Skip to content Skip to content
Close
Search
Palitto Consulting Services
  • Home
  • About
    • Company Profile
    • Employment Opportunities
    • Employee Information
    • Community Involvement
    • Alliance Companies
    • Contact Us
  • Services
    • Hardware & Software Consulting
    • Custom Programming & Design
    • Business Consulting
    • LAN / WAN Networking
    • VoIP & Telephony Implementation
    • System & Data Security
    • Maximizing Mitel
  • News

Month: April 2020

Dropbox is Not a Remote Access Solution: A COVID-19 Case Study

April 30, 2020 by Kevin Denee
Dropbox is not a remote access solution article feature

The Scenario in Brief

During this challenging time, we all have had to scramble to adjust to a new normal, both on a professional and personal level.

Here is an example of a company that was trying to find their own way to work remotely. This particular customer has a case management suite that links to Dropbox in the office. Their case files and templates link to the cloud, their Dropbox. Our client decided to give all their employees access to Dropbox through their personal home computers.

It was easy.

The employee can work from their home computer, make their edits on Dropbox, and it updates to their case management suite. When we dug deeper, we learned that the computers they are using are shared with other family members.

If ransomware got on this computer from a clicked email that would then infect the locally-stored Dropbox files. This would then sync up to the cloud because Dropbox would not know that the data is compromised. It just sees data. The original data would not be available and the new data would be encrypted and locked.

From a support side, we had servers being backed up in the office, as well as other important folders. The client thought they had a backup, but they did not realize that Dropbox was not being backed up.

Further, the client was not aware that Dropbox stores a local copy of its files on computers that are synced. This means these confidential case client files were available to other family members in the household. To make matters worse, if the machine got infected, the case studies would be readily available to bad actors.

The Solution

We ended up setting up a VPN solution for this client, which allowed them to remote into their desktops. This is a common and easy solution, which gives employees their work environment at home. They now log in to their work computer that already had Dropbox. We uninstalled Dropbox on the unsecured personal computers.

People have this belief that everything that is going to be out in the cloud is going to be safe. Sometimes it is not clear that this “cloud” is just a server sitting somewhere else. The reality is unless you invest in creating backups, or backing it up yourself, it is as susceptible as your hard drive getting ransomware.

Finally, Dropbox has an additional plan that allows data retention for the 30 days. We implemented this as an extra safety measure.

The Lesson

Companies are going to find quick methods to solve their problems. This case study was an easy solution to remote access and our client had no idea they exposed vulnerabilities and security holes. Nothing had gone wrong, so they thought they were safe.

It’s always wise to engage a consultant in cases like this. We were thankful we could help in this regard and prevent what could have been a bad situation.

Categories Technology and Business News Tags cloud, COVID-19, data protection, data security, remote access

Malicious Email Appearing to Come from the SBA: A COVID-19 Case Study

April 9, 2020April 9, 2020 by Kevin Denee

The Scenario in Brief:

A client of ours forwarded us an email that was slightly suspicious (pictured here in this article). Though it was caught in their Office 365 spam filter it appeared to come from the Small Business Association. Coincidentally over the weekend (like so many others) they had just applied for a business loan. In their own words, they thought it could be a legitimate email. Thankfully they had a security mindset and asked our team if they should open it.

The fact is this very convincing email did contain malware. It also would be difficult to detect for many users.

How can you know this is a dangerous email? We thought we would share what we learned in the likely event others will receive similar emails.

Malicious Email Appearing to come from the Small Business Administration

The Solution – A Break Down of the Email:

Here are some of the factors that made this email more convincing than other phishing or malicious emails:

  • The sender successfully spoofed the Small Business Administration’s email address. This means it appears to come from a valid email.
  • There are no phishing links. Many people are learning to not click on links. (Read our article to learn more.)
  • It looked like a relatively professional email.
  • It came at an appropriate time when the business may be expecting to hear from the Small Business Association.
  • Implicit in the messaging is a huge emotional appeal: Your application is complete, you just need to do one more thing to get the financial relief you are looking for.

Here are some facts that should be a warning to the recipient:

  • The date in the email is the European order Day/Month/Year.
  • The date in the email is incorrect and predates the email itself, making it impossible to process the request.
  • The attachment is a .img file. You would expect such a request to come as a PDF file.
  • The words “endeavor” and “centre” are the British/European version.
  • The language does make sense, including references to vouchers and testing centres.
  • The process is contrary to expectations. You would expect to be working directly with your bank, not the SBA.

The Conclusion

There is no question that this was a malicious email. The end result is not clear, but the goal is to compromise your system. Thankfully spam filters in addition to next generation endpoint protection will often catch such emails. Continue to encourage your team to remain on high alert regarding emails and communication during this time. If you have any questions, don’t hesitate to reach out to us.

Categories Uncategorized

Everyone Is Working from Home – Here’s Your Team’s Security Checklist

April 2, 2020 by Heidi Gal
Team Security Checklist Article Feature

Millions of workers have suddenly had to relocate their offices to their homes because of the Coronavirus pandemic. Working from home brings new challenges to the workplace, such as distractions, technology snafus, resource allocation and the big one – cybersecurity. If your team now has to work from home, get them up to speed with this security checklist to keep company data, devices and other information safe from hackers and unauthorized access.

Create a Dedicated Workspace

The first thing remote team members should do right now is to create a dedicated home workspace. At home, there may be lots of distractions, such as pets and children. Setting up a separate area in the home just for remote work may help reduce potential disruptions and keep workers more productive.

