Month: August 2021

The GDPR, Email Retention and Email Archiving

In this post, we will explain how does GDPR apply to email retention and email archiving, and how an email archive can help you comply with the GDPR.

The EU’s General Data Protection Regulation (GDPR) introduced new requirements for businesses on May 25, 2018. From the compliance date, businesses that collect or process the personal data of EU citizens were required to implement safeguards to protect the personal data of EU citizens. The GDPR also gave EU citizens new rights over their personal data.

The GDPR applies to personal data in all forms, no matter where data are stored. That means personal data in email accounts is covered by the GDPR. Email inboxes and folders can contain a wealth of personal data and that information is subject to the strict privacy and security requirements of the GDPR.

Email data may also need to be retained to comply with laws in the country or state in which your business operates, and certain industries such as finance and healthcare have industry-specific legislation with provisions covering email retention.

There is no minimum or maximum time stipulated for email retention in the GDPR, instead, the GDPR states that personal data can be kept in a form that allows an individual to be identified for no longer than necessary to achieve the purpose for which personal data were collected or processed. The GDPR allows personal data to be processed for archiving purposes.

Reduce storage space, eliminate mailbox quotas and improve email server performance.
Book Free Demo

The GDPR requires businesses to implement security measures to ensure personal data are protected. Article 5(f) of the GDPR requires personal data to be protected “against accidental loss, destruction or damage, using appropriate technical or organizational measures.” The easiest way to ensure email data are protected is by using encryption and storing emails in a safe and secure environment where they are protected against unauthorized access, accidental deletion, and tampering – an email archive.

It is worthwhile explaining the difference between an email archive and a backup, as while both can be used to store emails there are important differences between the two. A backup is a temporary repository for email data that ensures emails can be recovered in the event of data loss. Backups are usually only kept for a limited about of time, usually, until a new backup is created. A backup allows the mail system or data in an email account to be restored to a specific point in time. An email archive is used for long-term secure email storage and, in contrast to a backup, it can be searched and individual emails can be quickly found and retrieved.

Many businesses already use an email archiving solution to comply with state, federal, or industry regulations. An email archive is also invaluable for eDiscovery and dealing with customer complaints, as it can be searched and emails can be quickly and easily retrieved on demand. An email archive can also be used to recover email data in the event of a disaster, so it also protects against data loss.

An email archiving solution is important for GDPR compliance as it allows email data to be stored safely to prevent data loss and unauthorized access. Personal data in emails can also be quickly be found, recovered, and deleted securely, if an EU citizen exercises their right to be forgotten, for instance.

ArcTitan, TitanHQ’s secure email archiving solution, is an ideal email archiving solution for GDPR compliance. ArcTitan includes end-to-end encryption for email data, access controls – including role-based controls – to ensure email data are protected against unauthorized access, and ArcTitan creates a tamper-proof record of all email data for the duration of your email data retention policy.

Reduce storage space, eliminate mailbox quotas and improve email server performance.
Book Free Demo

If emails need to be found, the archive can be searched and messages can be quickly and easily retrieved. With ArcTitan, you can search 30 million emails a second. Multiple searches can be performed simultaneously, searches can be combined and, in contrast to Office 365 archiving, the same search can be used to find data in the message body and attachments.

ArcTitan is very competitively priced and you only pay for active users. If you are unhappy with your current email archiving provider, changing to ArcTitan is a headache-free process and assistance will be provided by our highly experienced support team. For GDPR compliance, ArcTitan is an ideal email archiving solution.

If you would like to have further information on ArcTitan, contact the TitanHQ team today.

Beware of this PayPal Text Phishing Scam

Phishing is commonly associated with spam emails, but it is not the only method of phishing as the PayPal text phishing scam below shows. Phishers use various methods to obtain sensitive information and phishing threats could arrive by email, text message, instant messenger services, and scams can be conducted over the phone.

Phishing is arguably the biggest cyber threat faced by businesses and consumers and can result in a malware infection, the encryption of files via ransomware, theft of sensitive data such as credit/debit card numbers or bank account information, or the email account could be used for sending spam and phishing emails and for malware distribution. A successful phishing attack could prove incredibly costly as bank accounts could easily be emptied. For businesses, malware infections can be catastrophic and billions are lost to business email compromise phishing scams each year.

There are approximately 200 million PayPal users, which makes the online payment service particularly attractive for phishers. PayPal is one of the world’s most commonly spoofed brands. If the brand is spoofed, there is a relatively high probability that the phishing email or text message will be received by a person who has a PayPal account. Further, PayPal accounts usually contain money and they are linked to a bank account and/or credit card. Gaining access to PayPal credentials can see the account and linked bank account emptied.

