Normal view

There are new articles available, click to refresh the page.
Before yesterdayNational Cybersecurity Alliance

Convene Chats Workshop: Building Your 2025 Security Training and Awareness Program

5 November 2024 at 16:11

As we enter the new year, it’s time to reflect on the successes and lessons learned from your 2024 security awareness program. Did you knock it out of the park during Cybersecurity Awareness Month? Were you successful in effectively communicating your message across your organization? Did you observe any meaningful changes in employee behavior?

Bring your successes, questions and lessons learned to our workshop. Julie Morris, CEO and co-founder of Persona Media will lead a dynamic discussion on enhancing your security training and awareness program with thought leadership and best practices in messaging and storytelling.

  • Share the accomplishments of your 2024 program and Cybersecurity Awareness Month campaign
  • Bring your questions on how to grow your program in the upcoming year and the specific problems you’re trying to solve
  • Learn tactics for driving change and fostering influence within your organization. Space is limited.
Featured Speakers:
  • Julie Morris, CEO & Co-Founder, Persona Media
  • Lisa Plaggemier, Executive Director, National Cybersecurity Alliance

The post Convene Chats Workshop: Building Your 2025 Security Training and Awareness Program appeared first on National Cybersecurity Alliance.

Two Ways to Use AI for Tabletop Simulations

29 October 2024 at 15:11
Join NCA and ChaosTrack for a special webinar on how to use tabletop simulations to secure your business, and the AI-powered tools available to help you create effective exercises, no matter your budget.
 
What You’ll Learn:
  • What are tabletop exercises and why are they important?
  • Why running tabletop exercises can be challenging for many organizations.
  • Free tools available to create realistic tabletop scenarios, including GenAI platforms.
  • How to run a massively scalable AI-powered simulation.
Who Should Attend:
  • Managed service providers and IT professionals at small to medium sized organizations.
Featured Speaker:
  • Josh Ablett, Co-Founder/CISO, ChaosTrack

 

The post Two Ways to Use AI for Tabletop Simulations appeared first on National Cybersecurity Alliance.

How to Protect Your Business Using Free Shadowserver Reports

29 October 2024 at 14:50

The Shadowserver Foundation is a nonprofit organization that scans the internet daily, collecting vast amounts of threat data. By signing up for their reports and inputting your organization’s information, you can receive these reports from Shadowserver. The reports provide information on vulnerabilities that can be remediated, and malicious activity taking place that could affect your organization. Join us to learn more about how to access and utilize these reports for your organization or your clients’ organizations.

Featured Speaker:
  • Tod Eberle, Shadowserver Foundation

 

The post How to Protect Your Business Using Free Shadowserver Reports appeared first on National Cybersecurity Alliance.

Season of Light, Season of Scams: Avoiding Gift Card Fraud

28 October 2024 at 15:45

Prepare for the holiday shopping season with us and join our webinar featuring Homeland Security Investigations as we dive into the topic of gift card scams. We’ll talk about how to protect yourself from “card draining,” where thieves grab gift card funds before you use them! Learn about how these scams work, what HSI is doing about them, and get tips about shopping safely online!

Featured Speakers:
  • Freddie Taylor, Homeland Security Investigations
  • Adam Parks, Homeland Security Investigations
Additional Resources:

The post Season of Light, Season of Scams: Avoiding Gift Card Fraud appeared first on National Cybersecurity Alliance.

Data Privacy Week

28 October 2024 at 11:34
You have the power to take charge of your data. This is why we are excited to celebrate Data Privacy Week 2025 with the theme:

TAKE CONTROL OF YOUR DATA

Your online activity creates a treasure trove of data. This data ranges from your interests and purchases to your online behaviors, and it is collected by websites, apps, devices, services, and companies all around the globe. This data can even include information about your physical self, like health data – think about how an app on your phone might count how many steps you take.

You cannot control how each little piece of data about you and your family is collected. However, you still have a right to data privacy. You can help manage your data with a few repeatable behaviors. Your data is valuable and you deserve to have a say!

Check out our resources below to better manage your personal information and make informed decisions about who receives your data.

Become a Champion!

Get Involved and Show Your Commitment

Champions represent those dedicated to empowering individuals and encouraging businesses to respect privacy. Become a Champion and receive a toolkit of free resources you can share within your organization and community!

Toolkit will be available by early December!

Data Privacy Week Resources

About Data Privacy Week

Data Privacy Week is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust.

Learn more

What is Data Privacy?

