Secure Modern Workplace

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

admin — Wed, 23 Feb 2022 17:41:55 +0000

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks admin Wed, 02/23/2022 - 11:41 Trends ��Ƶɫ

Over the past two years working from home (WFH) has rapidly accelerated in many fields. Although the pandemic’s part in contributing to this shift is undeniable, much of this trend would be impossible without software developments supporting remote work. However, digital growth has increased the chances for cybercriminals to strike out and harm companies.

Smaller and mid-sized businesses are especially at risk due to limited resources and budgets for cybersecurity. On the other hand, businesses that have had increased digital footprints have also given cyber insurance companies more information to assess risk profiles of policyholders. These data-driven insights help provide more accurate underwriting and ultimately protect the insured.

This article will discuss the ways WFH has altered the digital landscape and what, both financial and insurance, providers can do to respond to this increased growth.

Growing Digital Footprints

As of 2020, over half of the world’s population is connected to the Internet. In America, over 90% of Americans have access to the internet. These numbers stand in sharp contrast to 2007 (the year the first iPhone was released), when 47% of Americans had access to broadband Internet at home. Every year more and more people are coming online and signing up for the services and platforms that connect us in this digital age. Increasingly, our digital presence has become relied upon as a method for us to transact business and experience our lives.

More and more businesses require employees to leverage these types of digital systems, which is why we have seen a huge increase in vulnerabilities. The transition from an Internet of the wild west to a place where the vast majority of the world’s business takes place has been essential for WFH to become possible. Importantly, businesses should consider how to rebuild after Covid.

Powered by the Cyberworld: Working From Home

WFH, sometimes called remote work, or even more rarely, working from anywhere (WFA) has become key to how we do business today. The sudden shift to WFH dramatically altered the business landscape because overnight we suddenly found many workers, some of whom had never sent an email, were handed a laptop and told to sign up for Zoom.

Early in the pandemic Zoom went from servicing 10 million people a day to over 300 million. In short, the Internet got way bigger and way more crowded. Companies suddenly needed new services, like being able to encrypt your emails. This rush to cyberspace also created an open floodgate of information for cybercriminals to wade through.

Criminal Threats Online

Cybercrime is nothing new, but the massive shift to remote work has made business data all that more vulnerable to hackers. Zoombombing, the practice of breaking into private Zoom meetings and disrupting them, although largely benign, underlines the importance of securing your business’s online presence.

Something important to keep in mind is the various types of groups that perpetrate these crimes, but also the angles from which they may attack businesses. This information is critical for financial and insurance providers because by understanding how cybercriminals behave you can determine how to better protect policy-holders.

Cybercrime Perpetrators

Generally, there are three to four types of cybercriminals that can be identified based on their alignment. The first group would be government actors. These are hackers employed by the government of a nation and are frequently used to undermine the stability of other governments. Second, there are government-sponsored hackers. These groups are typically paid for by nations in order to separate themselves from the type of attack that is taking place. They attack all kinds of targets.

The third and fourth are hacking collectives and individual rogue hackers. Sometimes hacking collectives can be government-sponsored. Other times they act on their own. Frequently, these groups attack corporations of all sizes and harvest their data for sale on the dark web.

Consider how these groups might attack your clients and how your clients’ risk profile might change based on the groups that target them.

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

What methods do these criminals use though? And what are their targets? Unfortunately, I cannot cover every single type of target and attack vector here, but I will cover the most common areas and discuss how these can impact your business.

To begin, many hackers target personal data -- at all levels. This means whether a business has 2 employees or 2,000, they are ripe for being attacked. Personal data does not just mean an employee’s data either, it means all the data that the business itself has collected.

For example, hospitals store all sorts of important data on patients, including their date of birth, social security number, address, and even vital records. Encrypting records is key to preventing these data breaches. Hospitals aren’t the only vulnerable industry, however, all business owners should consider some type of insurance to prevent loss when a data breach occurs.

Second, a favorite target of many hackers is cryptocurrencies and other financial assets. Today, more and more financial institutions sell cryptocurrency or invest in it themselves. Insurance providers may offer policies that cover the loss of cryptocurrency. There are many options for safely storing your crypto, but it will definitely continue to be a major target along with all other types of assets.

When it comes to how attackers seek this information the most common methodology is phishing. Phishing involves posing as, or spoofing, a trustworthy identity. Once the hackers have gained your trust, through social engineering, they then send a file, link, or other pieces of malicious software to gobble up your information or take control over your system.

Email is one of the most common ways that phishing scams are employed, which is why it is so vital that your email is secured with the right software. Other times these scams can be employed on social media. A business may have employees on Facebook or TikTok, who subsequently, albeit unintentionally, expose their employer to threats.

Insurance companies should consider this in the underwriting process. Does the business you are insuring have a social media policy for employees? Does the business have other kinds of insurance policies in place in the event of the worst happening? A training program to protect against phishing? These should be considerations in any process you undertake.

Brute force hacking is far less common than phishing, but it often requires more resources on the part of the hacker. Businesses and financial institutions can be particularly vulnerable to these types of intrusions because of corporate software that allows many employees to connect in the cloud. A hacker targeting the database of a large corporation could easily gain access to countless files.

These are just a handful of the areas that can potentially be impacted by cybercriminals, but they are the main areas to consider if you provide either financial or insurance products.

Big Opportunities for Financial and Insurance Providers

As you can see, the increase in cybercrime and expansion of cyber vulnerabilities are opportunities for both financial and insurance providers to tailor their services to their clients. By better understanding how working from home has expanded the marketplace for hackers, financial and insurance providers can both offer more complete coverage and better protect consumers.

Secure Modern Workplace

6.5 Billion Emails Quarantined in 2021

admin — Wed, 26 Jan 2022 22:03:44 +0000

6.5 Billion Emails Quarantined in 2021 admin Wed, 01/26/2022 - 16:03 Email Security David Bisson

The ��Ƶɫ | AppRiver team quarantined 6.5 billion emails in 2021, a volume which constituted a 12.5% increase over the previous year.

