Home Worker Cybersecurity Best Practices

To assist those who are working remotely during the COVID19 Pandemic we have compiled a set of cybersecurity best practices for home workers to help IT teams prepare for a massive rise in telecommuting

The cybersecurity protections at home will not be as strong as protections in the office, which are much easier to implement and maintain. IT departments will therefore need to advise telecommuting workers cybersecurity best practices for home working and their devices will need to be set up to access applications and work resources securely. With so many workers having to telecommute, this will be a massive challenge.

The coronavirus pandemic has forced businesses to quickly grow the number of telecommuting workers and having to increase capacity in such a short space of time increases the potential for errors. Additionally, testing may not be nearly as stringent as necessary given the time pressure IT staff are under. Their teams too are likely to be much smaler due to self-isolating workers.

One area where standards are likely to fall is staff training on IT. Many staff will be working from home for the first time and will have to use new methods and applications they will not be used to. The lack of familiarity can easily lead to errors being made. It is important that even though resources are restricted you still teach cybersecurity best practices for home workers. Do not think that telecommuting workers will be aware of the steps they must take to work safely away from the office.

Measures for IT Teams to implement to Enhance Cybersecurity for Home Workers

Listed here are some of the main steps that IT teams need to take to improve security for employees that must now work from home.

Check VPNs are Provided and Updated

Telecommuting workers should not be allowed to access their work environment unless they use a VPN. A VPN will ensure that all traffic is encrypted, and data cannot be captured in transit. Enterprise-grade VPNs should be used as they are more robust and provide stronger security. Ensure there are sufficient licenses for all workers, and you have enough bandwidth available. You must also make sure that the VPN is running the most recent software version and patches are applied, even if this means some downtime to apply the updates. VPN vulnerabilities are under active attack.

Configure Firewalls for Remote Workers

You will have a firewall in place at the office and remote workers must have similar security measures in place. Software firewalls should be set up to protect remote workers’ devices. Home routers may have inbuilt firewalls show employees how to enable hardware firewalls if they have them on their home routers and ensure that passwords are set to stop unauthorized individuals from logging on with their home Wi-Fi network.

Use the Rule of Least Privilege

Remote workers bring with them new risks, and with large sections of the workforce telecommuting, that risk is considerable. Remote workers are being targeted by cybercriminals and through web- and email-based attacks. In the event of a malware infection or credential theft, damage can be managed by ensuring workers only have access to resources absolutely vital for them to perform their work duties. If possible, limit access to sensitive systems and data.

Ensure Strong Passwords are Being Used

To safeguard from brute force attacks, ensure good password practices are being adhered to. Consider using a password manager to help employees remember their passwords. The use of complex passwords should be policed.

Enable Multifactor Authentication

Multifactor authentication should be enabled on all applications that are accessed by remote workers. This measure will ensure that if credentials are compromised, system access is not allowed unless a second factor is provided.

Ensure Remote Workers’ Devices Have Antivirus Software Configured

Antivirus software must be configured on all devices that are allowed to connect to work networks and the solutions must be set to update automatically.

Set Windows Updates to Automatic

Working remotely makes it more difficult to monitor user devices and perform updates. Ensure that Windows updates are set to take place automatically outside of office hours. Instruct workers to leave their devices on to permit updates to take place.

Use Cloud-Based Backups

To stop accidental data loss and to protect against ransomware attacks, all data must be backed up. By using cloud-based backups, in the event of data loss, data can be brought back online from the cloud-backup service.

Use Cybersecurity Best Practices for Home Workers

All telecommuting workers must be shown how they need to access their work environment securely when working away from the office. Reinforce IT best practices with home workers, provide training on the use of VPNs, provide training on cybersecurity dos and don’ts when working remotely, and explain procedures for reporting problems.

Define Procedures for Dealing with a Security Incident

Members of the IT team are also likely to be working remotely so it is essential that everyone is aware of their role and responsibilities. In the event of a security incident, workers should have clear procedures to follow to ensure the incident is resolved quickly and efficiently.

Implement a Web Filter

A web filter will help to protect against web-based malware attacks by blocking access to malicious websites and will help to prevent malware downloads and the installation of shadow IT. Also consider applying content controls to limit employee activities on corporate-owned devices. Drive-by malware attacks have grown and the number of malicious domains registered in the past few weeks has gone up rapidly.

Use Encrypted Communication Channels

When you need to speak ot private message with telecommuting workers, ensure you have secure communications channels to use where sensitive information cannot be intercepted. Use encryption for email and safe text message communications, such as Telegram or WhatsApp.

