Articles

Macs on the Move: Why You Need MDM to Manage Your Mobile Devices Correctly

Macs on the Move: Why You Need MDM to Manage Your Mobile Devices Correctly

Scooch over, Microsoft – Apple has entered the cubicle. A few years ago, Macs were a rarity in offices; most professional software was designed to work on Windows machines, giving them a considerable advantage in the business market. Now, everything has changed; iPhones, iPads, and Macbooks are ubiquitous, and for good reason! People love the Mac operating system and are familiar with how Apple devices work. Apps and business tools are increasingly Mac friendly, and Apple has worked hard to develop and highlight features that boost productivity and simplify IT management.

While implementing Apple products for businesses has been fantastic for boosting creativity, flexibility, 

 and productivity, it’s presented a new challenge for IT teams. These teams must stay on top of managing a plethora of devices while keeping data secure and employees connected. Mobile Device Management (MDM) is a must-have tool for an IT team to succeed; whether you’re a small or large business, you must implement the right MDM solution when using Apple products.

Let’s take a look at why an MDM is critical for your business’s management and success.

1. MDM ensures that your mobile device is secure

Maintaining security is the top priority for IT teams; while mobile devices let employees work from anywhere, they also represent a new attack vector for criminals looking to steal company data. MDM is the best way for your team to maintain company data security while using mobile devices. 

Apple devices come with many built-in security features like FileVault encryption, Gatekeeper software verification, and TouchID, but these features can be disabled quite easily. With a robust MDM solution, you can feel confident that these security features are enabled and functioning correctly on all devices. You can also block specific software, disable camera access, distribute security patches, and require employees to regularly create complex passcodes. 

Mobile devices can be lost by employees or stolen by criminals; however, MDM helps mitigate this risk. If a managed device is lost, your MDM solution will help locate it while locking it until you’ve recovered it. In the case of a stolen device, you can remotely lock it and wipe all data. MDM ensures that essential data is protected by allowing you to enforce security measures and recover or disable missing devices.

2. MDM supports remote work productivity

Employee productivity is for business owners what security is for IT teams: top priority.  With cloud-based applications and mobile devices, people can work from anywhere.  This results in increased flexibility and higher productivity, but it only works if employees can access the data and applications they need.

Employee productivity is for business owners what security is for IT teams: top priority.  With cloud-based applications and mobile devices, people can work from anywhere.  This results in increased flexibility and higher productivity, but it only works if employees can access the data and applications they need.

MDM solutions allow your employees to securely access your company network, data, and applications from anywhere, including custom apps that may not be available in Apple’s App Store. MDM identifies critical applications and deploys them to your users.

Plus, you can even create lists of applications specific to certain job roles, departments, or users and allow access to those who need them. In this way, employees have access to the applications they need without being overwhelmed by the ones they don’t.  

If an employee needs a new application, MDM makes it quick and easy to grant access and push the application to the correct device. This is quickly done through custom settings in the App Store. As well, MDM makes it simple to share important information between mobile device users. Thus, implementing a robust MDM solution is one of the best ways to foster productivity in your company’s remote work environment.

3. MDM simplifies device management

Whether your company provides Apple devices to employees or lets them use their own through a BYOD program, managing every device can be challenging. 

MDM simplifies this process and offers workflows that let your team quickly set up new devices, enroll new users, reset old devices, install updates, and troubleshoot IT issues.  You can monitor devices to make sure that policies are being followed and employees are avoiding risky cyber-behaviour. You can also control access to company networks so that only approved devices can connect.

A good MDM solution allows you to monitor your devices remotely. You can quickly push settings, updates, and IT fixes to devices using over-the-air (OTA) distribution, and your team can detect issues as they arrive, having solutions already prepared.

Top-notch MDM solutions also allow you to implement time-saving practices like “zero-touch” deployment and custom scripting that enable you to customize your devices and modify account permissions as needed.

Truly – the time and cost savings realized from simplified device management are priceless.

Choosing Your MDM Solution

It’s clear that MDM is critical for managing Apple products; now to choose which solution is right for you. There are many MDM solutions on the market, and it’s integral to choose one that works with your priorities. Consider things like value, device compatibility, security features, application management, and support features. 

If you feel a little lost, we provide support and IT solutions specifically designed for Apple environments and operating systems. Our Apple product experts will help you choose the perfect MDM solution, one that will ensure that security is maintained, productivity bolstered, and devices managed efficiently.

