Security Tip of the Week

Yes, Most Experts Still Recommend Using a Password Manager

January 23rd, Tip of the Week  | The recent data breach at LastPass has many folks wondering whether a password manager is worth it. Most industry experts still say yes. While it’s true that password managers can be hacked lots of different ways, they still offer an enhanced level of security over currently available alternatives.

According to KnowBe4, “password managers allow users to create and use different strong and perfectly random passwords for every site and service. This prevents the compromise of one site or service from more easily leading to another compromise of the same user on a different, unrelated, site. And the strong passwords that most password managers create and use today are ‘unguessable’ by any known technology”.

Phishing is the Number One Delivery Vehicle for Ransomware

January 16th, Tip of the Week  | According to Deloitte, “the motive behind this is that phishing emails are easy to send and lead to a faster return on investment (ROI). Phishing, as part of social engineering schemes, lures victims into executing actions without realizing the malicious drive. The less aware the targeted user is, the more fruitful the attack. Likewise, in case of targeted attacks, phishing emails are created to look like they come from a trustworthy sender, but link to or contain malicious content that executes as soon as users click it, encrypting their data and asking for the ransom”.

It’s equally important to note that the number one method for protecting organizations against phishing and ransomware is awareness. Stay aware, alert and suspicious of emails asking you to click a link, download a file, or input your personal information.

Beware of Spear Phishing Associated with LastPass Breach

January 9th, Tip of the Week  | The plaintext information (e.g., email addresses, telephone numbers, etc.) stolen in the recent LastPass data breach is incredibly useful to any hacker doing social engineering and phishing. It allows an attacker to specifically target (i.e., spear phish) a potential victim using information not known to the general public and other hackers. Bad actors may contact LastPass customers in an attempt to get them to reveal additional information like logins for banking sites or social media accounts. Never give your information away when requested from an unsolicited call or email message.

Project Workday

Workday Training Site

Workday Login

HR / HCM FAQs

Information Technology Services

ITS Dashboard

MyApps

W&L Logo

204 W. Washington St.

Lexington, VA 24450

(540) 458-8400