Security, MFA, and the Impact of the End-User

One of the biggest liabilities to a company’s security starts at the frontline – surprisingly not with your IT, but your employees. It is reported that 99 percent of cloud security failures will be caused by human error or behavior. It is vital to recognize the importance of protecting company data by educating your frontline.

As a Managed Services provider, we are here to help you along your path of learning to be security conscious. It is important for us today to cover key tips for known issues should you run into them.

User Access & Device Security

The ability to work remotely has increased more and more due to COVID-19 and the flexible culture shift, providing even more points of access that need to be protected. Hackers do not solely target desktops, laptops and PCs, they can also access your data via your tablet, smartphones as well as other mobile devices. Companies can no longer rely upon an employee being physically on the same network as a security factor.

  • Secure non-domain joined devices connecting to your company network and data by using MFA Authentication and VPN Settings. As businesses move their data to a cloud environment that can be accessed anytime and from any place, MFA can ensure your personal and financial information has a second layer of defence outside of your company network. Employees also need to be wary of network connections they decide to use working remotely. At public places with WIFI or hotspot access, there is always a risk of tapped networks. Control the data exchange over your network by encouraging employees to use only trusted network connections. If in doubt, have a VPN installed for your remote uses to connect to your network.
  • Never approve a MFA Authorization Request that you did not prompt for. Treat your Microsoft or Google Authentication App as the gateway to all your personal and company data. If a ‘MFA Approval Request’ has been prompted and you did not request it, MFA is doing its job and someone else is trying to access your data. Deny or decline the request!
  • Lock your device before you leave your desk. Sadly, security threats are not confined to just cyber attacks. Stop people accessing your information when you’re away from you desk.
    • Windows: Hold the Windows key and press the ‘L’ key.
    • Mac: Press Control + Shift + Eject (or Power key) at the same time.
  • Never use obvious information to set up passwords, use a ‘passphrase’ instead. Please read our article ‘What are Passphrase Passwords?‘ for more information.

Social Engineering Attacks and Phishing

Social engineering attacks rely on unsuspecting users to bypass security protocols in order to access valuable data and resources. Firewalls, email filters and malware protection software are some of the key tools used to help secure data being transferred over network. These tools however won’t fix user-caused security issues, that’s where user training comes in.

7 signs to check if you’re being ‘phished’:
  1. “From” line – Ever seen an email from someone you thought you knew and then was like “Oh, you’re not my friend Mandy…”. Hackers know you’re more likely to trust an email from someone you know. Always pay close attention to the sender email address.
    • Example: vs The second email address is missing the “i” to appear legitimate.
  2. “To” line – Check if the email you’ve received has additional unknown people also attached. Hackers try to target as many people as they can.
  3. Hyperlinks – Check if the embedded link matches what the text relays by hovering over it before you click. Only click links from a trusted sources.
  4. Time – Do you usually receive an invoice from an accounts department around 2am? Always pay attention to what time you have received emails, especially around the holiday season. Hackers are out to get your financial information increasingly during these times.
  5. Attachments – In addition to checking the time of emails, do not open attachments that you’re not expecting. These may contain some sort of virus or malware to compromise your system’s security.
  6. Subject – Have you won a $1 million dollars recently? Or possibly an invoice that needs urgent payment now? Hackers try to real you in with various tactics that alert you to take action immediately. If ever in doubt, validate the source of the email with a phone call before you take any action further.
  7. Content – Again, hackers try to real you in with various tactics that alert you to take action immediately. Never provide personal details without validating the source first.

Don’t click! If you believe that you’re being phished, inform your MSP or IT Team via our support channels!

The latest modern threat – The “Illicit Consent Grant Attack”

The latest cyberattack example to hit Australian shores is what has been called the “illicit consent grant attack”. Rather than simply trying to catch your password or duping you into clicking on a link that installs a virus, the criminals behind this attack are more sophisticated.

We all use “apps” in our daily life. Think of Dropbox or SalesForce as examples of an app. If you want to use these, you will need to give the app access to your data. Criminals can write their own Azure -registered apps and make them available to you. The app requests access to data such as contact information, email or documents. The attacker tricks a user to grant the application access through a phishing attempt (sending you an email with a link) or by injecting malicious code into a website. When you then grant access to the app, it has account-level access to all your data without the need to have an account. What is worse, if we find out you’ve been breached standard remediation actions such as resetting passwords, MFA and even restoring data from backup may not work. All because an “app” asked for access and a user clicked yes.

For now, ABT’s security team have disabled the ability for users under our management to grant access for applications in your tenant. If users are required to grant access, they will need to let us know and we can help them out. Similarly, we are analyzing the extensive list of applications that have been granted consent in our client’s tenants and reviewing these for known threats.

Users are to be advised:

  • Never click on a link in an email of which the source is not 100% trustworthy (better is to never click on a link)
  • Do not visit websites where applications can be downloaded and installed
  • Never grant an application unvetted access to company data