MENU

AM Tuesday Tech Talks

Tuesday, 12 July 2022

AM Tuesday Tech Talks

Security Practices – June

There are only three reasons users don’t follow good security practices. (It’s the same three reasons why any particular process ends up not getting done!)

• They don’t know they should be doing something – a knowledge deficit. E.g., Users don’t know 2FA is an option, or don’t know that the software they’re using is insecure.
• They don’t know how to do something – a skills deficit. E.g., they don’t know how to get 2FA setup, or how to use the correct, secure software, or recognise a phishing attempt.
• The systems they do know they should follow and do know how to follow are inconvenient or disruptive or time consuming – a technical/environmental l barrier. E.g., Users have poor signal for receiving the 2FA text, or are so time pressured that the small additional step of entering the text code is a barrier, or their computer lacks resources and so underperforms when using the correct software.

Helpdesk regularly find ourselves addressing all three. We talk users through the advantages when they’re resistant, advise on how to get set up, and use automation to deploy the correct software, monitor performance and advise where improvements are needed.

But the important starting point is finding out which of the barriers is preventing correct user behaviour and that’s where we can work with organisation leaders to understand the problem they’re trying to solve. We’ve done this recently for a number of companies by supplying metrics on which of their users do not have 2FA enabled, which devices require patching, or are aging, or have unexpected software present, or are generating an above average number of support calls.

Leia Fee, Fast Response Engineer

We can help find you suitable communication tools for your business.

Some employees are resistant to stop using apps which could be a security risk – July

Software tools and applications have changed since the pandemic, mostly from the adjustments we have all had to make to the way we communicate as well as collaborate.

At the start employees may have had to use whatever tools they had available and access to.

Most of us have now settled into the new ways of working, and so we can pick software tools that best fit our businesses.

However, your employees may not like your choice of which apps should be used within the company. Some employees may pursue to use the ones they have preference to despite the security risk that comes with it.

92% of employees want more control over the applications they use including software, and collaboration tools.

51% pursue to use apps that have been banned by their IT departments. This can place business owners in difficult positions.

Employees may be left feeling frustrated and lack of trust between the business owner if they block the apps and software. This can have a negative impact on businesses.

Unvetted apps can become a big security risk and leaves the potential for cyber criminals to steal data, leaving systems vulnerable to malware.

So, what’s the best answer?

Having open conversations with your people is best suggested and a good idea for gaining feedback on software’s. It’s your people using it every working day. Take in their feedback and suggestions to move forward and educating staff on the risks it could have on the business.

 

Published with permission from Your Tech Updates.

 

Block lists – August

 

“A number of organisations, including 365, are using Block List / Allow List terminology rather than the old blacklist/whitelist.

Block lists tend to become something of an arms race as false accounts auto generate multiple semi-random email addresses.

Allow lists however need either a willingness to accept a higher level of false positives, or someone to be tasked with being a ‘human filter’ to check any blocked messages to avoid losing legitimate customer contact.

Some organisations use transport rules instead of block/allow lists to allow more granularity – e.g., filtering more strictly on “actual humans” than on generic “contact us” style addresses where you might reasonably expect to have a greater number of unknown but legitimate contacts.”

Leia Fee, Fast Response Engineer

 

Phishing – September

“Helpdesk are seeing a definite increase in phishing attempts lately including an increase specifically in targeted attempts – external addresses pretending to be senior people in the organisation making requests from other members of staff. It’s been things like ‘Can you buy gift cards for us to send out to customers at such-and-such an address and I’ll re-imburse you from expenses’ – except of course that money is gone to the fraudster!

One automated defence against this which we’ve put in place is to add an alert to emails which have come from outside the organisation – so that if the email claims to be from your boss but the sending email address is not a company one, there’s an extra clue there to make you think twice.” – Leia

Martyn, Solutions Specialist shows what warnings Pisys show:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

 

 

Back to all articles
  • CMS Telecom Logo
  • Samsung logo
  • Office 365 Logo
  • Microsoft
  • Webroot Logo
  • Datto 1