info@increaseyourskills.com +49 341 249 116 71|      |   EN DE EN

Blog

Keeping you informed of the latest news.

 


Our Blog

We comment on all the latests changes in the world of information security, data protection, cybersecurity as well as our own company developments.
Below you will find an overview of each blog article.

Cybergrooming: How to protect children and young people from online dangers

On June 1st, it will be Kindertag (“Children’s Day”) here in Germany. As such, we have taken it as an opportunity to raise awareness about the dangers that exist for young people online. Today’s blog post will focus on one of the biggest threats facing children online: Cybergrooming. But what exactly is cybergrooming, and how can we protect children and young people from it...

What is tabnabbing and how does it work?

Like other varieties of phishing, tabnabbing is a form of fraud that targets users for a variety of reasons, ranging from identity theft or installing malware to the looting of accounts...

PUP – What are potentially unwanted programs, and how can you protect yourself from them?

Everyone knows about viruses and Trojans. But what are PUPs (Potentially Unwanted Programs), and are they a danger to your computer? Read on to learn more about this topic, including tips on protecting yourself from PUPs...

Your data in plain sight – what is "credential stuffing"?

In the latter half of the 1950s, the term “hacker” was first officially used. What began as a modest problem has since become more and more sophisticated and pernicious over the decades...

What is smishing and how can I protect my business against it?

According to the FBI's 2020 Internet Crime Report, phishing, smishing and vishing rank first among cybercrime types. Together, they have caused around $54 million in damage in 2020 alone – clearly showing that these cybercrime methods are still very relevant today, despite increased awareness of them...

AvosLocker – A new tool of the digital hostage-takers

AvosLocker is a new ransomware variant and has been active since June 2021. It encrypts files so that they can no longer be opened or read and affects Windows systems. Typical of ransomware attacks is the subsequent demand for a ransom – in the case of AvosLocker, a payment for decrypting the files...

"Black Hats", "White Hats" and "Ethical Hacker" | What's the difference?

If you type Black Hat or White Hat into the search engine, we aren't just presented with results about the latest offers on hats. These terms are also linked to information security and hacking computer systems. But what do hats have to do with hacking? And what constitutes an "ethical hacker"? These are the questions that we will be answering in the following blog article...

Customised e-learning awareness courses for your company

Why Increase Your Skills? Why e-learning? Why interactive? – Why not employ traditional methods? Quite simply: because it is possible and we can do it! Topics such as data protection and information security can quickly appear to be both tedious and dry. However, thanks to Increase Your Skills' interactive e-learning awareness courses, this is a thing of the past...

Security through the backdoor

A backdoor refers to the parts of a computer system that usually enable hidden access to the system or its data without having to use the regular routes. Most backdoors can be found in the software, but some hardware also contain built-in backdoors...

Typosquatting – A harmless typo with serious consequences

Have you ever heard of mikerowesoft.com? Or does the website duetschebank.com ring a bell? Attentive readers will have noticed that a few errors snuck in there. This kind of error is called typosquatting, or URL hijacking, and is a form of cybersquatting...

Tips for preventing and preparing for ransomware attacks

What sounds like a bad crime movie has become a reality in the digital space: criminal gangs lock factory gates and only let us back in when we pay a ransom. In my work as a digital forensic scientist, I am repeatedly asked: what should I do to protect myself? And what if, unfortunately, it does happen?...

Doxing – What you need to know about data compromise

Perhaps you have heard of doxing before. Nevertheless, this term may still be unfamiliar to some people. However, whether you are familiar or not, everyone needs to be aware of the dangers associated with a possible doxing attack. Everyone would like to ensure that their own data present on the internet is protected from identity theft and similar threats. But is doxing really that dangerous...

Trojan Horses: From Ancient History to Modern Threat

In January of this year, the Trojan horse (or simply trojan) known as Emotet was disrupted thanks to a coordinated international effort, which included authorities from both sides of the Atlantic. Since originating as a banking trojan in 2014, it has gone on to wreak havoc across millions of devices. It was even developed into an ‘attack for hire’ service offered to other criminal gangs...

Delusion or Reality? How Artificial Intelligences Abuse Our Trust

Do you still remember Barack Obama’s words: “President Trump is a total and complete dipshit!”? Quite provocative, one is not used to such statements from the ex-US president. But did he really say that? Of course he didn’t. This video is a so-called deepfake and was created by Jordan Peele to show how dangerous such a fake can be. But let’s delve a little deeper into the matter...

Measuring Cybersecurity Awareness Training: Methods and Motivations

I am sure we are all familiar with the scenario: You want more funding for a project, funding that will contribute to a positive outcome for the company if invested correctly, but you face stiff resistance from the powers that be. It comes down to money, pure and simple. How much do they have to put in...

Ransom Attack on Colonial Pipeline

There is an increasing trend of cybercriminals "kidnapping" data and holding it to ransom. This is achieved by encrypting stolen data and only releasing it after the extortionists' demands are met. Another component of this crime is threatening to publish the victims' sensitive data if they do not cooperate and pay the ransom. A current example of this taking place in the USA...

