How to Prevent Data Leakage with Microsoft Data Loss Prevention

Businesses using Microsoft Office 365 have new options to prevent data leakage from their business. Whether a company frequently handles sensitive information like patient information or wants to clamp down on sharing personally identifiable information (PII) via e-mail, the Microsoft Data Loss Prevention (DLP) tools can help. A brief overview of the DLP capabilities will show why businesses that operate in industries with a lot of regulations need to deploy their IT team to shore up their defenses.

Microsoft DLP—Identifying Shared Information

The Microsoft Data Loss Prevention tools are a system within Office 365 that reads the information that you input in the Microsoft cloud software such as OneDrive, SharePoint Online, and Exchange Online. Also, the DLP can be applied to offline sources for added security.

Essentially, an IT team sets up the DLP to process all the data that you send through these systems and flags information that you do not want to be shared. The toolset can identify credit card numbers, social security numbers, and other forms of PII.

The system can be localized to the country in which a company operates as well as those with whom they do business. For example, the system can be set so that Australian ID numbers and American ID numbers can both trigger the security protocols, protecting a wider swath of data without burdening the system with data that would never be used.

Each business is in charge of establishing the parameters that they would like followed as well as the desired results when the information shared does produce a red flag.

The system can be set to remove a file with PII or disallow the communication from going forth. Furthermore, the system will send messages to the appropriate members of management to provide documentation about the attempts to send out information.

DLP is easy to set up with the help of trained IT team members, and it goes into effect in less than an hour after establishing parameters.

Monitoring and Educating Employees

The vast majority of employees do not want to contribute to a leak of personal information for the people they serve or those they work with. However, there are still internal data losses every year where people within a company unwittingly give away valuable data.

As previously mentioned, an IT team can work to establish specific parameters for data sharing. These DLP parameters can identify when PII or other valued information is shared internally and externally in Microsoft software.

Not only will utilizing DLP tools cut down on the frequency of leaks, but they will give management the tools they need to teach workers about their specific vulnerabilities and how to prevent them from happening in the future.

Using Microsoft DLP to prevent data leakage is a step that every business operating with Office 365 should take. Simply identifying the types of information you do not want to be shared and enabling the parameters and alerts for data can prevent many common problems from occurring. The result is your company will identify which employees are responsible for data leaks so they can be properly re-educated and save information from falling into the wrong hands.

The Android Botnet that Victimized Consumers and Advertisers

The Android Botnet that Victimized Consumers and Advertisers

“If it sounds too good to be true, it probably is.” Unfortunately, over 65,000 users neglected to observe this time-honored adage and proceeded to download a “free” app that came with the promise of among other things, a free pair of tennis shoes. Before it was all over, the online criminals had spoofed over 5,000 Android apps that in turn, downloaded an ad fraud botnet onto on over 65,000 devices. The botnet was also responsible for more than 2 billion bid requests. Yes, that’s billion, not million.

When Did It All Start?

The attack, now codenamed TERRACOTTA, began in late 2019 when a family of apps listed on the Google Play Store, offered users an opportunity to download an app in exchange for a free pair of tennis shoes, or in some cases, items such as event tickets, coupons, or even expensive dental treatments. For those who opted for the tennis shoes as their free gift, all they had to do was fill in their name along with their address details, select the shoes they wanted and in 14 days time, the shoes would be mailed to their front door. Incredibly, there were no strings attached. 

Since initially many users gave the apps a glowing 5-star review, others were likely encouraged by such positive feedback and eager to download an app and then part with their personal information. As time passed and not a single user claimed they received free tennis shoes, the 5-star reviews understandably turned negative. 

How Did They Do It?

The ad fraud botnet used in all the apps silently loaded ads in the background, and this is what made this family of apps completely different from other apps that have used somewhat similar tactics in that they bombarded users with unwanted, but obvious ads.

The entire family of apps used in the exploit were not reported to the Google Play Store as being supported by ads. Since no users ever reported seeing any unwanted ads, the apps were able to do their work under the radar. Further analysis showed no monetization mechanism and the analysis confirmed that no ads were ever shown to users. Using these clever ploys, the apps were able to deceive users on Google Play Store until the final week in June 2020.

Exploiting Advertisers

In addition to defrauding the average user, the apps also contained malware that deceived advertisers. Beyond the 14-day window of shoe delivery that of course never occurred, the apps acted as a delivery platform for other functionality that initially remained dormant.  

Eventually it was discovered the other functionality consisted of a customized Android browser that was packaged beside a control module written in the popular React Native framework. After being loaded on the phone, the customized Android browser was used to create deceitful ad impressions. These were then purchased by advertisers who bought them in the digital advertising ecosystem. 