A Year of Email Attacks in Review

In its “Global Threat Report: Full Year 2021,” ��Ƶɫ | AppRiver revealed that emails with malware attachments decreased in volume to below five million during the first five months of the year. Those messages jumped up above 15 million the following month and ended at around the same level in December 2021. That was after the team detected over 25 million emails with attached malware samples in November.

Overall, the ��Ƶɫ | AppRiver team flagged 165 million email messages with malicious attachments through 2021.

The monthly totals of directly attached malware emails in 2021. (Source: ��Ƶɫ | AppRiver)

When it examined the origins of these and other malware attacks, the ��Ƶɫ | AppRiver team observed that many of the email campaigns had originated from the United States. China came in with the second highest number of attacks at just over 10 million. This attack volume marked a growth rate of 240% for the country when compared with 2020.

The top 10 most common email malware attack origins in 2021. (Source: ��Ƶɫ | AppRiver)

��Ƶɫ | AppRiver also examined the most common attachment file types used by email attackers in 2021. Excel worksheets were the most common. Even so, malicious HTM/HTML attachments increased throughout the entire year.

Sources of Inspiration for Their Attacks

The ��Ƶɫ | AppRiver team witnessed malicious actors seize on various events as inspiration for their attacks in 2021. Let’s examine a couple of these below.

The Kaseya Supply Chain Attack

Following the software supply chain attack involving Kaseya in July 2021, ��Ƶɫ | AppRiver detected a malicious email that claimed to be offering a patch for the affected software product. The attack email instructed the recipient to open an attached executable file for the purpose of resolving a Kaseya weakness. Once executed, the file loaded Cobalt Strike, commercially available pentesting software which malicious actors can weaponize as an attack tool.

Global Shipping Issues

Several months later, the researchers at ��Ƶɫ | AppRiver detected an attack campaign that claimed to originate from Maersk Line. The message used stolen branding to trick the recipient into thinking that the email had originated from the shipping company. From there, the email instructed the recipient to view some documents including an invoice, a bill of lading, and a packing list by clicking on a “Download Confirmation” button. If the user complied, the campaign redirected them to a phishing page designed to steal their email account credentials.

Email Attack Predictions for the Year Ahead

Looking forward to 2022, the ��Ƶɫ | AppRiver team has several predictions for where email attacks will go. First, they noted that there will be greater coordination between threat groups. The researchers witnessed such collusion following Emotet’s takedown in 2021. Trickbot’s operators stepped up and began distributing Emotet later in the year. This activity helped malicious email traffic involving Emotet to increase beginning in mid-November.

Second, the ��Ƶɫ | AppRiver team anticipates that attackers will make more attempts to target software supply chain attacks like Kaseya. Doing so will help malicious actors to broaden their impact to dozens if not hundreds or even thousands of companies with a single compromise.

Finally, researchers at the security firm wrote that digital criminals are going to continue turning to spear-phishing attacks in 2020. Such activity will support attackers as they devise new customization tactics—all for the purpose of focusing even further on their targets.

Email Defense for 2022

The predictions discussed above highlight the need for organizations to invest in their email threat protection over the following year. They need to prioritize building more specificity into their email defenses. Towards that end, they could consider investing in an email security solution that’s capable of scanning incoming messages at multiple levels for the purpose of blocking email attacks while allowing legitimate correspondence to reach their destination.

Secure Modern Workplace

Log4Shell Targeted by Email Attackers in Two Campaigns

admin — Mon, 17 Jan 2022 21:58:15 +0000

Log4Shell Targeted by Email Attackers in Two Campaigns admin Mon, 01/17/2022 - 15:58 Email Security David Bisson

The ��Ƶɫ | AppRiver team spotted two campaigns in which email attackers attempted to exploit a recently disclosed Log4j vulnerability on susceptible systems.

A Bit of Background on Log4j

As explained by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the Log4j vulnerability (detected as CVE-2021-44228 and dubbed “Log4Shell”) is a critical remote code execution flaw that affects versions 2.0-beta9 to 2.14.1 of Log4j, Apache’s Log4j software library which services can use to log security and performance information. Those services include background modules that that help to process email header information as well as perform analytics and reporting.

CVE-2021-44228 affects Log4j’s Java Naming and Directory Interface (JNDI) insofar as some of its features “do not protect against adversary-controlled LDAP [Lightweight Directory Access Protocol] and other JNDI related endpoints.” Malicious actors can use a specially crafted request to exploit the flaw and execute arbitrary code for the purpose of infecting the system, exfiltrating information, and/or deploying ransomware. For the purposes of this article, they can launch an email attack where Log4j parses a string, executes malicious code, and compromises a system that attempts to log information about the email.

Campaign #1: A Slack Workplace Invitation

As soon as it learned of the Log4j vulnerability’s disclosure on December 10, 2021, the ��Ƶɫ | AppRiver team prepared itself for attack attempts to begin spreading over organizations’ email systems. It was just four days later when the team detected the first such attempt. In the weeks that followed, those attacks grew in frequency and creativity.

Which brings us to one campaign flagged by the ��Ƶɫ | AppRiver team in the beginning of January. For this attack, someone by the name of “Smith John” invited a recipient to join a Slack workplace. The invite came with a unique workplace name crafted to exploit CVE-2021-44228.

Screenshot of the Slack workplace invitation. (Source: ��Ƶɫ | AppRiver)

“I assume the attacker is hoping that the attempt would be logged by a vulnerable system and trigger the exploit,” noted Troy Gill, senior manager of threat intelligence at ��Ƶɫ | AppRiver. “We don’t know for sure if that was strictly intended as an email attempt or if the attacker was trying to send the exploit via Slack and that action triggered an email. Or both maybe?”

Campaign #2: An AWS Attack

It was around that same time when the ��Ƶɫ | AppRiver team came across another attack that attempted toe exploit the Log4j vulnerability. Whoever designed this attempt dispensed with concealing their efforts behind a well-known brand like Slack. Instead, they sent out an email with the exploit code for Log4Shell included not only in the subject line but also in the body of the attack email.

