March News:

On The Calendar We've had a recent anniversary...The Fulcrum Group has been assisting Fort Worth and Dallas businesses with their IT needs for 18 years now!  Also, Fulcrum Group has appeared once again on CRN's MSP 500 List. Find out what that means for area businesses here. We'll let you know about any additional upcoming special events through our social media pages, which we'll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
Why End User Security Awareness Training Is Important Why End User Cybersecurity Training Is Important What’s the biggest risk to your organization’s cybersecurity?  It’s not antivirus, patching, or firewall.  Unfortunately, the biggest risk is your own employees. Negligence or flat out malicious acts by employees has become a major issue for organizations today; one that is easily exploited by cyber criminals. In fact, almost 90 percent of cyber attacks are caused by human error or behavior.  While organizations need to secure their IT environments, investments also need to made into training their employees to avoid cyber attacks. As a business leader, the task of end user security awareness training falls into your hands. Keep reading to discover which essential elements you should cover when providing end user security awareness training. Generally, a solid security awareness training program should cover the following topics:
  • Phishing and Social Engineering
  • Access, Passwords and Connection
  • Device Security
  • Physical Security
Here’s a quick overview of how to best educate end users on each of these topics. Phishing and Social Engineering Social engineering is typically defined as an attack that’s based on deceiving users or administrators into divulging information. Phishing, an attempt to acquire sensitive information (passwords, usernames, payment details) from an individual through email, chat, or other means, is a common type of social engineering attack. The reason phishing and other social engineering attacks are so successful is because they’re disguised to look like they come from credible, trustworthy sources—forcing a sense of falsified trust. But, there are some tell-tale signs to help spot a phishing attempt, such as typos and misspellings, links containing a string of random numbers and letters, the email relying on a sense of urgency, or feeling like something if off about the information they’re requesting. Your end user security awareness training program should address how to identify and avoid these threats. Access, Passwords and Connection Use this time to go over the different aspects of the network; from access privileges and passwords, to the network connection itself. As a business leader, you should be able to distinguish general users from privileged users, those who have elevated rights or access above that of a general user. Generally, privileged access is given to users who need to perform administrative-level functions or access sensitive data. Every employee should know which level of access they have—meaning which information, applications or functions they can and cannot perform and have access to. On a similar note, employees should be thinking about the passwords they’re using to access the IT environment; keeping in mind length, complexity and whether or not they’re sharing those passwords or using them for multiple apps. There are a few best practices around strong passwords, including the length being at least eight characters, containing letters and special characters, and staying away from obvious information such as names and birthdays. Additionally, it’s wise to think about changing and/or updating their passwords every six months or so. What’s sometimes least obvious to employees is that they should also be wary of the network connections they’re using outside of their home or work. Although the data on their device may be encrypted, it’s not necessary that the connected network transfers that data in an encrypted format—opening all sorts of vulnerabilities. What’s more, there’s always risk of the public network being tapped, which puts the data being exchanged over that network at risk. You should encourage end-users to only use trusted network connections or secure the connection using appropriate VPN settings. Device Security In the era of Bring Your Own Device (BYOD), more and more mobile devices are entering the workplace, connecting the corporate network and accessing company data. However, this creates even more entry points for threats to come through. Therefore, it’s important for employees to ensure their mobile devices are securely connected to the corporate network and always in their possession. The same threats that lurk over desktops and laptops are applicable to mobile devices. Arguably, tablets and smartphones could be seen as less secure because they lack pre-installed endpoint protection. Users should always be mindful of which websites they’re visiting, which apps they’re installing and which links they’re clicking on. Physical Security Cyber threats aren’t the only ones employees need to look out for. Physical security also plays a role in keeping sensitive information protected. Leaving a mobile device or computer unattended is a common mistake most end users end up committing unintentionally. If someone were to swipe an employee’s phone or log into their computer, all of the data and information that’s accessible via that device is put at immediate risk. All Fulcrum Group SPOT clients receive annual end user security awareness training as part of their SPOT Managed IT Services agreement. Contact your Fulcrum Group Fractional CIO for more information
What Is A Phishing Test?Phishing Tests for Employees A Phishing Test is a tool provided by The Fulcrum Group, which can determine the vulnerability level of your end users by giving you an indication of how many employees may be susceptible to an email-born social engineering attack. It can also be used to supplement and reinforce training received in the Fulcrum Group end user security awareness training modules by giving your users real world “practice” in recognizing social engineering attacks and responding to them appropriately. It works like this:  Fulcrum Group sends one phishing test email to each user in your organization. In our initial, free phishing test, the email sent is a link test, which involves some text meant to lure the user into clicking an embedded link. Once the link is clicked, the user is directed to a Landing Page. Our Basic Landing Page tells the user they have been part of a simulated phishing test and gives them some rules to apply when inspecting emails in their inbox. The results of the initial, free test include the number of users who failed the test.  This will give you an idea of your security risk from your end users. Fulcrum Group SPOT clients already receive end user security awareness training as part of the SPOT Managed IT Services agreement.  Regular phishing tests, dark web monitoring, and micro trainings are available as an additional charge.  Contact your Fulcrum Group Fractional CIO for more information. Always feel free to reach out to us with questions..
March 2020 Security Awareness Newsletter

Click for March's Security Awareness Newsletter.

Cybersecurity SPOTlight: The Travel Issue Learn how to heighten your own cybersecurity awareness when traveling!  Great tips in this month's edition of our Security Awareness Newsletter! As always, feel free to reach out to us with questions.
Vistage Executive News -Tips for Succeeding Under Pressure Vistage Executive Group Professional pressure often comes with the territory in most careers, but here are some tips on how to keep your cool when handling those situations.
Fulcrum Group Did You Know Did You Know...? End User Security Awareness Training Did you know…?  The Fulcrum Group SPOT Managed IT Services includes end user security awareness training to help your employees spot and avoid cyber threats. Feel free to reach out if you'd like more information!