Author: Bonnie Smyre

  • How Bonnie Banished Her Boring Background

    Raxis has always been a remote-work team, even before COVID, so we’re accustomed to spending a lot of time on Zoom. Thus my plain green wall has been an ongoing source of amusement for my colleagues, but I never gave it a lot of thought until I started doing more videos for public consumption. 

    Before: My personal “green monster.”

    That’s when it hit me – the green wall looks like a green screen awaiting a novelty background. It’s boring and bland and very much not my style. So, I decided to change it up for something that is. 

    Of course, it helps that I have an amazing and talented friend, Kasi Reilly, who could take my wall from blah to beautiful. Even more importantly, Kasi understands my individual sense of style, and I trusted her to bring my vision to life. 

    She did not disappoint. 

    I knew I wanted colors and flowers. Kasi agreed and recommended that we make it bright and cheerful while remaining calming and serene. I thought that would be a difficult balance to achieve, yet when “Garden Party” blossomed on my wall, I realized my friend had captured it perfectly.

    After: The “Garden Party” in full bloom.

    So now when you’re watching my Raxis videos on YouTube or social media, you’ll be treated to this beautiful piece of art. And my fallow green wall is now in permanent bloom.

    If you love Kasi’s artwork as much as I do, check out her instagram, @kasirliving and her Facebook page: Kasi Reilly Living.

  • Social Engineering and the “Ishings” Explained

    Long gone are the days of a Nigerian Prince trying to win you over – via email – with his incredible offers. Today, it is all about the ‘ishings’ – you know, phishing, vishing, spear-phishing and smishing. And don’t forget about direct interaction. 

    Ah, the wonderful world of social engineering. Hackers love it because it’s highly effective, and, though there is no way to just make it go away, there are plenty of ways you can become more resistant to these types of attacks. 

    Check out the video above from our smart friend Brian Tant, Chief Technology Officer here at Raxis, who explains it all in terms even your grandpa can understand.

    Effective cybersecurity requires an investment of time, talent, and treasure. But, when you consider that a cyberattack can cost even a small business upwards of $200,000 – plus reputation damage and other intangibles, the costs to harden your security posture are a bargain. Every company needs a cybersecurity threat mitigation plan. 

    Enter Raxis. Our team of experts can bring your company’s security vulnerabilities to light, show you how to remedy them, and provide ongoing remote monitoring to help you stay secure.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the first part of our Common Vulnerabilities discussion.

  • Why Tailgating is an Effective Hacker Tactic

    Picture it – you see someone with their arms loaded down trying to get into your office building – what do  you do? 

    A. Quickly rush over to open the door for them and lend a hand

    B. Walk right by and enter the building

    C. Ask them for their employee badge before allowing them to enter or entering yourself

     Human nature would tell you to pick A. Of course you would offer to help and hold the door for them. 

    And for some B might be the answer because they are in a hurry and maybe have a suspicious nature. But, if you chose C, you could very well be your company hero since you could be the reason a hacker did not gain access to your building and ultimately your network. Sure it may be uncomfortable to question people, but I promise a security breach will be much worse. 

    Raxis’ group of ethical hackers have found that this technique of tailgating by a hacker is successful time after time. Hackers know, if they spend just a little time watching the practices of a company’s employees and the general pattern of how people gain access to the building, that they have a pretty good shot at getting in as well. 

    Check out the video above from Raxis’ VP of Sales Brad Herring as he explains how hackers manipulate our fundamental desire to be helpful: 

    We have said it time and time again – if someone with ill intentions is able to gain access to your building, it can only take a matter of minutes for them to find an open port, put a device on the network, and gain access to your sensitive data. 

    If you are ready for Raxis’ elite team of professionals to put your security to the test (did we mention we have successfully breached some of the most sophisticated corporate networks in the US?), then reach out to us through our contact page.

    Also, if you enjoyed this video, please be sure to subscribe to our YouTube page for more videos that can help you improve your security posture.  

     

  • Picking Up the Pieces After Hurricane Sally

    Hurricane Sally has hit Raxis close to home, as we watched our colleagues and friends in Pensacola make it through the storm & begin clean up. Raxis’ Scottie Cole tells us how disconnected people feel as they wait to regain power and internet access.

    In some ways, this disaster reminds us of what companies (and people) go through after they have gone through a breach or a “hack.” At times like this, the important thing is understanding that the unexpected happens in business and in life. You prepare as best you can in order to recover as quickly as you can.

