Blog

top feature image

COVID-19 What Can We Learn?

We are still a long way away from understanding the full impact that COVID-19 will have on the world. It’s touched every aspect of society and continues to generate more aggressive and unprecedented responses from world leaders. We all know this so why am I writing this blog? Because the scope and impact of this deadly virus could have been significantly reduced or avoided if we had just listened to the experts and acted swiftly. Information trickles in daily and it feels like we are building our response plan on the fly and to make matters worse, people are choosing how they want to respond.

Highly infectious viruses and diseases have been spreading uncontrollably across the human population for thousands of years. It’s even got an official definition in Websters dictionary!

Pandemic noun pan·dem·ic | \ pan-ˈde-mik  \

Definition of pandemic : an outbreak of a disease that occurs over a wide geographic area and affects an exceptionally high proportion of the population : a pandemic outbreak of a disease

So why, in 2020, do we find ourselves at the mercy of one of the deadliest and widest spread viruses in modern history? Experts such as Dr. Michael Osterholm wrote a book in 2017 titled “Deadliest Enemy” that predicted that something like this was imminent. We should have learned from recent outbreaks like SARS (2002-4), MERS (2012), and Ebola(2014) to create an effective and robust incident response plan that could be called upon to address an outbreak like COVID-19. An incident response plan should address: Preparation, Identification, Containment, Eradication, Recovery and Lesson’s Learned.

Preparation – Do we have a team ready to deal with an outbreak (pandemic)? Can we provide enough access to proper medical facilities? Can we quickly mobilize a team of experts that are properly trained to deal with such situations?

Identification – Can we recognize early enough that we have a really bad situation brewing and is there a clear escalation path? Can we properly preserve evidence and artifacts, so the experts have appropriate information to work with as soon as they are called to action?

Containment – Once the expert recognize that we have a serious situation on our hands (which can be done quite quickly if steps 1 and 2 are well defined), do we have processes and procedures in place to contain the virus and prevent the spread?

Eradication – Can we treat the virus and keep people healthy? As we’ve seen, finding medical cures can take months or years to develop and people that are predisposed to certain health conditions like lung infections may not be treatable but performing the first 3 steps of the response plan properly will limit the number of people impacted.  

Recovery – What steps are necessary to ensure the outbreak is 100% controlled and when can we start taking steps to restore everything back to the way it was before this all happened? If you control the impact and severity, you reduce the recovery implications.

Lessons Learned – No plan is perfect, and no 2 incidents are the same. There are always learning lessons that can be applied to any situation to get better and improve. I’m sure that once we get this COVID-19 virus under control, we go back to life as it was and don’t invest enough time and effort on how we can do better next time. This would explain why, despite going through this several times in the past decade, we find ourselves glued to the new feeds to find out what decisions the WHO and world leaders are coming up with on a daily and hourly basis.

Does it sound like these steps would work to help us address an outbreak like COVID-19? It should, it’s been working for computer viruses since the early 70’s. So why aren’t we using this pragmatic and common-sense approach to human viruses? People! Not because COVID-19 is a human virus, but because people tend to think that something like this won’t happen to them and are reluctant to take appropriate actions. I’m sure the WHO is doing all of this and more, but they can’t execute properly if people aren’t listening to their instructions and cooperating. You see it all over the news and social media; people in North America stating they are glad not to be in Italy or China. Well guess what folks, I’m sure Italians were saying they were glad not to be in China at one point too!!!

As I sit at home in isolation writing this blog, I get passionate about this topic because I see it all the time in my line of work. Cybersecurity has all the same human hindrances as this pandemic. I don’t want to make this about cyber, but I do want to get the word out that people need to step up and be part of the solution. This isn’t a Chinese, Italian or Iranian problem to fix. This pandemic is our problem to fix. We all need to listen to the experts, act swiftly and do what’s right for the greater good.

Advice from the WHO (https://www.who.int/emergencies/diseases/novel-coronavirus-2019/advice-for-public):

  • Wash your hands,
  • Maintain social distancing
  • Avoid touching eyes, nose and mouth,
  • Seek medical advice early if you display the symptoms

We need to “flatten the curve” and get this situation under control. Then we can start talking about why you need to protect your business data. 😊

Dream Technology Solutions

top feature image

Protect Your Business from Coronavirus (Covid-19)

Cybersecurity Risk Planning

First and foremost, Dream Technology Solutions recognizes the impact this ruthless virus is having on people around the world and we would like to send sincere condolences to the friends and families of those that have succumbed to Covid-19.  This article is not intended to overshadow the struggles, in any way, that are going on in every community. Our intention is to educate the business community about the learning lessons that can come from such a terrible situation.

