Never mind “can’t teach an old dog new tricks”…

New research has uncovered an unexpected twist in the tale of cyber security risks – your tech-savvy younger employees may be your biggest vulnerability.

Shocked? Let’s dive into the details.

More than 6,500 employees across the globe were surveyed, with an almost equal representation of demographics. The results were rather alarming.

The study found that younger office workers, those 40 or under, are more likely to disregard standard password safety guidelines. Can you believe that 34% admitted to using their birth dates as passwords, compared to just 19% of those over 40?

And it doesn’t stop there.

The habit of using the same password across multiple devices was also more prevalent among younger workers, with 38% admitting to doing this.

And let’s not even get started on phishing scams. A whopping 23% of the younger demographic didn’t report the last phishing attempt they received. Their reasoning? “I didn’t think it was important”.

But surely they understand the gravity of security threats against businesses, right? Well, not quite.

While ransomware and phishing were acknowledged as critical threats by 23% and 22% of employees respectively, the overall attitude towards cyber security leaves much to be desired.

Here’s the kicker: a staggering number of those surveyed revealed that their organisations did NOT provide any mandatory cyber security training.

From the US (30%) to the UK (17%), Netherlands (32%), Japan (35%), India (31%), Germany (22%), France (43%), Australia (29%) and China (65%) – the numbers speak for themselves.

So, are we really to blame our young workforce when it’s clear that businesses aren’t doing enough to equip their employees with the necessary cyber security skills?

It’s high time we stopped treating cyber security as an afterthought and started investing in regular cyber awareness training for everyone in our businesses. Yes, EVERYONE. Not just the tech team or the executives, but every single employee.

At the end of the day, it’s not just about protecting your business; it’s about creating a safer digital world for us all.

We can help you do that. Get in touch.

Tempted to test new features before everyone else? DON’T BE!

Ever felt the urge to download the beta version of your go-to app, eager to experience all those shiny new features ahead of the crowd?

STOP!

A recent alert from the FBI might make you reconsider.

Cybercriminals are getting craftier, hiding nasty bits of code in bogus beta versions of popular apps. The end result? Your smartphone could become their personal cash machine.

Now, don’t misunderstand us; we’re as keen on tech innovations as anyone. But the thing about beta versions is, they haven’t undergone the strict security vetting that official app store offerings have.

These tricksters often send out phishing emails posing as app developers, promising early access to new beta features.

But here’s the catch: those apps are far from legit. Once downloaded, they can wreak all kinds of havoc, from plundering your financial apps to gaining control of your phone.

What if your team downloads one of these onto a company device? Could that put your business at risk?

So, here’s the takeaway: Good things come to those who wait. Resist the lure of beta versions and stick to officially released apps in trusted stores. If you’ve dabbled in beta versions before, watch out for warning signs like rapid battery drain, sluggish performance, relentless pop-up ads, or suspicious permission requests.

In today’s digital landscape, we need to be as clever and cautious as the gadgets we use. Before you hit that download button, pause and ponder: is the risk worth the reward?

Educate your staff to exercise the same caution. And if you’re providing them with work phones, you might want to look into a Mobile Device Management solution to keep things in check.

Need help fortifying your devices? We’re here to assist. Just drop us a line.

Microsoft and Samsung team up to boost work phone security

You’ve checked your pockets, your bag, under cushions… and then it hits you. You left your work phone on the table at the coffee shop.

You panic.

It’s not the device itself that’s got you worried, but all the sensitive business information stored on it. If that mobile ends up in the wrong hands, you’re facing a nightmare.

But that worry could be over. Microsoft and Samsung are joining forces to make your work phones safer. This month, they’re launching a groundbreaking solution to help protect anyone who uses a Samsung Galaxy device in the workplace.

How?

With something called on-device attestation. It lets companies see if mobile devices have been compromised, even at their deepest components. Think of it as a security guard for your phone.

Samsung brings its software and hardware innovations to the table, whilst Microsoft provides its endpoint management expertise.

And whilst other device attestation tools require a network connection and access to cloud services, this solution works reliably regardless of network connectivity or device ownership model.

This solution will be released alongside Microsoft Intune (previously known as Windows Intune), a unified endpoint management service for both corporate devices and BYOD (Bring Your Own Device). And it will be available to select Samsung Galaxy smartphones and tablets, especially those “Secured by Knox”.

So, whether you’re working from the office, a busy coffee shop, or a remote cabin in the woods, you can rest assured your device is safe.

