WebTitan Announces Winner of its Cloud Security Competition

In September, WebTitan launched a competition offering charities the chance to win a free WebTitan Cloud Security Solution to keep their networks protected when workers access the Internet and email.

The solution is highly effective at preventing users from inadvertently accessing web contact that could cause networks or computers to be infected with malware, while protecting users from objectionable content. It also allows an organization to see what websites individual workers are attempting to access. For charitable organizations the WebTitan Cloud Security Solution offers exceptional protection, and can prevent data breaches and costly cyberattacks.

The competition attracted a great many entries. All that was required to enter was for the participant to be a charity, and provide a brief answer to a very simple question: Why the organization would benefit from winning a free WebTitan Cloud Security Solution

The WebTitan Cloud Competition Winner Is… Touch Life of Uganda

The first prize in the competition was well worth winning: A WebTitan Cloud web security license valued at $8,000!

The prize could not have gone to a worthier winner. Touch Life is a Non-Government Organization (NGO) operating in Uganda. The charitable organization performs important and incredibly valuable work, assisting families that have been torn apart by war, famine, disease, and have been forced to live a life of extreme poverty. The charity empowers those families to take control of their lives and gives them hope.

In an ideal world, the websites of charities would be exempt from cyberattacks. Yet sadly their websites are no different to global corporations earning profits in the billions. Cybercriminals often conduct random campaigns, and the reality is charities are often targeted simply for having poor security controls. If there is money to be made from attacking a website, those websites will be attacked. In fact, cybercriminals often take advantage of natural disasters, famine, and war to obtain donations intended to help victims.

However, the Internet is vital for charities to spread news about the excellent work they perform and attract donations. Without those donations they could not continue with their missions. It is therefore essential that the websites have cybersecurity protections in place to protect from attack and ensure that donations make it to the victims, rather than be diverted to cover data breach costs. WebTitan Cloud security offers that protection.

Second Prize awarded to… New Zealand’s Framework Mental Health and Intellectual Disability Service

The second prize in our Cloud Security Competition was a brand new iPad. The winner of the prize is Framework of New Zealand, a provider of mental health and intellectual disability services in the Greater Auckland region. The organization conducts important work and helps to improve the lives of the mentally and physically disabled, teaching them a range of vocational skills, offering training, education and support. The charitable organization was first established in 1984 and has helped thousands of individuals lead more fulfilling lives.

Additional prizes have been awarded to a number of competition participants. A $50 Amazon voucher has now been sent to NGOs around the world, including Australia’s YMCA.

We would like to take this opportunity to thank all participants in our Cloud Competition and encourage all charities to check our blog frequently for news of further competitions. Be sure to sign up to receive our blog posts to make sure you never miss a chance to win. Our blog posts will also keep you abreast of the latest security threats to allow you to protect your websites, networks and data from cybercriminals.

Anti-Phishing Controls: Protecting End Users from Phishing Campaigns

Without anti-phishing controls in place, your organization is likely to face a high risk of end users falling for scams. How good do you think your employees are at spotting phishing emails?

How good are you at spotting phishing emails? Are you a Grammar-Nazi who can spot a misplaced semi-colon from 50 paces? Are you a former Spelling Bee champion or an amateur super-sleuth?

Sometimes phishing emails are so obviously fake they are laughable. You would think that a scammer who goes to the trouble of sending out millions of emails claiming to be from a reputable company would actually check the spelling of the company name. Many don’t. Error-ridden phishing emails are common, and they are easy to identify.

However, don’t believe for one second that all phishing campaigns are that easy to identify. I write about Internet security and I have nearly fallen for one in the past. Admittedly, it was a very convincing one and in the early days I was a little naïve!

I tell you this as even the security conscious can fall for phishing campaigns from time to time. Sometimes scams and phishing emails are virtually impossible to distinguish from legitimate emails. Unless a software security solution is used, it is all too easy to inadvertently become a victim.

It used to be a rarity to be emailed a phishing email that was convincing, free from errors, and looked like it had been sent by a legitimate company. Today, scammers are much wiser. They know that a little time spent preparing a campaign properly will result in far more clicks and even more victims.

When you consider the money that can potentially be made from targeting business users, investing some time into creating highly convincing campaigns is well worth the investment. Spending a few hours or even a couple of days on a campaign could make the difference between getting no clicks and netting millions of dollars. Unsurprisingly, email spammers have realized this.

Spear phishing emails are becoming increasingly common

IT security professionals will be well aware that their end-users will be sent phishing emails that can be identified with one eye closed. These emails are sent out randomly in the millions. Fake PayPal receipts, Better Business Bureau warnings, potential lawsuits, and requests for money to help victims of natural disasters. These emails are very common. Unfortunately, they claim many victims. If they didn’t, the spammers would stop sending them.

However, there has been an alarming rise in spear phishing emails in recent months. These are more worrying as they have been expertly written and use personal information gained from the recipient to convince them to click on a link or open an attachment. They can even appear as if they have been sent by a friend, or contain information that has been gained from a social media account.

Sometimes an email will be sent to a number of individuals in a company. Other times the email targets one person. In the case of the latter, these insidious emails can be highly effective. An attacker gains access to the target’s Facebook account, either by being accepted as a friend, viewing pages that have been indexed in the search engines, or by guessing passwords. Then information posted to the user’s account can be used to construct a convincing email.

For example, you attended a school function, such as a sports day, and you post some pictures to your Facebook account. If someone had access to your account or could view your pictures (a friend of a friend of a friend for example) and they then sent you an email with a JPEG attachment, would you be likely to open it if they said they enjoyed speaking to you at the event and said they had attached a great picture of your child? How about if they mentioned your son by name? All of that information could be easily gained from Facebook without even having your password!

Simple anti-phishing controls will protect your network from spear phishing campaigns

Fortunately, defending against well researched and expertly written phishing emails is not difficult. There are a number of anti-phishing controls that can be used to prevent the emails from being delivered, as well as controls to stop users from visiting phishing websites.

The first line of defense is to prevent the emails from being delivered. To do that you need to install a spam filter, such as that offered by SpamTitan. SpamTitan Anti-Spam solutions prevent 99.98% of spam and scam emails from being delivered. It is one of the best anti-phishing controls you can implement to protect your workers and network.

Secondly, all members of staff, from the CEO down, should receive security awareness training so they know how to identify a phishing email. Training need not involve day-long courses. A little information can go a very long way. It is better to have face to face training but an email explaining how a phishing email can be identified is better than nothing. Remember to put training to the test by sending staff members fake phishing emails to see how their training is being applied at work. This will identify the weakest links, and further training can be provided.

Thirdly, it is possible to block users from clicking links to malware-infected websites. Employ a web filter and these and other potentially dangerous links can be blocked. SpamTitan’s web filtering solutions are ideal for this.

Along with Anti-Virus software and Anti-malware protection, users can be properly protected by using anti-phishing controls. All small to medium businesses should use each of the above solutions to minimize risk. A little investment in anti-phishing security measures can safe a fortune in data breach remediation costs. It could also prevent ransomware and other potentially catastrophic malware infections.