Ensure Your Email Security Controls are Appropriate

One of the main cybersecurity best practices for home workers is to take additional care when opening emails. Phishing and email-based malware attacks have increased massively during the coronavirus pandemic. Ensure training is given to help employees spot phishing emails and other email dangers.

Think about augmenting email security to see to it that more threats are blocked. If you use Office 365, a third-party email security solution layered on top will give much better security. Exchange Online Protection (EOP) is unlikely to give the level of protection you need against phishing and zero-day malware attacks. Consider an email security solutions with data loss protection functions to keep you safe from against insider threats.

Search for Unauthorized Access

More devices linked to work environments makes it much more simple for threat actors to disguise malicious activity. Make sure monitoring is increased. An intrusion detection system that can spot anomalous user behavior would be a wide investment.

For more information on enhancing email security and web filtering to safeguard remote workers during the coronavirus pandemic, contact TitanHQ now.

 

Easy Ways to Improve Cybersecurity Protections for Remote Workers

The COVID-19 pandemic has forced businesses to rapidly scale up remote working. Before the 2019 Novel Coronavirus outbreak, many employees were spending some of the week working remotely but now businesses have had to allow virtually the entire workforce to work from home. While there are signs that the lockdown measures are having an effect and the number of new cases is starting to level off, it is likely to be some time before lockdowns are eased and life can return to normal. Even when governments start to ease restrictions, it is likely that most employees will have to continue to work from home for many more months.

Protecting a Remote Workforce from Cybersecurity Threats

At TitanHQ, we have seen the number of COVID-19 and Novel Coronavirus-themed phishing emails steadily grow over the past few weeks. Now, huge numbers of phishing emails are being sent that use COVID-19 as a lure to get remote workers to divulge their credentials or install malware. The email campaigns are highly varied, with some of the most common lures being the offer of a cure, information on how to protect against infection, advice to avoid transmission of the virus, and offers of the latest data on local cases.

One of the problems for IT departments is employees want all this information, so there is a high chance of at least some of those messages being opened by employees if they arrive in inboxes. Infected email attachments may be opened and clicks on links will see employees visit phishing websites where credentials are harvested or malware is downloaded.

Entire households are self-isolating together and schools are closed. Demands are being placed on employees that do not exist in the office, which means that concentration lapses are likely to occur, and that increases of a response to a phishing email.

It is therefore important for businesses to take steps to reduce risk. Cybersecurity awareness training for the workforce is critical to make employees aware of the threat of cyberattacks while they are working remotely and to reinforce education on cybersecurity best practices when working remotely. It is also essential for cybersecurity measures to be implemented that can reduce the risk of employees encountering a threat, and make sure that threats are neutralized if they are delivered.

Two Cybersecurity Solutions to Improve Protection for Remote Workers

There are two important cybersecurity solutions that can help in this regard. A powerful email security solution is required to improve the detection of phishing and malware threats and a web filtering solution to block attempts to visit malicious websites.

You will already have some email security measures in place to block spam and phishing emails, but for many businesses this will be the standard protections provided by Microsoft with Office 365. While Microsoft’s baseline level of security, provided through Exchange Online Protection, is reasonably effective at blocking spam email, it is far less effective at blocking phishing attacks and zero-day malware threats. Given the volume of phishing threats now targeting remote workers, you should consider bolstering your email security defenses by adding an additional layer of security on top of Exchange Online Protection.

SpamTitan Cloud is a powerful email security solution that will provide superior protection for Office 365. SpamTitan Cloud compliments EOP and will improve protection against the full range of email threats, including zero-day threats that often sneak past EOP. SpamTitan Cloud scans inbound email and uses machine learning techniques to identify never-before seen phishing threats and outbound email scanning to detect already compromised mailboxes and block spamming and malware distribution. Malware protection is improved with dual antivirus engines and sandboxing to detect and block zero-day malware threats. SPF and DMARC are also incorporated to identify and block email impersonation attacks.

Protection from web-based threats is also important. WebTitan Cloud is a powerful DNS filtering solution that can be used to protect workers on or off the network. Businesses can apply filtering controls to prevent employees from visiting malicious websites and stop work-issued devices from being used to access risky websites and those that serve no work purpose. In addition to blocking malware downloads and curbing cyberslacking, the solution can also be used to prevent the installation of shadow IT – the downloading and installation of unauthorized software solutions.