Could a good cybersecurity program help to protect your business from a pandemic like Covid-19? Having a well thought out Disaster Recovery (DR) and Business Continuity Plan (BCP) can help your business survive almost anything, including a global pandemic. Businesses are being advised to allow their staff to work from home to prevent the spread of the virus. Unfortunately, many businesses are not designed to support this mode of operation. Their only option is to suspend work until the lockdown is over. This will have a huge impact to the business community and financial ramifications that will go on for months and perhaps years to come. If every business has a proper cybersecurity and risk management program in place, this ask would be much easier to accommodate and far less impactful.  

If we look at the basic concepts of cybersecurity, we need to break it down into its 3 primary components: Confidentiality, Integrity and Availability.

By definition (in simplified form):

Confidentiality – Limit access to information

Integrity – Assure that the information is trustworthy and accurate

Availability – Guarantee reliable access to the information by authorized people

While all of these are important and core to a good cybersecurity program, this article will focus on the concept of Availability. Availability isn’t just keeping your business systems up and running; they need to be accessible to authorized users under any circumstances. We all know the havoc ransomware is posing by taking down business systems by encrypting critical files but who would have thought that the spread of a human virus would create an unprecedented system accessibility problem that IT staff would have to overcome? A good cybersecurity plan should consider all scenarios no matter how unlikely it may seem at the time – Northeast Blackout 2003, 9/11, numerous natural disasters and now Covid-19.

Many companies are turning to cloud solutions to address this accessibility challenge. Typically, if you have a computer that has internet access, you are good to go and can work from anywhere (well almost). If you are one of the lucky businesses that have all your critical systems in the cloud, staff can work seamlessly from home and you are probably going to survive this pandemic without missing a beat (if not for the dependencies on others). For the companies that have a more traditional IT environment, the lockdown brought on by Covid-19 could be disastrous to your business!

Moving systems to the cloud isn’t the answer for every company and there may be good reasons that this isn’t an appropriate option for your business. So, what should you do? Your Disaster Recovery (DR) and Business Continuity Plan (BCP) will be a little more complicated but must contain provisions for scenarios like the current pandemic. Any good plan must start with a worst-case scenario, and it needs to be WORST CASE. I often read DR and BCP plans that assume a server goes down or a system becomes unavailable for an extended period but that simply isn’t good enough. That may suffice to prevent minor disruptions, but I bet those companies wish they took a broader look at their planning now! Expect the worst and plan for it because you can’t adjust your plan after the disaster hits!

What would you have done if there was a gas leak in your building and people were denied access? What about an earthquake that took out the infrastructure preventing people from coming in to work or school? These seem like much easier scenarios to build a plan around, but we’ve had plenty of warning signs that something big like this pandemic was coming –  SARS, MERS, Ebola, the Zika virus, swine flu… So why are so many people caught off guard and trying to figure it out now?

If you have a good Business Continuity Plan, now would be a good time to break it out and focus on your provisions for working from remote locations. If you don’t have this in place, there are options available that are easy to implement and can help provide secure remote access for the time being. Be careful, pragmatic and always continue to practice good cyber hygiene.

I do not endorse any of these products, but I feel like leaving you hanging may cause more damage than good. If you need to let your staff work remotely and don’t have the capabilities to do this today, investigate the following, or similar solutions:

TeamViewer

LogMeIn

Zoho Assist

Connectwise Control

RemotePC

Again, I do not sell or endorse any of these products but the last thing we need happening is to have people unknowingly exposing remote access using unprotected methods that would create gaping security holes. Something like this pandemic does not provide an excuse for anyone to get compromised because they felt they had to let their guard down to keep their business running. You have a responsibility under all circumstances to protect your company data. Don’t forget, the bad actors know what’s going on and see this as an opportunity to strike while companies are at their most vulnerable.

The experts at Dream Technology Solutions are here to help in any way we can. This article is about the importance of a good cybersecurity program and if we all make this a priority, we can keep our staff healthy, happy and support our vital business community.

