Some less evident IT warnings when business travel increases
Ensure that the team members that travel are employing MFA, and VPNs
The hackers will act as CEO when the boss is away.
Additionally, because so many people post selfies and location data on social media, fraudsters can choose the right moments to play bossfake.
When it’s simpler than ever to locate the OOO executive, IT professionals must have verification procedures in place to demonstrate that the boss who is drinking a margarita on a beach and asking for crucial information is, in fact, the boss who is sipping a margarita on a beach and asking for crucial information.
According to executives of emerging security trends, they say “always assume bad guys will know if somebody is on travel.”
According to these executives, they say Harry Houdini gave his wife a secret codeword so that anyone claiming to have had touch with the escape artist in the afterlife would have the credentials to back up their claims.
An agreed-upon spoken code can assist a business get out of a fraud situation and verify the connection, whether an executive texts for a wire transfer or a CFO emails for a sales presentation.
An IT professional-familiar travel check list can and should now include a spoken password:
- Avoid using free WiFi and utilize VPNs to encrypt your traffic.
- Implement multi-factor authentication (MFA) to safeguard against any compromised credentials.
- Keep your devices nearby. Taking an interview from the airport, Doug Saylors, partner at the consulting ISC, noticed an abandoned device and said, “Like literally across from me, there’s a laptop on a table.”
While MFA safeguards access to a lost laptop and VPNs can thwart man-in-the-middle attacks, organizations lost $2.4 billion due to corporate email intrusion.
When a vendor sends an invoice or a CEO asks an assistant to buy gift cards for staff awards, the request looks to be legitimate in a business email compromise (BEC) fraud
A “CEO fraud” ring that impersonated executives and asked the accounting department for last-minute wire modifications was busted by Europol in February.
An attacker might generate a false feeling of urgency if a group is aware that the boss is away. Hey, we’ve had to turn this money over to a vendor by midnight, might be the subject of a phishing SMS or email sent to a CFO.
Hou-dun-it? According to the chief experience officer of Sectigo, employees in dubious situations should start the dialogue, not click any links, and go “out-of-band” and beyond the initial communication.
“When someone claiming to be someone you know and trust asks you for money or sensitive information, but the situation seems unique and irregular…The red flags should rise, particularly when they convey a sense of urgency.
Even calling the boss may not be a sufficient guarantee. A late 2022 VMware analysis found that respondents experienced a 13% increase in malicious deepfakes, of which slightly less than half were audio-based.
Encourage staff to phone them, email a Slack, or do the Houdini.
Assume that their vacation plans are known, and prepare a plan of action to handle it just in case.
Looking to discuss VPNS and remote working ? Contact the professional IT specialists at ETV Software, Inc. at 903-531-0377
Does Your IT Team face difficulties and possibilities with data retention management?
Look at your data right away. Take a good, hard look at it.
There are numerous alternatives available to businesses and organizations interested in data retention management, but no definite defining standard. That’s the kind of thing that makes data management specialists sympathetic to teams using their data to make judgments.
The difficulty there is that if something goes wrong you will need everything from your incorporation documents from the beginning of the business, which could be more than 20 years old, to your current contract, and what you [are] supposed to be working on, if something goes wrong, you’re going to need to have records plain in simple.
Divergent opinions. There is no set rule for how long to keep data or why to do so, and businesses and organizations may do so for a variety of reasons.
According to data managers, the retention problem is largely divided between operational and legal considerations. The latter includes a plethora of available signposting as to how long you should be keeping stuff that is unclear. But some fundamentals are included for a reason.
From a financial perspective, you can’t go wrong if you keep critical company data for seven years.
Although seven years isn’t a requirement, it’s a general suggestion that will keep you compliant enough to avoid problems on that side, and keep you on the right side of data risk on the other. Because there isn’t a universally applicable answer.
Because of the expansion of privacy laws and increased public knowledge of privacy issues,this is becoming a more and more complicated space.
Data retention management specialists, whether they are experts or merely employees of IT teams, face issues that are neither exciting nor seductive. They are just the end result of managing a company’s IT requirements on a daily basis. However, if you take a bigger picture into consideration, you’ll see a more complicated picture with multi-layered solutions. When you couple that with the generally lackadaisical attitude many employees have toward IT, disaster may be on the horizon.
Keeping privacy in mind, don’t submit your source code to ChatGPT to determine whether it’s acceptable. People will start providing more data, which will expose their businesses even more.