Alexa, are you spying on me? Siri, Alexa, Google Home & co are listening in!

I am sure you know the feeling: you are lying in bed and have forgotten to turn off the light. It was so cosy just now; do you really want to get up again? Smart home devices can cure this and countless other problems. Siri, Alexa and others have already moved in with many people. The smart home speakers are in the living room, bedroom, children's room...

REvil Ransomware

A new hacking group is currently making a name for itself internationally: REvil, or Sodinokibi. The group first emerged in spring 2019, and they appear to be a successor to the group behind the GandCrab ransomware. GandCrab was one of the most effective ransomware campaigns of 2018 to mid-2019. Ransomware is a form of malware installed...

Simple measures and tips for increasing levels of information security in mobile work

The rapid transition for many companies to mobile working has increased the attack landscape for cybercriminals. Companies are forced to take care of a multitude of attack vectors, with attackers able to specialise in individual vulnerabilities and gateways. Even when working from home...

How an attentive employee prevented a cyberattack on the drinking water supply in Oldsmar, Florida

In early February this year, the 15,000 residents of Oldsmar, Florida, escaped having their drinking water poisoned because an employee noticed suspicious activity and prevented it from...

Why you shouldn’t post your children’s pictures on social media

In the 21st century, posting pictures of your kids on various social media sights sites is the new normal. The average child has a digital footprint before the first tooth shows up. Some children even have a digital footprint before they are even born; that happens when the parents post...

Information Security vs Data Protection

Is this an issue for our ISO or our DPO, or is it much the same in either case? Who exactly is responsible for this incident, and is there a need to report it at all? In order to discuss the similarities and differences between information security and data protection, the first step is to define the two areas...

DNS Spoofing: What is it and how can I recognise it?

Today, search engines dominate the World Wide Web. For example, to visit the website of Increase Your Skills GmbH, very few users directly enter the domain increaseyourskills.com into the URL bar of their web browser. Instead, most will type something like "increase your skills courses" or "increase your skills data protection"...

The excesses of the WannaCry crypto worm

There was widespread panic when a new piece of malware called WannaCry emerged four years ago, on 12th May 2017. Within a very short time, it managed to infect more than...

Cybersecurity as a competitive advantage

What does cybersecurity have to do with the economic success of your company? Nothing, you think? Well, this view was perhaps still true 10 years ago, but nowadays, these two processes go hand in hand. As the digitalisation of companies continues to increase...

Social Engineering - How you can protect yourself against it

According to studies, more than 70 per cent of all cyberattacks do not primarily target hardware or software but rather attempt to obtain sensitive information through targeted manipulation of humans to carry out further attacks...

Data protection and data security: these are the differences!

What is meant by the terms "data protection" and "data security" mean? Are you aware of the differences? We will tell you one thing right from the start: "data protection" and "data security" do not mean the same thing...

Four tips to stay safe on TikTok!

In times of a pandemic, the desire for variety is always stronger. This is true for adults, but especially for children and young people. At the moment, however, there is a lack of alternatives, especially for the latter, as it is hardly possible for children and young people to meet their friends in person on a regular basis. Therefore, it is not surprising that...

DuckDuckGo vs Google – 5 reasons why you should give up using Google!

You were not aware that DuckDuckGo is a search engine? Well, now you know. Since its founding in 2008, DuckDuckGo has made it its mission to develop a search engine that does not store or share personal data, quite unlike Google...

WhatsApp, Telegram & Co: Which chat apps should you be using from a data protection perspective?

WhatsApp and Telegram have shared a common fate lately, and that is: negative headlines. WhatsApp because of the planned changes to its terms of use and the resulting more extensive sharing of data with Facebook. On the other hand, Telegram is more often associated with conspiracy theorists...

Data protection – Quo Vadis?

The reaction was substantial when Google announced at the beginning of March 2021: “No more advertising based on individual surfing behaviour!” Some people may have rubbed their eyes in disbelief: Google is voluntarily giving up the lucrative business of data? No! There can be no talk of voluntariness...

Correct handling of an information security incident

Security incidents can have a drastic impact on companies and cause severe organisational and financial damage. It is imperative to have good processes and procedures to deal with them quickly and efficiently to minimise the impact...

Digital learning vs face-to-face teaching – which is better?

When you look at the title, the first thing you might think is: why compare the two things with each other? Teaching and learning – like comparing apples and oranges. On the one hand, the focus is on the person learning; on the other, the person teaching...

How can digital learning processes be made interactive?

In times of Corona, in which homeschooling, online lectures and e-learning alternatives are on everyone's lips, it is important to know how to use these resources properly. For each person, the external circumstances and the whole learning atmosphere is subject to change...

Electronic patient file 01.01.2021 - it's finally here, but what does it do and how do you get access?

They say good things come to those who wait. Does this also apply to the electronic patient record or "ePA" for short? 2021 begins with an innovative start for those with health insurance: The introduction of the ePA! The ePA is supposed to be a milestone of digitalisation in the health care system and improve the processes between the insured and the service providers...