Contact us:

info@dream-techs.com

top feature image

Make Lemonade out of Lemons

While it’s true that the provincial and federal governments are stepping up to help those in need by offering some generous relief funding, we all know that it isn’t going to cover much. Everyone is going to feel the financial effects of COVID-19 for weeks and months ahead. For the small business owner, it can be a real concern trying to figure out how to pay the bills when you’ve been asked to close your doors indefinitely. Now is not the time to sit on your hands and panic. It’s the time to get creative and build new capabilities into your business.

Many of us are stuck in our old school ways, and why not, it’s worked so far. But has it? Have we been missing out on opportunities by being complacent in our ability to adapt? The lockdown being mandated to prevent the spread of COVID-19 is just forcing us to look at our business in new ways. Those that sit back and wait for this to end will fall behind those that look at this as a new opportunity. We need to look at our business through a new lens and figure out a new way to deliver our services.

We know that we can’t do anything about social distancing and people must be able to work from home. We also know the same constraints apply to the consumer so how can we overcome these challenges? Technology is likely going to play a big factor and budget constraints are clearly top of mind for everyone. Here are some cheap ideas and consideration that might help you think about new ways of delivering your services and building new capabilities into your business that you can leverage beyond COVID-19.

Work from Anywhere – This is almost an expectation of the modern workforce. Certainly, it is for those jobs that don’t require you to be physically present to perform your duties. There are several solutions that are available for free on small scale or have extended trials available to accommodate remote workers during the current lockdown. This is a capability that should be part of any business and if nothing else should be something that you’ve invested in to help you through the current crisis and will benefit from after this is all over. Look into simple and secure solutions like TeamViewer, RemotePC or ConnectWise to get connected right away.

Collaboration Tools – Online collaboration tools are not meant to replace face to face meetings, they supplement them. Video conferences are the next best thing when people can’t get together in the same room. Solutions like Teams, Hangouts, Zoom, Slack, and Webex are meant to solve specific problems like time, distance and communications.  You no longer need to find a time in everyone’s calendar where they are free, in the office and you have a room available. Using a video collaboration tool lets you start a meeting on short notice, add users on the fly and they can join from anywhere on any device. Most of these tools also include virtual meeting rooms and chat so you can continue to collaborate well after the meeting has ended.

File Sharing – SharePoint Online or Google Drives are a good way share information. These tools also allow multiple people to collaborate on the same doc at the same time. This is a great way to share ideas and collaborate on group presentations. The best part of this is you can always maintain access controls over your information. People still email around documents to multiple people and then have the onerous task of trying to merge them together in the end. As well, once you send your document via email, you lose control over who can see it or share it. Keep it in your SharePoint or Google Drives and only allow people access that need access. You’ll love this once you get the hang of it.

Modernized Website – Your website is your virtual access to your business. There are some simple solutions that add functionality to your website that can dramatically improve your online customer experience. What are the common things that people walk into your business for and I bet you can replicate most of it online? I remember when realtors thought that open houses and scheduled walk-throughs were the only way to sell a house. Now people can do virtual walk-throughs from the comfort of their own home and get most of the experience of the open house and its far more efficient. Get creative and talk to the experts at SVICE and Shopify to convert your old website into your new online store front.

I do not endorse any of these products and there are many more that I didn’t mention. The point of this blog is to emphasize that now is the time to look and ways to modernize your business and leverage technology to deliver your services in new ways. If you do this now, you will create new business capabilities that will help you through the difficult times and they will propel you past your competition once things get back to “normal”.

Please don’t forget that any time you introduce new technology you introduce new risks so stay on top of your cybersecurity program to safely and securely adopt these new technologies.

When life hits you with a basket full of lemons, you might as well start making some lemonade!… or something like that! 🙂

Dream Technology Solutions

top feature image

Working from Home

 Things to consider…

I’ve been getting quite a few requests about setting companies up to support the “Work from Home” program that most companies are doing to reduce the spread of Covid-19. This is a fantastic way for all of us to help the cause and stop the spread of this nasty virus. While we do this, lets make sure that we understand the new risks being introduced and don’t let good intentions turn into a big problem.