Both of these solutions can be implemented by businesses and MSPs remotely without the need to install any clients. They are easy to implement and maintain, and both solutions are extremely well priced.

For further information on improving cybersecurity for your remote workers, give the TitanHQ team a call today.

Cybersecurity Checklist for Remote Workers

IT departments face a major challenge ensuring mobile devices used by remote workers are secured and that challenge has just got bigger as a result of the 2019 Novel Coronavirus pandemic with so many employees now working from home. To help IT departments manage security risks, we have compiled a cybersecurity checklist for remote workers detailing steps that can be taken to deal with the challenges of having a largely remote workforce.

Given time, IT departments can make sure mobile devices are configured correctly, are free from vulnerabilities, and have all the necessary software and security solutions installed to allow employees to securely work from home. Training can also be provided to remote workers to teach them cybersecurity best practices and how to practice good IT hygiene; however, the speed at which the 2019 Novel Coronavirus has spread has meant employers and their IT departments have had little time to prepare and have had to accommodate massive numbers of employees self-isolating and working from home.

Telecommuting Cybersecurity Risks

A massive increase in remote workers significantly increases the attack surface. Not only have many devices left the protection of corporate firewalls, additional software solutions have had to be installed to ensure workers can continue to be productive at home. Videoconferencing software is required, chat platforms need to be used to maintain contact, and VPNs are required to secure connections over the internet.

The cybersecurity risks introduced by telecommuting are considerable. Even solutions used to improve security can be turned against an organization. VPNs will ensure connections to work networks are secured, but if VPN credentials are compromised, attackers can use them to gain access to corporate networks undetected and VPNs can be turned into pipelines for delivering malware.

In 2019, several popular VPN solutions were found to contain critical vulnerabilities that allowed attackers to easily gain access to credentials. While patches were promptly developed and released to correct the flaws, many businesses failed to perform updates quickly. Even today, almost a year after the patches were released, some companies are still using vulnerable VPNs. Cybercriminals have been quick to take advantage and attacks on vulnerable VPNs have increased significantly.

When workers are in the office collaboration is easy. Close collaboration needs to be maintained when the majority of the workforce is working from home. IT teams must try to ensure the same communication tools that are used in the office are still available to remote workers. If not, employees will find their own ways of communicating, which may not provide the required level of security. If employees start using Google Drive for sharing files for instance, IT departments will lose visibility and will not be able to tell where sensitive data is being stored or transmitted.

With so many home workers due to the 2019 Novel Coronavirus and COVID-19, use of videoconferencing solutions has skyrocketed. Many platforms are now being used, although Zoom is one of the most popular choices. While this videoconferencing platform claims to offer end to end encryption, it has recently been discovered that Zoom’s interpretation of end-to-end encryption is different to other solution providers. While Zoom meetings are encrypted from Zoom client to Zoom client, Zoom has access to audio and video. Many companies have instructed their remote workers to stay in touch using Zoom but may now have to reconsider and use a platform with true end-to-end encryption. Vulnerabilities have also been identified in the platform in the past few days which could be exploited to gain access to sensitive data.

Phishing campaigns are being conducted to gain access to the credentials of remote workers. Cybercriminals are well aware that attacks are much easier on remote workers, and the large numbers of remote workers connecting to networks allows them to easily hide their malicious connections.

The COVID-19 crisis is likely to be a particularly stressful time for IT departments. While the cybersecurity risks increase with remote workers, it is possible to implement tools to manage risk effectively, protect sensitive data, and allow work to continue until life returns to normal again.

Internet Security and Telecommuting Workers

Working from home can be a challenge as there are many distractions that are not present in the office. It is often difficult for workers to separate work life from home life, and that applies to IT as well. Remote workers are likely to be tempted to use their work devices for personal internet use, rather than powering up their personal devices. It is important for policies to be established covering the allowable uses of company devices and those policies should be enforced. If corporate laptops are used for personal internet use, the risk of malware infections will increase.

The easiest way to enforce policies is with a web filtering solution. A web filter, such as WebTitan, allows IT teams to carefully control the online activities of employees and manage risk. With WebTitan in place, companies can enforce their acceptable internet usage policies and prevent their employees from visiting websites used for phishing and malware distribution. Since WebTitan integrates with Active Directory and LDAP, IT teams can easily monitor the online activities of each employee, identify potentially risky behavior in real time and take action to address those risks.

