this is the archive page

How to upgrade and modernize your e-mail security strategy

Amid all the talk these days about malware, spyware, ransomware, and all the other malicious activity targeting the enterprise, one crucial fact tends to get overlooked: the vast majority of these threats enter protected data environments not by breaching the firewall but by invitation through an e-mail scam.

According to Verizon, virtually all (94 percent) of malware is delivered via e-mail, with phishing scams accounting for 80 percent of the total. While most professionals have grown wise to the standard come-ons from Nigerian princes and time-share sales pitches, more recent attacks are showing greater degrees of deception, such as cleverly disguised missives from “accounting” or “the CEO.” As data mining and social engineering techniques become more sophisticated, expect to see increasingly personalized e-mails that will be even harder to detect as frauds.

Perhaps this is why the Ponemon Institute reports that nearly one in four people who receive phishing e-mails open them, and 10 percent of those will click on the link or attachment that launches the attack. This gives the cyber attacker a 90 percent chance of success after sending only 10 messages.

Help is on the way

The good news is that steps are being taken on national and international levels to thwart phishing scams and a wide range of other threats. Recently, Microsoft, Symantec and a host of industry partners dealt a body blow to Trickbot, a Trojan-horse botnet that has infected more than 1 million devices since 2016. Following a lengthy investigation into the net’s worldwide array of hosted servers, Microsoft was able to institute legal action that allowed it to quickly disable nearly all of its initial servers plus the replacements that Trickbot tried to spin up once it realized it was under attack. While the botnet is not down completely at this time, it is on life-support.

Undoubtedly, new threats continue to emerge even as others are neutralized, which makes it imperative for enterprises to ensure their own e-mail security strategy are as thorough as they can be. Training employees to spot fake e-mails will likely continue to be one of the best protective measures against intrusions, but there are also many ways in which technology can be leveraged to weed out the phishing attempts.

Perhaps one of the most crucial areas to shore up within the enterprise data environment is Microsoft 365. As the main repository of e-mail and other sensitive data, 365 should be deployed with an eye toward enhanced threat protection, data security, and other tools.

In complex office environments, however, this is a lot more difficult than it sounds. For one thing, Microsoft is continually updating its e-mail security features to keep up with the evolving threats from the outside. Ensuring that these tools are deployed thoroughly and are providing the needed protection for each enterprise’s unique data ecosystem is a full-time job, one that can significantly add to an organization’s IT budget if not handled in an appropriate manner.

Expert approach

This is why CBTS has teamed up with many of the foremost leading experts in the field of e-mail security and provides their expertise as a service. Using a combination of people-centric measures and cross-channel security platforms, these collaborations have shown that it is possible to e-mail security strategy and maintain a highly secure data environment even as the user base becomes increasingly reliant on mobile technology, social media, data sharing, and other technologies that tend to push data beyond the firewall.

CBTS has bundled several cutting-edge security capabilities into the Advanced E-Mail Security Services platform, providing a one-stop shop for all emerging threats to e-mail architectures. By including the latest in spam filtering, continuous monitoring for fake e-mails and targeted attacks, and business continuity measures in the event of system failure, our cloud-based program maintains the highest availability for critical e-mail communications.

Our three-tiered approach also allows clients to choose the right level of security for their needs. These include:

  • Business features – designed as a turnkey service for the foundational functions to protect users at the lowest cost;
  • Advanced features – for organizations that require tools such as Attachment Defense, E-Mail Encryption, and Social Media Account Protection;
  • Security Pro features – a fully managed service that extends protection to e-mail archives and e-discovery, plus up to 10 years of secure data retention.

In an uncertain and often hostile world, enterprises must remain vigilant against any threats to services that can erode the trust of the user community. By partnering with CBTS, you can ensure that the highest levels of security are being maintained without driving costs to unsustainable levels.

Read our recent infosheet for more information and contact CBTS to learn how our managed services can improve your e-mail security strategy.

Protecting your most vulnerable cyberattack vector: E-mail

Modern enterprises face security threats on a number of fronts. From DDoS attacks to malware and data theft, no organization is too large or too small to take the issue of security lightly.

While most breaches occur when a hacker penetrates a firewall or intercepts data in transit, this usually occurs after a password is cracked or malicious code is introduced into secure infrastructure willingly. And to do that, most hackers exploit perhaps the most common IT service of all: e-mail.

