Our cybersecurity advice section provides comprehensive information about the latest online security threats – not only the threats from unfiltered spam emails, but also the risks present on the Internet from malvertising and vulnerable websites onto which malware exploit kits may have been loaded by cybercriminals.
We also provide advice on the precautions that can be taken to heighten cybersecurity defenses and mitigate the risk of inadvertently downloading an infection. The message throughout all of our cybersecurity advice is to protect your network and WiFi systems with an email spam filter and web content control solution.
The Emotet botnet sprang back to life and started sending large volumes of malicious spam emails earlier this month. The botnet consists of hundreds of thousands of computers that have been infected with Emotet malware and is capable of sending huge spam campaigns.
Emotet malware steals usernames and passwords for outgoing email servers, which are used to send emails from a company’s legitimate email server. This tactic helps to ensure the emails are delivered because the mail servers used to send the messages are trusted. The volume of emails sent from those mail servers is also limited to stay under the radar and avoid detection by security teams.
The emails contain a malicious attachment or a hyperlink that directs the recipient to a website where Emotet malware is downloaded. These malicious sites often change, and most commonly are compromised WordPress sites. The attachments are commonly Word documents with malicious macros, which launch PowerShell commands that download the Emotet payload.
Once installed, Emotet starts sending emails to infect more devices but is also used to deliver other malware payloads, typically a banking Trojan such as TrickBot or QakBot. Both Trojans have been distributed by Emotet malware in the latest campaign.
Emotet is one of the main malware threats, and was the leading malware threat in 2018 and 2019. It is also one of the most dangerous. Infection with Emotet will eventually also see a banking Trojan downloaded, and that Trojan is often used to deliver ransomware.
The Emotet gang targets businesses and uses a wide range of lures in its campaigns. Fake invoices, shipping notices, job applications, and purchase orders are often used. A commonly used tactic used which has proven to be extremely effective is the hijacking of email threads. Emotet uses legitimate email threads and inserts links and attachments. The hijacking of email threads adds credibility to the emails, as it appears that the email is a response to a previous conversation with a known and trusted contact. The response appears to be a follow up on a past conversation.
The latest campaign has seen the Emotet gang adopt a new tactic, one that has not been used before. Emotet has been updated to allow email attachments to be added to the emails, in addition to hijacking email threads. Researchers at Cofense intercepted emails sent by Emotet malware, one of which included a hijacked email thread along with 5 legitimate email attachments, a combination of rich text Files (.rtf) and PDFs. The email asked the recipient to “see/review attached”, and a link was included in the body of the email. The attached files were benign, but the link was malicious.
Emotet infections demonstrate quite clearly why it is important to not only filter inbound emails, but to also adopt an email security solution that scans outbound email messages, including outbound emails that are sent internally. Emotet is often spread internally in an organization, so one infected machine often leads to several on the network being infected. These attacks can be incredibly costly to resolve. An Emotet attack on the City of Allentown, PA cost in excess of $1 million to fix.
Spam filtering solutions need advanced threat detection capabilities such as sandboxing to identify malicious attachments, and since emails often change, machine learning capabilities are necessary to identify zero-day attacks – New tactics, techniques, and procedures that have previously not been used.
SpamTitan incorporates all of these advanced threat detection measures and will help to protect you from Emotet and other malware and phishing threats delivered via email. For more information on the capabilities of SpamTitan, to register for a free trial to test the solution, or to book a product demonstration, give the TitanHQ team a call today.
There has been an increase in phishing attacks on remote workers using COVID-19 as a lure over the past few months. Multiple studies suggest the number of COVID-19 related phishing attacks have soared. The anti-phishing training company KnowBe4 placed the rise at about 600% in Q1, 2020, and that rise has continued in Q2.
As was pointed out by Microsoft, the total number of phishing attacks has not increased by any major degree during the COVID-19 public health emergency, as cyber actors have finite capabilities for conducting attacks. What has happened is threat actors have abandoned their standard phishing campaigns and have repurposed their phishing infrastructure and are now using COVID-19 lures, and with good reason.
People crave information about the 2019 Novel Coronavirus, SARS-CoV-2, and COVID-19. There is a thirst for knowledge about the virus, how it infects people, how to prevent infection, and how great the risk is of catching it. With little information available about this new virus, finding out more information required following the news from countries around the world that are involved in research. Unsolicited emails offing important information naturally had a high open rate, so it is no surprise that COVID-19 phishing attacks have increased.
To control the spread of the virus, countries have gone into lockdown, so businesses have had to allow their employees to work from home. The increase in home workers happened very quickly, so businesses did not have the time to prepare properly and that meant new risks were introduced. It is therefore no surprise that there has been an increase in data breaches during the COVID-19 pandemic. Cybercriminals have taken advantage of lapses in security, insufficient staff training, and the vulnerabilities that are introduced when employees are forced to work in an environment that has not been set up remote working.
IT teams have had to rapidly purchase new laptops to allow employees to work outside the office and there has not been time to properly secure those devices. VPN infrastructure was not sufficient to cope with the rapid increase in users. Home networks lack the security of corporate networks, and training employees on working from home securely had to be rushed. In order to allow remote workers to access the data they need, data has had to be moved to the cloud, and that has inevitably resulted in vulnerabilities being introduced. In short, the attack surface has increased considerably, huge numbers of devices are being used outside the protection of the corporate firewall, and new working environments have greatly increased the potential for errors.
Cybercriminals have taken advantage of these new vulnerabilities. Unpatched VPNs and software flaws are being exploited, RDP is being targeted, but phishing and spear phishing attacks offer the easiest way of gaining access to sensitive corporate data and spreading malware and ransomware. Improving phishing defenses is therefore critical.
Important Phishing Defenses for Remote Workers
Improving phishing defenses is one of the most important ways of protecting remote workers, their devices, and the networks and data that they are accessing remotely. Listed below are simple steps you can take to improve security and reduce risk.
Improve Email Security
The easiest way to thwart phishing attacks is to block the emails at source, and that requires a powerful anti-phishing solution. Many businesses have been relying on the standard anti-phishing measures provided with Office 365 – Exchange Online Protection (EOP). EOP is effective at blocking spam and standard (known) phishing attacks, but it is not particularly effective at blocking zero-day threats: New, previously unseen phishing and malware attacks. There have been a great many of zero-day attacks during the COVID-19 lockdown.
They key to improving email security is layered defenses. Adding an extra layer of email security on top of EOP will greatly improve detection rates. It is best not to put all your eggs in one basket and opt for the second (paid) tier of protection offered by Microsoft (Advanced Threat Protection or APT), instead use a third-party dedicated anti-spam and anti-phishing solution that features predictive threat detection and advanced anti-phishing mechanisms to detect zero-day threats. SpamTitan features machine learning, predictive technology, threat intelligence feeds, sandboxing, dual anti-virus engines and more to ensure that zero-day threats are blocked. SpamTitan adds an important extra layer of security, and SpamTitan itself includes layered defenses against phishing attacks.
Implement a Web Filter
Security can be further improved with a web filtering solution such as WebTitan. A web filter adds another layer to your anti-phishing defenses by blocking the web-based component of phishing and malware attacks. If a phishing email does reach an inbox, a web filter can prevent a click on a hyperlink from turning into a data breach. WebTitan provides time of click protection to block attempts by employees to visit malicious websites, such as those used to phish for credentials or distribute malware. WebTitan can be used to block web-based attacks for office and remote workers and allows different controls to be set depending where employees connect to the internet.
Train Staff and Conduct Phishing Simulations
Remote employees need to be trained how to work and access data securely, and that means refresher cybersecurity training should be provided to reeducate employees about cybersecurity best practices. Trai9ning must also be provided on how to work securely from home.
Phishing is the easiest way that employees can be attacked, so they must be trained how to recognize a phishing email. It is also useful to run phishing email simulations on remote workers to find out which employees have taken the training on board and who needs further training. Training can reduce susceptibility to phishing attacks by up to 90%.
Cybercriminals are taking advantage of the 2019 Novel Coronavirus pandemic and are exploiting fear to spread malware and steal data. These tactics many not be new, but these campaigns pose a significant threat in the current climate of global fear and worry.
People are naturally worried about contracting COVID-19 and will be concerned about the wellbeing of their friends and family members. Many people crave new information to help avoid them avoid illness and protect their families. If that information arrives in an inbox, email attachments may be opened, and links clicked to malicious websites.
Even when training is provided to employees and they are taught not to respond to unsolicited messages, open email attachments, or click links in emails from unknown senders, mistakes can still be made. During the COVID-19 crisis, stress levels are high, and this can easily lead to decisions being taken that would not normally be made.
Businesses have been forced to allow their employees to work from home, many of whom are now working in a home environment where there are many distractions. Many people do not have home offices where they can quietly work, and a challenging working environment also makes mistakes more likely. Those mistakes can prove very costly.
Phishing campaigns are being conducted targeting home workers as they are seen as low-hanging fruit and an easy way to gain access to business networks to install malware, ransomware, and steal sensitive data. Several campaigns have been detected that offer important advice on the 2019 novel coronavirus that impersonate authorities on disease control and prevention such as the U.S. Centers for Disease Control and Prevention (CDC), U.S. Department of Health and Human Services, UK National Health Service, and the World Health Organization (WHO). The phishing campaigns are credible, claim to offer important advice, and are likely to be opened by many individuals. These campaigns seek remote access credentials and distribute malware.
Coronavirus maps that display the number of cases per country are being used on many websites, including a legitimate COVID-19 case tracking map on Johns Hopkins University website. One campaign has been detected that uses a carbon copy map and urges users to download a desktop application that allows them to track new cases. The application installs the information-stealing AZORult Trojan. As the COVID-19 crisis has deepened, these phishing and malspam campaigns have increased significantly.
With more people working from home and self-isolating, the risk of malware and phishing attacks has increased significantly. It is therefore important for businesses to make sure that they are properly protected and manage risk. During this difficult time, it is important to provide security awareness training to staff to keep them aware of the threat of cyberattacks and to help them identify malicious messages. Phishing simulation exercises are a useful way of assessing risk and identifying individuals that require further training.
It is also important to implement additional control measure to block attacks at source. There are two main attack vectors being used to target remote workers: Email and the web. Due to the high risk of mistakes by employees it is essential for businesses to have an effective email security solution in place.
The key to improving email security is defense in depth. Layered defenses will greatly improve resilience to phishing and malware attacks. If you are using Office 365 and have yet to augment protection with a third-party email security solution, now is the ideal time. One 2019 study showed that Office 365 protections only block around 75% of phishing attempts. Given the increase in phishing volume, a great many malicious emails will land in inboxes unless protection is improved.
