Category Archives: How To

Training Employees to Spot Social Engineering

spot social engineering

Social engineering is one of the newest methods hackers use to access sensitive information. Rather than attacking a system directly, this technique relies on human psychology to gain information. This method is brilliant when you think about it because it does not have to deal with going past ironclad network security. If hackers can manipulate even a single employee, they might hand over sensitive information on a silver platter, and the hackers can take control of the organization’s entire system. This is why its important for your employees to learn how to spot social engineering.

Companies must understand that if you can’t spot social engineering it can compromise business security. Reports show that over 90% of data breaches happen because of social engineering. Phishing scams account for 54% of these cases. The good news is that there is a way to prevent social engineering threats, and that is by training employees.

Popular Social Engineering Techniques

There is a lot to cover in training employees to spot social engineering. A logical start would be to discuss the most popular techniques so employees can recognize and avoid them.

Phishing is the most common method because it is easy to execute. It also yields positive results, at least for the hackers. This method entails sending emails that deceive victims into clicking a malicious link or divulging sensitive information without realizing it.

Pretexting is when a hacker gains the victim’s trust through a pretext or a created scenario, which is part of a larger, more convoluted social engineering attack plan. There is also the quid pro quo attack, where the hacker lures the victim into divulging information in exchange for something in return. Tailgating, or piggybacking, is a popular social engineering technique where the victim unknowingly gives the hacker access to a secure location.

Importance of Employee Training To Spot Social Engineering

These social engineering strategies would be much easier to execute if employees were untrained and unaware of the risks involved. The damage could be monumental, as the $100 million phishing scam on Google and Facebook illustrates. From 2013 to 2015, a team of hackers sent numerous phishing emails to specific employees of Google and Facebook, telling them to deposit money into fraudulent accounts. They could collect more than $100 million from this scheme.

Now, even if your business does not have that kind of revenue, you can still be a victim. These days, hackers are targeting small businesses on a massive scale. Every employee can also be a target, from customer service personnel to top executives, so you must conduct training across the board.

Best Ways to Train Employees to Spot Social Engineering

There are several methods of training your employees to spot social engineering. Traditional classroom workshops, either personal or online, are excellent for an in-depth training session. A one-time seminar is hardly enough, though, and that is why we also recommend regular refreshers.

Unannounced phishing simulations are effective in evaluating employees based on how much they have learned. It would surprise you how so many people do well in theory but still won’t be able to tell the real deal when it is staring at them from the inbox. Being bitten once in a simulated attack will teach your employees to be more vigilant.

Final Thoughts

Organizations can achieve a high level of protection against social engineering if everyone is sufficiently aware of the risks and knows what to do in case an attack goes through. Besides the various training methods, you will implement, we strongly advise you to download our infographic, “The Top 10 Steps to Take If You Think You Have Been Hacked.” Print it out and post it on every department’s bulletin board. Be sure all your employees also get their own copy.

For more information about social engineering and how to avoid becoming a victim, call us. We can get you up to speed on the latest preventive measures and keep your company safe from the prying eyes of cybercriminals.

Top 8 Phishing Scam Tactics and How to Identify Them

Phishing Scam Tactics

Phishing has been a common hacking method for over two decades now. You would think that everyone would already know how it works and how to avoid becoming a victim, right? Sadly, that is not the case for these Phishing Scam Tactics. There are more victims now than ever. In 2022, there were more than 300,000 victims in the US alone, with damages amounting to over $52 million!

The thing is that phishing scams have evolved over the years. Hackers are now more adept at hoodwinking unsuspecting victims, and they also have easy access to modern technology that helps elevate their phishing tactics.

Top 8 Phishing Scam Tactics

To protect your data and your business, you must build awareness of these scams at all levels of your organization. Here are the top 8 indicators of phishing scam tactics and what to do when you encounter them.

Spoofed Emails

Upon getting an email from a trusted source, many people would open the email without a second thought. Hackers know this and use it for their Phishing Scam Tactics. They make the email look like it came from a reputable source by indicating a trusted sender name, although the email address is not correct. Before opening an email, check that the sender and the address are the same.

Sense of Urgency

Receiving a message that threatens to close your account or bring you legal action can easily cause you to freak out. Because of your panic, you could rashly click on the links as instructed in the email. Of course you would…you don’t want to be sued or go to jail! Stay calm when you receive such emails. Verify the information before taking action.

Malicious Links as a Phishing Scam Tactics

Malicious links are among the oldest phishing methods, but they are still very effective. Sometimes, these links appeal to a person’s natural curiosity, and at other times, they come with the promise of a reward. Either way, it led the unwitting victim to click the link or open the attachment. Again, always check before clicking.

