Hackers Target Cloud Services in the New Normal

hackers target cloud services in the new normal

Many employees all over the world have benefited from the recent pandemic’s ability to push millions into working remotely from home. With decreased commute times and the ability to work in a more casual environment, many employees are probably hoping to continue to work remotely for some time to come. While employees may be happy with their working arrangements, the different working environment presents some definite challenges for those working in the area of technology security. Always operating as opportunists hackers target cloud services and the influx of remote workers, hoping to find a way into the cloud in order to steal data and wreak havoc, which in turn increases costs and/or headaches for organizations.

The Target

Hackers know where to find golden information and with remote users, the gold is found in the Cloud services they use. According to recent stats gathered by McAfee, attacks on Cloud services increased by 630 percent between the months of January and April of this year! It doesn’t take much to conclude that this phenomenal number of attacks coincided with the explosion of businesses across the globe who shut down their offices, thus leaving employees with working from home as their only option. 

How Hackers Attack Remote Users

Generally speaking, hackers attack remote users in two forms. Of course, virtually every computer task begins with a user entering in their login information. If a hacker can gain login information from someone working remotely, it is that much more difficult to detect if the login is coming from a legitimate remote worker or if the user logging in is a threat to the company. With remote workers sometimes living long distances away from where their physical office building resides, or if they decide to go to a vacation home or to a relative’s home in another state, it is almost impossible to determine whether a user is legitimate or not based upon geographical location.

The second form of attack which is sometimes easier to spot, has been given the name of suspicious “superhuman” logins. This occurs when multiple login attempts are noted in a very short span of time from regions scattered throughout the world.

For companies who don’t have any employees working across the globe, these types of logins are fairly obvious to spot as suspicious. However, for companies who do have staff members distributed throughout large regions, these types of attacks can still present a challenge.

Solutions

Thankfully, there is a relatively easy solution already available that can bring successful login hacking attempts down to almost nil. Two-factor authentication procedures are essentially a must for any company that has employees who work from home. When an employee has to verify their login by entering a code sent to their phone, this eliminates virtually anyone attempting a break in by way of the login process.

Of course, employers must also train their remote-work employees to be extra diligent in discerning whether someone truly is who they say they are. Hackers can easily find out which businesses have closed their public offices and often businesses will list key personnel along with their email on corporate websites.

Under these types of circumstances, it would be easy for a hacker to impersonate someone in the company, then send a phishing email that looks like an official email from someone high up in the company, to an employee working remotely at home.  Companies can address this by instructing employees to verify identification by phone, prior to releasing any sensitive data or monetary funds. 

If you would like to know more about keeping corporate data safe and secure while employees are working from home, please contact us!

6 Cyber Security Must-Haves for Remote Work

6 cyber security must haves for remote work

The quick transition to remote work that many companies have had to make has revealed security risks that IT professionals are not able to monitor or correct as closely as they would be able to when employees work in-house. To mitigate these risks and protect data, employees will need to follow cyber security best practices and abide by the requests made by IT. Fortunately, skills and security measures like the following that employees will need during these times help not only their employers in the present but protect them from personal security risks in the future. 

Secure Wi-Fi

The convenience provided by an open wireless network doesn’t mitigate the risk of sensitive data falling into the wrong hands, and this applies to personal financial information as much as it does to data relating to work. Employees will need to secure their home wireless networks with the most advanced protection available to them. Users should also have the latest firmware.

Encrypted Traffic

IT departments can consider a virtual private network, or VPN, on top of secured wireless networks to encrypt all traffic data. There are downsides to VPNs, however, including slower connection speeds. Some users may not like that their employer can monitor their network usage with a VPN, either.

Phishing Prevention

It doesn’t matter if a company uses the most advanced security software or the most impenetrable hardware if the user is the weak point. Employees should undergo training to detect and avoid phishing scams and their various modes — phone, text, and email —  before working remotely, even if they’ve already issued this training in the past.  All it takes is a careless click to give access to a user’s login information.

Fortunately, modern security software can even warn about potential phishing attacks.

Smart Password Usage

Not only is it risky to use the same password and username for multiple websites, but choosing simple passwords that are easy to crack also puts a user at risk. Because users won’t necessarily opt for best practices such as strong passwords that they periodically change, companies should ensure that their software systems require these password security measures and even use password managers to generate and store strong passwords. Businesses should also encourage two-factor authentication, which requires that users enter a second code that is typically sent via email or text, to log in.

Company-Issues Devices

Many of the risks listed above can be minimized when a company issues devices that prevent unauthorized changes and have the appropriate software installed so that employees have all the resources necessary to complete their jobs. Sending employees home with company devices keeps sensitive data away from personal devices, which may be less secure and more likely to be compromised, and companies can install enterprise-level security software to prevent malware and phishing attacks. 

