Security, MFA, and the Impact of the End-User

One of the biggest liabilities to a company’s security starts at the frontline – surprisingly not with your IT, but your employees. It is reported that 99 percent of cloud security failures will be caused by human error or behavior. It is vital to recognize the importance of protecting company data by educating your frontline.

As a Managed Services provider, we are here to help you along your path of learning to be security conscious. It is important for us today to cover key tips for known issues should you run into them.

User Access & Device Security

The ability to work remotely has increased more and more due to COVID-19 and the flexible culture shift, providing even more points of access that need to be protected. Hackers do not solely target desktops, laptops and PCs, they can also access your data via your tablet, smartphones as well as other mobile devices. Companies can no longer rely upon an employee being physically on the same network as a security factor.

  • Secure non-domain joined devices connecting to your company network and data by using MFA Authentication and VPN Settings. As businesses move their data to a cloud environment that can be accessed anytime and from any place, MFA can ensure your personal and financial information has a second layer of defence outside of your company network. Employees also need to be wary of network connections they decide to use working remotely. At public places with WIFI or hotspot access, there is always a risk of tapped networks. Control the data exchange over your network by encouraging employees to use only trusted network connections. If in doubt, have a VPN installed for your remote uses to connect to your network.
  • Never approve a MFA Authorization Request that you did not prompt for. Treat your Microsoft or Google Authentication App as the gateway to all your personal and company data. If a ‘MFA Approval Request’ has been prompted and you did not request it, MFA is doing its job and someone else is trying to access your data. Deny or decline the request!
  • Lock your device before you leave your desk. Sadly, security threats are not confined to just cyber attacks. Stop people accessing your information when you’re away from you desk.
    • Windows: Hold the Windows key and press the ‘L’ key.
    • Mac: Press Control + Shift + Eject (or Power key) at the same time.
  • Never use obvious information to set up passwords, use a ‘passphrase’ instead. Please read our article ‘What are Passphrase Passwords?‘ for more information.

Social Engineering Attacks and Phishing

Social engineering attacks rely on unsuspecting users to bypass security protocols in order to access valuable data and resources. Firewalls, email filters and malware protection software are some of the key tools used to help secure data being transferred over network. These tools however won’t fix user-caused security issues, that’s where user training comes in.

7 signs to check if you’re being ‘phished’:
  1. “From” line – Ever seen an email from someone you thought you knew and then was like “Oh, you’re not my friend Mandy…”. Hackers know you’re more likely to trust an email from someone you know. Always pay close attention to the sender email address.
    • Example: peter@abtechnologies.com.au vs peter@abtechnologes.com.au. The second email address is missing the “i” to appear legitimate.
  2. “To” line – Check if the email you’ve received has additional unknown people also attached. Hackers try to target as many people as they can.
  3. Hyperlinks – Check if the embedded link matches what the text relays by hovering over it before you click. Only click links from a trusted sources.
  4. Time – Do you usually receive an invoice from an accounts department around 2am? Always pay attention to what time you have received emails, especially around the holiday season. Hackers are out to get your financial information increasingly during these times.
  5. Attachments – In addition to checking the time of emails, do not open attachments that you’re not expecting. These may contain some sort of virus or malware to compromise your system’s security.
  6. Subject – Have you won a $1 million dollars recently? Or possibly an invoice that needs urgent payment now? Hackers try to real you in with various tactics that alert you to take action immediately. If ever in doubt, validate the source of the email with a phone call before you take any action further.
  7. Content – Again, hackers try to real you in with various tactics that alert you to take action immediately. Never provide personal details without validating the source first.

Don’t click! If you believe that you’re being phished, inform your MSP or IT Team via our support channels!

How can we help protect you?

The security landscape continually changes. New vulnerabilities and threats are discovered all the time. It is important for you to know that you can rely on ABT to protect you as well as possible.

It is a little bit like protecting your home. 100% guaranteed security is impossible, but if you take all the recommended precautions (lock all your doors and windows with proper locks, have a working alarm system (or a noisy dog) and leave a light on if you go away for a while) you may just have enough deterrent for someone with bad intentions to skip your house.

Data and Information security is no different. Some of the mitigation strategies you can use are:

  • Ensure Multi-Factor authentication is enabled and use it.
  • Have a strong password that you do not use in multiple places.
  • Let us manage Microsoft Windows Updates on your workstation so it is kept up to date.
  • Always make sure an email is from a trustworthy sender.
  • Never click on a link in an email asking you to log in to something.
  • Make sure your important data is always backed up.
  • Limit the third party and internal administrative accounts on your network.
  • Use a VPN (Virtual Private Network) to connect to the office when you work remotely.
  • Do not use public Wi-Fi when you are connecting to company resources.
  • Stay away from “Social Logins”, for example where Facebook allows you to log in to a service giving the service access to your data and email.
  • Use a password manager to store all your credentials, rather than saving them in your browser.
  • Limit revealing personal info on social media. The posts where people share their first concert, favourite restaurant, the name of their pet and where they met their significant other may be interesting to see for their friends, but it also provides data that can be used to access accounts.

Our security specialists can assist you with performing an extensive security audit on your systems to reveal vulnerabilities you probably were not aware of. Preventing information breaches to occur is better than going through the very costly remediation and restoration required after a breach.