DNS Filtering

Scampage Tools & Brand Phishing Attacks Alert Warning Released

An official warning has been issued by the Federal Bureau of Investigation (FBI) in relation to a spike well known brand being used in spear phishing attacks, focused on tricking people to hand over sensitive data or download malware.

The campaigns work by leveraging the trust that is placed in well-known brands in order to make them complete an action. Typically they include the actual logo of the targeted brand in the same format as real messages from the company. However, they will include links that take those who click on them to a malicious web portal. These web portals will attempt to steal sensitive data. 

Hackers sell scampage tools on the dark web that will allow other hackers to operate successful phishing campaigns. The FBI has confirmed that the scampage tools in question have the ability to spot if a person is their email address as their login ID for a web platform. If this is detected the user is sent to a scam page with the same email domain. The user is then asked to share their login credentials that the hacker can use to access the victim’s email. This in turn allows hackers to receive 2-factor authentication codes, thus rendering this security method useless. With 2FA codes, the cybercriminal can obtain access to accounts and make changes, including updating passwords to lock users out of their accounts or altering security rules before the owner of the account can be alerted.

The FBI release said: “Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers. Brand-phishing email campaigns and scampage tools that help bypass 2FA security measures represent another aspect to this emerging cyber threat.”

In order to prepare for an attack like this, companies must configure an advanced spam filtering solution to prevent phishing emails and stop them from landing in employee inboxes. Password policies should be set up that make strong passwords mandatory, and reviews carried out to police this and root out commonly used or weak passwords cannot be created on accounts. Employees should be warned to never use passwords on multiple accounts and to see to it that all company accounts have 100% unique passwords. Security awareness training should be conducted for all staff members to make them aware of email security best practices and how to spot  phishing emails and other scams.

Due to the spike in the use of scampage campaigns, all staff members should create a unique username for an account that is not connected to their main email address. 2-factor authentication should be enabled if it is available, and where possible, a software-based authenticator program or a USB security key should be in place as the second factor. 

 

Cisco Umbrella Alternative for SMBs and MSPs

In this post we propose an ideal Cisco Umbrella alternative that you can implement at a fraction of the cost of Cisco Umbrella, yet still have excellent protection from web-based threats and precision Internet content control for your workforce.

WebTitan Cloud is the leading Cisco Umbrella alternative for SMBs and Managed Service Providers (MSP) that serve the SMB market. WebTitan Cloud is, in many respects, a direct swap out for Cisco Umbrella, and one that will save you a small fortune on DNS filtering costs.

What is Cisco Umbrella?

In 2015, Cisco acquired OpenDNS and rebranded the OpenDNS Umbrella solution Cisco Umbrella. Cisco Umbrella is first and foremost a DNS filtering service – A cloud-based security service that protects office and home workers from online threats by filtering DNS requests. The Cisco Umbrella DNS filtering service works at the DNS lookup stage of a web request, where a URL is translated into an IP address to allow the resource to be located by a computer.

Cisco Umbrella DNS filtering allows administrators to set controls governing the web content that can be accessed, the files that can be downloaded from the Internet, along with a range of other security features such as a cloud-delivered firewall, shadow IT protection, and tools to investigate cyber threats.

Before we cover the cost of WebTitan versus Cisco Umbrella in our Cisco Umbrella review, it is worthwhile taking a moment to explain why DNS filtering is now an essential part of the security stack and why you need to add this additional layer of security if you are not already using a DNS filter.

Why is a DNS Filter Necessary?

You will no doubt be aware that the internet can be a dangerous place. As an IT professional or SMB owner, you need to make sure that your employees do not venture into areas of the internet that could cause your business harm.

Even general web browsing can pose a risk of a malware infection or ransomware download, and employees can easily be tricked into visiting phishing web pages where credentials are harvested. These are very real threats that need to be mitigated.

Rather than leave things to chance and hope your employees obey the rules and recognize all threats in time, you can implement a content filtering solution such as a DNS filter. A DNS filter requires no hardware purchases nor software downloads. You just reconfigure your DNS and point it to the provider of your DNS filtering service and apply your content controls. A DNS filter will block access to malicious content an can be configured to block downloads of certain file types commonly used to install malware.