507456181

SolarWinds Attack Exposes Microsoft 365 Security Vulnerabilities

img-SolarWinds-Orion-Security-Breach-01

Toward the end of 2020, a team of sophisticated cyber attackers, most likely funded by a hostile nation-state, inserted malware into the SolarWinds network monitoring and management platform. The announcement of this SolarWinds security breach sent shockwaves through business and IT communities.

The attackers’ ultimate goal was to use this malware as a backdoor into SolarWinds customers’ networks, including multiple U.S. government agencies, certain branches of the U.S. military, and many high-profile private companies.

The SolarWinds supply chain attack was the most successful and devastating cyberattack in history – but the story isn’t over yet. We’re still learning more about the techniques used by the attackers, the damage caused, and the repercussions for the future of cybersecurity.

In one of the most concerning revelations so far, researchers at Fire Eye subsidiary Mandiant released a report detailing how the attackers exploited several Microsoft 365 security vulnerabilities to hack into the SolarWinds infrastructure. This is an important discovery because so many companies have recently migrated their data and many of their essential applications to the cloud via Microsoft 365.

Let’s take a look at what the Mandiant report reveals about how the SolarWinds attackers targeted Microsoft 365 vulnerabilities and the lessons you can learn to help keep your company networks secure.

Understanding the four methods used to breach the Microsoft 365 cloud

1. Forged Active Directory Federation Services (AD FS) tokens

To infiltrate the SolarWinds network, attackers stole AD FS token-signing certificates from on-premise servers and used them to forge authentication tokens. The generated tokens could be assigned to any user the attackers chose and used to access resources like Microsoft 365 without entering a password or triggering any multi-factor authentication (MFA) processes.

2. Modified trusted domains in Azure AD

Attackers modified or added trusted domains in Azure AD. This method, also known as the Azure AD backdoor, allowed them to add a federated identity provider to forge tokens and assign them how they wished.

3. Compromised credentials for privileged accounts

The SolarWinds attackers targeted privileged on-premise user accounts for IT administrator roles. These accounts were synced to Microsoft 365, so attackers could use them to move from on-premise to the cloud-based environment.

4. Hijacked Microsoft 365 applications using forged credentials

Once the attackers had forged credentials, they added them to existing Microsoft 365 applications. This allowed them to bypass MFA procedures and hijack the applications’ abilities to send messages and access sensitive company data.

Four lessons cybersecurity teams can learn from the SolarWinds Microsoft 365 cloud attack

1. Your network is only as secure as the weakest member of your supply chain.

The SolarWinds attack has opened our eyes to the devastating effects of a successful supply chain attack. The government agencies and other real targets of the attack were too well protected, so the attackers opted to go after their trusted vendors. This backdoor attack was amazingly successful. It is a sobering reminder that working with vendors and partners to secure the entire supply chain should be a vital part of your cybersecurity strategy.

2. MFA isn’t enough to keep you safe.

MFA is rightly acclaimed as a crucial part of securing your company network, but it’s not a magic formula that stops all cybersecurity attacks. The SolarWinds attack has clearly shown that a keen and determined attacker can bypass MFA. Your team should look beyond MFA and make sure that both your on-premise and cloud environments are properly secured and hardened.

3. Remediation and hardening go hand in hand.

When a cyber-attack is detected, the first step is to regain control of your environment and kick the attackers out by doing remedial actions like issuing new authentication tokens, removing suspicious domains, and rotating passwords. These steps are necessary, but they’re insufficient if you don’t follow them up with hardening measures to ensure long-term security. You and your team must stay up to date on the most recent recommendations for hardening both on-premise and cloud environments and take proactive steps to implement them.

4. You need a detailed cloud security plan.

Many IT teams have taken a simplified approach to cloud security. They’ve set up their environment, enabled a few password and MFA policies, and then migrated their critical data and mission-critical applications to the cloud. If that sounds like your company’s approach, let the SolarWinds Microsoft 365 breach motivate you to take the time to lock down your Microsoft 365 environment fully. Your company’s security depends on it.

Do you have a plan for Microsoft 365 security?

Microsoft 365 has quickly become essential to many companies’ operations, especially in the current remote work environment. The chances are high that much of your company’s most valuable data is stored in your Microsoft 365 cloud.

That’s a tempting target for cybercriminals trying to access your network for a direct attack or as part of a supply chain attack. The vulnerabilities that enabled the SolarWinds attackers to breach the Microsoft 365 cloud still exist, but there are strategies to mitigate the risk and keep your data safe.

