Lessons to Learn from Attacks on COVID-19 Research

Cozy Bear The National Cyber Security Centre, located in the UK, recently shared that a group has been attacking organizations involved with COVID-19 vaccine research. These claims have been verified by authorities in the United States and Canada. Known as “APT29,” as well as “Cozy Bear” and “the Dukes”, the attackers level spear phishing attacks and make use of assorted exploits to gain access to their target’s systems. After this access has been obtained, malware known as WellMail or WellMess is released into the environment. Many experts are of the opinion that this is not the first time that APT29 has been active, either. The group is suspected of attacks against various organizations in healthcare, energy, and government, and is believed to be responsible for the 2016 hack of the Democratic National Committee. In response to this, the CSC has been trying to work with software vendors to ensure that vulnerabilities are patched. If these patches aren’t applied, cybercriminals can find the means to exploit these vulnerabilities and cause problems. A Spear Phishing Refresher We’re no strangers to discussions about phishing, simply because it is one of today’s most prevalent threats to network security. Many phishing attacks are sent randomly to a large group of targets, but spear phishing is a different animal. Instead of trying to exploit a lot of people for little payout from each, spear phishing requires careful planning and execution of a highly targeted attack against one person. This person is often seen as the weakest link in an organization’s security by hackers. With any luck, you won’t need to contend with phishing attacks from a major hacking group. That being said, it’s important that you and your team can identify a potential phishing attack and react appropriately. Here are a few basics to keep in mind: Always check the details. Many phishing attacks will display some subtle issue, either in the email address it comes from or some other detail. Make sure you pay attention for some of these warning signs. Proofread the message. Businesses want to put their best foot forward, so their correspondence is generally carefully edited before it’s sent out. If you receive a message with questionable spelling and grammar, exercise caution. Reach out. If you’re unsure of whether a message is legitimate or not, reach out to the sender through another means to confirm it if you can. For your business to avoid threats, being able to identify potential phishing attacks is only going to become more important. Find out how to train your team to spot them by reaching out to us. Call SRS Networks at (831) 758-3636 to learn more.

Will Remote Work Policies Continue Once the Pandemic Ends?

The Impact of Remote Work There have been plenty of positive effects brought on by the implementation of remote work policies for businesses to only embrace it further. A recent study by Intermedia surveyed the owners of 250 businesses and revealed a telling selection of these effects, including: Increases in employee availability in 19 percent of these businesses Increased job satisfaction—15 percent—and life satisfaction—seven percent—alike Decreased overhead costs Improved employee attitudes Reduced work-related stress Increased engagement Out of these businesses, 85 percent had primarily functioned in a centralized office space, but with remote work exploding in prevalence as social distancing has been adopted, that number has gone down to 26 percent. Simultaneously, video conferencing increased in use by 27 percent, from a rate of 57 percent to 84 percent. This only makes sense, as businesses must continue their operations to remain open. If remote work is the only way to do this without jeopardizing the health and safety of their employees, clients, and customers, the smart play is to embrace remote operations. Will Remote Work Last Longer than the Pandemic? Admittedly, it can be hard to even think about the time after the current health crisis is over, as so much has changed in the relatively short time we’ve all been living this new normal. We don’t think that remote operations will go away, though. Consider the list of benefits that businesses reported seeing. The biggest concern that many of these businesses had was the matter of engagement: how could they attract and convert clients when face-to-face conversions were once their de facto strategy? However, these concerns were not fueled due to any influence by technology restrictions, as the explosion in conferencing we discussed above goes to show. As a result, we can confidently conclude that many businesses won’t shift away from remote operations when they are no longer required for survival. The benefits—increased team satisfaction and at least the same levels of productivity—are just too good to pass up. SRS Networks can help you embrace the remote capabilities that can help your business survive these challenges, along with many other IT tools and resources. Give us a call at (831) 758-3636 to learn more about what we can do for your business technology.