Top 6 things to consider when implementing a work from home policy:

  1. End Point Protection on home machines

You probably have corporate standard end point protection on all company machines but now you may be opening the door to unprotected devices. Depending on the type of access that you are allowing will dictate what you need to consider. If you are setting up your users with direct VPN access, you will have to be more vigilant over what protection these home computers have. If you are using a 3rd party remote desktop solution like TeamViewer, your exposure is far less. In this case, the home computer does not have direct access to your corporate network and therefore presents low risk of introducing malware or unauthorized access.

2. Remind people of your Acceptable Use Policy

People may not be used to working from home and it does introduce a few distractions that aren’t around at the office. It’s a good idea to remind everyone about your Acceptable Use Policy and to ensure they are accessing systems and working in the same manner as they would at the office. Don’t forget, people are often the weakest link in your cyber defense and the distraction of working from home could lead to human error and this is the #1 cause of data breaches!

3. Make sure providing remote access does not increase risk

Assuming the people factor has been addressed, make sure your technical solutions for remote access meet your cybersecurity standards. There are many ways to allow a user to access your network from remote locations but not all are secure. I have seen IT staff open remote desktop ports to allow users easy access to their network. This is also an easy way for bad actors to access your network. Ransomware attackers are constantly scanning for open RDP ports and targeting anything listening on well-known port numbers like 3389. Changing ports doesn’t fool them so keep your guard up and your network secure.

4. Add security with 2 Factor Authentication

Many remote access solution offer and additional layer of security by including 2 factors authentication. This improves your access security by doing a double check on your authentication. You require at least 2 of 3 things to gain authorization: Something you know (password), Something you have (a token such as SMS to your phone), or Something you are (biometrics like a fingerprint). Adding security is always a good thing and many of the remote solutions have this included as part of their service offering. If it’s available, use it!

5. Use up to date VPN solutions

Using a VPN client to encrypt traffic to and from your corporate network is always advised. If this is something that hasn’t been used in a while, make sure the software is up to date. There have been many vulnerabilities identified in VPN software so dusting off an old VPN client still may work but may not be your best option. Make sure any VPN software/solutions being used are fully supported and up to date with their security patches.

6. Shut things down and clean up when this is all over

I think we all hope that this is going to be a short-term solution to a bad problem. Remote access should only be enabled as needed and where possible set remote accounts to expire after a given period. No doubt there will be some cleanup to do once things return to normal so be diligent about making sure you leave things better and more secure than before. I’m sure everyone is practicing good cyber practices and part of that would be to disable remote access once it is no longer needed.

In general, everyone should be reminded that while we go through this difficult time, the criminals are using this as an opportunity. Ransomware and phishing emails being masked as critical Covid-19 information have been flooding the internet. The bad actors manipulate human behavior and emotions to trick you into getting what they want. Do not fall for any of this and delete any unsolicited emails and texts. If you want information on Covid-19, do your own research and only go to reputable web sites. Be safe and continue to be diligent about practicing good cyber hygiene.

If you need help, contact Dream Technology Solutions:

support@dream-techs.com

top feature image

SMBs Losing the Cyber Battle

Small and Medium Businesses are face a growing cybersecurity problem that isn’t going away on its own!

We live in a difficult time for business owners. With the added complexity of IT systems and the increase in criminal activity, it can be difficult to know how to secure your business or even where to start. Large enterprises are way ahead and have been taking proactive measures to upgrade their cyber defense for many years (likely because they were the primary target from the onset of cyber-crime). Due the rapid increase in malicious activity, SMBs are lagging way behind on their cybersecurity capabilities and quickly becoming the popular target for bad actors.

People that know me, know that I love stats, facts and figures. While some may say that stats can be made up or biased, they still tell a story and start the right conversations. With that in mind, I’d like to share some stats that I hope will get you thinking about how you are protecting your business today and asking the right questions about whether or not you are doing enough to protect your company data from breaches or damage.

Did you know:

You can, and should, fact check this information but the one that really seems out of place is the last one. If the above information is correct, then shouldn’t this indicate that small and medium sized businesses are being targeted? This is probably the number one response I get when speaking with SMB owners that haven’t engaged in building a cybersecurity program – “we are too small to worry about it” or “we don’t have anything they (the bad actors) would want”. The other common response is “my MSP (or IT staff) take care of my computers and have my security covered”… but do they? This is exactly what the criminals want you to believe and why the target has shifted from large enterprises to SMBs.

