Threats of the Week – June 18, 2020

Ripple20 Vulnerabilities

Millions of internet of things (IoT) devices are affected by dozens of vulnerabilities. Cyber-security experts exposed a total of 19 vulnerabilities (4 of them considered critical) in a small library widely used and integrated into innumerous products over the last 20 years. These vulnerabilities affect both enterprise and consumer-grade products, from printers to insulin pumps.

Source: ZD Net

How do you protect yourself?

Treck has issued a patch for use by OEMs in the latest Treck stack version (6.0.1.67 or higher).

Linkedin ‘Job Offers’ Malware

A recent malware campaign targeting aerospace and military firms has been discovered. Victims in Europe and the Midle East received Linkedin spear-phishing messages, supposedly from Collins Aerospace and General Dynamics, with a job offer. Besides the offer being fake, the message also included malicious documents that eliminate data from the device.

Source: Threat Post

How do you protect yourself?

Users should be cautious whenever opening files from an email. Services like Secure IT – Mail help scan the files within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.

Qbot Malware

Customers of U.S. banks and financial institution are the target of an ongoing campaign using “Qbot malware”, a banking Trojan active since 2008. Trough Qbot payloads, attackers are able to steal financial data from these clients, and spread malware on compromised devices. According to specialists, “Qbot malware” is being used with updated worm features.

Source: CISOMAG

How do you protect yourself?

Cybersecurity awareness training is highly recommended to defend against evolving malware threats. Secure IT – User Defence is a suite of security services specifically tailored to empower employees to become the first line of defence against cyber attacks.

A Jolera Perspective on Re-opening Safely and Securely

A Jolera Perspective on Re-opening Safely and Securely

The COVID-19 pandemic has disrupted our global economy and forced businesses to change the way they operate. The evolution of this virus and its socio-economic impact has made it difficult for many businesses to adapt their operations. However, through it all, Jolera has managed to maintain consistent and successful operations. We asked Jolera’s very own Chief Operating Officer, Manish Govindaraj, how the company managed to adapt and thrive during the global crisis while staying true to its people-first core values. Manish describes his team’s approach to enacting the company’s Business Continuity Plan (BCP), as well as their coordinated return to work strategy.

“For a business to continue operating under these situations of duress or crisis, you have to have an active and tested Business Continuity Plan. For us, as a SOC II Type II certified entity, we have been testing our BCP on a quarterly basis, not just because SOC II demands it, but also because it’s good business practice.”

– Manish Govindaraj

According to Manish, the organization’s transition to remote operation meant balancing the safety of employees with the ideal productivity levels necessary to satisfy customers’ expectations. With hundreds of staff members operating globally, Jolera was identified as an essential service and aimed to “challenge ourselves to provide a seamless experience to our customers, as if nothing had changed,”. With hundreds of channel partners, thousands of end clients, and such depending on their services, company stakeholders recognized the importance of honouring commitments to both customers and employees alike.

“We are a true 24/7/365 entity, and that had to be held true while we were remote with all of our staff members. At the forefront of all of this was the importance to keep our employees safe, and as a result, keep our business safe.”

– Manish Govindaraj

The company made the transition to total remote operation at the beginning of March, even before the government of Ontario declared a state of emergency. “We acted early, reducing the risk of exposing our staff members to the virus at the workplace; that was very important to us,” Manish reflected. In the best interest of employees, Manish led the initiative to remote operation with Jolera Inc’s Pandemic Response Team.

Together, they identified four key aspects to protect their people and their business:

1. Keep everyone safe

2. Deliver on customer mandates

3. Ensure operational security

4. Build a stronger Jolera community

Once employees safely transitioned to remote operation, the company introduced rigours to maintain and further improve productivity. Manish reported, “Through daily active management, collaboration and transparency through better reporting, we saw a Jolera community bond even closer together and a total rise in productivity.

As government-mandated restrictions began to ease around the world, businesses once again were challenged to transition their operations and safely re-open their doors. Before building any plan to re-open, Manish’s main objective was to create a sense of normalcy for workers in the physical office. With this goal in mind, Manish teamed up with Jolera’s Pandemic Response Team to build and execute a re-opening plan.