All DNS content filtering takes place in the cloud, there will be no latency, and filtering will take place without any content being downloaded. You can control the categories of content that can be accessed and, if rules are broken by employees, they will be directed to a block page and no harm will be done. You can run reports on web usage, apply controls to conserve bandwidth, and perhaps most importantly, you can prevent employees from visiting malicious websites and can block malware and ransomware downloads. Without this additional security layer, your business will be at risk.

Cisco Umbrella Review

In this Cisco Umbrella review we will cover some of the advantages and disadvantages of Cisco Umbrella and will present a Cisco Umbrella alternative that is ideal for SMBs and MSPs. The Cisco Umbrella alternative we suggest includes the most important features of the Umbrella DNS filtering solution, with some key advantages for SMBs and MSPs. First, let us consider some aspects of the Cisco Umbrella solution to save you time in your research.

Cisco Umbrella Pricing

Cisco Umbrella pricing is not particularly transparent. First, there is no Cisco Umbrella price list on the Cisco website, and while it is possible to get an idea of the Cisco Umbrella price from resellers via Google searches, their prices tend to be out of date. Cisco recently updated and renamed its three Cisco Umbrella offerings, and as part of the re-jigging of the packages and addition of extra features, the Cisco Umbrella price was increased.

Cisco Umbrella pricing is a little complicated and varies based on several different factors. Naturally the prices increase from the basic offering - DNS Security Essentials - to the most advanced version of the solution - Secure Internet Gateway (SIG) Essentials, but also by the number of users, length of the contract term, and the optional extras that are added to the standard packages. It should be noted that standard Cisco Umbrella pricing only includes basic email support. More comprehensive support is offered as an add-on at an additional cost, and you will need to pay extra for software updates and access to online learning resources.

There is a Cisco Umbrella ordering guide that provides more information about what is included, the features of the solution, and a breakdown of each package to help businesses choose the most suitable version of the solution and select the extras they need. But if a Cisco Umbrella ordering guide is required, it gives you some idea of the complexity of Cisco Umbrella pricing.

Cisco Umbrella Licensing

As previously mentioned, Cisco Umbrella licensing is for three different solutions. These were initially called “Professional”, “Insights” and “Platform” but have recently been renamed “DNS Security Essentials,” “DNS Security Advantage,” and “DNS Secure Internet Gateway (SIG) Essentials.”

Cisco Umbrella licensing is based on the number of users and the minimum contract term is 1 year. In contrast to other DNS filtering service providers, with Cisco Umbrella you have to pay the costs upfront. You cannot spread the cost over the contract term with monthly billing, which makes the solution prohibitively expensive for many businesses, especially considering the cost of the SIG Essentials solution could be, with typical add-ons, in the region of $5+ per user, per month.

Is It Worth Paying the Cisco Umbrella Price?

We are not going to try to convince you not to look at Cisco Umbrella, as it is an accomplished DNS filtering solution that is suitable for many enterprises and SMBs. The product will certainly protect your business from web-based threats and will allow you to enforce your internet policies. However, there is a but. If you are already using Cisco Umbrella or have made enquiries about the solution, you will be aware that the product comes at a considerable cost.

Cisco Umbrella is not a one-size fits all solution. Cisco caters to a range of different customers, from small businesses to large enterprises and packages have been devised accordingly. The most basic offering is DNS Security Essentials, which is a bare bones DNS filtering package that blocks malware and ransomware downloads and allows you to enforce your Internet policies. However, there are many important features lacking that most SMBs will feel are important. For instance, now that most websites have moved over to HTTPS, connections to those sites are encrypted. You therefore need to decrypt, inspect, and then re-encrypt that traffic. The basic package does not include this feature - termed SSL inspection. That means those websites will be opaque to the solution and many malicious websites now have SSL certificates. Full decryption and inspection of all SSL traffic is only available in the top-level package. The mid-range solution only has partial decryption and inspection (for risky websites).

DNS Security Advantage is the second package offered, which provides more features such as greater insight for investigations, file threat intelligence, and  other tools. At the top end is the comprehensive Secure Internet Gateway Essentials package, which offers enterprise-grade DNS filtering with a host of features required by enterprises with a huge workforce. For most SMBs, the top package will offer a host of features that will most likely not be used. Unfortunately, the lowest level package is missing some important features that really are required by many SMBs.

What is the Cisco Umbrella Cost Per User?

So, how much does Cisco Umbrella cost? This is a key consideration for SMBs as they are likely to have limited budgets. They need to pay for several layers of cybersecurity to block the threats they are most likely to encounter. Spend top dollar on one solution and it is likely to mean less can be spent on other important security controls.