What’s it Going to Take? Cybersecurity

What Is Changing? This year has been far from typical, but it started out “normal”. Businesses had time to set their technology budgets for 2020, but when the pandemic hit those plans were either tabled or thrown out entirely. Unfortunately, in times of crisis, cybercriminals strike, and with many businesses looking to cut costs where they can, security was, somewhat surprisingly, one place businesses borrowed from, weakening security at a time when most would assume that attacks were about to increase. What has happened in the interim has surprised many industry analysts. While many businesses cut their security spending, businesses have continued to invest in the right places to mitigate attacks. Businesses actually saw data breaches fall by a third in the first six months of 2020. This has led many businesses to question whether all the capital they were pumping into their cybersecurity strategies are actually necessary. Tried and True Solutions With thoughts about cybersecurity spending shifting, there are some strategies that are imperative to keep your business secure from threats. They include: Endpoint protection – setting policy that works to secure entrypoint onto your network is essential to keeping threats off your business’ network. Today, there are some very sophisticated attacks and being able to detect, analyze, thwart, and contain attacks is extremely important. Employee training – phishing attacks account for the majority of cyberthreats companies encounter. Ensuring that employees are cognizant of what constitutes a phishing threat, and what to do (and not to do) with it once it is received is paramount to keep data and networks secure. Encryption for remote connections – If your business relies on remote workers, keeping the connection they use secure is extremely important. You never know what your staff has on their PC, and if you don’t want to find out you need to find a reliable remote access software or outfit each member of your remote team with an enterprise VPN. Mobile access management – The smartphone has become more important than ever for businesses, but any environment that is being used as much as most people use their mobile devices needs to be secured against. These four platforms will go a long way toward helping your business maintain security of its digital assets. Where We Go From Here Now that organizations are being a little more selective about what they spend their capital on, you will see strategies emerge that are designed to combine the lessons from the past several years with the stripped-down financial obligations they’ve been working with during the first half of 2020. This means that businesses will be looking to build their cybersecurity platforms on efficiency. Here are three strategies you will see more of in the future: Building resilience – In order to be successful building cyber-resilience, companies will want to tear down the barriers that separate departments. A unified strategy for all to comply with reduces support overhead and promotes continuity throughout your organization. Establish good cyber-hygiene – Many organizations are disorganized when it comes to managing access to their digital resources. Moving to more consistent methods of managing access is advantageous for workers and administrators, alike. Lean on cooperation – One notion that has been reinforced during the pandemic is the need for cooperation between departments. Strategies in combating cybercrime and […]

Did Google and Apple Secretly Install a COVID-19 Tracking App?

We’ve seen a few social media posts over the last week or so claiming that Android and iPhones have been getting a COVID-19 tracking app installed without getting permission from the user first. People are worried that their privacy is at risk. Here is an example of one of the posts that have been making rounds across Facebook: **VERY IMPORTANT ALERT!***A COVID-19 sensor has been secretly installed into every phone.Apparently, when everyone was having “phone disruption” over the weekend, they were adding COVID-19 Tracker [SIC] to our phones! If you have an Android phone, go under settings, then look for google settings and you will find it installed there. If you are using an iPhone, go under settings, privacy, then health. It is there but not yet functional. The App can notify you if you’ve been near someone who has been reported having COVID-19. There is a little bit of misinformation here. First of all, there really isn’t a way to sneak a “sensor” onto a device through a software update unless there is already some hardware in place that does the sensing. This immediately tells us that something about this is at least a little bogus, because from a technical standpoint, the sensationalist post misses the mark. Here’s what really happened. Google/Apple Didn’t Sneak a COVID-19 Tracking App On Your Phone – They Pushed a Security Setting Google and Apple have been working together to build a framework that app developers can use for apps that notify users if they may have been exposed to COVID-19. They didn’t sneak a COVID-19 app onto your phone without your consent.  The two companies added a setting to enable the use of Google and Apple’s COVID-19 Exposure Notification system. This system is the groundwork that official COVID-19 notification apps can use. State and local governments are responsible for developing the apps, but they can use Google and Apple’s secure platform in order to get them to work. If you follow the steps in the article and on Android, go to Settings and then Google Settings, you’ll see that the option to opt-in is disabled. The same with iPhone users; by going under Settings, then Privacy, then Health, you’ll have an option to opt in. Even if you opt in, you still need to install one of the official apps, most of which aren’t even released yet. Again, this is just the groundwork. This Isn’t a COVID-19 Tracking App Just to be perfectly clear, unless you manually installed something, your Android or iPhone isn’t just going to start tracking you and your friends and family to see if you have COVID-19. If you go into your settings as mentioned in the above Facebook post, you’ll see that you either need to install or finish setting up a participating app before the notifications can even be turned on.  Apple and Google even confirm this in a joint statement saying “What we’ve built is not an app – rather public agencies will incorporate the API into their own apps that people install.” API stands for Application Programming Interface. Basically, Google and Apple have developed a standardized system to make it easier for states and local governments to build an effective app to notify users if they may have been exposed to COVID-19, but Google and […]