Hopefully by the time you get to this part of the blog, you’ve already checked a few of my facts and did a little more fact finding of your own. SMBs are the target for cyber-crime and you need to take steps to avoid contributing to the 43% that fall victim. Clearly the methods being used to protect SMBs today are not adequate to protect against the complexities of the current IT environment and the sophistication of the attacks being launched by the cyber criminals. We are losing the battle resulting in a growing number of business owners losing their dream and innocent victims having their private information stolen and sold on the dark web for malicious and fraudulent purposes.

What can you do about it?

Consult a cybersecurity expert.

This shouldn’t be viewed as a trust issue with your current IT staff or MSP. They are doing a great job of what they were employed to do. Cybersecurity has evolved so rapidly that traditional IT methods are no longer effective in keeping the bad guys at bay. Traditional IT is still great at keeping day to day operations up and running but it falls well short of effectively detecting and safeguarding against modern attacks. A cybersecurity consultant can work with you and your team to identify where you are doing a good job and where you may have gaps and how to address them.

For many SMBs, the elephant in the room is the perceived costs of cybersecurity. The truth of the matter is that it is far less expensive to prevent a breach than it is to recover from one. In many cases, there is an opportunity to streamline processes and technology to the point that you can achieve savings. Simplicity is the partner of cybersecurity so reducing risks while reducing costs is a realistic goal of a good cybersecurity program.

Contact Dream Technology Solutions today for a free consultation and find out more about the current trends in cyber and what you can do about it.

top feature image

Cyber Insurance Readiness Assessment

What is Cyber Insurance?

Like Auto or Home Insurance, cyber insurance protects a business against damage caused by cyber-attacks. A security breach can become very costly and Cyber Insurance is a way to mitigate this risk by transferring the liability to a 3rd party.

Do I need Cyber Insurance?

If you process payments online, store customer or employee data, or use cloud systems to store company information, you need Cyber Insurance.

Do I Qualify for Cyber Insurance?

The bigger question is are you doing enough to protect your business against a cyber-attack? If you take this very real threat to heart and implement processes and technology to protect your business, then you will most likely qualify for Cyber Insurance.   Dream Technology Solutions can help you determine if you qualify for Insurance with our Cyber Insurance Readiness Assessment. 

What is a Cyber Insurance Readiness Assessment?

A Cyber Insurance Readiness Assessment is an in-depth review of your ability to protect your information assets against relevant threats.

Cyber Insurance doesn’t eliminate the need to have a good cybersecurity program in place, it supplements it. Insurance companies will determine your eligibility, coverage and rates based on several factors such as:

  • Existing Business Continuity and Disaster Recovery Plan
  • Effective firewalls, access controls and security procedures
  • Use of encryption to protect sensitive information
  • Secure use of cloud services

How does it work?

Dream Technology Solutions will work with your key stakeholders to evaluate your current cybersecurity posture. We compare your current practices to industry best practices and Cyber Insurance requirements to provide an informative and detailed report that you own.  It’s a quick and cost-effective way to help you protect your business and save you money by securing the best insurance rates and coverage possible for your company.

What do you get?

You will get a professionally prepared document that will report our findings. The document will include:

  • Where you meet Cyber Insurance requirements
  • Where there are gaps that need to be addressed in order to get Cyber Insurance
  • Recommendations to help you address any Cybersecurity gaps that need to be addressed beyond obtaining Cyber Insurance

Dream Technology Solutions is a local, experienced, knowledgeable and professional service provider that can help you qualify for the Cyber Insurance coverage you need at the best rates.

All of this for a fixed rate of $1,500

Contact us today to find out how we can help with your cyber insurance needs.

top feature image

Cybersecurity Risk Management

Modern businesses tend to rely heavily on technology to support their day to day activities and provide competitive advantages. Leveraging technology to gain the upper hand can be a great decision but it can create some additional risks that must be properly managed. Adopting a good cybersecurity risk management program will help you methodically identify and model risks so you can safely and securely exploit digital technologies.

