Spam email may be the most common method of distributing malware and phishing for sensitive information such as Office 365 credentials, but businesses also need to protect against web-based threats.
Malware and ransomware are often unwittingly downloaded from the internet by employees when browsing the internet. Hackers are constantly attacking legitimate websites and uploading malicious content, and malware-lacked files are often hosted on file sharing sites such as Dropbox and Google Drive.
Many owners of high traffic websites use third-party ad networks to bring in much needed extra revenue. Ad blocks are added to websites and the site owners earn money from the number of ad impressions or clicks. Cybercriminals often sneak malicious adverts onto these networks, and they are displayed on many high traffic websites. The malicious adverts link to websites hosting exploit kits that probe for exploitable vulnerabilities in browsers and plugins. If a vulnerability is found, it is exploited to silently download malware.
Phishing emails often have a web-based component. A hyperlink is supplied which links to a website hosting a phishing kit. An email security solution may fail to detect the hyperlink as malicious and will deliver the email. If an employee clicks the link, there may be no protection in place to prevent that site from being accessed and credentials being handed over.
There has also been an increase in malware downloads through social media websites in recent years. Research from Bromium in 2019 showed one in five companies had experienced a malware infection as a result of employees visiting social media websites and 12% of companies suffered a data breach as a result of the malware infection.
Over the summer last year, a multi-year social media campaign dubbed Operation Tripoli was uncovered. The social media malware campaign targeted users in Libya, but Facebook users in other companies were also infected with malware. Malicious code is also inserted into images which are shared on Facebook and Facebook Messenger. That code similarly downloads malware.
Businesses also face other problems from the use of social media sites by employees: A major loss in productivity. According to a Spiceworks survey, 28% of employees at large companies and 45% of employees at medium-sized companies spend four or more hours a week on personal internet usage such as visiting social media sites. The same study also revealed 38% of companies had experienced a security incident as a result of employees’ personal internet usage.
Fortunately, there is a solution that will block internet-based threats and also allow businesses to make significant productivity gains by curbing personal internet usage. Further, the solution is easy to implement, requires little maintenance, and is cost effective. That solution is WebTitan.
WebTitan is a DNS filtering solution ideally suited to SMBs and MSPs that serve the SMB market. WebTitan is a 100% cloud-based web filtering solution, so no software downloads are required and there are no hardware requirements. Simply point your DNS to WebTitan and you will be filtering the internet in minutes. You will block access to known malicious websites, be able to control what types of files can be downloaded from the internet, and you can block access to certain categories of website or filter at the web page level. Highly granular filtering means it is easy to selectively block content. WebTitan allows you to block access to social media sites or just Facebook Messenger if you wish. You can filter at the organization, user group, or individual user level and can set time-based controls.
A full suite of reports allows you to see exactly what types of sites are being accessed, who attempts to violate your policies, and you can also view internet usage in real-time.
WebTitan adds an extra layer to your security defenses that will protect you from the full range of web-based threats. By blocking phishing attacks and malware downloads and allowing you to make significant productivity gains the solution will more than pay for itself.
To find out more about web filtering with WebTitan, give the TitanHQ team a call today.
On January 1, 2020, the California Consumer Privacy Act (CCPA) took effect, giving state residents greater control over the use and sale of their personal data and introduced. In this post we explore the CCPA data security requirements for businesses and the consequences of failing to adequately protect consumer data.
What is the California Consumer Protection Act?
California already had some of the strictest privacy laws in the United States, but CCPA took consumer privacy a step further. CCPA has been likened to the EU’s General Data Protection Regulation (GDPR), as it gives California residents similar rights over the personal data collected and used by companies.
CCPA requires companies to inform California residents about the categories of data that are being collected, at or before the point of collection. There is a right to access all personal information held by a company and find out with whom personal data has been shared. Consumers have a right to opt out and prevent their personal data from being sold and can request that their personal data is deleted. Consumers also have a right to equal services and prices, and cannot be discriminated against, or denied goods or services or levels of services if they opt out of the sale of their personal data.
Who Must Comply with CCPA?
On January 1, 2020, CCPA applies to all companies that do business with California residents, regardless of where the company is based, if one of the following conditions is met:
The company generates revenues of at least $25 million each year; or
The company collects, purchases, sells, or shares the personal data of at least 50,000 people; or
The company generates at least 50% of its revenues from the sale of personal data
CCPA does not apply to insurance institutions, agents, and support organizations, which are covered by different state laws.