Expert Exploitation

Those committing the fraud made use of several techniques that allowed their malware to remain undetected for quite some time. With their clever 14-day “waiting period”, it allowed them to leave an app that had no real functionality for an extended period of time on countless phones. By waiting a lengthy period rather than immediately exhibiting bad behavior, it made it much more difficult for users to connect downloading the malware-loaded app with unwanted behavior that occurred much later. The lengthy waiting period also negatively affected cybersecurity analysis since the apps required observation for an extended period of time in order to finally detect the exploitive behavior. Those in the anti-virus community simply were not prepared for malware that remained dormant for such a long period of time. 

A Cautionary Tale

The clever exploitation described above should be a cautionary tale for companies who may not be well-versed in how to effectively train their employees to spot such deceitful malware. If you would like more information on how to protect your company’s portable devices and other hardware and software from exploitation, please contact us.

Documenting An Information Security Policy During the Pandemic

Documenting An Information Security Policy During the Pandemic

The work environment that many organizations have today looks entirely different from the working environment they had pre-pandemic. Thousands of organizations now have their employees scattered throughout large geographical regions in environments that are not under the employer’s direct control. While the option to work remotely has saved many a company from going bankrupt, it also vastly changed both the physical and technological environment in which staff members work. While outwardly many organizations seem to be working from home fairly successfully, it is possible that their official information security policy looks exactly as it did before the pandemic, if they even had one at all. That is why documenting an information security policy during the pandemic is so important.

Starting Anew

Whether an organization had a previous ISP (information security policy) or whether they now realize they should draft one, the steps they must take to create one will likely be fairly similar since the working environment has changed for so many companies. The first step in drafting an ISP is to consider the scope of one’s business. Some organizations may interact with many vendors and/or suppliers, or they may only have a few. Other organizations have large customer or employee bases, or some combination thereof. Whatever the scope, companies must consider all the different components that could be affected by their new information security policy.

The next step is to set objectives in order to establish the overall direction of the policy, including factors such as legal, regulatory, business, and contractual security requirements. As those in charge of creating the policy gather information about the company’s operations, they must consider the structure of their risk assessment as it relates to the area they are evaluating, as well as use appropriate criteria in order to properly evaluate security risks.  

Drafting the Policy

While each organization’s ISP will be unique, there are a few standard points that most businesses will likely put in their specific policy. These items include enforcing a password policy where users must meet certain requirements such as password length, the type of characters required, and how often the password must be changed.

Other key points will likely include the requirements for handling data from third-parties, employees, and customers, along with establishing guidelines that outline what employees can and can’t do, with regard to actions such as internet usage and accessing controls. Some organizations may want to take their internet security policy one step further by ensuring their new policy adheres to certification programs that pertain to their particular type of industry, or technological certifications.   

Who, Where, What, Why 

A finalized internet security policy may not be that lengthy. In fact, a company’s ISP may not be longer than a page or two, however, it will answer some essentials questions such as who issued the policy — meaning it is under their authority. Other questions the policy will answer include where the policy applies such as specific departments and/or locations, what the overall goal of the policy is, as well as company-specific security issues it addresses.

Lastly, it will also answer the question as to why a new policy was needed. In most cases, this will be a statement discussing how the ISP will help ensure that a business continues to protect their sensitive data while operating under a new working environment. In addition, the new ISP is intended to safeguard the continuity of the organization, while maximizing their ROI.

Summary

The world-wide pandemic forced many businesses to make drastic changes in the way they conduct their business practices, including how they secure their corporate data, along with their hardware and software resources. Although creating an ISP for their new way of operations may represent a challenge during this time of uncertainty and upheaval, informing employees how to safely navigate through their new circumstances is essential for a successful future beyond the pandemic. If you would like more on how to create a corporate ISP for your new working environment, please contact us.

350,000+ Personal Data Exposed After Preen.Me Attack

350,000+ Personal Data Exposed After Preen.Me Attack

It’s the rare business that can survive without marketing and social media efforts, so when a social media marketing company like Preen.Me comes under a cyber attack, it invariably adversely affects many, many interested parties. And with Preen.Me’s recent hack, that’s exactly what happened. Over 100,000 social media influencers have had their personal data stolen because of their connection to Preen.Me. In addition, over 250,000 social media users have had their personal data exposed on a deep web hacking forum from their use of ByteSizedBeauty, a Preen.Me application.

While Preen.Me primarily focuses their marketing efforts on beauty-related content, meaning many other types of businesses were spared, that does not provide any comfort to those whose primary business is related to personal care. Preen.Me boasts big-name customers such as Unilever, Revlon, St. Ives, and Neutrogena, who in turn interact with large customer bases. 

In this post, we will outline how the attack was discovered, the data involved, and discuss the level of sophistication that hackers and data thieves can employ in their efforts to exploit, steal from, and harass innocent parties.