The more time people spend online, the greater the risk. With many workers housebound and self-isolating, online time has increased considerably. Unsurprisingly, the of number of malicious domains being used to distribute malware has increased and drive-by malware attacks have spiked. With corporate laptops being used at home, steps should be taken to limit what employees can do on those laptops. Blocking access to ‘risky’ websites such those distributing pirated TV shows and movies will help to reduce the risk of a malware download, along with controls to prevent the downloading of risky file times such as software installers and executable files.
A web filtering solution will allow you to control the sites that remote employees can access on their corporate laptops and prevent malicious websites from being visited. A cloud-based web filtering solution is the ideal choice as it can be easily implemented to protect all remote workers, without causing any latency issues.
TitanHQ can help you protect your telecommuting workers from email and web-based threats. SpamTitan is a powerful email security solution that compliments Office 365 anti-spam and anti-phishing controls and enhances protection against phishing, spear phishing, and zero-day malware. WebTitan is a cloud-based DNS filtering solution that is simple to implement that allows you to carefully control the online activities of remote employees and block drive-by malware downloads and other web-based threats.
Both solutions can be implemented in a matter of minutes and will greatly improve protection against web and email-based threats. For further information, to book a product demonstration, or to register for a free trial, contact TitanHQ today.
Today there is an increasingly mobile workforce. Workers are able to travel and stay connected to the office and many employees are allowed to work remotely for at least some part of the week. While workers are in the office, security is not a problem for IT departments. Workers connect to the internal network, be that a wired or wireless network, and thanks to the protection of the firewall, their devices and the network are protected. The problem comes when workers move outside the protection of that firewall. Here IT departments struggle to ensure the same level of protection.
When workers are travelling for work or are between the home and the office, they often connect to public Wi-Fi hotspots. Connecting to those hotspots introduces risks. While connected, sensitive information could potentially be disclosed which could be intercepted. Malware could also be inadvertently downloaded. When a connection is made to the work network, that malware could easily be transferred.
Connecting to untrusted Wi-Fi networks is a major risk. These could be legitimate Wi-Fi services provided on public transport, in coffee shops, or city-wide Wi-Fi networks. While these networks may be safe, there is no telling who may be connected to that network. These Wi-Fi networks are often not monitored, and cybersecurity protections may be poor.
There are several possible attack scenarios where an individual could perform malicious acts on users of the Wi-Fi network. One of the biggest risks is a man-in-the-middle attack. In this scenario, a Wi-Fi user will be connected to the network and will believe that they are securely accessing the internet, their email, or even the work network, when the reality is that their connection is anything but secure.
A hacker could be listening in and could obtain information from that connection. Through ARP poisoning, a hacker could trick the Wi-Fi gateway and the user’s device into connecting, and traffic would be routed through the hacker’s device where it is intercepted. An attacker could also create an evil twin hotspot. Here a rogue hotspot is created that closely mimics the genuine hotspot. A Wi-Fi user may mistakenly connect to the evil twin thinking they are connected to the legitimate hotspot. Since the evil twin is operated by the attacker, any information disclosed while connected can be intercepted.
Remote workers must be told never to connect to a Wi-Fi network unless they do so through a VPN than encrypts their data. Employees may forget to connect to their VPN, and if weak passwords are used, even if they are encrypted they could be cracked relatively easily, but with a VPN and password policies, risk will be reduced to a reasonable level.
Wi-Fi networks tend not to have the same protections as corporate networks, so there may be little restrictions on the types of website that can be accessed while connected. To protect remote workers, a DNS filter such as WebTitan should be used.
A DNS filter performs content control at the DNS lookup stage when a user attempts to access the internet. When a web address is entered in the browser, the DNS server looks up the fully qualified domain name (FQDN) and matches it with the IP address of the website. The browser is provided with the IP address and the server is contacted and the content is downloaded. With a DNS filter, before any content is downloaded, it is subject to certain rules. For instance, category-based filtering could be used to prevent adult content from being accessed. An attempt would be blocked before any content is downloaded. Importantly for security, the DNS filter would prevent the user from visiting any known malicious website. A phishing site for instance or a site known to harbor malware. With a cloud-based DNS filtering service, all filtering takes place in the cloud and there is no latency regardless of where the individual is located. DNS filtering protects workers on corporate networks as well as remote workers.
A further control that is useful is an email filtering solution, such as SpamTitan, that incorporates Domain-Based Message Authentication, Reporting, and Conformance (DMARC).
In the event of a user’s email credentials being obtained in a man-in-the-middle attack via a rogue Wi-Fi hotspot, their email account could be accessed by the attacker. Since legitimate credentials are being used, this would not generate any alerts and the attacker could peruse the email account in their own time. If the account is used to send phishing messages, as they often are, DMARC will prevent those messages from being delivered and will alert the company to the issue.
The DMARC element of the spam filter checks the sender’s IP address to make sure it matches the IP on the DNS servers for the sender’s organization to make sure they match. If the IP is not authorized to send messages from that domain, the messages will be rejected or quarantined, and the company would be alerted to the phishing attack. The same is true for spoofing of email addresses.
SpamTitan also includes dual anti-virus engines to identify malware sent via email and sandboxing to help catch previously unknown malware variants that have yet to have their signatures uploaded to AV engines. Any malware sent via email will also be quarantined to keep inboxes free of threats.
If you run a business and allow workers to connect remotely, speak to TitanHQ today to find out more about how you can better protect your remote workers, and your business, from cyberattacks conducted via email and the web.
Our team of highly experienced staff will walk you through the benefits of DNS and spam filtering, can schedule a personalized product demonstration, and will help you get set up for a free trial of SpamTitan and WebTitan. You can then evaluate both solutions in your own environment. Both solutions can be set up and protecting you in a matter of minutes.
The increase in cyberattacks on law firms has highlighted a need for greater security protections, especially to protect against phishing, malware, and ransomware.
According to a recent Law.com report, more than 100 law firms are known to have experienced cyberattacks in the past five years: Cyberattacks that have resulted in hackers gaining access to sensitive information and, in many cases, employee, attorney, and client information.
Investigations such as this are likely to uncover just a small percentage of successful cyberattacks, as many are resolved quietly and are not reported. Many law firms will be keen to keep a cyberattack private due to the potential damage it could do to a firm’s reputation. The reputation of a law firm is everything.
As Law.com explained, there are different data breach reporting requirements in different states. If there is no legal requirement to report the data breaches, they will not be reported. That means that only if reportable information has potentially been compromised will the breach be reported to regulators or made public. It is therefore not possible to tell how many successful cyberattacks on law firms have occurred. However, there has been a steady rise in reported cyberattacks on law firms, as is the case with attacks on other industry sectors. Law.com’s figures are likely to be just the tip of the iceberg.
From the perspective of cybercriminals, law firms are a very attractive target. The types of information stored on clients is incredibly valuable and can be used for extortion. Information on mergers and takeovers and other sensitive corporate data can be used to gain a competitive advantage. Cybercriminals are also well aware that if they can deploy ransomware and encrypt client files, there is a higher than average probability that the ransom will be quietly paid.
Based on the information that has been made public about law firm data breaches, one of the main ways that law firms are attacked is via email. Many of the data breaches started with a response to a phishing or spear phishing email. Phishing allows cybercriminals to bypass even sophisticated cybersecurity protections as it targets a well-known weakness: Employees.
Employees can be trained to be more security aware and be taught how to recognize potential phishing emails, but phishers are conducting ever more sophisticated campaigns and every employee will make a mistake from time to time. That mistake could be all that it takes to compromise a computer, server, or a large part of a network.
One firm contacted for the report explained that it had implemented advanced cybersecurity protections that were undone with a phishing email. The digital security measures it had in place greatly restricted the harm caused, and there was no evidence that the attacker had accessed sensitive information, but the attack did succeed.
In response, the law firm implemented more advanced security protocols, implemented a more aggressive spam filter, multi-factor authentication was used more widely, and it revised its policies and procedures and training. Had those measures been implemented in advance, it may have been possible to block the attack.
The response was to implement more layered defenses, which are critical for blocking modern cyberattacks. Overlapping layers of security ensure that if one measure fails, others are in place to prevent an attack from succeeding.
This is an area where TitanHQ can help. TitanHQ has developed cybersecurity solutions that can fit seamlessly into existing security stacks and provide extra layers of security to block the most common attack vectors. TitanHQ’s email and web security solutions – SpamTitan and WebTitan – provide advanced protection without compromising usability.
Since many clients prefer to communicate via email, it is important for all incoming attachments to be analyzed for malicious code. Extensive checks are performed on all incoming (and outgoing) emails, with SpamTitan able to block not only known malware but also zero-day threats. SpamTitan also includes DMARC email authentication to block email impersonation attacks and sandbox to analyze suspicious files and identify malicious or suspicious activity.
WebTitan provides protection from web-based threats. Most malware is now delivered via the internet, so a web security solution is essential. WebTitan is a DNS filtering solution that protects against all known malicious sites. It is constantly updated in real time through threat intelligence services to ensure maximum protection. The solution provides advanced protection against drive-by downloads and malicious redirects to exploit kits and other malicious sites and provides and important additional layer of security to protect against phishing attacks.
Law firms will no doubt prefer to host their cybersecurity solutions within their own environments or private clouds, which TitanHQ will happily accommodate.
For further information on TitanHQ’s cybersecurity solutions for law firms, contact the TitanHQ team today. Managed Services Providers serving the legal industry should contact TitanHQ’s channel team to find out more about the TitanShield program and discover why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.
Ransomware attacks slowed in 2018 but the malicious file-encrypting malware is back with a vengeance. Ransomware attacks on educational institutions have soared this year, and as the attackers are well aware, these attacks can be extremely profitable.
There have been 182 reported ransomware attacks so far this year and 26.9% of those attacks have been on school districts and higher education institutions. The increase has seen education become the second most targeted sector behind municipalities (38.5%) but well ahead of healthcare organizations (14.8%).
The reason why the number of ransomware attacks on educational institutions, healthcare, and municipalities is so high compared to other sectors is because attacks are relatively easy to perform and there is a higher than average chance that the ransoms will be paid.
Attacks on municipalities mean they can’t access computer systems, and essential services grind to a halt. Police departments can’t access criminal records, courts have to be shut down, and payments for utilities cannot be taken. If hospitals can’t access patient data, appointments have to be cancelled out of safety concerns. In education, teachers cannot record grades and student records cannot be accessed. Administration functions grind to a halt and a huge backlog of work builds up.
