Cyber attacks have doubled over the last 12 months as workforces around the globe moved to a distributed or remote working model. Now communication that would usually take place inside a corporate network is being conducted outside the existing security measures and frequently over third party platforms. The pandemic has presented cyber criminals with the perfect opportunity to exploit unprotected systems to access sensitive data. Many phishing attempts are related to the virus or now more so the vaccine in an attempt to allure people to click on a malicious link. And all are financially motivated.
Often phishing attempts utilise domain names that a user is familiar with which lulls the user into a false sense of security as they recognise the company or organisation that the email appears to be coming from.
If you are managing a remote team here are some steps you can take to prevent an employee falling for a phishing attempt.
Improve Email Security
Preventing suspicious emails from reaching staff inboxes is an effective way of minimising the risk of cyber attack. There is some level of security included in a standard M365 licence that can block span and standard phishing attacks but for truly reliable email security it is best to adopt a layered approach. Consider a solution from a dedicated cyber security provider such as Fortinet. Their Fortimail solution delivers advanced multi-layered protection against the full spectrum of email threats. Talk to an IT Service Provider who partners with Fortinet to learn more about this solution.
Utilise Web filtering
Web filtering involves preventing a browser from loading suspicious urls or webpages. So in the event that an employee clicks on a link in an email that connects to a suspicious url your web filter will prevent that site from loading. Your IT Services Provider will be able to set up web filtering for you adding another layer to your defence mechanisms.
2FA or Two factor Authentication is a simple step that can be used in the fight against cyber crime. Most users will be familiar with 2FA in some form as many banks and internet services such as payment platforms utilise it. 2FA involves inputting unique user information to prove your identity. Sometimes it’s in the form of a code that is sent by SMS to your mobile number. Or it could be your finger print or a piece of information such as your mother’s maiden name. 2FA is a form of identity management and means that access to systems is not purely reliant on passwords as passwords can be easily stolen or guessed. Again your IT provider can help set up 2FA across all users especially those who are working outside the security of the office firewall.
Adopt Patch Management
Patch management process involves identifying and deploying updates or patches to a variety of endpoints including PCs, laptops, mobile devices and servers. Automated Patch Management Solutions mean that known vulnerabilities are dealt with in a timely and effective way, reducing resource time by automatically updating endpoints as patches become available. An IT Services Provider will be able to advise you on Patch Management.
Engage in User Training
Email remains the dominant vector for entry for cyber criminals. And user error remains the number one issue in the fight against preventing cybercrime. The more savvy your employees are the more protection your business will enjoy. Cyber Security training is necessary for all employees at all levels. Even the boss can fall for phishing attempts. Online cyber security training is a great way to reach employees who are based remotely.
Watch out for Keyloggers
Keyloggers, also known as spyware, are a type of software that is designed to record keystrokes and are one of the oldest forms of cyber threat. Keyloggers are used to steal personal or financial information such as bank details. Some types of keyloggers especially those on mobile devices can record calls, messages and GPS locations. Many keyloggers now come with ransomware that can be activated at the attacker’s discretion.
Your IT Provider will be able to advise you on the best security measures for your business. There is no silver bullet when it comes to adequate IT security. The most effective approach is a multi-layered one that combines a variety of mechanisms to deliver robust cybersecurity to your business. With remote working looking set to stay in some capacity for many businesses and cyber crime at it’s most prevalent now is the time to act.
Talk to your IT Services Provider or contact us for an IT Security review.
Multi Factor Authentication (MFA) also known as Two factor Authentication (2FA) is one of the key measures to protecting home or remote workers from cyber attack. Many businesses were ill prepared for the sudden move of significant portions of their staff to a remote working environment. Their infrastructure was not designed to support remote staff. In the rush to move people to home working cybersecurity tended to get overlooked.
What is MFA?
