Securing the Work-At-Home Environment

Securing the Work-At-Home Environment

The new business realities created by the coronavirus pandemic include unprecedented numbers of people working from home or from other remote locations.

Global Workplace Analytics, a company that helps companies understand the business case for workplace strategies and practices, in a report released in April 2020 said more than half of U.S. employees (75 million workers) hold jobs and have responsibilities that could be performed, at least in part, from home.

The company forecasts that 25% to 30% of the workforce will be working at home on a multiple-days-a-week basis by the end of 2021. Kate Lister, president of Global Workplace Analytics, who’s been studying remote work trends for more than a decade, predicts the recent crisis will be a tipping point for employee work-from-home programs.

While the work-at-home trend can have positive benefits such as increasing worker satisfaction and decreasing carbon emissions from reduced commuting, it can also lead to potential data security and privacy risks.

Organizations will need to effectively address these challenges in order to make this new operational model work. Are they doing this? Not really, according to new research from Gartner.

The firm’s report, the Risks of Remote Work: Cybersecurity, published in March 2020, noted that companies have acted fast to allow remote work in the wake of COVID-19, “but most of them have neglected to convey the rules to follow.”

Leaders need to help communicate rules that include guidance on how to safeguard data, the report said. Two of the more important rules are to follow email protocols and avoid public Wi-Fi.

“The sudden and massive work-from-home arrangement now underway around the world presents companies with enhanced risks surrounding remote work,” the study said. “What was once a background concern over cyber security and disengagement is now front and center.”

Most employers have failed to convey the rules staffers should follow while working outside the office. The firm polled 500 U.S. employees in March and found that just 22% communicated a plan of action in response to the virus.

With data breaches at record highs in 2019, organizations were already vulnerable even before the pandemic hit, Gartner noted. But effective communication about behaviors is critical now more than ever.

The majority of security failures result from an organization’s own employees, the report said. In the current work-from-home environment, risk leaders need to work with the CISO and IT leadership to communicate cyber security guidance, and remind employees that rules regarding proper email protocols must be followed outside the office.

“Coordinate with your cross-functional partners to make clear to employees that the same security practices that are required in the office also apply at home,” it said. Remind workers to secure their home Wi-Fi systems, which is as simple as making it password protected.

Sending sensitive data to a personal email account or computer is an unnecessary risk, since such accounts and devices tend to be less secure, the report said. Instead, staff should always use a work-issued computer, or connect to the secure work network, such as a virtual private network (VPN), to work with personal information.

Organizations also need to review their remote work policies and ensure that they include measures to safeguard company data, and then distribute or redistribute the policies company wide to get the word out to all workers.

Risk teams should coordinate with the CISO and human resources department to send an email blast, with easy-to-read reminders and links to relevant policies including confidentiality policies. “Employees are not likely to read long policy documents when they’re glued to the news and trying to get work done,” the report says.

An additional step to bolster security for the work-at-home environment is to deploy physical security measures. For example, employees who are working with or storing sensitive data such as patient records or customer personal information need to take precautions to ensure that monitor screens and printed materials containing such data are not visible to other people who should not be seeing it. This might include locking home office doors and windows to prevent the data from being stolen.

And companies need to take steps to make sure home workers—and all employees for that matter—don’t fall prey to newly emerging scams that take advantage of the current situation. “Cyber criminals exploit peoples’ hopes and fears, and with a lot of fear around COVID-19 they’ve already found ways to cash in,” the report said.

Awareness about these scams is often the best protection, Gartner said, but organizations should also consider why employees are vulnerable to these threats and provide training resources that address them.

read more

5 ways to improve your home Wi-Fi in self-isolation

If in pre-virus times you were quite happy with the quality of your home Wi-Fi, but you’re not now, you are not alone. Life in lockdown has shifted online for everyone, and all at the same time. Moreover, this online existence is not spread out over the work–home–commuting space, but concentrated in one home, fed by a single cable. Under this increased load, problem areas have become noticeable.

