Search
  • Dave Kennedy

Come on a little security concern journey with me. This isn’t very technical. If you use email for business on a basic level, please come along for the ride. It will be useful and may help guide security decisions and bring some perspective to several common risks.

Your website includes a"Meet Us" section introducing members of staff, giving job title, email addresses and direct telephone numbers. A nefarious party might learn contact details useful for Spear Phishing.


Phishing might be the attack approach that is used. It may be via email, or telephone. Often finance related staff are the most common targets. However the information available may allow the process to go further, an attacker may lookup your website address / domain name and determine information about your email service.


A DNS MX Lookup performed against the domain name is easy to perform via one of many tools (eg https://mxtoolbox.com) and will often show the platform directly used by your organisation for email (such as GSuite or Microsoft365).


If Multi Factor Authentication (MFA) has not been employed, in many cases the only information now needed to access an account is the password? How strong are your passwords? How likely are your staff to fall for a Phishing attack?


If an account is being compromised via password attempts, its not a person sitting typing. Its software making attempts from a list of the thousands of most common. Check with HaveIBeenPwnd to see how common your password is. https://haveibeenpwned.com/Passwords


Once access has been gained to a mailbox most commonly the attacker will add rules to harvest a copy of new email or establish a means of easily monitoring and spy on mail to allow them to insert themselves in an email conversation.


Ways to address this very common concern: * Multi Factor Authentication * Don’t use common or easy to guess passwords * Be vigilant about vetting email * Try and avoid making staff contact details too public.

  • Dave Kennedy

Have you considered how #coronavirus might impact you, your #business or your customers. Are you in a position to have staff work from home? Have you thought how to plan for it. Heres a few quick thoughts...





Get informed. Look at your IT Systems establish the remote working options you have in place, which are staff using and how they are using them. Use Microsoft Forms in Office 365 (https://forms.office.com/) as a quick way to query staff, get a summary of the position.


Make sure staff are equipped suitably to work from home. If that means laptops. Pick a brand you know is reliable and can be serviced with an onsite warranty. Brands like Lenovo ThinkPad & ThinkBook are my go to for reliability.


Communication is critical:

Do staff need to connect into the office? Is your Infrastructure secure and capable of handling the resource required? Do Staff have tools allowing them to maintain their usual communication channels?

  • VPN services can usually be enabled quite easily but its important to make sure the device and internet connection is capable of handling the number of remote connections.

  • If staff work a great deal from telephones within the office, consider looking a Softphone option to replace desk phones. Great options are available from companies such as Counterpath (https://www.counterpath.com/).

  • Communication is critical: When staff work remotely its important to keep in touch with them frequently, make it as easy as possible to keep in touch. Telephones are great but an instant messaging medium such as Microsoft Teams is a very efficient (https://products.office.com/en-ca/microsoft-teams/group-chat-software).


This post isn't aimed to be alarmist, just promote consideration of being prepared. If you don't directly manage your IT, speak to your IT Department or your IT Service provider for advice on possible contingency plans for remote work.


  • Dave Kennedy

To trust or not to trust

Tech news abounds right now with information about NordVPN being compromised.

TechCrunch Article

* https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

Register Article

* https://www.theregister.co.uk/2019/10/21/nordvpn_security_issue/

NordVPN Official Response

* https://nordvpn.com/blog/official-response-datacenter-breach/


Lets start with the some critical points.

  • This incident occurred in March 2018

  • Impacted systems were compromised for around 2 months

  • Breach is now closed

  • It is unlikely specific personal information for users was accessed.

  • Network Snooping and content that could have facilitated man in the middle attacks could have been taken.


The point of compromise in this incident was a poorly secured server management interfaces. These common hardware interfaces (Such as iDRAC & iLO) are built in to most major brands of servers today.


My concern is not so much about the breach itself but more the way in which NordVPN have addressed the situation.

  • The speed of response concerns me. It should not take months to secure the internet connections used by these servers or the servers themselves. To me it suggests a weakness in their infrastructure planning for resilience and security.

  • It does not feel like they would have had the transparency to self-report this issue had they not been forced to.

  • Rather than taking ownership of a lapse or failure their comments feel like they are pushing blame onto the server hosting company.

  • If these were new servers which had this security hole it indicates little proactive penetration testing, for a security product / service doesn't sit well with me.

From my perception the failures of Customer Service, PR, Planning, Incident Management, and Testing are greater than that of the compromise itself. I won't be recommending NordVPN until I feel they have shown a proactive effort to be ready to address such situations in the future.