February 15, 2022

Good morning, everyone!

The latest critical vulnerabilities: Apple released another update fixing a new zero-day that is being actively exploited. Update to macOS 12.2.1, Safari 15.3,  Watch OS 8.4.2 and iOS/iPadOS 15.3. Microsoft fixed a bunch of stuff in last week's Patch Tuesday Android 12 has a critical flaw fixed in the latest security update Magento e-commerce sites running older versions are being targeted Siemens has released patches for vulnerabilities affecting its SIMATIC S7-1200 and S7-1500 PLCs, SIMATIC Drive Controller, ET 200SP Open Controller, S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, the TIM 1531 IRC communication module, and SIPLUS extreme products Patch All the Things!

Offboarding, the Great Resignation & Insider Threats

A friend posted this interesting read on LinkedIn last week, Burnout: The next great security threat at work. Key findings include:

• Burnout is a huge problem across the U.S. and Canada. 80% of office workers and 84% of security specialists told us they’re feeling burned out.
• Burnout is tied to poor security habits. 20% of burned-out workers feel their company’s security policies “aren’t worth the hassle,” compared to 7% of workers who aren’t burned out.
• Burned-out workers are more likely to use shadow IT. Almost half (48%) of burned-out employees told us they were creating, downloading or using software at work that hadn’t been approved by their company’s IT department.
• Burnout, the great resignation, and security habits are all connected. Employees who are ready to resign are more likely to feel that convenience is more important than security at work.

That last point lead me to reading Don’t Let the Great Resignation Become an Insider Threat:

“The Great Resignation does pose a cybersecurity risk for companies,” said Timur Kovalev, chief technology officer at Untangle, in an email interview. “The very nature of employees walking out indicates they aren’t happy with the employer, pay, work or colleagues. Disgruntled employees might seek revenge on the company that they perceived as having wronged them, or an undervalued worker might feel a sense of entitlement and sabotage the company.”

How do you tackle this problem? Have a well-defined, comprehensive offboarding process – and follow it! Quoting from this blog post Improper Offboarding Poses Significant Security Risks

Many organizations spend quite a bit of time onboarding new employees and making sure they have access to everything they need; however, the same care is often lacking when it comes to offboarding.

Boy, this is so true! We have seen this happen over and over. Proper offboarding doesn’t have to be difficult, and it will be much easier if you are prepared. A few considerations:

(1) Start with this employee’s onboarding process. For everything they were given access to coming in, access should now be revoked.

(2) Follow the employee’s career in the organization. Changing positions, internal reorganization, major system changes – all these can result in employees being given more (or different) access than they were granted in the onboarding process.

(3) Make certain that HR, IT and physical security (at a minimum) are all aware that this employee is leaving. You can’t believe how often employees leave with email accounts and network credentials that remain valid and accessible for months or even years after termination. And it’s not just network access – the Director of Security at a large company in Atlanta told me the story of an employee in IT who was fired without the knowledge of the security department, so he still had a working badge to get into the building and into the server room – which he entered late on a Saturday night when no one would be around to see him. Even though his network credentials had been revoked, with physical access to the servers he was still able to do quite a bit of damage.

(4) Don’t forget external accounts. All those cloud accounts -- Dropbox, Office 365, Salesforce, Quickbooks, ADP), your accounting/CRM/ERP, merchant accounts, online purchasing, website maintenance, Google Analytics, customer/vendor portals -- think of every online account this employee may have access to and revoke it (or change the shared password).

Make a list, check it twice, and keep it updated! Being prepared will make the offboarding process easier for all involved.

Hope you all have a great week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