Some of the recent ransomware attacks on school districts have seen schools forced to send students home. Monroe-Woodbury Central School District in New York had to delay the start of the school year due to its ransomware attack. If students need to be sent home, there is often backlash from parents – Not only because their children are not getting their education, but childcare then needs to be arranged.
The costs of these attacks are considerable for all concerned. Each day without access to systems costs schools, universities, municipalities, and hospitals a considerable amount of money. Downtime is by far the biggest cost of these attacks. Far greater than any ransom payment.
It is no surprise that even when ransom demands are for tens or hundreds of thousands of dollars, they are often paid. The cost of continued losses as a result of the attacks makes paying the ransom the most logical solution from a financial perspective. However, paying the ransom sends a message to other cybercriminals that these attacks can be extremely profitable, and the attacks increase.
The huge cost of attacks has seen educational institutions take out insurance policies, which typically pay the ransom in the event of an attack. While this is preferable financially for the schools, it ensures that the attackers get their pay day. Some studies have suggested that attackers are choosing targets based on whether they hold insurance, although the jury is out on the extent to which that is the case.
In total, 49 school districts and around 500 K-12 schools have been affected by ransomware attacks this year. While the ransomware attacks on school districts have been spread across the United States, schools in Connecticut have been hit particularly hard. 7 districts have been attacked, in which there are 104 schools.
Prevention of these attacks is key but securing systems and ensuring all vulnerabilities are identified and corrected can be a challenge, especially with the limited budgets and resources of most schools. Cybersecurity solutions need to be chosen wisely to get the maximum protection for the least cost.
A good place to start is by addressing the most common attack vectors, which for ransomware is Remote Desktop Protocol and email-based attacks.
Remote Desktop Protocol should be disabled if it is not required. If that is not possible, connection should only be possible through a VPN. Rate limiting should also be set to block access after a number of failed login attempts to protect against brute force password-guessing attacks.
Email security also needs to be improved. Massive spam campaigns are being conducted to distribute the Emotet banking Trojan, which serves as a downloader for Ryuk ransomware and others. Embedded hyperlinks in emails direct end users to sites where they are encouraged to download files that harbor malware, or to exploit kits where ransomware is silently downloaded.
Advanced spam filters should be deployed that incorporate sandboxing. This allows potentially suspicious email attachments to be checked for malicious activity in a safe environment. DMARC email authentication is also important as it is one of the best defenses against email impersonation attacks. SpamTitan now incorporates both of these measures.
A DNS based content filtering solution is also beneficial as an additional protection against malware downloads and phishing attacks. Not only can the content filter be used to ensure compliance with CIPA, it will prevent end users from visiting malicious websites where ransomware is downloaded.
Email attacks usually require some user interaction, which provides another opportunity to block the attacks. By educating all staff and students on the risks, they can be prepared for when malicious emails arrive in their inboxes and will be conditioned how to respond.
It is often the case that breached entities only implement these measures after an attack has occurred to prevent any further attacks from succeeding. By taking a more proactive approach and implementing these additional security measures now, costly, disruptive attacks can be avoided.
For more information on ransomware defenses such as email and DNS filters for educational institutions, give the TitanHQ team a call today. You are likely to find out that these security measures are far cheaper than you think… and naturally a great deal less expensive than having to deal with an attack.
2017 was a bad year for ransomware attacks, but as 2018 progressed it was starting to look like the file-encrypting malware was being abandoned by cybercriminals in favor of more lucrative forms of attack. Between 2017 and 2018 there was a 30% fall in the number of people who encountered ransomware compared to the previous year, and the number of new ransomware variants continued to decline throughout 2018; however, now, that trend has been reversed.
2019 has seen a sharp increase in attacks. Figures from Malwarebytes indicate there was a 195% increase in ransomware attacks in Q1, 2019 and that increase has continued in Q2. A new report from Kaspersky Lab has shown that not only are attacks continuing to increase, the number of new ransomware variants being used in these attacks is also increasing sharply.
Kaspersky Lab identified 16,017 new ransomware modifications in Q2, 2019, which is more than twice the number of new ransomware modifications detected in Q2, 2018. In addition to updates to existing ransomware variants, Q2, 2019 saw 8 brand new malware families detected.
Kaspersky Lab tracked 230,000 ransomware attacks in Q2, which represents a 46% increase from this time last year. Far from ransomware dying a slow death, as some reports in 2018 suggested, ransomware is back and is unlikely to go away any time soon.
Not only are attacks increasing in frequency, ransom demands have increased sharply. Ransom demands of hundreds of thousands of dollars are now the norm. Two Florida cities paid a combined total of $1 million for the keys to unlock files encrypted by ransomware. Jackson County in Georgia paid $400,000 for the keys to unlock the encryption that crippled its court system, and recently, a massive ransomware attack that impacted 22 towns and cities in Texas saw a ransom demand of $2.5 million issued.
Earlier this year, the developers of GandCrab ransomware shut down their popular ransomware-as-a service offering. They claimed to have made so much money from attacks that they have now taken early retirement. Despite GandCrab ransomware being one of the most widely used ransomware variants for the past 18 months, the shut down has not been accompanied with a reduction in attacks. They continue to increase, as other ransomware-as-a-service offerings such as Sodinokibi have taken its place.
Ransomware attacks are increasing because they are profitable, and as long as that remains the case, ransomware is here to stay. Businesses are getting better at backing up their data but recovering files from backups and restoring entire systems is a difficult, time-consuming, and expensive task. When major attacks are experienced, such as those in Texas, recovering systems and files from backups is a gargantuan task.
Attackers realize this and set their ransom demands accordingly. A $400,000 ransom demand represents a sizable loss, but it is a fraction of the cost of recovering files from backups. Consequently, these sizable ransoms are often paid, which only encourage further attacks. It is for this reason that the FBI recommends never paying a ransom, but for many businesses it is the only option they have.
Businesses naturally need to develop plans for recovering from an attack to avert disaster in the event of ransomware being installed on their network, but they must also invest in new tools to thwart attacks. At the current rate that attacks are increasing, those tools need to be implemented soon, and that is an area where TitanHQ can help.
To find out more about email and web security solutions that can block ransomware and protect your network, give the TitanHQ team a call.
A Google Calendar phishing campaign is being conducted that abuses trust in the app to get users to click malicious hyperlinks.
Cybercriminals are constantly developing new phishing tactics to convince end users to click links in emails or open email attachments. These campaigns are often conducted on organizations using Office 365. Campaigns are tested on dummy Office 365 accounts to make sure messages bypass Office 365 spam defenses.
Messages are carefully crafted to maximize the probability of an individual clicking the link and the sender name is spoofed to make the message appear to have been sent from a known and trusted individual.
Businesses that implement email security solutions that incorporate DMARC authentication can block the vast majority of these email spoofing attacks. Office 365 users that use a third-party anti-phishing solution for their Office 365 accounts can make sure malicious messages are blocked. Along with end user training, it is possible to mount a solid defense against phishing and email impersonation attacks.
A new phishing tactic is being used in an active campaign targeting businesses which achieves the same aim as an email-based campaign but uses a personal calendar app to do so.
Phishing campaigns have one of two main aims – To steal credentials for use in a further attack or to convince the user to install some form of malware or malicious code. This is most commonly achieved using an embedded hyperlink in the email that the user is urged to click.
In the Google Calendar phishing attacks, events are added into app users’ calendars along with hyperlinks to the phishing websites. This is possible because the app adds invites to the calendar agenda, even if the invite has not been accepted by the user. All the attacker needs to do is send the invite. As the day of the fictitious event approaches, the user may click the link to find out more. To increase the likelihood of the link being clicked, the attacker sets event reminders so the link is presented to the user on multiple occasions.
This attack method is only possible with Google Calendar in its default setting. Unfortunately, many users will not have updated their settings after installation and will be vulnerable to Google Calendar phishing attacks.
To prevent these attacks, on the desktop application settings menu click on:
Event Settings > Automatically Add Invitations
Select the option, “No, only show invitations to which I’ve responded.”
Navigate to “View Options”and ensure that “Show declined events” is not checked.
The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about the increasing number of phishing websites using HTTPS.
The green padlock next to a URL once gave an impression of security. Now it is a false sense of security for many internet users.
HTTPS or Hyper Text Transfer Protocol Secure to give it its full name, indicates the website holds a valid certificate from a trusted third-party. That certificate confirms that the website is secure and any data transmitted between the browser and the website will be encrypted to prevent interception in transit.
The public has been taught to look for the green padlock and HTTPS before entering card details or other sensitive information. However, the padlock does not mean that the website being visited is genuine. It only means any information transmitted is secured in transit between the browser and the website.
If you are buying a pair of shoes from Amazon, all well and good. If you are on a website controlled by a cybercriminal, HTTPS only means that the cybercriminal will be the only person stealing your data.
Cybercriminals create realistic phishing webpages that imitate well-known brands such as Microsoft and Google to obtain login credentials or banks to obtain banking information. These phishing pages can be set up on dedicated phishing websites or phishing kits can be added to previously compromised websites. Traffic is then generated to those webpages with an email phishing campaign.
If one of the links in the email is clicked, a user will be directed to a website that requests some information. If the website starts with HTTPS and displays the green padlock, the user may mistakenly believe the site is genuine and that it is safe to disclose sensitive information.
The IC3 alert was intended to raise awareness of the threat from HTTPS phishing and make the public aware of the true meaning of the green padlock and never to trust a website because it starts with HTTPS.
Businesses should take note and make sure they include HTTPS phishing in their security awareness training programs to raise awareness of the threat with employees.
A web filter can greatly reduce the risk of HTTPS phishing attacks, provided the web filter has the capability to decrypt, scan, and re-encrypt HTTPS traffic.
WebTitan provides real-time protection against web-based attacks and uses a constantly updated database of 3 million known malicious sites to block attempts to visit phishing websites. WebTitan is capable of SSL inspection and can inspect HTTPS traffic, block specific applications within a webpage, and display alerts or block sites with fake https certificates.
If you want to improve protection against web-based attacks, contact the TitanHQ team today for more information about WebTitan.
Phishing is the number one threat faced by businesses and attacks are increasing across all industry sectors. Businesses of all sizes are being targeted by hackers. The risk of phishing attacks should not be underestimated.
The High Cost of a Data Breach
A successful phishing attack that results in a data breach can be incredibly costly to resolve. A 2019 Radware survey suggests the cost of a successful cyberattack has increased to $1.1 million, while the Ponemon Institute’s Cost of a Data Breach Study in 2018 placed the average cost at $3.86 million.
