In 2016, Starbucks agreed to filter out pornography from its WiFi networks, but two years on and a Starbuck WiFi filter has yet to be applied anywhere other than the UK.
The 2016 promise came in response to public pressure to take action to prevent customers from abusing its free WiFi network to view pornography. While Starbucks had an acceptable use policy and prohibited the viewing of pornography on its WiFi network, there were no controls in place to prevent customers from accessing such content.
Leading the campaign for a Starbucks WiFi filter was the Internet safety group Enough is Enough. Back in 2016, as part of its Porn Free WiFi Campaign (since renamed SAFE WiFi Campaign) the group stepped up its efforts to convince big businesses to take the lead and implement filtering technology to enforce acceptable internet usage policies on their free WiFi networks. McDonalds and Starbucks were two such brands that were petitioned by the group – a coalition of 75 partner organizations.
More than 50,000 petitions were sent to Starbucks and McDonald’s in 2016, and in response, both agreed to start filtering pornographic web content on their WiFi networks. While McDonald’s acted quickly and started blocking adult content, the Starbucks WiFi filter failed to materialize. The coffee shop chain did implement a WiFi filter in its UK locations, but the Starbucks WiFi filter was not rolled out in other countries.
Since McDonalds took the lead and created a family-friendly free WiFi network, Chick-fil-A has followed suit and has implemented a WiFi filter in its 2,200 restaurants, as have many other restaurant and coffee shop chains. However, two years on and Starbucks has not made good on its promise. The lack of apparent action prompted Enough is Enough to issue a new call for the coffee shop chain to take action.
Enough is Enough Issues Fresh Call for Starbucks WiFi Filter Rollout
“Starbucks has had a tremendous opportunity to put its best foot forward in protecting its customers from images deemed obscene and illegal under the law, but they haven’t budged, despite their promise two years ago and despite the fact that they voluntarily filter this same content in the UK,” said Enough is Enough president and CEO, Donna Rice Hughes. “By breaking its commitment, Starbucks is keeping the doors wide open for convicted sex offenders and others to fly under the radar from law enforcement and use free, public WiFi services to access illegal child porn and hard-core pornography.”
Despite the promise, there has been little news issued on the Starbucks WiFi filter front. “To date, no action has taken place to suggest Starbucks has moved forward with its public commitment. EIE has made repeated attempts to reach out to Starbucks executives by phone, e-mail and certified mail since 2016. Starbucks has remained unresponsive with the exception of a form letter from customer relations,” explained Donna Rice Hughes on November 26, 2018.
Enough is Enough has called for members of the public to petition Starbucks once again and demand a WiFi filtering solution be applied to prevent customers from accessing inappropriate content in its coffee shops.
Starbucks has now confirmed to Business Insider that the chain has been taking action and has been evaluating WiFi filtering solutions to determine whether they can be applied to block access to pornography without inadvertently blocking other types of content. A solution has now been chosen at last and it will be rolled out in 2019.
WiFi Filtering Made Simple with WebTitan Cloud for WiFi
While web filters have been criticized in the past for overblocking web content, today, web filters such as TitanHQ’s WebTitan Cloud for WiFi allow fine control of Internet content thanks to highly granular settings.
WebTitan Cloud for WiFi includes 53 preset categories of Internet content that can be filtered out in seconds once the solution has been implemented. Implementing WebTitan Cloud for WiFi, configuring the filter, and protecting customers (and employees) takes just a few minutes. No hardware purchases are required, and no software downloads are necessary. Simply change the DNS to point to WebTitan and controls can easily be applied.
In addition to blocking pornography, illegal content such as child pornography and copyright-infringing file downloads via P2P file sharing sites and be blocked. WiFi users will also be protected from malicious sites that download malware, phishing websites, and other web-based threats.
WebTitan Cloud for WiFi is highly scalable and can be used to protect multiple WiFi access points, regardless of where they are located, through an easy-to-use web-based interface. With WebTitan Cloud for WiFi, filtering the Internet and protecting customers could not be any easier.
