Cyber 3-2-1: Top 10 signs that they’re just not into you, lying on your insurance application form, and a new and just-as-insecure Microsoft Teams

Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: Top 10 signs that your IT partner is just not into you, why your insurance policy may increase the likelihood of a cyber attack, and new Microsoft Teams but same old security risks.

3 – New Microsoft Teams. Same old security risks.

“A new Microsoft Teams application, faster and completely redesigned, is [now] available for all Windows and macOS users.”

This is according to a recent article on Bleeping Computer. Apparently, the new Teams app is much faster and prettier than the (~~crappier)~~ current version. You may recall that Teams became popular during the Covid epidemic when it was released for free by Microsoft (~~to wipe out upstarts like Zoom)~~ to support people who were forced to skip their daily commute and (~~endure)~~ spend quality time with their family.

So what? Email is so yesterday. Teams is where the new kids hang out. And it’s also where cyber attackers can communicate with your staff without any of your pesky security gateways getting in the way. You can configure Teams to prevent outsiders initiating contact with your staff, but why would anyone want to change Microsoft’s default? After all, Microsoft always has your best interests at heart (~~unless you work for Zoom)~~.

2 – Top 10 signs that they’re just not into you.

“Reduce, restrict, audit, and monitor administrative accounts and privileges, [..] Update regularly and automate patching, [enforce MFA] for privileged users and [make] MFA a default rather than opt-in feature.”

These are just some of tips from the US National Security Agency (NSA) and Cybsersecurity and Infrastructure Security Agency (CISA), who have just released their Top 10 Cybersecurity Misconfigurations.

So what? A better headline would be “The Top 10 ways to attract your ideal cyber attacker”. Or “The 10 signs that your [IT] partner is just not into [securing] you”.

1 – Could lying on your insurance application form be justifiable?

“The amount of private, corporate data that appears on an insurance application could be a bonanza to cyber attackers”.

This is according to a recent article on Dark Reading, which discusses why insurance companies are high value targets for cyber attackers. Insurance companies have plenty of (~~money~~) reserves and plenty of sensitive personal data about individuals. They also have lots of information about the security configuration of their insured business clients because this is gathered as part of the insurance application process. A cyber criminal’s job would be sooo much easier if they got their hands on this information.

So what? Maybe it’s not such a bad thing that you included all those half-truths in your insurance application form.

100% use of MFA? Absolutely!
Offsite and untouchable backups? 100%!
Regularly updated and tested Incident Response Plan? Bien sûr*!

* Come on Ireland!