For example, one child is on a Zoom conference with friends learning the art of makeup, another is saving the world from killer zombies, your spouse is having a Skype language lesson in the kitchen, and the cat has occupied the bathroom (in offline mode, at least for the time being), leaving your bedroom as your office with very shaky Wi-Fi coverage. There are several ways to resolve this problem, but step 0 is understanding what exactly needs fixing.

0. What’s the problem?

At this stage, you need to identify the specific cause of the issue. Is it really the Wi-Fi signal that’s acting up? Or could it be something else, like a low connection speed from your ISP?

Start with a speed checker such as Speedtest.net or nPerf.com. If you’re getting a great data transmission rate near the router (the box that lets you use Wi-Fi), but awful in the kitchen, then, as admin guys say, the problem’s on your end. In that case, it’s time for another angle — analyzing your Wi-Fi network.

Plenty of apps that determine the signal strength of Wi-Fi networks are available for all mobile and desktop platforms. Just type “wifi analyzer” in any search engine or app store, and you’ll see dozens of choices. Choose one that visualizes the results to help you compare readings in different parts of the home.

If you ran a Wi-Fi analysis app and discovered that in the kitchen your neighbors’ networks are bursting with energy, whereas yours is on life support, that means your Wi-Fi is not doing its job. Don’t despair; the problem is probably fixable.

1. Give it a good kick

The old adage — that when something is acting up you should try hitting it — is often surprisingly effective with wireless networks. We don’t mean you should literally kick your router, but it may well be that the fundamental problem with your home Wi-Fi lies in the specific combination of your home’s layout and where the router actually directs the radio waves.

So, try experimenting with the position of the router and the angle of its antennas to improve coverage. Coincidentally, this is the simplest method, requiring no extra time, money, or specialist know-how.

For example, if your router is located in an alcove or some kind of cabinet, especially a metal one, try moving it somewhere else. Metal is not Wi-Fi’s best buddy, and neither is reinforced concrete.

The position of the router’s antennas also makes a big difference. Google “router radiation pattern” for the theory. Back at the practical level, keep in mind that in most cases the best position for the router antennas is straight up. That way your Wi-Fi router will get the best possible horizontal reach instead of carpeting the floor with valuable bandwidth.

Also check to see if something might be getting in the way. A refrigerator, for example, is an enemy of radio waves, but not one that can be easily shifted. On the other hand, a microwave or baby monitor — operating at 2.4 GHz and competing for the same frequency as the router uses — can be relocated much more readily.

If that doesn’t resolve the issue, it’s time to proceed to more radical measures.

2. Configure the channels

Wi-Fi operates in a set of narrow bands, called channels, of the radio spectrum. Few channels are available, even though the number of devices that want to use them may be great. Therefore, the most popular band — 2.4-GHz — can get clogged with noise from neighboring networks and other devices.

At each reboot or at a scheduled time, the router selects the channel that is most free from interference. It’s comparable to the way a navigation system chooses the route with the fewest traffic jams.

Routers usually handle this task fairly well by themselves, but it’s possible to intervene. For example, you can configure the router to search automatically for the least clogged channels more frequently, or even set them manually. But be careful when doing the latter; spectrum congestion is very changeable, because not only your router, but neighboring ones too are constantly and automatically switching channels.

Some routers additionally allow users to change the Wi-Fi signal strength. Check the router’s settings to see if it’s set to the maximum value, and if it isn’t, feel free to crank it up.

3. Moving to 5 GHz

We’re moving virtually, of course. The 5-GHz band is a more respectable region of the radio spectrum with more, and wider, channels. Moreover, older router models and the cheapest new routers do not support 5 GHz, which is largely why there is less noise, and the information transfer rate can be far higher.

If your current router does not support the 5-GHz band, you can try upgrading to something more modern with support for the 802.11ac standard (aka Wi-Fi 5). That is no longer a luxury; inexpensive models start at about $50.

There’s no need at this point to go for the more advanced 802.11ax (Wi-Fi 6), which is still quite expensive. Upgrading to Wi-Fi 6 is likely to have a noticeable impact only if you have a whole lot of traffic-hungry Wi-Fi devices at home.

Bear in mind, however, that switching to 5 GHz is not a silver bullet. The drawback of a higher frequency is that the signal decays more quickly with distance, and the effective range in larger apartments or houses can be disappointing.

