Microsoft System-Preferred Multifactor Authentication

 

Microsoft have announced the commercial release/general availability of system-preferred multifactor authentication (MFA).

System-preferred multifactor authentication (MFA) prompts users to sign in by using the most secure method they registered. For example, if a user registered both SMS and Microsoft Authenticator push notifications as methods for MFA, system-preferred MFA prompts the user to sign in by using the more secure push notification method. The user can still choose to sign in by using another method, but they’re first prompted to try the most secure method they registered.

A new number-matching feature will be become the default for all organizations using Microsoft Authenticator prompting users to confirm a number before approval to sign in.

This feature is a safeguard against accidental/blind approvals by users, as well as MFA fatigue attacks. This is a known tactic by attackers after they’ve obtained a user’s password. The attackers are still blocked by the secondary authentication method, so they just send second-factor authentication approval requests repeatedly to the victim until one of them gets used. The number-matching security feature somewhat defeats MFA fatigue attacks by making the end user explicitly enter a two-digit number to approve the access request.

Another safeguard offered on the Microsoft Authenticator app is the additional context feature. With this enabled, the app requesting the sign-in credentials as well as the location of the requester is identified.

For further information on this feature please click here.

Business Continuity Plan – COVID-19 Notice (Last updated 28/03/2020)

** Last updated 11:02, 28/03/2020

Stay Safe from Fraudsters

We have had various clients report examples of malicious emails regarding the COVID-19 outbreak. Now more than ever it is important to remain vigilant of any telephone call or email you receive asking you to divulge any personal or security information. Particularly with the increased use of home working on personal devices that may not have the same security in place as corporate IT systems.

Please be especially alert at this time. Check out these tips from Google to help protect yourself from fraudsters!

Service Continuity

Following current global events we have put processes in place to ensure our help-desk, commercial and technical personnel are able to operate from home, with immediate notice. Our remote workers have access to all core systems meaning there should be no impact to our service delivery. Scheduled onsite service visits may be impacted but we are continually reviewing this on a case-by-case basis following Government guidelines and will be contacting affected clients in due course. Our core business systems including e-mail, helpdesk/backoffice and telecom systems are all resilient systems designed to be deployed and accessed from any remote location to facilitate continued service delivery.

Where we need to schedule customer meetings or client discussion our policy until further notice we will be to conduct these by telephone or by using collaboration tools such as Microsoft Teams.

IT Support

Demand for IT support and remote working solutions from our existing client base has been exceptionally high. In order to facilitate continued service and support, we would ask that should you require assistance clients follow the below process:

Log all requests by email to support@boxportable.com or log a ticket via our website https://www.boxportable.com/support-request/. There is no requirement to copy in individual support contacts / account contacts to these emails or send duplicate requests as this will delay a response. Your request will be reviewed and prioritised based on severity and SLA entitlement – we are working hard to ensure all service level agreements are met for contracted clients.

We will continue to operate telephone support during normal business hours – but would ask that you restrict this to business-critical incidents to allow us to operate an efficient call back service. You can reach us on our normal office number – 01224 54 54 54.

Please note we understand fully this is a difficult/stressful time for both employers and employees and we are working hard to ensure business continuity and support for all our clients. We continue to adopt a zero-tolerance policy towards employee harassment/verbal abuse and as such reserve the right to decline support/terminate any call during should any personnel be subjected to this.

We will continue to operate during our normal business hours Monday to Friday 08.30 -17.30. Should this need to change – advance notice will be posted online and advised in writing to our clients.

Preventative Measures

All staff have been advised to adhere to best practice guidelines for minimising the transmission of infectious diseases in the workplace as well as being reminded of their responsibilities including notifying management should they display any signs of Coronavirus symptoms – upon which we will implement a period of enforced self-isolation/remote working.  Those staff members in the ‘at-risk’ category are now already operating in self isolation working remotely. We have also advised staff to avoid close contact with both clients and co-workers as well as avoiding handshakes or physical contact.

Client Obligations

You must inform us immediately if any of your staff show symptoms or test positive for COVID-19. We commit to communicate the same to any client that has come into contact with a staff member who is later diagnosed with COVID-19.

Remote Working Solutions

Following the latest UK Government advice regarding Coronavirus (COVID-19) all key workers are strongly urged to stay and home and avoid travel unless absolutely necessary. We can provide a number of home working solutions to facilitate continued access to your IT systems. Please contact us to discuss and plan your requirement.

IT Hardware Availability

We have a small amount of stock available for immediate dispatch – consisting of notebook / laptop computers as well as ‘all-in-one’ workstation PCs available ready for immediate setup and deployment. Please contact us for updated availability, specifications and pricing.

DocuSign Spoof Emails – detect and prevent secure document phishing attacks

DocuSign have admitted they were the victim of a data breach that has led to massive phishing attacks using the compromised DocuSign user data. Secure document phishing attacks are some of the latest in client endpoint exploits that to the unsuspecting user can have serious repercussions. This latest hack resulted in a 3rd party gaining unauthorised access to a list of email addresses stored on an unsecured DocuSign platform – other than this no private user account data was accessed, however this has resulted in a significant volume of ‘spoof’ DocuSign emails being sent to these users in an attempt to trick recipients into opening an attached Word or PDF document that, when clicked, installs malicious software.

The attackers hit a “non-core system that allows us to communicate service-related announcements to users via email”, the company said in a blog post on the incident.

DocuSign have released the following helpful guidance:

What should I do if I receive a suspicious email?

First and foremost, if you don’t recognise the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code.

If you think that you have received a fraudulent email, please forward the email to spam@docusign.com, then delete the email.

Please check out the DocuSign Trust Center for the most up-to-date information about personal security and review our whitepaper on phishing.

If there is a security code…

  • Access your documents directly from www.docusign.com, click Access Documents then enter the unique security code.

If there is NO security code…

  • DO NOT click on links or open attachments within the email. This is not a valid DocuSign email and it should be sent to our security team immediately at spam@docusign.com

IMPORTANT: If you did click on a link and provided your DocuSign credentials, please be sure to change your password immediately to ensure the security of your account.

Please update and run antivirus immediately to ensure the security of your system or contact your IT support provider for immediate assistance.

Draytek Security Notification – DNS Web Interface Attacks

Users of Draytek routers are vulnerable to a Zero-Day attack unless updating to the latest firmware release which addresses the security flaw. DrayTek announced that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.

Clients using Draytek routers should get in contact to arrange firmware updates on their equipment – clients on our managed IT service contracts have already had these firmware updates applied and need take no further actions.

Further information can be found at www.draytek.co.uk