Hackers know there is a tremendous amount of information related to individuals and their employers posted on social media. They select a victim company based on their requirements and begin to mine social media for information related to the target company and its employees. Some employees make it very easy for hackers to build profiles, due to the amount of information they post about themselves online. The profile information could include your company’s email format, for example first initial last name @ company name. This information facilitates the creation of target specific email. Next the hacker attaches malware to the email. Finally, the email is sent to your employee and…. your network is compromised. All the money your IT Department spent on hardening your network was wasted in this instance, because the offender by was invited in.

The solution to this problem is not solely a technical one. Phishing tests are important, but if your employees do not understand what is at stake, they will not take them seriously. That being said, the one thing determining which category your employees fall into is training. If your employees are trained, they are an asset, if they are not trained, they are a liability. Following this same train of thought, untrained employees can be the weakest link to an organization’s cybersecurity.

It is important to note security has two sides, physical and cyber. Some of the basic concepts apply to both, but they become different very quickly. The most requested cyber awareness training programs involve email-based threats, business email compromise, spear phishing, ransomware, and social engineering. (Please see the Risk Mitigation section for information on the Physical Security services we offer.)

With decades of experience in cybersecurity education and training at all levels, we can design an appropriate program for your employees that is both educational and engaging.

“Bad” guys are extremely adept at “hacking” the human. They prey on human error, which is often unwitting. Arruda Group’s training methodology attempts to change employee behavior and build a security focused culture; one in which employees understand what is at stake.  This training seeks to educate employees on current Cyber Threats such as Spear Phishing, Ransomware, Business E-mail Compromise, Credential Stuffing, and Social Engineering. The solution to this problem is not purely a technical one, employee training is the best return on investment with regard to Cybersecurity spending.  This class can be used as is or modified to meet your organization’s annual Cybersecurity training requirement.

Social Media fuels Cyber Crime!!! As a society, we live our lives on Social Media and criminals know and take full advantage of this.  Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company’s network. Specifically, you will see how these “bad guys” are able to employ “cyber” engineering techniques to transform this information into targeted (infected) emails or attachments that will be opened.  In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.

ARRUDA Group will analyze your organization’s Internet presence, including a sampling of employees Social Media, through the lens of a “bad guy.” The purpose is to show how threat actors can use this information to break into your organization.  The findings are assimilated into a training session for the organization or a briefing for the C-Suite//Board.  This approach has been exceptionally successful in educating employees on the threat associated with social media and email, because the content of the training is relevant to the organization. The cybersecurity education training has resulted in numerous policy changes across the organizations that have been evaluated.  The attendee feedback has been extremely positive.

The first order of business in training the C-Suite and the Board of Directors is to explain the job descriptions of the Chief Technology Officer, CTO, and the Chief Information Security Officer, CISO. They are two completely different roles.  One is responsible for technology and the other is responsible for information security. Their jobs may overlap in some places, but that is where it ends.  The next point to illustrate is it is no longer if your network will be compromised, it is when you discover the compromise.  The purpose of this training class is not to turn the C-Suite into cyber security experts, but to educate the C-Suite on the reality of the organization becoming a victim of cyber threats.

The Internet is both an AWESOME and SCARY place.  It is like any other tool, proper training, and usage dictate success.

There are steps women can take to make themselves safer on Social Media.  One of the first mistakes individuals of both sexes, make is not understanding that www stands for world wide web, not my friends and family. We need to keep our personal life personal.  The entire world does not need to know you are having relationship troubles, financial issues, problems with your kids, or issues at work.  These incidences are invitations to predators.

Revenue from online dating is second only to pornography on the Internet, it is a $2 billion a year industry.  There are 54 million singles in the United States, keep in mind about half of them lie about themselves online.   So how can women protect themselves?  Keep your personal information to a minimum on all social media sites.  You don’t want to provide limited information on a dating site and your whole life story on Facebook. Create an e-mail address, and password, specifically for online dating sites.  This way you can compartmentalize your online dating communication.  Pay the website fees with a pre-paid credit card, to keep information about yourself to a minimum and prevent credit card fraud. Do not provide your home address or specific employment information, use generalities to describe yourself. Do not post photographs that identify your home, work, or friends.  When you find a good match, perform your own due diligence searches.

Keep an eye out for our book.

Personal Safety Security-Consciousness Training

We live in a society loaded with distractions. These distractions render us vulnerable to threats.  Many individuals are totally oblivious to what is happening right in front of them. How can this be? It is extremely hard to be aware of your surroundings focused on your cellphone with earphones in your ears.  This behavior leads to accidents and assaults.  I can not tell you how many times individuals have walked in front of my moving car while engrossed in their phone screens.  Fortunately, as a retired FBI Special Agent, I am extremely aware of what is going on around me. I am not trying to get across the street without tripping or walking into a sign, I am cognizant of threats. This class will illustrate why you need to be present to preserve your safety, and provide tactics to keep you safe, especially women and college students.