Screenshot of the attack email. (Source: ��Ƶɫ | AppRiver)

Gill and his team analyzed the email and found that its sender had data theft on their mind.

“It was trying to retrieve multiple AWS items along with java and virtual machine information,” he pointed out. “This AWS attack tried to retrieve the secret access key, session token, shared credentials file, web identity token file, profile, config file, and access key ID. I’m not sure about the efficacy of this attack, but it is certainly being attempted.

Screenshot of some of the AWS items targeted by the attack email. (Source: ��Ƶɫ | AppRiver)

How to Defend Against Email Attacks Targeting CVE-2021-44228

The campaigns described above highlight the need for organizations to defend themselves against attack attempts that seek to exploit CVE-2021-44228. One of the ways they can do that is by using an email security solution that can analyze incoming messages for known vulnerabilities and other malicious indicators. Simultaneously, organizations should seek to patch Log4Shell using their vulnerability management programs.

Secure Modern Workplace

4 of the best Microsoft Teams features you may not be using today

admin — Wed, 12 Jan 2022 15:49:56 +0000

4 of the best Microsoft Teams features you may not be using today admin Wed, 01/12/2022 - 09:49 Microsoft 365 ��Ƶɫ

When the pandemic hit in early 2020, many workplaces migrated to Microsoft Teams, looking for a quick fix to connect employees until it was safe to return to the office. Nearly two years later, many of those same workplaces are now planning to work remotely or in a hybrid setup indefinitely. This may lead you to wonder if there’s more to the tool that your team can benefit from.

Indeed, there’s more to Microsoft Teams than just video meetings, instant messages, and project channels. Let’s take a look at some of the lesser-known features that can help your team long-term.

Get more out of messaging

Most discussion of Microsoft Teams only considers it the “new version of Skype chat”, or likens it to Slack. In reality, there’s a lot more to it than being able to send and receive instant messages. Teams is set up so that you can work in real-time with your colleagues without ever leaving the channel you’re in. It’s a great place to house your digital workplace hub to collaborate, plan, and execute work as a team.

Where Microsoft Teams gets a leg up over other messaging apps is in its ability to support many functions at once. Within project channels and direct messages, you can easily attach a file, video or voice-call a colleague, and access other Microsoft apps like OneNote and Office, all within the same window. This makes it easy to stay on-task, collaborate seamlessly, and organize project information.

Collaborate with colleagues

There are a number of features that make collaboration easier with Microsoft Teams.

First, as Microsoft explains over on their support page, adding tabs makes it possible to keep your information organized and streamlined. You can add any relevant files and apps as tabs to your existing Teams conversations. For example, if there’s a deck your team is working on that’s part of a larger project, you can add a tab to that channel to make the deck easily accessible to everyone. Once a file is added, users can also co-edit it together in real-time, without needing to leave Teams.

Another great collaboration feature is the ability to add both internal and external contributors to project spaces. This makes it possible to add vendors, suppliers, freelancers, and clients as guest users, which means you don’t have to rely on a separate email thread to keep them in the loop (just make sure you run this function through your security process first).

Integrate for ease

Integrations make it easier to work smarter using third-party apps in conjunction with Teams.

First, sometimes you need more than just text to get your message across. Microsoft Teams lets you easily embed content from third-party apps directly into your messages, making them more interactive, informative, and functional for the people receiving them.

You can also interact with 24 different app bots by @mentioning them in chats or project channels. This support article uses the example of chatting with Survey Monkey to create a new poll within a team message. This makes it easier to accomplish more, without having to put any extra effort in.

Access from anywhere

We’ve all gotten used to working from home over the last two years, but the Teams phone app makes it possible to access all your documents and conversations while you’re on the go as well.

Once you have the Teams app on your phone, there are a number of ways you can customize it to suit your work style. For example, you can set quiet hours (and even quiet days) to filter out notifications during your down time. You can also use the app to share content from your phone during a meeting, or transfer a call from your laptop to your mobile app.

Overall, Microsoft Teams is more than just a messaging app. With the right actions, information, and integrations, you can use it to connect with your team on everything from day-to-day communications to larger projects that require heavy collaboration.

If you’d like to talk to a Microsoft Partner about Microsoft Teams, get in touch here.

Secure Modern Workplace

Advanced Notice: Staying Alert and Aware of a Security Breach

admin — Thu, 06 Jan 2022 15:55:58 +0000

Advanced Notice: Staying Alert and Aware of a Security Breach admin Thu, 01/06/2022 - 09:55 Thought Leadership ��Ƶɫ

Locking your digital doors is the most important thing your organization can do—a cybersecurity system is crucial in today's hack-happy world.

Recognizing what a picked lock looks like is the second thing. Cyberattacks do come with warning signs, and your team needs to know those signs so that you can stop a security breach before it's too late.

We hear stories all the time about how a proactive approach to cybersecurity makes a breach less catastrophic. Here's a hypothetical business and name, but the scenario has happened many times.

Jay Duncan and his team learned this the hard way. Jay is the IT director for Sew Clean, a chain of alterations and dry cleaning stores. He has pushed his senior management to move towards a completely digital point of sale system, so their customers' information is stored in their network. Jay installed Intrusion Detection Software (IDS) in the network when they installed the new POS software, thinking that with all that customer data they needed bigger firewalls. The IDS he chose is antivirus software that monitors incoming network traffic.

So far, it's worked out well. Not only are customer's starch choices in the system, but so are their measurements, so they can just drop off basic alterations like hemming. During the pandemic, this full curbside service has boosted Sew Clean's business while their competitors are struggling.

Sew Clean has several branches in the metropolitan area, and Jay oversees a team of six administrators. Together, they keep customer data secure and manage the business operations.

A Series of Peculiar Events

One day, a branch manager mentioned that she had been locked out of her account when she tried to log in. She hadn't said anything about it because she assumed she had missed a capital letter on her password. Jay didn't think much about it; Susan was new and he figured she had just forgotten the sequences. He had also added email encryption to the system for an added layer of security. That afternoon, the operations manager said that the network seemed slow, and some of the computers were inexplicably crashing. Jay immediately shut down his computer, only it would not cooperate and kept running. Jay's suspicions of a security breach were confirmed when a ton of pop-ups started doing just that—popping up exponentially.

