✨ What’s New at Input Output: Innovations, Community, and Maybe a Store!

Big things are happening at Input Output! We’ve just launched ClickSafe Academy, our all-in-one phishing defense and training platform that scales from one user and even includes email firewall penetration testing with over 5,000 exploits. Plus, our vCISO Office Hours are on the way, offering a community space where you can connect with security experts and get real-time guidance. And because our USB data blockers have become a hot commodity, we’re toying with the idea of launching an online store to make our security tools more accessible. Stay tuned – exciting times ahead!

🌐 Cybersecurity News: Stay Ahead of Emerging Threats

The cybersecurity landscape is buzzing with new developments! The European Commission is making waves by investing €1.3 billion to boost cybersecurity, AI, and digital skills. Meanwhile, cybercriminals are getting creative with fake toll texts that target users based on their address, and generative AI is being leveraged to produce more convincing fake IDs. The phishing-as-a-service platform 'Lucid' is also on the radar, actively targeting 169 organizations across 88 countries.

In our latest blogs, we explore how balancing password security with usability can reduce risky behaviors, analyze the recent threat from malicious VSCode extensions, and examine the rise of VanHelsing RaaS. Plus, don’t miss our rundown of the latest cyber threats, including compromised GitHub actions and sophisticated malware campaigns. Stay informed and prepared!

📝 Compliance Management: Keeping Your Organization in Check

Staying on top of compliance can feel like a juggling act, but Input Output has you covered. Our latest guidance focuses on essential audits, including user access and permission reviews, data backup checks, and vulnerability assessments. Plus, if you missed any key reviews last quarter—like Information Security Policies & Procedures or Supplier Management Assessments—now’s the time to catch up! We also highlight the importance of properly classifying data to avoid security risks and share insights on preventing common backup failures. Stay compliant and confident with our practical resources and expert advice!

🚀 Launching ClickSafe Academy: The Ultimate Phishing Defense Platform

We’re thrilled to introduce ClickSafe Academy – your all-in-one phishing and social engineering training platform! From phishing, smishing, and vishing training to call-back simulations, we’ve got you covered. Plus, users can report suspicious emails directly through the platform, keeping everyone on their toes. Not only does ClickSafe Academy come packed with security and compliance training, but it also supports custom uploads for tailored content. And if that wasn’t enough, we’re bringing the heat with penetration testing for email firewalls, leveraging over 5,000 exploits to make sure your defenses hold up. Best of all? It scales from just one user. Who knew email security could be this versatile (and affordable)?

💼 vCISO Office Hours: Your Security Community Awaits

The Input Output vCISO Office Hours are coming soon, and we couldn’t be more excited! Imagine a community space where you can connect with our security and compliance architects, bounce ideas around, and get real-time advice on building a solid security program. Whether you're looking for guidance on compliance strategies or need input on your latest security initiative, this community will be your go-to resource. Stay tuned as we put the finishing touches on this next-level offering – it’s shaping up to be a game-changer!

🛒 Are We Opening an Online Store? Maybe... Probably... Okay, Definitely Thinking About It

You know you’ve hit the mark when your swag becomes a hot commodity. Our USB data blockers and other security tools were such a hit at recent conventions that even retailers are reaching out. So, we’re thinking: why not make it official? A storefront might just be on the horizon, giving you a place to snag our practical (and pretty cool) security gadgets. Keep an eye out – we’ll keep you posted!

iO™ Podcast: Cash in the Cyber Sheets

Cash in the Cyber Sheets is your go-to podcast for transforming cybersecurity, compliance, and risk management into powerful tools that drive business success. Hosted by James Bowers II, CEO and Chief Security and Compliance Architect at Input Output, each episode delves into the latest trends, strategies, and best practices in the world of cybersecurity. Whether you're a business owner, IT professional, or industry expert, this podcast offers insightful discussions, expert interviews, and actionable advice on how to leverage security and compliance to boost productivity and profitability. Tune in to discover how to turn what many see as obstacles into opportunities for growth and efficiency in your business.

Watch 'Cash in the Cyber Sheets' on YouTube:

Cybersecurity & Compliance - News, Trends, & Updates

Stay ahead of the curve with the latest news, trends, and updates in cybersecurity and compliance. This section provides essential insights into emerging threats, regulatory changes, and best practices, helping you navigate the ever-evolving landscape of security and compliance with confidence.

BIG BYTES - Quick Hit Hot Topics

• The European Commission has announced plans to allocate €1.3 billion (approximately $1.4 billion) towards enhancing cybersecurity, advancing artificial intelligence, and improving digital skills across the region.
• Fake toll texts now targeting users based on their address.
• Generative AI is being used to create better fake IDs.
• The 'Lucid' platform, a phishing-as-a-service (PhaaS) operation, has been actively targeting 169 organizations across 88 different countries.