Phishers use a variety of social engineering techniques to fool end users into installing malware or disclosing their login credentials and other sensitive information. Spam email may be the main method of attack, although the use of text (SMS) messages – often referred to as SMiShing – is growing. This method of phishing can prove more successful for attackers. The PayPal text message phishing scam below is much harder to identify as malicious than many of the PayPal email phishing scams that have been detected in recent weeks.

Beware of this Credible PayPal Text Phishing Scam

This PayPal text phishing scam, and several variants along the same theme, have been detected in recent weeks. The text message appears to have been sent from PayPal from a short code number.

The message reads:

Dear Customer,

Your account is currently under review. Please complete the following security form to avoid suspension: http://bit[dot]ly/PayPal_-no-sms.eu

Another message reads:

Dear Customer,

Your account is under review. Please fill in the following security form to avoid lockout: http://bit[dot]ly/_payPal__

These PayPal text phishing scams work because many people do not carefully check messages before clicking links. Click the link on either of those two messages and you will be directed to a website that appears to be the official PayPal website, complete with branding and the normal web layout. However, the websites that the messages direct recipients to are scam sites.

Those sites naturally require the user to enter their login credentials. Doing so passes those credentials to the scammer. The scammer will then use those credentials to access the account, empty it of funds, and plunder the bank account(s) linked to the PayPal account. The password for the account may also be changed to give the attacker more time to make transfers and lock the genuine account holder out of the account.

These scams are particularly effective on smartphones as the full URL of the site being visited is not displayed in the address bar due to the small screen size. It may not be immediately apparent that an individual is not on the genuine PayPal website.

This PayPal text phishing scam shows that you need to always be on your guard, whether accessing your emails or viewing text messages.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Don’t Become a Victim of an SMS Phishing Scam

The PayPal text phishing scam detailed above is just one example of how cybercriminals obtain sensitive information via text message. Any brand could be impersonated. Shortlinks are often used to hide the fact that the website is not genuine, as is altering the link text to mask the true URL.

To avoid becoming a victim of a SMiShing scam, assume any text message correspondence from a retailer or company could be a scam. If you receive a message – typically a warning about security – take the following steps.

  1. Access your account by typing in the correct URL into your web browser. Do not use the link in the message.
  2. Check the status of your account. If there is a freeze on your account, your account is under review, or it has been suspended, this will be clear when you try to log in.
  3. If in doubt, contact the vendor by telephone or send an email, again using verified contact information and not any contact details supplied in the text message (or email).
  4. Before logging in or disclosing any sensitive information online, check the entire URL to make sure the domain and web page are genuine.

PayPal Email Phishing Scams

This PayPal text phishing scam is one of thousands of phishing campaigns targeting PayPal users. While SMS phishing scams are increasing, most phishing attacks are conducted via email.

PayPal email phishing scams can be highly convincing. The emails contain the familiar PayPal logo, the text in the message body is often well written with no grammatical errors or spelling mistakes, the footers contain all the information you would expect, and the font is the same as that used in genuine PayPal messages.

The purpose of PayPal phishing emails will vary depending on the campaign, although typically the aim is:

  • To fool someone into disclosing their PayPal username/email address and password combination
  • To obtain a credit/debit card number, expiry date, and CVV code
  • To obtain bank account information and other personal information that allows the account to be accessed
  • To obtain a Social Security number and date of birth for use in identity theft and tax fraud
  • To install malware - Malware can capture all the above information and more
  • To install ransomware – Ransomware encrypts files and prevents them from being accessed unless a ransom payment is made

PayPal phishing emails can be very convincing and virtually indistinguishable from genuine communications; however, there are often signs that suggest all may not be what it seems.

Some of the common identifiers of PayPal phishing emails have been detailed below:

  • The messages contain questionable grammar or spelling mistakes.
  • The hyperlink text suggests one domain, when hovering the mouse arrow over the link shows it directs the user to a different domain.
  • The message does not address the account holder personally and starts with Dear PayPal user, user, or PayPal member instead of using the first and last name or the business name.
  • A link in the email directs the recipient of the message to a website other than the genuine paypal.com domain or local site - paypal.ca, paypal.co.uk for example.
  • The website the user is asked to visit does not start with HTTPS and does not have the green padlock symbol in the address bar.
  • The email requests personal information be disclosed such as bank account details, credit card numbers, or security questions and answers.
  • A user is requested to download or install software on their device.
Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

HTTPS Does Not Mean a Website is Genuine

There has been a general push to get businesses to make the switch from HTTP to HTTPS by installing an SSL certificate. The SSL certificate binds a cryptographic key to an organization’s details and activates both the padlock sign and changes a website to start with HTTPS. This ensures that the connection between the browser and the webserver is encrypted and secured.

