Phishing Emails Win Again

For many, it’s a morning ritual. Come to work, grab a cup of coffee and start answering those emails. The sooner you’re caught up, the sooner you can get started on the day. Because of this, you may skim internal emails a little more quickly, only acting on what’s asked of you. After all, these […]

Insider Theft Leads to the Data Breach of 1.5 Million Bank Clients

Atlanta bank SunTrust recently announced that 1.5 million users have potentially been exposed to a criminal third party. Unlike most data exposures we’ve been hearing about, the source of SunTrust’s breach was not caused by cybercriminals, but rather a theft by an employee who gained access to sensitive client information without security clearance. Sources say […]

The Hidden Flaws

Cyber attackers are known for their persistence. If they hit a pothole trying to break into your IT network, they won’t just give up and move on to their next target. Instead, they’ll redouble their efforts and probe your infrastructure, looking for new ways to grab your valuable data. Unfortunately, sometimes these vulnerabilities can be […]

Employee Training is the Only Way to Prevent Social Engineering

Social engineering is currently one of the hottest topics within the IT security world – for good reason. The use of this attack method is only increasing, as phishing attempts grew by a whopping 250% between October 2015 and March 2016, and to make matters worse, combatting this threat poses a very unique challenge. While phishing […]

Employers Beware: W-2 Scams Running Rampant

Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your […]

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you […]

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. […]

Social Engineering: What It Is, and How You Can Prevent It

You’re probably aware of some standard IT security threats, like viruses, ransomware, various different kinds of malware and more. These make headlines and, more importantly, fit our conception of standard cyber-criminal attacks – programs designed to steal our data and information. However, there are arguably more pressing threats to your business that you may not […]

Key Takeaways from Interop

Security was on everyone’s mind at this year’s Interop Las Vegas conference, with workshops ranging from insider threats to social engineering, supply chains and managing targeted attacks. One key point that emerged from all of the discussion was that businesses and governments need to understand the motivations of cyber attackers. Dmitri Alperovitch led the INTEROP […]

BAI Security – Mid-year Top-4 Security Risks

First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks.  BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and […]