Security

A women using two-factor authentication to prevent phishing

Last month, the FBI released a note warning businesses that hackers are bypassing two-factor authentication. Two-factor authentication is usually seen as extra secure because it not only requires your username and passcode but also a unique security token—like a one-time password texted to your smartphone.  Businesses are increasingly using two-factor authentication as an end all be all form of protection which is scary because it turns out that hackers are actually able to automate phishing attacks to intercept that unique security token. That’s why it’s more important than ever that your business is armed against phishing attempts.

 

A quick rundown on the FBI notice: While it’s already a known issue that hackers use SIM swapping– where hackers convince a mobile network to port their target’s number, giving them access to security tokens—to bypass two-factor authentication, the latest is that hackers are now also using two new tools called Muraena and Necrobrowser to easily access information protected by two-factor authentication. Muraena automates phishing attacks while Necrobrowser helps hijack a legitimate authentication session. These tools work together to steal victims’ credentials without the victim even knowing it’s happening.

 

All this is scary because of the ease with which hackers can compromise a supposedly secure method but it doesn’t mean that phishing attacks have to be inevitable. So how do you arm your business against phishing attempts? A combination of employee education, using the right tools and having a backup plan.

 

Training Your Employees to Recognize Phishing Attempts

A quick test of your phishing IQ (you can try a phishing IQ quiz here) shows just how hard it is to recognize phishing attempts. That’s why it’s important to train employees how to recognize these attempts. This should include teaching employees how to recognize common phishing tactics like fake websites that differ in URL by just one letter or emails that come from a fake domain name. Training should be ongoing and updated regularly to reflect any new developments.

 

Using the Right Tools to Prevent Phishing

Even with training, humans can still sometimes make mistakes, which is why using the right tools can help. Phishing attempts frequently involve official-looking emails asking targets to reset their password, or login somewhere, or even send a wire transfer. If you make it a company policy to use tools other than email for conversations around password resets, logins, or sensitive situations like wire transfer, employees are much less likely to fall for a phishing attempt.

 

Be Prepared Just in Case

Even with the best prevention methods, sometimes phishing attempts are sometimes still successful. If they are, make sure to have an incident response plan in place that allows you to continue to communicate and coordinate with the rest of your team, addressing the situation even if your network is compromised.

 

Communication is at the core of preventing and responding to phishing attempts. Vaporstream prevents phishing by providing businesses a secure network to discuss sensitive information on. Even when your network is compromised during a phishing incident, you can continue to communicate and strategize response during a phishing incident. See how companies use us here.

 

0

Incident Response

From natural disasters to oil and chemical spills to terrorist attacks to cyberattacks, water distribution systems have to be prepared for a variety of challenges that could contaminate or disrupt the water supply. When a crisis hits, a strong water supply emergency response plan makes sure that stakeholders can make rapid and effective decisions that will minimize the damage and resume operations as quickly as possible. At the core of any successful emergency response is communication—coordinating quickly with other stakeholders for the best possible outcomes. But how can you make your communication strategy A-grade? Here are some tips.

0

Energy

Two weeks ago, the ExxonMobil complex in Baytown, Texas caught fire after a petrochemical unit exploded. This was the latest in a series of incidents at petrochemical units in the area: in March and April a series of fires occurred at the same ExxonMobil complex and nearby petrochemical storage facilities, releasing pollutants. Harris County, the county where these facilities are located, conducted an analysis of how local agencies and officials were responding to these incidents. As a result, the county decided to focus on improving communications during incident response—specifically, improving communications between agencies responding to the incidents and keeping the public informed.

0

Incident Response

With over 106 million customers and applicants’ personal data exposed, the Capital One breach is one of the biggest breaches of a financial institution in US history. A former employee of Amazon’s cloud-computing unit was able to exploit a vulnerability in Capital One’s cloud service provider AWS,exposing some 140,000 Social Security Numbers and 80,000 bank account numbers of US customers.

0

Incident Response, Uncategorized

On Tuesday, May 7, Baltimore city employees came into work to find that their computer screens were locked. “We’ve been watching you for days,” the message on their screens read, “We won’t talk more, all we know is MONEY! Hurry up!” The city of Baltimore had been hit by a ransomware attack; the hackers were demanding $100,000 in bitcoin to release their files.

0

Energy

A historically industrial area, Marshall County, West Virginia is accustomed to the occasional industrial emergency. So, when a gas pipeline exploded in June of 2018, people knew exactly what to do. As first responders handled over 37 calls in 3 minutes, they dispatched resources to the site of the emergency. No fatalities, injuries, or property damage was reported as a result of the emergency and damage was contained to 1,100 feet around the site. This was in part thanks to Marshall County’s oil and gas task force, which brings together emergency management officials, first responders, local schools, and representatives from the oil and gas industry to address potential emergencies. Marshall County’s oil and gas task force and its impact on emergencies highlights the importance of engaging multiple stakeholders via regular communications when it comes to incident response.