Ideally, workers should try to use a spare room as their home office. If that’s not possible, they can turn a bedroom or some other separate area into a temporary workspace. Also, remind family members that the working area should not be used and keep all confidential information protected. Lock work stations when away from work computers.

Separate Work and Personal Devices

Next, remote employees should keep work and personal electronic devices, such as computers and phones, on separate WIFI networks. A guest network can be created to keep the work devices on their own network. WIFI networks should have WPA-2 security and should be hidden. Keeping devices separate helps maintain a more secure digital environment. When possible, use a wired network rather than wireless.

Make certain team members change their default WIFI router passwords and network names. Additionally, staff members should not be using work devices for personal tasks, such as posting to social media, paying bills or shopping online. Nor should they email work information to their personal computers.

Protect Your Passwords

The team needs to also ensure their passwords are strong, complex and secure. Choose multi-factor authentication for more protection wherever possible. Furthermore, it’s never a smart idea to keep passwords saved on a device. Staff members should also keep passwords to themselves and never share them with anyone.

Additionally, use a password vault when possible, but make certain that is implemented by a trusted IT resource.

Verify Information

At times, it may also be wise for remote workers to verify information by telephone. If sensitive information is asked for via email from another team member, employees should take the extra step of verifying the request before sending that information back. Today, more people than ever are victims of sophisticated phishing emails that look and sound similar to their company’s typical communication. Read our article on this subject to learn more.

Stay Away from Public Wireless Networks

Even though many remote workers boast about the flexibility to work almost anywhere, it’s better to stay at home rather than conduct business at cafes and other public spots. Joining a public wireless network while doing work could lead to security breaches and sensitive data transmission.

Update Devices and Software

Another step that all work from home staff should complete is to update all their devices and software with the latest security. Anti-virus software should be a priority and any other patches or firmware updates to the operating system or applications for work should be updated on a regular basis. Outdated operating systems that are no longer supported (such as Windows 7) should be upgraded even on personal computers.

Handling Your Data Securely

Make certain the access to your company’s data is secure, preferably through a full tunnel VPN. Again, use multifactor authentication to access this.

When a team of staff members is all in different locations, there also needs to be a plan for backing up essential data. If an automated system is in place, employees should set aside time each week to back up work files.

Disable Smart Speakers

Having devices such as Alexa and Google Home speakers around the house can be convenient. These devices, however, may listen to and record sensitive business information through conversations. For work conversations, it’s best to disable smart speakers or work in a place at home where these devices can’t hear.

Ask for Help

Finally, employees who are working from home during the Coronavirus crisis may be physically alone, but they aren’t truly on their own. If team members need help or technical assistance, they should consult with the organization’s tech support team. They should never try to diagnose and repair these issues themselves.

If your team needs guidance on how to implement best practices for digital security at home, contact us today. Give your staff members a plan to keep sensitive information and devices protected while they remote work.

Categories Uncategorized

Recent Posts

  • “Aunt Kate” Retires after 17 Years at PCS
  • Trent Gasser Obtains Firewall Certification
  • Ben Zelei Speaks about Cyber Security on Podcast
  • Javan Miller Acquires Several Certifications
  • Palitto Consulting in Top 20 IT Services Firms in Northeast Ohio

Recent Comments

    Archives

    • November 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • June 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • November 2020
    • October 2020
    • July 2020
    • June 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • June 2019
    • April 2019
    • March 2019
    • February 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • September 2017
    • August 2017
    • May 2017
    • April 2017
    • December 2016
    • March 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • July 2015
    • June 2015
    • May 2015
    • February 2015
    • November 2014
    • October 2014
    • July 2014
    • June 2014
    • March 2014
    • February 2014
    • January 2014
    • December 2013
    • October 2013
    • September 2013
    • August 2013
    • July 2013
    • June 2013
    • May 2013
    • April 2013
    • March 2013
    • February 2013
    • January 2013
    • December 2012
    • November 2012
    • October 2012
    • September 2012
    • August 2012
    • July 2012
    • June 2012
    • May 2012
    • April 2012
    • March 2012
    • February 2012
    • January 2012
    • December 2011
    • November 2011
    • October 2011
    • September 2011
    • August 2011
    • February 2011
    • January 2011
    • December 2010
    • November 2010
    • September 2010
    • July 2010
    • June 2010
    • March 2010
    • February 2010
    • January 2010
    • December 2009
    • October 2009
    • September 2009
    • August 2009
    • January 2008
    • August 2007
    • March 2007
    • January 2007
    • November 2006
    • September 2006
    • August 2006
    • July 2006
    • May 2006
    • March 2006
    • February 2006
    • January 2006
    • December 2005
    • October 2005
    • September 2005

    Categories

    • Technology and Business News
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Palitto Consulting Services

    150 Main Street
    Wadsworth, OH 44281
    P: 330.335.7271
    F: 330.335.7275
    Email Us
    Location Map

    Copyright © 2023 Palitto Consulting

    Content

    • Home
    • About
    • Services
    • News
    • Privacy Policy
    • Terms & Conditions
    • Maximizing Mitel

    Recent News

    • “Aunt Kate” Retires after 17 Years at PCS
    • Trent Gasser Obtains Firewall Certification
    • Ben Zelei Speaks about Cyber Security on Podcast
    • Javan Miller Acquires Several Certifications
    • Palitto Consulting in Top 20 IT Services Firms in Northeast Ohio
    Microsoft Gold Partner Logo International Association of Microsoft Channel Partners Logo Better Business Bureau Accredited Business Logo