In business, your phone is more than just a communication device. It’s a vault of sensitive (and valuable) information. And with Microsoft and Samsung on the case, that vault just got a lot safer.

If we can help you keep any of your devices more secure, get in touch.

Is that Microsoft email actually a phishing attack?

You’re probably well aware of the dangers lurking in your email inbox, but have you ever thought that an email appearing to be from Microsoft could actually be a disaster waiting to happen?

Microsoft, a brand we all recognise and trust, has unfortunately become the top target for phishing scams. In these scams, cybercriminals send you an email with a dodgy link or file, aiming to nick your data.

While Microsoft isn’t at fault here, it’s crucial for you and your team to be extra vigilant for anything that looks fishy.

In Q2 of 2023, Microsoft took the lead as the most impersonated brand by scammers, making up a staggering 29% of all brand phishing attempts. This puts them well ahead of Google in second place (19.5%) and Apple in third (5.2%). Combined, these three tech giants are responsible for over half of all brand impersonation attacks.

So, what does this mean for your business?

Even though there’s been a noticeable uptick in fraudulent emails targeting Windows and Microsoft 365 users globally, being observant can go a long way in shielding you from identity theft and fraudulent activities.

While the brands being mimicked may change over time, the tactics used by cybercriminals often remain the same. They’ll use convincing logos, colours, and fonts, and their phishing scams often feature URLs that look almost identical to the real thing. However, a closer look will usually reveal typos and mistakes—dead giveaways of a phishing attempt.

One of the latest scams warns you of unusual activity on your Microsoft account and directs you to a harmful link. These links are crafted to snatch everything from your login details to your payment information.

And it’s not just tech companies that are popular targets. Many scammers have shifted their focus to financial services like online banking, gift cards, and e-commerce. Wells Fargo and Amazon also made it to the top five in Q2 2023, accounting for 4.2% and 4% of brand phishing attempts, respectively.

How can you safeguard your business?

The way to protect your business is more straightforward than you might imagine. The most effective defence against phishing is not just individual vigilance but also equipping your staff with the right training. Teach them to pause, observe, and critically examine emails for red flags such as inconsistent URLs, domains, and textual errors. By making sure everyone on your team knows what to look out for, you’re adding an extra layer of security against these types of attacks.

If we can help you keep your team aware of the risks, get in touch.

3 ways AI makes almost any business task easier

In the rapidly changing landscape of technology, entrepreneurs like you are constantly searching for the next innovation to boost your competitive edge. Are you curious about how AI tools might lend a hand?

Introducing ChatGPT, or the Generative Pretrained Transformer if you prefer the technical term. It’s been the talk of the town all year! Created by OpenAI, this AI model crafts text that feels incredibly human. Imagine having an expert writer at your fingertips, ready to whip up content, respond to questions, or even pen emails at a moment’s notice.

But that’s not all – there’s a whole host of AI models out there, like Google’s Bard. Unlike ChatGPT (which can browse the web if you’re a Plus subscriber with the right settings), Bard has the ability to scour the internet for answers.

Some businesses have already dipped their toes into the world of AI, mainly for customer service and crafting content. But that’s like owning a Ferrari and only using it for the weekly shop. There’s so much more potential!

Here’s how an AI tool could put your business into overdrive:

  1. Stay Ahead with Trend Detection: Ever kicked yourself for missing out on the last big trend? With AI, you’ll be leading the charge, not trailing behind. Simply prompt it to “Provide a short analysis of the latest [insert your industry] trends,” and you’ll be armed with invaluable insights.
  2. Enhance Productivity with Keystone Habits: Boosting productivity is every business owner’s dream. With AI, you can delve into the latest research to elevate your work routines. Just ask for the “top 5 latest ways to [improve a specific area].” You might stumble upon a gem you’d never considered.
  3. Make Better Decisions through Easy Summaries: Need to explain [something complex]? Ask your AI to break it down for a 12-year-old. It’s a clever trick to get a clear and concise summary.

ChatGPT, Bard, and their counterparts aren’t just writing aides – they’re your hidden ace in the business game. It’s high time to take your metaphorical Ferrari out for a thrilling ride, beyond the mundane supermarket trips.

Curious about how AI might transform your business? Get in touch!

Training Employees on Cybersecurity

After completing your annual phishing training, which teaches employees how to spot phishing emails, you feel confident. However, your confidence is shattered when your company falls victim to a costly ransomware infection due to a click on a phishing link. Despite undergoing the same training every year, you continue to experience security incidents, which begs the question of how often you should train your employees.

