Empower Your Business: 10 Next-Gen Cloud Security Best Practices

Empower Your Business: 10 Next-Gen Cloud Security Best Practices

The growing adoption of cloud services by small businesses has brought numerous benefits, including increased efficiency, cost savings when compared to the on-premises server and network setup, and improved collaboration (particularly involving workers who are operating remotely). However, it has also introduced new cloud security challenges. Ensuring that your cloud service provider’s cybersecurity is sufficient to meet modern threats is critical to safeguarding your business’s data, reputation, and operations. (more…)

The Ultimate Guide: 9 Pillars of an Effective Remote Work Policy

The Ultimate Guide: 9 Pillars of an Effective Remote Work Policy

Despite the best efforts by big corporations and office-space real estate owners and investors, remote working is likely to remain at least a significant part of the economy for the foreseeable future. Not only do employees get to avoid things like commute times, increased wear and tear on personal vehicles, and the hassles of keeping and maintaining business/professional attire at all times, but businesses have regularly reportedsignificant improvement in efficiency and output as a result.

As an aside, I would also like to personally call out any executive who cries that showing up to an office is critical for morale and team building. These are the same people who, for the past 10 years, have ignored every single impact and efficiency study in existence when making their decisions to move to an “open office” environment, which was solely about reducing business expenses. Any executive willing to endure the precipitous loss in productivity and dramatic increase in sexual harassment that came along with the “open office” setup should be prohibited from actually requiring anyone to show up to work in those cavernous nightmare spaces.

Even before the pandemic, remote work had become increasingly popular. Given that it’s not going anywhere – even if you require your employees to show up in person, flexibility should always be the name of the game – it’s important to have a remote working policy in place to ensure that your employees are productive, safe, and secure while working from home. (more…)

Two Frightening Zero-Day Exploits to Make Sure You Never Sleep Again

zero-day

How bad can a zero-day exploit get? As it turns out, pretty freaking terrible.

Zero-day exploits are vulnerabilities in applications, firmware, and operating systems that are exploited before even the original developer of the targeted platform is aware of the problem. As such, the problem can be exploited before any fix can even be created, much less distributed.

These exploits can then be used to do any number of things, depending on their nature. Some zero-days only allow basic access to systems with limited importance and no actionable intelligence. Others, well, they can be both critically important and disturbingly insidious. As far as the “importance” part goes, you’re talking about command and control; complete access to an ecosystem. But it’s the “insidious” part that makes the topic for today particularly interesting.

These two zero-day exploits do not require the victim to do anything for the attack to succeed. No link to click on, no image to download. All that needs to happen is for the cybercriminal to initiate the attack, and there’s nothing you can do about it.

How do you know if you’re vulnerable? Check out the podcast to find out. (FYI, one of the vulnerable systems is currently installed in a significant number of cars worldwide right now.)

For more information, resources, and a full transcript of this episode, check out the original post.

5 Things You Need to Know about the T-Mobile Data Breach and SIM Swapping

sim swapping

The recent T-Mobile data breach(es) was one of the largest in history, affecting over 50 million customers. The hackers were able to access customers’ names, dates of birth, social security numbers, and other sensitive information. Most importantly, the hackers got away with the entire dataset that T-Mobile had for most of those customers.

The result is that those customers are now at a significantly greater risk of being the victim of what’s known as a SIM Swapping attack.

SIM Swapping involves convincing a mobile phone carrier to transfer a victim’s phone number to a new SIM card controlled by the attacker. This fraud is usually accomplished by being able to provide to the carrier answers to questions about personal information that the carrier then checks against the information in its dataset. This type of attack (generally) relies not on the security readiness of the individual, but on weaknesses in the mobile phone industry to gain access to your phone number.

Once the attacker has control of the phone number, they can use it to access the victim’s accounts and steal their money. It’s a particularly dangerous attack if the person relies on their phone as an element of any multi-factor authentication, especially via text message (SMS).

In this episode, we discuss:

  • What is “SIM Swapping,” and how can it be used against you;
  • Why the T-Mobile data breach(es) are so concerning;
  • The need for mobile phone companies to improve their security measures to prevent SIM swapping attacks; and
  • The steps we can all take to limit the effectiveness of this type of attack.

For more information, resources, and a transcript of this episode, check out the original post.

Why Business Email Compromise is the Cyber Criminal’s Most Devastating Weapon

business email compromise

You’ve probably heard stories like this one before: A person in a business is supposed to send a wire transfer to another business. They receive an email at the last minute, often with a panicked tone, making an urgent request – their primary bank account is unavailable, so the money will need to be sent to a different bank.

The email is from a recognized email address. It looks like their emails (with all the right typos and grammatical mistakes), and even “sounds” like them. The panicked tone and urgent demand put the reader into emergency mode – changes will have to be made quickly to get this transfer done on time. Both management and the receiving company will likely appreciate the hard work.

The money is sent, but later that day a representative from the other company calls asking about the money. It was never received. Because the new wiring instructions caused the funds to be sent to an account controlled by a hacker. And absent a miracle, it’s gone.

The email looked right. It even felt right. But it wasn’t. It was sent by a hacker. It was the result of a Business Email Compromise.

In this episode, we discuss:

  • What is a Business Email Compromise;
  • What can a hacker who gains access to a business email account do with it;
  • Why BEC scams have become so common and so lucrative; and
  • How can you protect yourself against these insidious, relentless attacks?

For more information, resources, and a full transcript of this episode, check out the original post.

The Best Multi-Factor Authentication Setup to Immediately Improve Your Security [Podcast]

multi-factor authentication

Proving who you are is the primary goal of most cybersecurity systems. The best way to accomplish that task is through Multi-Factor Authentication.

The primary purpose of cybersecurity systems is to protect data from those who are not authorized to get it. Therefore, the very first thing any cybersecurity system does is make sure that you are who you say you are.

The authentication process has evolved over time, from basic login information to complex passwords, and now includes authentication apps and biometrics. However, to best protect your authentication system, it’s important to rely on more than one method.

Multi-Factor Authentication takes advantage of different methods of authentication to limit the likelihood that a bad actor can penetrate your systems. Some systems are better than others, though. How does your process measure up?

In this episode, we discuss:

  • The three types of authentication that Multi-Factor Authentication relies on – something you know, something you have, and something you are;
  • What types of authentication are presently available to use, and which categories they fall under;
  • Which authentication methods are more secure than others; and
  • Where multi-factor authentication, while important, is not sufficient alone to protect you from cyber threats.

For more information, resources, and a complete transcript of this episode, check out the original post.

Pin It on Pinterest