Categories
Blog

SECURITY ALERT: Log4j Vulnerability

WorkSmart is aware of the critical vulnerability in Apache Log4j that can be used to launch cyber attacks. We continue to work with our vendors to identify any potential vulnerabilities and ensure our tools are secure.

Here are details on the Log4j vulnerability, including who it impacts and what steps you can take to reduce the risk to your organization and your customers.

What is the vulnerability?

Last week, a software flaw in Apache’s Log4i program, a library used to log functionality in Java-based software.

Widely used by many third-party applications, Log4J gives software developers a way to record activity that can later be used to help with things like troubleshooting.

By exploiting this vulnerability, attackers can remotely gain control over computers running any affected version of Log4J (versions 2.0-beta9 to 2.14.1). Once they have access to the computer, they can potentially gain access to other parts of the organization’s network.

Who is impacted?

This threat affects any Java application using Log4j. This logging tool is the most common for Java applications, and Java is used extensively in developing software. Unfortunately, this may impact many services and products, including major vendors.

What can you do now?

  • Keeping all devices and software up to date is a key defense in protecting against known threats. With this threat, you should make sure Java is up to date.
  • Check to see if your organization uses any affected software.
    • Even though Apache released a fix for the vulnerability (log4j-2.15.0.rc2), you may need to wait until the vendor releases a security patch.
    • Many software vendors have issued advisories with their plan for mitigating any potential risk. All organizations should be communicating with their software vendors and continue to monitor any potential risks and if/when any actions are taken to mitigate them.

NOTE: CISA is managing a community-sourced list of affected software here: https://github.com/cisagov/log4j-affected-db. 

For WorkSmart Clients:

Sophos has confirmed our managed firewall and anti-virus solutions have been actively updated to look for intrusion detections and to block malicious behavior associated with this attack.  

Related Resources:

Categories
Blog

Marissa Explains IT All: How to Spot A Phishing Email

Email is one of the most commonly used methods of communication in the workplace, however it’s also one of the most targeted areas for cybercriminals. 

Phishing is a technique that hackers use to impersonate a trusted source and try to get any personal or sensitive information from you. These emails can come in many different forms, so it’s important to stay vigilant when it comes to keeping your account secure.

Check out the 60-second clip below to hear Marissa’s best tips on spotting these phishing emails before it’s too late. Continue scrolling for the full transcript and more cybersecurity tips to help protect your business. 

Marissa Explains IT All: Episode 7

“How do you spot a phishing email?”

Transcript:

  1. “Check who the email is coming from. Not just the display name – the actual email address. If you just look at the display name, you can get fooled.
    1. Look for misspellings.
    2. Is it actually coming from where you expected?
    3. Is it coming from a Gmail or another public domain? (Most companies have their own domain.)
  2. Look at the actual email itself. Poorly written emails are a big red flag. We’re not looking at spelling because we have spell-check and we have translation tools that help us get the right words. Grammar is actually a big red flag. If it smells like a threat, then it is a threat. 
  3. Check the links because they want you to do something. You can hover over the link to see where it takes you. If it’s not a good link – don’t go. If you’re on a mobile device, you can hold down and it will give you a preview of the link.”

More Cybersecurity Tips

4 Easy Tips to Strengthen Password Security

Best Cybersecurity Practices for Your Team

Categories
Blog

How to Protect Your Organization’s Email from Cyberattacks

Email is one of the most used methods of collaboration in the workplace. Unfortunately, it’s also become one of the most popular methods for cyberattack. From phishing emails to emails with malicious attachments, email can be as vulnerable as it is essential. 

That’s why teaching your employees good security habits is incredibly helpful in protecting against email-based threats. They learn how to spot potential threats, but with how much we rely on email, more can be more when it comes to cybersecurity.

Luckily, there are two tools that can provide big benefits to companies using Microsoft 365 and without big costs. Along with examples of common email security issues, here’s how multi-factor authentication and Microsoft Defender for Office 365 protect your organization’s email from cyberattacks. 

Categories
Blog

Marissa Explains IT All: What is multi-factor authentication?

It’s no secret that securing all of your different accounts is crucial to keeping your data protected. Multi-factor authentication helps to provide an extra layer of security by requiring users to identify themselves using more than just a username and password.

How does it work? Check out Marissa’s 60-second explanation of multi-factor authentication below!

Categories
Blog

Benefits of Using Single Sign-On and Why It’s Important for Your Business

The use of the cloud is growing with software-as-a-service making it easy for small businesses to adopt technology without managing and maintaining any infrastructure. Plus, in the ever-changing hybrid workplace, cloud apps give your team access to what they need from anywhere.   

Categories
Blog

3 Steps to Cybersecurity on a Small Business Budget

You know that a thorough cybersecurity plan is essential to protect your assets and information. The threat of cyber attacks on small businesses is higher than ever, and damages from an attack take months and up to a year for most companies to recover from, if they can recover at all

So, how can you be sure your organization is doing the right things to prevent damage that can be caused by cyber threats and keep it within a small businses budget? 

Categories
Blog

Stay Phish Proof: Best Practices for Spotting Phishing Emails

With emails being such a common tool for communication, both in the business world and on a personal level, phishing emails are becoming more common as well.

Check out this short video (less than 10 minutes) for some of the quickest ways to spot a phishing email, and what to do if you receive one.

Categories
Blog

Easy Tips to Strengthen Password Security

Strong passwords help prevent unauthorized access. But what makes a password strong? 

Here are our top password tips to help you protect your data.

Categories
Blog

An Advanced Anti-Virus That Stops Ransomware

Ransomware is a multibillion-dollar industry, leaving many companies concerned about what they’re up against and whether their cybersecurity measures can keep them protected. These attacks often use sophisticated techniques to increase their success rate, so having a just-as-advanced anti-virus solution is key in stopping it.

Categories
Blog

The Kaseya VSA Ransomware Attack

Unfortunately, ransomware continues to make headlines, with the recent attack on Kaseya VSA products affecting 1500 organizations across the globe. 

Although WorkSmart does not use Kaseya VSA products and has not been impacted by this attack, it’s important to use this as an opportunity to grow our security practices and help you do the same.