Archive 27/02/2020

Security, LinkedIn, Enable Two-Step Verification and FaceID

#Security  #LinkedIn turn on #2FA its really straight forward and I would suggest it’s a “must” to protect yourself/ LinkedIn account. Rather than recreate the wheel, I found this useful link where someone had done the hard work of explaining the how to enable 2FA. The setup / enable process should take less than 1-2minutes to complete. https://www.howtogeek.com/448273/how-to-turn-on-two-factor-authentication-for-linkedin/amp/

Example shown below where the options are set:

  1. Two-Step verification option to enable


If your concerned about loosing your phone, enable additional security for the FaceID when opening the LinkedIn app. If FaceID is already setup on the phone, just enable it in settings.

  1. App Lock using FaceID option to enable



#cyberattack
#cybercrime
#infosec
#cybersecurity
#informationsecurity
#cloudsecurity
#datasecurity
#mfa

Account Hack / Phishing Email Alert / #IR35

Be careful, if an email account has been compromised, you might receive a genuine looking email which will pass through your spam filter. As an example, I have just received an email from “FirstName.LastName@”Domain Name Remove”.co.uk”. This was confirmed with a quick phone call to the company where I was informed the account had been hacked and I should delete the spam email. This post is just to raise awareness. The companies name is covered intentionally, as is their website.

Some basic warning signs were there:

  • No branding
  • No reference or invoice number
  • Somewhere to click.

Some more interesting features are:

  • The link – Simply hover over the PDF link to reveal that well known domain “1drv.ms”. A OneDrive shared link, in theory a trusted source, but why not just attach a PDF if the mail is genuine?

  • The email domain was linked to a genuine company @”Domain Name Removed”.co.uk – this genuine victim being used as a cover.

    The target was obviously selected based on a hot topic in the media they deal with.

  • And the different no_reply@accountpayable.com domain you can purchase was a nice discovery.

WVD – Windows Virtual Desktop – Admin Tasks, Tips and Useful Blogs

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems

Social Media Tactics

Some note of social media tactics

  • When writing blogs or posts on social media always include Keywords – Make sure you post has keywords on the topic
  • Do social media posts have a value? Yes
  • Do you make email lists? Have you tried use email marketing? Have a look at https://mailchimp.com/
  • Know your audience

Digital Reputation..

  • People highly rate referrals
  • Consumer opinions. Google rating?
  • LinkedIn recommendations
  • Tip of the day : on a google business URL , add comma 5 … populates 5 star    ,5

Marketing Materials