The sheer volume of data generated about you and your activities online is staggering, which is why data privacy has become a defining issue of our digital age.

Learn more

Become a Champion

Champions represent those dedicated to empowering individuals and encouraging businesses to respect privacy, safeguard data and enable trust.

Learn more

View all Champions

Attend an Event

Watch Talking Data: a new series of conversations about how to keep your data private and safe!

Watch our How to Get Involved in Data Privacy Week webinar!

Take Control of Your Data

Follow these steps to better manage your personal information and make informed decisions about who receives your data.

Learn more

Respect Privacy

Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business

Learn more

Manage Your Privacy Settings

Want to view or change your privacy/security settings, but don’t know where to find them? Use these direct links to update your privacy settings on popular devices and online services.

Learn more

How to Be a Data Snob

A guide on how to maintain, track, and protect your online privacy when using websites and apps, including how to decide who to trust with your data.

Learn more

Data Privacy Week Videos

Watch past Data Privacy Week events and recordings

View all

Become a Sponsor

Contact Lucas King at lucas@staysafeonline.org for more details.

The post Data Privacy Week appeared first on National Cybersecurity Alliance.

How to Make Cybersecurity Training Accessible

1 October 2024 at 15:25

We repeatedly hear that human behavior is an essential element of any organization’s security, arguably the most critical.

Therefore, most training programs focus on putting people first. But do you think everyone can access and understand your training? 

Accessibility needs to be a fundamental part of your awareness program. Furthermore, your security strategy needs to permit accessible options. For the millions of people living with disabilities, inaccessible training and tools leave them vulnerable – which becomes a vulnerability for our organizations and society. To create a safer digital environment, we must ensure that cybersecurity training is accessible and inclusive. You can start making your training accessible today.  

Understand the unique needs of employees with disabilities 

Disabilities come in many forms, including physical, cognitive, and sensory impairments. These present distinct challenges when interacting with digital systems, particularly cybersecurity tools that often require fine motor skills, clear visual perception, or cognitive focus. For instance, a visually impaired person might struggle with CAPTCHA verification, while someone with a hearing impairment may miss critical audio alerts during security processes. 

Inaccessible protocols make it difficult for people with disabilities to complete basic cybersecurity tasks, increasing the risk of human error or insecure workarounds. Employees with disabilities are just as invested in maintaining security as their peers, but without accessible tools and training, they are often unintentionally excluded from these efforts. 

For example, if a person has a visual impairment, using facial recognition for multi-factor authentication on a smartphone would be difficult because they might be unable to match their face with the phone’s camera.  

However, accessible training is a good practice even if you don’t think anyone on your team requires accommodation. Consider the three following scenarios: 

  • A coworker is deaf.
  • A coworker is working at a noisy coffeeshop without headphones.
  • A coworker has a hard time hearing because of an ear infection.  

If your training video doesn’t have a transcript or closed captions, none of these coworkers can learn from it. By making accessibility a priority, you improve the reach of your program for everyone.

Common accessibility challenges in training and awareness programs

Traditional cybersecurity training methods frequently fall short of addressing the needs of employees with disabilities. If the effort isn’t spent making them accessible, training materials such as video tutorials or interactive platforms might rely heavily on visual or auditory cues without offering alternative formats. People with visual impairments may struggle with videos lacking closed captions or alternative text. Those with mobility issues may find navigating training modules requiring precise mouse clicks challenging. 

Additionally, your training might emphasize speed and efficiency, which disadvantages people who require more time to process information or interact with digital tools. As a result, employees with disabilities may miss critical training details, leaving them underprepared for potential security threats. This puts them at risk and increases the organization’s overall vulnerability. 

Creating accessible cybersecurity training is not just about compliance with regulations; it’s about fostering an inclusive security culture that empowers all employees. Accessible training ensures everyone can fully engage with and adhere to security practices. 

When organizations prioritize accessibility, they create a more supportive environment where employees feel valued and capable of contributing to their workplace security. This inclusivity reduces the risk of errors, improves overall security compliance, and promotes a culture of trust and safety. Moreover, accessible training benefits all employees by offering easy-to-follow materials catering to various learning styles and preferences. 

One out of every four Americans lives with a significant disability, but we have a long way to go to make the internet accessible to everyone. A recent WebAIM survey found that 96% of website homepages failed to meet one or several international accessibility guidelines.  

So accessibility isn’t just a goal for training – we must work to ensure all cybersecurity protocols are accessible to everyone, too.