Jay realized that a data breach was in progress. He had been discussing plans for an emergency recovery with his IT admins since his first day, so he called his lead engineer and told her "we're hacked, get everyone on site and start working through the plan." Then he called the CEO with the news.

While Jay was having an uncomfortable discussion with the CEO, his lead engineer Jane had shut down all company routers to limit the spread of the hack, and had begun shutting down all servers. Her staff were calling branch managers to tell them to run through the instructions in the red 3-ring binder labeled "Emergency Recovery Plan."

By the time Jay got to the data room, Jane and her staff were almost finished rebuilding the desktop computers in the office. "Jay, I'm glad you made us practice this last month. I've put all the main servers in quarantine, and Tom's signed off on the checks. I'm sending the guys out to the branches to make sure they're all clean. Once that's done, we'll be back in business within an hour".

How Jay Prepared for a Data Breach

Jay and his team knew the signs of a security threat, but the initial signal—a new employee couldn't log in right away—was so subtle that he and Jane dismissed it at the outset. His CEO was grateful that Jay had insisted on additional email security as well as security audit software, although he had grumbled a bit about the cost at the time.

Fortunately, he and Jane both had that emergency plan in place, so they had minimal downtime and no loss of data.

Major Signs a Data Breach is Underway

Jay and Jane knew the warning signals for a data breach and had trained their staff to look out for these signs.

Users locked out of accounts—Susan couldn't log in because a phisher was interfering
Slow hardware and software performance–systems freeze and crash without reason
Abnormal system behavior—lots of pop-up and virus detection messages are a sure sign that malware is worming its way into your network

A security breach attack can even take the form of targeted campaigns that are customized to spoof legitimate notification messages.

More subtle changes to the system are sudden file changes and unusual activity on an administrative account. When Jay realized a cyberattack was underway, he was able to confirm through his security audit software that his admin account was secure and that the malware had not infected the company files.

Your data security should have built-in updates

Data security tools are constantly evolving to keep up with the bad actors in cyberspace. Jay had already installed Microsoft 365 Security Audit software that continuously monitors his email system for vulnerabilities. Hackers are always looking for a way in, and emails are a popular delivery vehicle for testing the waters. Phishing attacks are typically the first breach in a network. The security audit analyzes all network mailboxes for permissions, passwords, MFA, and forwarding settings so that any attempt at breaking in is automatically rebuffed.

Phishing is a highly profitable attack vector

According to an IBM study on overall costs of a data breach, a successful phishing attempt accounts for the second costliest type of attack. Phishing accounts for 17% of all data breaches, and costs companies an average of $4,65 million. Compromised email credentials—when the malware fools the active directory into thinking a request is valid—are responsible for 20% of security breaches. These incidents, however, are less expensive to clean up than a phishing hack.

Phishing breaches that wormed into business email, however, cost an average of $5.01 million in recovery. What's worse, IBM found that phishing only accounts for 4% of data breaches, and takes almost a year—317 days—to identify.

Modern IDS Keeps Up with the Bad Actors

The days when Jay and Sew Clean could keep their data secure with anti-virus software are long gone. As businesses are networked, security levels need to meet that risk by providing safeguards for the entire system. An IDS acts as that gatekeeper, with highly adaptable technologies that keep all your systems secure against consistently more sophisticated cyber threats.

Signature-based IDS takes off from antivirus software, which searches for patterns in byte sequencing—signatures—or known malware instruction sequences. The problem with signature-based IDS is that it cannot identify new attacks as there is no pattern precedent.

Anomaly-based IDS goes a step further and uses AI to identify odd patterns of behavior against a predefined trust model. The downside to this IDS is that fake positives are a possibility; in some instances new legitimate activity gets flagged as malicious.

Until this attempted data breach, Jay and Jane were having a hard time convincing their team and CEO that modern security software was critical for their company and customer information to remain safe and secure. Once the crisis had passed, they were fully on board with learning and staying up to date on security protocols.

Secure Modern Workplace

How to increase adoption of Microsoft Teams

admin — Thu, 23 Dec 2021 19:33:07 +0000

How to increase adoption of Microsoft Teams admin Thu, 12/23/2021 - 13:33 Microsoft 365 ��Ƶɫ

For some workplaces, going remote in 2020 was their first foray into collaborating and meeting virtually. For these organizations, Microsoft Teams was a welcome addition, allowing them to meet, chat, and stay organized from afar.

Now that some time has passed, however, some are finding that while their colleagues and employees are using Microsoft Teams, they’re not getting the most out of it. Let’s look at a few ways you can encourage more meaningful adoption of Microsoft Teams at your workplace.

Decide what success looks like

We’ve touched on the bridge between usage and meaningful adoption, but what does that look like? The truth is, it’s different for every business. It’s important to define what a successful adoption of Teams will look like for your business and work towards those metrics.

As with any goal, it’s important to make sure yours are specific, measurable, achievable, realistic, and time-bound. According to Microsoft, there are four categories of outcomes you can work towards: organizational, cultural, tangible, and individual. Let’s look at each a little more closely.

Organizational outcomes: Goals in this category include those around cultural transformation, employee retention, talent acquisition, social engagement, and operational agility.

Cultural outcomes: These include goals around employee sentiment, employee recommendations, customer feedback, and innovation measures.

Tangible outcomes: These can include impacts on customer experience, cost savings, revenue generation, data security, process simplification, and retirement of legacy systems.

Individual outcomes: Here’s where we get more into the weeds of user adoption, with outcomes related to actual use of the tool, employee morale, employee productivity, employee engagement, and idea generation.

Being clear from the outset on which of these outcomes are important to you (and how you plan on achieving them) is critical, but so is being flexible. If you’re having trouble reaching an outcome, you can investigate why and adjust your adoption approach accordingly.

Drive engagement with champions

Encouraging—and managing—behaviour change is one of the most difficult things leaders can do within an organization. Getting employees to join a work call on Meetings is one thing; getting someone to change the way they conduct their day-to-day communication is another entirely.