There are 3 main principles of a cybersecurity risk management program: Risk Analysis, Risk Assessment and Risk Mitigation. Risk Analysis is the process by which you identify and analyze all the potential threats and analysing how vulnerable your organization is to these threats. Once you identify which risks are relevant to your business, a Risk Assessment focuses on the risks that both internal and external threats pose to your data availability, confidentiality, and integrity. Once you’ve analyzed your risks and assessed their potential impact, you can then build a Risk Mitigation strategy to prepare for and lessen the effects of these threats to your business. There are 4 strategies to mitigate risks: Avoid, Reduce, Transfer and Assume.

Avoid

Some risks just aren’t worth taking on at all. There are many situations that could have associated risks that far outweigh the potential gain. In these cases, it makes the most sense to change your plans completely and avoid taking on such activities. Suppose you were starting up a white-water rafting company and couldn’t afford enough lifejackets for all your explorers. Would you selectively hand out the lifejackets to just the clumsy ones because they are the most likely to go for a swim? In the cyber world, this would be equivalent to starting an online store without a proper web application firewall. Although you may get away with it for a while, you just shouldn’t do it!

Reduce/Minimize

To reduce the risk does not necessarily mean to eliminate the risk. When asked, many people view all risks as bad and you should avoid taking on any risk. However, not taking any risk may mean losing out on opportunities and preventing you from maximizing your gains. You don’t want to eliminate all risk; you want to reduce the risk to a level that is acceptable to senior management and aligned you’re your company goals. This is considered residual risk and exists in every business. For example, if you are in the lending business, you wouldn’t lend money to people without first doing a credit check. Again, to draw a parallel to the cyber world, this would be like allowing any computer on your network without first validating patch levels and end point protection. This would expose you to all kinds of unwanted threats and increasing your risk to unacceptable levels.

Transfer

A growing trend in risk mitigation is to transfer the risk to a 3rd party via contract or policy. As companies rely more and more on contractors and vendors, transferring the risk and liability is becoming a more common scenario. Examples are outsourcing your cyber security program to a Managed Security Service Provider (MSSP) and purchasing Cyber Insurance from an insurance company. With all the breaches hitting the news on a regular basis and countless others that aren’t getting reported to the media, purchasing Cyber Insurance is becoming a necessary part of life like purchasing home or auto insurance. You can’t predict and mitigate every threat so purchasing insurance is a great way to protect your business against the cost of recovery from a cyber attack. Stats say it will happen so its best to be prepared!

Assume/Accept

There are some circumstances that the risks are well known and the cost or effort to protect, mitigate or insure far outweigh the cost and impact of any remediation. In these cases, accepting the risk may be your best option. This option comes with a very large caveat, you’d better have a good understanding of the risk and the potential impact if it gets exploited. This isn’t the residual risks that we talked about in prior sections. This is the choice to forgo any efforts to address a particular risk and senior management has decided that the risk can be documented and assumed. As a cybersecurity manager you will want to document the heck out of this one and make sure you get clear signoff. All too often, the cost to react to a critical situation is far more expensive and impactful than anticipated. This could be the riskiest of the options and could end up being the most expensive if you aren’t careful.

Every business has risk. Building a proper Cyber Risk Management program doesn’t have to be difficult or expensive. A good program will take into consideration your business goals, objective and budgets. If you would like more information about protecting your business, please contact Dream Technologies Solutions. We’re here to help!

https://dream-techs.com/contact

info@dream-techs.com

250-744-7973

top feature image

Phishing Email – What to look for

I just received this email today and it is a typical example of how you should be diligent about checking the validity of any email from unknown or suspicious sources before you consider clicking on anything but delete. See below a screen shot of an email that I received this morning from “Apple Service” and some pointers to call out a few of the obvious errors that would indicate that this email is not actually from Apple. Since we know that Apple is meticulous about its image and branding, it makes it easier to detect anomalies that would not meet their high standards and therefore obviously fraudulent. It is a clear case of a phishing email that is designed to create a sense of urgency to entice the end user to react quickly by clicking on the link to get this “resolved” before they lose access to their precious Apple services. Unfortunately, every day people ignore the signs of deceit and fraud and take the bait. Nothing good happens after clicking a malicious link and many people never fully recover.