    Hurricane damage in Pensacola

    Pensacola, FL Credit: Jim McClellan

    Our hearts go out to everyone affected by Hurricane Sally.

    Title photo: Niceville, FL; Credit: Eddie Herring

  • It Might be a Phishing Attempt . . .

    Hackers and cybercrooks use lots of tools to get into your network and steal your information, but the cheapest, easiest, and most common is still by email phishing. Effective spam and virus filters can shield you from a lot of these attempts, but certainly not all. The most effective way to protect yourself is to educate your team. Toward that end, here is yet another reminder about some tell-tale signs in an email that it might be a phishing attempt. Of course, there are some other signs that tell you it’s definitely a phishing attempt.

    • If your CEO suddenly asks you to buy a ton of gift cards, it might be a phishing attempt. If she’s the type who also frets over the cost of paper clips, it’s definitely a phishing attempt.
    • If it’s a random news story from an outlet you don’t follow, it might be a phishing attempt. If the link points to http://mailorderbrides.someassemblyrequired.com, it’s definitely a phishing attempt.
    • If you see .ru in the email anywhere, it might be a phishing attempt. If it’s written in Cyrillic script, it’s definitely a phishing attempt.
    • If you vaguely remember your network admin warning you about the sender, it might be a phishing attempt. If she’s running toward you, waving her arms wildly, and shouting “nooooo!” it’s definitely a phishing attempt.
    • If it’s an unsolicited email, even from a reputable company, it might be a phishing attempt. If it’s from Facedook, Amazom, Microsfot, or Gooogle, it’s definitely a phishing attempt.
    • If your friend says she’s stranded in Japan, it might be a phishing attempt. If she hasn’t traveled outside the city since ‘N Sync broke up, it’s definitely a phishing attempt.
    • If it’s about your benefits or salary and you had no prior notice from HR, it might be a phishing attempt. If they misspelled HR, it’s definitely a phishing attempt.
    • If it’s from your significant other reminding you to bring home coffee, it might be a phishing attempt. It’s probably not a phishing attempt, but now you have a (lame) excuse if you forget.

     

  • Securing Your Wireless Network

    This week Raxis Chief Technology Officer Brian Tant continues his video series about the most common vulnerabilities our team has discovered as they’ve performed thousands of penetration tests across the US over the years.

    In this video Brian highlights the unique challenges wireless security brings to the table and breaks down which type of encryption you may want to consider to enhance your wireless security posture and protect your network. 

    Brian explains the pros and cons of WPA2 Personal Encryption, WPA2 Enterprise Encryption, and Certificate-based Authentication and discusses which one the Raxis team recommends to bolster your security.

    Hopefully, you’ve watched the video and have a better understanding about which type of network encryption is most secure. If you still have questions or want to learn more about protecting your corporate network, please reach out.

    The Raxis team brings years of hacking and penetration testing experience to the table. We can use that experience to improve your skills and make your environment more secure.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.

  • What to Expect When You’re Expecting a (Raxis) Penetration Test

    I made this video to help you understand a little better how Raxis works, and specifically what happens once you engage us. I hope it allays some of your concerns about penetration testing.

    There’s no reason to fear a pen test. Seriously. After all, it’s just a simulated cyberattack, one that you authorize and allow. Yet some CEOs, CIOs, and CISOs are hesitant to allow this ethical hacking for fear that the bad guys will somehow use it against them, that it will cause security issues, or that it will make them look bad. In fact, it’s just the opposite – especially if you choose to engage Raxis.

    We get it, though. It’s natural to be cautious, and it’s prudent to want to know more about the people you’re working with, especially when granting access to your company’s most sensitive data. Whether you choose to work with Raxis or any other firm, we recommend you ask (and answer) plenty of questions up front. You want to know the company has the right experience to offer a range of high-quality services. One size definitely does not fit all. The firm you select should speak to you in advance to understand your specific needs and expectations . . . and then design and deliver the type of test, training, and follow-up that best protects you and makes you more resilient.

    The Raxis team has some of the industry’s most advanced certifications, but we don’t intimidate our customers or hide anything from them. We believe knowledge empowers our clients, and we share it freely. Whether you use us or someone else, penetration testing is a critical part of your corporate cybersecurity strategy that you should not put off or bypass.

    As you can see, we welcome your questions and concerns during every phase of our process. We conclude our pen tests with an executive summary for management and detailed findings and screenshots that can serve as a to-do list for your internal teams.  

