Month: February 2023

6 Tips to Help You Set Up an Effective Employee Security Awareness Training Program

Security awareness training will help to make employees aware of the importance of security and cybersecurity, teach security best practices, and train employees how to identify, avoid, and report threats that they encounter; however, to get the best return on investment and make significant improvements to your organization’s security posture, there are important things to consider. In this article, we provide some security awareness training tips to help you create and maintain a training program that will deliver the results you seek.

  1. There is no one-size-fits-all approach

Many businesses make the mistake of developing a security awareness training plan for the entire organization and provide all employees in the organization with the same training course. While this approach can help to ensure everyone has an understanding of basic security concepts, in practice it doesn’t work. The best approach is to have a modular training course that allows training courses to be tailored to different individuals, departments, and roles. The training required by the IT department will be different from the HR department, C-suite, sales staff, and front-line staff, as the threats they are likely to encounter will be different. Tailoring training to make it relevant will help to engage employees.

  1. Training needs to be an ongoing process

You can – and should – provide training as part of the onboarding process, and then provide periodic training thereafter to keep security fresh in the mind and keep employees up to date on the latest threats. While it was once acceptable to provide an annual training session, the speed at which the threat landscape is changing means that such an approach no longer works. Training needs to be provided continuously if you are to stand any chance of changing employee behavior and creating a security culture in your organization. Providing training each month – such as a couple of short 5-10 minute training modules – will help to keep employees up to date on the latest threats and keep security fresh in the mind until their next annual training session.

  1. Intervention training is the most effective

The best time to provide training is immediately after an error has been made, as that is the time when the training is likely to have the greatest effect. If an employee is tricked by a phishing email, training immediately will help them to learn where they went wrong so they do not make a similar mistake again. If you use the SafeTitan training platform, training is automatically provided in response to mistakes by employees specific to the mistake they made or the threat they failed to identify.

  1. Use a variety of training materials

People learn in different ways, and while some employees will learn best in a classroom setting, others will learn better through videos, online training, quizzes, posters, email alerts, and other methods. You should ensure that you include a variety of media in your training. This will help to improve engagement and get the message across to all employees.

  1. Conduct phishing simulation exercises

Training sessions – whether online or in group sessions – are great, and if quizzes are conducted at the end of the sessions, you can tell who has taken the training on board, but you will not know if the training is being applied. You should strongly consider conducting phishing simulations on the workforce to test whether training is having any effect and to identify any types of threats that employees are failing to correctly identify. Phishing simulations reinforce training, help organizations deliver targeted training where it is needed, and allow them to monitor the effectiveness of training over time. If you are not measuring how effective your training is, you will not know whether you are actually making a difference or just wasting time and money.

  1. Use a quality training platform

There is no need to develop training programs from scratch. Use a vendor that provides quality, engaging training content and regularly updates the training in response to emerging threats. The SafeTitan platform includes a wealth of engaging, gamified training content that is enjoyable and relevant and allows organizations to create and automate tailored training for each individual. SafeTitan will deliver targeted training in response to errors by employees and the platform includes a huge number of phishing templates for running phishing simulations. Organizations that adopt SafeTitan can reduce susceptibility to phishing threats by up to 80%.

Cyren Alternative for Email and Web Security

Are you looking for a Cyren alternative for email and web security? TitanHQ can offer solutions for both to ensure your business is fully protected from email and web-based threats. TitanHQ can also provide a comprehensive security awareness training platform to help you eradicate risky practices and teach employees how to identify the full range of cyber threats they are likely to encounter.

If you are a Cyren customer, you will no doubt be aware that the company is experiencing extreme financial difficulties, to the point where the company recently had to let 121 members of staff go. That represents a significant reduction in its workforce, but the problems do not end there. In a February 1, 2023 press release, Cyren announced that current market pressures and the challenges the company has faced with raising additional capital mean the company is facing collapse.

“In the absence of additional sources of liquidity, management anticipates that the Company’s existing cash and projected cash flows from operations will not be sufficient to meet the Company’s working capital needs in the near term,” explained Cyren in its press release. “In the event that the Company determines that its liquidity will not allow it to meet its obligations as they become due or that additional sources of liquidity will not be available, the Company may need to pursue options available under applicable insolvency laws, including winding up its operations.”

Cyren offers a range of cybersecurity services and solutions, including email security and web security. In response to the announcement, TitanHQ contacted Cyren to ask how its services are being affected, and received a response from the CISO, stating “The SDK will work for as long as the systems in the cloud will continue running. Unfortunately, we have no personnel left to watch after the systems, so it is hard to predict how long they will run for.”