Accessible and secure by design

Designing accessible cybersecurity solutions starts with understanding usability and people’s diverse needs. Accessibility doesn’t mean compromising on security; it means finding innovative ways to ensure that everyone can participate in keeping an organization secure. This includes design choices that account for visual, auditory, and cognitive differences. 

Some key strategies for accessible design include: 

  • User-friendly interfaces: Implementing interfaces that are easy to navigate, with clear fonts, proper color contrast, and simple layouts that accommodate screen readers or other assistive technologies.
  • Alternative formats: Providing alternative content formats, such as text descriptions for visual elements or captions for video content, ensures that people with different disabilities can access the same information.
  • Flexible input methods: Offering options like keyboard navigation, voice commands, or biometric authentication (e.g., fingerprint or facial recognition) can cater to users who struggle with traditional methods like passwords or CAPTCHA. 

When accessibility is built into cybersecurity tools from the start, it not only benefits employees with disabilities but also improves the overall user experience.  

For example, state governments in the United States must adhere to Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. These guidelines provide specific criteria for digital content that is usable to all and are a good place for your organization to start.  

Involve your people in accessibility efforts

No one understands the accessibility needs of your team better than your employees. Engaging your team in the design, testing, and feedback processes leads to more effective and inclusive security solutions. Encouraging open dialogue allows organizations to identify specific accessibility barriers and develop tailored strategies that address them. 

Collaborating with accessibility experts and user experience designers will enhance these efforts. By working together, organizations can ensure that their security practices are robust yet adaptable to the diverse needs of their workforce. 

In cases where security policies may conflict with accessibility needs, such as strict password policies that are difficult for some users to manage, flexibility is vital. Explore alternative methods that meet security requirements while accommodating employees’ needs – there’s more than one way to MFA, for instance. A culture of collaboration empowers employees to maintain security without compromising their ability to perform their roles effectively.

The post How to Make Cybersecurity Training Accessible appeared first on National Cybersecurity Alliance.

What is Pig Butchering and How to Spot the Scam 

27 September 2024 at 11:58

“Pig butchering” is a scam that’s been muscling into the headlines lately.

The unsettling term for these scams, pig butchering, suggests that scammers take their time to “fatten up” their victims and take as much money as they can.

These scams are also called “accidental text” scams because they often begin with a seemingly innocent mistaken text. These scams are defined by the fact that they take place over a long period of time, and they frequently combine multiple scam tactics. 

You can keep your wallet off the chopping block by watching out for red flags and protecting your data.  

Pig butchering scam meaning

The term “pig butchering” is a translation from the Chinese term shu zhu pan, which can also be translated as “killing pig plate.” For the scammers, the “pig” is a victim to be fattened up for slaughter so scammer can siphon off as much money as possible. Pretty nasty stuff!  

Shu zhu pan scams were first identified in China in the late 2010s, perpetrated by fraud networks that targeted Chinese offshore gamblers. Many of the organized crime outfits that specialize in pig butchering are still based in Asia but target people all over the world.

What is pig butchering? 

Pig butchering is very similar to romance scams, which have been around for decades, and other cryptocurrency scams that sprouted as crypto became mainstream over the past 10 years.  

As pig butchering scams have proliferated, they seem to share several traits in common: 

  • “Accidental” contact: Scammers often pretend they contacted the potential victim by mistake. While contact can occur through texts, it can also happen through social media DMs, dating sites, or other electronic communications.  
  • Crypto investment: After conversing with the target, the scammer will try to persuade them to invest in a cryptocurrency or platform. They may also suggest gold trading or forex (foreign exchange markets). In pig butchering, all these “investments” are fabrications, and the money goes straight into the scammer’s pocket.  
  • Extended contact: The scammer will insist on continued investment once they’ve hooked a victim. They might produce fake charts or even send over small “withdrawals” to convince the victim. Sometimes a target is directed to a fraudulent app that mimics financial platforms like Robinhood or Coinbase. Once the victim catches onto the scam or seems to be tapped dry, the scammer ends contact and disappears.

Pig butchering red flags 

The best way to avoid becoming a pig butchering victim is to be suspicious of any seemingly mistaken contact. This includes texts, messaging services like WhatsApp, online dating platforms, and social media. As generative AI becomes widespread, “wrong number” phone calls and even video calls could be pig butchering scams.  

These texts can be simple (“Hi.”), conversational (“Long time, no see”), and even downright whimsical, suggesting an intriguing story (“It’s been forever since our last charity gala!”). 

A good rule of thumb is to never respond to any communication from a stranger. Don’t even tell them they’re texting the wrong number.  

