(403) 237-7750

Archive for category: Email Security

The Impact of the U.S. Government Eviction of Kaspersky

/2 Comments/in , , /by

The threat of Russian interference in the activities of the U.S. government, a drama that has been unfolding over the past several months, is now one that has entered the realm of cybersecurity.

The FBI is currently investigating whether Kaspersky Lab, a provider of anti-virus and cybersecurity software, has ties to Russian military and intelligence.

A leader in cybersecurity, with 400 million users worldwide, company leaders have denied ties to Russian military and intelligence since Kaspersky Lab was established in 1997.

As a measure of precaution, however, the U.S. government recently announced that agencies have 90 days to remove Kaspersky software from their systems.

This software ban could set a concerning precedent for the global cybersecurity industry.

What Are The Concerns?

Kaspersky software was once a major component of the U.S. government cybersecurity strategy, with anti-virus products protecting privileged files.

There are now concerns from top government officials that at any point, the Russian government could place pressure on Kaspersky Lab to allow access to critical U.S. government information.

Despite Kaspersky’s denial of any allegations and their offer to allow the U.S. to inspect its source code, security officials no longer have faith in Kaspersky products.

This is based on the ability to access and compromise federal information that could impact national security through an undetected back door.

What Does This Mean For Borderless Cybersecurity?

Currently, the global cybersecurity industry relies on mutual trust among the top firms.

Kaspersky Lab, in partnership with U.S. software firm, Symantec, identified the Regin trojan, a cyber-weapon already deployed throughout the intelligence community that could yet have international repercussions.

However, this movement to establish borders on cybersecurity not only restricts the flow of critical information that could be used in mitigating threats, but it shifts the level of confidence from one of trust to that of suspicion.

Ultimately, the ensuing defence posture will hinder efforts to prevent global threats.

Best Buy has also taken action, removing Kaspersky products from their shelves, but their software products are still widely used in many American and Canadian households.

Eliminating Kaspersky products completely will involve an entire shift in the national security infrastructure, significantly impacting cybersecurity.

The successful management of cybersecurity threats has relied on an international pool of experts.

The Kaspersky ban, despite good intentions, could impact government and private businesses, as credible cybersecurity threats may go undetected.

Confining cybersecurity to national software has the potential to reduce some risks, yet exacerbate others, and the entire industry will feel the impact either way.

If you are concerned about your cybersecurity, want to explore options beyond Kaspersky, or have insight into the impact this will have internationally, we’d love to hear your thoughts. Please comment below or join our conversation on Facebook.

Closing the Security Gaps: Employee Passwords

/in /by

Closing the Security Gaps: Employee Passwords

In our lives, passwords are the keys to everything we do, from logging in to our personal online banking to paying our bills.

Infоrmаtiоn about our реrѕоnаl lives, buуing hаbitѕ, credit ԛuаlitу аnd lifеstyle are valuable tо those whо саn рrоfit frоm it.

For corporations, that data hаѕ еvеn greater wоrth.

Intangibles such as intеllесtuаl рrореrtу, сliеnt liѕtѕ, mаrkеt ѕtrаtеgiеѕ, pricing and соmреnѕаtiоn, along with copious amounts of personal data on each customer, often account for the majority of the vаluе оf thе mоdеrn enterprise.

Therefore, the passwords we use at work – to access email, data files, and networks, are crucial protection points between us and hackers.

Wеаk оr compromised раѕѕwоrdѕ are the easiest wау fоr hackers to gаin еntrу intо a system.

Simрlе оr short раѕѕwоrdѕ саn bе еаѕilу diѕсоvеrеd through brutе force or “diсtiоnаrу”  attacks which concentrate intense соmрutеr роwеr to break through.

A two letter раѕѕwоrd, fоr еxаmрlе, hаѕ оnlу 676 соmbinаtiоnѕ.

A password with еight lеttеrѕ оffеrѕ mоrе safety with 208,000,000 combinations.

Enterprise Security Starts with Personal Password Requirements

Anyone who accesses your network, whether employee, client, vendor or other stakeholders, should be required to use complicated passwords to access everything from databases to email.

Idеаllу, a password ѕhоuld соnѕiѕt оf 8 or more characters and should be comprised of a mixture of uрреr аnd lower case lеttеrѕ, ѕуmbоlѕ аnd numbеrѕ.