How often do you need to train employees on cybersecurity awareness?

It’s not enough to train your employees just once a year. Without reinforcement, people are unlikely to change their behaviors or may forget what they’ve learned after a few months. According to research, the “sweet spot” for training frequency is every four months, as this results in more consistent improvements in IT security.

A recent study presented at the USENIX SOUPS security conference looked at the relationship between training frequency and users’ ability to detect phishing emails. The study tested employees’ phishing identification skills at various time increments, including four months, six months, eight months, ten months, and twelve months. The results suggest that training every four months is optimal for improving your team’s cybersecurity awareness.

Employees took phishing identification tests at several different time increments:

  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study revealed that four months after their initial training, employees had good scores in accurately identifying and avoiding phishing emails. However, their scores started to decline after six months and continued to worsen as more time passed since their training.

To ensure employees remain well-prepared, it is crucial to provide ongoing training and refreshers on security awareness. This will empower them to actively contribute to your cybersecurity strategy.

Tips for Training Employees and Cultivating a Cybersecure Culture

The ultimate goal of security awareness training is to foster a cybersecure culture. In this culture, everyone recognizes the importance of safeguarding sensitive data, avoiding phishing scams, and maintaining secure passwords.

Unfortunately, according to the 2021 Sophos Threat Report, most organizations do not exhibit this culture, and a lack of sound security practices poses a significant threat to network security.

According to the report, the root cause of numerous severe attacks we’ve investigated is a lack of attention to basic security hygiene. Having well-trained employees plays a crucial role in mitigating a company’s risk and reducing the likelihood of falling victim to various online attacks. Effective training doesn’t necessarily require lengthy cybersecurity sessions; it’s more effective to diversify the delivery methods.

Here are some examples of effective cybersecurity training methods that you can include in your training plan:

  1. Monthly self-service videos: Provide employees with self-service videos via email on a monthly basis to enhance their cybersecurity knowledge and awareness.

  2. Team-based roundtable discussions: Organize interactive roundtable discussions within teams to encourage knowledge sharing and collaborative learning about cybersecurity practices.

  3. “Tip of the Week” in company communications: Include a regular “Tip of the Week” in company newsletters or messaging channels to deliver bite-sized cybersecurity tips and best practices.

  4. IT professional-led training sessions: Arrange training sessions led by IT professionals who can provide in-depth insights and guidance on various cybersecurity topics.

  5. Simulated phishing tests: Conduct simulated phishing tests to assess employees’ susceptibility to phishing attacks and provide targeted training based on the results.

  6. Cybersecurity posters: Display informative and visually appealing cybersecurity posters in common areas to reinforce key security concepts and promote awareness.

  7. Celebrate Cybersecurity Awareness Month: Dedicate the month of October to celebrate Cybersecurity Awareness Month by organizing special events, workshops, or training sessions to emphasize the importance of cybersecurity within your organization.

By incorporating these diverse training methods, you can ensure a comprehensive and engaging approach to cybersecurity training for your employees.

When conducting awareness training, it’s essential to cover not only phishing but also other crucial topics. Here are some important areas that should be included in your training mix:

Phishing by Email, Text & Social Media

While email phishing remains the most common form, it’s crucial to address the growing threats of SMS phishing (“smishing”) and phishing through social media. Employees need to be able to recognise these deceptive tactics and avoid falling victim to these scams.

Credential & Password Security

With the widespread adoption of cloud-based platforms, credential theft has become a significant concern. It has become the leading cause of data breaches globally, particularly as it provides an easy pathway to breach SaaS cloud tools. It’s critical to discuss with your team the importance of maintaining secure passwords and using strong authentication methods. Additionally, provide guidance on tools such as business password managers to assist them in safeguarding their credentials.

Mobile Device Security

Mobile devices have become an integral part of daily work, enabling employees to access emails and perform tasks from anywhere. Considering this, it’s essential to review the security requirements for employee devices that access business data and applications. Emphasize the importance of securing mobile devices with passcodes, keeping them regularly updated with the latest security patches, and following best practices for mobile device security.

By addressing these topics in your awareness training, you can better equip your employees to recognize and mitigate the risks associated with phishing, credential theft, and mobile device security.