If the website has a valid SSL certificate installed, it reduces the potential for snooping on information as it's entered in the browser – credit card information for example. However, what an SSL certificate will not offer is a guarantee that information is safe and secure.

A website owned by or controlled by a cybercriminal could have a valid SSL certificate and start with HTTPS and have a green padlock. Disclosing information on that site could see sensitive information handed to a scammer.

As more and more businesses have made the transition to HTTPS, so have cybercriminals. According to the Anti-Phishing Working Group’s (APWG) Q1, 2018 phishing activity trends report, 33% of all phishing websites now use HTTPS and have valid SSL certificates. HTTPS and a green padlock do not mean that a website is genuine. It only means information entered on the site via the browser is secured.

Anti-Phishing Best Practices to Adopt

  1. Exercise caution when someone sends you a hyperlink in a text message or email. The sender may not be who you think it is. A contact or family member’s email account may have been compromised or their phone stolen or the email address may have been spoofed.
  2. Never open email attachments in unsolicited emails from unrecognized senders.
  3. Beware of any email that suggests urgent action must be taken, especially when there is a threat or negative consequences for inaction - your account will be suspended or deleted for example.
  4. If in doubt about the genuineness of an email, do not click any links or open any attachments. Simply delete the message.
  5. Businesses should implement an advanced spam filter to prevent the majority of phishing emails from reaching inboxes.
  6. Businesses should also implement DMARC to prevent spoofing of their brands.
  7. Businesses should provide ongoing security awareness training to employees to teach them the skills required to identify phishing emails and smishing attempts such as this PayPal text phishing scam.

If you run a business and are concerned about phishing, TitanHQ can help. TitanHQ has developed an award-winning anti-spam and anti-phishing solution that blocks more than 99.9% of spam and malicious messages, incorporates dual anti-virus engines to detect malicious attachments, includes DMARC authentication, and sandboxing to perform in-depth analyses of malicious attachments. The solution works seamlessly with Office 365 to improve phishing detection and keep users' inboxes free from spam, phishing, and other malicious emails. Further, TitanHQ operates a highly competitive pricing policy and SpamTitan can be used at a fraction of the cost of other anti-phishing solutions.

Contact TitanHQ and arrange a product demonstration, sign up for a free trial of the full solution (including support), and discover the difference SpamTitan can make to your organization's security posture.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

SharePoint Phishing Scam You Should be Aware Of

A new SharePoint phishing scam has been detected which attempts to steal Office 365 credentials from business users. those credentials are subsequently used to gain access to sensitive company information stored in the cloud and email accounts which can be used in phishing and business email compromise attacks.

The scam emails used in this campaign are similar to those used in countless Google Docs phishing scams. The messages appear at face value to be genuine attempts by employees and contacts to collaborate through the sharing of files. Most of these scams are concerned with spreading malware. The documents usually contain malicious macros which download the malware payload if allowed to run. JavaScript and VB scripts are also used to achieve that aim.  However, due to the value of Office 365 accounts, hackers are increasingly conducting attacks to gain access to Office 365 credentials.

The latest scam uses messages that appear to be standard quests to collaborate on SharePoint. This SharePoint phishing scam includes a hyperlink to a genuine SharePoint document, which may not be flagged as malicious since the file itself does not contain malware.

The SharePoint file advises the user that the content they are looking for has been uploaded to OneDrive for Business and a further click is necessary to access the file. A hyperlink named “Access Document” is included in the SharePoint file along with the genuine OneDrive for Business logo. At face value, the document does not appear to be malicious, although checking the destination URL of the link will reveal that it directs the user to a suspect website.

After clicking the link, the user is presented with a login window for Office 365 and their Microsoft Office 365 credentials must be entered to proceed. Entering Office 365 credentials at this point will see them harvested by the scammers running this campaign. The user is unlikely to realize that they have been successfully phished as after entering their credentials they will be directed to the genuine Office 365 web page.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

This SharePoint phishing scam is being used in targeted attacks on businesses. SharePoint is commonly used by businesses for collaboration, so there is a high probability that employees will be used to receiving such requests. Finding email addresses for business users is also straightforward. Lists can be purchased on darknet marketplaces and hacking forums, or they can be obtained from professional social networking sites such as LinkedIn.