Companies have spent years securing their on-premise environments. Keeping cloud-based environments secure requires the same level of effort and additional work to ensure that there are no vulnerabilities that would enable attackers to move between the two. You also need to stay up to date on all the latest attack methods and the hardening measures to combat them.

That’s where an experienced cybersecurity consultant can make a difference. At designDATA, our business aims to understand how to keep our clients’ IT environments safe and secure. If you want to understand better your risk and the steps your team can take to secure your Microsoft 365 environment, schedule a consultation with one of our experts. We’ll be happy to help prepare your team so that you feel confident that your business won’t fall victim to the techniques used in the SolarWinds attack.

understanding-hidden

Understanding Hidden UEFI Spyware

Some cyber attack methods are well known. Both IT professionals and regular employees know to be alert for phishing scams, suspicious attachments, and compromised USB drives. Cybersecurity teams guard company networks against more sophisticated schemes like supply chain attacks. They monitor systems and machines and deploy antivirus software to sniff out malware. If malware is found or suspected on a device, a hard drive reformat and reinstall can wipe clean any infection… or so we thought.

The efforts listed here are effective against most cyberattacks, but determined criminals have developed advanced methods that evade traditional cybersecurity efforts and even the popular wipe-and-reload: Hiding spyware in the Unified Extensible Firmware Interface (UEFI) on company laptops. This type of spyware is rare, but researchers recently discovered hidden malware in the UEFI on some Windows 10 business machines.

Read on to find out everything you need to know about hidden UEFI spyware.

A Clever Firmware Attack

The UEFI is a pre-boot environment stored on firmware rather than on a hard disk or a solid-state drive. The recently discovered UEFI spyware makes it possible for criminals to directly deliver hacking tools or malware to the infected computer from this pre-boot environment. These tools could allow hackers to steal documents, log keystrokes to steal passwords, and exfiltrate the stolen info via the Internet.

Hiding malware in the UEFI is particularly clever because antivirus and anti-malware software has virtually no ability to scan this memory type. UEFI malware evades both traditional detection methods and standard remediation practices because it is stored on firmware in the pre-boot environment. The malware discovered in a recent attack could reinstall the hacking tools on the operating system of the computer even if it were found and removed. A concerning consequence of this is that the malware would also remain even if cybersecurity teams wiped and reloaded a machine or swapped out the hard drive, as it doesn’t live on the hard drive at all.

The good news is that it’s tough for cybercriminals to load malware into a machine’s UEFI. The malware has to be customized to a specific machine model. For example, malware intended to infect the EUFI of a Dell Latitude E6320 would only work on that model and no other. It’s also difficult to load the malware. To inject an infected version of the firmware into the UEFI memory requires malicious actors to abuse a Firmware Update such as a BIOS Flash. Firmware updates aren’t everyday activities and are generally performed by IT teams rather than users, which is another reason these extremely effective UEFI attacks are rare.

img-a-clever-firmware

State-Sponsored Groups Behind UEFI Spyware

UEFI spyware attacks require custom written hacking tools and determined effort to infect victims’ machines. So far, all known attacks of this type have come from state-sponsored hacking groups with very specific, high-value targets.

A UEFI attack discovered in 2018 is suspected of having come from Russian state-sponsored hackers. More recently, UEFI spyware victims were people associated with African, Asian, and European diplomatic entities and NGOs. Based on clues in the malware code, experts suspect the attack came from a group sponsored by North Korea.

UEFI Cybersecurity Best Practices

Depending on your industry, it may be unlikely that you’ll be targeted by a state-sponsored UEFI attack. However, it’s always a good idea to follow best practices when working on your own machines or those of your customers. Here are some simple but effective ways to protect against UEFI attacks:

  • Ensure Computer Security By Making Sure Your Machines Are Running Legitimate Firmware Versions

    When you download new firmware or drivers to install on a machine, check to ensure the files are digitally signed to ensure authenticity. If they are not signed, check the hash value of the file against the hash provided by the vendor to make sure they match. Taking these steps significantly reduces the risk that you’re running firmware infected with malware

  • Regularly Re-Flash Pre-Boot Environments Of High-Profile Or Vulnerable Machines

    If you suspect malware on a machine, beyond just wiping-and-reloading the hard drive with a fresh copy of the Operating System, consider adding a flash of the pre-boot environment as part of your wipe-and-reload procedures. Flashing the pre-boot environment with a digitally signed copy of the files from the device manufacturer will clean out any malware living there (essentially doing a wipe-and-reload of the pre-boot environment in addition to the hard drive). You can also perform this step specifically when travelling users return from high-risk countries as part of the cleaning process for that device.