Data Security

As data privacy regulations continue to increase, it is crucial for companies to comply with multiple data privacy regulations. To mitigate the risk of data leaks or breaches that could result in costly compliance penalties, it is important to provide training to employees on proper data handling and security procedures. By ensuring employees are well-versed in data security, you can minimise the potential risks associated with mishandling sensitive information.

Need Assistance in Maintaining Your Team’s Cybersecurity Training?

Take the burden off your shoulders and entrust the training of your team to cybersecurity professionals. We offer an engaging training program designed to help your team develop better cybersecurity practices and enhance their cyber hygiene. With our expertise, we can provide the necessary guidance and knowledge to facilitate behavioral changes and improve your overall security posture.

Recent articles

Dark Web Monitoring: what is it & does my business need it?

The global pandemic transformed the way we conduct business, and it’s unlikely that things will ever be the same again. With the increasing reliance on online platforms for both personal and professional transactions, geographical distances and time zones have become irrelevant. However, conducting business online also comes with inherent dangers and threats that we must be aware of.

One significant threat is data breaches, where cyber criminals manage to hack into legitimate commercial website databases. Well-known companies like Facebook and T-Mobile have fallen victim to such breaches, resulting in the theft of over 550 million records. In fact, the Identity Theft Resource Center reported a staggering 68% increase in stolen data in 2021 compared to the previous year.

When your email and password used to log into a website are stolen, they end up in the hands of highly skilled and destructive cyber criminals. These criminals may also obtain other personal information, such as addresses, mobile numbers, and credit/debit card details, that you have saved on the website.

So, what happens to your stolen data?

Your stolen credentials typically end up in a hidden part of the internet known as the Dark Web, where a significant portion of cyber-criminal activity takes place. Over time, your stolen data may be used and distilled by a sequence of criminals in their efforts to create financial gain at your expense. The exact methods they use to steal from end users using stolen credentials can vary, but it’s a sophisticated and malicious process that can span months or even years.

Understanding the risks and implications of data breaches and the Dark Web is crucial for protecting your personal and business information. It’s important to take proactive measures, such as implementing strong security measures and monitoring services, to safeguard against these threats in the ever-evolving landscape of online business transactions.

As we have emphasised, cybersecurity is not limited to a single tool or service, but rather a comprehensive security suite that protects various aspects of your online presence, including email, computers, devices, and overall online activity.

Now, we can answer the initial question of why dark web security is necessary. Dark web scanning acts as a proactive measure before cyber criminals can fully exploit your breached data. By providing timely alerts about breach details, it allows you to take relevant actions to secure your account and render the stolen or breached data useless.

You can easily purchase dark web security from Geniosity at a reasonable monthly cost. A large substantial loss can be avoided with dark web security in place.

If you would like to delve deeper into this topic, please feel free to get in touch with us. We are happy to provide useful information for your business and assist you with dark web security.

For more information about dark web scanning, please visit our Dark Web Monitoring page or drop us a line.

The Best VoIP Features for Your Small Business

In recent years, VoIP (Voice over Internet Protocol) was considered a non-traditional business phone system. However, the COVID-19 pandemic has changed this perception, and now internet-based phone systems are not just the norm, but essential for business continuity. The shift to remote work and hybrid offices has resulted in a 210% increase in the use of VoIP and video conferencing. In fact, 67% of surveyed companies believe that switching to VoIP has improved their call handling capabilities.

One of the significant advantages of VoIP is that it allows businesses to operate without being tied to a physical location. This flexibility enables efficient management of staff spread across multiple locations, providing seamless communication and collaboration. Moreover, VoIP offers cost savings compared to traditional landline-based systems. The technology itself is more affordable, and calling plans are often more cost-effective. Businesses can also add new numbers with minimal expense.

VoIP offers various features that can benefit small businesses, but business owners may not have the time to enable all of them. To drive efficiency, productivity, and provide a positive caller experience, here are some of the best features of cloud-based business phone systems:

Automated Attendant

In small companies, the person answering calls often has additional responsibilities. An automated attendant can free up their time and provide callers with a better experience. The auto-attendant acts as a company directory, forwarding calls to the appropriate department or staff member based on a recorded greeting and simple menu options. This minimizes the need for callers to explain their reason for calling multiple times.

 

VOIP phone closeup image

Find Me/Follow Me

This feature is highly favored by VoIP users, with 77% of surveyed employees finding it valuable. It allows the use of a virtual phone number that can be accessed from multiple devices, and calls can be easily transferred between devices. Whether on a PC, in a conference room, or using a smartphone, calls can be received without friction, providing a single phone number for callers to reach the person regardless of their location.

