Security

A women using two-factor authentication to prevent phishing

Last month, the FBI released a note warning businesses that hackers are bypassing two-factor authentication. Two-factor authentication is usually seen as extra secure because it not only requires your username and passcode but also a unique security token—like a one-time password texted to your smartphone.  Businesses are increasingly using two-factor authentication as an end all be all form of protection which is scary because it turns out that hackers are actually able to automate phishing attacks to intercept that unique security token. That’s why it’s more important than ever that your business is armed against phishing attempts.

 

A quick rundown on the FBI notice: While it’s already a known issue that hackers use SIM swapping– where hackers convince a mobile network to port their target’s number, giving them access to security tokens—to bypass two-factor authentication, the latest is that hackers are now also using two new tools called Muraena and Necrobrowser to easily access information protected by two-factor authentication. Muraena automates phishing attacks while Necrobrowser helps hijack a legitimate authentication session. These tools work together to steal victims’ credentials without the victim even knowing it’s happening.

 

All this is scary because of the ease with which hackers can compromise a supposedly secure method but it doesn’t mean that phishing attacks have to be inevitable. So how do you arm your business against phishing attempts? A combination of employee education, using the right tools and having a backup plan.

 

Training Your Employees to Recognize Phishing Attempts

A quick test of your phishing IQ (you can try a phishing IQ quiz here) shows just how hard it is to recognize phishing attempts. That’s why it’s important to train employees how to recognize these attempts. This should include teaching employees how to recognize common phishing tactics like fake websites that differ in URL by just one letter or emails that come from a fake domain name. Training should be ongoing and updated regularly to reflect any new developments.

 

Using the Right Tools to Prevent Phishing

Even with training, humans can still sometimes make mistakes, which is why using the right tools can help. Phishing attempts frequently involve official-looking emails asking targets to reset their password, or login somewhere, or even send a wire transfer. If you make it a company policy to use tools other than email for conversations around password resets, logins, or sensitive situations like wire transfer, employees are much less likely to fall for a phishing attempt.

 

Be Prepared Just in Case

Even with the best prevention methods, sometimes phishing attempts are sometimes still successful. If they are, make sure to have an incident response plan in place that allows you to continue to communicate and coordinate with the rest of your team, addressing the situation even if your network is compromised.

 

Communication is at the core of preventing and responding to phishing attempts. Vaporstream prevents phishing by providing businesses a secure network to discuss sensitive information on. Even when your network is compromised during a phishing incident, you can continue to communicate and strategize response during a phishing incident. See how companies use us here.

 

0

Incident Response

From natural disasters to oil and chemical spills to terrorist attacks to cyberattacks, water distribution systems have to be prepared for a variety of challenges that could contaminate or disrupt the water supply. When a crisis hits, a strong water supply emergency response plan makes sure that stakeholders can make rapid and effective decisions that will minimize the damage and resume operations as quickly as possible. At the core of any successful emergency response is communication—coordinating quickly with other stakeholders for the best possible outcomes. But how can you make your communication strategy A-grade? Here are some tips.

0

Incident Response

These days crises like breaches, ransomware attacks and natural disasters have become all too common and businesses have to contend with keeping core operations running and addressing any reputation fallout that comes with the crisis. During a crisis, misinformation and rumors can spread quickly and seriously damage a company’s reputation, resulting in lost revenue. That’s why it’s so important for businesses to think about how to protect their reputation during a crisis. Here are five tips on how to do so:

0

Security

Last week, our CEO Galina Datskovsky and global security expert Paul Viollis hosted a panel titled “Confidential Conversations: Are They Actually Possible in Our Technological Age?”. We were lucky to be joined by a diverse group of journalists, industry experts, and other people in enterprise to discuss how to use communications to improve security, privacy and employee safety. The panel covered a lot of ground—from discussions about human risks to company security to conversations about how to develop legal and business strategies to protect businesses. Here are five of our key takeaways from the conversations that day.

0

Healthcare

Providing patients in senior living with quality care is a team effort—and that team is diverse. It can include multiple doctors, nurses, other caretakers and, of course, the patient’s family. While keeping everyone on the same page can feel all too difficult—especially with people in different roles in different places at different times—it doesn’t have to be. Keeping everyone in the loop is actually as simple as having the right communication solution on a tool you already have in your pocket: your smartphone.

0

Financial Services

We assume that if a website has a security certificate—indicated by an address that begins with “https” and (typically) that little padlock icon next to it—then the website is safe. It isn’t potentially malicious or trying to install malware or steal personal information. Until recently, if a site didn’t have a security certificate it was a red flag. But now hackers are using that very security certificate to trick users into thinking a malicious website is safe—and they’re specifically targeting the finance industry.

0

Energy

Two weeks ago, the ExxonMobil complex in Baytown, Texas caught fire after a petrochemical unit exploded. This was the latest in a series of incidents at petrochemical units in the area: in March and April a series of fires occurred at the same ExxonMobil complex and nearby petrochemical storage facilities, releasing pollutants. Harris County, the county where these facilities are located, conducted an analysis of how local agencies and officials were responding to these incidents. As a result, the county decided to focus on improving communications during incident response—specifically, improving communications between agencies responding to the incidents and keeping the public informed.

0

Incident Response

With over 106 million customers and applicants’ personal data exposed, the Capital One breach is one of the biggest breaches of a financial institution in US history. A former employee of Amazon’s cloud-computing unit was able to exploit a vulnerability in Capital One’s cloud service provider AWS,exposing some 140,000 Social Security Numbers and 80,000 bank account numbers of US customers.

0

Energy

The US nuclear industry’s safety record is stellar, in part thanks to NRC regulations that arose from Three Mile Island. But complying with NRC regulations is costly: annual ongoing regulatory costs can range from $7.4 million to $15.5 million per plant and can have significant impact on plants and companies’ profitability—with regulatory costs in some cases exceeding profit margins. But while complying with NRC regulations is necessary, the high costs don’t have to be. Nuclear plants can easily and cost-effectively meet NRC regulations with streamlinedemergency preparedness plans that rapidly address events while reducing potential for error.

0

Incident Response

With severe weather becoming the norm across the world, businesses in the United States are faced with the challenge of ensuring that your business can continue to operate if a disaster strikes. In 2018 alone, 11 weather and climate-related disasters struck within our boarders – so it’s not a surprise that severe and extreme weather events are a leading concern for businesses when It comes to emergency communications, response and business continuity.

1

Cyber Security

The rate at which sensitive data gets compromised is growing exponentially. In a recent series of tech articles, the Wall Street Journal examined how people in the public and private spheres are vulnerable to and seriously impacted by various cyber-attacks. Governments experience losses of upwards of fifty-thousand dollars from ransomware attacks, and that is just in ransom alone. Corporations are wrestling with protecting computer and network supply chains from information-stealing software. And individuals must now contend with new methods of phone hacking, such as when hackers swap SIM cards. The answer? An alternative secure communications channel that runs independently from your public, private or individual networks.

0

Incident Response, Uncategorized

On Tuesday, May 7, Baltimore city employees came into work to find that their computer screens were locked. “We’ve been watching you for days,” the message on their screens read, “We won’t talk more, all we know is MONEY! Hurry up!” The city of Baltimore had been hit by a ransomware attack; the hackers were demanding $100,000 in bitcoin to release their files.

0

Healthcare

Consistent communication and collaboration can be tricky when it comes to home healthcare—especially since it involves so many different people in many different places. Along with home healthcare professionals, a patient’s care team can include anyone from their primary care doctor to a range of specialists to family members and other caregivers. Fortunately, HIPAA-compliant mobile messaging (from mobile devices or tablets) is one way to address that challenge, keeping care teams in the loop no matter where they are and with minimal interruption to their schedule.

0

Privacy, Uncategorized

When it comes to privacy, it’s typically the consumer who’s held responsible for maintaining their own privacy, not the company (take Facebook, for example). But the introduction of facial recognition into our lives could change that dynamic. Consumers’ haven’t been blindly accepting it into their lives but questioning it—and questioning it hard. The result? Companies are being pushed to take responsibility for consumers’ privacy. Which is a good thing for consumers andcompanies—it creates an opportunity for companies to foster trust with consumers and strengthen their relationships with the public at large.

0

Healthcare

Mobile devices have become ubiquitous in day-to-day life. The majority of Americans own a smart phone and use it not just for personal matters but for professional matters, too. It’s a technology that spans gender, location, profession and age – with 46% of senior Americans owning a smart phone. With smartphones this ubiquitous, it’s not a surprise that senior living residences are starting to leverage smart phones to streamline their operations.

0

Secure Messaging

For the third year in a row, Vaporstream is a winner of the Cyber Defense Magazine Infosec Awards—this time winning Best Product in Messaging Security. Cyber Defense Magazine (CDM) is a leading electronic information security magazine. Of the 3,000 companies considered for this prestigious award, less than 200 were ultimately selected by CDM as winners for the 2019 InfoSec Award.

0

Cyber Security

At one-point, email may have been the standard communication tool for businesses because of its convenience, but its limitations have become increasingly clear.  It’s time for email to take a backseat. As major news stories in the past few years have indicated – email is often simply not secure. It also is often a medium through which hackers target business—think phishing emails, for example. Finally, it is simply not efficient—people are slow to open their email and slow to respond. Compare this to text messaging (used these days one survey found by over 80% of people for business), which people are much more responsive to.

0

Incident Response

In emergency situations, speed is key for first responders. Law enforcement agencies need to have the tools in place to be able to communicate and coordinate quickly.  Using old and clunky tools—like desktops and laptops—are simply not sufficient for teams to make decisions quickly and securely. And, the traditional radio system can present interoperability problems.

0

Incident Response

Natural disasters, mass shootings, and cyber-crimes are on the rise, and it isn’t just sensationalism.  According to NOAA, (National Oceanic and Atmospheric Administration), there are 10 – 15 disasters per year with costs in the billions, up from 1 or 2 in the 1980s. Not only that, but according to the LA Times, mass shootings are becoming more frequent, and deadlier. Add that into the pot with the numerous cyber-crimes against big and small businesses alike, and it’s time to create a plan.

0

Healthcare

HIPAA may be twenty-two years old but the HIPAA Security Rule—which assures the security of confidential electronic patient information—hit its twenty-year mark just this year.  HIPAA was signed into law in 1996 to protect Americans from losing health insurance coverage when changing jobs or dealing with a lay off and to protect the privacy and security of individual health information. Rules that govern HIPAA’s implementation requirements include the Privacy Rule and the Security Rule, which followed the initial rule 2 years later, issued in 1998.

0

Privacy

These days, it feels like everybody’s talking about encryption and privacy. Whether you work in healthcare, energy and utilities, financial services or some other enterprise—you’ve probably come across debates around privacy, encryption and how to securely communicate to maintain privacy. But with all the news reports and use of buzzwords being thrown around it’s easy to forget the basics. So what do terms like encryption, privacy and man-in-the middle attacks really mean?

0

Healthcare

If you’re in healthcare, you are familiar with MACRA, the Medicare Access and CHIP Reauthorization act of 2015—bipartisan legislation that requires the US Centers for Medicaid and Medicare (CMS) to implement an incentive program. Merit-based Incentive Payment System (MIPS) evaluates clinicians in four areas—Quality, Improvement Activities, Promoting Interoperability, and Cost.

0