At the standard level, the Cisco Umbrella cost per user is $2.20 per month as of the start of 2021, which is considerably more than Cisco Umbrella alternative options such as WebTitan. For 100 users, Cisco Umbrella will cost $2,640 per year and that price only includes basic email support. If you opt for one of the more advanced packages, and we believe the middle package is the lowest level you should really consider due tot he lack of SSL inspection in the basic package, that price will increase considerably.

The standard price for a Cisco Umbrella alternative is around $1.00 to $1.50 per user per month, but here at TitanHQ we have a highly competitive pricing policy and can provide you with a Cisco Umbrella alternative for as little as $0.90 per user per month. That will save you $1,560 per year, based on 100 users compared to the basic Cisco Umbrella price.

There is More to Consider than the Cost of Cisco Umbrella Alone

Cost is not the only consideration, although it is certainly important. You will want to ensure that your DNS filter allows you to control content easily and it must provide protection against web-based threats. So, does opting for a Cisco Umbrella alternative reduce the protection you will get? Actually, you can pay less and improve protection, have an easier to use product, with better reporting, and less complexity.

At TitanHQ we have a totally transparent and flexible pricing policy and provide the same, high level of protection for everyone. All customers benefit from full SSL inspection to ensure that HTTPS traffic is inspected and analyzed, and all customers get industry-leading customer support at no extra cost.

WebTitan is also loved by users who rate it highly for ease of setup, ease of use, ease of admin, and for the quality of support provided. This can be seen on review sites such as G2 Crowd, as detailed below.

Cisco Umbrella alternative

The Leading DNS Filtering Solution for MSPs Serving the SMB Market

TitanHQ is the global leader in cloud-based email and web security solutions for MSPs that serve the SMB market. WebTitan has been designed to be ideal for MSPs and includes a host of features not offered by Cisco. In contrast to all packages of Cisco Umbrella, we offer a range of hosting options - with TitanHQ, in a private cloud, and you can even host the solution in your own environment, something that is important for many MSPs. You can also have WebTitan in white label form ready to take your own branding, another big plus for MSPs that is not offered by Cisco. The solution is also easy to integrate seamlessly into your own security and customer management solutions thanks to a suite of APIs. Onboarding new customers is simple and painless, and managing their web filtering settings is straightforward. All customers are kept separate in the solution and you can apply individual settings with ease, but you can still apply bulk settings to all customer accounts. Plus you can manage the solution securely from anywhere with an Internet connection.

Cisco Umbrella alternative for MSPs

Many MSPs are now making the switch from Cisco Umbrella to WebTitan, with the most common reasons being the high cost of Umbrella, which has to be passed on to customers or absorbed. It can be a difficult sell with the high cost, even though the benefits of web filtering are usually understood by clients. The usability of the solution is also a common complaint, as is the quality of post-sales customer support and the lack of flexibility.

UK-based managed service provider Network Needs is one of the MSPs that has made the switch from Cisco Umbrella to WebTitan, and accurately sums up the experience of the many MSPs that have done the same. "When we decided to trial WebTitan we were happily surprised. Straightaway we dropped Cisco Umbrella and moved to WebTitan and it is impressing us every day," said Network Needs Technical Director, Ryan Lochhead. "WebTitan easily integrated into Network Needs existing service stack, avoiding any delays in offering the service. There is comprehensive remote management and monitoring via an API. Any MSP will benefit from WebTitan’s many advantages"

How Does WebTitan Compare to Cisco Umbrella?

WebTitan Cisco Umbrella Comparison Chart

Find out More About Our Alternative to Cisco Umbrella Today!

Our sales staff will be happy to explain the benefits of WebTitan over Cisco Umbrella and schedule a product demonstration to show you how easy the solution is to use and integrate into your own environment. If you would like to try WebTitan before committing, you can also take advantage of our free 14-day trial. For the duration of the trial you will have access to full product support to ensure you get the most out of the solution. For more information, give the TitanHQ team a call today.

Frequently Asked Questions (FAQs)

Is Cisco Umbrella the same as OpenDNS?

Cisco acquired OpenDNS and rebranded the OpenDNS enterprise security products as Cisco Umbrella. Cisco Umbrella is not exactly the same as OpenDNS, but they do perform the same function, with Cisco Umbrella providing enterprises with greater control, more features, and better integration with other Cisco solutions.