If this is not possible, companies should set standards for which devices can be used, including software and hardware requirements, to ensure the devices being used are as secure as possible and to avoid the risk of “shadow backups” to personal cloud storage accounts.

Data Backup

Assuming that users abide by cyber security best practices and a company’s software is set up securely, there is always the risk of hard drive or another mechanical failure, which is why a company must have a plan in place to back up data. Many companies opt for cloud storage, a solution that is especially useful when the office is inaccessible; however, some choose physical servers that their IT team members maintain themselves. 

Companies that want to increase cyber security measures for remote workers or ensure that their systems are secure enough for telecommuting can contact us for a cybersecurity analysis.

Also, check out our cabling services!

Secure Email Solutions for Your Business

secure email solutions

We certainly live and work in challenging times these days. With an acceleration in hacking attempts, data thieves, etc. since the beginning of the pandemic, it’s more important than ever for companies to ensure they are doing everything they can to protect themselves from potential security issues. Of course, one of the ways that users are communicating with each other and their clients even more, is by way of email. Whereas before an employee may simply have walked over to a co-worker’s desk for a work-related conversation, now many employees are working remotely, thus increasing the likelihood they may be exposed to a security threat. If they haven’t already done so, now is the time for companies to review the options for secure email solutions.  

Layered Solutions  

As the title of the article implies, it’s not enough anymore to have one security solution. Companies must think in terms of multiple security solutions, and that means layering their security coverage. In terms of email security, it’s not enough anymore to rely only on the security tools provided by the email giants such as Google or Microsoft. While these companies do offer basic types of coverage that provide some protection, smart organizations are wise to consider adding another layer of protection for their email correspondence, by way of a third party vendor that specializes in cloud-based email security.

What to Look For

When looking for third party security packages, a good solution will encompass several key components in order to address several email-specific security vulnerabilities.

Ransomware Attacks

Ransomware is a type of malware that takes over and encrypts a victim’s device or information, and it is becoming an increasingly popular type of email attack. A good email security solution will outline how it stops these types of attacks before the hacker can follow through.

Internal Threat

With more and more employees working from home, it does become more of a challenge for companies to track their employees and their actions. Whether by accident or a deliberate attempt by a malicious employee to expose sensitive corporate data, a third party email solution can block outbound email-based connections before they occur.

Spear Phishing

Hackers often use tactics such as spear phishing in an attempt to confuse an employee into clicking on a malicious link. Many hackers will take a substantial amount of time to study a company. They then attempt to impersonate someone either high up in the company they want to exploit, or someone from another other business or vendor with which they work closely. Employees not used to working remotely may feel someone isolated and alone, and just enough out of their routine to click on a link that seems legitimately sent by someone in management, when it’s not.

A good third party email solution will employ custom security controls based on correspondence patterns, location and normal activity, thus preventing employees from trying to follow through on an unusual request.

Benefits 

Third party software security applications can save both regular employees and IT team members from having to manually fend off spam, malicious attachments, dangerous file types and suspicious impersonation attacks. In addition to reducing the amount of time that employees spend on these types of threats, they also have other benefits. Cloud-based email security solution packages can provide email backup and recovery, in addition to streamlining the management, availability, and retrieval of emails through cloud-based archiving. Some companies also find great benefit in the ability of a security package to handle e-discovery and compliance issues by offering specialized tools to meet their regulatory requirements.

We’re Here to Help

If you need assistance in reviewing the current level of email security protection in your organization, we can help.

Contact us today for more information on how security layering can provide the protection and peace of mind your company is looking for. 

Coronavirus Email Scams – What to Look Out For

coronavirus scams to look out for

Unless you have very good spam filters on your email, you have probably already noticed that criminal elements are switching over to coronavirus email scams. You have probably had at least one ad for protective masks get through. Criminals are also likely to approach individuals and businesses who are desperate for money and information alike.

Here are some scams already circulating:

Fake Home Testing Kits and Shady Treatments

Companies are advertising home testing kits (none of which have been approved)  or treatments. In some cases these treatments may be or purport to be drugs mentioned in the news. Herbal supplements of doubtful efficacy are also on offer. Everyone wants to protect themselves and their loved ones from this horrible disease. Oh, and no, colloidal silver will not work. Nor will fish tank cleaner. (Do not attempt to self-medicate for COVID with some treatment you heard about on the internet. Talk to your doctor).

Fake Emails from the CDC, WHO or Other Experts

Unless you have actually subscribed to a mailing list (Johns Hopkins has a decent one), the CDC, WHO, and other organizations will not email you COVID related information. Don’t click on links in emails that purport to provide such information; they could be malware. Or they could lead to dangerous information, or to alarmist theories that will make you even more inclined to stay home. Do your own research to get the right information. There’s also been at least one incident of an email purporting to be from the World health Organization that downloads an attached document. Needless to say, it’s malware.