Here are some general pig butchering red flags to look out for: 

  • Seemingly accidental or mistaken contact, but the person wants to keep talking.
  • Conversation turns to investments in cryptocurrency, gold markets, or forex.
  • Continued, sustained contact to encourage repeat theft.  

How the scam works 

Most of these scammers work from offices and are forced to scam by organized crime syndicates. Many perpetrators are actually human trafficking victims lured in by the promise of a call center job, for example.  

Scammers can buy batches of phone numbers stolen in data breaches or phone numbers from legal data brokers. They then send fake messages to millions of phone numbers hoping someone will respond.  

Once a person responds, even with “you have a wrong number,” the scammer will strike up a conversation.  

At some point, the conversation will pivot to investment opportunities. The scammer might say they know about a great new cryptocurrency or a trading platform. They will make the investment sound as legitimate as possible by sharing screenshots or sending pics of their apparently glamorous lifestyle.   

Sometimes, victims are added to a group chat with many people discussing investments. The group is all scammers, or it might just be one person using multiple profiles! 

If you agree to invest, the scammer will focus on getting you to invest more and more money. They will share doctored images showing incredible returns. They might control an app or website that you can engage with. In rare cases, they might even send you some money as a fake withdrawal or dividend. 

Pig butchering scammers are ruthless – after you’ve “invested” all the money you have at hand, they will ask you to dig into retirement savings, and then try to convince you to go into borrow money and go into debt. 

If you ask for your money back, the scammers might agree but then claim they need more money to handle “tax problems” or brokerage fees.  

Once the scammer decides that the pig is thoroughly butchered, they will cut off communication. This usually happens after they’re convinced the victim has no more money to steal or the victim becomes suspicious. If the scammer can access the victim’s bank account, they will empty it.  

What to do if a pig butchering scam happens 

If you think you’re a victim, stop all contact with the suspicious person and stop investing money. Report the crime to your bank and IC3 right away. The longer you wait, the harder it is to reverse fraudulent transactions.  

To reduce the risk of being caught up in a pig butchering scheme, be mindful of what personal data you share online and follow other cybersecurity basics. 

The post What is Pig Butchering and How to Spot the Scam  appeared first on National Cybersecurity Alliance.

Convene Chats – Laying the Groundwork: Three Principles That Can Transform Your Security Culture

26 September 2024 at 10:39
Every organization has a security culture—but how effective is yours? This session explores the impact of organizational culture on security and offers principles for building a robust environment. Learn to understand risks, engage users, align with business goals, and communicate value to create a security culture based on trust and respect.
 
Featured Speakers:
  • Dr. Bob Hausmann, Learning and Assessment Architect, Proofpoint
  • Cliff Steinhauer, Director of Information Security and Engagement, National Cybersecurity Alliance

The post Convene Chats – Laying the Groundwork: Three Principles That Can Transform Your Security Culture appeared first on National Cybersecurity Alliance.

STUDY: Less Than Half of AI Users Trained on Security and Privacy Risks

26 September 2024 at 09:27

WASHINGTON – September 26, 2024 The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024 supported by SAP and conducted in partnership with New Zealand’s National Cyber Security Centre (NCSC) and the Australian Cyber Collaboration Centre. Polling over 6,500 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, the research examines key cybersecurity behaviors, attitudes and trends ahead of Cybersecurity Awareness Month.

The survey reveals a growing concern about the intersection of AI and cybersecurity, with 65% of respondents expressing apprehension about AI-related cybercrime. This concern spans across generations, with the Silent Generation (73%) and Baby Boomers (70%) showing the highest levels of worry, while Gen X (61%) remains slightly less concerned. Moreover, the lack of adequate training on AI security and privacy risks is alarming, with 55% of AI tool users reporting they have received no training. These findings highlight a significant gap between rising concerns about AI threats and the actual preparedness of users, pointing to an urgent need for education and security measures as AI continues to evolve.

“The growing concern about AI-related cybercrime reflects a heightened awareness of the digital threats we face,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “However, with over half of participants (56%) not even using AI tools, and most (55%) of those using AI not being trained on the risks, it’s evident that more education and resources are needed. We must continue to offer clear, practical guidance to help individuals understand and manage the risks associated with AI, ensuring they can protect themselves and their families in an increasingly digital world.”