  • Leave Updates To Your IT Services Team

    Employees often decide to “save time” by installing software and updates on their own. Users are much less likely to follow your security and validation procedures, ensuring that the updates they are installing are relevant, meaningful, compatible with current systems, and digitally signed by hardware and software manufacturers. When not following these procedures, there’s a much greater chance that they’re installing illegitimate updates full of spyware, ransomware, or other nasty malware you don’t want on your system. Provide Cybersecurity Awareness Training to reinforce that your team should rely on the IT department or provider for software patches and updates and should NOT install these things independently.

Secure IT Solutions

Maintaining good cybersecurity requires time, people, resources, and constant vigilance. At designDATA, we do the hard work of keeping up with all the latest cyberattack methods and the most effective cybersecurity solutions to protect our customers from cyber-crime. Check out our free cybersecurity resources for some great steps you can take to protect your organization. Ready to take the next step? Book a Security Assessment with one of our cybersecurity experts to see how we can help you.

img-secure-it-solution
wifi-security

Public WiFi Security Myths, Facts & Best Practices

img-for-many-workers

For many workers, the ability to work from anywhere is one of the most appreciated perks of modern wireless technology. Are you feeling trapped inside with lots of work to do on a beautiful sunny day? No problem – you can pack up your laptop and finish your work from a table on the patio at your local coffee shop. Dog begging for attention while you try to work? Take her to the dog park and write a report from a picnic table while she runs around. Need to send a last-minute work email before flying off for vacation? You can take care of it from the airport waiting area. 
The ability to work remotely gives workers and companies unprecedented flexibility, but, like many benefits of technology, working from anywhere can be a double-edged sword. The public WiFi networks that enable employees to work from coffee shops, parks, and restaurants also present a security risk to company data.

Millions of people are working remotely due to COVID-19 precautions. As restrictions ease in some locations, more workers will seize the opportunity to get out of the house and work from other places, often using public WiFi. Companies need to understand the risks of using public WiFI and develop best practices to protect company networks and data.

Most people are aware that there’s some risk associated with using public WiFi. There’s a lot of helpful information on this topic, but there are also some myths. In this article, we’ll take a look at three common statements about public WiFi security and examine the truth of each. We’ll wrap up by discussing some best practices for working safely via public WiFi.

#1. When working on public WiFi, other devices can communicate with your device without your knowledge

This statement is true. On some public WiFI networks, hackers can gain access and initiate communication with your device. They don’t even have to be anywhere near you. Malicious actors can do this from hundreds of miles away. The risk is real, but there are mitigations. You should make sure that all company devices have the latest security patches and updates. Another effective tactic is to use a software-based firewall (such as the Windows Defender Firewall built into Windows 10) and implement hardening policies to disable services that may be listening for remote requests (such as remote registry and remote desktop).

#2. Anyone can snoop on your Web browsing and traffic on public WiFi

This one is a partial myth. Traffic to regular http:// sites is visible to anyone, but https:// sites are encrypted. This is critical knowledge for workers using public WiFi. To avoid prying eyes, be aware of whether the sites you visit are http:// or https://. On laptops, this is indicated by the presence of a padlock icon in the browser bar. Some browsers will give you a “not secure” message if you visit http:// sites. Pay attention to these indicators and don’t view or type sensitive information on an unencrypted site.

Additionally, some other services are also not secure. FTP and Telnet are two examples where all communication (including passwords) is sent in clear text for anyone willing to listen in to hear.

#3. The only way to work safely on public WiFi is to use a VPN connection.

This statement is widespread, but it’s not true. Using a VPN is an effective way to reduce the security risk of using public WiFi, but it’s not the only way. If a VPN is not required to access internal company servers or applications, it may be redundant since traffic to and from https:// sites is already encrypted. Other security strategies can reduce the attack surface available to hackers and protect devices, even without a VPN. A few of these strategies include reconfiguring vulnerable legacy Windows features and using secure browsers and applications that enforce Transport Layer Security (TLS) for all communications. You should investigate all the available options before deciding the best path for your company.

For Companies

The first step for companies is to establish a clear policy about working with public WiFi. Whatever policy you choose, make sure your employees have what they need to work productively under company best practices. One of the most effective ways to do this is to provide adequate training resources and on-demand help desk support.