Multi factor Authentication is a security system that requires a user to identify their identity using multiple credentials. It requires a user to provide 2 or more verification factors to gain access to a resource like an application, VPN or an online account. Rather than just providing a username and password MFA requires the input of one or several additional pieces of information – often a numeric code sent by SMS or/and a fingerprint scan – to enable access.
Why is MFA Advisable?
Passwords can be fraudulently attained, MFA increases security in the event that a hacker gets hold of a username and password rendering their attempts ineffective. This significantly reduces the likelihood of a cyber criminal gaining access.
How Does MFA Work?
With MFA a user is required to enter additional information to confirm their identity. This additional piece of information (factor) is unique to them and known only by them. If a criminal attempts to gain access to an account using a stolen username and password they will be denied entry without this additional piece of information.
Types of Authentication
The most common MFA factor used is a One Time Password (OTP) which is a 4 to 8 digit code usually received by SMS or email or generated by a smartphone app. A new code is generated periodically or each time a request for authentication is submitted. Other factors include biometrics like fingerprint or voice recognition or something you possess like an access badge or fob or a piece of information such as an answer to previously submitted security questions.
MFA during COVID 19
With the increase in use of cloud technology and workers accessing accounts remotely MFA is more important now than ever. Additional security is needed to ensure that hackers are not able to access systems. MFA can help prevent bad actors gaining access by prompting for additional authentication factors that are difficult for imitators to produce. This in turn significantly reduces the frequency of unlawful access.
MFA for Microsoft 365
Many cloud operating systems such as AWS and M365 have their own MFA offerings. However it is critical that MFA is deployed correctly and this requires expertise. If your business for example has more granular sign-in security needs, conditional access policies give more control. Risk base conditional access can also be configured. To be sure that MFA works as best it can for your business it is best to consult with an IT Services company. Their experts will ensure that all the features available to you are utilised and mapped to your business’s operational needs. They will also advise if additional measures should be taken.
Get in touch with us and we can ensure that MFA is switched on and properly configured for your business. Learn more about HCS IT Security services.
We were delighted to receive the SME PARTNER OF THE YEAR AWARD for Security from Exertis Ireland and Fortinet Ireland. It has been a challenging year in many ways and to have the hard work of the HSC team recognised by our partners is much appreciated. We have worked closely with Exertis and Fortinet on several Security projects this year. We look forward to more in 2021 and to hopefully celebrating our joint success together in person.
Thanks again to all the team at HCS, EXERTIS and FORTINET. Below is Dan Hegarty, Director accepting the award.
Organisations are rapidly adopting digital innovation (DI) initiatives which often involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organisation’s footprint to new branch locations. More recently the move to a remote and distributed workforce has meant some organisations have had to rapidly adapt their infrastructure.
With an evolving infrastructure comes security risks. Organisations must cope with growing attack surfaces, advanced threats, increased infrastructure complexity, and an expanding regulatory landscape.
On Wednesday Nov 18th at 12pm we will be hosting a webinar with our partner Fortinet who are the world’s leading IT provider of Enterprise Security Solutions. In this webinar we will explore how The Fortinet Security Fabric enables desired DI outcomes while effectively managing risks and minimising complexities.
Last few places available. Book a seat here https://buff.ly/3pjteeg
Dan Hegarty, HCS Director was interviewed by The Business Post on why businesses must make security a matter of undivided attention. Dan explains how HCS, as Ireland’s leading Select Partner for Fortinet, delivers not only world class security solutions but the expertise to build on every deployment to make the most of the right technologies for different situations.
In his article Dan suggests that for organisations looking to respond to evolving challenges effectively, there can be a financial barrier to invest in professionals with security skillsets. Managed services can offer an alternative route to achieving comprehensive security, compared with the need to invest in individuals.
“Covid-19 has seen businesses face a steep learning curve to secure productivity and that extends to providingscalability for growth in an unusual time. Providers like HCS are well-positioned in the industry to address these evolving needs.”
To read Dan’s article click here.
Learn more about our Security Solutions and Services and Contact Us to speak to one of our team.