The last few weeks have been a big change for everyone. Many people are working from home, and some of those people have children at home with them. Right now, my kids are wandering the house looking for breakfast and prepping for Zoom meetings with their teachers. While I have seen many acts of kindness and compassion during this time, I have also seen attackers take advantage of distracted workers who are trying to balance home and work life.
We have seen an increase in phishing emails that are shockingly good. They are playing on the fears of people working from home. For example, a receptionist who gets an email from the CEO asking to buy gift cards for everyone as a morale booster, might think this sounds great. In the past they would walk down to the CEO’s office and probably ask a question or two. But in today’s climate, without the easy access to the CEO, they might just buy the gift cards and send the information back via email, never realizing this was a phishing scam.
In this time of change, communication via Teams, Slack, etc. is essential to keep the ability to “pop” into someone’s office to ask a question. It is also imperative to implement or continue security awareness training — provide people the tools to be able to spot malicious emails and routinely phish your employees. If someone fails, that is a good thing. You can help that person before a hacker gets them to click on a link. Make it mandatory that they make time to take the trainings. Phishing and training together can really improve your security.
People are the weakest link in the security chain. Thrive’s Anti-Phishing and Security Awareness Training ensures your employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering.
For more information, CONTACT US today!
Has your remote work policy changed in the last month or two? Are more of your employees working from home or at locations that are “untrusted”? The answer is almost certainly a resounding YES! Now more than ever you need to ensure that Two Factor Authentication (2FA) or Multi-Factor Authentication is being used throughout your organization in as many places as possible. Many people are becoming more comfortable with this concept as they are having to perform these same steps to access their personal accounts (banking, Gmail, etc.).
Whether it is accessing your corporate VPN or cloud-based applications such as Office 365, Salesforce, NetSuite, Workday or many others you need to make sure users are required to supply two forms of authentication to access company resources and data. Something they know (username and password) and something they have (a text message with a unique code or an app on their phone that must be clicked to accept the request to connect) are no longer optional in the workplace.
Microsoft has a Multi-Factor Authentication product called Azure Multi-Factor Authentication that can be configured to deliver Two-Factor Authentication four different ways. The Azure Multi-Factor Authentication service can send you a text message with a code that you must provide, call you on a preset phone number and provide you with the number, provide a rotating code on the Microsoft Authenticator smart phone application, or push a pop up message to your smart phone for your approval. Azure Multi Factor Authentication is available as a standalone product and is also included in Azure Active Directory Premium, Enterprise Mobility Suite, and Microsoft 365.
Fortinet also has Two-Factor Authentication capabilities built directly into the FortiGate firewalls. A physical token or a smart phone application can be used to get a rotating code that can be used as the One Time Password when connected to a FortiGate SSL VPN.
In addition to 2FA, geography-based access to your corporate resources should be something that you consider implementing. Allowing someone to connect from any location in the world may not be necessary, when your users should only be coming from certain geographies. If you only operate business in the United States, why not block any connection attempt from international locations? Sure, you may have users that travel internationally from time to time and exceptions can be made as they arise. Reducing your attack surface in as many ways possible is the best course of action to protect your business now and into the future.
If you are interested in learning more about how Two-Factor Authentication or geography based restrictions could better protect your business, CONTACT THRIVE TODAY!
Worldwide issues, such as the recent Heartbleed bug, bring into focus the importance of Internet security. Of course, we have all heard scare stories about the dangers of the world wide web, and in some cases, these can be dismissed as scare stories. However, some of the more rabid reporting on the issue of Internet security shouldn’t disguise the fact that there are real threats out there.
I took a day trip from Boston to Atlanta this week, 6:00am flight, never fun! However, I made things a little easier on myself this trip. Instead of bringing my laptop, I brought my iPad.
iPads are lighter and smaller than laptops, yet big enough to get more work done in comparison to my Blackberry. I was able to check all my emails, view email attachments without a microscope, review the website of the companies I was meeting with, and provide some feedback on a marketing video. And when I was ready to sleep on the plane, I listened to my music (“Lost Boys” soundtrack). (more…)