Managing this change, however, is critical. Engagement is a major factor in driving software adoption across an organization. When it comes to Microsoft Teams, the company has a solution for making this happen: onboard early adopters first, and identify Microsoft Teams champions—that is, the people who will drive awareness, adoption, and education around how to use Teams within the organization. As Microsoft recommends, champions should be given:

Formal training in how to use the software
Encouragement and empowerment to guide, teach, and train others
Consistent, positive reinforcement on the progress and impact they’re making
A clear, time-based plan to execute

Microsoft even has a Champions Program, where leaders can access valuable materials about getting the most out of Teams. If you’re running your champions program well, these people will learn all they can about Teams and pass that knowledge and support onto others who may be less enthusiastic or knowledgeable about the software.

If you’ve already been using Teams and haven’t appointed Champions, it’s not too late, and it’s worth the effort. There’s no replacement for having someone internal who can drive adoption and address any questions and concerns others may have.

Incorporate feedback and invest in awareness

It’s important to gather feedback about Teams from your employees, both from your champions and from others. Understanding how people use and experience the product will help you adjust the way you approach awareness and training going forward.

Microsoft recommends paying close attention to things like how users incorporate Teams with existing technology and which questions they ask about how to use it.

Finally, you should put considerable effort into building awareness and training across the organization. Microsoft equates this with the “marketing and communications” segment of your overall adoption strategy.

A good awareness and training plan includes deliberate internal communications, which can look like events, signage, and self-help/training information to familiarize people with why this is an important tool.

It’s important to evaluate your success metrics and share them widely to encourage continued adoption across the organization. Microsoft recommends sharing insights from your feedback channels with the hashtag #TeamStories to make them easily searchable. They also recommend sharing a team story company-wide every month to show what increased productivity and collaboration looks like using Teams.

Meaningful adoption doesn’t happen overnight

As with any major endeavor, success with Microsoft Teams adoption won’t happen overnight. Getting employees engaged, trained properly, and enthusiastic about using this tool will take careful planning, deliberate execution, and discernment about what’s working and what could be improved.

If you enable your champions, measure success, and incorporate feedback, you’ll be well on your way to meaningful adoption across the board.

Secure Modern Workplace

Data Resilience 101

admin — Wed, 22 Dec 2021 23:49:19 +0000

Data Resilience 101 admin Wed, 12/22/2021 - 17:49 Backup Todd Gifford

What is data resilience?

You know when your car breaks down or when the fuses blow, and the lights go out at your house? Often both of those things are problems, but you can work around them: You can call breakdown recovery or grab a taxi, and if the lights go off, sometimes the power is still on elsewhere, or you have a torch. Both of those situations and the workarounds supply a level of resilience – when there is a problem or something breaks, you can still walk around the house at night and see where you are going or make it work or the airport on time.

Data resilience is your ability to take a hit on your data availability or integrity and keep your organization running.

Why do you need data resilience?

Let’s get this out there: All organizations rely on their data; they always have. That accountancy firm from a hundred years ago had loads of data – it was just on paper. Architects, mechanics, the hospital, manufacturers, software developers, those of us who write blogs – everything we do has data at its core or associated with it. Many organizations even have data about their data – how much there is, where it is, who has access to it, how long they should hold it – the list goes on.

Let’s take an example – an oil pipeline. How much data is associated with pumping oil through a pipe? Probably quite a bit: flow rates, volumes pumped, pressure, leaks, maintenance records, valves, staff, locations, emails, diagrams, bills, wages, security information, etc.

What happens if all that data is lost or modified? No oil. No bills are issued, or revenue paid. Maybe a massive environmental disaster.

So – data. How about that – it’s critical to your organisation.

How to make data resilient

Data resilience requires planning. All organizations have some of the same types of data (like finance or HR) – but its value is different depending on the organisation.

Step 1: Collect the business requirements for data resilience – these will inform what to protect, how often to protect it, and how quickly it may need restoring after a data resilience event:

Know what data is essential to your organization. Work with department heads and those who use the data to perform their jobs. Categorise the data into high, medium and low based on the sensitivity of data (such as HR or medical) and how it would affect your organization if it were changed or unavailable.
Know where the data is – if you can’t find the data, you can’t control it and protect it.
Know who needs access to the data and how often
Work out how long each area of your organization could function without access to its data. This will allow you to work out the maximum time you could be without access to data, known as the RTO or ‘Recovery Time Objective.’
Work out how much data you can afford to lose – this is known as the RPO or ‘Recovery Point Objective’.

For some organizations – those last two will be zero. As in, the data needs to be ‘always available’ with ‘no loss’. Ouch – those are some tough asks – but not impossible. There will always be some risk of data loss due to Murphy’s Law – (if something can happen, it will) – but we can do our best to minimize the likelihood.

Step 2: Data resilience design

Data resilience design requires answers to the previous questions, but it also needs to consider the systems you are using. Is all of your CRM in Salesforce? Staff using Dropbox for corporate data without permission? Email and finance data in Microsoft 365?

Here are some pointers for design:

Control where the data is and where it can go
Secure those locations – understand who can access the data
Make those systems and locations as available as they need to be. This is key as the budget likely won’t stretch to allow every system to have 99.999% uptime. The payroll server only needs to run once a month, for example. That real-time ambulance tracking system – that one needs those five-nines of availability.
Despite all that resilience – you do need to take a backup.

For me – the cloud offers a cost-effective way of achieving a high level of availability at an affordable price, as those expensive infrastructure and maintenance costs are shared across many organisations.

Step 3: Back up the data

This is probably the number one thing on the list of data resilience must-haves. Backups. Back up your data somewhere that lives separately from your primary data (i.e. – consider AWS instead of Azure if your primary data is hosted in Microsoft, and vice-versa).

All the security and outsourced hosting won’t protect you from every incident – in fact, most cloud service providers bury it in their terms of agreement that they are not responsible for your data loss. When looking at your resilience plan, it’s important to ask - are you hosting your data in the cloud? In someone else’s cloud platform?