“We kept it somewhat simple. If you look at the government of Ontario’s plan, there are multiple phases, and we just distilled it down to two phases. In Phase 1, we begin operating our offices with a limited number of staff per location. This was to test physical distancing and safe practices at work. We did not put a number or target into play, simply because it was an elective approach where employees chose to be part of that phase and wanted to join back in the office. Phase 2 is going to be about returning to a sense of normal in alignment with guidance from our government.”

– Manish Govindaraj


It was essential, to Manish, to source information from reliable government agencies when making decisions about opening the various offices across the globe. “Because we are so spread out and geographically dispersed, we had to factor in the diverse needs that existed based on where we were located geographically. The reality in Porto, Portugal, is very different from that of Toronto, Calgary or even Winnipeg.”


In addition to geographical diversities, local considerations unique to each building or operating site also had to be considered. Manish identified challenges associated with each operating site; “We needed to coordinate with building security and building management to ensure that our people could come in and start working.” Although prerequisites such as PPE, cleaning equipment and sanitization requirements were identified to ensure the offices were equipped to operate safely, individual employee considerations also needed to be accounted for.

“We made the decision not to include people who relied on public transit during Phase 1. Instead, we chose a subset of employees who would drive into work to limit their exposure to the public.”

– Manish Govindaraj

Taking all of these factors into account, Manish identified, “the most important thing was to start building confidence among our people that we’ve taken the right actions in order to re-open our offices in a limited capacity.” Open communication and reviewing the plan with department leaders gave staff a full debrief of all the considerations that had been factored into building an executable return to work plan. Physical distancing and other new behaviours at the office have since been adopted to ensure that people are kept safe.

“When COVID-19 started surfacing as a distant threat, there was a lot of media hype about what it was, what it could be and where things could be heading. The narrative was morphing every day. As a leadership team, we agreed that we would look to government agencies and sources from within the governments of where our offices are located to guide our decisions and actions. We’ve been monitoring all of those sources for direction on what we needed to do relative to every point in time throughout this crisis. Whether it was before we invoked our BCP and Pandemic Plan or as we continue to monitor our evolving coordinated return to work plan, one size does not fit all – we had to tailor our plans according to the information that we were getting from the different government agencies.”

– Manish Govindaraj

Manish credits Jolera’s readiness and resilience to the immensely talented and committed people within the organization.

“We had the comfort level going in [to remote operation] that our people can perform well remotely. We have a great team, and we have the right oversight and collaboration mechanisms in play. The team came together; they just fell right into the groove and delivered on their mandate. Overall, we are delivering on all the things that we need to deliver on, keeping both our customers and our teams satisfied.”

– Manish Govindaraj
Jolera Partner Interview Series: Insight Canada

Jolera Partner Interview Series: Insight Canada

By Paolo Del Nibletto

John Dathan, the senior vice president and general manager of Insight Canada, admitted that as the COVID-19 outbreak was occurring in China, he didn’t fathom at the time it would lead to a global lockdown and the rise of the remote worker. But as he and his team began to deal with this unique challenge, Dathan switched gears in their approach to the marketplace.

Dathan has been involved in the IT industry for over three decades, most recently as the vice president and general manager for Hewlett Packard Enterprise, Canada. He used this invaluable experience to guide his team at Insight Canada to serve customers as opposed to selling to them. Dathan got to work quickly to build a communication and marketing plan that would embrace Serve over Sell.

“Leaders have to be calm and collected to deliver the right intent. In my message to the team, I talked about Insight values of hunger, heart, harmony and of how. The operation has not changed, but we needed to go back to simple values. If you have that in place, people will make the right decisions. ‘Serve not Sell’ then becomes another layer to your value system,” he said. And, that is precisely what the Insight Canada team has done.