Hold Music

Playing pleasant music while callers are on hold may seem insignificant, but it can significantly impact customer satisfaction and lead generation activities. Studies have shown that callers are less likely to hang up when on hold with music compared to silence. Hold music reduces the percentage of callers who hang up and also creates a perception of shorter wait times, leading to happier customers and increased lead retention.

Voicemail Transcription to Email

Going through a string of voicemails can be time-consuming and frustrating, especially after a meeting. Voicemail to email feature in VoIP services sends recorded voicemails to email along with a transcription of the message. This allows users to quickly scan through the emails and prioritize callbacks without having to listen to each voicemail individually.

Ring Groups

Ring groups are particularly useful for small teams. They allow a group of numbers to ring simultaneously until one person in the group answers the call. This ensures that calls are answered promptly and reduces the need for callers to leave voicemails. Ring groups can be set up for various teams, such as sales, accounting, and customer support, to improve call handling and response times.

Call Reporting

VoIP phone systems provide real-time call reporting, which is not available with traditional analog systems. Call reporting can offer insights into call volumes, busiest call times, and call handling performance. This information can be used to optimize staffing levels and call handling processes, leading to improved customer service and operational efficiency.

Local Support

While not a system feature, having local support for VoIP is essential. Opting for a VoIP service provider that offers local support ensures that you have access to assistance when needed, such as setting up VoIP desk phones and optimizing system settings. Having reliable local support can help ensure that your business phone system operates smoothly and without interruptions

ChatGPT & the Future of AI for Business

Geniosity

An online Artificial Intelligence chatbot has recently been making waves as a simple example of just how much AI is set to revolutionise business. You can read more about its simplicity and ease of use on our post –AI for Small to Medium Business with ChatGPT.

So, what can an AI Chatbot tell you about itself? Well, we asked it, via the simple text prompt and you can read the completely AI generated response below.

The Prompt: 

Can you please write an article about Chat GPT and the future of AI for business?

ChatGPT’s Reponse:

Artificial Intelligence (AI) has been a topic of interest for many years, but in recent years, its potential to transform the business world has become increasingly clear. One of the most exciting developments in this area is the rise of language models, such as Chat GPT. In this article, we will examine what Chat GPT is, how it works, and what its potential implications are for businesses in the future.

What is Chat GPT?

Chat GPT (Generative Pre-trained Transformer) is a language model developed by OpenAI. It is trained on vast amounts of text data, and its goal is to generate human-like text in response to input. Chat GPT can be used for a wide range of applications, including text generation, chatbots, language translation, and question answering.

How Does Chat GPT Work?

Chat GPT works by using a deep learning algorithm known as a Transformer. The Transformer uses a large neural network to analyze input text and generate an appropriate response. The neural network is trained on a massive dataset, allowing it to learn patterns in language and respond in a way that is coherent and relevant to the input.

The Potential Implications of Chat GPT for Business

The potential implications of Chat GPT for business are significant. Here are just a few of the ways in which AI and language models like Chat GPT are likely to impact the business world:

  1. Customer Service – Chat GPT can be used to create intelligent chatbots that can provide customers with quick, accurate, and personalized answers to their questions. This can lead to improved customer satisfaction and increased sales.
  2. Marketing and Sales – Chat GPT can also be used to create marketing and sales copy that is personalized and tailored to the needs of individual customers. This can lead to improved engagement and increased conversions.
  3. Knowledge Management – Chat GPT can be used to create knowledge management systems that allow employees to access information and resources quickly and easily. This can lead to improved efficiency and increased productivity.
  4. Content Generation – Chat GPT can be used to generate high-quality content, such as articles, reports, and even books, reducing the time and effort required to produce such content.

Conclusion

In conclusion, Chat GPT and the rise of AI language models is likely to have a profound impact on the business world. From customer service and marketing to knowledge management and content generation, the potential applications of this technology are vast and exciting. As businesses embrace these technologies, they will find themselves better equipped to compete in the fast-paced digital landscape of the future.

-ChatGPT (2022)

As a simple example the above text, which we have not edited or changed, demonstrates the current potential uses of AI for your business now. As AI growth is exponential, we can only expect more impressive advancements, more quickly.

Implement AI and machine learning into your business with Geniosity. 

It is an interesting time to be involved in technology- let us assist you in navigating the tech landscape and grow your business by getting in touch today!

Read More: