easy-to-guess passwords like:
 
123456
password
111111
sunshine
qwerty
football
abc123

Is your password on this year’s list of worst passwords? What should you do if it is?

Read our blog post for answers >>> 


VIDEO: Improving Your Password Security

Get a breakdown of password best practices from our own Dale Harkness, senior consulting engineer and all-around cybersecurity guru. Watch the video >>>



Reusing Passwords - A Huge No-No

Roughly half of users will use their business email address and business password in a personal account somewhere else on the internet. Even if your company’s security is phenomenal, it can’t prevent employees from using their business login credentials on websites with poor security where their information can be stolen.

 

That puts your entire company at risk of being hacked. It can also result in some serious embarrassment, like when some government employees were busted for using their official government email addresses to create accounts on a porn site.

 

You should never repeat passwords, either in your professional or personal life. The more often a password appears across the web, the more likely it is to end up in hackers’ hands through data breaches. If you feel overwhelmed by the number of passwords you have to remember in your daily life, use a free password manager like LastPass or Dashlane.



The Breach Report: Hy-Vee Supermarket Chain Hands Over the Dough


Midwestern supermarket chain Hy-Vee was involved in a breach over the summer. They reported unauthorized access to their database. It's possible that names and payment information was made available to hackers. Customers from all 245 of their stores should monitor their accounts to identify suspicious activities. On a lighter note, we think their cakes are great!
Read more >>>

Example Text

Week 2: Phishing & Social Engineering

VIDEO: Identifying Phishing Emails

Paul Hager, ITP's CEO, reveals how to easily determine if you've received a phishing email AND what to do if you get one. WATCH THE VIDEO >>>



The History of SPAM in 60 Seconds

 

The first spam email was sent on May 1, 1978, to several hundred people. It was an advertisement for a presentation that was sent by a marketer. The reaction to it was – not surprisingly – almost universally negative. This type of unwanted junk email was named “spam” based on Monty Python’s “Spam, Spam, Spam” sketch. Spam existed mostly to sell adult content and related pharmaceuticals – and to get you to click on links that bring viruses into your network.


In the early 2000s, the IT industry tried techniques like spam filters and cutting off the IP addresses where spam would originate. But these efforts weren’t very effective. IT was constantly playing catchup to spammers.

 

What actually reduced the amount of spam in the last 10 years was a research endeavor by Microsoft and UC-Berkeley in partnership with Visa. Their research revealed that a small group of organized crime syndicates was actually responsible for the majority of spam emails. Once Visa refused to process payments for products sold via spam, the level of spam went down significantly.

 

Today, we see the next iteration of spam. As Visa stopped taking transactions from spam, the people behind spam latched onto bitcoin as a form of payment. This has led to the rise of Cryptolocker, botnets, and the Dark Web.


WHITEPAPER: Defending Against Fileless Malware


Fileless malware is coming for you – and anti-virus can’t stop it. It’s one of the most insidious disguises hackers use to slip through the gaps in your network security. It hijacks legitimate, safe-to-use applications built in to every Windows computer. And it’s practically invisible to traditional anti-virus and anti-malware tools.



It’s fileless malware – one of the most effective and rapidly growing cyber threats in the world today.  Download our NEW whitepaper “Invisible Attacks: Defending Against Fileless Malware” to:

-Learn what fileless malware is
-Understand how it works and spreads
-Discover strategies for protecting yourself and your company

DOWNLOAD THE WHITEPAPER >>>

VIDEO: The Facts About Phishing Emails

Dale Harkness, senior consulting engineer at ITP, explains the ins and outs of phishing emails - and how you can avoid taking the bait. Watch the Video >>>



INFOGRAPHIC: Tips for Identifying a Phishing Email

Ever get an email that makes you feel uneasy? Maybe a word is spelled wrong, or there is a rogue capitalization in the middle of a sentence … or maybe something about the urgency in the message’s tone throws you off. Get tips for accurately identifying phishing emails in our latest infographic.

 

DOWNLOAD THE INFOGRAPHIC >>>


INFOGRAPHIC: Social Engineering Tactics


Hacking a human is way easier than hacking a network. Why? Because human emotions, curiosity, and guilt are easily manipulated. The hacker's goal? To obtain some nugget of information that will allow the bad guys into the network - with valid login credentials, through a friendly phone conversation, or even worse by giving them the key to the front door. See why humans are such easy prey for social engineering.
 
DOWNLOAD THE INFOGRAPHIC >>>


The Breach Report: Hitting Close to Home

Hackers gained access to City of Sun Prairie employee accounts from January-March 2019. The compromised email accounts contained personally identifiable information of Sun Prairie residents, including social security numbers, account login ID and passwords, driver’s license and state identification numbers, bank account numbers, medical information, and payment card information.

City officials don’t know which specific accounts were accessed, so anyone doing business with Sun Prairie should monitor their credit and identity to ensure their personal information is safe.

The lengthy communications delay and uncertainty surrounding the data breach leads to the conclusion the city was unprepared for a cyberattack. The city is now updating its cybersecurity protocols. Read More >>>

Week 3: The Dark Web

VIDEO: The Dark Web

If your login credentials get into the wrong hands, chances are they'll end up for sale on the Dark Web. ITP's CEO Paul Hager discusses how to monitor the Dark Web for your personal information and steps to take if it's out there. WATCH THE VIDEO >>>


 


Scary Stats: Did You Know?


Small and medium-sized businesses are quickly becoming prime targets for hackers. And the results can be devastating to business owners. Get real-time monitoring of your credentials (logins and passwords) as well as a Dark Web Scan through our partner ID Agent.

Get Your FREE Dark Web Scan >>>

 


Digital Fingerprints For Sale on the Dark Web



When we say digital fingerprints, we mean full user profiles – your fingerprint in the digital world. A new marketplace called Genesis is selling 60,000 digital fingerprints for as little as $5 each.

A full user profile doesn’t just include your login information. It provides thieves with your account cookies, browser details, and other features. This information helps cybercriminals evade many of the security standards that currently detect abnormal or fraudulent account behavior.

To prevent misuse of your digital fingerprint, enable two-factor authentication whenever possible. Also, keep an eye on your digital information with software solutions like BullPhish ID.


VIDEO: A Dive Into the Dark Web

Discover ways to keep your email, password, and other personal information off the Dark Web - and what to do if they're already there - from our CEO Paul Hager. Watch the Video >>>


 



INFOGRAPHIC: How are login credentials compromised?

The most common password mistake we make is reusing passwords again and again across multiple accounts. What’s worse is when we repeat passwords between our personal and professional lives. Did you know that 39% of adults in the U.S. use the same or very similar passwords for multiple online services?

 

Learn the methods behind HOW credentials are compromised, and then WHAT attackers do with those credentials. Access the ‘Exposed Credentials Infographic’ to get more insight into protecting yourself against credential compromise.

 

DOWNLOAD THE INFOGRAPHIC >>>


Find Out if Your Credentials are on the Dark Web - For Free



More than 80% of data breaches use stolen passwords to access a company’s network. Hackers can find and buy these stolen passwords on the Dark Web. If your credentials are out on the Dark Web, you and your company are at risk of being hacked. But how can you tell if your password has been compromised?
 
No need to navigate the Dark Web on your own. We’ll do the dirty work for you! Our free Dark Web Scan searches for any personal and company credentials to see if they’re on the Dark Web and no longer safe to use.
 
Get Your FREE Dark Web Scan >>>

Week 4: Staying Secure Wherever You Are

VIDEO: Using Public Wi-Fi Securely

Should you really use the local coffee shop's Wi-Fi? Paul Hager, CEO of ITP, explains the dangers of public Wi-Fi and how to connect to the internet more securely. WATCH THE VIDEO >>>



We Believe in 2-Factor Authentication. Here's Why You Should, Too.

Most passwords today are weak and used for multiple accounts – easy targets for hackers. 2FA is a simple, yet incredibly effective way to protect access to your personal and business accounts.


Whether it’s a text message with a code or an app that prompts you to accept a login attempt, 2FA only take a few seconds. And it’s powerful enough to protect you from credential stuffing, phishing, and other direct hacks.


Read More >>>  


Dunkin’ Donuts Gets Hacked


This spring, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018.

This credential stuffing attack leveraged previously leaked usernames and passwords to breach DD Perks rewards accounts. The exposed accounts contain personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes.

While these credentials are useful for orchestrating further cyberattacks, the hackers weren’t just after this personal info. They’re also selling access to the accounts on the Dark Web so buyers can cash out on reward points they didn’t earn.


VIDEO: Stay Secure Wherever You Are

From enabling privacy protections on your devices to better managing your passwords, learn tips for protecting yourself online from our CEO Paul Hager and Sr. Consulting Engineer Dale Harkness. Watch the Video >>>



Good Cybersecurity Is Like Onions - It Has Layers

Does your network security look like swiss cheese? Even a tiny gap in your network protections is enough for a hacker to squeeze through.

 

No one vendor or solution is the magic bullet that prevents all cyber threats. You need a variety of tools and strategies working together to provide maximum protection. A layered approach to cybersecurity means having protection in place at critical points along the path a cyberattack takes.

 

Learn About the 4 Basic Security Layers >>>



Mobile Banking Malware on the Rise


According to a Kaspersky Lab report, instances of mobile banking malware trojans more than tripled in Q1 2019. In addition, there was a 58% increase in modifications to banking trojans.

Banking trojans steal both credentials and funds from users’ bank accounts. A single piece of malware, dubbed Asacub, accounted for more than half of the banking trojans detected during Q1, attacking approximately 8,200 users a day.

The report also identified nearly 30,000 different modifications of banking trojans, each one a new attempt to thwart banks’ cyber defenses.

There are 57 million mobile banking users in the U.S. And 86% of U.S. banks offer bill pay via mobile banking. As more and more financial services are conducted online, it’s troubling to see an uptick in the scope and complexity of mobile-focused malware attempts.

Week 5: Creating A Human Firewall

VIDEO: Security Awareness Training

All the cybersecurity products in the world can't prevent a virus if you decide to open a suspicious attachment. People can be the weakest link in your cybersecurity strategy - or the strongest. It all comes down to training. ITP's CEO Paul Hager talks smart training strategies. WATCH THE VIDEO >>>



WHITEPAPER: Email Remains #1 Attack Vector for Hackers

Knowing where to look and what to look out for is half the battle. See the stats for email threats so far in 2019 in the ‘State of Email Security Report’ from ITP. This whitepaper includes insight from over 1,000 IT decision-makers all over the world. It covers the types of attacks that reared their ugly heads in 2019, the resulting business impact, and how organizations like yours are responding.


DOWNLOAD THE WHITEPAPER >>>


INFOGRAPHIC: 8 Cybersecurity Myths Debunked

Fact or fiction? With so many sneaky cybersecurity threats lurking in the wild, it can be hard to distinguish what threats could affect your business. How can you tell you’ve been hacked? Who's responsible for cleaning up the mess of a breach? Discover 8 common misconceptions about cybersecurity – and how you can stay above the fray.


DOWNLOAD THE INFOGRAPHIC >>>

 


Want more security resources and updates?

We've got so much more to share with you. Subscribe to our regular update emails filled with security resources, blogs, videos, and events.


SUBSCRIBE NOW >>>


Email Security Training That's Actually Fun

Let’s face it. Learning about cybersecurity can be a real snore – especially for employees whose jobs have little or nothing to do with IT.


Companies spend more than $1.5 billion on email awareness training, yet human error is still a component in 95% of all security breaches. Obviously, traditional training methods aren’t working.


Now for the good news. Check out this hilarious new training program that’s changing the way employees think about cybersecurity.

 

Keep Reading >>>


DOWNLOAD: 15 Ways to Protect Your Business

Lock down your business data with a solid security posture. Our recommendation? A layered approach, with the technology and training to protect your users and your precious data.


Did you know that 1 in 5 small businesses will suffer a breach this year? It's mostly due to easily overlooked gaps in their security processes, like not turning on multi-factor authentication. Strengthen your security stance with these 15 simple ways to protect your business.


 

DOWNLOAD THE INFOGRAPHIC >>>

  


HIPPA Violation in Our Backyard


Wisconsin Diagnostic Laboratories (WDL), a network of 13 medical testing facilities in and around Milwaukee, has notified 114,985 patients that some of their protected health information was compromised in the AMCA data breach.
 
On June 3, 2019, AMCA informed WDL that some of its patients’ data had been compromised as a result of the hacking of a web payment portal. The hacker gained access to the payment page on August 1, 2018. The breach was detected on March 30, 2019 and unauthorized access was terminated. Ouch. 
 
The types of information breached included patients’ names, dates of birth, dates of service, names of lab or medical service providers, referring physician’s name, balances owed to WDL, and other medical information related the services provided by WDL. No Social Security numbers or lab test results were compromised in the breach. A limited number of individuals also had their financial information (credit card number/bank account details) compromised.

Get the latest news in breaches in our monthly 'Breach Report blogs >>>