🔑 Balancing Password Security and User Experience: A Smarter Approach

Creating strong, secure passwords shouldn’t feel like cracking a safe every time you log in. In our latest blog, we tackle the challenge of balancing robust password security with user-friendly experiences. We explore how overly complex password requirements can backfire, leading to risky habits like password reuse. You’ll discover practical strategies to enhance security without sacrificing usability – from adopting passphrases and real-time feedback to implementing user-friendly policies and multi-factor authentication (MFA). It’s time to rethink password practices for a safer and smoother digital experience.

Read More

⚠️ Malicious VSCode Extensions: A Wake-Up Call for Developers

The VSCode Marketplace recently faced a security scare when two malicious extensions, “ahban.shiba” and “ahban.cychelloworld”, were discovered deploying early-stage ransomware. These extensions executed a PowerShell command upon installation, fetching a payload from a remote server and encrypting a specific folder on the user’s system. While the ransomware was still in development, this incident highlights the growing risk of malicious code infiltrating trusted developer environments. Our blog dives into the details of the attack, the broader implications for the VSCode ecosystem, and essential practices to protect your development environment.

Read More 

🦇 VanHelsing RaaS: A New Threat in the Ransomware Landscape

Just when we thought we’d seen it all, VanHelsing ransomware-as-a-service (RaaS) emerges, proving that cybercriminal innovation never sleeps. Launched in March 2025, this new RaaS model has already compromised multiple victims and is making waves for its user-friendly interface and cross-platform attack capabilities. What sets VanHelsing apart? Its double extortion tactics, versatile targeting of Windows, Linux, and more, and an affiliate model that lowers the barrier for cybercriminal entry. Our latest blog dives deep into VanHelsing’s structure, attack methods, and how organizations can protect themselves from this rapidly evolving threat.

Read More 

🚨 Latest Cyber Threats You Need to Know: GitHub Compromises, Malware, and Ransomware Evolution

The cyber threat landscape continues to evolve, with new challenges emerging almost daily. Our latest blog covers some of the most significant recent threats, including a compromised GitHub Action targeting Coinbase’s projects, the rise of the sophisticated StilachiRAT malware, a massive ad fraud campaign exploiting over 300 Android apps, and the Medusa ransomware’s new evasion tactics. These incidents highlight the urgent need for robust cybersecurity measures, from securing open-source tools to protecting mobile devices and defending against ransomware. Dive into our full analysis and get practical tips to fortify your defenses.

Read More 

ISP Management - Information Security Program Updates & Requirements

Navigate the complexities of regulatory compliance and Information Security Program (ISP) requirements with confidence. This section covers essential topics to keep your ISP on track, reviews the latest tools and support resources, and offers insights for those utilizing iO™ WISP or other solutions to ensure your security framework remains robust and compliant.

IT'S TIME FOR - ISP Requirements

• User Access & Permission Audit
  • Input Output User Audit Form - ALM-FM-001.1_AuditTemplate_UserAccessReview_Rev1
• Data Backup Audit
• Vulnerability Assessment
• Audit the following:
  • Hardware asset list
  • Software asset list
  • Data asset list

If you didn't complete the following last quarter:

• Information Security Policies & Procedures Review
  • Input Output WISP - Written Information Security Program
• Supplier Management - Assessments & Review
  • Input Output ASL - Approved Supplier List (SVM-FM-002), and
  • Input Output Supplier Assessment Form (SVM-FM-001)
• Internal Audit - ISP Control Audit (Review all implemented ISP controls)
  • Input Output Audit Template (ALM-FM-001)
• Internal Audit - Technical Control Audit (Review all implemented technical controls)
  • Input Output Audit Template (ALM-FM-001)

🔍 10 Must-Do Steps for a Compliant User Access and Logging Audit

Staying compliant with regulations requires a thorough and structured approach to auditing user access and logging. In our latest blog, we break down the 10 essential steps to ensure your audit process meets regulatory standards. From defining the scope and gathering necessary data to analyzing logs and addressing gaps, this guide covers everything you need to perform a compliant and effective audit. Whether you’re looking to strengthen your security posture or meet industry compliance requirements, this article has you covered.

Read More 

💾 Data Backup: Six Common Failures to Avoid

Backing up data is essential, but not all backup strategies are created equal. In our latest blog, we uncover the six most common data backup failures that organizations encounter, from outdated systems and incomplete data capture to poor recovery planning. Learn how to avoid these pitfalls to ensure your critical data is protected and easily recoverable when disaster strikes. Don’t let a backup failure put your business at risk – get the insights you need to safeguard your data.

Read More 

📂 Poor Data Classification: A Hidden Cybersecurity Risk

Data classification is more than just labeling files – it’s a critical part of your cybersecurity strategy. In our latest blog, we discuss how improper data classification can leave sensitive information exposed, increasing the risk of data breaches and compliance failures. Learn about the key challenges organizations face and the best practices to properly categorize and protect your data assets. Don’t let misclassification put your organization at risk – find out how to strengthen your data security.

Read More