“AI has unleashed a host of new security concerns for CISOs, business leaders, and the general public,” said Oz Alashe MBE, CEO and Founder of CybSafe. “While the security community is well aware of AI-related threats, this awareness hasn’t yet translated into consistent security practices across the workforce. While AI presents unique and urgent challenges, the core risks remain the same. Many employees understand what’s required to safeguard their workplace against cyber threats, but the key to strengthening organizational resilience lies in transforming that knowledge into regular, safe behavior. People want to be part of the solution, but it’s ultimately the responsibility of organizations to provide the tools and support needed for success.”

Overview of key report insights:

Need for Clearer Cybersecurity Guidance Amidst Confusion 

Self-reliance in online security is growing slowly but steadily with 54% of participants finding it easy to stay secure online, up 4% from last year. However, 40% still find online security information confusing and 37% feel overwhelmed by security advice, up 5% year-over-year. Despite these challenges, 44% continue to use the internet despite security concerns. Millennials report the highest ease with online security at 62%, while only 32% of the Silent Generation feel the same. The data underscores the need for clearer, more actionable cybersecurity guidance to help users navigate the complexities of online safety.

Rising Cybercrime Highlights Need for Enhanced Protections 

Victimization from cybercrime has sharply increased, with 3,346 reported incidents, up by 1,299 from last year. 35% of participants reported being victims of cybercrime, an 8% rise from 2023. Phishing scams were the most common, representing 44% of incidents, though this is a slight decrease of 3% year-over-year. Cyberbullying also rose, affecting 18% of participants, up 3% from 2023. Younger generations are more affected, with 52% of Gen Z and 46% of Millennials reporting losses due to online scams. In contrast, Baby Boomers and the Silent Generation experienced lower rates of victimization. These trends emphasize the urgent need for stronger cybersecurity measures and increased awareness to combat the growing threat of online scams and bullying.

High Reporting Rates for Cybercrime Highlight Increased Awareness 

Reporting rates for cybercrime have risen, with 91% of victims reporting incidents, up 3% from last year. Phishing scams were the most frequently reported at 89%, followed by online dating scams and identity theft at 92%. The USA has the highest reporting rate for identity theft at 96%. Although overall reporting is high, 12% of cyberbullying victims did not report the incident. Phishing scams are typically reported to banks (61%), online dating scams to workplaces (41%), and identity theft to banks (59%). These figures reflect growing awareness and response, but also highlight the need for continued improvements in reporting mechanisms and support.

Decline in Cyber Training Access Reveals Shortcomings and Opportunities 

Access to cybersecurity training has declined, with 56% of participants lacking access, down 8% from last year. Despite this, 33% now have and use training, a 7% increase. Most training is received through one-off courses, and Gen Z (44%) and Millennials (47%) report the highest access rates. Training is predominantly accessed at work (66%), with 83% finding it useful. Mandatory training is high at 86%, with 45% of the USA completing it annually. Overall, training has improved key security behaviors, including phishing recognition (52%) and MFA adoption (45%).

Gaps in Password Management and MFA Adoption Persist 

Despite growing awareness, significant hurdles remain in password management and multi-factor authentication (MFA) practices. Only 65% of participants consistently use unique passwords, with 60% citing difficulty remembering them as a key barrier. Password managers are underutilized, with 40% of users preferring browser-based solutions, while 46% have never used one. Although 81% are aware of MFA, only 66% use it regularly, and its adoption varies widely by region. Notably, 45% of those who use MFA do not enable it for work-related social media accounts. This data highlights a need for more effective strategies to improve password practices and increase MFA usage across all sectors.

To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2024,” please visit: https://staysafeonline.org/resources/oh-behave-the-annual-cybersecurity-attitudes-and-behaviors-report-2024/

For more information on Cybersecurity Awareness Month please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/

About Cybersecurity Awareness Month  

Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit https://staysafeonline.org/programs/cybersecurity-awareness-month/ 

About the National Cybersecurity Alliance 

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Week (January); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org. 

About CybSafe 

CybSafe is the human risk management platform designed to reduce human cyber risk in the modern, remote, and hybrid work environment, by measuring and influencing specific security behaviors.

CybSafe is powered by SebDB—The world’s security behaviors database—and built by the industry’s largest in-house team of psychologists, behavioral scientists, analysts, and security experts. An award-winning, fully scalable, and customizable solution, it’s the smart choice for any organization.

• 91% Reduction in high-risk phishing behavior
• 55% Improvement in security behaviors
• 4x More likely to engage in cybersecurity initiatives

The post STUDY: Less Than Half of AI Users Trained on Security and Privacy Risks appeared first on National Cybersecurity Alliance.

❌
❌