The news has left many customers looking for a Cyren alternative for email and web security, as without the staff to man the controls, protection will suffer. Many Cyren customers have contacted TitanHQ seeking a Cyren alternative and have received assistance migrating their email and web security from Cyren to SpamTitan and WebTitan. Those customers have been offered both solutions free of charge for 30 days to give them time to TitanHQ’s Cyren alternatives.

The management at TitanHQ have decided to extend that offer to all customers looking for a Cyren alternative, which will allow them to ensure that for at least the next 30 days they will be able to stay fully protected against email and web-based threats while they make a decision. Further, the TitanHQ migration team will be on hand to provide support to allow Cyren customers to rapidly transition to SpamTitan and WebTitan.

At the end of the 30 days, TitanHQ would love to retain former Cyren customers and continue to provide email and web security, although this is a no obligation 30 day offer with no strings attached. TitanHQ’s infrastructure can be rapidly scaled up to provide the extra capacity with no impact on the service for current users, so there should be no issues. All TitanHQ asks is for Cyren customers to contact the migration team and explain their requirements and to agree to fair use of the products.

Cybercriminals Turn to Malvertising for Malware Distribution Now Microsoft Blocks Macros

Now that Microsoft has started blocking macros in Office documents delivered via the Internet, distributing malware via email has become more difficult and hackers have been forced to change their tactics, techniques, and procedures. This has been seen in phishing attempts that use a broader range of file types, and malware is increasingly being delivered via malicious websites, with traffic sent to those websites using malvertsing.

Malvertising is the term given to the use of malicious adverts to send visitors to websites hosting phishing kits, malware, or web pages that are used for a range of scams. The malicious adverts are added to advertising networks such as Google Ads and drive traffic to the malicious sites. With Google Ads, these malicious adverts are displayed at the top of the page for key search terms, and often masquerade as adverts for legitimate software, such as the free-to-use open-source 3D computer graphics software, Blender.

Many websites boost revenues by including third party ad blocks on their websites, with those adverts delivered through legitimate advertising networks. Typically, these have been the option of choice for malvertising due to the extent of the checks conducted by Google and the speed at which Google identifies and removes malicious ads. The malicious websites to which these adverts direct can perform drive-by malware downloads, probe for and exploit vulnerabilities in web browsers, or simply trick users into downloading and installing malicious files.

There is growing evidence that hackers are turning to malvertising for distributing malware, with one of the latest campaigns identified by researchers at SentinelOne. They identified a campaign that distributes .NET malware loaders, which in turn are being used to install FormBook malware variants – Information stealers capable of stealing data from infected systems, including credentials from web browsers, screenshots, and logging keystrokes to obtain passwords.

The developers of FormBook malware make it cheap and easy for threat actors to use their malware, providing it to subscribers under the malware-as-a-service model. Since 2016 when the malware first appeared, it has primarily been delivered via phishing emails containing Office files with malicious macros. Now that macros are being blocked by default, other methods of delivery need to be used. In this campaign, a virtualized .NET malware loader dubbed MalVirt is used to obfuscate the implementation and execution, with the loaders used to deliver FormBook variants, including the latest XLoader variants. One of the benefits of this method of delivery, aside from getting around Microsoft’s macro protections, is the massive reach of these campaigns, allowing far more individuals to be attacked than is possible using phishing emails.

How to Protect Against Malvertising

There are several ways that businesses can protect against malvertising, the easiest of which is to install antivirus software on all endpoints; however, the speed at which new malware variants are being developed is reducing the effectiveness of signature-based detection mechanisms. Antivirus software requires the signatures of malware to be added to malware definition lists before the malware can be detected and blocked. It is increasingly common for new malware variants to be used and then dropped by the time the signatures are added to antivirus software.

It is important to keep web browsers up to date to ensure that vulnerabilities cannot be exploited, and ad blockers can be used to prevent the adverts from being displayed, although many websites now require visitors to enable adverts to be displayed, since they are a vital source of revenue for website owners.

One anti-malvertising control that should be considered is a web filter. Web filters are used to carefully control the web content that users can access. WebTitan Cloud is used by many businesses to block access to malicious websites and carefully control access to the Internet by blocking websites that serve no work purpose and preventing access to risky and kn own malicious URLs. WebTitan Cloud can also protect against malvertising by blocking downloads of specific file types from the Internet, such as executable files. In addition to preventing malware infections, WebTitan Cloud can also prevent the unauthorized installation of software without the knowledge of the IT department – Shadow IT.

If you want to improve your security posture and better protect against web-delivered attacks, contact TitanHQ for more information about WebTitan Cloud. WebTitan Cloud is available on a free trial to allow you to see for yourself how easy the solution is to install, configure, and use, and how effective it is at blocking threats and controlling Internet access.