If you run a business and you offer your customers free, unfiltered WiFi access, now is the perfect time to make a change and send a message to your customers that you are leading the fight against online pornography and are taking action to protect customers by creating a family-friendly WiFi environment.
Key Benefits of WebTitan Cloud for WiFi
Filter the Internet across multiple WiFi hotspots
Create a family-friendly, safe and secure web browsing environment
Manage access points through a single web-based administration panel
Delegate management of access points
Filter by website, website category, keyword term, or keyword score
Block material contained in the child abuse image content URL list (CAIC List)
Upload blacklists and create whitelists
Reduce the risk of phishing attacks
Block malware and ransomware downloads
Inspect encrypted websites with SSL certificates
Schedule and run reports on demand
Gain a real-time view of internet activity
Gain insights into bandwidth use and restrict activities to conserve bandwidth
Integrate the solution into existing systems through a suite of APIs
Contact TitanHQ today for more information, to book a product demonstration, or to sign up for a free WebTitan Cloud for WiFi trial.
Managed Service providers that want to start offering WiFi filtering to clients should contact the TitanHQ MSP Program team to find out how WebTitan (and other TitanHQ products) can be integrated into their security stacks.
Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.
What is a Business Email Compromise Attack?
As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.
The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.
Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.
With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.
Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.
Business Email Account Compromises Have Increased by 284% in a Year
FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.
The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.
While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.
Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.
The High Cost of Resolving Business Email Account Compromises
Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.
How to Protect Your Organization from Business Email Compromise Attacks
A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.
SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.
The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.
Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.
Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.
Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.
A massive malvertising campaign has been detected that has so far hijacked at least 300 million browser sessions in the space of just 48 hours.
What is Malvertising?
Malveristing is a method of generating traffic to websites that would otherwise be unlikely to be visited by Internet users. The technique involves using code in adverts submitted to advertising networks to redirect users to a specific website. Clicking a link in one of the adverts can trigger multiple redirects, first to the site detailed in the Ad code, then onto another web page.
Malvertising is often used to direct Internet users to malicious websites, such as those hosting exploit kits that probe for vulnerabilities and silently download malware or phishing websites, tech support scams, and other scam sites.
As spam filtering technology has improved, fewer spam emails are being delivered to inboxes, which means fewer individuals click links in emails and visit malicious websites. Malvertising is a suitable alternative that generates huge volumes of traffic.
The ad networks are used by many high-traffic websites to provide an additional income stream. While the ad networks incorporate checks to ensure advertisers are legitimate, the use of obfuscated JavaScript to redirect visitors and multiple redirects help attackers pass these checks.
Users Directed to Phishing Websites
The latest malvertising campaign is being used to direct Internet users to a variety of web pages, including adult websites and ‘You’ve Won a Gift Card’ scams.
The campaign was detected by researchers at Confiant on November 12. They claim the threat actors behind the campaign are still active. The initial web pages visited via advert redirects contain obfuscated JavaScript code that redirects visitors to other web pages. Many of the final landing pages phish for sensitive information such as names, addresses, email addresses, revenue information, and other personal data.
Malvertising is nothing new and there are more than a dozen threat actors that are primarily using this method to generate traffic to web pages, but this campaign stands out due to its scale and the volume of visitors that have been redirected to malicious websites.
How to Protect Your Business from Malvertising Attacks
As with spam email, malvertising is a serious risk for businesses. The majority of businesses now use a spam filtering solution to prevent malicious messages from reaching inboxes, but fewer businesses have protections in place to prevent their employees from malvertising and other web-based attacks.
Anti-virus and anti-malware solutions may identify malware downloads that take place through these malicious websites, but usually only once the malware has been downloaded. Since most AV solutions are signature-based, if a new malware variant is downloaded it will not be detected.
The most effective way of blocking malvertising is a web filtering solution. A web filter is most commonly used to control the types of content that can be accessed by employees and serves a similar purpose to parental control software. However, in contrast to parental control solutions, enterprise class-web filtering solutions also prevent network users from accessing malicious websites such as those used for phishing and to distribute malware.
