Over the preceding number of years, it wasn’t that surprising to see several tech companies, and even a number of non-tech companies reducing their office space and moving to full or partial remote work setups. Normally considered a major transition, these companies spent months preparing for the switch by training their employees, setting up remote work policies, and ensuring all the necessary infrastructure was in place to deal with the increased exposure to certain types of cybersecurity threats.
That’s pretty much the blueprint for how this sort of change is supposed to be made. Fast forward to March of 2020, and all those old playbooks get tossed out the window. Many companies found themselves with short notice, forced to make the switch practically overnight if they didn’t want to disrupt their relationships with their clients and their staff. They hadn’t had the chance to fully prepare themselves, but their hands were forced and they had to make a move.
In all that tumult, cybercriminals leapt into action, capitalizing while they could on softened networks and a workforce that were looking for answers wherever they could find them. According to the FBI, the daily number of cybersecurity complaints quadrupled from 1,000 to 4,000 during the COVID-19 pandemic. Distributed Denial-of-Service (DDoS), ransomware, malspam and phishing attacks were all ramped up while many businesses were focused solely on keeping their heads above water. It unfortunately left many users as sitting ducks as organizations failed to deploy the resources to secure their newly remote workforce.
In IT, the principle of least privilege (PoLP) refers to the concept that any process, program or user must be provided with only the bare minimum privileges (access or permissions) needed to perform a function. For instance, if a user account has been created for accessing database records, it need not have admin rights. Also, a programmer responsible for updating lines of legacy code can do so without access to the company’s financial records.
PoLP is a cybersecurity best practice and often considered a critical step for protecting privileged access to a businesses’ high-value assets and data (including customer/employee records). Since this principle extends beyond the scope of human access, it is also applicable to systems, applications and connected devices that require certain permissions or privileges to perform a task.
What Least Privilege is Used For
Did you know that two of the most infamous data breaches on record, namely the ones at Home Depot[i] and Target[ii], occurred due to a compromise of their network credentials? In both the cases, hackers used privileged accounts to access critical business data and private records of customers. Taking a cue from these breaches in the past, you need to understand that whoever is looking after your IT must deploy security strategies for users and applications that perform critical functions within the network. It’s not enough to just put up protections to stop cybercriminals from getting in, you must prepare for the eventuality that they might, and limit the harm that each user profile might be capable of doing.
Can you imagine logging into your system to access your business data and being unable to do so? Talk about your worst nightmare coming true!
IT demands have skyrocketed since the onset of Covid-19, often completely overwhelming the capacity of existing teams that typically operate with maximum productivity. Setting up employees to work from home has many technical and security hurdles. Stacking that task on top of regular maintenance and support activities left IT departments grasping at straws, forcing some to deploy insecure workarounds to try and best accommodate business activity under intense time constraints.
This is a re-sharing of an article I created for LinkedIn about a week ago that has only continued to gain more relevance. I hope that as information spreads we can hopefully limit the havoc that these bad-actors continue to unleash.
I'm seeing a lot of phishing emails around COVID-19 / the coronavirus. It's disappointing but expected that cybercriminals know that we are looking for information and answers to guide us through the confusion, anxiety, and uncertainty of what to do next. Be careful not to become a victim of these honed phishing campaigns around some "COVID-19 update" or "current coronavirus news". The last thing a small business needs right now is to lose files or financials to these kind of people, so here are a few quick tips.
1) Be especially wary of emails pretending to be from the CDC, WHO, or other government agencies. Try and find the information by searching for it on their website rather than clicking links emailed to you. Even links that appear valid according to their text may be hyperlinked to a completely different location when followed.
2) Keep an eye out for spelling errors and inconsistencies in the subject line and the from line (or domains that don't look legitimate). Read the entire email address to ensure it's coming from the source you think it is. There are cases of cybercriminals pretending to be internal HR members directing staff to click a link to view updated policies, and are instead directed to a malicious website.
3) Do your homework before donating to a cause. We're at our best when we decide that we will pull together to support each other in trying times, but some will look to take advantage of that instinct.
ArsTechnica put together a great article that's worth a read as well, I've linked to it here. Or better yet, maybe search "ars technica covid 19 phishing" and start practicing Tip #1 now!
Stay safe out there, in every way possible.
Cloud is not going to recede in importance anytime soon.
Have you ever lost data from your personal computer? It can be really annoying as well as time-consuming. But imagine the worry if you lose your data in a disaster, and your business does not even have a recovery plan in place.
Cloud computing is continuing to revolutionize the manufacturing industry. Most early adopters of the cloud in the manufacturing sector say that it plays a huge role in streamlining their operations and being more profitable. But, are you still contemplating whether or not to move your business and operational systems to the cloud?
Yet another kind of social engineering technique that exploits human tendencies – Business Email Compromise (BEC) scams are bothering corporate houses at a vast scale. The attackers send fraudulent emails to the targeted firm and ask employees to make unauthorized bank transfers.