If you choose to allow your employees to access the company network and data via public WiFi, make sure company devices are well protected. Managed security patching, a managed software-based firewall, and managed endpoint-based antivirus protection are all essential.

Based on public WiFi security risks, you may choose to disable or restrict access to company systems. If you go this route, make sure to provide your employees with other remote connectivity options such as a VPN, a work-issued hotspot, or reimbursement for the use of their personal phone’s hotspot. When choosing a VPN, make sure to evaluate the pros and cons of options such as full-tunnel vs split-tunnel and make the best choice for your company.

For Employees

First and most importantly, make sure you cooperate with your company’s established best practices. The next step is to do a little research and educate yourself on the most recent expert tips for safely using public WiFi. The recommendations include things like making sure you only visit websites you know are fully encrypted (https:// only), refraining from downloading any new updates or software, and logging out of accounts once you’ve finished what you’re doing. Recommendations are continually changing as the technology evolves, so check frequently to ensure you’re up to date.

Interested in Learning More?

This article should help you figure out if your company is headed in the right direction with its public WiFi policies and precautions, but that’s only one small part of the bigger cybersecurity picture.  If you would like more information, check out our free cybersecurity resources.  Ready to take action?  Book a consult with one of designDATA’s cybersecurity experts today.

How To Protect Your Company From Business Email Compromise

Phishing scams have been around for a long time. You’ve probably received an unexpected email telling you that one of your accounts has been compromised or that one of your friends is stuck in a foreign country and needs you to wire money immediately. Maybe you’ve been notified that you’re being evicted or that your computer antivirus protection needs to be updated.

The emails direct you to click a link to download software or to enter your banking information. If you follow the instructions, you end up with malware on your computer or fraudulent charges on your credit cards. Phishing emails are annoying, but, in most cases, a trained eye can spot the fakes.

Phishing emails often have misspelled words, domains that don’t seem quite right, missing signatures, grammatical mistakes, or other telltale signs that tip you off to the scam. As long as you know what to look for and stay alert, you and your employees can avoid becoming a victim of traditional phishing scams.

What if the usual telltale signs are missing from a phishing email? What if the attack email looks 100% legitimate because it really came from the email account of a person or organization you trust? The chances that you or someone in your company would fall for the trap are much higher. Unfortunately, that’s what happens in a business email compromise, or BEC. This article will help you understand business email compromise and how you can take steps to protect your company.

Understanding Business Email Compromise

According to the FBI, business email compromise schemes resulted in $1.7 billion in losses to companies in 2019 alone. Data from Check Point Research suggests that the numbers for 2020 are even higher, as cybercriminals have taken advantage of the disruption caused by the global pandemic to launch hundreds of thousands of cyber attacks on distracted workers.

A business email compromise happens when a bad actor gains full access to someone else’s email account. There are many ways the attacker can gain this access. They can guess usernames and passwords on a popular email platform like Microsoft 365 or Google Mail or use stolen credentials from a data breach. They can also try tricking an individual through a conventional phishing attack to type their password into a malicious Web site that harvests the password. However it happens, a business email compromise allows a cybercriminal to exploit both the organization that owns the account and other organizations they do business with.

Once an attacker gains access to an email account, they patiently research their targets’ habits, contacts, and email patterns. This allows them to avoid the mistakes that traditionally give away phishing emails. BEC attacks are rarely carried out via mass emails. Instead, malicious cyber actors choose a limited number of targets and work to maximize their profits before they are discovered.

BEC attack emails always look like they’re from a trusted source because they are from that trusted source: They are, from a technology perspective, indistinguishable from legitimate emails, meaning spam filters cannot catch them. The attack email requests that you take action such as paying an invoice, purchasing gift cards, modifying direct deposit information, providing personal information, or opening an attachment. They can be sent to other individuals in the same organization as the compromised account or external parties. They can even intervene in the middle of a legitimate email exchange requesting to modify a transaction you are already approving, such as by changing the account number to send the payments to. The attacker’s goal is generally to profit financially from the email immediately, but some forward-thinking actors may use these attacks to gain information that will let them steal even more valuable data or gain further access to the company network to profit later.

Preventing Business Email Compromise

The best way to mitigate the risks with BEC attacks is to prevent the attacker from gaining access to your users’ email accounts in the first place, which can be accomplished through foundational cybersecurity practices.  The following steps will help keep your network safe from BEC attacks and other schemes.

  • Require employees to use long, unique passwords and to change them frequently. No one likes having to invent strong new passwords, but this simple step is one of the strongest defenses against business email compromise.
  • Implement MultiFactor Authentication and make it mandatory.  MFA requires employees to take extra steps, but the cybersecurity payoff is worth the extra time and effort.
  • Have your users (or your IT staff, with management’s permission) review the automatic rules configured within your users’ email accounts. BEC attackers use these rules to help mask their activities (such as by automatically moving emails from banks to the deleted items folder) or to help gather and steal data (such as by automatically forwarding a copy of any email with the word “invoice” in the subject to an external email address for analysis)
  • Have your IT staff both review and manage email login policies. This can include reviewing logins to look for activity from countries or regions your users are known not to operate out of or to put restrictions in place for locations and times of day that you allow logins to your email system.
  • Train your staff to recognize suspicious emails and avoid sites that impersonate legitimate sites to ask for credentials. Your employees are crucial to defending against BEC, but they’re also a critical vulnerability if they’re not invested in your cybersecurity policies. Take the extra time to ensure that your employees understand why recognizing BEC schemes is essential and how it relates to your company’s overall success and security.

Identifying Business Email Compromise Attacks

While preventing BEC attacks in the first place is always preferred, it may not always be possible. Cybercriminals may find a way around your protections and compromise one of your users’ accounts, or they may compromise the account of an outside party (for which you can’t directly implement cybersecurity policies) and use that outside party to launch BEC attacks against your organization.

BEC attack emails are sophisticated, as the attacker has already invested the time to gain access to an email attack and doesn’t want to give themselves away before they get what they’re after. Employees must be vigilant to help spot these BEC attacks and notify the IT or cybersecurity team immediately if they suspect anything unusual. The following actions will help your workers successfully fend off BEC schemes.

  • Pay attention to the details. BEC email identifiers may include unusual word choices or sentence structure from what the sender typically sounds like.
  • Have verification policies in place. Having requirements like all wire transfers must be verified by at least two people (the requestor plus one other) before being made can stop many BEC attacks in their tracks.
  • Have validation policies in place. Even if your CEO is allowed to authorize writing a check without a second approver, you can still have policies in place to validate the request really came from the CEO. If you get such a request via an email, validate it by having a policy that also requires a voice validation: Call your CEO on the phone to confirm it was really them that issued this request. If you call the sender to validate the request, make sure you call them on a previously-verified phone number, not the one the attacker provided to you in their email signature!
  • Resist requests to bypass your policies. BEC attackers often make their requests (such as wiring money, writing a check) with a sense of urgency or requests for discretion. Be wary if you receive such requests – even if the sender is familiar – as the attacker may be using social pressures to get you to skip your verification and validation steps.
  • Listen to your suspicions. If you suspect a case of business email compromise, take precautions and immediately notify your IT or cybersecurity team so they can take appropriate action.

Take the Next Steps

Cybercriminals continuously devise new ways to attack companies. Business email compromise and other malicious schemes get more sophisticated all the time. You need to stay up to date on the latest cyber attacks and how to defend against them. Take advantage of the excellent free cybersecurity resources available to you. If you have questions or concerns about your current cybersecurity strategy, book a discussion with one of the experts at designDATA to get started.

Closing the Home Office Security Gap

Working from home has long been a favorite dream of many office workers. Recent developments in cloud technology and video conferencing enabled companies to offer part-time or permanent remote options to some workers. Experts predicted this trend would increase, but no one expected a global pandemic to make the dream of working from home a reality for millions.

When COVID hit, companies quickly pivoted to remote operations. No one knew how long the situation would last, and the initial focus was on maintaining worker productivity. The new way of working allowed business to continue, but it came with some challenges, too. Remote work isn’t going away any time soon, and it’s time for companies to get serious about home office security.

img-home-office-security

With new ways of working come new ways for cybercriminals to attack. Hackers and other malicious cyber actors are attacking remote workers with three primary tactics:

Email & phishing scams – Hackers are taking advantage of the COVID-19 crisis to launch phishing attacks through email, texts, and social media. The fraudulent emails are often cleverly disguised as helpful information from company leadership or as requests from the company for personal information. Working in isolation from co-workers makes it harder for employees to discern whether emails about a company’s COVID status or policies are real or fake.

Unsecured wi-fi network infiltration – Devices connected to unprotected home networks are an easy target for cybercriminals. They take advantage of this vulnerability to steal data and passwords and to intercept sensitive messages.

Personal computer hacks – A large percentage of workers admit to using their personal devices for work-related purposes. Employees often transfer company data to personal devices for convenience or other reasons. This makes the data vulnerable to attacks – especially since many people don’t regularly install security updates on their devices, nor do those devices have all of the protective software that a business-owned device would.

What Can Business Leaders do?

Excellent cybersecurity starts with savvy leaders who understand the risks and implement smart policies to keep home offices secure. Here are three policies business leaders can introduce to set their companies up for home office security success.

Disallow the use of personal computers

Make sure all employees have company devices. Set the clear expectation that business data is never to be transferred to or accessed from personal computers. Suppose bring-your-own-device is already part of your culture. In that case, you can work with your IT Team to develop standards that users of personal devices need to adhere to, such as installing the organization’s antivirus or patching tools.

Make sure data is stored securely in business-approved repositories

Many employees have a personal Dropbox or other cloud-based data storage account. They also often store data on their local hard drives. Set up easy-to-use company data repositories and implement policies that prevent workers from using their personal accounts to store and share company data.

Require relevant Cybersecurity Awareness Training

Train employees on relevant security topics such as “how to recognize phishing attacks,” “proper password management,” and “company cybersecurity best practices.” Adequate training resources are available, and leaders should make sure their employees participate regularly.

What Can IT Teams do?

Leaders set cybersecurity policies, but IT Teams make recommendations and do the technical work to implement the policies and procedures that secure company networks and data. Here are four technical strategies IT Teams can use to help employees keep company data safe while working from home.

Use Multi-Factor Authentication (MFA)

Passwords and physical devices are both relatively easy to steal. By requiring more than one form of identification to access company devices and systems, IT Teams can prevent malicious actors from accessing company data. MFA is especially important for controlling access to publicly-accessible services such as Microsoft 365.

Require a VPN connection to access company data & applications

VPNs boost security by providing a secure connection to the company network for remote employees. Employees should only be able to access internal company data and applications through a VPN. Ensure the VPN is configured with network segmentation and profiles, so each department or external vendor account only has access to the servers or devices needed to do the job. For example, a Marketing user’s VPN shouldn’t allow them to ping the Accounting server. Also, an external vendor that uses the VPN to help manage a database application shouldn’t be able to access a File server through the VPN.

Use Remote Monitoring & Management Tools to monitor devices

These tools help IT Teams ensure that all devices being used by employees are up to date on security patches and antivirus updates and allow helpdesk employees to assist remote users with requests directly.

Deploy a business password management tool

Employees are notorious for writing passwords on sticky notes or storing them in files on their desktop. Give workers a more secure and convenient option by providing a business-approved password management tool to help them create strong passwords and keep them organized. Talk to your IT service provider for recommendations.

img-what-can-employees-do

What Can Employees Do?

All the best leaders and most tech-savvy IT Teams in the world can’t secure a home office if the employees don’t cooperate. The following actions will ensure employees do their part to maintain cybersecurity while working remotely.

Protect your home wireless network with a password

This seems simple, but many employees either have open home wireless networks or have never changed the default password. You should set a strong password for your home wi-fi network and make sure not to post it where it can be easily seen.

Cooperate with company policies

Corporate cybersecurity policies about passwords, personal devices, and document storage can seem burdensome or paranoid. These things pose real risks to company data security, and there are real consequences if employees don’t cooperate with the policies. Employees should be diligent in complying with all company cybersecurity policies and best practices.

Be wary of suspicious emails and attachments

Hackers and other cybercriminals often pose as managers or team members in emails, chats or meeting requests. Remote work makes it both more complicated and critical for employees to carefully identify the people they interact with. To maintain home office security, employees must be rigorous about identifying everyone they meet or share company information with.

Want to Learn More?

The steps we’ve described in this article will help you get started securing your employees’ home offices, but there’s a lot more to make sure your company has excellent cybersecurity. If you would like more information, check out our free cybersecurity resources. Ready to take action? Book a Security Assessment with one of designDATA’s cybersecurity experts to get started.

Essentials-Toolkit

Telework Essentials Toolkit

This month, the Cybersecurity & Infrastructure Security Agency (CISA.gov) released an incredibly useful toolkit for organizations concerned about the cybersecurity risks associated with a remote workforce.  This Telework Essentials Toolkit provides practical guidance to Executive Leaders, IT Professionals, and Teleworkers to protect their organizations from cyber-based threats. This guide provides an excellent overview of how to secure your organization’s information assets in a remote world, focusing on:

  • Best practices
  • Vulnerability management
  • Advice on securing a home wireless network
  • Implementing multi-factor authentication
  • Recommendations on organizational policies

Check out the CISA Telework Essentials Toolkit for practical guidance to protect your organization from cyber-based threats.