Let’s have a look at this phishing email in more detail:

Phishing Email Example
  1. The email is From: [Icloud]Apple Service <admin@centplasticmfg.com>
    1. All of Apple’s iSeries of products use a convention of lower case “i” followed by the product - iCloud, iPhone, iPad etc. This is not the case in the friendly name in the email address where they use Icloud. Apple is very particular about their marketing and would never allow this to go out to their customers.
    2. The email address is coming from <admin@centplasticmfg.com> which is not an Apple domain and would not be used by Apple. This is likely a legitimate email address from an unsuspecting company that the hackers are using to hide their tracks and get around email relaying restrictions so they can deploy the phishing email.
    3. It may not be as obvious to some, but a company would never use an admin account to send out a general-purpose email to customers. All admin accounts have a specific purpose, which typically involves elevated access rights, so industry best practices would prevent any legitimate organization from using it in this situation.
  2. Subject: account blocked!!!
    1. While the 3 exclamation points at the end of the phrase are convincing and generate a sense of urgency, nothing here looks legitimate. Apple would never send out an email with a subject line like this.
  3. Apple logo
    1. Apple is very image conscious and would never allow a distorted Apple logo, like the one shown in this email, to be sent to its customers. This is a bad copy/paste job.
  4. Email body
    1. I’m not a grammar expert but this is awful. My English teacher would have whacked me with a ruler if I handed in anything that read like this. Often foreign attackers will use translation software to create these emails and fortunately for us they fall well short of doing a convincing job. This is usually the easiest area to detect a phishing email.
  5. The Call to Action Button – Check your account
    1. This is how they get you. By clicking on this link, you will be directed to a malicious website that is designed to suck you into giving up your private and financial information. These sites can also be programmed to infect your computer with malicious code and anything is possible at that point. Ransomware is quite popular these days and can be very costly.
    2. If you hover your mouse over a call to action button or link, you can see where the link will send you. Again, in this case it will take us to a website that is not owned by Apple or any affiliate. (http://getsitebost.com//images/icons/redi.html) (I change the link slightly to prevent any accidental clicking!). Taking a deeper look into this address it looks like a legitimate site may have been compromised and is now being used for malicious purposes. This is common and will be discussed in more detail in a later blog.

As you can see, without being a phishing expert there are many indicators that should trigger you to flag this as a phishing email. Delete this email immediately. If this occurs at your place of employment, contact your IT department for further instructions. Phishing emails are on the rise and the best form of defense is end user education and awareness. Please share this with your friends and colleagues to help spread the word and keep everyone safe.

Dream Technology Solutions

https://dream-techs.com

top feature image

Phishing not fishing!

From huge financial corporations (looking at the recent news from Desjardens and Capitalone) to small local business, nobody is immune to the potential of a breach in security.  What motivated me to write this post was the loss of services experienced by INSYNQ recently.  The company provides cloud computing services for companies to run accounting software on VDI platforms that it hosts and was recently “brought down” by ransomware called MegaCortex.

Phishing scams are nothing new. In fact, we’ve all heard about the “Nigerian prince” phishing emails that have been showing up in inboxes for years.

Unfortunately, phishing attacks continue to increase exponentially in volume, and are considered a serious threat to both companies and individual internet users, as they can result in devastating financial losses. In addition, phishing emails can be much harder to recognize than many business owners think.

Cybercriminals have resorted to increasingly sophisticated phishing strategies as of late to get recipients to open, click, and share malicious code. And these tactics are paying off handsomely. Business email compromise (BEC) scams are more successful than ever, with losses reaching $2.7 billion in 2018.

Here are some common phishing trends that business owners should know about and tips for educating employees about them:

What are phishing scams?

Phishing scams typically consist of emails that seem harmless but are intended to trick users into sharing sensitive information. This can be accomplished by encouraging the user to click on a malicious link or attachment. Phishing emails get their name because the hackers are “fishing” for your personal information.

Most phishing emails appear completely legitimate, often by imitating a company’s logo using high-quality graphics and including opt-out instructions. For this reason, it’s quite common for recipients to be fooled, and even large companies have fallen prey to these scams.

Common phishing trends and techniques.