It all depends on what the problem with your Wi-Fi network is. If the 2.4 GHz spectrum where you live is clogged up with other people’s networks, and 5 GHz is available, updating really will help. But if your 2.4 GHz network isn’t reaching your kitchen because of distance and an abundance of reinforced concrete walls, 5 GHz probably won’t cut it, either.

4. Use cables

We’re so used to the convenience of Wi-Fi that we sometimes forget about good old wired Ethernet. Connecting through a cable is often the easiest and cheapest solution to seemingly hopeless Wi-Fi issues.

Using a wired connection can kill two virtual birds: First, it can resolve the problem in a room that stubbornly refuses to admit Wi-Fi; second, if you transfer at least some devices to a cable, the quality of the wireless connection on the remaining ones is likely to improve. Sure, you can’t connect a smartphone or tablet in this way, but it’s perfectly fine for a desktop computer or a smart TV.

If the cables stretched around your home are an eyesore and there’s no easy way to hide them, try a powerline adapter that transmits the network signal through your home’s electric wiring. On the downside, powerline appliances are somewhat unpredictable, and they sometimes refuse to coexist with local electric cables, that’s something to keep in mind.

5. Build a mesh

There’s a whole bunch of other ways to improve the quality of your coverage. For example, you can try installing signal repeaters or replacing the router’s antennas with more effective ones (you’d be surprised what junk is actually inside the impressive-looking horns of a typical home router).

But if the word “decibel” sounds scary, and network device administration is not on your list of hobbies, then it’s probably best to stick to a ready-made mesh-networking kit.

Such kits are available from most major network equipment manufacturers. They consist of a central router and several auxiliary access points. The latter are arranged so that the signal reaches the furthest parts of the house or apartment. With a mesh system, the coverage area of your Wi-Fi network can be as large as you like — it all depends on the number of additional access points.

Unlike with traditional repeaters, the system is managed centrally (auxiliary devices are usually configured automatically), which saves a lot of time and effort. If you can connect the access points to the router via Ethernet, doing so will increase both the speed and coverage area. If not, don’t worry, mesh systems are nothing if not flexible.

Another important trait is fast, seamless roaming. That is, your video call with colleagues won’t be interrupted even if family members expel you from the kitchen to somewhere covered by a different access point.

High-quality roaming on a smartphone or computer requires support for the 802.11k/r/v family of standards. The good news is that this is no longer a luxury; for example, Apple mobile devices, starting with the iPhone 6s, support all three standards.

A couple of set-up tips. For roaming to work properly, your 2.4 GHz and 5 GHz networks must use the same combination of network name and password. As for the Mobility Domain ID/key, there’s no need to obsess or be too clever — it’s just a label for linking network segments (some routers even set them automatically).

A mesh network, of course, carries additional costs, but you don’t have to fork out hundreds for a top-of-the-line kit. Some manufacturers offer routers that support meshing as standard, so you have to do is buy additional inexpensive auxiliary points as and when required. It may turn out that one is enough.

We don’t recommend experimenting with a hodgepodge of mesh equipment from different vendors, so consider the possibility of future expansion when choosing a system.

And may the Wi-Fi be with you!

read more

Travelex Reportedly Paid $2.3 Million to Hackers after Sodinokibi Attack and Data Theft

 
 
 

An unnamed source within Travelex disclosed to The Wall Street Journal (WSJ) that the company paid $2.3 million in Bitcoin in an effort to restore functionality to its systems following a ransomware attack.Travelex was hit with a ransomware attack on New Year’s Eve, and it took a couple of weeks to restore some of its basic services, with the consumer side having to wait until February. The breadth of the attack was staggering, as the hackers infiltrated the company’s infrastructure six months before attacking with ransomware.  

Hackers didn’t just linger around the network. They used the time to exfiltrate valuable information, 5GB in total, which they then used to blackmail the company after deploying ransomware. It’s a new tactic hackers use to discourage companies from using backups to restore functionality instead of paying ransom.    

