Created: Tuesday, 27 October 2020
Written by Ella Coles
A criminal offered a Tesla employee a million dollars to run a program on his work computer. Luckily for Tesla, they reported it and Tesla worked with the authorities to catch the baddies. If the employee had run that program, Tesla likely would have been held to ransom, had their intellectual property stolen etc.
This is a high profile case against a huge organisation, but it is a sign of things to come and will trickle down to small and medium businesses.
Businesses need to protect their IT from employees in other, more ordinary circumstances, eg:
- Deleting everything in their email mailbox before they leave because they honestly believe it’s right thing to do
- Deleting information if they are sacked or about to be
- Stealing information from the business before they leave a company
- Access systems after they have left the company
Small businesses are especially vulnerable as many give all employees access to almost everything. One of the best steps any business can take is to adopt a “Principle of Least Privilege”. Each employee has the minimum access to perform their job and nothing more. A good place to start is:
- Remove admin rights on devices
- Remove admin rights on cloud/web services
- Limit access within line of business applications
- Structure files/folders and limit access
At telanova, we are experts at making sure employees can access what they need to do their job, while limiting access to everything else. Engage telanova as your IT team and we will secure your systems.
Created: Monday, 05 October 2020
Written by Paul Grigg
What would you, or your most trusting colleague do on finding a USB stick in your car park? Would you try and find the owner? Perhaps plug it in and take a look?
One tactic hackers use against valuable targets such as accountants, lawyers, architects, etc is to “drop” a malicious USB stick in their car park. There is a good chance a well meaning employee will plug it in and poke around to try and identify whose it is. Now the hacker has bypassed multiple layers of security and usually the only one left is the antivirus. If that doesn’t catch what’s on the stick then they’re in!
The hacker will then steal your information, attempt bank transfer fraud, encrypt all your information so you can’t access it and hold you to ransom.
Unrestricted USB sticks carry other risks too:
- Unencrypted personal data could violate data protection legislation leading to fines, disqualification etc
- A malicious employee can steal data with no/little trace
- Booby trapped USB devices such as the USB Killer
- Employee time wasting
So, what can you do? For most organisations, cloud storage such as OneDrive or Dropbox can simply replace USB sticks and then you can block USB sticks outright. If your organisation has some niche need for them, then Microsoft Intune has fine grained permissions - e.g. allow particular employees/devices/usb sticks, while blocking the rest.
Engage telanova to implement security measures appropriate for your organization.