How Current Events Should Impact Your Business’ Technology Strategy

Remote Work and Distance Learning While neither working from home or learning online are exactly new, they have exploded in popularity due to recent events. While today’s technology—like Virtual Private Networking, cloud productivity and collaboration tools, and remote monitoring and management—makes these processes much simpler, there are a lot of challenges that these capabilities also present. Considerations like data security, the impact that isolation can have on employees and students alike, and how well certain tasks can be performed are all obstacles to these functions. However, with the right technology, these concerns can be mitigated or resolved so that your processes aren’t left insecure. Online Commerce With the fear that the nature of the current pandemic strikes within so many, combined with the restrictions and safeguards that businesses have put into place, alternative means of doing business have become a huge priority. Specifically, online commerce, the perfect joining of business and social distancing.  With businesses no longer able to operate in the way that they are used to, embracing the capabilities that the Internet provides will be critical to their survival. There are still safeguards that naturally need to take place when selling goods and services, only added to those that selling these goods and services online always come with. However, these safeguards are what will help to protect your clients and customers, and therefore preserve your business moving forward as revenue comes in. Digital and Contactless Payments In those businesses whose operations aren’t well-suited to transition to online, alternative means of accepting payment will be important for businesses to adopt so that infection can be minimized as much as possible. With digital payments coming into the fore, this is now made much simpler. Contactless digital payments and online payments alike give you, your clients, and customers an added level of safety and security. Communications Okay, we promised to mention something silly, and here it is. With many people wearing face masks to help stem the spread of COVID-19, a lot of people have discovered a few minor (but frustrating) challenges in doing so. For instance, communications. When wearing a mask, speaking on the phone can become challenging, which is why there is now another device—the c-mask, a smart mask—available to assist them. I wish I was kidding about this, but there is now a device available to attach over your face mask that connects to a mobile device via Bluetooth and allows you to dictate messages and send calls, even translating them to a different language with a subscription. It might look kind of weird, but if it works well, that’s pretty neat. Otherwise, the pandemic has also put the importance of communication to the fore, while 5G and other useful communication technologies have unfortunately been delayed. Hopefully, the issues surrounding 5G will be addressed and overcome so that 5G can be used to help benefit businesses as they regroup and recover. How has your business used technology to sustain itself? Share your experience in the comments!

For the SMB Returning to Work

The COVID-19 pandemic is the first time many of us have had to deal with this level of threat, and now that businesses start to re-open in an attempt to stagnate a recessionary dive in the economy, there is a lot of ground to cover. Today, we go through the considerations you need to make, and the actions you need to take, to keep your business clear of COVID-19, and what steps to take if the virus makes its way into your business.  Mitigation Understand Requirements While stay-at-home orders may be lifted, there are many other regulatory bodies and authorities that will put forth various restrictions for the sake of public health. Whether imposed by federal, state, or local governments, or tailored to a particular industry that has specific requirements for their operations, it is critical that these directives are followed to the letter. In the current situation, this becomes especially important in terms of the standards assigned by the Occupational Health and Safety Administration (OSHA) and the Centers for Disease Control and Protection (CDC). Make sure you take the time to check for additional requirements applicable to your business’ industry, in addition to what applies to all businesses. Compliance to ADA Rules Many workplaces may consider testing for COVID-19 before allowing access to a business’ premises by anyone, which itself will require a few decisions to be made (how these tests are administered, who administers them, and the type of test to be used) and for these results to be protected as medical information. The Americans with Disabilities Act and other assorted state laws also outline that these tests are only permitted if there is doubt that an employee can perform their job without posing a threat to themselves or their coworkers. While this standard was deemed to have been met by the U.S. Equal Employment Opportunity Commission, any updates could potentially change whether or not this screening is allowed. Check with your legal counsel before proceeding with these protocols. Office Cleanliness From your workplace to the employees to work there, you need to do everything you can to encourage a cleaner and healthier environment. Provide a few reminders pertaining to basic hygiene practices around the workplace, and make sure that it is cleaned and disinfected properly. Keeping the HVAC systems well-maintained and the office well ventilated also helps. Social Distancing Adoption Of course, we can’t discuss mitigating COVID-19 without bringing up social distancing. While many businesses are notorious for their close-quarter layouts, shared resources, and even their displays of etiquette, these need to be adjusted to maintain the recommended six feet (or more) of distance between people. Stagger shifts and enable telework, put up barriers and mark off boundaries, and discourage in-person meetings. Safety Protocols and Precautions It will also be necessary for you to put new rules and procedures in place to better ensure that your workplace is contributing as little risk as possible for your employees. This means that you will need to assign someone the responsibility of overseeing that all workplace processes are compliant with safety regulations. You will also need to be prepared to provide as many protections as possible for your employees, handle your staff and their potential absences in accordance with the law, and (as we’ll cover below) properly deal with an […]