Recently, the Insight Canada team deployed an app for all teammates that remotely connects them to nurses and doctors. It has already paid some key dividends as the app was able to connect concerned parents of a newborn who was suddenly feeling sick to consult with the right doctor and nurse via open video chat. They were able to resolve the issue instead of risking the child going to the Emergency Room. The nurse then followed up with the parents the next day. This app provided peace of mind to the parents of this child, Dathan said.

The COVID-19 lockdown has led to many things, Dathan added. For one, he has spent more time in one place then he is ever had in his 30-year career. His desire to help the business community has gone to a new level, and he believes that the only way for the economy to rebound from this massive hit is by working together.

“To me, it’s interesting when people start to talk about ‘back to normal,’ and you need to put air-quotes when you say that. This is the new normal. Or it is going to become the new normal. People have been working from home for about 60 to 70 days now. The way video (conferencing) has played a role is fascinating. You can undoubtedly work wherever you are. The adoption of video in the last couple of months is the new norm. It has become truly collaborative with team huddles, social events and the ability to connect with people on a regular basis,” he said. He anticipates that traditional work hours of 9 to 5 or 8 to 4 will make way to a single stream of activity. “It’s going to be hard for someone to say ‘its 5 P.M.; I’m done for the day.'” On the flip say it will also be OK to inform co-workers and whomever you report to that you will not be available between 10 A.M. to 2 P.M., for example. Dathan believes there will be trust between staff and management and that companies will empower people to embrace this new working philosophy. “People are going to become comfortable with this, and there will be no more need to apologize because you have to take your kid to a pre-school ceremony,” Dathan added.

The COVID-19 pandemic has been challenging for Dathan, but he would not say it the biggest challenge he has faced during his career. That would be the decline of Nortel. “I found that to be personally harder. In many ways, this feels to be a positive (from an Insight Canada perspective as no one has contracted the virus in Canada.) This has been more of a rally with the team to work together to deal with issues and solve problems. To serve our clients while protecting our teammates. I would describe this as more complex, but not as more difficult.”

Jolera Partner Interview Series: COVID-19 ushers in a new norm, Cisco Canada’s Rola Dagher says

Jolera Partner Interview Series: COVID-19 ushers in a new norm, Cisco Canada’s Rola Dagher says

By Paolo Del Nibletto

If you think the current COVID-19 pandemic is a dire one for business and society, then you should walk a mile in Rola Dagher’s shoes. Dagher, the President of Cisco Canada, grew up in Lebanon and routinely dealt with life in a bomb shelter because of the 15-year civil war in that country.

Her perceptions of the current state of business under COVID-19 is that technology has never played a more critical role as the Internet and networks are keeping people connected, productive and secure. Technology has turned what could have been a dire situation into a watershed moment in how we work and what this means for Canadians.

“There is a silver lining here. While the world has paused, we can work from home, and we are truly blessed to have what we have. At Cisco, we were lucky enough to have the technology in place for remote work, which made our transition to remote work pretty seamless. It allowed us to focus on helping our employees, customers, partners and communities,” said Dagher. “We’re donating networking equipment to help hospitals, senior’s homes and other organizations in need manage through the pandemic. We also have free offers on our WebEx and Cisco security products to help business continuity.”

Next month will mark Dagher’s third year at the helm of Cisco Canada. And, while she has orchestrated many successful moves under her direction, the COVID-19 pandemic has brought about a unique challenge.

And Cisco has tried to meet this challenge head-on by donating more than $225 million in products and services worldwide. This corporate-led endeavour also includes a significant cash outlay on top of the products and services. Additionally, Cisco has encouraged all of its employees to give back to their local communities through Cisco’s matching contribution program or by virtually volunteering their time with Cisco’s community partners.

In Canada, Cisco has provided extended financing options for partners, provided a regular “Ask The Experts” webinars and offered flexible payment terms for small and commercial businesses. They also are ensuring Cisco Canada’s field personnel are protected at all times for any onsite work in cases where they are unable to do the service remotely.

Dagher points to Cisco’s leadership in remote work technology on its WebEx platform to enable people to not just work from home, but any other place too.

