ITSecureNow LinkedIn Roundup | November 2023

« Back to Knowledge Center
November 1, 2023

Business Email Compromise (BEC) Schemes in 2023 

This year, a new phishing campaign has been identified that utilizes a toolkit called EvilProxy to harvest credentials and execute account takeover attacks.  

In this campaign, victims are sent phishing emails with a fraudulent link pointing to Indeed before routing the individual to an EvilProxy page to harvest credentials as a part of a BEC scheme.  

Because these campaigns utilize legitimate services, they are incredibly difficult to identify and stop, both for end users and security services.  

The industries that are being targeted in these attacks are banking and financial services, insurance, property management and real estate, and manufacturing.  

Making sure that users are trained to identify questionable emails and links is the best way to defend against these kinds of attacks.  

At ITSecureNow we offer continually updated training to all our customers’ employees making sure that a company’s first line of defense is properly educated.  

November 8, 2023

SEC Files Charges Against Solarwinds and CISO Timothy Brown 

As the SEC charges against Solarwinds and their CISO, Timothy Brown, become clearer, we wanted to take a moment to examine an all too familiar issue at its core.   

 As a Managed Security Services Provider, we are painfully aware that the recommendations of security professionals and the path chosen by decision makers do not always align. This may sound like a “big corporation” problem, but it affects businesses of all shapes and sizes.   

 Knowing that, the question becomes, “When things go wrong, who’s to blame?” The simple truth is that both sides own a piece of the blame.   

 A primary responsibility of any security professional consulting with a client is to understand the impact their security suggestions will have on the operational side of the company’s business. It is only then that the security team can develop a sound and competent security plan to fit the customer’s needs. The corresponding responsibility of the client is to implement the plan to reduce their risk to an “acceptable level.”  

 ITSecureNow collaborates with our clients to create individualized cybersecurity solutions to conform to legal or industry regulations as well as integrate best practices while minimizing the impact on business operations.  

November 15 2023  

The Risks of Auto-Forwarding Emails  

In 2023 the number of emails an individual can receive daily has become excessive. As a result, many professionals set up auto-forwarding rules for their inbox to help with managing their time. This practice is not without its risks though.  

There are three main concerns when it comes to auto-forwarding for companies to be aware of.  

  1. Personally Identifiable Information leakage  
  1. Sensitive proprietary information distribution  
  1. Entry point for malicious actors  

While it is tempting to try to remove as much clutter as possible from one’s inbox it is vitally important to make sure that doing so does not open yourself or anyone else up to unforeseen risk.   

The best practice is to disable auto forwarding for any organization that does not have a business reason for utilizing it. If disabling is not possible then encryption of sensitive information and regular auditing of auto-forwarding rules are a must to ensure a secure operating environment.  

November 29, 2023 

Preparing Your IT Infrastructure for 2024  

With the end of the year quickly approaching, it is common practice for businesses to assess 2023 performance and decide what operational processes need to change. While it is easy to focus on profit and loss, it is important to look at internal processes, systems and infrastructure too. IT Infrastructure is one of the most important internal systems to review.  

Have we grown past our current solutions? Are we losing productivity to IT issues? If we don’t have an in-house professional, how do we make smart decisions?  

One of the best ways to answer these questions is to conduct a third-party IT Assessment. A third-party assessment is a great way to improve communication and transparency by providing a baseline to share with leadership.   

At ITSecureNow we provide FREE IT Assessments completed using our custom IT Checklist to determine if your current solutions are sufficient or if there is VALUE in considering a different approach to IT.