Rise in Phishing Attacks Warrants Email Security Improvements

The 2019 Novel Coronavirus pandemic has provided cybercriminals with many opportunities for conducting phishing attacks and distributing malware. The first major coronavirus-themed phishing campaigns were detected in January 2020 and in the weeks that have followed the volume of messages has soared. People want up to date information on COVID-19 cases in their local area and advice on protecting against infection. Cybercriminals have been all too happy to oblige.

The campaigns we have identified have included highly convincing scams impersonating authorities such as the Centers for Disease Control and Prevention and the World Health Organization. The emails claim to offer important advice and updates about the Novel Coronavirus and COVID-19 but install malware and steal credentials. Remote workers are being targeted with emails spoofing their own HR departments, telling them about new protocols that must be adopted following infections in the office. A day doesn’t go by without another phishing scam being uncovered.

The increase in phishing attacks coupled with the rise in remote workers means steps should be taken to improve email security, especially for Office 365 accounts, which are being targeted by cybercriminals. While standard Office 365 email security provided by Exchange Online Protection (EOP) may have been sufficient to protect against low level phishing attacks, the increase in targeted attacks means greater protection is now required. Businesses should consider adding another layer of protection with a third-party email security solution such as SpamTitan. In contrast to EOP, SpamTitan offers sandboxing to protect against zero-day malware threats and provides superior protection against phishing and spear phishing attacks.

Employer Cybersecurity Checklist for Remote Workers

Employers and IT departments can take several steps to reduce cybersecurity risks for remote workers. We hope this cybersecurity checklist for remote workers will help you to identify and address cybersecurity risks.

  • Ensure a VPN client is installed on remote workers’ devices, that it is updated to the latest version, and remote workers have been trained how to use the VPN
  • Restrict access to resources that are not required by workers and use the principle of least privilege
  • Block the use of USB devices on remote users’ devices
  • Get remote workers to check their Wi-Fi connection is secure, that a strong password has been set, and encryption is enabled.
  • Set up systems to recognize probes and packet sniffers
  • Implement encryption on devices to protect data at rest
  • Ensure software is kept up to date and patches are applied promptly
  • Ensure antivirus software is installed on all users’ devices and it is set to update automatically. Perform regular scans to identify malicious code
  • Make sure all data is backed up to prevent against accidental loss and to ensure recovery is possible in the event of a ransomware attack
  • Ensure screens are set to lock after a period of inactivity to prevent devices and data from being accessed by unauthorized individuals.
  • Augment email security and create layered defenses to protect against phishing attacks
  • Implement a web filter to prevent workers from accessing malicious websites
  • Use cloud applications for sharing sensitive data with remote workers rather than email
  • Provide ongoing security awareness training to employees to make sure they are aware of the cybersecurity risks for remote workers and are taught how to identify phishing and other threats
  • Ensure complex passwords are set and password policies are enforced
  • Enable multifactor authentication for email and cloud applications. If credentials are compromised, access will not be permitted without an additional authentication factor
  • Set computer use policies for remote employees. Make sure employees are aware that corporate devices can only be used for work purposes
  • Ensure support is always available for remote workers and prioritize support for remote access solutions and security issues
  • Make sure all employees are aware of the procedures to follow for security incidents
  • Step up network monitoring and ideally use an intrusion detection solution and AI-based tool to identify anomalous user behavior that could be indicative of an insider threat or cyberattack in progress

500k PCs Infected with Cryptocurrency Mining Malware in 12 Hours by Dofoil Trojan

A huge campaign distributing the Dofoil Trojan has been discovered by Microsoft. The campaign has already witnessed almost half a million PCs infected with the malware in less than 12 hours. The Dofoil Trojan is otherwise referred to as Smoke Loader – an installer that has been in operation for many years.

The Dofoil Trojan is a small application which once downloaded to a PC is capable of downloading other forms of malware. The Dofoil Trojan has been used in many campaigns since at least 2011 to download malware, with the latest campaign used to install cryptocurrency mining malware.

This was first noticed on March 6 when Windows Defender discovered almost 80,000 instances of the Trojan on PCs with the number rising rapidly to more than 400,000 in the next 12 hours.  Several strains of the Dofoil Trojan were being used in the campaign which was mostly focusing on devices in Russia, Ukraine, and Turkey.

The cryptocurrency mining malware is being deployed to mine Electroneum coins on infected devices, although the malware can mine other cryptocurrencies.