There is a backup for that as well – often called cloud-to-cloud backup or SaaS Backup

Backups provide you with a point-in-time recovery option. Between those points-in-time, however, there could be some data loss (most enterprises backup systems every hour, for example).

Step 4: Archive or backup? You may need both.

Need to make sure there is as close to zero loss on those legal emails or conversations about patients? For that, you need a real-time copy of everything that happens. This can be in the form of replication to an offsite location for virtual systems or an information archive for cloud systems to capture real-time data, like emails or Teams conversations.

Even if you have backups in place, if you work in an industry with any level of compliance requirement, having an archive can be the fastest and easiest way to source a copy of your communications. Where a backup brings you a step further – it can back up files, images, projects and other data in addition to your communications. When it comes to legal requirements, it’s crucial to practice as much due diligence as possible. You can read more about the difference in archive and backup here.

Summary – data resilience

The first rule of data resilience is to ensure you implement backup. The second rule of data resilience is to always have a backup. You can hone your data resilience approach by taking input from your organization. Likely nobody will be comfortable with data loss, but they may be able to operate without some data for a period of time (RPO vs RTO).

Follow the steps and plan your approach. Not only will this enable you to concentrate your efforts and budget in the right areas, but it will also enable you to show the board or the regulator what you are doing and why.

And don’t forget the third rule of data resilience – always have a backup, and make sure it is stored away from where the primary system is. Run all of your environment inside Microsoft 365? An excellent choice – but don’t keep the backups there as well, just in case.

Todd Gifford, BEng, CISSP, has 22 years of cybersecurity experience and is the CTO of Optimising IT, a UK-based Managed Service Provider whose goal is to help you pragmatically manage risk. Connect with Todd on LinkedIn or visit Optimising IT to learn more about how they can help you choose and implement the best cloud-to-cloud backup solution for your business.

Secure Modern Workplace

IP Spoofing Attacks: What are they and how can you prevent them?

admin — Fri, 17 Dec 2021 21:45:22 +0000

IP Spoofing Attacks: What are they and how can you prevent them? admin Fri, 12/17/2021 - 15:45 Trends ��Ƶɫ

There are dozens of techniques hackers can use to try to infiltrate your company's sensitive data, though some are more sophisticated than others. IP spoofing attacks are used by bad threat actors to “get a foot-in-the-door" of your network. They’re growing in popularity and frequency, and have the potential to wreak havoc on your organization if gone unnoticed. In this article, we will dive deeper into what IP spoofing is, how it’s commonly used, and what you can do to protect your organization for these types of attacks.

What Are IP Spoofing Attacks?

When data is transferred over the internet, it gets broken up into packets before being reassembled upon arrival. Each and every packet comes with source information, including the IP address of the sender and receiver.

IP spoofing is an entry point for attackers, used to bypass systems that are set up on a model of trust, or used to enter networks that aren’t secured with the right systems.

When attackers use IP spoofing, they impersonate a legitimate entity by changing their IP (Internet Protocol) source information to make the receiving computer system believe the data is coming from a trusted source. In systems that are configured to work between a set of trusted networked devices, IP spoofing can be used to circumvent the IP authentication process by appearing as a trusted entity on the network... getting past the moat and into the castle.

IP spoofing can be used to carry out “Man-in-the-Middle" (MitM) or “denial-of-service" (DoS) attacks. These methods allow hackers to obtain sensitive data, such as credit card information or social security numbers by interfering with communication between other networked computers. In the case of DoS, the hacker leverages devices they’ve compromised, i.e. “zombie” devices to carry out the attack. Often, hackers will even have a large network of these compromised devices, that they will use to flood or completely shut down websites and servers, and the IP source information is falsified to create confusion and prevent mitigation. This is similar to someone sending a dangerous item in the mail, but placing a false return address on the package (or even putting the recipient address on the package as the return address). This method makes it difficult for businesses to trace the source of the attack.

How Can My Organization Prevent IP Spoofing?

Although there are many things to worry about in the world of cyber security, there are also many ways to keep yourself and your organization safe from attacks like these.

Your users will be highly unlikely to detect IP spoofing, that’s why it’s important to ensure the organization’s IT security measures are up-to-date and configured properly. Some recommendations are to enable multi-factor-authentication (MFA) for your employees to access critical data in your network. Validating devices inside the organization with MFA is a strong option to provide an extra protection layer. It’s also recommended to place your network behind a firewall, and to implement additional security measures beyond IP authentication alone. Perhaps it’s time to implement packet-filtering for incoming traffic (ingress filtering), and external network traffic (egress filtering) to bulk up your IP authentication process, for example. Members of your web development team can also ensure they’re using the most up-to-date internet protocol, as old versions are more vulnerable to attacks.

How Can My Organization Recover From an Attack?

If your organization has been the victim of attacks carried out after IP spoofing, you know how jarring it is to discover that your network has been infiltrated. If you notice a device (or multiple devices) in your organization has been infiltrated, the first step is to disconnect it from the network as soon as possible. This can prevent the spread of the attack and give you a chance to perform data backups if they aren't done automatically in the cloud.

Next, affected users should change their login credentials and avoid using the same password for multiple accounts.

At this stage, you should have your cybersecurity team scan your system for viruses or malware, or reach out to a professional local IT security team (such as a Managed Service Provider in your area) that can help you with the process.

Finally, run an audit and see where the vulnerabilities were that allowed a hacker to gain access to your network or data. Once you know how the attacker got in, you can change your cybersecurity policies and procedures to prevent attacks like this from happening ever again, and begin implementing some of the recommendations we provided above.

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

��Ƶɫ is partnered with thousands of Managed Service Providers who can help you get to the root of your most common security vulnerabilities and offer their top choices for the tools you need to properly patch up any gaps. You can connect with a local IT partner in our network to help with network security.