In the Travelex attack, the hackers used Sodinokibi ransomware and an unpatched critical vulnerability in Pulse Secure VPN servers. Companies were warned about this particular VPN vulnerability, but some companies didn’t update their systems in time.    

While Travelex hasn’t revealed anything about ransom or payments, the initial reports place the sum at $3 million in Bitcoin. Cybersecurity companies and government authorities usually advise against paying the ransom, for two obvious reasons: first of all, paying criminals only emboldens all groups to continue with attacks and, secondly, there’s no guarantee that the hackers will return control.    

Now, a new report from WSJ has revealed that the company actually paid $2.3 million in Bitcoin. However, there’s no indication whether they recouped their stolen data or if payment allowed them to resume operations.  

On top of the ransomware attack, the company also faces financial problems following the COVID-19 pandemic, mainly because its parent company, Finablrm, had to appoint an independent financial advisor that will determine its future.

read more

San Francisco International Airport reveals data breach on two websites

The list of companies and industries targeted by cybercriminals has grown steadily since March, and the newest addition is none other than the San Francisco International Airport (SFO).

In a data breach notice sent to all airport commissions on April 7, airport officials announced that SFOConnect.com and SFOConstruction.com suffered a security incident in which bad actors injected a malicious code to steal users’ login credentials.

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO,” said SFO’s Airport Information Technology and Telecommunications (ITT) director.

The first compromised website, SFOConstruction.com, addresses the airport’s construction project and provides a centralized way for third parties and contractors to bid on new or upcoming construction plans. SFOConnect.com, on the other hand, serves as an employee gateway providing recent airport security news and information on ground transportation units.

Following the investigation, SFO officials do not exclude the possibility of unauthorized access to the platform using employee credentials. As an immediate countermeasure after removing the malicious code, the two platforms were taken offline, and Airport ITT “reset all SFO related email and network passwords.”

The two websites are still accessible outside SFO’s network, but a full website maintenance memo is listed on SFOConstruction.com, with no ETA provided.

All users who have accessed the two platforms within SFO managed networks or their homes using IE browsers (Internet explorer) or a Windows-based devices are recommended to act quickly and change the password used to access those devices.

“At this time, it appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.” As an additional preventive measure, employees should also change any login credentials for other online platforms that use the same password or screenname combination.

read more

Beware of New Wiper Malware Distributed through Free Software / Crack Sites

A new piece of wiper malware is being distributed through warez sites, locking users out of their Windows computers after they unknowingly run the program.As reported by BleepingComputer’s Lawrence Abrams, the malware is apparently distributed through “download” sites that promise free or cracked (read pirated) software, with users on the receiving end seeing their computers’ master boot record (MBR) locked up, preventing it from booting normally.

The attacker, who seems more interested in trolling certain figures in the infosec industry rather than asking for ransom, displays a note stating that victims were infected by Vitali Kremez and/or MalwareHunterTeam, depending on which variant they downloaded.

Kremez and MalwareHunterTeam are well-known figures in the cybersecurity scene “and have nothing to do with this malware,” Abrams writes. Both have taken to Twitter to confirm that they have nothing to do with this attack.

The malware is based on the infamous MBRLocker, a piece of wiper-ransomware that modifies the master boot record of the victim’s computer so that it shows a ransom note before Windows starts and prevents the computer from accessing the data on its hard drive – hence, prevents it from booting.

It is unclear why this malware author is trying to tarnish the names of the security researchers. From the ransom notes shared by Abrams, it seems the attacker is simply a troll.

Never download software from unofficial sources. Use a trusted security solution at all times to avoid downloading and installing malware on your computer.

read more

Think you know how to hide info in images?

You have probably had to conceal information in an image on at least one occasion. For example, the tech support guy didn’t need to see your personal data in a screenshot illustrating your issue. Or you wanted to avoid complaints from a passerby in a wedding shot. Or you wanted to show off your ticket to a long-awaited show on Instagram, but do so with the barcode hidden in case someone else fancied going in your place.

Bear in mind, however, that blurred — and even cropped! — images can often still reveal the very data you wanted to hide. Here are five ways you could leak your own private information without even suspecting it.