Spotting the malware can be tricky as it uses process hollowing to create a new instance of an authentic Windows process for malicious purposes. In this case the malware is masked as a Windows binary file to avoid detection – wuauclt.exe. Explorer.exe is used to establish a copy of the malware in the Roaming AppData folder which is relabelled as ditereah.exe. The Windows registry is also altered to ensure persistence, changing an existing entry to point to the malware copy. The malware communicates with its C2 server and is also capable of downloading additional malware variants onto an infected device.

While Microsoft was able to spot infections, what is not known at this stage is how the malware was downloaded on so many devices in such as short space of time. While the malware could possibly have been shared using spam email, another means of distribution is suspected. Microsoft notes that in many cases the malware is believed to have been spread using torrent files, which are used in P2P file sharing, often to obtain pirated movies, music, and software.

Microsoft has only made known the number of infections it has detected using Windows Defender. The company does not have visibility into devices that do not have the anti-malware software downloaded. The overall number of infections is therefore likely to be much more. The 400,000+ infections are likely to be just the start of it.

Microsoft notes that its attempts to disrupt the operation did not just prevent devices from mining cryptocurrencies. Infection with the Dofoil Trojan allows the hackers to install any number of extra malicious payloads including more dangerous malware variants and ransomware.

How to Protect Remote Employees from Cybersecurity Threats

The coronavirus pandemic has forced many workers into telecommuting and the number people working from home has soared over the past two months. During this difficult time, IT security must take additional steps to protect remote employees from cybersecurity threats as cyberattacks on remote workers are increasing.

5 Steps to Take to Protect Remote Employees from Cybersecurity Threats

Businesses need to implement new measures to protect remote employees from cybersecurity threats. The number of employees now working from home makes cyberattacks on remote workers more likely. Already we have seen many campaigns targeting remote employees that aim to steal remote access credentials and infect devices with malware.

Vulnerabilities can easily be introduced when large numbers of employees work from home which can easily be exploited by cybercriminals to gain access to employees’ devices, cloud resources, and business networks. Here we provide 5 important steps to take to protect remote employees from cybersecurity threats during the coronavirus pandemic.

Use an Enterprise Grade VPN

It is important that remote workers only access work resources using a VPN; however, simply using a VPN does not make home working secure.  Consumer-grade VPNs are very different from enterprise VPNs and should not be used, but even enterprise-grade VPNs are not necessarily secure and can have vulnerabilities that can easily be exploited by cybercriminals. The UK’s National Cyber Security Center (NCSC) has warned that APT groups are conducting attacks exploiting unpatched vulnerabilities in VPN solutions from Pulse Secure, Fortinet, and Palo Alto Networks. These vulnerabilities identified from April 2019 to July 2019, yet many businesses have not applied the patches. While patching can be difficult as VPNs are often in use 24/7, it is essential that patches are applied promptly. Malicious cyber actors are targeting VPNs and attacks are likely to continue to increase with more employees working from home.

Ensure All Devices Are Patched and Updated

Before any employee is allowed to work remotely, IT security teams must ensure that their laptops are fully up to date and are running the latest versions of operating systems and software. The Coronavirus pandemic is likely to last for several months, so policies and procedures must be developed to ensure that users’ devices are kept up to date. You must also ensure that endpoint protection solutions, antivirus software, and Windows update settings are configured to update automatically.

Enhance Email Security

The majority of cyberattacks start with a phishing email so it is essential to have an advanced email security solution in place. Businesses should not rely on the protection provided by Microsoft for Office 365 for blocking phishing and malware attacks. A third-party email security solution should be layered on top of the protections provided by Microsoft for Office 365. Layered defenses are essential to protect remote employees from cybersecurity threats.

SpamTitan provides enhanced protection from phishing, spear phishing, malware, and ransomware for Office 365 accounts, complimenting and augmenting the protections provided by Microsoft. SpamTitan is cloud-based, so it can be easily applied and used to protect all email accounts, regardless of the platform you use.

Protect Against Web-Based Attacks

Email is the most likely way that cybercriminals will conduct cyberattacks on remote workers, but measures also need to be implemented to block web-based attacks such as drive-by malware downloads. CheckPoint reports there have been more than 16,000 COVID-19 and coronavirus themed domains registered since January and the number is growing at an incredible rate. These domains are 50% more likely to be malicious than other domains registered in the same period.

The easiest way to protect against web-based attacks is to use a cloud-based web filtering solution. WebTitan Cloud provides protection against web-based attacks by blocking access to malicious domains and websites that have a higher risk of hosting malware.