This SharePoint phishing scam, Google Docs phishing scams, and similar campaigns spoofing Dropbox are commonplace and are highly effective. They take advantage of familiarity with these collaboration services, trust in the brands, and the lack of security awareness of employees. These brand impersonation attacks use email formats that are identical to those used in genuine collaboration requests, including correct logos, formatting and genuine-looking links, and can be difficult for end users to identify as malicious.

Preventing these SharePoint spoofing scams requires technological solutions to stop the messages from being delivered and links from being followed. Standard Office 365 anti-phishing protections are not particularly effective at blocking threats such as these. Businesses will be better protected using a dedicated anti-phishing solution on top of Office 365. SpamTitan is an award-winning anti-spam and anti-phishing solution that works seamlessly with Office 365 and provides superior protection against phishing attacks. SpamTitan uses a wide range of innovative techniques to identify malicious emails and block them at source to prevent them from reaching end users’ inboxes.

Security awareness training is also vitally important to condition employees to stop and think before taking any action requested in an email and to raise awareness of the use of collaboration requests in phishing campaigns.

If you want to improve email security and better defend your organization against phishing attacks, contact the TitanHQ team today and request further information on SpamTitan. Product demonstrations can be arranged on request, free trials of the full product are available with full support during the trial, and a range of deployment options are available to suit the needs of your business. Also consider using a web filter such as WebTitan, which will block attempts to block websites used for phishing and malware distribution.

Cybersecurity Selling Techniques for MSPs

Small businesses often lack the budget to employ full time IT staff, so instead rely on Managed Service Providers (MSPs) to meet their IT and cybersecurity needs. Small businesses know about the importance of having good IT support and will also likely be aware of the need to have some cybersecurity defenses in place, but it can sometimes be difficult to get clients to commit to purchasing the cybersecurity solutions they need to block cyberattacks that could cripple the business.

MSPs therefore need to communicate the importance of cybersecurity and the solutions that are necessary to reduce risk to protect their clients. Without the right solutions in place, clients will be at risk of suffering a costly data breach, and potentially regulatory fines and litigation. It will also be the MSP that will most likely be required to put the time and effort into getting the business back up and running following a cyberattack, and an MSP may also be blamed for not preventing the breach in the first place.

So how can MSPs sell cybersecurity solutions to their clients? What techniques can be used to get clients to commit to purchasing the solutions they need to protect their networks and infrastructure from attack?

Cybersecurity Selling Techniques for MSPs to Improve Customers’ Defenses and Monthly Revenue

Many small businesses will have little in the way of cybersecurity defenses, so this presents MSPs with an opportunity to increase their revenue, but first they must make sure that a client is aware of the importance of cybersecurity and having the right infrastructure and security solutions in place. It is up to the MSP to communicate the need for cybersecurity defenses to block credible threats, as many businesses will not understand the risks they face and the true cost of a data breach.

One of the most important elements of selling cybersecurity to clients is to have a good understanding of the risks a business faces and the level of risk each business is prepared to tolerate. Each business will be different and, most likely, there will be different risks within each business that need to be addressed.

It pays to take some time to audit and review those risks, and then to develop a cybersecurity strategy for the business that is tailored to its needs, rather than trying to sell a standard package of security solutions.

It is unlikely that a small business will be effective at conducting their own cybersecurity risk assessments. By becoming proficient in conducting risk assessments, MSPs will be able to gain a competitive advantage. If an MSP can present an accurate risk assessment to a customer, along with cybersecurity solutions that will reduce all risks identified to a reasonable an acceptable level, it will be much easier to get clients to buy in and sign up for the products and services they need to reduce those risks.

When selling cybersecurity solutions, it pays to focus more on the risks and how they will be addressed, rather than the technical aspects of each solution. That information can naturally be shared if required, but it is better to explain how the solutions meet the needs of the business and the benefits they provide. Cybersecurity solutions are expensive for small businesses, so before a business commits to a purchase – which can involve a significant upfront cost – they need to know the benefits the investment will bring and how it will likely save them considerable costs in the long run by preventing costly data breaches and the resultant downtime.

Customer Support Needs to Include Cybersecurity

Having the right cybersecurity solutions in place is only part of the story. It is also important to ensure that there is adequate monitoring in place. Cybersecurity solutions must be correctly configured and maintained so MSPs will need to make sure the staff is on hand to identify and respond quickly to any threat and neutralize it. Cybersecurity support also needs to be sold to clients.

You must be clear about the different between IT support and cybersecurity support. Clients are likely to need an MSP to provide basic IT support but may also expect the MSP to deal with cybersecurity issues as well. It is vital to communicate the difference and to cover cybersecurity support when onboarding a new client.