The Anthem Inc. data breach of 2015, that resulted in the theft of 78.8 million health plan members’ personal information, started with a phishing email. The attack resulted in losses well over $100 million.
In 2017, a phishing email sent to a MacEwan University employee resulted in a fraudulent wire transfer of $11.8 million to the attacker’s bank account.
Essential Anti-Phishing Controls for Businesses
For most businesses there are two essential elements to anti-phishing defenses. A spam filtering solution to identify phishing emails and block them before they are delivered to employees’ inboxes and training for staff to ensure that if a malicious email makes it past the perimeter defenses, it can be identified as such before any harm is caused.
A spam filter is quick and easy to implement, although care must be taken to choose the correct solution. Not all spam filtering and anti-phishing solutions are created equal.
The Danger of Relying on Office 365 Anti-Phishing Controls
Many businesses now use Office 365 for email. 155 million business (and growing) are now using Office 365. That makes Office 365 a major target for hackers.
Microsoft does provide anti-phishing and anti-spam protection through its Advanced Threat Protection (APT) offering for Office 365. APT is an optional extra and comes at an additional cost.
APT provides a reasonable level of protection against phishing, but ‘reasonable’ is not sufficient for many businesses. APT is certainly better than nothing, but it does not provide the same level of protection as a third-party spam filtering solution from a dedicated cybersecurity solution provider.
Hackers use Office 365 accounts protected by APT to test their phishing campaigns to make sure they can bypass Office 365 controls. Hackers can easily tell which businesses are using Office 365 as it is broadcasted through public DNS MX records, so finding targets is easy.
With a third-party solution implemented, businesses will be much better protected. Hackers can tell that a business is using Office 365, but they will not know that it has advanced spam defenses from a third-party solution provider. This multi-layer approach is essential if you want to ensure you are well protected against phishing attacks.
SpamTitan is a leading spam filtering solution for businesses that is highly effective at blocking phishing and other malicious emails. Independent tests confirm the solution blocks more than 99.9% of spam and malicious emails and 100% of known malware through its two AV engines. It is a perfect addition to Office 365 to provide even greater protection against phishing threats.
Don’t Underestimate the Importance of Security Awareness Training
No technical anti-phishing solution will be 100% effective, 100% of the time. Hackers are constantly developing new techniques to bypass organizations’ defenses and occasionally messages may be delivered. Employees must therefore be trained how to identify malicious messages and conditioned to be alert to the threat of attack. Employees are the last line of defense in an organization and that defensive line will be tested.
A once a year training session may have been sufficient in the past, but the increased threat of attack means far more frequent training is required. To develop a security culture, it is necessary to have regular training sessions and use a variety of different methods to reinforce that training.
Twice a year formal training sessions should be accompanied by more frequent CBT mini-training sessions, cybersecurity newsletters, posters, and phishing email simulations to identify weaknesses.
SMBs are Being Targeted by Hackers
Many SMB owners think that their business is too small to be targeted by hackers. While large organizations are attacked more frequently, SMB cyberattacks are far from uncommon.
The 2018 State of Cybersecurity in Small and Medium Size Businesses study conducted by the Ponemon Institute showed that 67% of SMBs had experienced a cyberattack in the past 12 months and 58% had experienced a data breach.
Due to the high risk of cyberattacks, the increased number of phishing attacks on SMBs, defenses need to be improved. Businesses that fail to implement appropriate cybersecurity solutions and train staff how to identify phishing emails are a data breach waiting to happen.
Fortunately help is at hand. If you want to improve your defenses against phishing, contact TitanHQ to chat about your options.
The biggest problem with compiling a comparison of WebTitan Cloud v Cisco Umbrella is that the Cisco Umbrella range consists of four packages with an increasing number of capabilities per package. Additionally, there is a lack of transparency about Cisco Umbrella pricing and how many add-ons a business may need to filter the Internet effectively.
When Cisco Systems Inc. acquired OpenDNS in 2015, there was only one Cisco DNS filtering and Internet security package available – the former OpenDNS Umbrella. Since the acquisition, Cisco has broken down the Umbrella into four sets of capabilities – ostensibly to better meet the needs of all businesses; but, in practice, to disguise the cost of the packages.
By comparison, WebTitan Cloud is similar in many ways to v1 launched in 2009. Naturally there have been some improvements made to its capabilities along the way; however, the DNS filtering and Internet security solution is still as flexible and scalable as ever it was to meet the needs of businesses and Managed Service Providers (MSPs) of all sizes.
WebTitan Cloud v Cisco Umbrella Comparison
The best way to compare WebTitan Cloud v Cisco Umbrella is to list a selection of capabilities in each Cisco Umbrella package and then see where WebTitan Cloud fits into the range. The following is a snapshot of the capabilities of each Cisco Umbrella package which demonstrates how the sophistication of each package increases as you work through the range:
The key points to note are:
The DNS Essentials package does not inspect and decrypt SSL traffic. This means that any encrypted website that has not yet been identified as a threat will bypass the DNS filter.
Both the DNS Essentials and DNS Advantage packages lack granular filtering inasmuch as it is only possible to block or allow website access by domain name, rather than by URL.
Although classified as a Secure Access Service Edge (SASE) solution, the SIG Essentials package lacks some key service edge security capabilities and is limited in others.
The SIG Advantage package includes many capabilities that businesses may already have access to via other security solutions (i.e., Microsoft Sentinel, Amazon Security Lake, etc.).
There is a mandatory cost for onboarding and technical support by phone. Customers who pay extra for premium support are prioritized when technical support is required.
There is a lack of transparency about pricing, and anecdotal evidence suggests licensing costs and the cost of optional add-ons can be negotiated – especially with resellers.
Cisco operates two MSP programs – neither of which allows MSPs and MSSPs a white label product to rebrand as their own. Only co-branding is tolerated.
Where WebTitan Cloud Fits Into the Cisco Umbrella Range
>WebTitan Cloud is a fully featured DNS filtering and Internet security solution that includes or betters all the capabilities of Cisco´s DNS Advantage package and includes several capabilities of the SIG Essentials package – including granular filtering so that businesses can block or allow Internet access by URL, group, individual, time, location, and more.
Naturally, WebTitan Cloud does not include SecureX and Cisco Investigate integration. Instead, WebTitan Cloud´s threat database is updated in “real-time” to mitigate the risk of emerging threats evading detection and reduce the need for threat response services. WebTitan Cloud also includes “Zero-Minute” protection against emerging phishing threats.
Importantly, with WebTitan Cloud, what you see is what you get. Customer support is included in the subscription cost, there are no optional add-ons, or the need to subscribe to other WebTitan services to take advantage of the full range of DNS filtering and Internet security capabilities. Also, for MSPs and resellers, WebTitan Cloud is available as a white label service.
In terms of subscription costs, the maximum price business will pay for WebTitan Cloud in 2023 is $1.58 per user per month – the price decreasing according to the number of users and length of subscription. Unlike Cisco, it is not necessary to pay the subscription cost all upfront in order to take advantage of WebTitan Cloud pricing, and there is no premium for monthly payments.
WebTitan Cloud v Cisco Umbrella Conclusion
Our comparison of WebTitan Cloud v Cisco Umbrella demonstrates that, if a business has subscribed to a DNS Essentials or DNS Advantage package and is paying more than $1.58 per user per month once the mandatory and optional add-ons are taken into account, it makes economic sense to switch to WebTitan Cloud. Not only will the business save money, but it will also have more protection against web-borne threats and more control over Internet activity.
If you subscribe to a Cisco Umbrella DNS filtering and Internet security service, it may be worth your while considering a change from Cisco Umbrella to WebTitan Cloud. In this post we explain some of the main benefits of changing from Cisco Umbrella to WebTitan and illustrate this with an example from the education sector.
Cisco Umbrella has evolved from the former OpenDNS Enterprise service to a four-tiered DNS filtering and Internet security service. At the entry-level tier, businesses get a less-than-ideal service with basic web filtering capabilities that lack SSL decryption and inspection; while, at the top tier, businesses can find themselves paying for services they may never use or that are already present in other security solutions.
Selecting the right tier of service to best protect the business from web-borne threats and control Internet activity is not the only challenge. One of the reasons businesses change from Cisco Umbrella to WebTitan is a lack of transparency about the cost of Cisco Umbrella – notwithstanding that businesses not only have to pay the licensing fee, but also the cost of mandatory and optional add-ons to maximize the effectiveness of the service.
Cisco Umbrella Licensing
Like most software services, Cisco Umbrella licensing is via a subscription service. Terms are for one year or three years, and in most cases must be paid all upfront. The licensing cost does not include mandatory onboarding and technical support, while there is a further “optional add-on” for premium support if a business wants its calls to support to be prioritized. Basically, businesses have to pay twice to get a decent level of support from Cisco.
Other optional add-ons vary according to which tier is subscribed to – and some are not available in all tiers. For example, if you want to identify which internal IP address was responsible for a malware download, you have to subscribe to a secondary Cisco service. However, this option is not available to subscribers of the DNS Essentials tier. Other optional add-ons and limitations by tier are illustrated in the table below.
Cisco Umbrella Pricing
Cisco Umbrella pricing is variable depending on the number of users, the length of the subscription, the location of the business, and any discounts negotiated with Cisco directly or a reseller. Some resellers do advertise fixed-price Cisco Umbrella packages, but it is often not possible to tell whether or not the cost of mandatory onboarding and technical support is included – or what additional optional add-ons are included in the price.
Anecdotal evidence suggests that businesses pay from $2.20 per user per month for the ineffective DNS Essentials service, while the DNS Advantage service – which lacks granular block and allow lists – costs up to $5.50 per user per month. Nobody appears to be prepared to disclose what they are paying for the SIG Essentials or SIG Advantage tiers, or whether they are able to take advantage of all the services´ capabilities.
Why Change from Cisco Umbrella to WebTitan?
WebTitan is a fully featured, cloud-based DNS filtering and Internet security service that includes most of the capabilities of the DNS Advantage tier and some of the capabilities of the SIG Essentials tier. The capabilities not included in WebTitan Cloud are SecureX and Investigate threat response integration. This is because WebTitan Cloud updates its threat intelligence database in real time and include “zero-minute” protection against phishing URLs to mitigate the need for threat response.
Additionally, although the cost of WebTitan Cloud varies according to the number of users and length of subscription, the price you see is the price you pay. Customer support is included in the subscription cost, and there are no optional add-ons or the need to subscribe to a secondary service to take advantage of WebTitan´s capabilities. In terms of cost, the maximum a business will pay for WebTitan Cloud in 2023 is $1.58 per user per month. The option also exists for monthly payments.
