Configure connection to internal services via VPN using two-factor authentication

Make sure that all the services are available outside the office and assess Internet and backup communication channel bandwidth

Install service performance monitoring system. Software is needed for prompt notifying of specialists responsible for risk mitigation of problems in services operating

If an employee works from home on a private PC, you should control operating system and software update installation, antivirus software package proper functioning, conduct malware and virus scan, configure access to terminal servers, provide two-factor authentication

In case an employee works on a corporate PC — deny employee…

We collected the most comical infosecurity incidents to laugh and learn from it. Enjoy, but tread carefully!

Who Wants to Be a Millionaire

A Bollywood drama took place in India. The honest father of the family faced blackmail: he was contacted by a mysterious hacker who threatened to expose his vices to friends, colleagues, and family. The attacker hacked the victim’s email, and changed the password and linked phone number. For keeping secrets and returning access to the mail, he demanded 10 million rupees, which is 137,000 USD.

The man was seriously frightened (was there really something to hide?) and…

Can you identify a person who accepts kickbacks without DLP? How are kickbacks and being keen on poker related? What communication channels do corrupt officials use? Do they have their own slang? We share our real experience of finding those who like illegal methods.

To begin with:

Habitat identification

Two categories of employees who appear to be guilty of kickbacks most often — those who spend money and those who bring it. …

The “Roaring 20s” is no longer a euphemism from the last century, in the 21st the new decade also began loudly. 2020 was marked by upheavals that forced ordinary people, businesses and governments to rethink their habits — including information security. 2020 let us assess what new challenges we faced in information security and figure out what to expect in the future.

The year resulted in the increasing number of threats which became more widespread, and users — both in everyday life and in business — had no time for information security. Moreover, no new types of attacks have appeared…

Telegram bot appeared in the beginning of 2020 but has been discovered recently. This is a paid service, it allows you to call changing your phone number — this is a widespread fraud approach which is frequently used for calls made from a “bank”, “security service”, etc. A person sends command to the bot indicating that the call should be made showing a different phone number, then the number of a recipient and the number which should be displayed during a call (for example, the official bank number) get entered. This type of fraud has been known already. The new…

World

Come visit us, your Nissan

What happened: The source code and internal tools of Japanese company Nissan became publicly available. The leak features the source code of Nissan’s mobile apps, market research tools, customer search and retention data, and important components of diagnostic systems. Nissan’s confidential data was actively distributed through hacker forums and Telegram channels.

Who is to blame: The weakness appeared to be an open Git server, which could be accessed via the standard username-password bundle, namely: admin-admin. The automaker has already confirmed the leak and is investigating the incident. …

These and other ticklish issues regarding the launch of information security solution within your system.

Is the system worth the money spent on it? Risk managers and information security officers know why special software is required, but how do you explain to a businessman that DLP is important? The system’s advantages become obvious during a trial period. According to our analysts’ experience, the

first three hours of the DLP’s work reveal incidents. …

There is a lot of novelty in medicine. Here, we can talk about the emergence of telemedicine, “smart” medical devices, and the digitization of medical cards. These innovations are designed to improve the quality of service and save time for patients and doctors. However, neither doctors nor patients realize how vulnerable medical information becomes.

Not only does digitization simplify the work of medical centre staff, but also reduces the risk of errors in the provision of emergency medical care, when patients can’t provide information on their own. …