Communication and Security Are Key to Prolonging Business Prosperity

Tue, 26 May 2020 21:13:17 Z

In the current climate, where many have shifted to working from home, collaboration software platforms have very quickly become the cornerstone of everyday life in business. Communication is vital for any team to succeed, and even more so when working remotely, meaning video conferencing apps and collaboration software platforms are facing increased usage. However, some platforms are starting to crack under the pressure of being used more frequently and by more people than ever before. Security incidents are becoming more common – resulting in distrust and uncertainty from the user community, who don’t know how vulnerable these systems are.

Cybercriminals see a golden opportunity in the current situation and seek to use new tactics to compromise private information. They exploit collaboration applications like Zoom to capture user credentials. Threat actors hijack the chat window available within these applications and entice users to click on phishing links through which login details can be stolen. There is then potential for an organisation’s network to be infiltrated and more damage to be caused with ransomware, data breaches, or credentials to be sold on the dark web.

Whilst IT and security teams are already stretched in these unprecedented times – trying to do more with fewer resources – they must not neglect the importance of securing collaboration software platforms. Adopting a layered approach to security and implementing multiple defensive measures is critical to secure the network. This is especially true now since IT professionals are facing the added risks of a remote workforce. The foundation of this approach is patching as part of a robust vulnerability management program.

The workforce is the core of any business, so a layered approach to security should also take employees and their actions into account. IT and security teams should ensure their workforce has a thorough understanding of any IT security risks and how to minimise them. The parameters should be especially clear while they are working remotely to ensure there are no weak links. This includes reminding employees that, despite working from home and potentially using their own devices, the cyber-risks remain the same and so they should take just as many precautions – if not more – as they would working on their office computer. With clear policies in place it is more likely employees will follow the rules.

Whilst businesses can take precautions to defend their network from the inside out, vendors and partners have access as insiders to the corporate infrastructure. Therefore, it is important to follow an audit framework that allows for a rigorous review of the mechanisms made available by the vendor to preserve and protect privacy while using the programme. Partners should also be reviewed to ensure they are following key security protocols and their software is kept up-to-date.

This period of remote working looks set to continue and businesses simply can’t afford for security vigilance to decrease as time goes on. IT and security teams need to stay on top of their game to help businesses through this unprecedented crisis.

6 Tips to Help Curb University Cyber Attacks

Mon, 16 Sep 2019 20:43:00 Z

Universities have become popular hacking targets, joining the ranks of other top targets like finance (Capital One, Equifax), retail (Target), manufacturing and transportation.

Hackers are demanding ransomware payments, crippling entire education computer operations and capturing extensive personal data, violating the privacy of students and staff.

The issue of education sector cyberattacks moved further up in the international consciousness recently when Louisiana Gov. John Bel Edwards declared a state of emergency in response to three school districts crippled by malware attacks, which shut down phone systems and locked data.

The motivation for these attacks range from ransoming the normal workflow of a university to selling hijacked student identities. Regardless of the motivation, like other public sectors, education is now, more than ever, on cybercriminals’ radar and will continue to be one of the popular targets.

Stepping Up Cyber Attack Defences

Just keeping up with the myriad attack versions and new threats coming every day burdens universities who are already struggling to keep pace with rapidly changing technology advancements, let alone cybercriminals. In crafting a more effective defence, educational institutions have a dual challenge: executing all the risk mitigation defences that any organisation must-have in today’s cyber environment and then layering the unique aspect of student populations with their own set of user expectations.

Here are practices that can help reduce risk yet maintain a productive user experience for students and staff alike.

1. Tighten up on administrative privileges.

Cybercriminals love penetrating networks in which administrator privileges are used everywhere. Effective malware and ransomware defence demand privileges are granted only to staff that truly require them to do their job.

A university, for example, can remove full admin rights and then selectively elevate just the privileges a user needs to do their job. Ideally, an educational institution would implement technology that not only centrally manages credentials and grants granular rights, but enables staff to self-serve access as needed, based on their work function.

2. Educate employees on constant vigilance.

Some of the most costly ransomware attacks are caused by simple acts of opening email or clicking on a website. Cybercriminals are adept at employing social engineering tools that look non-threatening and encourage students and/or staff to click through links in fraudulent emails. Even tech-savvy users can fall prey, no one is exempt from too quickly opening a potentially dangerous email.

Unfortunately, basic education will not suffice to fight cybercriminals. IT staff needs to put a continuing education program in place that accomplishes two objectives: keep staff and students up to date on new cyber attack trends and introduce new employees to the universities approach to fighting cyber attacks. In addition to education, all staff and students can take phishing tests, or drills in which they click on links and receive feedback as to whether they just clicked through to a potential malware occurrence.

3. Engage students to become part of the cyber defence team.

The current generation of students is the most mobile-device friendly ever. Whether using a phone, iPad or traditional laptop, worrying about the university’s security is rarely top of mind for them. Just as IT can help train and encourage staff to be more cyber-diligent, IT can work with teachers and administrators to help students understand data breaches can affect them personally and can cause great harm to their peers and their university.

Secondly, administrators are already using social media platforms like Facebook and Twitter to regularly communicate about university news and events. Reminders about tactics like pop-ups linking to dangerous websites, or opening texts that are not from recognised senders, can be posted for students. This gives universities two key communication channels for furthering threat prevention.

4. Stay current on all application updates.

Executing critical patches and updates is essential to prevent new attacks. It should be a top priority of IT staff and cover third party applications as well as operating systems. Microsoft regularly publishes patch updates. IT needs to flag the ones of critical nature and ensure they are accomplished.

5. Be diligent about third-party vendor risk.

If your vendors and sub-contractors have less than optimum security protocols in place, they expose the university itself, and the student population to considerable risk. Third-party risk assessments must be done for suppliers that have access to university and student data to make certain their operations meet the standards of good threat prevention.

6. Consider specific cyber insurance.

Educational organisations are increasingly adding cyber-attack coverage to their insurance policies, driven by the trend toward ransomware. Administrators and finance staff need to examine the costs of this type of coverage, weighing it against the cost of restoring operations from a system lockdown and/or privacy breach, and determine what is the appropriate level.

Keeping the issue of cyber-attacks in front of all parties – admin, IT, staff and students – is an essential step in helping to prevent costly disruption to university operations and strengthen defences against a data privacy breach.

Combining better engagement with improved security practices will help to minimise a universities threat landscape. Being aware of third-party suppliers’ approach to data security is an important part of a complete data protection strategy. Within the university’s infrastructure, consistent, up-to-date patching and tighter access controls are a relatively economical means of adding more layers of data protection, compared to the millions of dollars of potential recovery costs after an attack.

Ivanti Blog: Posts by