Crime of opportunity

E-mail’s status as the preferred attack vector of choice is nothing new and has proven to be financially rewarding for actors in the field. Targeted phishing attacks and other scams are typically the easiest way to breach an organization’s defenses, particularly now that security has emerged as a top priority following the much-publicized string of major data thefts in the past few years. Through sophisticated social engineering and messages disguised as those originating from legitimate sources, the cyber underground can circumvent even the most elaborate security regime to gain access to all manner of confidential information or introduce viruses and/or data scraping bots that can operate for months, even years, before they are discovered.

According to the Ponemon Institute, the threat from e-mail-based cyberattacks is growing. The group reports that nearly a quarter of people regularly open phishing e-mail, which in itself does not usually trigger an attack or data theft through ransomware. What’s worrisome is the fact that 10 percent will click on a malicious link or open a weaponized attachment. This means that an attacker has a 90 percent chance of scoring a hit after sending only 10 e-mails. This is in large part why the average business loses some $3.7 million per year to phishing scams.

And this is likely to get worse as the tools available to hackers on the dark web and elsewhere become more advanced. Using modern data mining techniques and AI-driven technology, fake e-mails are becoming increasingly difficult to spot, containing all manner of personal information that can fool even the most vigilant knowledge worker.

Safe and protected

To help shore up vulnerable e-mail infrastructure and fight back against e-mail cyberattacks, CBTS has created the Advanced E-mail Security Services platform. It provides all the necessary filtering to weed out infected spam, fake e-mail, and targeted attacks. At the same time, it delivers enhanced business continuity and cloud options to ensure high availability and continued e-mail service even in the event of a main server failure.

The program provides three tiers of protection designed to meet the unique needs of individual enterprises. These include:

  • Business features – a cost-effective, managed e-mail security service that provides the foundational functions needed to run a business while protecting users.
  • Advanced features – a complete turnkey service that provides additional Attachment Defense, E-mail Encryption, and Social Media Account Protection.
  • Security Pro features – our highest level of protection that adds E-mail Archive & eDiscovery capabilities, plus Unlimited Storage with up to 10 years of data retention with end-user search capabilities.

One of the key aspects of e-mail security is transparency. Without that ability to peer into the workings of the e-mail environment, enterprises are left guessing as to what is happening and what level of risk they are experiencing. As part of its managed program, CBTS provides detailed reports documenting the health of e-mail systems and related security trends that may affect future performance. There is also a read-only access option to the platform, allowing users to view real-time dashboard information of overall system heath. In addition, custom reporting can always be configured to suit unique requirements.

Security solutions should also work quietly behind the scenes, so as not to disrupt critical business functions. All e-mail security services integrate seamlessly into existing CBTS operational processes, including ticket-tracking for issues generated with the security platform, as well as chronic event reporting and incident response up to and including those requiring customer contact.

In this day and age, e-mail is an essential business tool. Without the ability to effectively thwart intrusion, however, it can easily become your biggest problem. By delivering industry-leading software as an integrated managed service, CBTS not only provides world-class protection of critical e-mail assets, but backs it up with certified technical expertise, ongoing monitoring, management, and support, and even data migration as necessary.

With a secure e-mail environment in place, the enterprise not only protects itself but its employees, investors, partners, and perhaps most importantly, its customers. To learn more about CBTS E-mail Security and Data Protection, download the related infosheet.

Contact us for information on how CBTS can help protect your organization from e-mail cyberattacks.

You Virtualized My CISO! Security leadership with a virtual CISO

The Chief Information Security Officer position has become the mainstay of a formal information security program. The position—which you would rarely find at a Fortune 500 company 20 years ago—is now essential for a business that takes protecting data and assets seriously.

The role has grown from simply overseeing the rollout and management of a suite of technical controls to a force for cultural change in an organization: overseeing risk management, awareness training, data protection, regulatory compliance. Their efforts influence multiple areas of technology, including application development, network operations, and cloud migration.

For many of our customers, though, employing a CISO still feels excessive. Small businesses consider security as an extension of IT and rely on systems and network administrators to protect the environment using a disparate set of tools in between building new infrastructure, putting out fires, and supporting employees.

