Some less evident IT warnings when business travel increases

Ensure that the team members that travel are employing MFA, and VPNs

The hackers will act as CEO when the boss is away.

 

Additionally, because so many people post selfies and location data on social media, fraudsters can choose the right moments to play bossfake.

 

When it’s simpler than ever to locate the OOO executive, IT professionals must have verification procedures in place to demonstrate that the boss who is drinking a margarita on a beach and asking for crucial information is, in fact, the boss who is sipping a margarita on a beach and asking for crucial information.

 

According to executives of emerging security trends, they say “always assume bad guys will know if somebody is on travel.”

According to these executives, they say Harry Houdini gave his wife a secret codeword so that anyone claiming to have had touch with the escape artist in the afterlife would have the credentials to back up their claims.

An agreed-upon spoken code can assist a business get out of a fraud situation and verify the connection, whether an executive texts for a wire transfer or a CFO emails for a sales presentation.

An IT professional-familiar travel check list can and should now include a spoken password:

  • ¬†Avoid using free WiFi and utilize VPNs to encrypt your traffic.
  • Implement multi-factor authentication (MFA) to safeguard against any compromised credentials.
  • Keep your devices nearby. Taking an interview from the airport, Doug Saylors, partner at the consulting ISC, noticed an abandoned device and said, “Like literally across from me, there’s a laptop on a table.”

While MFA safeguards access to a lost laptop and VPNs can thwart man-in-the-middle attacks, organizations lost $2.4 billion due to corporate email intrusion.
When a vendor sends an invoice or a CEO asks an assistant to buy gift cards for staff awards, the request looks to be legitimate in a business email compromise (BEC) fraud

 

A “CEO fraud” ring that impersonated executives and asked the accounting department for last-minute wire modifications was busted by Europol in February.

An attacker might generate a false feeling of urgency if a group is aware that the boss is away. Hey, we’ve had to turn this money over to a vendor by midnight, might be the subject of a phishing SMS or email sent to a CFO.

Hou-dun-it? According to the chief experience officer of Sectigo, employees in dubious situations should start the dialogue, not click any links, and go “out-of-band” and beyond the initial communication.

“When someone claiming to be someone you know and trust asks you for money or sensitive information, but the situation seems unique and irregular…The red flags should rise, particularly when they convey a sense of urgency.

Even calling the boss may not be a sufficient guarantee. A late 2022 VMware analysis found that respondents experienced a 13% increase in malicious deepfakes, of which slightly less than half were audio-based.

Encourage staff to phone them, email a Slack, or do the Houdini.

 

Assume that their vacation plans are known, and prepare a plan of action to handle it just in case.

Looking to discuss VPNS and remote working ? Contact the professional IT specialists at ETV Software, Inc. at 903-531-0377


Ransomware Worst Case Scenario

Ransomeware attacks are growing in strength and severity each year. When a ransomware virus hits your business, it encrypts all your files locking them behind a password that only the ransomware's creators know. Modern ransomware will try and shut off your anti-virus programs and will even try and encrypt any files and backups you might have on your company's network. What does a ransomware attack look like in practice? Look no further than the city of Baltimore for a worse case scenario.

On May 7th, Baltimore city computers picked up a ransomware virus which jumped from computer to computer and city department to city department. The first indication of trouble came when the city's email went down unexpectedly. As the virus locked down more and more computers, additional city systems such as payment gateways, water billing, and the city government's internet connected phones went down one after another. Baltimore's Information Technology department was all but powerless to quickly fix the compromised systems. Their only option was to take most of the city's unaffected networks offline to prevent the ransomware from spreading.

Ten days later, with most of Baltimore's government departments shutdown or doing what business they can without the use of their computer systems, there is still no end in sight. In one of his latest statements on the ransomware attack, Baltimore's mayor noted that they hoped to have some government functions back to normal "within a matter of weeks" while some city departments might take months to restore normal. Imagine if your business wasn't going to be able to function for weeks or months.

Fortunately, while large city governments are usually slow to react and take months or years to respond to new threats, you can make sure your business is well protected by taking a few relatively low cost steps:

  1. Make sure you have up-to-date anti-virus on all your computers. Some ransomware will try to disable your anti-virus, but by staying up-to-date, you increase the chances that a ransomware attack is stopped before it ever begins.
  2. Keep your computers and your applications updated. Ransomware, like most viruses, tends to prey on computers and servers running out-of-date software. Both Microsoft and Apple constantly release security updates, as do most serious software companies. Keeping up with security updates can sometimes be even more important than running a good anti-virus program.
  3. Most importantly, make sure that your business is keeping at least a week's worth of off-site, offline backups. By copying your data to a safe location outside of your office space and by keeping those backups separate from your normal network, you greatly increase the chances that you can quickly restore your files even if your office does get hit by a ransomware attack. Off-site backups are also an excellent way to protect your company from physical disasters like fires, water leaks, or damage caused by storms.
  4. If you do get hit by ransomware, call a qualified internet technology company immediately. Some forms of ransomware are easier to recover from than others. Depending on which exact virus found your network, it can even be possible to roll back the attack if you act quickly enough.

If you have questions about ransomware attacks or protecting your business with an automated backup plan, ETV Software can help.