Secure Modern Workplace

A rundown of backup recovery and data loss

admin — Fri, 17 Dec 2021 17:14:30 +0000

A rundown of backup recovery and data loss admin Fri, 12/17/2021 - 11:14 Backup ��Ƶɫ

As a business owner, knowing how to protect your digital data is a must when it comes to avoiding disruption to your business. Your business's essential data may be on a device that can get damaged, and data that is stored online may be accidentally deleted. Fortunately, data backup and recovery services make getting your data back if something happens to it easier than you might think. Here is an overview of what data backup and recovery typically look like and how they can benefit your business!

What Is Data Backup and Recovery?

Data backup and recovery describe the steps business owners can take to make sure they still have access to their digital assets, files, and other data in case something were to happen to the original version. Data that has been properly backed up in advance can usually be recovered if it is accidentally deleted, your device is damaged, or your business becomes the target of a cyber attack.

Difference Between Backup and Recovery

Data backup and recovery are two closely related concepts, but they are not exactly the same thing. Data backup is a preventative measure that should be taken long before you experience data loss or other problems with your data, while recovery is the process of getting your data back after a problem occurs. Properly backing up your data is an important step in making sure that you are able to recover it if you need to, as the process cannot be done in reverse if data that has not been adequately backed up is lost.

Types of Backups

Your business has several options when it comes to backing up your data. Although you will need to begin by performing a full backup, incremental and differential backups tend to be more efficient options for backing up new data.

Full Backups

A full backup creates an extra copy of all the data on your system. This type of backup is the most thorough, and it is an essential starting point when backing up your system for the first time. However, it is usually not the best choice for adding new data once the majority of your information has already been backed up because it is a very time-consuming process that typically takes many hours or even days to complete.

Incremental Backups

Under most circumstances, incremental backups are a better option when it comes to backing up new data. Because you do not need to back up your entire system over and over, selecting this option allows you to only create a copy of new files or other types of data that have not yet been backed up. As long as you have done at least one full backup in the past, an incremental backup is a faster and more efficient option for making sure you have a backup copy of all the files you need.

Differential Backups

Differential backups fall in between full backups and incremental backups. Like incremental backups, they only affect some of your data, but they use your most recent full backup as a starting point instead of your most recent incremental backup.

Types of Recovery

There are also several types of data recovery methods to choose from, some of which can work better for certain types of data failure than others. Some of the most common types of data recovery include granular recovery, instant mass restoration, volume recovery, virtual machine disk recovery (VMDK recovery), bare machine recovery, and instant volume mounts. Assuming your data was backed up properly before its failure, you can choose which type of recovery is the best fit for the type of data you lost and what problem caused it to disappear.

Importance of Backup and Recovery

Here are several reasons why considering data backup and recovery before you need them is essential when it comes to protecting your business!

Your Data Is Essential to the Operations of Your Business

Digital data security has quickly become a far bigger concern for many businesses than it was even a decade ago, although it has been an important consideration for as long as it has been used for business purposes. Your business likely relies on a wide range of categories of digital data to function normally on a daily basis, and abruptly losing access to that data can hinder your business from accomplishing as much as it should. For this reason, taking steps to ensure the overall security of your data is a must when it comes to keeping your business up and running.

No Business Is Immune to Data Loss

No matter how strong your security measures are, your business's devices and programs can fail or experience a cyber attack. Laptops can wear out and no longer turn on, files can become corrupted and unable to be opened, human error can cause you or an employee to accidentally delete data, and your business may become the target of a ransomware attack or other cyber security concern. Although your IT team should certainly take steps to reduce the likelihood of these problems, it is impossible to guarantee that they will not cause your data to disappear.

Ramifications of Not Backing Up Your Data

Although it is understandable that your quest to find ways to save time and money for your business may not automatically include investing time and money in data backup and recovery programs that you may never need to use, it is important to carefully consider the ramifications of cutting corners in an area that has the potential to cause extreme financial losses and productivity setbacks if something happens and your data cannot be recovered.

Cyber criminals are becoming more sophisticated even as cyber security programs become stronger, and banking on never experiencing a cyber attack because you are taking precautions could be catastrophic for your business. Simple human error, such as accidental deletion, can also destroy hours, weeks, or even years' worth of hard work.

At ��Ƶɫ, we prioritize helping our clients take steps to avoid the damage that data loss can do to their businesses. Contact us today to learn more about how we can help you take steps to protect your data from a wide range of potential losses or to get started!

Secure Modern Workplace

The Email Security Dictionary

admin — Mon, 13 Dec 2021 22:13:55 +0000

The Email Security Dictionary admin Mon, 12/13/2021 - 16:13 Email Security ��Ƶɫ

The world of email security contains all kinds of terms that are not often understood intuitively without a clear definition. For this reason, we have created a comprehensive email security dictionary to help you and your team understand the most important cyber security definitions, which will ultimately help you keep your company's data and information safe.

This guide is broken up into two categories: email security acronyms and good old-fashioned cyber security words or phrases.

Email Security Acronyms You Need to Know

Email security terms often consist of acronyms, which are sometimes referred to as cyber security alphabet soup. Here are the most important ones for you to be aware of:

2FA: 2 Factor Authentication

2FA, also known as MFA (multi-factor authentication), refers to the requirement of a password and tangible authentication system, often a confirmation code sent to a cellphone, to allow access to private online accounts or computer systems. These prevent immediate access by hackers to private data and accounts, even if the password has been compromised.

APT: Advanced Persistent Threat

An APT is a cyber attack against a network that is systematic and uses multiple tactics in an attempt to overload existing security measures over time. Hackers using APTs often attempt to infiltrate numerous platforms, and breaking into email accounts is one of the most common methods. Basic security strategies are usually not enough to stop these kinds of attacks, though more advanced security measures can slow them down or prevent them altogether.

Note: this acronym is not to be confused with ATP (Advanced Threat Protection)

DKIM: DomainKeys Identified Mail

DKIM is a helpful email security measure that ensures messages are not altered during transit from the sender to the receiver. It provides the email with a private key while it exits the outbox, and the recipient's inbox uses the organization's public key to verify the sender and that the message was not altered. This security measure is essential for preventing email spoofing attacks.

