Hi, I'm John Tolbert from co or Cole today. I just wanted to talk to you for a few minutes about the cybersecurity situation. With regard to the pandemic crisis, we came up with a list of five recommendations that we think are important for enterprises, especially to consider. During this time, we know that the, the cybersecurity risks are elevated as a result of the crisis. And we thought we'd give you a few things to think about recommendation. Number one is used multifactor authentication, wherever it's possible. The good news is it's available in many platforms already, whether it's a native, Microsoft authentication or some of the other platforms like Google, it's also possible to tie in mobile device authentication and use things like fingerprint touch ID, face ID in conjunction with other systems, thanks to things like Fido and the fi oh two web authentication protocol. That's a quick and easy way to make multifactor authentication available because passwords, as you know, are, are bad.
It's the easy way for the malicious actors to get into systems. And it's much better. It can be a much better user experience as well, just to turn on multifactor authentication, wherever possible. Secondly, we recommend of course, endpoint protection it's man, it should be mandatory everywhere for any user device, whether it's a desktop laptop or even mobile device these days. And again, in many cases, some protections are built in as in the case of let's say Microsoft windows. So you can make sure and, and perhaps illustrate to your users how to make sure that Microsoft windows defender ATP is on and active. We know that users home users especially are being targeted at this time. And it would be a great way to protect them, to make sure that they've got these endpoint anti malware systems engaged and active and updated patch management patch management of course has been important for many years now, but we know from recent reports that public facing applications, the companies may be hosting and especially things like VPN are really, really under attack. Right now. Malicious actors are taking advantage of the situation that they know lots of people who may not be used to working from home or working from home. So those VPNs are under attack. They need to be patched and maintained properly. Same thing with endpoints, it's better to turn on automated patch management.
In years, past companies may have preferred to do a little in-house testing before releasing a patch into the wild. But these days we feel like that's a riskier proposition than turning on automated patching. There are, are fewer risks associated with application compatibility. Then there would be with the, the sometimes giant risks of leaving machines, unpatched security trading now would be a really good time to remind users, especially about the dangerous fishing. Make sure that they're aware of what fishing emails look like. Don't click anything suspicious because we, we know we've seen in the reports just in the last few weeks of about 5,000 new domains related to coronavirus being created about 8% of which are either suspicious or malicious. So it would be advantageous to warn them not to click on things even about the coronavirus situation. There are cases where malicious payloads have been included into PDFs or behind links that look like they come from official sources, but they're not so even short targeted video or illustrated graphics about how to avoid especially fishing, but any other particular security, risks and policies your company might have then lastly, data protection.
It's likely that many users are tempted at least to send sensitive information outside your environmental controls, whether that be on a USB stick or by forwarding something to their personal email that they may work on on a device. That's not under your control as well as an enterprise. So if possible, it would be great to use things like data, leakage prevention, DLP tools, if you don't have that, but you need, you can quickly set up collaboration sites with some of the popular cloud SaaS service. And that would also afford you the opportunity perhaps to turn on MFA for that and do fine grained access control, and then really limit who's got access to the information that you're sharing out there. And then if you are using cloud services now would be a good time to think about CASBY as well. Cloud access security brokers they're designed to sort of detect and then monitor and be able to actually apply your enterprise security policies on a lot of the popular cloud services that are out there today. So thanks again for watching and take care.