For individual guidance on these recommendations, help with customized implementations, or a thorough cybersecurity risk assessment, designDATA stands ready to assist organizations wanting to secure their IT environment effectively. Reach out to security@designdata.com, or give us a call at 301-921-6696.

Automate New Employee On-boarding

Automate New Employee On-boarding

Onboarding a new employee can turn into chaos between the number of manual data entries through multiple departments to the cumulative hours to complete the task due to delays in email communications. This process can average out to take 2-3 weeks to complete resulting in the new hire sitting with nothing to do on his first few days.

 

Many organizations have been searching for ways to leverage Microsoft technology within Power platform to alleviate this onboarding chaos.  A short video by Microsoft 365 gives an example of a unique solution using Microsoft Teams and Power Platform to solve a common workflow of onboarding a new employee reducing the process from days to hours. If your HR team is interested in learning more please contact us or your program manager directly.

Productivity with TEAMS Continue to Increase

Productivity with TEAMS Continue to Increase

At the beginning of the pandemic, organizations leaned more on the current technology to collaborate. As shelter-in-place orders grew state to state the use Microsoft technology grew as well.  With the isolation of remote work growing the need for human connection became crucial to business development and the use of video conferencing for meetings increased substantially on Teams. It should be noted that Microsoft has continued to make enhancements and improvements:
  • Custom backgrounds allow you to replace your background in Teams meetings with a new office look anytime.  You can also upload your own custom backgrounds as well. Unique backgrounds have become a spirited competition within designDATA.
  • To make video calls more interactive, the raise hand feature will be available to everyone by the end of the year. It will let meeting participants indicate they have something to say by clicking on a hand-raise icon in the meeting control bar. Academic institutions will probably see this feature first as it rolls out.
  • Meeting organizers can now end a meeting for all participants with the click of the “end meeting “button in the control bar.
  • Later this year, Microsoft will roll-out background noise suppression while in a Teams meeting which uses technology to reduce distracting background noise such as loud typing or a barking dog.

How to Best Manage Passwords

How to Best Manage Passwords

The average person can have nearly 100 passwords (or more!) when combining professional and personal accounts and services. That is a lot to remember! Many often use the same email and password for many (if not all) accounts, so they have less to remember. This is the number one liability for accounts online: password reuse. If a popular streaming service suffers a security breach, you may not be too concerned with someone watching a show on your account. However, if your log in information for this service is the same for your banking or other sensitive accounts, the damage can be much more severe. When sites suffer a breach, the hackers immediately try those credentials on banking, email and other sites to see how many areas they can log into with one password. So, it is vitally important to have a different password for every account. In addition, to be really secure, your passwords should all be at least 15 characters (some cybersecurity analysts recommend 25 characters.) How is it humanly possible to remember up to 100 unique lengthy passwords? It’s not! That’s where password managers come into play. A password manager will become your best friend, because it takes care of three critical tasks for you:
  1. It generates lengthy, complex passwords for each of your accounts or logins
  2. It stores these complex passwords in a digital “vault”
  3. It automatically fills in this complex password every time you log into a site
People often say “I’m already using my Internet browser to save my passwords – isn’t that the same thing?” No! Browsers are designed for us to surf the Internet, and although they can store passwords, it doesn’t mean that your passwords are secure. It also means your passwords would be in one browser, so they wouldn’t be available if you use a different browser. Whereas with a password manager, you could log into your personal vault from any browser, making them much more versatile. What if the Password Manger is compromised? Great question! LastPass has been hacked multiple times, but the number of compromised passwords? ZERO. LastPass encrypts all passwords, so the company never sees your passwords, keeping your passwords secure even if a security incident occurs. To find the best password managers for you, your family, and/or your business, we recommend Googling “Best Password Managers”, and you will see a number of reviews of the top password managers available today. Also, please contact your Program Manager to ensure your organization is enrolled in designDATA’s complimentary Dark Web Scan offering which will notify you if any account in your organization has shown up on the Dark Web. Stay safe out there! by Imran Khan

Book an Apple Support Consult

Enterprise Support for Apple

  • This field is for validation purposes and should be left unchanged.