During the COVID-19 lockdown, WebEx handled 4.2 million meetings just one day alone. This is more than twice the average on a peak day before the pandemic. Cisco also hosted more than 20 billion meeting minutes in April. That’s up from March’s 14 billion minutes, which was also more than double the number from February. Dagher added that this does not include the many one-on-one WebEx sessions, just group meetings. In March, WebEx registered a record 324 million attendees, with usage more than doubling in the Americas. For comparison, WebEx meetings had 153 million attendees worldwide in January. “We believe at Cisco that work is something you do, not a place you go,” she said.

For Dagher, she wants to put some of her focus on the mental health aspect of COVID-19. “COVID-19 is a big, if not huge, wake up call for every single organization. This is a crisis, and it’s going to be about how you respond and recover,” she said. Her advice to customers and partners in Canada is to ensure employees are all safe, prioritizing their health, and that doesn’t just mean physically but mentally as well. From there, think about the technology solutions required to keep everyone connected safely and securely. “I also urge people to be patient and empathize because sometimes the technology will have glitches here and there. People can get frustrated, and they need to take a deep breath and support them,” she added. “This is the new norm. What we have been doing since mid-March will continue long after. This is a reality check for leaders in all organizations on the way we work today,” she said.

Dagher added that there will be a lot of thought put into if it’s worth a person’s time to commute to work each and every day. Or if operations can be run remotely and what would be the cost/benefit scenarios of a remote business model. Leaders will take a hard look at real estate costs, especially if they are situated in downtown areas of the country. And, finally, leaders will start to measure productivity levels for people who work at home.

“In times of crisis, I believe it brings out the best in humanity. I’ve always led with my heart, my mind and my soul. Today more than ever, we need to rise to the challenge of a lifetime. I lived a difficult life in the beginning, and it toughened me to be the servant leader I am today. I try to empower and inspire people and give them a strong sense of purpose. I encourage people to take care of their mental health. We all need our people to be strong and safe, especially in these types of situations,” said Dagher.

3 Ways to Secure Remote Workers for the Future

3 Ways to Secure Remote Workers for the Future

Many businesses have transitioned to a new operating model and are beginning to accept this new normal. With all the challenges facing our world today, one can assume that things will be different for a while. Organizations have begun to mobilize their workforce, and remote-work capabilities are becoming more flexible. Gone are the days when workers were tethered to a dedicated desktop and seated closely amongst their peers.

What does this mean for the security of organizations?

With an increased number of employees working off mobile devices such as laptops, tablets and mobile phones, users will often connect to unsecured networks to access work files. Without proper management of mobile devices, users are vulnerable to malicious attacks, and threat actors are ready to take advantage of this situation.

Here are three ways to help protect your remote workers and secure your organization’s data

1. Device Level Encryption

For many years, encryption has been a standard practice to help protect sensitive data from prying eyes. However, not all devices have device-level encryption settings turned on as a default. If you are an organization that is beholden to compliance, encryption helps to meet those requirements. With added endpoint security, you will have device management, centralized deployment, policy administration, and audit reporting capabilities for all devices associated with your network. This means that if a remote worker’s device becomes compromised, your company’s sensitive data will remain safe, and the infection will be isolated from the rest of your corporate network.

2. Managed Security

Security applications and devices, such as firewalls and Virtual Private Networks (VPNs), are an integral part of any layered security environment. Although these systems generally prevent unauthorized access to and from your network, the virtual alerts and threat identification that they provide usually remain unmonitored. To be effective, remote workers need to have confidence in their data protection systems when signing into their respective networks. Having 24/7 managed security affords your organization a more vigorous defence against potential threat actors. With Jolera’s layered managed security approach, your organization will have real-time alerting on threats filtered through our Security Information Event Management (SIEM) system. In addition to automated protection, live agents will analyze and remediate these threats through our Network Operations Centre (NOC) and Security Operations Centre (SOC).

3. Mobile Device Management

Mobile device management (MDM) enables organizations to ensure its remote workers’ data is always protected. The great thing about MDM is that it can integrate with services such as Office 365 and the Active Directory to control who has access and what they have access to within your network. MDM solutions also provide the ability to set rules and configure settings on personal devices to allow users to securely access company data and networks. MDM can deploy and authenticate apps on devices, both on-premises and remotely.