Miсrоѕоft security hаѕ еnсоurаgеd the concept оf thе “Pаѕѕ Phrase” as аn аltеrnаtivе.

A рhrаѕе such as,”TheLastGoodBookUBoughtCost$25!” hаѕ all of thе needed еlеmеntѕ but is also еаѕу tо rеmеmbеr, since being able to remember the password is the key reason employees tend to create simple passwords.

Human Failsafes

Policies should be in place to govern passwords used to access company data of any kind that prevent:

  • Sharing passwords
  • Writing them down
  • Storing them on a computer or phone

It might seem like it would be common sense, but having a policy in place that spells it out is worth the effort.

People are the biggest security risk.

We are wired to respond to phishing attempts to gain access that play on our fears and worries.

We also are busy, forced to remember many passwords, and tend to use the same ones again and again. We’re also trusting and apt to share a password.

Layered Security

To mitigate the risk, lеаding firms аrе аdорting a dеfеnѕе strategy utilizing thrее еlеmеntѕ tо bеttеr ѕаfеguаrd thеir infоrmаtiоn.

Thе thrее lауеrѕ оf аuthеntiсаtiоn consist оf:

  • A strong password or passphrase
  • A crypto-key, smartcard, or token
  • Biometrics (fingerprint, etc.)

Protecting data is a never-ending battle as hackers become more and more sophisticated.

Companies must take strong stances on every point of entry that might create risk, including employee passwords.

Employee password security policies are essential to business continuity.

Phishing and Spoofed Emails Threaten Corporate Email Security

/in /by

Phishing and Spoofed Emails Threaten Corporate Email Security

Twenty years ago, corporate email security was not an issue that business leaders had to contend with.

Today, phishing and spoofed emails account for nearly half of all emails sent – and that’s a 12-year low!

As technology becomes more prevalent in every part of our business and personal lives, cybercriminals have become more and more creative in finding ways to con employees into clicking on links or taking actions that put companies at risk.

This has collectively cost businesses in Canada more than $19 million in 2014.

Email Security Threats Become More Sophisticated

A new wave of spear phishing – highly targeted, researched emails that are even more likely to deceive your employees because they look so legitimate – has been targeting Canadian companies.

Alberta businesses are not immune.

Last fall, 75,000 members of the Alberta APEGA were the victims of a spear phishing scheme.

The ITeam recommends that every organization take immediate steps to improve email security, including these steps:

1. Provide Ongoing Training to Employees 

According to the 2015 Verizon Data Breach Report, employees are one of the biggest risks, with 23 percent of recipients opening phishing messages and 11 percent of those clicking on the links.

Ongoing training, reminders, and even phishing email tests can help educate your employees on how to better resist the deceptions.

As business leaders and industry professionals, we must provide constant reminders about being more cautious.

Institute policies that govern what actions can be taken from an email.

Encourage employees to verify with the sender (in person or over the phone) if they were really the ones to send the email before opening attachments, wiring money, or clicking on links.

2. Implement Multi-Layer Security 

To prevent some of these targeted emails from getting through, you must implement tough, layered security protocols.

Every organization should have firewall protection, virus protection, and malware detection software.

In addition, email encryption solutions can protect data and limit access, and additional policy-based email security can be implemented to detect keywords that are likely phishing triggers, such as “credit card,” “wire,” “bank transfer,” and others.

3. Establish Robust BDR, MDM, and BYOD Protocols 

To mitigate risk, in case the worst does happen and an employee clicks on a link that leads to malware or ransomware infection, be sure you have stringent Backup and Disaster Recovery (BDR) protocols in place to protect your data.

It’s necessary to ensure that every device being used by employees is protected. Develop Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policies that require the devices to have protection and allow you the ability to remotely delete them from your network.

4. Adopt Sender Policy Framework (SPF) Best Practices 

To prevent even more spear phishing attempts, implement Sender Policy Framework (SPF).

Sender policy framework is an easy-to-implement email validation tool.

The SPF communicates with email providers and tells them that the email is coming from an approved domain (the company website, newsletter service, or approved third-party sender).

The ITeam will work with your Alberta business to customize a cost-effective solution. We offer a comprehensive email security plan that will protect you against email security threats. Contact us for a free consultation.