Are you Safety? #CYBERSAFETY.

Introduction:

99% of transactions of communications in the organizations are by email, it is a 24x7 open door, it is a direct attack on the heart of the company, the most common is to send an email impersonating an identity, basically authentic that somebody have access to your team, with this you are giving up access to your team and your organization's network. The email is a chaos, it is not easy to understand what is being done there.

Problem:

This is not new, you know which Governments as FBI, DoD, BAS, NSA also Corporations as Microsoft, Facebook, Google, IBM, Universities with people specially trained to hack information plus malicious software, for example Facebook has Whats-app where you do not pay a penny, but having 450 million users in WhatsApp, Do you know what exactly is happen there?. How many has Instagram, 800 million and what do you think happens? TikTok is a Chinese company, is a Beijing's ByteDance founded by Zhang Yiming, Has 1.5 billion people and what do you think happens. Youtube 2 billion users is from google and what do you think happens? Netflix American company where you associate profiles and other things with your email account, has more than 183 million subscriptions with the pandemic COVID19 rose to 15.8 million Ref. 04/21/2020 by Lee Wendy, published in LA Times, and so, it is real data that anyone can consult. Here the issue is, what is happening with your information.

A Real Case of the normal life, with the current situation of the COVID-19 you want to eat in a Restaurant, and they say, "Ok, open your Mobil or Cellular phone and connected to our WIFI and scan the QR, please". Appear an app with a connection and said "Are you willing to connect and share through this access point all your contacts?" this process is to show the menu of the restaurants, because the "new normality with the pandemic" forced to follow some procedures different, Guess what, they got you, just one simple click, you have given an Oath-Token, where you give access to everything you have on your computer, site, domain, network. As Simple As That!!!, Nobody is regulating the application installed there in any place, the process owner IT, allowing this processes the business unknown this issues. The Google Store, Play Store, Market Place of the purchased APP or free APP's in Google, Microsoft, are not regulated, nobody in terms of auditors by government, or associations recognized as GDPR as the Europe Union, EU.

The key point is, the normal population unknown the is important follow the Quality and Ethical Developments in the Cyber world, this upon of the personnel values of ethical. Currently a lot of people is looking for a new opportunity in the employment portals, others unknown the risks by unconscious and other conscious, when you download an install a game, free app, access to a job portal, with this action you give access to all the information to a malicious person, through an access called Oath-Tokens.

By the way, do you send your files by email, and don't you delete the metadata? Do you delete cookies, do you access them incognito in the browser?

Solution:

1.- Use digital certificates, to use in all email accounts to avoid Phishing. Be careful when they send you an email asking for a password. Heed the security alerts. Authentication credentials based on a TOKEN is favorable.

2.- Do not use only username and password, they will steal it with a Trojan, spam phishing. Use a 2FA two phase authentication method to have second authentication through your phone.

3.- The top figure show 4 steps, explaining the key process of autentication, simple and easy. Read this follow info. Do you know this companies Google, Microsoft, Facebook, with their tools as Gmail, Whats-app, Hotmail, Outlook, Office365, Twitter, Dropbox, One-drive. Those tools when you authenticate to connect get access to an employment portal and use as autenticator process Facebook or use Google using your email. This job portals some of them are fakes they are developed just for steal your Oath-Token, you can see below the Token Format is a chain of strings of characters that the user-id is unknown, just one eye trained can detect what does mean this.

4.- Have you downloaded an application where it is free and did you authenticate? Have you entered a job page or portal because you are unemployment, where this place has asked for authentication and did it through your email or Facebook? Guess what, they got you.

5.- Did you sign up through Spottify for a free subscription, do they ask you for an authentication authorization, through Facebook, or do you give your email Gmail, Hotmail, with a login at office365? Guess what, they got you. Just one click that you authorized, and the security of your firewall has jumped, your screen locks, everything has jumped.

6.- Do you have published on the web your email? Guess what, they got you. Expect a Phishing email to be securely sent to you.

7.- The official pages of Microsoft, Google are used, where they have logos, perfectly written, where they even say you are sure that "we will steal your data, is unsafely" or it says "you will share your information and personal data, contacts, email" and Guess what even though this info appear as warning, you give a simple click as automatic zombie and Guess What again, They Got you.

8.- They can encrypt all the information in your email, they have you again, because they will scam you and nobody from your organization will help you, because your email is personal or even the information of your company.

Resume Solutions:

• Cost Avoidance due of lost info.
• Develop Business Continuity Planning (Risk Mgmt., Data Assessment, Coordination, Communication Plan)
• Safety Home Office avoiding Information leaks (New Rules, Policy, Technology setup, Procedures followed, Low Incident and Prompt Responses)
• Disaster Recovery (How to handle COVID-19 contamination, Backups to avoid big losses of information, Develop new Roles, Testing Poka-Yokes)
• Repositories and 5S (Focused in flow Information and Fast Process to Restore)

Actions Plans:

9.- I strong suggest, review which applications you have noticed, download, clean your installation, make a backup of your data, Apply the Business Continuity Planning for your company also for your personal information. Go to account options, manage permissions and remove permissions.

10.- Apply cyber Risk assessment to avoid RPAs, Robot Process Automated to avoid this authorizations processes that conscious and unconscious had happen, Validate and Test the action plan focused to fast results.

All this implies a series of actions that also requires a change in how you are working, even more if you are in Home Office, remember that your actions also put your company's information at risk.

NOTE: Strong recommendation, get advice from an expert, it is time to shake hands with each other and avoid that these malicious behavior, with our effort take advantage of our ignorance, give yourself time, it is your digital life that is involved!!!, your savings, the intellectual property of your companies, there are forms and protocols that can be applied to both companies and individuals to evaluate, and create action plans, and manage to close the door on these malicious people, we are at your service.

What are your thoughts? Send me a comment.

Artifex Consulting 4.0. Author: GGomez.

#Business Continuity Planning

#TrumpVirus

#AEWDynamite