Mistake 1: Editing images in Office apps

This is a classic way to inadvertently share personal or corporate secrets. If the image is for a text document or slide deck, the most convenient way to edit it is directly in the Office application. Just insert the image, crop the part you don’t want to show, save the document, and hand it over to the boss or client with a clear conscience.

The problem is that this just changes how the picture appears in the body of the document. The original image remains intact! To see the hidden part, all someone has to do is select the image and then the Crop tool on the Format tab.

Cropped images in Word ...

Cropped images in Word …

... are in fact saved intact

… are in fact saved intact

Good news: You can permanently remove superfluous parts of an image in a document using the Compress Pictures button on the same Format tab. Click it and make sure that the Delete cropped areas of pictures box is selected.

Use the Compress Pictures tool to remove sensitive information

Use the Compress Pictures tool to remove sensitive information

As for black rectangles and various graphic effects, these are of no use at all in Office applications. To see what lies beneath, the recipient can simply remove this superficial artwork.

Anyone can easily delete black rectangles in Word documents

Anyone can easily delete black rectangles in Word documents

Mistake 2: Semitransparent filling

Another handy tool, this time for iPhone users, is the Markup feature in iOS. Want to send a photo from your phone? You can edit it directly in an e-mail or message! And the recipient will not be able to undo your edits. Surely, it’s the ideal hassle-free way to hide information on images?

Sadly not. The reason is that the pen and highlighter tools draw semitransparent strokes. Sure, if you paint over a piece of text a few times, it might look completely hidden. But by playing around with the brightness, contrast and other image settings, anyone can quickly unearth the secret.

Are you sure your hidden text does not show through?

Are you sure your hidden text does not show through?

It is the same story with semitransparent brushes in image editors. All in all, it is better to make sure you’re using 100% opaque tools to conceal data on images.

Mistake 3: Invisible secret layer

To avoid losing secret information in an image entirely, graphic editors can store it in a separate hidden layer. This is a convenient solution for some images. However, posting a picture with hidden layers online is not a great idea, at least if it is in PNG format.

Here is why. When saving an image as a PNG file, the photo editor combines the layers so that they cannot be unglued; however, the information in the hidden layer does not go anywhere — it is right there in the file. And whereas most programs do not display it, in some, for example, the darktable app, simply opening the picture reveals all hidden layers with nothing overlaid.

The same picture opened in different viewers. The lower part of the image was in a hidden layer that showed through in darktable

The same picture opened in different viewers. The lower part of the image was in a hidden layer that showed through in darktable

Mistake 4: Reversible filtering

Graphic filters that distort the image can also spill the beans. Some displace pixels without deleting them, and it is possible to put them back in place and view the image in its original form.

This feature of filters helped police detain a suspected pedophile from Canada. The criminal posted photos of victims online in which his own face was distorted using a swirling effect. Computer scientists were able to unswirl the images to find out what he looked like. The flip side is that cybercriminals too could use this technique to uncover your secret, after you so diligently tried to swirl it out of view.

Of the various image distortion methods, blurring and pixelization, where image info is turned into a jumble of colored squares that cannot be easily rolled back, are considered the most reliable. That said, machine-learning technologies are getting better at recognizing images even if they’re blurred and pixelized.

And if you break the image into unduly small pixels, thinking that will keep your secret safe, there is a chance that someone could glimpse what was originally there. The easiest way to do it is by zooming out so that the pixels begin to merge back together. Try playing with the image below to get the idea.

When using pixelization to hide image info, be sure to play around with the scale to make certain that it does not appear even zoomed out

When using pixelization to hide image info, be sure to play around with the scale to make certain that it does not appear even zoomed out

Mistake 5: Not hiding it all

Lastly, your secrets can become public knowledge if you leave information that points to them. Carefully painted over your name and profile pic on a screenshot of a social network page, but forgot to hide the address bar? Anyone who wants can enter the address and view your profile. Covered someone’s face with a black rectangle, but left a badge bearing their full name? The subject of the photo will not be difficult to track down.

Moreover, a picture isn’t the only thing that can spill secrets; a file’s metadata can as well. For images, that’s primarily information about the time and place they were created, but in some cases, the metadata includes a thumbnail of the original picture, which shows how it looked before retouching.