When deployed properly, MDM can increase the security of devices tenfold by pushing certificates to devices that are in the field, while preparing reports on these users and their devices for compliance purposes. It can also remotely wipe the device if it’s found that the device has been lost or stolen or deemed not in use by the organization.

Each of these security layers can help to protect sensitive data from breaches and threat actors. Managing a remote IT environment means that organizations require a 24/7/365 approach that includes monitoring, support, troubleshooting, maintenance, reporting and asset management for all end-user devices. The need for remote support and network security has become an essential part of business operations.

Threats of the Week – May 7, 2020

Threats of the Week – May 7, 2020

GoDaddy Hack

Customers of one of the largest domain name registrar company – GoDaddy – are being warned about an attack that took place last October. An intruder gained access to users’ login information of their hosting account. The attack was only discovered last April 23. GoDaddy proceeded to reset the passwords for all the 28,000 users affected by the attack.

Source: Threat Post

How do you protect yourself?

Your organization should enact a credential monitoring program to be alerted when important credentials leak onto the dark web. Services like Secure IT – User Defence continuously scans the dark web for credential leaks and also train end-users on best cybersecurity practices.

Nefilim Ransomware

Toll Group, an Australian transportation company said its systems had been targeted by a new form of ransomware called Nefilim. The company that operates across 50 countries, detected unusual activity on some of its servers, which led to delays to customers. The hackers behind Nefilim gain access through vulnerable Remote Desktop Protocol (RDP) servers, like other types of ransomware, namely Nemty, Crysis and SamSam.

Source: Threat Post

How do you protect yourself?

Attacks via Remote Desktop Protocol servers are widespread these days. In order to prevent them, organizations should enable 24/7 monitoring and remediation solutions. Services like Endpoint Protection and SIEM (Security Information & Event Management) help avoid or at least isolate these attacks from spreading.

Cisco WebEx Phishing

A series of phishing attacks are targeting Cisco WebEx users by using fake certificate error warnings. These phishing emails include graphics and formatting similar to communications sent by Cisco WebEx to users. Users are requested to click on a hyperlink to unlock their accounts and are then redirected to a phishing credential site.

Source: Bleeping Computer

How do you protect yourself?

Users should be cautious whenever clicking links suggesting they need to unlock their accounts. Services like Secure IT – Mail help scan the links within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.

Jolera Partner Interview Series – MicroAge Canada President Proud IT Deemed an Essential Service

Jolera Partner Interview Series – MicroAge Canada President Proud IT Deemed an Essential Service

By Paolo Del Nibletto

Phil Palmieri, the President of MicroAge Canada, has been involved in the IT industry since 1984. If you think back to 1984, the IT industry saw for the first-time flash memory, a chip that could store 1MB and, of course, the introduction of the Apple Macintosh computer. So, you can say Palmieri has seen a lot during his career in IT. But nothing can compare to what the IT marketplace is going through right now with COVID-19.

According to Palmieri, this is the most challenging time the industry has ever faced. MicroAge Canada, with some forethought in its business continuity planning program, is weathering the COVID-19 disruption well. The vast majority of his staff is working remotely except for a small crew in its Laval, Que., headquarters, which includes Palmieri.

“There are a couple of ways to look at this situation: you can hide under your desk and wait for it to pass or be proactive and look for opportunities and ways to help customers remotely,” he said.

MicroAge Canada chose to do the later and took an active approach in communicating with all their clients to see how they could keep them operational. While MicroAge Canada vigilantly worked to keep its clients going, the company was inundated with inquiries from customers and prospects on issues of security and remote access.

“Call volumes increased five times over normal, and some people were even panicking,” he said.

Palmieri’s team dealt with requests such as how to work remotely, how to work from home securely, how to get the most out of Office 365, how to use Teams for better collaboration and video calls, mobile device management, and back up and data recovery.