A higher level of data risk may be required by businesses and organizations with more complex and ambitious aims, which security teams are less likely to accept.
Depending on how product lines are developed or whatever product or service you provide, you might be able to mine that data for certain insights. This could be motivation on the business side of an organization to retain certain data types in the hope that it may serve them well in the future.
However, be cautioned that keeping sensitive data carries hazards. IT teams must categorize the data and weigh the advantages of retaining it against the retention policies. There must always be a balance between the amount of danger that may be accepted and the potential rewards.
Consider this as an opportunity that lies within the data that someone is in possession of. But that chance will always exist only in theory.
Looking to discuss your data management ? Contact the professional data management specialists at ETV Software, Inc. at 903-531-0377
NSA Warns About Microsoft Exchange Flaw as Attacks Start
The NSA warned, via a tweet published on their Twitter account, about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Servers. The tweet reminded users to patch the CVE-2020-0688 vulnerability which allows potential attackers to execute commands using e-mail credentials. Microsoft tagged this patch with an "Exploitation More Likely" exploitability index assessment. Click here
If you need help with your network or Server contact ETV Software.
March 10, 2020
Questions CEOs Should Ask About Cyber Risks
As technology continues to evolve, cyber threats continue to grow in sophistication and complexity.
CEOs should ask the following questions about potential cyber security threats:
- How could cyber security threats affect the different functions of my business?
- What type of critical information could be lost?
- How can my business create long-term resiliency to minimize our cyber security risks?
- What kind of cyber threat information sharing does my business participate in? With whom does my business exchange this information?
- What type of information sharing practices could my business adopt that would help foster community among the different cyber security groups where my business is a member?
For an in depth look at this article https://www.us-cert.gov/ncas/tips/ST18-007
ETV Software, Inc., provides network security and risk assessments to your business. Call or visit us for more information.
Internal I.T. vs External I.T.
Internal I.T. vs External I.T.
There has been a hot debate over whether or not businesses should use agencies for I.T. services. Primarily, the argument always boils down to the scale of business. Granted, the two can and do often coexist. But business owners will often ask themselves, is this entirely necessary?
And the answer is, it depends. As usual.
However, the question could be rephrased to better understand everything that is associated with such a decision. Let’s go through the steps of what a proactive I.T. department should be doing in order to better understand what the answer should be.
1. Supportive Roles
Both internal and external I.T. departments can fulfill this supportive role. Or should be able to. The advantages of an internal I.T. department may be understanding the network framework quicker than an external I.T. agency. The flip side to that point is that managed I.T. service providers typically work with many different industries to provide timely, efficient, service. These type of experts are often more well-rounded and have experience not only working with a network such as your business but also may be able to provide insight into what might work better. This is not to say that it’s entirely necessary to eradicate an internal I.T. department. But it’s always important to get external viewpoints to better optimize your internal system.
2. Knowledge Base
A good I.T. employee will have their certifications in place, will prevent problematic circumstances, and provide consistent reports on network improvements or security flaws. But it’s important to realize that not one, singular, person can realistically know everything that needs to be fixed until it eventually pops up which can drastically hurt your business. Is it that employee’s fault? Of course not! But this is the advantage to having an external I.T. team working with your business. These agency I.T. teams offer a diverse amount of experience and from differing backgrounds to provide a very well-rounded analysis of network threats.
3. Cost
It’s costly for business owners (especially small business owners) to employ a full team of I.T professionals to meet their network needs. This is where the clear winner is the agency or managed I.T. professional services. Typically, managed I.T. professionals get called into the picture when it’s an emergency. This is often the issue with managed I.T. services and why they’re usually expensive. But in the long-run, managed I.T. companies such as ETV Software will offer retainer plans to reduce the initial onset of expenses, even including the ability to have rollover hours at a flat monthly fee. For the cost of 1 employee at 2 weeks of pay, retainer plans allow businesses to have a cheaper alternative than hiring an extra employee – with the added bonus of having a full-service team of professionals at just a phone call away.
At the end of the day, there’s no clear winner. There are benefits to both. And there can be an enormous amount of benefits when both are working in conjunction with each other. As with the rest of the market, it’s all about what your business demands. However, we’re of the persuasion that managed I.T. agencies can provide the most bang for your buck.
Written by Christian Cauthen