Forget email.

You can now communicate and collaborate with co-workers, colleagues, and other people for free with several different apps. As much of the workforce is working from home now or maybe even a self-quarantine has been established, it’s easy to start feeling isolated. Here are our three suggestions for staying connected even from your kitchen table, er, “home office”.  And, don’t forget, if you use your computer (over your cellular phone) then you will need a webcam with microphone.

MICROSOFT TEAMS

If you have a Microsoft Office 365 account, then you have access to use a Business Teams for free! You can install this on your computer as well as your phones making it accessible and easy to use from anywhere. This is a fantastic resource that allows you to do a multitude of things across your business with all of your team: 

• Chat in Groups: Create one for each department as well as a General one for everyone. 

• Start a Live Virtual Meeting: Normal Tuesday meeting? Setup a virtual one and invite everyone through Teams for a video meeting. 

• Start a Private Chat: Only want to talk to Karen? Send her a direct chat message.

• You can also attach files from your computer, send photos, post a gif.

• It also has integrated apps that you can install like Trello or Asana.

ZOOM

Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as offices and classrooms. This is a great option for Medical Offices trying to get telemedicine started pretty quickly.

Zoom offers a full-featured Basic Plan for free with unlimited meetings; however, it’s online only with no options to dial in for the free version. Your Basic plan has a 40 minutes time limit on meetings with three or more total participants.

MARCO POLO

How about something fun on the personal side? Marco Polo is a call-and-response video messaging app made for your phones. This is great to group chat with all your cousins across the country. Send a video message and they watch it when they are available. Often referred to as the video walkie-talkie, it’s fun and super easy to use.  It does have silly filters to use and you can also sent likes and hearts as you watch others’ Polos. 

Many workers in the U.S. are calling home their office for the next several weeks as the Coronavirus spreads. If working from home is part of your company’s plan, the time is now to think about protecting devices you or your staff will use in their home.

Enter cyber hygiene.

We recommend arming your employees with the basics of work-from-home security. These include:

• Remote workers should have access to a virtual private network (VPN)

• Two-factor or multi-factor authentication should be enabled for all devices and accounts

• Advise employees to secure their at-home Internet connection and turn off and unplug work devices when not in use

• Alert employees to possible email scams and never click on links, especially those related to COVID-19 they may receive unsolicted

• Remain up-to-date on all security patches

• Don’t mix work and personal devices

COVID-19 PHISHING

It’s very important during this time to stress to your team not to overlook the importance of watching what emails are opened and what links are clicked. Be very wary of opening emails with information regarding COVID-19 as attackers are using this as an easy-in since it’s such a hot topic. Go one step further and encourage staff to only get their news from trusted sources such as the television, radio or legitimate news websites. There is no reason to read an email or click on a link regarding this topic no matter how tempting it may seem. There is an excess of information available elsewhere.

The last thing you need during a pandemic is backlash over a data breach or worse, ransomware.

RANSOMWARE PREVENTION

A TALE OF TWO SCHOOLS

Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans. 

The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.

School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier.  Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.

The University of Maastricht, The Netherlands

School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase. 

LESSONS LEARNED?

The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes. 

 TODD’S TAKE ON THE RECOVERY:

After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data. 

summary:

• Be sure to have a good backup in place;

• Cyber insurance is a great idea;

• Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting. 

 WANT TO TALK?

Want to talk to our Chief Information Security Officer about a better strategy for your business?

READ THE ARTICLE BY SC MAGAZINE NOW

PHISHING WITH OFFICE 365 SPOOFS

You are probably familiar with the phishing scams that attempt to get you to share your Office 365 password with the criminals, via a fake Office 365 logon page. Well, there is a new twist you need to make everyone aware of in your organization.

The lure used in this new phishing scam is nothing new; typical social engineering trying to get you to do something you should not do. What is unique is the method used to gain access to your Office 365 organization. Below we explain how the criminals are trying to get access to your information through Office 365.

