Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Google Doc ban at Oxford insufficient protection

Varonis Systems : 25 February, 2013  (Technical Article)
Varonis comments on Oxford Uni phishing attack, saying that more protection required against attacks that use trusted services
Google Doc ban at Oxford insufficient protection

Commenting on Oxford University’s decision to ban Google Docs following a phishing attack against the service, Varonis Systems warns it will take more than a single ban to ensure the organisation is protected from increasing attacks that make use of trusted services like Google.

David Gibson, VP of Strategy with the data governance specialist, says people are much more likely to fall victim to email-based phishing scams when the attacks are staged on a platform that people inherently trust. In the case of Oxford University, users saw a familiar and friendly-looking Google Docs form and falsely assumed it was legitimate and secure. Google Docs in particular has become a prime target for advanced cybercriminals as it is not only highly trusted, but also very easy to set up without much verification of your actual identity.

“Google docs and other public cloud file sharing services have proven to be very convenient for end users—it’s unfortunate that they are now proving to be convenient for cybercriminals and phishing attacks. As so many are dependent on digital collaboration it’s not surprising that the block on Google docs turned out to be temporary, despite the “severe consequences” for the university mentioned by Robin Stevens[1], ” said Gibson.

The good news, he said, is that IT professionals – and their managers – can help reduce their exposure to phishing with a few simple steps:

1 Educate users about the risks of phishing attacks. With some awareness, employees will become more alert when they receive links in their email, or are asked to submit login credentials or Personal Identifiable Information (PII) via an external site (like a Google form) rather than a site hosted on the organisation’s own domain. (The University’s temporary ban on Google docs probably served to raise awareness more than they anticipated).

2 Use company-wide SSL for all web services. Purchase an Extended Validation Certificate, which gives users an added visual cue in their browser, telling them they’re visiting a site that is run by your organisation.

3 Publish a policy that describes the circumstances under which employees might be asked for personal information, along with the types of information that will and will not be collected (e.g., “We will never, ever ask r your social security number”).  This will give users something to reference when they’re unsure.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo