Red Tree Communications |

How to avoid ransomware attacks at work

summest — Wed, 14 Jul 2021 14:53:22 +0000

By Tatum Hunter, Washington Post, July 8, 2021|

When a security vulnerability at IT software-maker Kaseya led to a ransomware attack that affected 800 to 1,500 businesses, it wasn’t one employee’s fault.

But that’s not always the case.

Ransomware, which locks down a target’s computers and data, can infect a network a few different ways, including through employee accounts. Click the wrong link, open the wrong attachment or log into the wrong website, and you could put your company in a perilous position.

Depending on their roles, some employees find their inboxes flooded with hundreds of phishing emails designed to steal the recipient’s credentials, says Ryan Kalember, executive vice president of cybersecurity strategy at security firm Proofpoint. That requires constant attention, especially as ransomware attacks become more frequent and their demands more intense. The average ransomware payment has nearly tripled so far in 2021 compared to last year, with targets doling out about $850,000, according to a report by Palo Alto Networks.

“If you have a word like ‘accounts’ in your title, you will be attacked more,” Kalember says.

And that doesn’t mean others should let their guards down. Plenty of firms don’t have the resources to invest in frequent training, software upgrades and security systems — so employees become the first line of defense.

Luckily, conning people is an ancient art, and ransomware groups aren’t breaking new ground. Phishing emails aim for an emotional reaction, says Palo Alto Networks Deputy Director of Threat Intelligence Jen Miller-Osborn. These messages pull busy employees in with promises of money, important company secrets and even cute animals pictures.

Keep an eye out for these phishing red flags to avoid ransomware and cover your behind.

Here’s how employers can help individuals guard against phishing and ransomware:

Train employees to spot phishing attempts

Employees need frequent training to keep up with the evolving format and content of phishing emails. One study from a few German universities found employees’ ability to identify phishing attempts drops just six months after their initial training, and that video and interactive training courses are most effective.

Authenticate your corporate email domain.

This blocks the delivery of messages from fraudsters pretending to be a member of your organization. Check with your email service provider, like Microsoft Outlook or Google, to get started. You should also attach warnings to emails coming from external senders or containing links or attachments — both Outlook and Gmail offer this feature.

Clarify what employees should do if they click a suspicious link or attachment.

If people are afraid to report or don’t know how, they probably won’t do it. Make sure reporting procedures are outlined in your company’s security policy. Kalember recommended automated reporting, which lets employees report malicious email with the click of a button.

Leave room for human error.

Somebody is always going to open the phishing email promising adorable kitten pictures. So consider hedging your bets with anti-phishing technology like remote browsers, in which URLs open not in a traditional browser, but in a special environment in the cloud that disappears as soon as you’re done with it. That way, no matter what the URL contains, it can’t compromise the employee.

Conduct ongoing security testing.

Attackers use malicious files and compromised business email accounts to install ransomware on company computers and networks, but software vulnerabilities are another way in. Your company’s IT team — or a third party — should be actively looking for threats on your network.

How Technology Will Unlock New Ways Of Working In A Post-Covid World

summest — Tue, 30 Mar 2021 16:14:27 +0000

Bernard Marr, Contributor Enterprise Tech

The way many organizations are run has undergone a seismic shift over the last 12 months. And while we like to talk about a “return to normalcy,” it’s clear there are some changes we’d be happy to see stick around.

Companies that were able to react quickly and thrive during the pandemic – largely those in the growing number of sectors that weren’t affected by people staying at home – have recorded some of their best-ever performances. These include names such as Amazon, as well as supermarkets that had robust delivery operations in place when the pandemic struck, providers of remote business tools such as Microsoft and Zoom, and businesses that deliver entertainment directly to us at home.

But some extent of change has been essential in just about every industry. And one discovery that many of us have made during the pandemic is that we are far more flexible and agile than we might previously have thought. This creates the possibility that we are moving into a period where there is going to be a greater appetite among business leaders for change – spurred on by the belief that “if we coped with that, then anything is possible.”

UK-based sustainable energy supplier Octopus made headlines this week when its CEO Greg Jackson said that his company has no HR or IT department. Reading past the attention-grabbing headline, it becomes clear that rather than simply saying that he is ignoring those essential business functions, he is talking about a shift in organizational paradigms away from the models that have traditionally been used to structure companies. In his domain, managers will take “Personal responsibility” within their departments for delivering the support services their staff need to get the job done. This requires training, as well as rethink down to the ground level of what a manager actually is, and what their role is within a team. As Jackson puts it, existing corporate structures “drown creative people in bureaucracy.”

Also making headlines recently, with what is on the face of it a less positive outlook, is Goldman Sachs CEO, David Solomon. Solomon’s view is that the current trend of working from home is an “aberration,” and he is strongly opposed to the idea that it will play a part in any “new normal” we will settle into.

This thinking isn’t unusual among leadership in industries that have traditionally encouraged long working hours and a centralized, desk or meeting room-based processes. The feeling (perhaps not yet verified by data) is that while they have coped with the exodus from city center offices, they haven’t exactly thrived. Certainly, there are very valid concerns over the impact that remote working is having in areas such as onboarding, training, and the development of a cohesive company culture. These are, in fact, the specific reasons Solomon highlights as a worry – he told a conference, “I am very focused on the fact that I don’t want another class of young people arriving at Goldman Sachs in the summer and working remotely.”

But of course, there’s another side to this. Before the pandemic, we were used to hearing that it was usual for investment bankers to work 12 hour days in the office and accept that time to spend on themselves and their families would be limited. Goldman Sachs might find that if its competitors are more open to exploring new models of working, and its star players have decided over the past year that they like the WFH lifestyle, it could have a major problem on its hands.

So, what’s the solution here? How do businesses balance the opportunities for bold and innovative working practices with the everyday reality of getting business done? Well, the answer lies in technology.

It is purely down to technology (and human adaptability) that many businesses have been able to survive the most disruptive event in human history since World War 2. Just as advances in medical technology have enabled vaccines to be created in record time, the tools and platforms that have allowed us to decentralize our offices and create remote teams were far less advanced just a decade ago. The processes we went through in 2020 would have been far more disruptive and messy if they had taken place in 2010.

This technology, along with our growing confidence that we can achieve things we would previously have considered impossible, is what makes radical thinking like Jackson’s a viable proposition. Of course, HR and IT administration skills will always be essential and highly valued. But with the level of artificial intelligence-driven automation that’s available today, much of the routine, day-to-day drudgery can be passed over to machines. This is possible right now for any business that has had the foresight and resources to build an AI and automation strategy, and as time goes on, it becomes increasingly viable for businesses of all shapes and sizes.

Once that’s done, the workload of the IT or human resources administrator looks considerably different. The idealistic prediction is that they become free to dedicate their time to tasks that truly require a human touch. This would include building up the workforce-wide culture of HR-awareness and IT-literacy that frees those functions from their existing siloed states – thus creating the department-free structure Jackson talks about.

When it comes to the question of who is going to return to offices, and when, once again, innovative thinking coupled with technology is likely to be the decider. Certainly, there will be times when it is more effective for groups of employees to be regularly located together and in consistent, unbroken contact. I believe extended reality solutions such as virtual reality (VR) and augmented reality (AR) will, at some point, all but eradicate the barriers between people that are inherent to digital collaborative working, but that could still be some way off. In the short to medium term, we could anticipate and plan for a model where the amount of work in the office or on-premise will be determined by the kind of tasks people need to perform (e.g., police officers will still need to go out to tackle crime and factory workers won’t be able to do their jobs from home), the level of tacit knowledge transfer that is required (where people learn from observing and benign with others), as well as the need to embed people in the corporate culture. This might mean that recent hires are more frequently based in offices or collaborative workspaces, whereas those who are practiced in their responsibilities have more freedom to choose where and when they work. In this world, trusting our established people that they are in the best position to choose how to fit work into their lives becomes the “new normal.”

Even before the pandemic, the pace of technological innovation meant it was very difficult to establish any lasting “normal,” so the idea that we will return to normal or even a “new normal” isn’t really that useful. The fact is that what is normal is constantly shifting, and if it (hopefully) isn’t being driven by a pandemic or other disasters throughout 2021 and beyond, there will be something else driving it. This could be new technology, new ideas, or new competitors. Adapting lessons we’ve learned over the past year to create positive change and efficiency across the entirety of our organizations – not just the parts that are currently under threat from disruptive events – is key to creating forward-looking and resilient businesses.