Case Study Background
Web Filtering for Schools and Libraries and CIPA Compliance
Web filters are a requirement of the Children’s Internet Protection Act (CIPA). CIPA was enact by congress in 2000 and is concerned with protecting minors from harmful website content such as pornography. CIPA requires schools and libraries to implement an Internet safety policy that addresses the safety and security of minors online.
To comply with CIPA, measures must be introduced to block access to obscene content, child pornography, and other web content that is considered to be harmful to minors. Additionally, schools must educate minors about appropriate online behavior and monitor the online activities of minors.
While there are many choices of web filters for schools that can help them comply with CIPA, not all solutions are created equal. While it is usually easy to block access to harmful content, with some solutions monitoring user activity can be difficult and time consuming, and solutions as feature-rich and complex as Cisco Umbrella may be considered overfill for schools and libraries only looking to block access to obscene images.
Case Study
Why Did Saint Joseph Seminary College Change from Cisco Umbrella to WebTitan?
There is no doubt that Cisco has developed a powerful web filtering solution in Umbrella that can offer protection from web-based threats and allow content control, but the solution is not without its drawbacks.
One of the main downsides is usability, especially monitoring the online activities of users, something that is particularly important for CIPA compliance. It was proving to be particularly difficult for Saint Joseph Seminary College, which needed to quickly identify attempts by students to access restricted content.
“I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph Seminary College IT Director Todd Russell. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.” The complexity of the user interface made the solution unpopular with IT staff and the complexity was jeopardizing security.
Ease of use was a major problem, but the troubles didn’t end there. There was also the issue of cost. “We found that once Cisco bought OpenDNS, they began upping the Umbrella pricing every year at renewal time. Despite the repeated price increases, the service was not improving and there was no additional value offered,” explained Russell.
Cost and usability issues prompted Russell to look for a Cisco Umbrella alternative. After assessing various Cisco Umbrella alternatives, the decision was taken to switch from Cisco Umbrella to WebTitan. “It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
“I am able to quickly scan an entire previous day of blocked traffic and take a closer look at the full traffic on any users that raise a concern in a matter of minutes. This has saved me an enormous amount of time when I need to examine a user’s traffic, but it has also made it possible for me to keep close tabs on our traffic.” All the information required was accessible with just two clicks.
In terms of time savings gained from using WebTitan and the lower cost of running the solution, the college has been able to make significant cost savings as well as identify and remediate issues immediately, which means greater safety and security for students.
Are You Looking for an Alternative to Cisco Umbrella?
If you are currently using Cisco Umbrella and are frustrated with the interface and are unable to easily get the information you need, or if you are looking for a lower-cost alternative to Cisco Umbrella that will not jeopardize security, you have nothing to lose by evaluating WebTitan.
Contact the WebTitan team today via the links at the top of the page and you can arrange a product demonstration and set up a free trial of the full solution to see for yourself the difference it makes. In the words of Todd Russell, “That brief demo was all I needed to know that WebTitan would serve my needs much better than Umbrella and I have been thrilled with the improvements to my workflow since switching over.”
It is straightforward to implement security controls to protect wired networks, but many businesses fail to apply the same controls to improve WiFi security, often due to a lack of understanding about how to improve wireless access point security. In this post we cover some of the main threats associated with WiFi networks and explain how easy it can be to improve wireless access point security.
Wireless Access Points are a Security Risk
Most businesses now apply web filters to control the types of content that can be accessed by employees on their wired networks but securing wireless networks can be more of a challenge. It is harder to control and monitor access and block content on WiFi networks.
Anyone within range of the access point can launch an attack, especially on public WiFi hotspots which have one set of credentials for all guest users. It is therefore essential that controls are implemented to improve wireless access point security and protect users of the WiFi network.
WiFi Security Threats
A single set of credentials means cybercriminals are afforded a high degree of anonymity. That allows them to use WiFi networks to identify local network vulnerabilities virtually undetected. They could conduct brute force attacks on routers, for example, or use WiFi access to inject malware on servers that lack appropriate security. If access is gained to the router, attacks can be launched on connected devices, and malware can be installed on multiple end points or even POS systems to steal customers’ credit/debit card information.
The cyberattack on Dyn is a good example of how malware can be installed and used for malicious purposes. The DNS service provider was attacked which resulted in large sections of the Internet being made inaccessible. A botnet of more than 100,000 compromised routers and IoT devices was used in the attack.
Man-in-the-Middle attacks are also common on Wi-Fi networks. Any unencrypted content can be intercepted, such as if information is exchanged between a user and a HTTP site, rather than HTTPS, if a VPN is not used.
Public WiFi networks are often used for all manner of nefarious purposes due to the anonymity provided. If users take advantage of that anonymity to access illegal content and download child pornography or perform copyright infringing downloads of music, films, and TV shows from P2P file sharing sites, an investigation would center on the hotspot provider. Questions would likely be asked about the lack of security controls to prevent illegal website access.
The Easy Way to Improve Wireless Access Point Security
The easy way to improve wireless access point security is a web filtering solution. Web filtering solutions are usually implemented by businesses to secure wired networks, but solutions also exist to improve wireless access point security.
A web filter forms a barrier between the users of the network and the Internet. Controls can be applied to stop users from accessing dangerous, illegal, or inappropriate website content. Even if each user has their own access controls, without a web filter, users will still be vulnerable to malware attacks and phishing attempts and the hotspot provider may be liable for illegal activities over the WiFi network.
There are two ways of implementing WiFi web filtering to improve wireless access point security. One is to rely on a list of categorized domain names and use that to control content. The other is DNS-layer web filtering, which uses the DNS lookup process that is required before any user is directed to a website after entering the domain name into their browser. The DNS server turns the domain name into an IP address to allow the web page to be found.
Why DNS Filtering is Best Way to Improve Wireless Access Point Security
The main difference between the two types of web filtering is the point at which access is blocked. With a traditional web filter, content is first downloaded before it is blocked, which is a risk. With DNS-layer filtering, content is blocked during the lookup process before content is downloaded.
If content is downloaded before being blocked, this will naturally have an impact on available bandwidth. DNS-layer filtering has no impact on bandwidth, since the content is blocked before it is downloaded.
DNS filtering does not need to be integrated with other systems and it works across all devices and operating systems, since they all use DNS servers to access websites.
DNS filtering is also quick and easy to implement. No appliances need to be purchased, hardware doesn’t need to be upgraded, and no software downloads are required. A simple change to the DNS is all that is required to point it to the provider’s DNS server. It is also much easier to maintain. No software updates are necessary and, in contrast to other security solutions, no patching is required. It is all handled by the service provider.
WebTitan Cloud for WiFi – The Leading Wireless Access Point Security Solution
TitanHQ has set the standard for WiFi security with WebTitan Cloud for WiFi. WebTitan Cloud for WiFi gives businesses the opportunity to implement bulletproof WiFi security to protect end users from online threats, block malware downloads, and carefully control the content that can be accessed by wireless network users.
Businesses that run WiFi hotspots can quickly and easily implement the solution and let TitanHQ secure their WiFi networks and provide the massive processing power to fight current and emerging web-based threats. With WebTitan Cloud for WiFi, businesses can instead concentrate on profit-generating areas of the business.
If you want to improve wireless access point security, contact TitanHQ for further information on WebTitan cloud for WiFi. Our security experts will be happy to schedule a product demonstration and set up for a free trial.
FAQs
Can I secure multiple access points at different geographical locations?
WebTitan is a DNS-based web filtering solution that sees all filtering take place in the cloud. Being cloud-based, WebTitan can be used to filter the Internet at any location, for both wired and wireless networks. You can protect multiple access points through the same solution, even if those access points are in different cities or countries. You can set controls for each access point through a single web-based user interface.
Can I set different filtering controls for employees and guest users?
With WebTitan you have full control over the content that can be accessed by all users of your access points. You can set different filtering controls for individuals, departments, user groups such as guest users, and the entire organization. You have highly granular control over the content that can be accessed, with filtering by category, keyword, and URL filtering.
Is it possible to bypass filtering on access points?
Most people will attempt to bypass filtering controls on access points by using an anonymizer service or proxy. If the Internet is accessed through the anonymizer website or proxy, the actual content viewed will not be visible via the web filtering service. To prevent users from bypassing the web filter you can block anonymizer services through the WebTitan UI.
Can I block specific websites on my access points?
You can use the blacklisting feature of WebTitan to prevent a specific website from being accessed via your access points. You can do this for the entire organization, for different departments or user groups, or for specific individuals. Conversely, you can use whitelisting to allow a website to be accessed even if it contravenes other filtering controls.
Is it possible to temporarily disable filtering on access points?
With WebTitan, you do not need to disable web filtering if you need to bypass your web filtering policies on a temporary basis. You can configure a cloud key that can be used to bypass filtering controls for a limited period and can set the duration that the cloud key is valid through your UI.
In this post we explore the use of Internet filtering to improve employee productivity, including statistics from recent surveys that show how many companies are now choosing to control employee Internet access more carefully.
Employee Productivity Falls on Black Friday and Cyber Monday
The staffing firm Robert Half Technology recently conducted a survey on 2,500 chief information officers (CIOs) across 25 metropolitan areas in the United States and more than 1,000 U.S. officer workers over 18 years of age to determine how Black Friday and Cyber Monday affect employee productivity.
The results of the survey provide an indication on what goes on throughout the year, but Black Friday and Cyber Monday were studied as they are the two busiest days for online shopping. The survey results show that three quarters of employees spent at least some of Cyber Monday shopping online on a work device. Four out of 10 workers said they spent more than an hour looking for bargains online on Cyber Monday while they were at work. 23% said they were expecting to spend even longer than that this year.
46% of workers said they would be online shopping on their work computers during their lunch hour and breaks, but 29% said they would be shopping throughout the day and would be keeping browser tabs open. 20% of workers said they would do online shopping at work in the morning.
While policies on accessing pornography may have been made crystal clear, online shopping is something of a gray area. 31% of employees were not aware of their company’s stance on online shopping on work devices. 43% said their employers permit it and 26% said it is not permitted.
The survey of CIOs shows 49% of companies allow online shopping within reason but that they monitor employee Internet use. 22% said they allow totally unrestricted Internet access while 29% have implemented solutions to block access to online shopping sites.
In June 2018, Spiceworks published the results of a survey that showed 58% of organizations actively monitor employee Internet activity and 89% of organizations use Internet filters to block at least one category of Internet content.