WebTitan Cloud – An Easy to Use, Powerful Web Filtering Solution
WebTitan Cloud is an enterprise-class web filtering solution that has been developed to offer protection against web-based attacks, including malvertising.
WebTitan Cloud is a 100% cloud-based web filtering solution. As such, it requires no hardware purchases or software downloads. Implementation is quick and easy and only takes a few minutes. No technical skill is required to start filtering the Internet and start protecting your business from web-based threats.
In addition to blocking access to malicious websites, WebTitan Cloud allows users to restrict internet activity through 53 category-based filters. More than 700 million URLs are crawled, analyzed, and categorized every day, and the solution provides 100% coverage of the Alexa top 1 million most visited websites and blocks more than 3 million malicious URLS at any one time. More than 7,500 businesses around the world trust WebTitan to protect them from malicious web content.
WebTitan Cloud is also an ideal web filtering solution for managed service providers (MSPs), allowing them to easily add web filtering to their security stacks. WebTitan Cloud comes with a variety of hosting options, including the option of hosting the solution within an MSP’s own data center. The solution can also be provided as a white-label ready to take MSP branding.
For further information on WebTitan Cloud for managed service providers and SMBs, details of pricing, and to book a product demonstration, contact the TitanHQ team today.
WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.
WiFi Security Protocols
The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.
WPA3 WiFi Security Enhancements
One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.
WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.
Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.
WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).
Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.
Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.
WPA3 WiFi Security Issues
Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.
The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.
Improve WiFi Security with a DNS-Based WiFi Filtering Solution
A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.
By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.
WebTitan Cloud for WiFi allows you to:
Filter the Internet across multiple WiFi hotspots
Create a family-friendly, safe and secure web browsing environment
Manage access points through a single web-based administration panel
Delegate management of access points
Filter by website, website category, keyword term, or keyword score
Block material contained in the child abuse image content URL list (CAIC List)
Upload blacklists and create whitelists
Reduce the risk of phishing attacks
Block malware and ransomware downloads
Inspect encrypted websites with SSL certificates
Schedule and run reports on demand
Gain a real-time view of internet activity
Gain insights into bandwidth use and restrict activities to conserve bandwidth
Apply time-based filtering controls
Integrate the solution into existing systems through a suite of APIs
Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.
Businesses that fail to secure their WiFi networks are taking a huge risk, and one that could prove catastrophic. In this article we explain why WiFi security is so important and cover the main WiFi filtering security benefits for businesses.
What are the Consequences of Poor Cybersecurity?
Customers often feel loyal to a particular brand. The company gives them what they want, the prices are reasonable, the quality of products/services are good. One of the most important factors influencing customer loyalty is trust in a brand. If trust in a brand is lost, it can be difficult win customers back. They may be permanently lost. Those customers then speak to their friends and colleagues and word spreads and further business can be lost.
One of the easiest ways to lose the trust of customers is a data breach. Ask customers why they love a particular brand, and “The company keeps my data safe” will not make the top ten list. That said, if a company experiences a data breach, customers will leave in droves.
Some industries are more prone to high customer churn rates following a data breach than others. The healthcare and insurance industries do experience customer loss, but many breach victims are tied to those providers and leaving is not straightforward. The banking and retail industries on the other hand see high churn rates. There is usually plenty of choice and customers explore other options after a breach.
A study of 10,000 consumers by Gemalto in November 2017 showed 70% of customers would stop doing business with a company after a data breach. Could your business cope with an overnight loss of 70% of your customers?
Further, the cost of a data breach report revealed the average cost of a data breach has now risen to $3.86 million. A 70% loss of customers and a $3.86 million data breach bill would prove catastrophic for many businesses. It is therefore no surprise that the National Cyber Security Alliance reports that 60% of SMBs go out of business within 6 months of a data breach.
Defense in Depth is Essential
The Gemalto study found that 62% of consumers felt that a company that holds their data is responsible for security, highlighting the importance customers place on the privacy of their data.