Is Cisco Umbrella worth the cost?

Cisco Umbrella is a powerful web security solution that provides important security benefits and visibility into the Internet activity of all devices and users. While the threat protection is excellent, the cost of the solution can be prohibitively expensive for many small businesses, who can get the features they need from a solution at a fraction of the cost.

Who uses Cisco Umbrella?

While any company can benefit from Cisco Umbrella and improve security, the solution is aimed at mid-to large-sized organizations and includes many features that smaller businesses will not need or use. If you are just looking for a web security solution to control access to web content and block malware downloads, you will be able to make considerable savings with WebTitan.

Is Cisco Umbrella DNS Security Essentials worth the cost?

The features included with the cheapest package of Cisco Umbrella – DNS Security Essentials - are very limited. Businesses looking for the features provided by DNS Security Essentials will be able to get them and more – full SSL inspection for instance - with a Cisco Umbrella alternative such as WebTitan Cloud.

Is Cisco Umbrella a good choice for MSPs?

Cisco does provide Umbrella for Managed Service Providers and it is a good solution for protecting clients and preventing costly malware infections. While an accomplished product, the cost can be high for MSPs, especially those serving the SMB market and there is no option for hosting within an MSP data center and the solution will not be provided as a white label.

WebTitan OTG (on-the-go) for Chromebooks Launched in WebTitan Cloud 4.16

TitanHQ has released WebTitan Cloud 4.16 which adds new functionality to the DNS-based web filtering solution to make management even easier. The latest release also includes a new school web filtering solution.

WebTitan Cloud 4.16 includes DNS Proxy 2.06, which allows filtering of users in Azure Active Directory, as well as on-premise AD and directory integration for Active Directory to make the management of filtering controls for users, groups of users, and organization-wide controls even easier. The latest version includes several fixes and enhanced security to better protect users from web-based threats.

TitanHQ is pleased to announce the release of WebTitan OTG (on-the-go) for Chromebooks with the latest version of WebTitan Cloud. This new service has been specifically developed for the education sector to ensure students can access the Internet safely and securely.

The use of Chromebooks has been growing, with the devices popular in schools as they are a cost-effective way of giving students Internet access. While the Internet offers many learning opportunities, it is important to protect students from threats and web content that could cause them harm.

Schools should implement controls to restrict access to inappropriate content as well as block threats such as phishing, malware, and ransomware.  WebTitan OTG for Chromebooks makes that a very quick and simple process.

WebTitan OTG (on-the-go) for Chromebooks allows IT professionals in the education sector to apply web filtering controls for individuals, school years, all students, and separate controls for staff members. From start to finish, set up takes just a few minutes.

Administrators have precision control over the content that can be accessed, allowing them to easily comply with state and federal laws, including the Children’s Internet Protection Act (CIPA).

WebTitan OTG for Chromebooks is a DNS-based web filter that filters the Internet before any content is downloaded. As such, there is no latency, regardless of where the Internet is accessed – in the classroom, at home, or elsewhere.

No hardware is required, there are no proxies or VPNs, and administrators have full visibility into Internet access, including locations, web pages visited, and attempts made to visit restricted content.

Key Features of WebTitan OTG for Chromebooks

  • Cost effective web filtering for schools.
  • Easy to install and manage remotely.
  • Full reporting across Chromebook users and locations.
  • User level policies.
  • No additional on-premises hardware required.
  • No slow & expensive VPNs or Proxies required.
  • Chromebooks can be locked down to avoid circumvention.
  • Fast, customizable & accurate DNS filtering.

Using WebTitan OTG for Chromebooks provides an effective way to apply filtering policies to your Chromebooks from the cloud.

“This new release comes after an expansive first quarter. The launch of WebTitan Cloud 4.16 brings phenomenal new security features to our customers,” Said TitanHQ CEO, Ronan Kavanagh. “After experiencing significant growth in 2020, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”

Phishing and Malware Distribution Campaigns focus on Discord

Cybercriminals have long targeted cloud-based instant messaging service which provide easily communication between users. One of the these services that was recently leveraged by hackers is Discord, The platform is now being extensively used to spread phishing and malware.

VoIP, instant messaging and digital distribution is available from Discord and, due to this, it was used by gaming community before gaining more popularity among a wider variety of users. 150 million users worldwide were registered during 2019 and the surge in membership has continued since then. Additionally, the service has, for some time, been use by cybercriminals vie the platform’s live chat feature for selling and trading stolen data, anonymous communications, and to act as C2 servers for communicating with malware-infected devices.