IMAP: Internet Message Access Protocol

IMAP allows users and email clients to access their messages from multiple devices on the internet. This is what enables people to check their email on their phone, computer, tablet, or other devices, and the email client usually leaves messages on the server until the user deletes them. Nearly all email clients use IMAP to allow widespread email access.

MTA: Mail Transfer Agent

MTAs are the software that actually performs the transfer of emails from one computer to another. It receives emails from other users, and forwards them to its intended recipient. Microsoft Exchange is an example of an MTA.

PKI: Public Key Infrastructure

PKIs are protocols that help data transfer securely over networks with digital certificates that are issued and managed with public-key encryption. A PKI consists of policies, procedures, hardware, software, and so much more.

Email Security Words or Phrases to Be Aware of

Aside from acronyms, email security is also full of terms that may seem more intuitive, but might actually not mean what many people believe they do. Here is some clarification about important email security words or phrases:

Encryption

Encryption usually involves emails sent from one user to another getting scrambled until they are incomprehensible, only to be reassembled with the use of a key. There are several different types of encryption, but email encryption is helpful for keeping emails safe from prying eyes while they are sent, transferred, and received. Every organization should have, at the very least, an email encryption system in place to prevent hacks and data loss.

Data Loss Prevention

Data loss prevention is the proactive efforts by an organization to detect and dismantle security threats and violations before they result in compromised accounts and data loss. Data loss prevention policies often include practices for using, storing, and transferring sensitive data in a safe in secure way to protect employees and clients.

Phishing

Phishing is a common method hackers use to obtain sensitive information and data. Most often, phishing attacks consist of email messages that seem legitimate, but trick recipients into clicking links or replying with private data like login information or passwords. Phishing attacks have gotten more advanced in recent years, and they can result in devastating losses for your organization.

Public Key Cryptography

Public key cryptographies are any systems that use both public and private keys within a network to protect messages. Public keys are held by all users within a network, while private ones are held only by an individual. Some encryption methods use public keys to allow the sender to send their message, while the intended recipient is the only one who can access the message because of their private key.

Ransomware Attacks

Ransomware attacks encrypt files on a device, which makes them unreadable and unusable. Attackers who carry out ransomware attacks often target government agencies or large corporations and demand money in exchange for decryption. Ransomware attacks are often activated when users open an attachment from a bad actor that compromises their files and data.

Spoofing

Spoofing is a cyber attack where hackers use fake information that seems legitimate, such as email addresses or domain names, to get users to divulge important information. Some companies have suffered spoofing attacks where employees received instructions to wire money to illegitimate accounts from an email address that appeared to be a higher up in the company. Less advanced spoofing attacks are easy to spot, but many hackers use surprisingly complex techniques to make it difficult for users to differentiate the legitimate from the illegitimate.

Need More Email Security Assistance? Talk to the Pros at ��Ƶɫ | AppRiver Today!

Now that you have a better understanding of important email security terms, you will be better able to understand and implement basic cybersecurity measures in your own life and organization. Even still, your company will likely still have email security vulnerabilities that can result in compromised data and financial losses.

Fortunately, the email security professionals at ��Ƶɫ have the knowledge and experience they need to help your organization devise a comprehensive email security plan. To learn more about how ��Ƶɫ can get your company off on the right email security foot, please contact us today!

Secure Modern Workplace

Secure Modern Workplace

How Finance and Insurance Providers Can Respond To The Surge of Cyberattacks

Growing Digital Footprints

Powered by the Cyberworld: Working From Home

Criminal Threats Online

Cybercrime Perpetrators

Crime Targets, Attack Vectors, and What They Mean for Financial and Insurance Providers

Big Opportunities for Financial and Insurance Providers

6.5 Billion Emails Quarantined in 2021

A Year of Email Attacks in Review

Sources of Inspiration for Their Attacks

The Kaseya Supply Chain Attack

Global Shipping Issues

Email Attack Predictions for the Year Ahead

Email Defense for 2022

Log4Shell Targeted by Email Attackers in Two Campaigns

A Bit of Background on Log4j

Campaign #1: A Slack Workplace Invitation

Campaign #2: An AWS Attack

How to Defend Against Email Attacks Targeting CVE-2021-44228

4 of the best Microsoft Teams features you may not be using today

Get more out of messaging

Collaborate with colleagues

Integrate for ease

Access from anywhere

Advanced Notice: Staying Alert and Aware of a Security Breach

A Series of Peculiar Events

How Jay Prepared for a Data Breach

Major Signs a Data Breach is Underway

Your data security should have built-in updates

Phishing is a highly profitable attack vector

How to increase adoption of Microsoft Teams

Decide what success looks like

Drive engagement with champions

Incorporate feedback and invest in awareness

Meaningful adoption doesn’t happen overnight

Data Resilience 101

What is data resilience?

Why do you need data resilience?

How to make data resilient

Summary – data resilience

IP Spoofing Attacks: What are they and how can you prevent them?

What Are IP Spoofing Attacks?

How Can My Organization Prevent IP Spoofing?

How Can My Organization Recover From an Attack?

Connect With A �����Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

A rundown of backup recovery and data loss

What Is Data Backup and Recovery?

Difference Between Backup and Recovery

Types of Backups

Full Backups

Incremental Backups

Differential Backups

Types of Recovery

Importance of Backup and Recovery

Your Data Is Essential to the Operations of Your Business

No Business Is Immune to Data Loss

Ramifications of Not Backing Up Your Data

The Email Security Dictionary

Email Security Acronyms You Need to Know

2FA: 2 Factor Authentication

APT: Advanced Persistent Threat

IMAP: Internet Message Access Protocol

MTA: Mail Transfer Agent

PKI: Public Key Infrastructure

Email Security Words or Phrases to Be Aware of

Encryption

Data Loss Prevention

Phishing

Public Key Cryptography

Ransomware Attacks

Spoofing

Need More Email Security Assistance? Talk to the Pros at �����Ƶɫ | AppRiver Today!

Connect With A ��Ƶɫ Partner Today to Help Prevent Cybersecurity Attacks

Need More Email Security Assistance? Talk to the Pros at ��Ƶɫ | AppRiver Today!