Close

Month: April 2020

Dropbox is Not a Remote Access Solution: A COVID-19 Case Study

by
Dropbox is not a remote access solution article feature

The Scenario in Brief

During this challenging time, we all have had to scramble to adjust to a new normal, both on a professional and personal level.

Here is an example of a company that was trying to find their own way to work remotely. This particular customer has a case management suite that links to Dropbox in the office. Their case files and templates link to the cloud, their Dropbox. Our client decided to give all their employees access to Dropbox through their personal home computers.

It was easy.

The employee can work from their home computer, make their edits on Dropbox, and it updates to their case management suite. When we dug deeper, we learned that the computers they are using are shared with other family members.

If ransomware got on this computer from a clicked email that would then infect the locally-stored Dropbox files. This would then sync up to the cloud because Dropbox would not know that the data is compromised. It just sees data. The original data would not be available and the new data would be encrypted and locked.

From a support side, we had servers being backed up in the office, as well as other important folders. The client thought they had a backup, but they did not realize that Dropbox was not being backed up.

Further, the client was not aware that Dropbox stores a local copy of its files on computers that are synced. This means these confidential case client files were available to other family members in the household. To make matters worse, if the machine got infected, the case studies would be readily available to bad actors.

The Solution

We ended up setting up a VPN solution for this client, which allowed them to remote into their desktops. This is a common and easy solution, which gives employees their work environment at home. They now log in to their work computer that already had Dropbox. We uninstalled Dropbox on the unsecured personal computers.

People have this belief that everything that is going to be out in the cloud is going to be safe. Sometimes it is not clear that this “cloud” is just a server sitting somewhere else. The reality is unless you invest in creating backups, or backing it up yourself, it is as susceptible as your hard drive getting ransomware.

Finally, Dropbox has an additional plan that allows data retention for the 30 days. We implemented this as an extra safety measure.

The Lesson

Companies are going to find quick methods to solve their problems. This case study was an easy solution to remote access and our client had no idea they exposed vulnerabilities and security holes. Nothing had gone wrong, so they thought they were safe.

It’s always wise to engage a consultant in cases like this. We were thankful we could help in this regard and prevent what could have been a bad situation.

Malicious Email Appearing to Come from the SBA: A COVID-19 Case Study

by

The Scenario in Brief:

A client of ours forwarded us an email that was slightly suspicious (pictured here in this article). Though it was caught in their Office 365 spam filter it appeared to come from the Small Business Association. Coincidentally over the weekend (like so many others) they had just applied for a business loan. In their own words, they thought it could be a legitimate email. Thankfully they had a security mindset and asked our team if they should open it.

The fact is this very convincing email did contain malware. It also would be difficult to detect for many users.

How can you know this is a dangerous email? We thought we would share what we learned in the likely event others will receive similar emails.

Malicious Email Appearing to come from the Small Business Administration

The Solution – A Break Down of the Email:

Here are some of the factors that made this email more convincing than other phishing or malicious emails:

  • The sender successfully spoofed the Small Business Administration’s email address. This means it appears to come from a valid email.
  • There are no phishing links. Many people are learning to not click on links. (Read our article to learn more.)
  • It looked like a relatively professional email.
  • It came at an appropriate time when the business may be expecting to hear from the Small Business Association.
  • Implicit in the messaging is a huge emotional appeal: Your application is complete, you just need to do one more thing to get the financial relief you are looking for.

Here are some facts that should be a warning to the recipient:

  • The date in the email is the European order Day/Month/Year.
  • The date in the email is incorrect and predates the email itself, making it impossible to process the request.
  • The attachment is a .img file. You would expect such a request to come as a PDF file.
  • The words “endeavor” and “centre” are the British/European version.
  • The language does make sense, including references to vouchers and testing centres.
  • The process is contrary to expectations. You would expect to be working directly with your bank, not the SBA.

The Conclusion

There is no question that this was a malicious email. The end result is not clear, but the goal is to compromise your system. Thankfully spam filters in addition to next generation endpoint protection will often catch such emails. Continue to encourage your team to remain on high alert regarding emails and communication during this time. If you have any questions, don’t hesitate to reach out to us.

Everyone Is Working from Home – Here’s Your Team’s Security Checklist

by
Team Security Checklist Article Feature

Millions of workers have suddenly had to relocate their offices to their homes because of the Coronavirus pandemic. Working from home brings new challenges to the workplace, such as distractions, technology snafus, resource allocation and the big one – cybersecurity. If your team now has to work from home, get them up to speed with this security checklist to keep company data, devices and other information safe from hackers and unauthorized access.

Create a Dedicated Workspace

The first thing remote team members should do right now is to create a dedicated home workspace. At home, there may be lots of distractions, such as pets and children. Setting up a separate area in the home just for remote work may help reduce potential disruptions and keep workers more productive.

Ideally, workers should try to use a spare room as their home office. If that’s not possible, they can turn a bedroom or some other separate area into a temporary workspace. Also, remind family members that the working area should not be used and keep all confidential information protected. Lock work stations when away from work computers.

Separate Work and Personal Devices

Next, remote employees should keep work and personal electronic devices, such as computers and phones, on separate WIFI networks. A guest network can be created to keep the work devices on their own network. WIFI networks should have WPA-2 security and should be hidden. Keeping devices separate helps maintain a more secure digital environment. When possible, use a wired network rather than wireless.

Make certain team members change their default WIFI router passwords and network names. Additionally, staff members should not be using work devices for personal tasks, such as posting to social media, paying bills or shopping online. Nor should they email work information to their personal computers.

Protect Your Passwords

The team needs to also ensure their passwords are strong, complex and secure. Choose multi-factor authentication for more protection wherever possible. Furthermore, it’s never a smart idea to keep passwords saved on a device. Staff members should also keep passwords to themselves and never share them with anyone.

Additionally, use a password vault when possible, but make certain that is implemented by a trusted IT resource.

Verify Information

At times, it may also be wise for remote workers to verify information by telephone. If sensitive information is asked for via email from another team member, employees should take the extra step of verifying the request before sending that information back. Today, more people than ever are victims of sophisticated phishing emails that look and sound similar to their company’s typical communication. Read our article on this subject to learn more.

Stay Away from Public Wireless Networks

Even though many remote workers boast about the flexibility to work almost anywhere, it’s better to stay at home rather than conduct business at cafes and other public spots. Joining a public wireless network while doing work could lead to security breaches and sensitive data transmission.

Update Devices and Software

Another step that all work from home staff should complete is to update all their devices and software with the latest security. Anti-virus software should be a priority and any other patches or firmware updates to the operating system or applications for work should be updated on a regular basis. Outdated operating systems that are no longer supported (such as Windows 7) should be upgraded even on personal computers.

Handling Your Data Securely

Make certain the access to your company’s data is secure, preferably through a full tunnel VPN. Again, use multifactor authentication to access this.

When a team of staff members is all in different locations, there also needs to be a plan for backing up essential data. If an automated system is in place, employees should set aside time each week to back up work files.

Disable Smart Speakers

Having devices such as Alexa and Google Home speakers around the house can be convenient. These devices, however, may listen to and record sensitive business information through conversations. For work conversations, it’s best to disable smart speakers or work in a place at home where these devices can’t hear.

Ask for Help

Finally, employees who are working from home during the Coronavirus crisis may be physically alone, but they aren’t truly on their own. If team members need help or technical assistance, they should consult with the organization’s tech support team. They should never try to diagnose and repair these issues themselves.

If your team needs guidance on how to implement best practices for digital security at home, contact us today. Give your staff members a plan to keep sensitive information and devices protected while they remote work.