Password Requests

Have you ever received an email from your bank or credit card provider asking for your password or other sensitive data about your account? Never! Legitimate companies do not ask for these kinds of data from clients. In case you get such a request, this is a phishing scam tactics so make sure to block and ignore it. They are almost certainly hackers trying to get into your account.

Misspellings and Poor Grammar

Although many hackers have sharpened their grammar skills by now, many phishing emails are still easily identifiable by wrongly spelled words and typographical errors. Yes, they make you cringe, but these emails can wreak serious havoc on your business. Therefore, you must not even reply or make grammatical corrections.

Personalized Content

It sounds like a legit email if they address you by the correct name and position, right? Hackers are very resourceful. They can get their hands on publicly known information with little effort. They can also access so much more if you engage in their attempts. So before you take any action, make sure to verify the source of the message.

Fake URLs are used in Phishing Scam Tactics

Using fake website URLs is another phishing scam tactic with a very high success rate. Hackers send out emails that look like they came from a trusted source, like a service provider, containing a link to what looks like the actual page of the provider, and they will ask you to log in. Of course, thinking that you are at a legit site, you enter your login details, unknowingly giving them full access to your account.

Unexpected Emails

If you suddenly receive an email out of nowhere that raises an alarm, be immediately wary because this is likely to be a scam. Do nothing they are asking you to do. Don’t even reply. Verify the source of the email to see if it is legit.

Final Thoughts

If anyone in your organization receives any form of these phishing scam tactics, encourage them to speak out so others will be doubly vigilant. If someone thinks someone has already hacked them, it’s not necessarily too late. There are things you can do to minimize the damage. We have outlined the steps in an infographic called “The Top 10 Steps to Take If You Think You Have Been Hacked”. You can download it by clicking right here.

To learn more about protecting your business from phishing scams and improving your company’s cybersecurity, call us. We will be happy to set you up for a free consultation!

What Are My Mailbox Size Concerns with Office 365?

Businessman and his administrator doing a routine check on their organization's computers - checking their Office 365 mailbox size.

Be sure your admin is checking your organization’s mailbox sizes regularly.

Microsoft Office 365 offers a variety of features to its users, but one feature that is often overlooked until it becomes a problem is mailbox size. Whether you are running a small business or a personal email account, having the right-sized mailbox is critical to ensure that email messages are delivered on time and without any issues.

Many people start using Office 365 with a small mailbox and then realize their mailbox has become too full. At that point, it cannot be easy to find out how to increase your mailbox size in Office 365.

So, what are your mailbox size concerns? Here we explore and explain some of the common questions around Microsoft Office 365 mailbox size.

How Do You Check Mailbox Size in Office 365?

Office 365 only offers a limited amount of storage space. However, the default size varies according to the subscription pack you choose and the type of mailbox. While some default sizes are 50GB, others are 100GB.

As you can see, it is a limited space that sooner, might not be able to serve your needs anymore. And that’s why it is good for your admin to regularly check the mailbox size to avoid issues like the inability to send and receive messages.

However, the Office 365 Admin Center does not provide any tools to manage mailbox sizes, including your own. Office 365 natively uses Microsoft Exchange Online, which allows you to manage user mailbox sizes.

To get the usage report from the Microsoft 365 Admin center, here’s how to go about it:

  • Go to Microsoft 365 Admin Center
  • Click on the Reports tab, then Usage and select Report
  • Go to Exchange, and there you get the Mailbox Usage

So, the Mailbox Usage report you get from the Admin Center will indicate the consumed storage space. Luckily, you can still access the real user mailbox size, shared mailbox size, and resource mailbox usage report via the Exchange Admin Center (EAC) or Exchange Online via the Other Exchange Reports in the left pane.

And this is how to view the actual Mailbox size report:

  • Login to Microsoft 365 Manager Plus.
  • Click the Reports tab.
  • Traverse to Exchange Online, then the mailbox Reports in the left window.
  • Within the Size Reports group, tap on Mailbox Size report.
Can I Increase My Office 365 Mailbox Size?

Yes, you can. Any user can increase their mailbox size in these two ways:

  • You can allot it an Exchange Online Plan 2 license to augment the storage limit from 50GB to 100GB.
  • Allow Exchange Online Archiving. You will get an extra 50GB of space, and with the auto-expanding archiving, you can get even unlimited space, but it’s contingent on your Microsoft 365 license.

Growing your mailbox to your maximum share isn’t the only way to make your mailbox space. Also, Exchange Online lets you use retention policies to keep or do away with data automatically, depending on the criteria you select.

There are also backup and archiving tools available online to decrease the data stored in your cloud. These tools allow you to preserve data discoverability and hinder the mailbox from congestion.