In 2020, if you make securing your business an afterthought, you are exposing the organization to risk. With no formal leadership, risk can go unidentified and may not be addressed; tools and products deployed may not be adequate or even targeted at the right threats and use cases; and controls may erode away over time with no ongoing oversight. Unfortunately it’s not always as simple as “hiring someone.” The right security leader is tough to find and even more challenging to afford. Over the last few years we’ve gotten requests from customers for security leadership with a smaller footprint, which is why we’ve begun offering Virtual CISO services (don’t worry, they’re actual humans, not sentient software!).

Imagine having a master chef step into your kitchen to help you craft amazing cuisine or a decorated NASCAR driver riding shotgun in your minivan to show you how to draft through neighborhood traffic (don’t tell me you’ve never wanted to!). This is what we envision with our Virtual CISO services: engaging a seasoned security leader that’s been where you’d like to go, and can show you the way.

Our long-standing position in the IT and security space, combined with our roster of technical talent, has provided us connections with some of the most capable, best-regarded security leaders in the world. We can provide this talent to assist with the development of a security program or risk management efforts, for strategy of ongoing security operations and initiatives, or even for help with specific decision points that might require a veteran’s expertise. We can design engagements that fit nearly any scenario, budget, or work schedule. Contact us if you’d like to explore engaging one of these experts to help jumpstart your organization’s security program.

More from Justin Hall: Security Trends of 2020

MDR: Another security fad? Think again.

Technology priorities from the C-Suite are ever-evolving. I’m fortunate to have the privilege to meet with leaders from all industries to discuss these priorities. They range from embracing digital transformation, to accelerating multi-cloud strategies, to attracting and retaining top technical talent, to enabling more effective communication and collaboration, to keeping internal customers happy. One theme, however, never changes.

“I’m afraid of a breach that will cripple our business.”

Cyber security has been a top priority for leaders everywhere, and will continue to be one well into the future. Organizations need to have a proactive mindset with their security posture to continue to protect and defend against internal and external threats. Protecting against threats has a significant and oft-misunderstood undertone: These threats are known to the security community. But how do you protect against unknown threats?

It’s important to understand that your security vendors, whether they are endpoint protection, e-mail protection, firewalls, etc., are protecting you (and for the most part, doing it well) against known threats. How organizations are protecting and defending themselves against unknown threats will be a critical discipline that helps leaders rest easy at night knowing the answer to the question:

“Am I being breached right now?”

So what is the answer? MDR, which AlertLogic defines as: Managed detection and response solutions identify active threats across an organization and then respond to eliminate, investigate, or contain them. MDR has increased in visibility and importance as organizations realize that no level of investment will provide 100% protection against threats and as the scale and complexity of the security challenge becomes intractable for individual organizations, regardless of size.

Why should organizations invest in MDR? Well, few organizations have the experts and infrastructure needed to protect themselves. The key question I like to ask technology leaders is: “If your IT team doesn’t work weekends, and you faced a security incident at 3 a.m., what would the implications be?

So no, MDR is not just another security fad. It’s an incredibly valuable service that leaders should consider adding to both security plans and budgets for years to come. While it’s important to realize you can never protect 100% against attacks, you can:

  • Reduce the likelihood or impacts of a successful attack.
  • Receive 24x7x365 visibility across all assets in your organization, with context-aware alerts.
  • Have a platform that is continually updated with the latest threats and vulnerabilities.
  • Augment technology platforms with human intelligence to achieve greater accuracy and value in your investment.
  • Respond to alerts based on business context. Not every threat should be assigned the same value.
  • Deliver results.

In closing, managed detection and response should be considered by organizations everywhere as they reach their next budget cycle. MDR is an advanced security service that provides threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. This isn’t your traditional SIEM, it’s the future of managed security services.

Contact one of our security experts today about how we can better protect your business.

Know the components of an effective patch management program

Minimizing data security threats and keeping operations safe is a demanding task that every enterprise grapples with. Systems need to be kept up to date and potential intrusions must be screened for proactively. However, effective vulnerability and patch management is not a one-time event. To truly cover all the angles of your operations, a thorough and ongoing process of consultation, assessment, preparation, deployment, and support is needed. The following are the crucial areas that a comprehensive patch management program should cover:

  • Mapping of current network topology.
  • Establishing a baseline of vulnerabilities.
  • Application of all outstanding patches.
  • Determining cadence of patch application.
  • Review of ongoing critical patch escalation processes.
  • In-depth quarterly reviews.
  • Continuous, ongoing assessment and monitoring.
  • Auditing and compliance analytics.