Throughout 2021, the service has been widely used for sharing malware variants including information stealers, cryptocurrency miners, Remote Access Trojans, and ransomware by abusing the cdn.discordapp.com service.

Similar to other collaboration apps, Discord uses content delivery networks (CDNs) for storing shared files within channels. Hackers can place malicious files on Discord and create a public link for sharing, and that link can be shared with anyone, not just Discord users. The URL generated for sharing begins with https://cdn.discordapp.com/ so anyone who is sent the link will see that the link is for a legitimate site. While there are controls to stop malicious files from being uploaded, in a lot of cases hackers can bypass those protections have get their malicious files hosted, and alerts are not always shown to users about the risk of clicking on files from Discord.  Since the malicious payloads are sent over  encrypted HTTPS, the downloads can be masked from security solutions.

Additionally, once uploaded, the malware can be removed from a thread, but it is still accessible using the public URL. Users are often fooled into installing these malicious files under the guise of pirated software or games. Gamers have been focused on as their PCs typically have a high spec for gaming, which makes them perfect for cryptocurrency mining.

This style of malware campaign means that malware developers and distributers can simply share their malicious payloads with a high degree of anonymity. A review by Zscaler discovered over 100 unique malware samples from Discord in the Zscaler cloud in just a two-month time space. Another review of Discord CDN results discovered approximately 20,000 results on VirusTotal.

The Discord app is also easy to configure to carry out malicious actions. Malicious JavaScript code can simply be added to the legitimated Discord client files and can be set up and run every time the client is initiated or when specially designed URLs are opened by the client.

Discord is not the sole communication and collaboration solution to be leveraged by hackers. Slack and Telegram are also being abused in phishing campaigns and for malware campaigns.

If you would like to enhance email security get in touch with TitanHQ now to discover more about these award-winning cybersecurity solutions.

Easy Ways to Improve Cybersecurity Protections for Remote Workers

The COVID-19 pandemic has forced businesses to rapidly scale up remote working. Before the 2019 Novel Coronavirus outbreak, many employees were spending some of the week working remotely but now businesses have had to allow virtually the entire workforce to work from home. While there are signs that the lockdown measures are having an effect and the number of new cases is starting to level off, it is likely to be some time before lockdowns are eased and life can return to normal. Even when governments start to ease restrictions, it is likely that most employees will have to continue to work from home for many more months.

Protecting a Remote Workforce from Cybersecurity Threats

At TitanHQ, we have seen the number of COVID-19 and Novel Coronavirus-themed phishing emails steadily grow over the past few weeks. Now, huge numbers of phishing emails are being sent that use COVID-19 as a lure to get remote workers to divulge their credentials or install malware. The email campaigns are highly varied, with some of the most common lures being the offer of a cure, information on how to protect against infection, advice to avoid transmission of the virus, and offers of the latest data on local cases.

One of the problems for IT departments is employees want all this information, so there is a high chance of at least some of those messages being opened by employees if they arrive in inboxes. Infected email attachments may be opened and clicks on links will see employees visit phishing websites where credentials are harvested or malware is downloaded.

Entire households are self-isolating together and schools are closed. Demands are being placed on employees that do not exist in the office, which means that concentration lapses are likely to occur, and that increases of a response to a phishing email.

It is therefore important for businesses to take steps to reduce risk. Cybersecurity awareness training for the workforce is critical to make employees aware of the threat of cyberattacks while they are working remotely and to reinforce education on cybersecurity best practices when working remotely. It is also essential for cybersecurity measures to be implemented that can reduce the risk of employees encountering a threat, and make sure that threats are neutralized if they are delivered.

Two Cybersecurity Solutions to Improve Protection for Remote Workers

There are two important cybersecurity solutions that can help in this regard. A powerful email security solution is required to improve the detection of phishing and malware threats and a web filtering solution to block attempts to visit malicious websites.

You will already have some email security measures in place to block spam and phishing emails, but for many businesses this will be the standard protections provided by Microsoft with Office 365. While Microsoft’s baseline level of security, provided through Exchange Online Protection, is reasonably effective at blocking spam email, it is far less effective at blocking phishing attacks and zero-day malware threats. Given the volume of phishing threats now targeting remote workers, you should consider bolstering your email security defenses by adding an additional layer of security on top of Exchange Online Protection.

