Security Stance Adjustments

Update for Slingshot’s Managed Clients
—-

Cyber-criminals are actively targeting small businesses now.

Fortunately, as a Slingshot Pro-Managed client, you already have us on your side, and we’ve been adapting to keep your business safe.  We want to get you up to speed with a security briefing:

Security Training

“I think I clicked something I shouldn’t have…”

We’ve all been fooled before, and we’ve also heard the above line often.  The most dangerous party of technology is the people using it, and the best security systems don’t matter without human vigilance.

As part of our SecurityAware services, we’ve been delivering critical Security Awareness Training to our clients’ staffs.  If yours haven’t received training yet, you’ll hear from us soon — please be ready to schedule your teams for all-hands training!

Security Tools

We’re also rolling out system improvements:

  • MailControl: Besides Slingshot’s regular perimeter-based email filtering, we’ve been rolling out additional protection that AI-scans emails after they reach your inbox.  On top of this, our new phishing simulations now actively train users to stay vigilant for email red flags.
  • WebFilter: A new filtering engine on this gives us more consistent block pages (even with HTTPS) and a much more streamlined support process if you ever need a filter exception.
  • Managed Antivirus: New plumbing here too, with dual scanners and enhanced detection & tracing capabilities (EDR) to keep your systems safe from tricky files and similar that might’ve slipped past the first layers of defense.

Users may see some differences, but nothing confusing and all for the better.

Security Tips

Spot the most frequent red flags in email:

  • FROM someone you know?
    → Make sure you recognize the actual *address* (in parentheses) and that it’s spelled right.
    (Even then, a scammer could have hijacked that person’s account.)
    → Also, make sure the SUBJECT and BODY sound like that person.
  • Never open any LINKS or ATTACHMENTS that aren’t specifically known and expected.
  • Request for sensitive info like passwords or gift card codes?  → Scammy!
  • Followed an email link and prompted to enter Microsoft 365 or Gmail credentials? → DON’T!  (At best, the sender just sent the wrong link, but it’s usually a trick.)
  • Anything seem off? → Call the sender to verify, at a number you already have, and make sure it sounds like them.

If your staff hasn’t received security training yet, please share these tips with them!