When properly planned and executed, this process provides critical insight into the potential risks inherent in your network, as well as the methods that can be used to mitigate this risk and compile empirical data to prove regulatory compliance.

Taking the right steps

With the above components in mind, enterprises concerned about the effectiveness of their patch management strategies should be sure to carefully exercise a series of best practices. These best practices begin with a full self-audit of an enterprise’s software environment and hardware inventory to better understand any existing vulnerabilities and what patches should be prioritized.

After your organization has an up-to-date picture of its entire software and hardware landscape, it can then effectively assign relative levels of risk to each program or access point. The higher the risk level assigned to an aspect of your network, the faster it should be addressed in your patch management strategy. Additionally, if multiple instances of redundant software has accumulated in your portfolio, these can be consolidated to mitigate the risk of exposure.

If your organization utilizes a third-party vendor for some of its software solutions, it’s crucial to involve this vendor in your patch management approach. Third-party software should be kept up-to-date alongside your proprietary software to ensure that no elements of your network environment fall behind. Lastly, these planned patches have the best chances for success when rigorously tested before being deployed. The unique characteristics of your hardware inventory, software environment, and business model mean that no patch can applied in the exact same way to any two networks.

The right approach and enough preparation can help any enterprise keep its systems updated and secure, but many organizations seek out managed service partners to ensure a smooth and comprehensive patch management process.

A managed, full-spectrum approach

CBTS is standing by to offer a thorough vulnerability assessment and patch management service backed by expert knowledge and wired into the entire range of your enterprise’s infrastructure. This service can assist you in identifying new and unexpected vectors through which your operations can be attacked, defining your highest-ranking vulnerabilities, evaluating your existing policies, reviewing compliance requirements, and more.

A managed vulnerability assessment and patch management program by CBTS covers every aspect of your network environment, from your endpoints to critical assets, equipment, and facilities. It also extends from the planning and deployment phases to an ongoing monitoring and auditing period, ensuring that your organization’s patch schedule is optimized for your specific needs.

Contact CBTS for more information on vulnerability assessment and patch management services.

Pentesting, Chicken Guns, and Mike Tyson

Here at CBTS, we do quite a few pentests every year. I’ll note for my readers that the term is an abbreviation for penetration tests. It’s funny how many folks think the “pen” is an acronym and spell it as “PEN test,” so let your friendly neighborhood pentester set you straight:

Penetration test = 🙂

Pentest = 🙂

PEN test = 😔

So what is a penetration test? Why does it sound so menacing and borderline inappropriate? Let me explain by referencing 1950s aerospace engineering.

Pentesting explained

In the 50s, fleets of aircraft were in use all over the world, but facing a dangerous problem: running into birds in midair. This led to technical advances in building new windshields and new engines, but engineers needed to ensure that their designs would satisfy their requirements. So how do you make sure your windshield stands up to a bird hitting it? You hit it with a bird!

This is how the “chicken gun” was born: a compressed-air cannon that would fire a dead chicken into a target. Over the following decades, several aircraft manufacturers developed these tools as a way to test the resilience of their safety measures.

Penetration tests are the chicken guns of the IT and information security field.

Think about how much effort you put into defending your organization and computing environments from attacks. You stack up security software on your endpoints, place box after box in a pile between your users and the Internet, write pages of policy—but are you actually sure those defenses and controls will stop the threats about which you are concerned, beyond what they promise on paper?

A penetration test is ultimately the only way to make sure.

We test whether we can penetrate your network, your database, your cloud environment, and so on.

They are simulated cyber attacks, performed in controlled conditions by trained, ethical hackers, and the intention is to mirror actual attacker tools, tactics, and procedures.

They’re mandatory for a lot of security frameworks and regulatory compliance requirements because they demonstrate the actual effectiveness of the entirety of the security strategy.

The bottom line is, if you want to know if your organization’s security strategy will truly stop your threats, a penetration test is essential. As the great philosopher Mike Tyson reminds us, “Everyone has a plan until they get punched in the mouth.”

It sounds like a straightforward idea, so why isn’t everyone doing them?