For businesses, ensuring systems and data are kept secure can be a major challenge. The only way to meet that challenge is through defense in depth. A range of cybersecurity solutions are required to secure systems and data, block cyberattacks, and prevent data breaches.
The best place to start is by performing a risk assessment to highlight all potential risks to your systems and data. Consider all possible ways that an attack can occur, assess the risk of each, and develop a risk management plan to address those risks, addressing the highest risk areas first.
While many companies implement a host of network and email security solutions, one area of security that is often overlooked is the WiFi network, even though WiFi poses a considerable risk, not only to the business but also to customers that are allowed to connect to the WiFi network. Some of the important WiFi filtering security benefits are detailed in the section below.
Important WiFi Filtering Security Benefits for Businesses
There are many WiFi filtering security benefits for businesses. Implementing a WiFi filter will not only improve security for the business and its customers, it can also help to improve the productivity of the workforce.
Some of the most important WiFi security benefits are detailed below:
Block Malware and Ransomware Downloads
One of the most important WiFi filtering security benefits for businesses is protection from malware and ransomware downloads. Malware allows hackers to steal customer data, intellectual property, and obtain credentials to plunder corporate bank accounts. Malware infections can prove incredibly costly to resolve and ransomware attacks can bring businesses to a grinding halt. A WiFi filter help improve security by blocking access to sites hosting exploit kits and preventing drive-by malware downloads.
Prevent WiFi Users from Visiting Phishing Websites
Phishing is a major risk for all businesses. While most phishing attacks start with an email, they invariably link to websites that harvest credentials. A WiFi filter ensures that employees and guest users cannot access websites known to be used for phishing.
Stop Users from Accessing Illegal Website Content
Businesses have a responsibility to ensure that their WiFi networks cannot be used to access illegal content such as child pornography or to perform copyright-infringing file downloads. In addition to the potential for these actions to lead to legal problems for employers, these illegal online activities increase the risk of a malware infection.
Prevent Users from Accessing Inappropriate Websites
Businesses should take steps to prevent employees and guest WiFi users from accessing inappropriate websites – Websites that have no work purpose and those that are likely to cause offense to other individuals – adult content for example. Inappropriate internet use is a major drain of productivity and poses a security risk.
Other Important WiFi Filtering Benefits
All companies must take steps to reduce legal liability and employee Internet access is one area where companies can experience legal problems. Web content that seems funny to some employees could be highly offensive to others and lead to the creation of a hostile working environment and subsequent legal action by employees. Any company that fails to block illegal online activities such as copyright-infringing downloads, could be found to be vicariously liable for the actions of its WiFi users.
Businesses can use a WiFi filter to control bandwidth use. By blocking access to bandwidth heavy activities such as video streaming at busy times, business can ensure all users can enjoy fast Internet speeds.
WebTitan Cloud for WiFi: WiFi Filtering Made Simple
Gaining the above WiFi filtering security benefits is easy with TitanHQ’s innovative WiFi filtering solution – WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is easy to implement, simple to use, and effortless to maintain. WebTitan Cloud for WiFi allows businesses to carefully control Internet access, reduce risk, make important productivity gains, and improve their security posture.
WebTitan Cloud for WiFi can be implemented in minutes, requires no hardware purchases and needs no software downloads. An intuitive user interface can be accessed from anywhere with an internet connection and no technical skill is required to configure and maintain the solution.
WebTitan Cloud for WiFi allows business of all sizes to gain the WiFi filtering security benefits with no slowing of Internet speeds.
WebTitan WiFi Filtering Security Benefits
Blocks access to web pages hosting malware
Blocks ransomware, malware, virus, and botnet downloads
Prevents employees and guests from accessing phishing websites
Requires no user updates or patches
Blocks the use of anonymizers
Inspects all Internet traffic, including encrypted content
Reports can be generated to show which employees are attempting to bypass filtering controls
Policies can be created for different users, departments, or locations
Different filtering controls can be set for employees and guest WiFi users
For further information on WebTitan Cloud for WiFi, details of pricing, to book a product demonstration, or to sign up for a free 14-day trial of the full solution, contact the TitanHQ team today.