The Paubox Zoom social mixer for November 2023 was a roundtable discussion in which Paubox customers, old and new, discussed the latest ransomware threats, mitigating phishing attacks with ExecProtect and physical security tips.
What's happening: Paubox Zoom social mixers allow our customers and prospects to network and learn new trends.
Why it matters: The theme of this month's mixer was cybersecurity. Healthcare professionals across the country discussed the latest cyberattack on the Lovelace Health System, thoughts on how to train employees to spot phishing attacks, and new risks like quishing and OM.G cables.
As in previous social mixers, the conversation revolved around Paubox Data Loss Prevention and effective ways to leverage the various Paubox ExecProtect settings to mitigate phishing scams.
Our takeaways:
- Lovelace Health System in Albuquerque got hit with a severe ransomware attack that forced their hospitals to divert patients and suspend services.
- Hospitals in smaller cities and towns, as well as rural medical facilities, are increasingly targeted by hackers.
- When locked out of patient records, some hospitals have had to switch to paper during the attacks.
- The attack surface is getting wider and broader with more and more internet-facing devices (Alexa, smart refrigerators, printers, Philips lightbulbs, etc.)
- OM.G cable can execute code on a phone when plugged in. It could be used for a targeted attack, perhaps by leaving it at a hospital workstation.
- Some have turned off Google Drive sync to minimize risk.
- If a USB drive is suspected of being compromised, it should be destroyed.
- Some are switching from Windows devices and moving to ChromeOS.
- Use Paubox Storage for large files - it's available to anyone with dashboard access.
- Customers love the new Paubox HIPAA compliant forms.
- Quishing is becoming more and more common.
- When it comes to training, customers use Gophish. One Paubox customer sets up a corporate-wide phishing attack during the holidays to test and train employees.
- ExecProtect is highly recommended by Paubox customers, with one customer saying it cut down on spam and phishing emails by 90%.
- Use inbound DLP to block emails with the key phrase "giftcard."
- Everyone's running training programs every two or three months. Everyone agrees they want to do more employee training.
- Physical security matters: One of the most significant data breaches a customer ever saw was an in-person cleaning crew stealing laptops.
- Monitor what's installed on laptops with Screenconnect.
- People shared stories of tracking stolen and lost devices to rivers, China, Brazil, and a grandson's high school.
- Signal is the encrypted texting and calling app of choice.
- Looking forward to 2024:
- A few organizations are switching to Fortinet for network switches.
- Some are moving to Azure in 2024 - others already made the move and recommend it.
- Everyone's waiting for regulations to catch up to technology.
The bottom line: Paubox customers use a broad range of tools and strategies to keep their email HIPAA compliant, protect their organizations, and find efficiencies.
See also: Our playbook for Zoom social mixers
See also: HIPAA Compliant Email: The Definitive Guide