Tech Friday with Dave Hatter - May 8th 2020 - SPONSORED BY INTRUST IT


  • World Password Day:
    • Thursday, May 7th was World Password Day (WPD)
    • WPD, the first Thursday of every May, is a call-to-action for stronger passwords
    • WPD was officially registered in 2013 based on security researcher Mark Burnett's book "Perfect Passwords"
    • Many hacks start with poor password hygiene, including weak passwords
    • Many people still don't take password security seriously
    • What you should do:
      • Use a strong, unique password for each site/app
      • A strong password is a minimum of 12 characters that contains a combination of uppercase letters, lower case letters, numbers, and special characters (for example: !, @, &, %, +), longer is better
      • Avoid anything that someone could guess or determine based on information they might find online
      • A pass phrase is even better because it will be easier to remember. For example: 1L0ve355KRCTh3TalkStationSoMuch!
      • Use a password manager to generate, manage and use strong passwords everywhere
      • With a password manager, you only need to have one strong unique password for the password manager, it does the rest
      • Enable multi-factor authentication (MFA), especially on the password manager
      • Use a tool likehttps://haveibeenpwned.com/or the latest version of Firefox to check to password breaches
  • Microsoft Says Remote Working Is Here for Good:
    • COVID-19 is forcing companies to accelerate their digital transformation leading to what could be huge changes in how businesses operate
    • The pandemic is demonstrating that technology has progressed to the point where people can work remotely
    • Email, chat, videoconferencing, collaboration software and cloud applications allow colleagues to work together productively and collaboratively
    • A new report from Microsoft suggests remote work is here to stay
    • Microsoft says it saw an increase of 12 million users in the first week of stay-at-home orders
    • Microsoft CEO Satya Nadella recently revealed that their Teams collaboration tool now has more than 75 million daily active users and 200 million meeting participants in a single day
    • The pandemic has forced people unaccustomed to using tech tools to quickly adapt. Some of these workers are becoming more efficient
    • "I think you’ll see a new norm around trust and respect" as it pertains to managing staff says career coach Julie Kratz
    • Kratz said it will be more difficult harder to deny flexibility around work hours and work settings after the success demonstrated on short notice during the pandemic
    • As a result, many employees won’t return to the office regularly, if ever
    • For example, about 70,000 of Barclays' worldwide staff are working remotely due to the pandemic
    • Barclay's CEO Jes Staley said this is causing them to reconsider their long term "location strategy" as the bank is now being run by staff working "from their kitchens"
    • "The notion of putting 7,000 people in the building may be a thing of the past" - Staley
    • Many experts believe business trips as we know them will be a thing of the past too
    • View the report here:https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/09/remote-work-trend-report-meetings/
  • Phishing attacks target US Payroll Protection Program Loans:
    • Sadly, scammers and cyber criminals continue to use COVID-19 to launch a wide variety of online scams and attacks that are increasingly crafty and devious
    • Many government agencies have warned about new phishing attacks during the pandemic
    • The Secret Service wrote "The United States Secret Service is proactively taking steps to alert the public about the types of email scams associated with the Coronavirus."
    • FBI Deputy Assistant Director Tonya Ugoretz speaking in an online panel hosted by the Aspen Institute recently said the number of Internet crime related reports has quadrupled compared to months before the pandemic
    • "The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months," Ugoretz said
    • "They really run the gamut. Everything from setting up fraudulent internet domains [...], we've seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion, etc.. So pretty much, sadly, anything you can think of. Cyber-criminals are quite creative" Ugoretz said
    • These COVID-19 phishing emails could deliver malware, steal credentials, and scam users out of money, etc.
    • Barracuda said "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the Coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims"
    • Barracuda researchers have seen 3 main types of COVID-19 phishing themes: scamming, brand impersonation, and business email compromise (BEC)
    • One of the newest is based on the Payroll Protection Program (PPP) SBA loan program which allows small business owners to apply for a low-interest forgivable loan
    • Abnormal Security reported that attackers are sending out spoofed emails that purport to be from a CARES act representative
    • The email claims to need a signature on a "PPP_CARES_SignaturePG1-2" document for the PPP
    • There is an email in the link that says "Review File & Sign" that takes the victim to a spoofed page that asks them to sign in to their Microsoft account
    • Any credentials entered may be used in other attacks
    • What you should do to protect yourself:
      • Be extremely skeptical and cautious of any emails, texts, or social media postings in any way related to Coronavirus
      • Don't click any links or open any attachments UNLESS and UNTIL you have verified out-of-band that the email is legitimate
      • You must be highly skeptical of ANY web page that asks for your user credentials unless YOU went directly to that URL by typing it in, and confirm that it's correct by carefully examining the URL
      • Use a strong, unique passphrase for every site/app/platform
      • Use a password management application
      • Enable multi-factor authentication (MFA, 2FA)
      • Stick to reputable sites and sources, in this case:https://www.sba.gov/