SpamTitan Cloud is a powerful email security solution that will provide superior protection for Office 365. SpamTitan Cloud compliments EOP and will improve protection against the full range of email threats, including zero-day threats that often sneak past EOP. SpamTitan Cloud scans inbound email and uses machine learning techniques to identify never-before seen phishing threats and outbound email scanning to detect already compromised mailboxes and block spamming and malware distribution. Malware protection is improved with dual antivirus engines and sandboxing to detect and block zero-day malware threats. SPF and DMARC are also incorporated to identify and block email impersonation attacks.

Protection from web-based threats is also important. WebTitan Cloud is a powerful DNS filtering solution that can be used to protect workers on or off the network. Businesses can apply filtering controls to prevent employees from visiting malicious websites and stop work-issued devices from being used to access risky websites and those that serve no work purpose. In addition to blocking malware downloads and curbing cyberslacking, the solution can also be used to prevent the installation of shadow IT – the downloading and installation of unauthorized software solutions.

Both of these solutions can be implemented by businesses and MSPs remotely without the need to install any clients. They are easy to implement and maintain, and both solutions are extremely well priced.

For further information on improving cybersecurity for your remote workers, give the TitanHQ team a call today.

Cybersecurity Checklist for Remote Workers

IT departments face a major challenge ensuring mobile devices used by remote workers are secured and that challenge has just got bigger as a result of the 2019 Novel Coronavirus pandemic with so many employees now working from home. To help IT departments manage security risks, we have compiled a cybersecurity checklist for remote workers detailing steps that can be taken to deal with the challenges of having a largely remote workforce.

Given time, IT departments can make sure mobile devices are configured correctly, are free from vulnerabilities, and have all the necessary software and security solutions installed to allow employees to securely work from home. Training can also be provided to remote workers to teach them cybersecurity best practices and how to practice good IT hygiene; however, the speed at which the 2019 Novel Coronavirus has spread has meant employers and their IT departments have had little time to prepare and have had to accommodate massive numbers of employees self-isolating and working from home.

Telecommuting Cybersecurity Risks

A massive increase in remote workers significantly increases the attack surface. Not only have many devices left the protection of corporate firewalls, additional software solutions have had to be installed to ensure workers can continue to be productive at home. Videoconferencing software is required, chat platforms need to be used to maintain contact, and VPNs are required to secure connections over the internet.

The cybersecurity risks introduced by telecommuting are considerable. Even solutions used to improve security can be turned against an organization. VPNs will ensure connections to work networks are secured, but if VPN credentials are compromised, attackers can use them to gain access to corporate networks undetected and VPNs can be turned into pipelines for delivering malware.

In 2019, several popular VPN solutions were found to contain critical vulnerabilities that allowed attackers to easily gain access to credentials. While patches were promptly developed and released to correct the flaws, many businesses failed to perform updates quickly. Even today, almost a year after the patches were released, some companies are still using vulnerable VPNs. Cybercriminals have been quick to take advantage and attacks on vulnerable VPNs have increased significantly.

When workers are in the office collaboration is easy. Close collaboration needs to be maintained when the majority of the workforce is working from home. IT teams must try to ensure the same communication tools that are used in the office are still available to remote workers. If not, employees will find their own ways of communicating, which may not provide the required level of security. If employees start using Google Drive for sharing files for instance, IT departments will lose visibility and will not be able to tell where sensitive data is being stored or transmitted.

With so many home workers due to the 2019 Novel Coronavirus and COVID-19, use of videoconferencing solutions has skyrocketed. Many platforms are now being used, although Zoom is one of the most popular choices. While this videoconferencing platform claims to offer end to end encryption, it has recently been discovered that Zoom’s interpretation of end-to-end encryption is different to other solution providers. While Zoom meetings are encrypted from Zoom client to Zoom client, Zoom has access to audio and video. Many companies have instructed their remote workers to stay in touch using Zoom but may now have to reconsider and use a platform with true end-to-end encryption. Vulnerabilities have also been identified in the platform in the past few days which could be exploited to gain access to sensitive data.

Phishing campaigns are being conducted to gain access to the credentials of remote workers. Cybercriminals are well aware that attacks are much easier on remote workers, and the large numbers of remote workers connecting to networks allows them to easily hide their malicious connections.