If there is any benefit that will come out of this historical time, it’s the value of managed services and IT solution providers. “Our value, as managed services providers, just went up as people start to realize how important we are to the business. Before, you would get the thought that IT was just another department. Not anymore. IT is what makes business roll, and I’m proud of the systems, solutions and processes we deliver. IT is no longer a requirement but a necessity. Without it, a business doesn’t work well,” Palmieri said.

During the COVID-19 lockdown, Palmieri and his team have received numerous messages and calls of thanks and appreciation from customers

Palmieri’s challenges go well beyond just dealing with customers. MicroAge Canada is a network of more than 35 independently owned and operated solution providers across Canada. So, Palmieri just doesn’t have to worry about the Laval operation but all of the other locations as well.

During this time, Palmieri has brought in weekly touchpoints with each location and their field teams. “The network is fine, and I’m very proud of all these people. They have been around a long time, and this group has invested in their businesses, and they know how to sustain themselves during tough times.”

Palmieri believes there is a good lesson to learn from all this. He hopes that after society gets a handle on the COVID-19 pandemic and everything gets back to a newer normal, everyone will see the value in IT providers and not take them for granted. “This community is not a nice to have; it’s an essential service and a must for business.”

You can learn more about MicroAge Canada on their website MicroAge.ca

Threats of the Week – May 7, 2020

Threats of the Week – April 29, 2020

Microsoft Teams GIF Vulnerability

A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.

Source: Info Security

How do you protect yourself?

Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.

PhantomLance

A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.

Source: ZD Net

How do you protect yourself?

Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.

Critical Adobe Illustrator, Bridge and Magento Flaws

Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.

Source: The Hacker News

How do you protect yourself?

Users need to update to the latest version of the software.

6 Tips to Return to Work Safely

6 Tips to Return to Work Safely

The curve may not be flat, but at many levels of government both in Canada and around the world, discussions about restarting the economy and reopening businesses are beginning. Strategies are starting to develop that will see people eventually get back to the office, stores, factories and other workplace locations they are used to going to for work.

As the new guidelines are developing, expect to see social or physical distancing and other forms of protective measures becoming a significant part of any get-back-to-work program.

What will these types of programs look like for organizations?

How can an individual who has spent the better part of March and all of April indoors begin to ready themselves for a return? Some clues can be found in the way other countries are dealing with the aftermath of COVID-19 lockdown.

Austria

In Austria, the aim was to start small and build from there. The European country only had small shops of 400 square meters open at first. These openings were under guard for security. Masks were mandated in these shops and on public transport. If the Austrian restart went well, then the country would look to open hotels, shopping malls and restaurants in two weeks.

Denmark

Meanwhile, in Denmark, that country embarked on a more conservative staggered approach. What they wanted to do was avoid overcrowding in public areas and on public transit. The staggered approach also means people will be going back to work slowly and in different sections of the economy. Again, this is to avoid any mass gatherings.

Ontario, Canada

The province of Ontario recently released its guide called “A Framework for Reopening the Province.” In this guide, the Government of Ontario’s goals are slightly different than those of Austria and Denmark. The Government of Ontario framework has the same overall priority, which is to protect the health and well-being of all its citizens. Ontario will have a focus on supporting healthcare workers, essential workers and businesses who have been working throughout the lockdown. Ontario will also have a staggered reopening approach, which will have three phases and between a two-to-four week evaluation period for each. You can read more about Ontario’s plan to reopen the province by clicking here.

Here are some tips to get yourself ready

1. Self-diagnose

Physically going back to work should start with you. Do your self-assessment to see if you are well enough to venture back to the office, shop or factory floor. If you are sick or not at 100 percent, inform your manager or company human resources professional and stay at home. Chances are you have not been tested for the Coronavirus. And, more than likely do not have the virus, but coming in with the sniffles will not lead to co-worker confidence in that the workplace is safe. Do your self-check, and don’t take any chances.