So, before posting a photo anywhere, delete the metadata. There are many mobile apps and programs for desktop computers that will clean your photos of unwanted information in no time at all.

Just be aware that malware can masquerade as these utilities, so download the tool only from an official source and avoid granting it too many permissions in the system. And, of course, use a reliable security solution that spots and blocks malicious programs.

Good news for Windows users: You can delete metadata from your images without any extra software. Here’s how:

  • Right-click on the file.
  • Select Properties.
  • In the window that opens, click the Details tab.
  • Click Remove Properties and Personal Information.
  • Choose whether you want to delete the metadata permanently or create a copy of the file without it.

Bonus track: Whoever seeks shall find

Anyone desperate to learn your secret will try to extract it even from a well-censored image. For example, if you blotted out each word separately, they might try to guess the text by their number and length, or recover a small part of the distorted region that can appear around a black rectangle when the image is saved in JPEG format.

These are complex and highly unreliable methods, so the casual viewer of your Instagram is unlikely to use them. But if the information in question is extremely sensitive, such subtleties should be kept in mind.

How to hide secrets properly

To prevent sensitive info in an image from becoming public:

  • Edit pictures in a photo editor and use only redacted images in Office documents.
  • Make sure that the tool you use to paint over secret information uses 100% opaque filling.
  • If you prefer blurring or pixelization, check thoroughly that the result doesn’t reveal the secret, say, by the shape of the letters.
  • Before posting, make sure no other information in the picture could reveal what you want to hide, and thoroughly conceal e-mail addresses, URLs of social network pages, unusual tattoos, name tags, and other such potential identifiers.
  • Delete metadata. If for some reason you want to keep it, make a separate, “clean” copy of the file for posting.
  • Always think carefully before uploading a picture with sensitive information. Maybe Instagram can survive without a photo of your plane tickets?

read more

8 mistakes nearly every small business makes, and how to fix them

Even if your business is a small bakery, it won’t get far without a computer. At the very least, selling and buying these days is not possible without a computer, so not having at least one is unimaginable — not to mention mobile devices, which are not just ubiquitous but essential. Therefore, anyone starting a business had better be able to handle modern technology. Here we discuss the most common cybermistakes we’ve seen from budding business owners.

1. Passwords on sticky notes

Funny — ironically funny — but still unfortunately true: Passwords to all kinds of resources shared across organizations often end up scribbled on sticky notes and stuck to employees’ displays, where any casual office visitor can see them. The consequences depend very much on what resources the password unlocks — your website host, the accounting system, or the computer that stores the customer database — but the typical result of such carelessness is stolen information or money.

Solution: Ensure every office computer and every employee’s computer and mobile device is protected with a unique password. Use a password manager to avoid weak, reused, and forgotten passwords. Users of our solution for small offices can use the same license code to activate our password manager as well.

2. Shared passwords

Another thing about passwords: Keep them private. When some employees have more access rights than others, they sometimes share, for convenience or by necessity. “Hey, Chris, I’m in bed with a cold. Would you send a file from my computer to the boss? Here’s my password.” Later, Chris quits in anger, and even if her password is revoked promptly, she knows the other guy’s login credentials and can wreak havoc.

Solution: Emphasize the importance of password security to staff, and use two-factor authentication wherever possible.

3. Simple passwords

If the password to your accountant’s e-mail is password123 or the like, cracking it on a simple home computer takes about six seconds. Something like MyPaSsWoRd123 takes two days to crack, and that’s not at all secure either. However, even something like P’@’s’s’w’0’r’d or something like that would take more than 10,000 years to crack (at least, without access to data-center-level computing powers). A cybercriminal trying to brute-force that password doesn’t have that kind of time to spare.

Solution: Passwords also have to be different from one another, which makes them just about impossible to remember. Employ some sort of mnemonic rule or install our password manager and forget it all with a clear conscience. Truth be told, even complex passwords can be leaked, so you should turn on two-factor authentication everywhere you can, which offers you protection in the event of a leak.