    Raxis stands by our processes, our team, and our word. Now it’s up to you to perform due diligence and research the expertise and deliverables of any cybersecurity company you’re considering. Follow us on this blog or social media, read more about our pen testing experience, or contact us directly to learn more about why some of America’s corporations (and small businesses) choose to work with us.

  • Securing the Internet of Things

    The term “Internet of Things” is almost redundant now. If it’s a “thing” that has more than one setting, odds are it is or can be online. Whether or not you need remote access to your toaster oven is a question for another day, but it is an option

    Here’s the problem: As the Raxis team proves on a near-daily basis, anything that’s connected can be hacked. It’s not that someone’s going to overcook your morning bagel as a prank (although that would be a good one). Instead, it’s that uncontrolled access to any device can give a bad guy a way into your network (and maybe all your devices) if you’re not careful.

    The good news is that there are some simple safeguards you can take to protect your smart devices, and our new Securing the Internet of Things series will take you through them.

    Scottie Cole, senior penetration tester, is kicking things off with the quick video above about securing your home thermostat or corporate HVAC system. I encourage you to watch and to follow Scottie’s advice. Better to take a few minutes now than take a big loss later.

    PS – We’ll do a video on protecting your smart toaster . . . as soon as we find someone who owns one.

  • When There’s More than Money on the Line

    In our line of work, reading about the latest cybersecurity breach instinctively raises the questions of how many records were lost or how much money did it cost to recover. Hackers are most always after the big payoff, either directly or indirectly, so we’re conditioned to think mainly in terms of economic losses, privacy issues, or damage to a company’s reputation. However, as more and more devices are connected to the Internet, the stakes can be much higher.

    Computer Weekly reported in June that cyberattacks against healthcare facilities had increased 15-fold between January and March of 2020 — coinciding with the COVID-19 outbreak. Think about that for a second. With our hospitals and medical personnel facing a global pandemic with overburdened resources, the bad guys seized the opportunity to ramp up their attacks. Not only hospitals, but the US Department of Health and Human Services (HHS) and the World Health Organization (WHO) were targets as well.

    Although we at Raxis enjoy our jobs, we never forget the true nature of the people we’re trying to stop. And we always remember the hard-working people we’re trying to help.

    One such person is my friend, Judy Chang, a senior nurse in a local hospital’s neonatal intensive care unit (NICU). As I thought about the potential impacts of a major health care breach, I thought it might be a good idea to introduce Judy to our friends and readers, so I set up a conversation with this front-line hero who works with some of the most vulnerable patients anywhere — the newborn babies who need intensive care in the first hours and days of their lives.

    I encourage you to watch the interview and hear Judy describe her work to help these struggling infants. As you do, consider the impacts of a cyber breach that impacts her team and the sensitive equipment they rely on. As much as I enjoy my work, her story helps me remember that cybersecurity doesn’t just protect networks — it also protects innocent lives.

  • Understanding the Why Behind Password Management

    In this video, Brian will help you understand password management from the viewpoint of a hacker. It’s more than a how-to; it’s also a why-to. We’re hopeful that by seeing a little of what we see, you’ll make password management a high priority for your company.

    Despite years of warning, cajoling, and even begging by security professionals, password mismanagement is still one of the most reliable (and one of our favorite) ways to breach a company network. This week, our chief technology officer, Brian Tant, continues his video series about the most common vulnerabilities we see during hundreds of penetration tests each year.

    Remember: Complex passwords, unique to each account, and changed frequently are keys to effective password management and security. Also remember to check your service accounts and make sure that old passwords aren’t lingering on your devices.

    Effective cybersecurity is a matter of behavior as much as it is technology. Let’s make strong password management a habit that catches on. 

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.

  • What is Least Privilege Access?

    This week, we’re continuing to explore some of the most common vulnerabilities the Raxis team has discovered during thousands of penetration tests across the US. In the video above, Brian Tant, our chief technology officer, discusses the principle of ‘least privilege access’ and why it’s an essential component of an overall business cybersecurity strategy.

    Hopefully, you’ve watched the video and have a better understanding about why you should restrict permissions as much as possible and still allow team members to get their jobs done. If you still have questions or want to learn more about protecting your corporate network, please reach out.

    The Raxis team brings years of hacking and penetration testing experience to the table. We can use that experience to improve your skills and make your environment more secure.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.