Most surveyed companies use Internet filtering to improve employee productivity. While only 13% block online shopping sites, many companies block other productivity-draining sites such as social media, gaming, gambling and dating sites.
Internet filtering to improve employee productivity is important, but the majority of companies are flexible when it comes to employee Internet use for personal shopping, provided employees keep it to a reasonable level.
Monitoring Employee Internet Access to Prevent Abuse
Many businesses use Internet filtering to improve employee productivity and enforce acceptable usage policies. Some control Internet access with an iron fist, others are much more permissive.
Regardless of the controls that are put in place, Internet filters also allow employers to keep close tabs on their employees’ Internet activity. An internet filter is a useful tool for monitoring employees, not just enforcing company policies.
Internet filters allow employers to easily check employee Internet use while maintaining a relatively permissive controls. This allows them to take action when individuals are abusing Internet access. Monitoring is easy as reports can be generated on user, group, or organization-wide activity while providing information on browsing activity in real time. Reports can also be automatically generated and sent to department heads or IT security teams.
Different controls can be applied to different user groups and time-based controls can be set, for instance, only permitting online shopping during lunch hours or other scheduled breaks. Such controls would be useful for stopping the 20% of workers that do their online shopping at work in the morning which, in many businesses, is the most important part of the day when productivity needs to be high.
Since controls can be applied for different types of Internet content, security can be maintained by blocking access to high risk sites and illegal or totally unacceptable content all of the time, while restrictions on other categories of content can be eased during relatively quiet periods.
In short, Internet filters should not be viewed just as a way of restricting employee Internet access, but as a tool for the management of Internet use to improve security and enjoy productivity gains while giving employees some flexibility.
How TitanHQ Can Help
Not all Internet filters offer businesses the highly granular controls that are necessary to carefully control Internet content. Many lack flexibility and have difficult to use interfaces.
Applying and managing Internet filters should be an easy process, which is why TitanHQ developed the WebTitan suite of products. WebTitan Gateway, WebTitan Cloud, and WebTitan Cloud for WiFi have been developed to make Internet filtering a simple process, while giving businesses the ability to precisely control employee Internet access to achieve productivity gains and improve security.
What Makes WebTitan the Ideal Choice for Businesses
Listed below are some of the key features of WebTitan that are often found lacking in other business Internet filtering solutions.
No hardware purchases necessary
No software downloads required
Quick and easy set up and application of Internet policies
Highly granular controls allow flexible policies to be applied
Links with Active Directory and LDAP allowing easy application of organization, department, group, or user-level Internet controls
Easily block content through 53 pre-defined categories and 10 customizable categories
Keyword-based filtering controls
Time-based filtering
SSL inspection
Dual anti-virus engines provide leading AV protection
Excellent protection from phishing websites
An intuitive web-based user interface places all information and controls at your fingertips
Highly scalable
Protect wired and wireless networks, including protection/content controls for off-site workers
Provides full visibility of network usage
Full reporting suite, including group and user activity, real time browsing activity, report scheduling, and real-time alerts
If you want to use Internet filtering to improve employee productivity, enforce acceptable usage policies, and improve security by blocking web-based threats, WebTitan is the ideal solution.
For more information on WebTitan and advice on the best option to suit the needs of your business, contact the TitanHQ team today. Our experts will be happy to book a product demonstration and help you take advantage of a free trial of the full product to see the solution in action and discover the difference it makes.
A credential stuffing attack has led to a Dunkin Donuts data breach which has seen some customer data compromised. While the breach was limited and most attempts to access customers’ DD Perks accounts were blocked, the incident does highlight the risks of password reuse.
It is unclear exactly how many customers have been affected, but for certain customers, the attackers may have gained access to their DD perks accounts – The loyalty program run by the donut company. The Dunkin Donuts data breach was limited to first and last names, email addresses, DD Perks account numbers, and QR codes.
The method used to gain access to customers DD perks accounts was unsophisticated, cheap to conduct, and in the most part can be conducted automatically. Low cost and little effort makes for a winning combination for hackers.
The Dunkin Donuts data breach did not involve internal systems and no credentials were stolen from the donut giant. Customers’ usernames (email addresses) and passwords were obtained from security breaches at other companies. Those usernames and passwords were then utilized in an automated attack on Dunkin Donuts customers’ DD Perks accounts. Dunkin Donuts has performed a password reset and affected users will be required to choose a new password. New DD Perks account numbers will be given to affected customers and their card balances will be transferred to the new account.
Since Dunkin Donuts did not expose any passwords and its systems remained secure, the only individuals that will have been affected are those that have used the same password for their DD Perks account that they have used on other online platforms.
The Risks of Password Reuse
Hackers obtain credentials from multiple data breaches, compile the data to create a list of passwords that have previously been used with a specific email address, then conduct what is known as a credential stuffing attack. Multiple login attempts are made using the different passwords associated with an email address.
The Dunkin Donuts data breach demonstrates the importance of good password hygiene and the risks of password reuse. Every user account must be secured with a strong, unique password – One that has not been used with a particular email address or username in the past and is not shared across multiple platforms.
If any online platform experiences a data breach and credentials are obtained, only the account at the breached entity will be compromised.
Naturally, using different passwords for each account means users are required to have scores of unique passwords for their work and personal accounts and remembering strong passwords can be difficult. That is why so many people reuse passwords on multiple accounts or recycle old passwords.
To avoid having to remember so many passwords it is advisable to use a password manager to generate strong passwords and store them. Of course, the password manager account must be secured with a very strong password or long pass phrase as if that account is breached, al passwords will be compromised.
There are many reasons why businesses should implement a WiFi filtering solution, but one of the most important aspects of WiFi filtering is protecting your brand.
The Importance of Brand Protection
It takes a lot of hard work to create a strong brand that customers trust, but trust can easily be lost if a company’s reputation is damaged. If that happens, rebuilding the reputation of your company can be a major challenge.
Brand reputation can be damaged in many ways and it is even easier now thanks to the Internet and the popularity of social media sites. Bad feedback about a company can spread like wildfire and negative reviews are wont to go viral.
Smart business owners are proactive and take steps to protect their digital image. They are quick to detect and enforce online copyright infringements and other forms of brand abuse. They monitor social media websites and online forums to discover what people are saying about their company and how customers feel about their products and services. They also actively manage their online reputation and take steps to reinforce their brand image at every opportunity.
Cyberattacks Can Seriously Damage a Company’s Reputation
One aspect of brand protection that should not be underestimated is cybersecurity. There are few things that can have such a devastating impact on the reputation of a company as a cyberattack and data breach. A company that fails to secure its POS systems, websites, and network and experiences a breach that results in the theft of sensitive customer data can see their reputation seriously tarnished. When that happens, customers can be driven to competitors.
How likely are customers to abandon a previously trusted brand following a data breach? A lot more than you may think! In late 2017, the specialist insurance services provider Beazley conducted a survey to find out more about the impact of a data breach on customer behavior. The survey was conducted on 10,000 consumers and 70% said that if a company experienced a data breach that exposed their sensitive information they would no longer do business with the brand.
WiFi Filtering and Protecting Your Brand
The use of Wi-Fi filtering for protecting your brand may not be the first thing that comes to mind when you think about brand protection, but it should be part of your brand protection strategy if you offer WiFi access to your customers or provide your employees with wireless Internet access.
It is essential for businesses to take steps to ensure their customers are protected and are not exposed to malware or phishing websites. If a customer experiences a malware infection or phishing attack on your WiFi network the fallout could be considerable. If your employees download malware, they could give hackers access to your network, POS system, and sensitive customer data. If you offer free Wi-Fi to your customers, you need to make sure your Wi-Fi network is secured and that you protect your customers from malicious website content.
One of the most important aspects of WiFi filtering for protecting your brand is preventing your WiFi access points from being used for illegal activities. Internet Service Providers can shut down Internet access over illegal activities that take place over the Internet. That will not only mean loss of WiFi for customers but could see Internet access lost for the whole company. Your company could also face legal action and fines.
If WiFi users can access pornography and other unacceptable content, a brand can be seriously tarnished. Imagine a parent discovers their child has seen pornography via your WiFi network – The failure to prevent such actions could be extremely damaging. WiFi filters allow businesses to carefully control the content that can be accessed on their network and prevents customers from viewing harmful web content.
WebTitan Cloud for WiFi – The Easy Way to Secure Your WiFi Access Points
Implementing a WiFi filter to protect your brand and provide safe and secure Internet access for your employees and customers is a quick and easy process with WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is a powerful, yet easy to use web filtering solution for WiFi hotspots that requires no hardware purchases or software downloads. WebTitan Cloud for WiFi can be implemented and configured in just a few minutes. No technical skill required.
WebTitan Cloud for WiFi is highly scalable and can protect any number of access points, no matter where they are located. If you have business premises in multiple locations, or in different countries, WebTitan Cloud for WiFi will protect all of your access points via an intuitive web-based user interface.
WebTitan Cloud for WiFi protects against online threats, allows businesses to carefully control the types of content that WiFi users can access, allows businesses to control bandwidth use, and gives them full visibility into network usage.
If you have yet to implement a WiFi filter on your hotspots, give TitanHQ a call today for details of pricing, to book a product demonstration, and register for a free trial.
DNS web filtering for MSPs is an easy way to improve security for your clients, save them money, and boost your profits. This post explains the benefits of a DNS-level web filter for MSPs and their clients.
DNS web filtering is a great way for MSPs to boost profits, save clients money, and better protect them from cyber threats. Web filtering is an essential cybersecurity measure that businesses of all sizes should be using as part of their arsenal against malware, ransomware, botnets and phishing attacks. However, many MSPs fail to include web filtering in their security offerings and consequently miss out on an important income stream: One that requires little effort and generates regular monthly revenue.
What Are the Benefits of Web Filtering?
There are two main benefits of web filtering: Enforcing Internet usage policies and improving cybersecurity. Employees need to be able to access the Internet for work purposes, but many employees spend a considerable percentage of their working day accessing websites that have no work purpose. Cyberslacking costs businesses dearly. Businesses that do not filter the Internet will be paying their employees to check personal mail, view YouTube videos, visit dating websites, and more. A web filter will help to curb these non-productive activities and will also prevent employees from accessing inappropriate or illegal web content which can prevent legal and compliance issues.
A recent study by Spiceworks revealed the extent of the problem. 28% of employees at large companies (more than 1,000 employees) spend more than four hours a week on personal Internet use and the percentages increase to 45% for mid-sized businesses and 51% for small businesses. The difference in those figures reflects the fact that more large businesses have implemented web filters. 89% of large companies have implemented a web filter to curb or prevent personal Internet usage and, as a result, they benefit from an increase in productivity of the workforce.