4. No backups

Your databases, your accounting records, your all-important tables, and your other indispensable documents are stored somewhere, be it on a personal computer, on a server, or someplace else. To be safe, copy them regularly to another location as well; then if a hard drive dies, or a server is compromised, your files should still be safe. Your website needs regular backups as well.

That said, making backups is a drag, and easy to put off. You really need to make backups, though, and often. No one expects an emergency, but one day, the janitor will pull out the power strip, or the hard drive (and the account system database on it) will break down, or malware will lock your critical files. Will this happen tomorrow or in one year and thirty-three days? No one knows, but we’d bet whatever the “something” is, it’s not something anyone anticipated. Your current janitor may be very careful, but what about his eventual replacement? Accounting may have all new computers, but every hard drive has a life span. What if a pipe bursts right above your server room? The point is, you can prepare for all sorts of possibilities, but no one expects the unexpected.

Solution: Back up important data and update all firmware and software regularly, which at least will minimize the number of holes in the system and software through which someone uninvited can get into your network. Use a dedicated backup solution. If you already use a Kaspersky Small Office Security, then you already have a  secure backup automation utility as well.

5. Forgotten access rights

Employees and companies often part ways on less than the best of terms. If a website developer, for example, quits in a huff, they could potentially delete parts of the site. Access revocation is a critical part of any separation, but even before that, limit employee access to those resources they need for their work.

Solution: Whether a member of staff quits, changes position, or is asked to leave, immediately assess their rights and revoke or transfer as necessary.

6. Default settings

Even a bakery needs a router. Did anyone set yours up properly? In lots of cases, an ISP employee’s priority is just to get you connected, so they key in the ISP’s settings and call it a day. But default administrative login and password combinations leave your network essentially open. Getting hacked and being added to a botnet is not the worst that could happen. For example, someone might install a sniffer — a tool that scans all of your traffic — at which point no complex passwords will save you. In a nutshell, it is vital to change the default settings on routers and other network devices and it is just a good thing to do so for every other device.

Solution: Set up your router and network appropriately. It’s not a fun task, but it’s quick. At a minimum, change the administrator name and password, but also take a moment to make sure your network uses WPA2 encryption and disable remote management of the router, and check for (and install) any available firmware updates.

 

7. Lack of antivirus protection

It’s tempting — and popular — to think you’re too small to be a target. Other delusional excuses include: “I’m smart and safe, so nothing bad will happen to me”; and “I have a Mac, so I won’t get infected.” Being smart and using a more secure system targeted by fewer malware programs is good. But all of your employees should be smart and safe — and malware is only one of many dangers. At the very least, consider phishing, which is every bit as risky to Macs as it is to Windows, not to mention immensely popular with scammers attacking organizations.

Solution: Install and configure a strong and reliable security solution such as  Kaspersky Small Office Security. Set it up to check for and automatically install updates. This solution specifically designed for small businesses has an antiphishing module that will help you avoid Web pages aimed at stealing your login credentials and other data.

8. Uninformed employees

The first step is understanding that you have a problem; employees who aren’t well-versed in modern security protocols are unlikely to advertise the issue — if they’re even aware of it. So, good job identifying a big problem! However, unless you pass your knowledge on to everyone working alongside you — in an understandable and actionable way — one of them will end up being the weak link.

Solution: Train existing employees, and new ones as they arrive. The basics of safe digital literacy include not opening e-mail attachments from unknown senders, not following links without checking their targets, using reliable cloud services with two-factor authentication for sensitive data, not downloading software from unreliable or illegal sites, and so on. No time for training? Use an automated learning platform.

read more

Social Engineering Red Flags

If I had to pick the most important hint, the single most suspicious red flag to me is a strange-looking hyperlink which does not directly point to a valid, trusted domain; especially if it goes out of its way to fraudulently appear as if it points to a legitimate domain or trusted brand (e.g., microsoftustechsupport@outlook.com, techtalk@google.com.rogueserver.biz, returns.amazon@amazongproducts.ru, etc.). I think teaching people to always hover over ANY URL links and how to recognize bogus links is one of the single best training topics possible. If you can teach this single skill, you’re going to stop a lot of phishing from being successful.