There’s a fear aspect, with leadership and technical folks uneasy with the idea of someone using attacker tools on them, to which we say: Attackers are out there, and they’ll use their tools, whether you’re comfortable or not, so let some friendly faces do it first and tell you how to fix what they found.

There are also budgetary challenges as it can seem extravagant to spend money on an assessment like this. Again, we would say that you’re going to incur cost if your defenses fail to stop an attacker and it may be much more substantial than the cost of the test. The cost of lost business, fines, ransom payments, legal fees, brand impact, and the like can stack up pretty quickly.

If you’d like to learn more about penetration tests, and specifically what a test designed for your business and environment would look like, we’d be happy to dream up one with you. We’ll leave the chickens at home!


Related Articles

Meet Justin Hall, Director of Security Services

Continuous Penetration Testing critical for security

Three steps to enhancing security solutions

Top 3 Aruba Atmosphere Highlights

Watch as CBTS engineer Brennan Klensch describes his top three biggest takeaways from Aruba’s Digital Atmosphere event this year.

Meet Tim Linder, Director of Security Solutions

Today I sat down with Tim Linder, Director of Security Solutions at CBTS. Tim has been in the security industry for 17 years so we thought it would be interesting to get his perspective of the changes in cybersecurity over those 17 years and how he’s grown the CBTS security practice.

Introduce yourself.

I started my career in cyber security with a small information security consulting boutique in late 2003…before it was cool to be in the security world. I joined CBTS in 2006 with a vision of building a team that would be based on delivering value-added benefits to our customers. However, I was the entire team focusing on selling solutions and leveraging partner relationships to deliver services. Within the first year of our existence, we were able to develop trusted relationships with our customers and ended up with approximately $7MM in revenue. As years went by, we added more sales and technical resources as well as more vendor partners. We closed out 2019 with $45MM in revenue and 15 employees which is pretty amazing to me.

Tim Linder, Director of Security Sales at CBTS
Tim Linder,
Director of Security Solutions, CBTS

How did you get into information security?

Let’s just say it wasn’t planned, as IT and IT Security wasn’t anywhere on my radar. My career started off in telecom as a central office implementation engineer. I was in that role for a number of years learning as much as I could about telecom implementation eventually joining the Telecom Staffing business as a salesman. From 2000 to 2002 the telecom bubble hit terrible lows and I found myself needing a different career path. I took a job at a small security boutique in Cincinnati and began to learn about Check Point firewalls and antivirus. After being there for a short time I was sold on the industry, finding it exciting and rewarding all at once. After three years of learning the industry, I was afforded the opportunity to come to CBTS to develop a security practice.

What were the “top of mind” security topics when you first started at CBTS and how does that compare to what you currently hear from customers?

It’s interesting. We are still dealing with some of the same challenges that we faced in 2003 but with some notable differences. Back in the day, hackers were putting out viruses, worms, etc. for notoriety. They wanted everyone to know who was wreaking havoc in the technology world. In our current world, hackers need to remain anonymous because they’re building attacks to make money. Another major change is back in 2003, workers were in the office on their desktop computer. With the emergence of technologies, remote workers grew, devices changed, and security changed with the endpoint. Customers used to throw gear at a problem without thinking of risk. I think now you will find that everyone is most concerned about the risk associated with certain technical business decisions and therefore take a holistic approach with security.

What do you see as the main value your group offers customers?

I really look at our group as super consultative, which allows us to assist customers by understanding all the requirements of a project…meaning business, technical, and financial requirements. We don’t come into any situation or project with preconceived ideas of how we will tackle their issue. A huge positive about my team is that most of them have defended networks in their career. Whether it was with a large Fortune 5 or a small consulting firm, my team has spent time on the customer side which helps them empathize with our customers, making them more relatable. We also have a vast variety of skillsets on the team, and by working together, we bring a broad base of expertise to our customers.

Security professionals are difficult to find – how are you able to grow such a dedicated team?

You’re so right, good security professionals are so difficult to find but we’ve been blessed to have some of the best and brightest in the industry. Some of the folks on the team are folks that I’ve worked with since my career began, some are from when I first started at CBTS with contacts I made in the industry, colleagues of current engineers, or recommendations from our vendor partners. One of the things we focus on here on my team is integrity. Obviously they need the skillset and the desire to learn more. As for keeping them, I’ve really tried to provide a family atmosphere. What that means is that we are there for each other through thick and thin, helping each other with different tasks, issues, in both work and life. The other major reason we keep our talent and attract new is due to their ability to work such diverse projects whether it’s product related or focused on the consulting business. The vast amount of customers we support and diverse situations the customers put us in keeps the job interesting. The engineering crew eats that up for sure.

You’re responsible for vendor relationship, how do you choose which partners you go to market with?

I am responsible for our vendor partnerships which is now up to 70+ security partners, which can be a daunting task sometimes. There are multiple criteria that go into selecting a security partner here at CBTS. Is the company relevant in the industry, do they fit our strategy, is there demand in the industry, are they innovative, could we potentially offer managed services, and good support, to name just a portion of considerations. A number of our partnerships have spawned from relationships we’ve had for years due to the trust built by the sales and engineering folks. IT is a small enough industry but when you narrow it down even further, cyber security is even smaller. As a matter of fact, most trade shows I go to I refer to them as a family reunion because I see everyone I’ve worked with for the last 17 years.

I also look at the mindset of the company and its employees to see if they align with our same “Customer First, Customer Last” mindset. One of our vendors has this as their tagline and I’ve adopted for our team as well as in selecting partners for CBTS. Our partner’s attitude needs to be one of helping our customers and not just selling product. The ones that do this are the most successful here.

With the new work environment, corporate networks edge has expanded – how has that changed security?

The edge really has expanded from data centers to cloud to remote workers. That has driven the need to be more secure than we ever have. We need to make sure that data in the cloud is just as secure as the data in our data center. We also have to make sure that we make that remote user feel as though he/she is sitting in the office from an experience and security perspective. Can we trust that cloud providers and users are doing enough to protect corporate data? I don’t think so, which means we need to continue to be vigilant in securing data without impacting productivity.

Learn how Tim and the other experts at CBTS can help improve your organization’s security posture.

Security Insights – Expert panel shares COVID-19 best practices

As businesses across the globe scramble to adapt to the new conditions brought on by the COVID-19 pandemic, a robust and agile approach to information security plays a vital role in any organization’s readiness strategy.

To this end, cybersecurity experts representing CBTS and Cincinnati Bell recently hosted an information security panel to discuss the challenges facing enterprises across various industries, while also answering questions from attendees.

The panel was moderated by Hope Thackery, director of security programs for CBTS, and included Brandon Bowman, VP of strategic services for CBTS; Leo Cronin, VP and chief security officer for Cincinnati Bell; Justin Hall, director of security consulting for CBTS; Ryan Hamrick, principal information security consultant; and Mobeet Khan, national director of IT security practice for OnX Enterprise Solutions. In the interest of sharing valuable information, providing helpful perspectives, and encouraging collaborative communication in these difficult times, the panel experts shared their thoughts on the most pressing information security issues facing enterprises today.

Learning from the disruption

Being prepared for potential security risks is a common tenet in the world of information technology. Still, few were able to predict the effect that COVID-19 could have on the economy, the telecom industry, and the concept of remote work access in general. However, effectively assessing risk ahead of time can help prepare a company for the unexpected, Cronin explained.

“We anticipated pandemic issues, but nothing on this scale whatsoever,” Cronin said. “But, I’d like to say that the framework we put into place has served us pretty well. It’s given us the ability to be flexible, adaptable, and separate out the operational response from what has to be done from the rest of the organization.”

The COVID-19 outbreak required many organizations to find ways to implement remote access capabilities for their employees without compromising information security. Cronin said that in these situations, businesses should lean on their security staff or consultants to help make these pivotal decisions.

Cronin added that basic principles such as agility, flexibility, and close cooperation between security and operations teams could help an organization better prepare and recover from disruptive incidents.

Staying vigilant

Although businesses are changing the way they operate day to day, phishing, hacking, and malware activities are still a clear and present danger. Even during an enterprise-wide shift toward remote accessibility, organization leaders should keep their guard up for familiar cyber threats, Cronin said.

“We’re concerned with increased phishing scams and malware activity across the environment,” he said. “We’re spending a lot more time monitoring the environment versus focusing on projects to move the security program forward, but haven’t really seen a major uptick in shenanigans out there, but we do anticipate, as this thing moves forward, we’re going to see some more activity that we’ll have to respond to.”