Web filtering is essential in terms of cybersecurity. The Spiceworks study revealed 90% of large companies use a web filter to block malware and ransomware infections. A web filter prevents employees from accessing websites known to be used for phishing and those that host malware.
The Spiceworks study showed just how important a web filter is in this regard. 38% of companies had experienced at least one security incident in the past year as a result of employees visiting web pages for personal use, most commonly webmail services and social media channels.
Additional benefits of web filtering include improving network performance and ensuring sufficient bandwidth is available for all users – by blocking access to bandwidth-heavy online activities such as gaming and video streaming.
From the productivity gains alone, a web filter will pay for itself. Add in the costs that are saved by preventing malware and phishing attacks and use of a web filter really is a no brainer.
Why DNS Web Filtering for MSPs is the Way Forward
MSPs have three main web filtering options open to them. An appliance-based web filter, a virtual appliance or software solution, or a DNS filter. DNS web filtering for MSPs is usually the best choice.
DNS web filtering for MSPs avoids the need for hardware purchases so there is not an initial high cost for clients or for the MSP, since a powerful appliance does not need to be installed in an MSP’s own data center. DNS web filtering for MSPs means no site visits are necessary to install the solution as no hardware is required and no software downloads are necessary. DNS web filtering is not restricted by operating systems and is hardware independent, and since there are no clients to install, there will not be any installation issues. A DNS web filter also doesn’t have any impact on Internet speed.
A SaaS DNS web filtering solution, such as WebTitan Cloud, allows MSPs to deploy the web filter for their clients in a few minutes. All that is required is to direct clients’ DNS to the cloud-based filter.
DNS web filtering for MSPs is easy to implement, simple to use, requires little management, and with WebTitan Cloud, MSPs benefit from generous margins. Improving clients’ security posture and helping them make important productivity gains could not be easier.
Why WebTitan Cloud is the Best Choice for MSPs
WebTitan Cloud has been developed to meet the needs of the SMB marketplace but the solution was developed specifically to meet the needs of MSPs. WebTitan Cloud includes a full suite of pre-configured reports (with scope for customization) to allow MSPs to show their clients the sites that have been blocked and what employees have been up to online. The reports give MSP clients total visibility into their web traffic and highlight problem areas and trends affecting network performance. The reports can be automated and sent directly to clients with no MSP involvement.
WebTitan Cloud Features
DNS-based web filter with no latency
Real-time antivirus, malware, spyware, and adware protection
URL filtering using pre-defined categories
Content blocking with the option for time-based rules
Integration with LDAP and Active Directory
Incorporates web-based application filtering
Supports whitelists and blacklists
Contains a comprehensive reporting suite
Full set of APIs for easy back-end integration
Scalable with no limits on bandwidth, number of routers, or locations
Support clients with dynamic or static IPs
Some of the key benefits of TitanHQ’s DNS web filtering for MSPs are detailed below:
WebTitan Cloud can be hosted by TitanHQ, in a private cloud on AWs, or within an MSP’s own infrastructure
WebTitan Cloud includes APIs to integrate with auto-provisioning, billing, and monitoring systems
MSPs do not need to become an ISP to use the service
WebTitan Cloud is scalable to hundreds of thousands of users
WebTitan Cloud includes multiple management roles
New customers and WiFi hotspots can be added and configured in minutes
One control panel to manage all clients
Intuitive controls with low management overhead
Eliminates the need for site visits, with no local support required
WebTitan Cloud can be supplied in white-label form ready for an MSP’s logos and color schemes
MSPs benefit from industry-leading customer service
Highly competitive usage-based pricing with generous margins for MSPs and aligned monthly billing
If you have yet to start offering web filtering to your clients or if you are unhappy with the usability or cost of your current solution, contact TitanHQ’s Alliance team today for full product details, details of pricing, to book a product demonstration and register for a free 14-day no obligation trial.
MSP Testimonials
“WebTitan is an outstanding tool for most reliable content filtering. The monitoring feature of this specific product is quite unique that totally monitors all the process of online working and also secures all the data. Additionally, its set-up is superb easy and it can be done in just few minutes that save my time and energy as well.” Kristie H. Account Manager
“WebTitan is fairly easy to setup. It is available as a cloud based solution or on prem. You can get as simple or as complicated with your filtering as you like, it will handle most situations with ease. It has provided us with a stable web filtering platform that has worked well for us for many years. ” Derek A. Network Manager
“WebTitan is outstanding software that helps me a lot in minimizing viruses. The thing I like most about WebTitan is that it is extremely easy to use and configure. I like its clear interface. It lets us block malicious content and spam easily. It is no doubt an amazing product helping us a lot in kicking out harmful bad stuff.” Randy Q. Software Engineer
The biggest cyber threat to SMBs is ransomware, according to Dato’s State of the Channel Report. While other forms of malware pose a serious risk and the threat from phishing is ever present, ransomware was considered to be the biggest cyber threat to SMBs by the 2,400 managed service providers that were polled for the study.
Many SMB owners underestimate the cost of mitigating a ransomware attack and think the cost of cybersecurity solutions to prevent attacks, while relatively low, are not justified. After all, according to Datto, the average ransom demand is just $4,300 per attack.
However, the ransom payment is only a small part of the total cost of mitigating an attack. The final cost is likely to be ten times the cost of any ransom payment. Datto points out that the average total cost of an attack on an SMB is $46,800, although there have been many cases where the cost has been far in excess of that amount.
One of the most common mistakes made by SMBs is assuming that attacks will not occur and that hackers are likely to target larger businesses with deeper pockets. The reality is SMBs are being targeted by hackers, as attacks are easier to pull off. SMBs tend not to invest heavily in cybersecurity solutions as larger businesses.
Anti-Virus Software is Not Effective at Preventing Ransomware Attacks
Many SMB owners mistakenly believe they will be protected by anti-virus software. However, the survey revealed that 85% of MSPs said clients that experienced a ransomware attack had anti-virus solutions installed. Anti-virus software may be able to detect and block some ransomware variants, but since new forms of ransomware are constantly being developed, signature-based cybersecurity solutions alone will not offer a sufficient level of protection.
Many SMBs will be surprised to hear just how frequently SMBs are attacked with ransomware. More than 55% of surveyed MSPs said their clients had experienced a ransomware attack in the first six months of this year and 35% experienced multiple attacks on the same day.
Some cybersecurity firms have reported there has been a slowdown in ransomware attacks as cybercriminals are increasingly turning to cryptocurrency mining. While that may be true for some cybercriminal gangs, the ease of conducting attacks using ransomware-as-a-service means many small players have started attacking SMBs. That is unlikely to change.
92% of surveyed MSPs said they thought ransomware attacks would continue at current levels or even increase throughout this year and next.
Ransomware attacks are even being conducted on Apple operating systems. In the past year, there has been a five-fold increase in the number of MSPs who have reported ransomware attacks on macOS and iOS operating systems.
“Not only have ransomware attacks increased in recent years, but the problem may even be bigger than we know, as many attacks go unreported,” explained Jeff Howard, Founder and Owner, of the Texas MSP Networking Results. Datto suggests that only one in four attacks are reported to law enforcement.
How to Protect Against SMB Ransomware Attacks
To protect against ransomware attacks, businesses need to implement a range of solutions to block the most common attack vectors. To block email-based attacks, advanced spam filtering technology is required, and end user security awareness training is essential. To block ransomware downloads from malicious websites, web filtering software should be implemented.
Business continuity and disaster recovery technology should be implemented to ensure that a quick recovery is possible in the event of an attack, and naturally intelligent backing up is required to ensure files can be recovered without paying a ransom.
MSPs need to explain the risks to SMBs, along with the solutions that need to be installed to prevent attacks and the likely cost of recovery. Many businesses are shocked to discover the true cost of a ransomware attack.
How TitanHQ Can Help Improve Defenses Against SMB Ransomware Attacks
TitanHQ has developed two innovative cybersecurity solutions that work in tandem to block the two most common attack vectors: Email and Internet attacks. SpamTitan is a powerful spam filtering solution that combines two AV engines with intelligent scanning of incoming mail using a variety of techniques to identify malicious messages and new ransomware variants and block them at source.
WebTitan is a powerful web filtering solution that can block malvertising attacks, drive-by ransomware downloads, and prevent employees from visiting malicious websites. Both solutions should be part of an SMBs arsenal to protect against ransomware and malware attacks and both solutions should be part of an MSPs security stack.
For further information on SpamTitan and WebTitan and details of TitanHQ’s MSP offerings, contact the TitanHQ today.
Most businesses are aware of the importance of securing their Wi-Fi networks; however, in some industry sectors Wi-Fi security has not been given the importance it requires. Wi-Fi security for hotels, for instance, is often lacking, even though the hospitality sector is being actively being targeted by cybercriminals who see hotel Wi-Fi as a rich picking ground.
Hotel Chains are Under Attack
Hotels are an attractive target for cybercriminals. They satisfy the two most important criteria for cybercriminals when selecting targets. Valuable data that can be quickly turned into profit and relatively poor cybersecurity which makes conducting attacks more straightforward.
In 2018, there have been several major cyberattacks on hotel groups. In November 2018, Federal Group, which runs luxury hotels in Tasmania, experienced an email security incident that exposed the personal data of some of its members. A cyberattack on the Radisson Hotel Group was also reported. In that case it resulted in the exposure of the personal information of its loyalty program members.
In August one of China’s largest chains of hotels – Huazhu Hotels Group Ltd – which operates 13 hotel brands – suffered a cyberattack that affected an estimated 130 million people. In June one of Japan’s largest hotel groups, Prince Hotels & Resorts, experienced a cyberattack that impacted almost 125,000 customers. In 2017 there were major data breaches at Hilton, Hyatt Hotels Corporation, Trump Hotels, Four Seasons Hotels, Loews Hotels, Sabre Hospitality Solutions, and InterContinental Hotels Group to name but a few.
The Cost of a Hotel Data Breach
When a data breach occurs the costs quickly mount. Access to data and networks must be blocked rapidly, the breach must be investigated, the cause must be found, and security must be improved to address the vulnerabilities that were exploited. That invariably requires consultants, forensic investigators and other third-party contractors. Affected individuals must be notified and credit monitoring and identity theft protection services may need to be offered.
The direct costs of a hotel data breach are considerable. The Ponemon Institute calculated the average cost of a data breach in 2018 had risen to $3.86 million. That was for a breach of up to 100,000 records. Larger breaches cost considerably more.