The COVID-19 crisis is likely to be a particularly stressful time for IT departments. While the cybersecurity risks increase with remote workers, it is possible to implement tools to manage risk effectively, protect sensitive data, and allow work to continue until life returns to normal again.

Internet Security and Telecommuting Workers

Working from home can be a challenge as there are many distractions that are not present in the office. It is often difficult for workers to separate work life from home life, and that applies to IT as well. Remote workers are likely to be tempted to use their work devices for personal internet use, rather than powering up their personal devices. It is important for policies to be established covering the allowable uses of company devices and those policies should be enforced. If corporate laptops are used for personal internet use, the risk of malware infections will increase.

The easiest way to enforce policies is with a web filtering solution. A web filter, such as WebTitan, allows IT teams to carefully control the online activities of employees and manage risk. With WebTitan in place, companies can enforce their acceptable internet usage policies and prevent their employees from visiting websites used for phishing and malware distribution. Since WebTitan integrates with Active Directory and LDAP, IT teams can easily monitor the online activities of each employee, identify potentially risky behavior in real time and take action to address those risks.

Rise in Phishing Attacks Warrants Email Security Improvements

The 2019 Novel Coronavirus pandemic has provided cybercriminals with many opportunities for conducting phishing attacks and distributing malware. The first major coronavirus-themed phishing campaigns were detected in January 2020 and in the weeks that have followed the volume of messages has soared. People want up to date information on COVID-19 cases in their local area and advice on protecting against infection. Cybercriminals have been all too happy to oblige.

The campaigns we have identified have included highly convincing scams impersonating authorities such as the Centers for Disease Control and Prevention and the World Health Organization. The emails claim to offer important advice and updates about the Novel Coronavirus and COVID-19 but install malware and steal credentials. Remote workers are being targeted with emails spoofing their own HR departments, telling them about new protocols that must be adopted following infections in the office. A day doesn’t go by without another phishing scam being uncovered.

The increase in phishing attacks coupled with the rise in remote workers means steps should be taken to improve email security, especially for Office 365 accounts, which are being targeted by cybercriminals. While standard Office 365 email security provided by Exchange Online Protection (EOP) may have been sufficient to protect against low level phishing attacks, the increase in targeted attacks means greater protection is now required. Businesses should consider adding another layer of protection with a third-party email security solution such as SpamTitan. In contrast to EOP, SpamTitan offers sandboxing to protect against zero-day malware threats and provides superior protection against phishing and spear phishing attacks.

Employer Cybersecurity Checklist for Remote Workers

Employers and IT departments can take several steps to reduce cybersecurity risks for remote workers. We hope this cybersecurity checklist for remote workers will help you to identify and address cybersecurity risks.

  • Ensure a VPN client is installed on remote workers’ devices, that it is updated to the latest version, and remote workers have been trained how to use the VPN
  • Restrict access to resources that are not required by workers and use the principle of least privilege
  • Block the use of USB devices on remote users’ devices
  • Get remote workers to check their Wi-Fi connection is secure, that a strong password has been set, and encryption is enabled.
  • Set up systems to recognize probes and packet sniffers
  • Implement encryption on devices to protect data at rest
  • Ensure software is kept up to date and patches are applied promptly
  • Ensure antivirus software is installed on all users’ devices and it is set to update automatically. Perform regular scans to identify malicious code
  • Make sure all data is backed up to prevent against accidental loss and to ensure recovery is possible in the event of a ransomware attack
  • Ensure screens are set to lock after a period of inactivity to prevent devices and data from being accessed by unauthorized individuals.
  • Augment email security and create layered defenses to protect against phishing attacks
  • Implement a web filter to prevent workers from accessing malicious websites
  • Use cloud applications for sharing sensitive data with remote workers rather than email
  • Provide ongoing security awareness training to employees to make sure they are aware of the cybersecurity risks for remote workers and are taught how to identify phishing and other threats
  • Ensure complex passwords are set and password policies are enforced
  • Enable multifactor authentication for email and cloud applications. If credentials are compromised, access will not be permitted without an additional authentication factor
  • Set computer use policies for remote employees. Make sure employees are aware that corporate devices can only be used for work purposes
  • Ensure support is always available for remote workers and prioritize support for remote access solutions and security issues
  • Make sure all employees are aware of the procedures to follow for security incidents
  • Step up network monitoring and ideally use an intrusion detection solution and AI-based tool to identify anomalous user behavior that could be indicative of an insider threat or cyberattack in progress