2. Spacious and clean work areas

Social distancing will continue in the workplace. Expect to be two metres or six feet from the next person. This will impact the lunchrooms and company lounges across the country. Don’t be surprised if they are closed off entirely. Expect to get staggered lunchtimes for employees and capacity levels, similar to what supermarkets are doing today. If you are in operations, it might be a good idea to review the current floor plan. Also, don’t be surprised to see shift cycles of being at home and work in workplaces with limited space. This means you might be working in the office on Monday but at home Tuesday. And, you will be asked to clean your area before you leave for the day thoroughly. And, if you keep a photo of your kids at your workstation, you may be asked to remove it. Overall work environment cleaning will increase dramatically and may occur during the workday.

3. Call ahead in-person meetings

Many great ideas got started around the water-cooler. Water cooler collaboration will not return immediately. And, the water-cooler may not even be available when you return. At least not right away. If you have a thought that you want to share with a co-worker, you’ll be asked to give that person a heads up electronically either via email or some other collaboration app before you walk over to that other person’s work area to brainstorm if allowed at all.

4. Workplace shifts

Government-imposed mandates on limiting the number of people in groups will have its place in any return to work policy. Get ready to have more Teams, Zoom, and WebEx sessions, while you are at the office. Do not be alarmed if your favourite co-worker is not at work when you arrive. There might be a return to work order where you will be placed in a shift. There will be several situations that arise where an individual will feel unsure of themselves returning to work after the COVID-19 restrictions are lifted. Employers will have very little choice but to accommodate them, especially early on.

5. Conference room capacity

Meeting rooms will have capacity limits. Those limits will be posted on the door. You may be asked to join a meeting inside your own office via a Teams, Zoom or WebEx session. If you do use the room, you will be asked to clean the room and wipe it down immediately afterwards. This will pose a unique challenge to in-person meetings with guests, and you may need to co-ordinate more online sessions. What could lead to an awkward situation is having guests go through a temperature scanner before they enter the boardroom. If your company or organization currently does not have any video conference technology, you may have to invest in a solution to have the use of meeting rooms.

6. Proper hand hygiene

Don’t be surprised to see several hand sanitization stations throughout your workplace, especially at entrances. Also, your organization will ask you to sanitize your hands before entering any area of the office, factory floor or retail space. Currently, people are wearing gloves to go to the supermarket. Gloves may not be appropriate for your working environment, but you can envision a situation where you may have to ask patrons or guests of your workplace to sanitize their hands before entering.

As you prepare yourself for a physical return to your previous workplace, do not expect the old norm, we’ll have to adjust to a new norm. As with all these decisions, organizations must take, they must be cautious and well thought out to protect the health and safety of their employees. Here at Jolera, we’re here to help with any concerns about organizing your company’s return to work. You can contact us anytime, and we hope you are staying safe and healthy.

Threats of the Week – May 7, 2020

Threats of the Week – April 22, 2020

RagnarLocker

The RagnarLocker ransomware targeted Portuguese multinational energy giant EDP. More than 10TB of sensitive files have been stolen. Attackers are now asking for $10.9M to prevent stolen information from being leaked and are threatening to notify customers, partners and competitors. In addition to the files that have since been released, the attackers have also included an edpradmin2.kdb file – a KeePass password manager database.

Source: Bleeping Computer

How do you protect yourself?

To protect yourself from Ransomware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.

CVE-2020-0760

A vulnerability was identified when Microsoft Office loads arbitrary type libraries. This vulnerability allows the installation of programs, in addition to viewing, modifying and deleting data, as well as the creation of new accounts with full permission by malicious agents. For attackers to be able to exploit this vulnerability, the user must open an Office document, created especially for this purpose.

Source: Microsoft

How do you protect yourself?

Updates of Microsoft Office products now address the vulnerability by correcting how Office handles type libraries.

Trickbot

The Coronavirus crisis is being widely exploited by hackers to deceive users. The crew responsible for Trickbot are no exception. They sent hundreds of emails related to alerts and tests about COVID-19, containing malicious documents that install Trickbot Malware. Computers are infected with keyloggers, trojans and ransomware.

Source: ZD Net

To protect yourself from malware, you should first ensure your mail environment is protected to prevent any possible breach and then also protect your endpoints with services like Secure IT – Endpoint.