Targeting IoT technology – Security vulnerabilities for cybercriminals

IoT technology, or the networking of devices via the internet, has been a growing buzzword in recent years. Smart home is an area in which IoT - Internet of Things - is increasingly appearing in the private sector. After all, who needs analogue devices when every device in the future can connect to the internet, thus exchanging data more quickly? But in addition to the opportunities, IoT poses plenty of high risks, especially in the area of cybersecurity...

Twitter fined – the 72h notification period for data protection breaches under Art. 33 GDPR knows no holidays (Part 3 of 3)

In Part 1 and Part 2, on the occasion of the data breach of Twitter, we dealt with the notification obligation of the controller towards the supervisory authority and the notification obligation of the processor towards the controller according to Art. 33 GDPR. In this third and final part, we will focus on the data controller's obligation to notify the data subjects under Art. 34 of the GDPR...

Twitter fined – the 72h notification period for data protection breaches under Art. 33 GDPR knows no holidays (Part 2 of 3)

In Part 1, on the occasion of Twitter's data breach, we dealt with the notification obligations of the controller vis-à-vis the supervisory authority, Art. 33(1) GDPR. In this second part, we will focus on the notification obligations of processors...

Twitter fined – the 72h notification period for data protection violations under Art. 33 GDPR knows no holidays (Part 1 of 3)

Company holidays or staff shortage – every company is familiar with these when holidays or school breaks are just around the corner. The final tasks are quickly completed, and temporary replacement plans are drawn up, to who must take over what in case of an emergency. However, data protection is often forgotten. This has now also become Twitter's undoing...

Cyberattack against gaming company Capcom – Ransomware compromises user data

In a press release, the game manufacturer Capcom announced that there were inconsistencies in the internal network as early as 2nd November 2020. Potentially, up to 350,000 data records of customers and business partners could be affected. As this attack shows, it is not only customer data that is targeted.

Romance Scamming - The Fraud with Fake Love

Marriage scamming is not an unknown phenomenon, with the penal code even threatening offenders with up to 10 years imprisonment. Nowadays, similar perfidious scams involving fake love are taking place online. “Love scammers” or “romance scammers” can be found on social networks or online dating sites, which they use to track down potential victims...

Insider attack on Neobroker

A few weeks ago, there were reports of a data leak at the fintech startup. On October 19th, the company informed its customers about the data leak and the associated unlawful access to data of more than 31,000 customers...

A rise in cyberattacks on employees working from home

Around 7 million cyberattacks occur every day on employees working from home in German-speaking countries. The main target is the remote desktop protocol. This is the conclusion reached by a global security software company in a current research report on the threat situation in the third quarter of 2020...

The making of our awareness courses

You remember E.T., right? I hope I'm not destroying your view of the world when I tell you that this alien being with the long thin neck is not, in fact, a real alien, but merely a puppet brought to life by (then) modern technology. At Increase Your Skills, we don't create Hollywood films, but we can at least have a say in the animation of our puppets. In fact, all of our courses are brought to life by these very puppets...

Creating strong passwords

What would you say if asked whether you think you use strong passwords? No? Then you should immediately look at changing this. Every year, number combinations such as 123456 top the list of Germany's most frequently used passwords...

Four out of five companies do not employ IT professionals

The Corona pandemic and the sharp increase in those working from home have put companies' IT infrastructure to the test. A new study by the Federal Statistical Office has concluded that only one in five companies (19%) employs its own IT specialists...

Hash Functions and Password Security

Did you know that the secure web services you log in to with a password do not actually know the password you use to log in with? Why is it done that way? And how is that even possible?...

Hash Functions and Information Security

Some things we miraculously find all around us once we have discovered them, even though we never noticed them before. Hash functions are a good example of this. They are an important ingredient...

The danger of internal data theft

The media, news and Hollywood films of our time tell us about the dangers of foreign spies, hackers operating in the Darknet or a great cyberattack from a whole army of computer nerds. However, the reality can sometimes look different. A study by the auditing firm KPMG surveyed 1001 companies and found that 80% of all respondents fear...

Why I invest in Increase Your Skills as a business angel

For more than one and a half years now, I have been accompanying the development of Increase Your Skills as, as it is so euphoniously and pretentiously called, a business angel. I have invested my own money in the financing rounds, but I support Hannes and Carolin in all questions of management and company development. Why do I do this...

Cryptojacking – A gold rush for cybercriminals or an outdated attack scenario?

With major victims such as Tesla, Avira and Gemalto, cryptojacking has already been making appearances in the media since 2018. With the rising price values of major cryptocurrencies, clandestine mining had great potential to affect IT infrastructures, with cybercriminals facing their own gold-rush moment...

Successful phishing attacks via social networks

Due to the current situation with Corona, trade fairs, congresses, and other on-site appointments are only possible to a limited extent or not at all. For this reason, B2B networks such as LinkedIn and Xing are becoming increasingly relevant. Recent studies on phishing campaigns show that phishing emails with such a network in the subject line are...

We present our new awareness course: Data Protection in the Hotel Industry

The GDPR has created a basis that subjects the level of data protection of personal data throughout Europe to fundamental protection. In principle, every person should be able to determine for themselves whether and which personal data of theirs are processed...