CCPA Data Security Requirements
CCPA does not specify what security measures need to be implemented to protect the personal data of California residents; however, businesses do have a duty to implement reasonable security measures based on the level of risk, in accordance with other state laws. Under CCPA, penalties can be applied for a “violation of the duty to implement and maintain reasonable security procedures and practices.”
Since legal action can be taken against companies over a breach of personal data, it is important for companies to ensure appropriate measures are taken to protect data and prevent data breaches.
CCPA does not specify what controls need to be implemented nor what constitutes “reasonable security procedures and practices.” A 2016 Data Breach Report released by the California Attorney General acts as a good guide. It includes a list of 20 controls that the Center for Internet Security says are requirements to protect against known cyberattack vectors. These should therefore serve as guide to the CCPA data security requirements. They are:
How TitanHQ Can Help You Comply with CCPA Data Security Requirements
Email is the most common attack vector used for phishing and malware distribution, so safeguards need to be implemented to keep email systems secure. Phishing attacks often have a web-based component where credentials are harvested, and many malware downloads occur via the internet. Internet controls are therefore also essential to protect against cyberattacks and data breaches. Due to the risk of attack via email and the web, email and browser protections are listed as the first of the foundational Center for Internet Security controls.
This is an area where TitanHQ can help. We have developed two powerful cloud-based security solutions that can help you meet CCPA data protection requirements.
SpamTitan Email Security is a powerful spam filtering solution that keeps inboxes free from email-based threats. SpamTitan incorporates multiple layers of anti-spam and anti-phishing controls, including Sender Policy Framework (SPF), DMARC, SURBL’s, RBL’s Bayesian analysis and more. SpamTitan uses twin antivirus engines to block known malware threats and sandboxing to protect against breaches and data loss from zero-day threats.
WebTitan is a cloud-based DNS filtering solution that protects against the internet component of phishing attacks and stops wired and wireless network users from accessing malicious websites. These solutions will help you meet your email and web security responsibilities and protect your organization from phishing attacks, malware and ransomware downloads. Together they will help you prevent costly data breaches and avoid the resultant CCPA fines.
Penalties for Noncompliance with CCPA
Each intentional violation carries a maximum penalty of $7,500 per record. Unintentional violations carry a penalty of $2,500 per record.
There is also a private cause of action in CCPA. In the event of a data breach, victims of the breach can sue for a CCPA violation. Statutory damages of between $100 and $750 by each California resident affected by the breach. Alternatively claims can be made for actual damages, whichever is greater, along with other relief determined by the courts. Class action lawsuits are also permitted under CCPA. The California Attorney General can also take legal action against the company rather than permitting civil suits to be filed.
TitanHQ and Pax8 have announced a new strategic partnership that will see TitanHQ’s cloud-based email security and DNS filtering solutions incorporated into the Pax8 ecosystem.
Pax8 simplifies the journey into the cloud through billing, provisioning, automation and industry-leading PSA integrations and is proven leader in cloud distribution. Pax8 has achieved position 60 in the 2019 Inc. 5000 list of the fastest growing companies and has been named CRN’s Coolest Cloud Vendor and Best in Show at the NextGen and Xchange conferences for two years in a row.
In order to have products added to the Pax8 marketplace, vendors must have developed exceptional channel friendly solutions. As the leading provider of cloud-based email and web security solutions for managed service providers (MSPs) serving the SMB marketplace, TitanHQ was an ideal fit.
Under the new partnership, Pax8 partners will have easy access to TitanHQ’s leading email security solution, SpamTitan Cloud, and can protect clients from web-based threats with WebTitan Cloud, TitanHQ’s DNS filtering solution.
These cloud-based AI-driven solutions help MSPs secure their own environments and protect their clients from malware, ransomware, botnets, viruses, and phishing and email impersonation attacks and avoid costly data breaches.
Both solutions have been developed with MSPs firmly in mind. The solutions are easy to integrate into an MSP’s security stack through TitanHQ’s APIs, there are multiple hosting options, the solutions can be supplied in white label form, and there are generous margins. Pax8 partners also benefit from a fully transparent pricing policy and industry leading technical support.
TitanHQ’s solutions have much loved by users and are consistently rated highly on business software review platforms, including G2 Crowd, Gartner Peer Insights, and Capterra.
“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.