0

Energy

After Hurricane Sandy in 2012, the Department of Energy (DoE) asked the National Petroleum Council (NPC) to provide specific actionable steps to better prepare the oil and natural gas industry’s response to natural disasters. In response, the NPC released “Enhancing Emergency Preparedness for Natural Disasters” in 2014, which included a series of recommendations for emergency preparedness, response and recovery in the oil and natural gas industry.  A key finding? That effective communications during emergency response is a major challenge for the industry and that a standardized, rehearsed approach toward communications that addresses escalated and expanding responses as an event unfolds is critical. 

0

Incident Response

It’s been forty years since the infamous Three Mile Island accident, an incident made famous bythe confusion and panic it spawned in its wake. But while the incident is remembered for the fear it stoked about nuclear energy, it also set the stage for the US nuclear industry to become the safest in the world. To this day, the Three Mile Island accident impacts the nuclear industry and provides valuable lessons about incident response and communication.

0

Incident Response

It’s more important than ever that every business be prepared to handle a crisis. A 2017 survey of 164 CEOs showed just how prevalent they are: 65% of the CEOs surveyed reported experiencing at least one crisis since 2013. In the same survey, 40% expected to experience a crisis in the next three years and an additional 33% expected multiple crises. When it comes to crises, everyone in an organization needs to be on board with how to respond. Unfortunately, many organizations are not adequately prepared or aware of the appropriate steps they need to take to respond to a crisis.

0

Incident Response

In emergency situations, speed is key for first responders. Law enforcement agencies need to have the tools in place to be able to communicate and coordinate quickly.  Using old and clunky tools—like desktops and laptops—are simply not sufficient for teams to make decisions quickly and securely. And, the traditional radio system can present interoperability problems.

0

Incident Response

Natural disasters, mass shootings, and cyber-crimes are on the rise, and it isn’t just sensationalism.  According to NOAA, (National Oceanic and Atmospheric Administration), there are 10 – 15 disasters per year with costs in the billions, up from 1 or 2 in the 1980s. Not only that, but according to the LA Times, mass shootings are becoming more frequent, and deadlier. Add that into the pot with the numerous cyber-crimes against big and small businesses alike, and it’s time to create a plan.

0

Today’s supply chains are increasingly efficient, yet they also present substantial new levels of risk. Whereas supply chain managers of the past were most often concerned with price volatility, shortages and supplier failures, the globally-connected nature of today’s supply chain also makes it highly vulnerable to both physical and digital threats.Since global organizations can support operations with partners in countries with varying infrastructure reliability, incident response plans are often siloed. This lack of continuity has made streamlining communications a severe and sometimes impossible challenge to overcome.  In an era whenSEE DETAILS
0

Energy

In February 2018, the United States Department of Energy established the new Office of Cybersecurity, Energy Security and Emergency Response (CESER), focused on cybersecurity, energy security and emergency response with $96 million in government funding – and not a moment too soon. One month later, the Federal Bureau of Investigation and the Department of Homeland Security issued an alert alleging that Russian hackers mounted a methodical, long-term campaign to infiltrate and surveil critical US energy and utility infrastructure.

0

Today’s businesses face unprecedented risks. As mass interconnectivity replaces operational silos, every aspect of business, from transportation and the supply chain to email, data storage, facilities management and financial transactions, are all vulnerable to compromise, disruption and human error. In addition to the people, processes and technology that are at risk in a crisis, so too are the communications mediums most commonly used for incident notification and response.At the forefront of defining their organization’s risk management strategies, risk managers, board members, chief security officers and chief information security officers allSEE DETAILS
0

Can Secure Messaging Protect Against the Most Common Attack Vector?In recent years, the alarming uptick in the frequency and sophistication of cyberattacks targeting critical infrastructure systems has put a spotlight on the emerging vulnerabilities of once disparate, now digitally connected, networks and systems. For the energy and utilities industry specifically, the decade-old quagmire that is information technology (IT) and operation technology (OT) convergence has revealed weaknesses in proactive cybersecurity, incident response and business continuity across both facilities and operations.While the nefarious online activities of nation states and cyber terrorists, alongSEE DETAILS
0

Incident Response

Situations like acts of nature, data breaches, or other unforeseen events, require planned responses in case they happen. Different situations may require a different chain of events to occur, but there is one thing that all incident response plans have in common: the need for ongoing communication throughout the course of the event.

0

Incident Response

Do you have an emergency preparedness plan in your household? Many families do—whether because they live in an earthquake or hurricane prone area, or because they want to be prepared for a personal emergency just in case. A smartphone can provide critical support during an emergency but—like your emergency kit and home vehicle—it needs to be prepared. There are several ways you can prepare your smartphone for an emergency.

0

Healthcare

If you are a healthcare provider or supplier that engages with Medicare and Medicaid programs, it’s urgent that you understand and comply with new Department of Health and Human Services (HHS) healthcare emergency preparedness regulations (“EP Regulations”) to protect your access to Medicare and Medicaid programs. Under the new rules issued by the Center for Medicare and Medicaid Services providers must comply by November 15, 2017. That is this calendar year folks.  Are you ready?

0

Cyber Security

The biggest cyberattack in history has been spreading the globe since last Friday. Spanning across 150 countries, the 300,000 victims have included government agencies, hospitals, manufacturers and universities. When ransomware attack affects your organization how can you keep a secure line of communicaiton with your team? Read on to learn why ephemeral messaging should be a part of your incident response plan.

0