Even now, with meetings moving out of the conference room and into video chat rooms, threats to productivity and information security remain. Hamrick explained that serious intrusions like phishing and social engineering, as well as less impactful disruptions like intruders finding their way into public Zoom calls, are still risks to take seriously. “It’s important to also note that phishing scams are not just performed these days via e-mail. More and more phishing happens via mobile applications and messages,” Hamrick said. “You’ll get a lot of app notifications that would actually be a phishing notification from a somewhat malicious application you may have installed on your mobile device, so it’s important to control that from a mobile device management perspective, as an organization.”

What has worked

Despite the difficult challenges brought on by the COVID-19 crisis, the global business community is finding an opportunity to learn valuable lessons and evolve standard security practices to fit the “new normal.” The panel shared several examples of what has been effective in their efforts to keep their networks safe during the pandemic.

Cronin recommended multi-factor authentication (MFA) certificates, which can help make a work-from-home transition smoother and more secure. Hall touted the importance of a proactive risk assessment. This means going beyond the baseline considerations of what external factors could cause damage to your organization and seeking input from other members of your industry. It’s crucial to start planning now and to not wait for catastrophe to happen, Hall added.

View the full webinar on COVID-19 information security best practices.

Learn how CBTS can help your organization on their security journey.

Your Quick Guide to Conducting Secure Videoconferences

Chances are you have just been thrust into the throes of working from home (WFH). If you’re one of the millions in that boat, you may have also just learned the initialism for working from home. As the Coronavirus pandemic remains steadfast, more and more people are working from home and just as many companies are using videoconferencing services to keep the ship afloat. Videoconferencing software and their vulnerabilities are making headlines and bylines—so with all of this going on, I hope to give a quick rundown on some best practices to conduct a safe and secure videoconference for the new virtual workforce.

Known issue: what attackers are already looking for

The time is ripe for attackers to analyze different videoconferencing solutions for vulnerabilities, analyze them, and exploit them to run their code, gain unauthorized access to corporate infrastructure, and conduct additional malicious activity.

So what can you do? How do you do it?

The good kind of gatekeeping

Here are some common features of videoconferencing software to use and be aware of to help protect you and your organization.

Be your own meeting bouncer: To prevent unwanted or accidental attendees from wandering into your virtual meeting, restrict access to the party using defined groups or e-mail addresses. Most platforms give users the option to allow only those attendees with a company issued e-mail address to join the meeting.

Double-check defaults: When creating a new meeting, make sure a password is required to join the meeting. Some applications will randomly generate one for you, and some give you the option of creating your own. Note: If you’re e-mailing a meeting invite, make sure the password is not in the meeting link itself, but rather in the e-mail body.

No cuts, no buts: Make use of a waiting queue and validate your attendees. Meeting hosts and administrators are often given the discretion to approve incoming connections to the meeting. If you find that managing this access by yourself becomes difficult, assigning and delegating this control to multiple trusted parties may help carry the burden.

Encrypt. Encrypt. Encrypt: With the large mix of standalone workstation applications, web-based applications, and mobile applications, enforcing encrypted traffic across all these devices is important. Protect the content of your virtual meetings in the same way you protect your face-to-face meetings. In the same vein, make sure you are staying up-to-date with patches. When known, the tactics attackers are using become public, and vendors push fixes down to your machine, so install those security updates and keep the bad actors from snooping.

Protect your endpoints: Remember you no longer have your traditional e-mail/boundary defenses in place at home. Meeting hosts and administrators usually have the ability to allow certain file types and content to be uploaded to the chat. So restrict known suspicious file types (check your e-mail filtering rules) and move the file sharing to a more secure platform.

Triple check those tabs: And lastly, remember that the Internet is forever, and so are screenshots. When you are sharing your screen, ensure that you are only sharing the application that needs to be shared, that the content you are sharing does not contain any sensitive or private information, and that you close out of out all other applications that are not needed.

Remember: All of these controls work in unison, together on the same team, pedaling in tandem to create a finished, secure product, an information security tenent known as ”defense in depth.”


Remember, at the end of the day, you are not only helping protect the normal day-to-day operations that have moved from personal face-to-face meetings to involving more people with significantly more moving parts, you’re helping to boost and ensure the security posture of yourself, your colleagues, and your organization as a whole.

Learn how CBTS can help keep your organization safe.