Provide Additional Training for Remote Employees

Research conducted by PurpleSec indicates 98% of all cyberattacks involve social engineering and Cofense research suggests more than 90% of cyberattacks start with a phishing email. It is therefore important for training to be provided to employees to help them identify social engineering and phishing attacks. Security awareness training for employees should be provided regularly and it is also useful to conduct phishing simulation exercises to identify employees that require further training. You also need to reinforce general IT cybersecurity best practices with remote workers to prevent them from engaging in risky behaviors.

Contact TitanHQ today for further information on protecting your remote employees against email- and web-based attacks.

CCPA Requirements for Businesses

In this post we explain the CCPA requirements for businesses and the most important elements of the California Consumer Privacy Act.

What Businesses Must Comply with CCPA?

Unlike the EU’s General Data Protection regulation (GDPR), which applies to all businesses that collect or process the data of EU residents, CCPA only applies to for-profit businesses that meet certain criteria. Any business that meets one or more of the criteria below is required to comply with CCPA.

  • Has annual revenues of more than $25 million
  • Collects information on 50,000 or more California households or residents each year
  • Earns 50% or more of its annual revenue from the sale of the consumer data of California residents

These requirements may be updated or expanded to include a wider range of companies. Make sure you keep up to date with any changes to CCPA if you collect or process the data of U.S consumers.

It is not just companies with a base in California that are required to comply with CCPA. Any company that does business in California or collects or processes the data of California residents is required to comply with CCPA.

What are the CCPA Consumer Rights

CCPA was introduced to give California residents greater control over their personal data.

Consumer rights under CCPA include:

  • Right to know what personal data is being collected
  • Right to know what personal data is held by a company
  • Right to know how personal data is being used by a company
  • Restriction of the use and sale of personal data of minors (under 13) without parental consent
  • Restriction of the use and sale of personal data of minors (13-16) without direct consent
  • Right to delete all personal data held by a company
  • Right to opt-out of having personal data sold
  • Right to non-discrimination, in terms of price or services, if CCPA rights are exercised
  • Right to take legal action against companies for privacy violations and the failure to honor CCPA rights
  • Requests from consumers must be confirmed within 10 days and honored within 45 days

Key CCPA Requirements for Businesses

  • Businesses must ensure consumers are notified about the collection of their personal data before data is collected and consumers should be given the option of opting out of the collection of their data or the sale of their data. Personal data should only be collected for specific and legitimate purposes.
  • A business-wide privacy policy must developed, maintained, and made available to consumers that explains the business’s privacy practices, including the data that is collected, how it is used, and if it will be sold. The privacy policy should also explain consumer rights.
  • Maintain procedures to respond to requests from consumers to access their data, delete their data, and opt out of the sale of their personal information. Procedures must also be developed and maintained relating to the collection and use of the personal information of minors.
  • Businesses must offer consumers two methods for consumers to request data and arrange to have their data deleted. One method that is mandatory is a toll-free telephone number. If a business primarily operates online, a web-based method should be offered.
  • Any member of staff that handles consumer data must be trained on the requirements of CCPA. Oversight of compliance must be delegated to an individual or team.
  • Business must verify the identity of the consumer prior to providing their data or deleting data after a request is received from a consumer.
  • CCPA does not go as far as GDPR in terms of data security requirements for businesses. CCPA does not stipulate the security measures that must be implemented to protect consumer data, but it does require businesses to have adequate protections in place to safeguard consumer data, including measures to prevent unauthorized data access. Bear in mind that penalties can be imposed for data breaches and consumers can take legal action over the exposure of their data if the company holding that data has been negligent. Consumer lawsuits can require payment of up to $750 per consumer in the event of a CCPA violation and it is not necessary to provide proof of harm. A large data breach could therefore prove very costly.

How TitanHQ Can Help with CCPA Compliance

TitanHQ offers three solutions that can help with CCPA compliance. SpamTitan Email Security, WebTitan DNS Filtering, and ArcTitan Email Archiving.

  • SpamTitan is a powerful email security solution that provides industry leading protection against spam and the leading causes of data breaches – phishing attacks and malware infections.
  • WebTitan is a DNS filtering solution that provides an additional level of protection against phishing attacks and malware. WebTitan blocks attempts by network users to access malicious websites such as those used for phishing or malware delivery, thus helping to prevent the exposure of consumer data.
  • ArcTitan is an email archiving solution that helps businesses keep email data protected, meet email retention requirements, and quickly find and recover emails when dealing with customer complaints, demonstrating compliance, and for finding and deleting the data of consumers if a request to have data deleted is received.