How does Archiving Operate?

There are two ways to archive:

  • By creating an archiving policy. The policy operates by retention, where the old data is automatically archived or depending on the retention tags your company allocates data.
  • Sending the items yourself (manually).

The plan you choose will determine how much storage space you have per mailbox and the other features you will receive. Each plan also allows archiving mailboxes, which hold emails that are no longer in daily use but still needed for reference.

Archiving is charged based on storage size, so it is good to look at cheaper plans if you’re not expecting your employees to need more space.

Conclusion

Office 365 is a very capable email server. Users with larger mailbox sizes may want to take a moment to consider their storage options with Office 365. Smaller mailbox sizes may be more than sufficient for their needs.

You can do most things on it on Exchange, such as auto-responders, archiving, and other capabilities. And Microsoft has found workarounds to make it possible for even those with mailboxes over the threshold. As long as you’re willing to be cautious about some of the issues surrounding this solution, your organization can use Office 365 and have mailboxes upwards of 25 GB.

Well, are you stuck with any network issues? Feel free to get in touch! We at SystemsNet are a reliable source for your network issues.

What Should Your Employees Do Before Contacting the IT Help Desk?

Worried Man At Computer With System Failure Screen At The Workplace Before Contacting the IT Help Desk

Ever wonder what steps you could take before calling the helpdesk?

Your company’s employee-facing IT help desk was built so that team members can reach out for technical help whenever they need it. The IT support staff is there to help with networking errors, to make the company software work, and to make sure customers get the automated service they need through the company technology. They are there to make the computers and devices work correctly, to defend against active and passive hacker attacks, and to offer solutions to situations so complicated that your team hardly knows how to describe what’s gone wrong.

But there are also a few things that every computer-using professional can do before calling IT that can provide the solution so much faster than clocking and solving a ticket. IT help desk professionals are happy to help when their expertise is needed, but they often wind up reciting the basic troubleshooting steps instead of solving fun and challenging problems.

So today, we’re here to offer your team a few of those basic troubleshooting steps you can take before clocking a ticket. And if these techniques don’t produce a solution then, by all means, make that call or open that chat window to present your IT team with another interesting internal network challenge.

Reload the Software

Software glitches for a lot of different reasons. Full caches, computer resources, an over-logging error; these things can crash or slow down  your business software but they’re not necessarily things that IT can fix any easier than you can. What your IT help desk would say first is to reload the software. Hit refresh. Close the program and re-open it anew. Log out and back in again. And if that doesn’t solve the problem, feel free to get in touch with IT to see if there’s something else that can be done.

Reboot the Computer or Device

Is your entire computer moving slow, acting up, or glitching in a particularly annoying way? Again, there are too many reasons for hardware misbehavior to enumerate in a single paragraph or even a single dedicated whitepaper. But a lot of them can be solved with a simple reboot. Whether the issue was too much stacked software, background programs, or something that went wrong in the firmware that needs to be reset, rebooting pretty often provides the solution. But if the situation repeats itself within a few minutes of rebooting or seems to happen frequently, it’s time to reach out to your IT help desk for more in-depth answers.

Try Toggling the Relevant Settings

Check the settings. Whatever you’re having trouble with, check the user-accessible settings. Don’t worry about delving deep, but whatever settings you can reach, try toggling them back and forth to see if you can get a different or improved response. It might be that your software isn’t quite configured correctly or you just need to trigger another type of reset. Switch your Wifi off and back on again, switch sharing off and on, or switch your monitor from extended to duplicated to extended again. Yes, it really does work sometimes. Surprisingly often.

Check the Easily-Available Troubleshooting Guides

If your IT team has gone through the trouble of writing up troubleshooting guides for common problems, do them the favor of at least skimming the IT help section available to you. These guides are often written specifically because dozens to hundreds of tickets for the exact same problem have been submitted and IT has deemed that the troubleshooting process is easy enough for a non-IT professional to tackle on their own.

If you can’t find a guide or if your company doesn’t have internal IT help guides, then of course reach out to your IT team for personalized guidance instead.

Ask the IT Chatbot

Finally, if your IT help desk has cleverly set up a chatbot to answer frequently asked troubleshooting questions, take a moment to engage. Chatbots are getting pretty darn smart (and programmable) these days so if there’s an IT bot available, it might just have the answers. It’s not only worth your while to take this semi-automated DIY troubleshooting guide, it’s also an awesome story to tell to colleagues and friends that you got IT help from an actual virtual intelligence.

If and when all else fails, be sure to clock your troubles as a ticket and describe the steps you’ve already taken independently so your IT help desk team can jump right in to help you find the true cause and solution. For more interesting, useful, and actionable insights about IT help desks for your business, contact us today!