The Discovery  

RBS, a world-renowned leader in cyber security, first discovered the Preen.Me leak on June 6, 2020 after they noted a known threat actor posting a message on a deep web forum about their recent hacking efforts. The attack was confirmed by the actor on the same day when they shared stolen information from 250 beauty influencers on PasteBin. PasteBin is a content hosting website service that allows users to store text on their site for set periods of time. The hacker also threatened to release the personal information of 100,000 records he/she acquired. However, as of this date those records do not seem to have been released.

The Data at Risk 

The affected clients of Preen.Me are social media influencers involved in the beauty industry. Of course, their social media efforts lead them to collect information about their followers as well. Information from both side of the equation were affected, with the threat actor exposing personal information of the media influencers such as home addresses, phone numbers, email addresses, names, and social media links. In addition, some of these social media influencers have over a half million followers, potentially exposing their information as well.  

Further Exploitation

It wasn’t enough to steal such a large amount of data to potentially hold Preen.Me for a ransom amount. On June 8th, the hacker released detailed information of the over 250,000 users of Preen.Me’s application, ByteSizedBeauty. The details include their Facebook name, ID, URL, and friend’s list, along with their Twitter ID and name. Personal information was also leaked, including their email address(es), date of birth, home address, eye color, and skin tone. 

Also found in the stolen database dump, were 100,000 user authentication tokens for social media, along with a small number of possible password hashes, and a data table consisting of over 250,000 records containing user names, email addresses, customer names, and auto-generated passwords. 

Doxing so many users of Preen.Me’s marketing tools and applications leaves all of them exposed to significant issues with spam, harassment, and especially identity theft. It remains to be seen if the hacker has accomplished their entire “mission” or if they are planning to further exploit Preen.Me and/or their clients. 

A Cautionary Tale 

Preen.Me’s recent attack is a cautionary tale for every other entity that uses the world wide web. Hackers can take very personal information and hold it for ransom, or they can release it on the dark web and allow others to commit further criminal acts against innocent affected parties. Organizations must take technology security seriously and understand their security efforts are not just protecting their own data, but the private data of clients who entrust them oftentimes with very personal information.

If you would like to know more about how to protect your business and the sensitive data of your clients from cyber hackers, please contact us.

Why Your Business Should Undergo a Digital Transformation

IT Service Management

While most companies recognize they should at least have a web presence online, there is so much more technology available to help them become more efficient and provide improved customer service, as well as offering something they may not have even realized, this being better decision-making. With companies getting more and more competitive, it’s becoming more important than ever to take advantage of any and all opportunities to remain in the forefront of the pack.

Why a Digital Transformation? 

In order to determine why a company would want to undergo a digital transformation, it must be defined. A digital transformation involves the integration of technology into all aspects of running a business, developing a new digital foundation that influences every facet of operation, as well as how a business delivers value to their customers. The reason why many companies decide to take on this type of transformation is because the results typically show measurable and impressive improvements in key areas of business operations.

Improved Employee Efficiency

Digitizing manual processes and tasks that employees routinely perform make take some time up front to develop but once manual tasks become automated, it frees up employees to focus their time and effort elsewhere. Traditional functions involving payroll, accounting, and finance often center around repetitive tasks that are fairly easily automated. Once employees can break away from manual processing, they can focus on other projects that require a more hands-on focus.

Improving the Customer Experience

Customers always appreciate streamlined, thoughtful improvements in their experience with a business. Automating customer interaction processes reduces wait times, and providing a 24/7 customer outreach mechanism allows customers to reach out with questions or comments when it’s most convenient for them. By using a CRM (customer relationship management) application, employees can view a customer’s question, find out all the necessary information, and provide an immediate full response, as well as additional information they think is helpful. By going the extra mile, customers feel appreciated and customer representatives have an opportunity to expand a sale and/or provide extra goodwill.

Improved Security

Digitizing corporate data is one of the foundational ways in which a company can protect such a vital asset. Manually stored data is vulnerable to theft, loss, and natural disasters such as a flood or fire. By automating all data including pertinent information such as customer and vendor contacts, payroll information, employee profile data, sales orders, etc., companies have protected their most vital resource — corporate data that allows them to function on a daily basis. By developing a comprehensive backup and restoration plan, companies can easily restore their data in the event they experience a catastrophic failure.

Better Decision-Making

Not only is it a good idea to digitally transform corporate data for security reasons, it is also helpful to have detailed information in order to facilitate better decision-making. By digitizing corporate data, companies can capture, store, and analyze large volumes of data that can almost effortlessly be pulled together by specific applications. A variety of software applications are available that can incorporate and formulate large amounts of complex data, giving business owners key insights into how well their business is functioning (or not), and suggestions on where to focus their efforts in order to make improvements.

It Takes Some Time

As with any other project, digitally transforming a company’s operations does take some initial time and effort. However, once transformed most businesses begin to reap the benefits of their transformation right away. Improved data security, an improved customer experience, and greater insight into the overall functions of the business, even down to a very fine level, are all typical gains that business owners enjoy after undergoing their transformation.

If you would like more information on how to digitally transform your business, please contact us!