The second most important sign is simply recognizing unexpected requests, which if performed, could lead to something bad. It could be a request to do many different things, including:

  • Open and read a document
  • Click on a link
  • Visit a website
  • Provide login credentials
  • Process an invoice
  • Change banking or payroll information
  • Buy gift cards

Stressor Events

Most phishing emails contain a “stressor event”, which is a statement from the sender that if the user doesn’t perform the requested action now, then there will be very negative consequences. For example, the invoice has to be bought now or the important business deal is off; or your password must be verified now otherwise your account will be permanently locked. Train your employees to spot stressor event requests and how they should make them stop, look, and think before acting.

In order for training to be effective, it must be done more than once a year or once a quarter. Ideally, training should be done at least monthly to get the most bang for the buck. We know that security awareness training is best when done at least once a month along with simulated phishing campaigns to test your user’s ability to spot potential phishing emails. Organizations that do this routinely take the percentage of users who will click a phishing email from about one-third or higher to about 5%. That’s a HUGE decrease in risk!

If you haven’t seen or used our Social Engineering Red Flags PDF, I encourage you to download and distribute.

read more

Elasticsearch Database with 42 Million Records of Iranian Citizen Found Exposed Online

An Elasticsearch database holding 42 million records of Iranian Telegram users was found on the web, for anyone to access. The private data included phone numbers and user names, and it’s unclear how long it was exposed.

Despite heavy restrictions targeting the Telegram app in Iran, it remains one of the most-used communication platforms in the country.
Its end-to-end encryption technology allows users to talk among themselves
without anyone snooping on the conversation.

The fact that Telegram is open source is a problem, in this situation, because a number of forks have appeared in Iran, and some people
choose to install those instead of the official app. These forks are not as
secure, and the data they collect could end up the wrong place, which is
exactly what happened in this case.

The database was found by Comparitech and security researcher Bob Diachenko. Telegram confirmed that the data comes from third-party forks of their apps.

“We can confirm that the data seems to have originated from third-party forks extracting user contacts,” the company said. “Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram
apps are open source, so it’s important to use our official apps that support
verifiable builds.”

It took 11 days for the database to be taken down, but the researchers say the data was accessed by other parties, including a hacker who reported the information to a specialized forum.

The database contained account IDs, usernames, phone numbers, and hashes and secret keys. The good news is the hashes and keys can only be accessed from inside the account of the user they belong to. It’s also
unclear what entities control the Telegram forks in Iran, and whether they are private or state-owned.

read more

US Warns People that Zoom-bombing Is a Crime

Zoom-bombing, the act of highjacking Zoom video conferences by sharing pornographic and hate images among other things, might seem like an annoying practice, but law enforcement is warning people that it’s actually a crime and perpetrators might end up in prison.

Ever since the COVID-19 pandemic sent people at home, the use of teleconferencing software such as Zoom has exploded. The Zoom team is
now trying to deal with the security problems that seem to keep cropping up, and they have even suspended the addition of new features for 90 days just to focus on securing their platform.

Just a few days ago, the FBI warned companies and the general public about a new practice called Zoom-bombing. People invade ongoing video conferences and share disturbing images or use foul language. A couple of Massachusetts-based schools reported this type of
incident.

Now, the Department of Justice, through the U.S. Attorney’s Office for the Eastern District of Michigan, warns people who might
attempt to interfere with the use of video-teleconferencing (VTC) platforms,
such as Zoom, that it’s a crime.

“Michigan’s chief federal, state, and local law enforcement officials are joining together to warn anyone who hacks into a teleconference can be charged with state or federal crimes,” states the advisory from the Department of Justice.

“Charges may include – to name just a few – disrupting a public
meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications.  All of these charges are punishable by fines and imprisonment.”

The Zoom team already implemented a number of measures to
curb this problem, including disabling the user’s option to scan to public
meetings. Using a password for meetings is also now the default setting for new sessions.

It’s also a good idea to lock meetings after they start, to restrict the use of screensharing to host-only, and to enable the Waiting Room function that allows the host to see who’s trying to join. Lastly, users should never publicly share links for the meetings or login credentials.

read more