5 Practical Security Improvements For Small Businesses
Small businesses are increasingly becoming targets for cybercriminals. More often, attackers target smaller organizations because they’re perceived as easier targets with fewer resources dedicated to security. The good news is that improving your businesses cybersecurity doesn’t have to be complicated or expensive. Today, we’re discussing five practical security improvements that any small business can implement, […]
Business Email Compromise: Fortifying Your Business Against Email Deception
In today’s digital-first business world, one of the most subtle yet devastating weapons cyber adversaries employ is Business Email Compromise (BEC). It’s a sophisticated scam that preys not on the weaknesses in technology but on the trust within human relationships. BEC is an attack where a scammer uses compromised email accounts or spoofing techniques to […]
Findings Series: Deprecated TLS/SSL Protocol Versions Supported
Contents Description Classification Examples Remediation References Description Transport Layer Security (TLS) and Secure Socket Layer (SSL) Protocols are used to establish connections between a client and server. TLS/SSL protocols underlay a significant portion of the communcation conducted between computers. Vulnerabilites in TLS and SSL protocols arise from cryptographic failures often exploited throught an adversary-in-the-middle attack. […]
Go Ph*sh Yourself
Security awareness assessments are an effective means of gauging your employees susceptibility to clicking on suspicious links or engaging in less-than-ideal actions when it comes to handling received emails. While Maltek Solutions provides Security Awareness assessments, not every organization may have the budget to enlist an external resource. If you use O365 for your business […]
Findings Series: Weak Password Policy
Contents Description Classification Examples Remediation References Description Applications and environments are often only as secure as their weakest user account password. To prevent initial compromise from occurring through account takeover, it is common to enforce complexity, length, and renewal requirements for passwords across an application or network. When these requirements are not stringent enough (or […]
Findings Series: Cross-Site Scripting (XSS)
Contents Description Classification Examples Remediation References Description Cross-site scripting (XSS) is a code injection attack caused by improper input sanitization of user input in web applications. Attackers submit malicious input to a web application and run JavaScript functions that can dump cookies, hijack sessions, or even log keystrokes from a victim’s browser. XSS vulnerabilities are […]
The Next Step in Your Security Journey: Vulnerability Assessments
Previously, we discussed the process of creating a Threat Map to identify ways in which attackers may target your organization and what you can do to begin mitigating those threats. The next step in your security journey is to conduct a Vulnerability Assessment. This process is an essential part of all organizations’ overall risk management […]
Why You Need A Password Manager
Password managers are applications that securely store your login credentials across devices. Instead of juggling dozens of weak or reused passwords, you only need to remember one master password. The manager handles the rest – generating strong, unique passwords for each account and autofilling them when needed.
A real case highlighted the risks of poor password habits: A business owner using the same password for personal and professional accounts had both compromised. This led to unauthorized access, fraudulent invoices being sent, and financial losses.