SPOT A SCAM

Like a lot of these scams, you’ll be presented with a logon page for Office 365 like this one (right), which is the right Microsoft Office 365 logon page, not a fake one:

After you login, or if you were already logged into Office 365 (many people stay logged in), you’ll then see this permissions request pop up (image left). THIS IS THE BAD GUYS asking you to allow them access to everything in Office 365 account!!!

STAY ALERT

Careful attention to the things you are being asked to allow access to should trigger an alarm bell. While this is an actual function in Office 365 that has legitimate uses, if you are casually checking emails and this pops-up, immediately stop what you are doing and alert your cybersecurity team or IT department. This technique abuses the add-ins feature of office 365.

Currently, this phishing exploit appears to be coming in via spoofed sender emails with One Drive attachments. However, there is no reason that the delivery method won’t change to other techniques eventually. The emails are like traditional phishing emails, usually from a spoofed sender. Some email filters will probably catch these before anyone receives them. Security-aware people who know how to spot phishing messages probably won’t fall for this one if they stay alert!

Today’s history lesson comes from Wired, who did a really interesting piece last year on the Notpetya cyber attack that targeted the Ukraine, but led to billions of dollars in collateral damage. And really, the story isn't even really about Ukraine or other companies. The story is truly about a nation-state’s weapon of war that was released in such a medium that it knew no borders. The collateral damage didn’t just affect it’s intended victim, but crossed over everywhere at once. It’s a warning to businesses like yours and mine to be prepared for the worst. You may not be the original intended target, but if you don’t take active precautions then you could easily be taken down like so many other companies and countries mentioned in the following story.

SUMMARY OF NOTPETYA CYBER ATTACK

For four or five years, Ukraine and Russia have been in an undeclared war that has killed more than 10,000 Ukranians. The conflict is so bad that Ukraine has become a testing ground for Russian cyberwar tactics. They have penetrated networks, hacked governmental organizations and companies as well as media outlets to railway firms. They’ve even gone as far as causing widespread power outages.

During this time unbeknownst to anyone, Russian military hackers hijacked Linkos Group company’s update servers to give them a hidden back door into the thousands of PCs around the country and the world. Then they waited…and in June 2017, the Russian saboteurs used the back door they had setup and released a piece of malware called ­NotPetya, their most vicious cyberweapon yet.

The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately.

“To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze Not­Petya. “By the second you saw it, your data center was already gone.”

Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft.

READ THE FULL STORY: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ 

FOUR LESSONS FOR EVERY BUSINESS FROM NOTPETYA

A number of mistakes, oversights, and criminal acts went into making this attack successful. You’ll also no doubt want to take a look at how something similar might impact you and what steps you can take to protect yourself. There are a lot of takeaways in this story, but here are four very important ones that apply to every business that utilizes computers in running their business: 

1. Enforce utilizing only approved software - Maersk would not have been impacted had ONE finance executive not installed an accounting application on his computer. This stresses the importance of creating and sticking to approved software lists within your organization. Now, this one may have been approved – the story doesn’t say, but in this interconnected world, one mistake can cost a lot.

2. Patch management of the operating systems and applications - Cyber criminals can infect computers that aren’t patched, and then grab the password from those computers to infect other computers that are patched. Patching was lackluster at best and was a known vulnerability that could have been corrected, but wasn’t.

3. Backups, backups, backups - Maersk got lucky by finding one domain controller that wasn’t infected as they had no backups – they depended on replicas saving their day, and in this case, I supposed it did, but only because of a power outage isolating one network out of hundreds.

4. Know your risks and have mitigation plans - Understand that you can do almost everything right and still be impacted – so understand your risks and have mitigation plans for your most critical processes. 

Bonus – Vendor risk management. You can do everything right, but if the firms who provide your cloud applications, websites, even IT services are vulnerable, then you must understand that their risks are your risks. Be sure to include these vendors in your overall risk management program and see how they address their risks so you can make informed decisions.

CLOSING

RealTime specializes in helping businesses with complete technology solutions, backups, cyber protections and mitigation plans, vulnerability assessments and more. If you don’t have a plan in place, contact RealTime to begin the process of protecting your business. Feel free to contact us here or call us at (334) 678-1417.