There are many techniques hackers use to launch a phishing attack. A few of the most common ones are:

  • Invoice phishing: Invoice phishing emails claim the recipient has an outstanding invoice from a well-known company, bank, or vendor. The email instructs the recipient to click on a link to pay the invoice. But when they click on the link and access the site, the hackers steal their personal information and gain access to their bank accounts.
  • The virus or compromised account: Viruses and compromised accounts cause users to receive an email from a third-party company claiming one of their accounts has been compromised. The email instructs the user to log in to reset their password or to download a form, fill in their personal information, and return it. However, a legitimate company would never request your personal information through email in this manner.
  • Payment and delivery scam: This tactic involves sending emails from what appears to be a legitimate vendor, asking for a user’s credit card information. They typically claim your payment information needs to be updated before they will deliver your order. Be careful with these emails, especially if you haven’t purchased anything from the vendor.
  • Downloads: Download scams send an email instructing recipients to click on a link. These emails often contain hyperlinks that could download a malicious file onto the user’s computer. Never click on an email link unless you are absolutely sure the sender is who they claim to be.

Tips for spotting phishing emails.

Although phishing emails often mimic actual companies and vendors, there are ways to detect them. All small-business owners and employees should be aware of the following red flags that indicate a possible phishing email:

  1. The email contains links or URLs that direct you to the wrong website or try to get you to access a third-party site that is separate from the email sender.
  2. You receive an email from a company requesting sensitive information such as a social security number, bank account information, or credit card numbers. Consider these emails suspect and never share your personal information without checking with the company first.
  3. You find an unexpected email in your inbox from a person, vendor, or company that you rarely or never deal with. If this happens, the safest thing to do is delete the email without opening it, as there’s a good chance it’s a phishing email.
  4. The email has obvious errors like typos, poor grammar, or incorrect information. A legitimate email from a company is very unlikely to have these kinds of errors.
  5. The email address of the sender is incorrect, although it is close to the actual email address. This is another common sign of a phishing email.

Phishing scams remain a very common type of cybercrime and can cause major financial losses to individual users and companies. And phishing emails are much more sophisticated these days, making them harder to detect. If you’re a business owner, it’s essential to be aware of phishing techniques and red flags, and to educate your employees on them. By doing so, you can help protect your company from financial losses and other serious consequences.

Please use MFA!

Having recently attended a security presentation from Cisco, one of the speakers (by all accounts a Jedi) made the comment, “if you are not using MFA you are crazy!”. 

So what is MFA?

The premise is, at its base level, details “something you know, something you own and something you are”.  Sometimes called two-factor authentication it adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that’s considered a single-factor authentication.

Its 2019 and the concept that “passphrases-will-save-us”, and so on seems a distraction, you should be using more than one of the following methods to authenticate;

  • Something you know, such as a personal identification number (PIN), password or a pattern.
  • Something you have, such as an ATM card, phone, or fob (Yubikey).
  • Something you are, such as a bio-metric like a fingerprint or voice print.

Because here’s the thing: When it comes to composition and length, your password probably doesn’t matter.

Here are some ways passwords are broken today;

Credential Stuffing, is one of the most common methods because passwords are hard to remember (62% of users admit to reuse).  Essentially the tools are out there for a surprisingly low cost. Very easy: Purchase credential lists gathered from breached sites with bad data at rest policies, test for matches on other systems.  There are even list cleaning tools are readily available.

 Phishing or man-in-the-middle attack makes up 0.5% of all inbound email.  How does this play out? Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. You click on a link in the email and are taken to what appears to be your bank’s website, where you log in and perform the requested task.

In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate. (This attack also involves phishing, getting you to click on the email appearing to come from your bank.) He also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. But when you do that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.

Keystroke logging, password spray and brute force methods are lower on the spectrum but if you are not considering the security of your data and IT systems a priority, it’s easy to see how hackers can make a good living.

What can I do?

Organizations can help by implementing stringent password policies with Single Sign On (SSO) to mitigate the problem of users having to remember more than one set of credentials, or you could just enable MFA. Ultimately, passwords can be hacked and at that point MFA is your safeguard.

Given the likelihood that your password gets guessed, intercepted, phished, or re-used.

Your password doesn’t matter, but MFA does! Based on Microsoft studies, your account is more than 99.9% less likely to be compromised if you use MFA.  In-fact Microsoft are announcing the public preview of FIDO2 security keys support for passwordless sign-in to Azure Active Directory (Azure AD).

Here at Dream Technology Solutions we have the experience and expertise to ensure you are working to best practices when it comes to the security of your people and IT systems.  Drop us a line if you are interested in exploring how we can help you to secure your business.