Charity Scams

With a lot of people experiencing financial hardship, the charity scammers are, of course, out in force. Donate only to registered charities (Use Charity Navigator for research) or to people you personally know, not to random GoFundMes on the internet. Pay by credit card, or a reputable payment processor, not gift card or wire transfer.

Stimulus Check Scams

If you are eligible for the stimulus check, you will receive a direct deposit or the check will be mailed to you if they don’t have your bank account on file. This is automatic. Some scammers have been trying to get people’s bank account, or asking for a fee to expedite these checks. This is also happening in the UK, where scammers are promising to get government money fast, in some cases from programs that aren’t fully established yet.

Robocalls

The robocalls have switched to offering cheap, scammy health insurance or other COVID-related stuff. As always, hang up on robocalls immediately or, better yet, let them go to voice mail. Never press any buttons; all that does is tell them they have a legitimate number to sell to other robocalls. The FTC has been taking action but, as usual, the robocalls are hard to stop.

Non-Existent Goods

Scammers claim to be selling in-demand products, such as masks and toilet paper. Victims place an order only to have it never show up; the goods likely never even existed. Always check sellers by searching on their name plus words like “complaint,” “review,” or “scam.” If it’s possible to order from a company you are already familiar with, do.

Misinformation

Given how little we know, even well-meaning people are spreading misinformation. This has led to things like people buying up horse wormer because it might be effective (albeit not in horse doses…) against the virus. People have already died from self-medicating with so-called cures. Information that indicates something will protect you against COVID could result in you putting yourself and others in more danger, while alarmist “information” can have a mental health impact. As already mentioned, check everything with reputable sources.

It’s unsurprising that criminals would take advantage of the situation. We all need to be careful and avoid being caught out by these scams, many of which are variants on existing issues. If you need more help protecting yourself and your employees from coronavirus scammers, contact 4 Corner IT today.

New York Cyber Security Study is Scary

the federal reserve bank of new york cyber security study is scary

If there is one industry where both organizations and consumers alike would want the most stringent levels of cyber security, it is likely the financial services industry. The fallout of even one successful hacking event attempted on a bank, a credit card company, a credit reporting agency, has far reaching consequences for both consumers and the smaller companies that interact with these financial entities.

According to the Federal Reserve Bank of New York’s recent report, “Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis“, firms associated with financial services are 300 times more likely to encounter a cyber attack within any given year, than other firms in other industries. This should be a wake-up call to all of the smaller organizations who depend upon the integrity of the data they receive from these larger financial institutions. While smaller firms have no control over the larger financial entities they interact with, there are steps they can take on their end to stop a cyber disaster in its tracks before it reaches their internal systems.

Maintain System Updates

Hackers are continually on the lookout for outdated systems, browsers, and other types of software that make it so much easier for them to penetrate a computer system. Every organization, whether related to financial services or not, should have a comprehensive plan that includes keeping track of all their various types of software and applying any software updates in order to stay abreast of the latest versions, patches, etc.

Regular Vulnerability Testing 

It’s not enough to hire a technology firm to do a one-time-only penetration and vulnerability test to look for weak areas in an internal computer system. Software changes continually and vulnerabilities can occur in areas that were previously deemed safe. Financial service organizations need to conduct regular vulnerability scans and penetration testing to ensure previously safe systems are still secure.

Harden Emails 

Hackers love to target email servers because it allows them an opportunity to gain access to internal email accounts and pose as employees in the organization. Malicious hackers can then ask for confidential information from another employee, who doesn’t realize they are interacting with a cyber attacker. Hackers can also send out emails to an organization’s clients and infect their networks with malicious code. A financial services company that does not harden their email activity, runs the risk of exposing confidential or sensitive data to bad actors and/or receiving a poor reputation within the financial services community for passing on a cyber security attack nightmare to their clients.

How to Stay Safe

It is possible for even smaller financial organizations to secure their computer systems to prevent the chaos that occurs from a cyber attack. While smaller firms may not have the resources to hire a full-time IT professional, there are IT management companies that offer security services to their clients. By hiring an external company to provide cyber security, even smaller firms can have access to professional management of their data without adding the burden of investing in a full-fledged IT department.  

Small firms who hire these types of IT companies should expect them to create a comprehensive plan detailing how the IT firm plans to secure the client’s data. An external IT firm can analyze their client’s computer resources and make suggestions on how to protect critical, sensitive data from becoming vulnerable to attack both from within the company and from without. At the very least, the three key points of maintaining system updates, regular penetration testing, and securing email traffic should be part of the IT company’s security plan. 

If you need help securing your financial service-related or any other type of organization, we can help!

Please contact us today for more information.