By explaining the need for cybersecurity and providing tailored solutions and the right level of support, MSPs will be able to earn the trust of their clients and be able to reassure them that their infrastructure and data will be kept safe and secure. As the business grows, that trust will be invaluable in getting the business to buy into more advanced cybersecurity solutions as their risk profile changes.

When it comes to finding solutions to meet the needs of MSP clients, TitanHQ can help. TitanHQ provides reasonably priced, powerful and effective cybersecurity solutions to block the most common attack vectors, along with a solution for backing up and archiving business critical data.

For more information on these solutions give the TitanHQ team a call and ask about TitanHQ email security, DNS filtering, and email archiving, and the TitanShield Partner Program. MSPs that join the TitanShield Program will be provided with extensive tools, marketing resources, and training aids to help them sell cybersecurity solutions to their clients more effectively.

Remote Working and the Dangers of Public Wi-Fi

The dangers of public Wi-Fi are well documented, but the increase in remote working means the threat has grown. During the pandemic, many businesses had little option other than to allow their employees to work remotely. Remote working during the pandemic meant employees working from home, but now that COVID-19 restrictions are easing the dangers of public Wi-Fi have reared their head one again. Many businesses have seen benefits to remote working and are continuing to allow employees to work from home, while many others are considering adopting a hybrid working model, where employees can work remotely for at least some of the week.

The Dangers of Public Wi-Fi

There are a variety of risks when accessing the Internet over public Wi-Fi networks, one of the most serious being the Wi-Fi access point that people connect to is not actually the Wi-Fi network of the establishment where employees are working. It is all too common for threat actors to set up rogue access points that resemble the legitimate Wi-Fi access points that they spoof. Through those access points – often referred to as evil twins – connections are monitored, and no communicated data are secure.

Attackers often inject malicious proxies, eavesdrop on network traffic, and use redirects to send Wi-Fi users to malicious websites. While perhaps unlikely in a local coffee shop, it is possible to compromise wireless technologies such as Bluetooth and Near Field Communication (NFC), and these tactics are commonly used, especially in foreign countries. If Bluetooth and NFC are enabled, an attacker could scan for nearby devices and gain information that could allow them to identify and target a particular individual.

How to Reduce Risk

There are various steps that remote workers should take to ensure they do not unwittingly fall victim to a malware infection, disclose their credentials in a phishing attack, or otherwise compromise their device, and in turn, the network of their employer. The most straightforward of these measures is to simply not use public Wi-Fi networks, although that is not always possible for travelling employees.

If it cannot be avoided, it is important to connect to a Wi-Fi hotspot that has encryption and strong authentication, as security will be greater. It is never a good idea to connect to any Wi-Fi network that has no security and does not require a password to connect, but it can be difficult to determine how good Wi-Fi security actually is.

It is important to remember that having a password on a Wi-Fi access point does not mean there is data encryption, so any transmitted data may be intercepted. Even with encryption, if an attacker knows the pre-shared key, the encryption is rendered useless as data can easily be decrypted.

It is also possible to force a network into using unsecure protocols or obsolete algorithms, and there are widely available open-source tools that can easily be used to capture credentials and other sensitive data.

It is therefore important to take precautions. For employees, the steps are straightforward. Avoid public Wi-Fi networks if at all possible and avoid disclosing any sensitive data on websites that do not start with HTTPS. Bear in mind that hackers can set up HTTPS websites just as easily as anyone else so be sure not to place too much reliance on https for providing security.

Employees should avoid disclosing any sensitive data or accessing their email or work network entirely over public Wi-Fi if possible, and to ensure that tools supplied by employers – such as a VPN – are used.

Employers should ensure a Virtual Private Network (VPN) is available to employees and there is sufficient capacity to allow all workers to connect. Employers can – and should – extend the protection of their web filtering solution to remote workers’ devices. Web filters will block access to known malicious websites and can block malware downloads. Solutions such as WebTitan are easy to configure to protect remote workers’ devices, and filtering controls will then be applied just as if the employees are in the office.

Standard cybersecurity best practices should also be followed, such as ensuring patches and software are kept up to date, including VPNs. Multifactor authentication should be enabled and anti-malware software installed. Anti-spam solutions – SpamTitan for example – should also be implemented to block email attacks, and firewalls should be used to prevent unauthorized inbound and outbound connections.

It is also recommended to disable Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) on Windows laptops and to configure Web-Proxy Autodiscovery Protocol (WPAD) to use only corporate proxy servers and to turn off device file and printer sharing on public networks.