Most organizations are either familiar with, or have been victimized by, a Business Email Compromise (BEC). A BEC is a type of scam targeting organizations with the goal of leveraging a compromised email account to trick employees and executives into making fraudulent wire transfers. However, it’s not BEC attacks which are predicted to be the largest threat to organizations worldwide over the next 12-18 months, it’s a BEC variant known as Vendor Email Compromise (VEC).  The US Treasury department estimates BEC attacks already cost US firms $300 million a month.
If you talk to any security expert about securing online accounts, the first thing they will tell you is “enable 2FA.” However if you start looking at the number of accounts where Two-Factor Authentication is purposely turned off or opted out of, you will be surprised at how high the number is. The reason for this is because most end users consider 2FA to be a nuisance, and don’t see the need for it when it comes to securing their accounts.
Normally I talk about how to setup your work network to be more secure. Today, I want to talk about your personal security. Not physical security, but virtual security. Most people do not want to tinker with their home network. I don’t blame you, neither do I. I just want my home network to work… mostly because if it breaks, then all the kids will come running wondering why the sky is falling.
But for personal technology, there are some practical steps that will help make you more secure.
It was 2:30am one weekday night when my smoke alarms started going off at home. They are all connected together, so the whole house was a nice alarm bell. It was a weird fall night when it was warm outside and very foggy. We have had a lot of work done in the house, and I assumed it was a malfunction because of the dust that had been kicked up and the humidity outside. I disconnected the alarm that started this noise and got the family back into bed.
Are you aware that October is National Cybersecurity Awareness month? With the day to day security headlines year-round you may be thinking to yourself “I am sick of hearing about security”. As we come to the end of the month, bear with me for just a second as I let you in on a little security gem. While there are many different security solutions that exist, some cheap and many expensive, yet arguably one of the most important ones is free. It is a phrase coined by the National Cybersecurity Alliance, “When in Doubt, Throw It Out”. When at home or work, if you receive a piece of physical junk mail that that claims you have one a free trip to the Moon, what do you do? Most likely, you throw it out in the trash as you know it is not true.
Having a month dedicated to cybersecurity is a little bit of a misnomer. It indicates that there are some months where you don’t think about cybersecurity. Granted I think about security daily, as that is my job, but I hope most of you are also aware of it and think about it more than one month out of the year. However; since we do have a month dedicated to it, I thought this would be a good time to discuss some basic statistics provided in Verizon’s 2018 Data Breach Investigations Report. As the report says, “data breaches aren’t just a problem for security professionals”.
With election campaigns and candidate advertisements running rampant, it makes sense to go into some basic dos and don’ts when surfing the Internet. Once connected to the Internet, a majority of the sites are primarily free. Although, most of these websites are not there just to help you out, they are there to make money. A blogger, if they get enough viewers to their site, can sell ads that help pay them to write. Home Depot’s site is there to educate you on what they sell and get you to go to the store. Facebook and Google are there operate to make money off advertisements.
Microsoft continues to gain market share with their core product set. This is mostly due to companies making the pilgrimage from on-premises Exchange to Exchange Online. The combination of Microsoft Exchange and Office licensing migrating to the cloud, the Microsoft rebirth in the cloud is exploding.
At the same time, many companies that have moved to Office365 may not have realized there are several features that MAY be included in their subscription which they could leverage. Unknown to many of you out there is this O365 resource, which provides a laundry list of included features. I recommend referring to this page to see which features Microsoft offers, that you can make use of.
When you start working with Logic apps, one of the things you’ll encounter is that there are hundreds of services presented as actions available to add easily to your integration workflows. Along with the numerous Azure services, there’s Dropbox, Slack, GitHub, Jira, Salesforce, and many, many more. As long as you have a license to access these services, and a way to authenticate, it is easy to begin interacting with them. However, what if you need to access an API that is not in the actions library? For instance, what if you have an on-premises application, or are connecting to a less-popular service such as openweathermap.org? Assuming the API is using REST, it would be possible to manually construct URLs and JSON documents and then use the HTTP actions in Azure to get, post, delete, etc. It is also possible, if your API has a correlating Swagger or OpenAPI document, to reference the document from an HTTP+Swagger action. However, Logic apps is not able to expose the returned data elements as easily consumable Dynamic content without further definition. Fortunately, there’s a relatively simple, more reusable way to add APIs, including those implementing SOAP, while also providing drag-and-drop access to the returned data elements. And you may be able to do it without writing any code, JSON, or other computer-readable syntax.
Do you collect business cards and throw them in a drawer in case you ever need them? Would you like to be able to connect with the person on LinkedIn and get them into your contacts in one action? Do you have documents that you would like scanned, but do not have a scanner readily available? If so, we will show you two different methods in which you can capture these types of information on your smart phone.