Then there is GDPR. Fines of up to €20 million or 4% of global annual turnover (whichever is higher) can be issued for GDPR compliance failures, which includes data breaches that resulted from poor security.
What is much harder to calculate is the cost of reputation damage and the customer churn rate after a breach. Damage to a hotel chain’s reputation can be long lasting and in the highly competitive hospitality industry, it could even be disastrous.
The security firm Ping Identity recently published the results from its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era. 3,000 people from the USA, UK, France, and Germany were surveyed for the study, which investigated the expectations of customers and the fallout from data breaches. 78% of respondents said they would stop engaging with a brand online after a breach and 36% would stop engaging with a brand altogether. Could your hotel group weather a 78% drop in online bookings or a loss of more than a third of your customer base?
Wi-Fi Security for Hotels
Cybersecurity solutions should be implemented to protect hotel networks from cyberattacks and prevent customer’s personal information from being accessed by cybercriminals. Perimeter cybersecurity solutions such as firewalls are essential, but Wi-Fi security for hotels should not be underestimated.
Guests use the Wi-Fi network to conduct business while at the hotel, for entertainment, and communication. Guests typically bring three devices that they connect to hotel Wi-Fi networks. A hotel with 100 guests potentially means 300 devices connecting to Wi-Fi. There is a high probability that at least some of those devices will be infected with malware, which could be transferred to other guests.
Hotel guests often access types of content that they do not access at home – sites that carry a higher risk of resulting in a malware download. Hackers often exploit poor hotel Wi-Fi security to attack guests. The DarkHotel threat group is a classic example. The group targets high profile hotel guests and has been doing so for more than a decade. If Wi-Fi security for hotels is substandard, successful attacks are inevitable.
Naturally guest and business Wi-Fi networks should be separated to ensure that one does not pose a threat to the other. A VLAN should be set up for the wired network, with a separate VLAN for internal wireless access points and those used by guests.
Wi-Fi security should include WPA2 encryption to prevent the interception of data and a web filtering solution should be implemented to protect guests from phishing websites and sites hosting malware. A web filter will also allow hotels to control the types of content that can be accessed by guests and restrictions can be put in place to create family-friendly Wi-Fi access and prevent guests from accessing illegal web content.
TitanHQ Email and Wi-Fi Security for Hotels
TitanHQ is a leading provider of advanced cybersecurity solutions for hotels to protect against email-based cyberattacks and improve Wi-Fi security for hotels.
WebTitan is a powerful web filtering solution for wired and wireless networks that blocks malware downloads and prevents employees and guest Wi-Fi users from accessing malicious websites. WebTitan also allows hotels to carefully control the content that can be accessed via their Wi-Fi networks, ensuring a business-friendly and family-friendly Internet service is provided.
Key Benefits of WebTitan
WebTitan Cloud and WebTitan Cloud for Wi-Fi are 100% cloud-based web filters for hotels that require no software downloads or hardware purchases. They can be implemented in minutes and are easy to configure and maintain. They are ideal for improving Wi-Fi security for hotels and securing wired hotel networks.
WebTitan web filters allow hotels to:
Control the content that can be accessed by guests without slowing Internet speeds
Block access to pornography to create family-friendly Wi-Fi zones in communal areas
Prevent guests from engaging in illegal online activities
Prevent guests from accessing phishing websites
Block the downloading of viruses, malware, and ransomware
Create custom policies for different user groups – management, employees, guests, or individuals
Create custom controls for different wireless access points
Restrict bandwidth-draining online activities to ensure good Internet speeds for all users
Manage web filtering controls for multiple locations from a single web-based control panel
WebTitan is ideal for use in the hospitality sector to protect internal networks from attack and to block web-based threats that could otherwise lead to a data breach.
To find out more about improving Wi-Fi security for hotels, contact TitanHQ today. The team will be happy to provide details of the products, advise you on the best deployment options, and schedule a product demonstration. You can also sign up for a free trial to evaluate the effectiveness of TitanHQ’s web filters for hotels in your own environment.
Many businesses want to block websites at work and exercise greater control over employee internet access. Acceptable internet usage policies can be developed and employees told what content they are allowed to access at work, but there are always some employees that will ignore the rules.
In some cases, policy violations may warrant instant dismissal or other disciplinary action, which takes HR staff away from other important duties. If staff are fired, replacements must be found, trained, and brought up to speed, and the productivity losses that result can be considerable.
The Dangers of Unfettered Internet Access
Before explaining how to block websites at work, it is worthwhile explaining the problems that can arise from the failure to exert control over the content that can be accessed through wired and wireless networks.
While extreme cases of internet abuse need to be tackled through HR, low level internet abuse can also be a problem. Any time an employee accesses a website for personal reasons, it is time that is not being spent on work duties. Checking emails or quickly visiting a social media website is unlikely to have a major impact on productivity, but when cyber-slacking increases its effect can certainly be felt. If all employees spent 30 minutes a day on personal internet use, the productivity losses would be be considerable - A business with 100 workers would lose 50 hours of working time a day, or 1,100 hours a month!
In addition to lost opportunities, internet use carries a risk. Casual surfing of the internet by employees increases the probability of users encountering malware. The accessing of personal webmail at work could easily result in a malware infection on a work device, as personal mail accounts are not protected by the filtering controls of an organization’s email security gateway. If illegal activities are taking place at work, the legal ramifications can be considerable. It will be the business that is liable in many cases, rather than the individual employee.
The easiest solution is for businesses to enforce their acceptable internet usage policies and simply block websites at work that are not required for normal working duties. Preventing end users from visiting certain categories of web content – social media websites, gaming and gambling websites, dating sites, adult content, and other NSFW web content – is the easiest solution.
Even legitimate use of the internet for work purposes carries risks. There has been a major increase in phishing attacks on businesses in recent years and mitigating attacks can prove incredibly costly. Technical solutions that are used to block websites at work to prevent cyber-slacking can also be configured to block access to phishing websites and prevent malware and ransomware downloads.
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo. Book Free Demo
The Easy Way to Block Websites at Work
The easiest way to block websites in the workplace is to use a web filtering solution. This could be a physical appliance through which all internet traffic is routed, a virtual appliance installed on your existing hardware, or a cloud-based solution. The latter is a popular solution for SMBs as the cost of implementation is minimal and the web filter can be set up in a matter of minutes. All that is required is to make a simple change to point the DNS to the cloud web-filter and all traffic will be routed though the solution.
Not all businesses need to exercise the same controls over internet content, so granular controls are essential. With a cloud-based web filter such as WebTitan, it is easy to block websites at work. The administrator simply logs into the administration panel using a web browser and clicks on the checkboxes of content that they want the filter to block. Blocking adult entertainment, gambling, gaming, dating, and social media by category is common.
It is not practical to apply the same settings across the board for all employees. The marketing department, for instance, will need access to social media networks when other employees may not. With WebTitan, filtering controls can easily be set at the organization level, by user group, or for individuals.
With WebTitan Cloud you can control the internet and block threats no matter where your users access the internet. WebTitan Cloud works for users both on and off the network, so you can protect office workers and employees working remotely using the same solution.
Further Information on Blocking Websites in the Workplace
If you would like further information on how you can selectively block websites at work and take control over the content that your employees can access, speak to TitanHQ today.
Our friendly and knowledgeable sales team will be able to answer all your questions, explain in detail how WebTitan works, and suggest the best deployment option to suit your needs.
After learning about the best setup to suit your business, you can schedule a product demonstration and/or start a free trial to see WebTitan in action.
In 20 minutes your content control issues could be solved and you could be filtering the internet and blocking access to unsuitable, unsavory, and harmful web content.
The Easy Way to Block Websites at Work and Control Employee Internet Access FAQ
What is DNS Filtering?
DNS filtering is when content filtering takes place at the DNS lookup stage of a web request, when the URL is checked to find its corresponding IP address. The request is processed via the web filtering service provider and the IP address will only be returned if the web resource does not violate administrator-defined policies. Filtering takes place without any content being downloaded and there is no latency.
Can I block Facebook Messenger without blocking access to Facebook?
You can block Facebook Messenger without blocking access to Facebook with WebTitan. It is easy to prevent employees from using Facebook Messenger at work without blocking access to the entire Facebook website and the process takes just a few seconds. Just open the WebTitan Cloud administration panel, select Filtering URL keywords, and add in two blacklisted keywords.
Is it difficult to block websites in the workplace?
It is not difficult to block websites in the workplace due to category-based web filtering. Category-based web filtering makes content control simple. You simply access your cloud administration panel, navigate to category controls, and you can restrict access to 53 distinct categories of website using the checkbox options. Apply those changes and all websites in those categories will be blocked. You can also create your own custom categories.
Can web filters be bypassed by employees?
Web filters can be bypassed by employees unless controls are implemented to restrict access to proxies, VPNs, and other anonymization services. These controls will be sufficient to prevent users from bypassing filtering controls. However, you should also lock down your DNS settings to prevent users from manually changing the DNS settings to bypass the filtering controls.
Can I view user Internet activity in real time?
You can view user Internet activity in real time or retrospectively. With WebTitan you can do both with a few clicks of the mouse. All information is easily accessible via the administration portal and can either be viewed or exported with the click of a mouse.
What is the difference between web filtering and DNS filtering?
The difference between web filtering and DNS filtering is that web filtering is more granular. Web filtering allows organizations to filter the Internet by URL rather than by domain name or IP address. Therefore, if there is (for example) a news website employees need to access for their jobs, but the organization wants to block access to the sports and leisure pages of the website, the organization can blacklist just the pages it does not want employees to access. DNS filtering lacks the granularity to block selected pages of a website and can only block the whole website.
How does casual surfing increase the risk from malware?
Many websites are monetized by advertising, and it is not uncommon for cybercriminals to place ads on popular sites that are weaponized with malware, trojans, ransomware, or cryptomining scripts. Additionally, clicking on an ad can take a casual Internet surfer to a phishing site where they may be asked to create login credentials to progress to the area of interest. Many employees have poor password habits, and could use a username and password that matches a corporate account.
Which is the best type of web filtering solution for the workplace?
The best type of web filtering solution for the workplace is most often a cloud-based solution. This is because a cloud-based solution can control on-premises and remote Internet access. It is also important to be aware that the web filtering vendor most often manages cloud-based solutions. Therefore, all updates, patches, and technical issues are the responsibility of the vendor rather than the organization’s IT department – reducing the demand for internal IT support.
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo. Book Free Demo