Cybersecurity in Remote Work Environments

Multi-Layer Defence in Depth #SecurityArchitecture   #DataSecurity Customer Data Isolation: -A virtualized ABAP Application Server is provisioned for each customer tenant -Application isolation is enabled via “Security Group” -The “Security Group” allows communication between different application instances that belongs to one tenant. -Tenant “Security group” allows system communication between Q and P system of the same customer as shown in Figure 2 – #SAP S/4HANA Landscape #CloudArchitecture -At the network level, security group prevents communication between tenants. The network traffic rules are defined using on source, destination, protocol, and ports -Each SAP S/4HANA cloud tenant has their own tenant-database. It is part of overall SAP HANA Systems.   #DataEncryption: -SAP S/4HANA Cloud encrypts “data-at-rest” and “data-in-transit” -End-to-end encryption is applied for “data-in-transit” -“Data-at-rest” encryption covers database, central and local file systems, and storage backups. -The cryptographic keys are managed securely via Key Management Systems (KMS) by SAP cloud operations teams -“Segregation of Duties” guideline is applied for KMS.   #ApplicationSecurity -Secure Software Development Lifecycle (SSDLC) methodology is followed for the development of SAP S/4HANA application -The product development considers security and data protection & privacy requirements. This is embedded at the start of the development process. -The development team performs extensive risk assessment and threat modelling, design, and test effectiveness of the security controls which includes performing code scans, penetration tests, security tests – SAST & DAST and independent security assessments. More details on SAP SSDLC can be found here. -Customer access SAP S/4HANA Cloud via Internet using HTTPS (port 443). The HTTPS traffic is terminated on the Web Dispatcher cluster. -Customer access is enabled via central load balancer and using shared web dispatcher. There are separate Load Balancer Endpoints for UI end point by business user and an endpoint used for system-to-system communications. -Customer can access Application Security Audit Logs.   #NetworkSecurity -A trust boundary separates network into zones and each zone into segments. -The security control is implemented into each zone based on the exposure of the systems to Internet/Intranet and is based on the classification of data handled by the systems in the zones. -Virtual Private Cloud (VPC) is created for Systems, Admin, Backup. The system VPC is implemented to host the tenants of SAP S/4HANA cloud which spans availability zones. The secure central administration network segment host central cloud lifecycle management tools     Source: SAP Blog   #TransformPartner – Your #DigitalTransformation Consultancy  

My EasyDMARC team encountered multiple cases where Microsoft tenants received spoofing emails from their own domain to their own domain, even with DMARC set to p=reject. Microsoft now enforces DMARC reject in EOP. - Older tenants may still have Anti-Phishing policies that were never updated and must be reviewed: https://lnkd.in/dV7S6hS - Newer tenants have the correct defaults, but a loophole remains if an admin created an allowlist. In testing we confirmed that when a rule or policy forces SCL:-1, the message is marked as trusted and skips filtering. (SCL:-1 means “bypass spam filtering and treat this message as safe.”) This allows spoofed mail to reach the inbox despite a DMARC reject policy. SCL:-1 is NOT added by the attacker. It is stamped by the tenant. Common causes include: - An admin sets a mail flow rule to “always trust” messages from a certain entity, skipping spam checks. - The organization’s own domain is added to the allowed senders/domains list - Someone clicks “Allow” in Microsoft’s Spoof Intelligence panel - An inbound connector is configured to treat all mail as if it came from inside the organization If you see SCL:-1 on a spoof, the problem is NOT DMARC but configuration. Organizations should audit mail flow rules, remove their own domains from allowlists, review Anti-Phishing policies, and correct connector settings. Relying on whitelists for convenience undermines DMARC and gives attackers the exact opening they need. Security controls only work if we let them do their job. ‼️Read the full article: https://lnkd.in/ezCxnT-F #Microsoft #DMARC #EOP

Data privacy isn’t optional anymore. Especially in complex SAP environments. Hackers don’t care if it’s prod, test, or training data. They look for cracks, and there are many. Old mindset: “It’s internal, we trust the team.” New mindset: Trust no one. Mask everything. Here’s why data masking and anonymization are now essential 1/ Regulations are tightening ↳ GDPR, CCPA, HIPAA, fines are real ↳ Compliance isn’t optional anymore 2/ Access is everywhere ↳ Users, roles, systems, layers ↳ Too many entry points to rely on luck 3/ Dev/Test are still vulnerable ↳ Real data in staging = real risk ↳ Masking removes the hacker’s prize 4/ Insider threats are rising ↳ One wrong click can expose millions ↳ Masking limits damage before it happens 5/ SAP is going hybrid ↳ Cloud + integrations = more exposure ↳ Masked data stays protected across environments 6/ Business still runs ↳ Teams need data for training, QA, and reports ↳ You can secure and stay productive 7/ Brand trust is fragile ↳ One leak? Years of trust gone ↳ Prevention is cheaper than public apologies 8/ It’s a mindset shift ↳ Security by design, not by patch ↳ Privacy-first architecture builds resilience Modern SAP security starts with data privacy. Anonymize. Mask. Repeat. Because hope is not a strategy What’s one step your team is taking today? #SAPSecurity #SAPDataProtection #SAPS4HANA #SAPLandscape #SAPCompliance #GDPR #CCPA

The festive season brings joy, connectivity, time to rejuvenate and spending quality time with our loved ones. Yet it can also usher in increased cyber threats while you are away from your work. Protecting our digital assets in today’s cyber age is paramount to ensure you have a good holiday and a smooth ‘back-to-work’. Consider the following: - Are we keeping our data backed up at all times to ensure easy recovery in case of cyber incidents? - Are we limiting social media sharing of travel plans or holiday activities to avoid targeted attacks or physical break-ins? - Are we vigilant against phishing attacks and being selective about downloading material? Avoid clicking on any suspicious email, SMS, WhatsApp, or flyers. - Do we have two-factor authentication (2FA) enabled wherever possible to enable extra layer of security? - Are we exercising enough caution while using public Wi-Fi networks? Are we using VPNs for secure browsing? - Are we regularly updating software, applications and antivirus/security patches to shield against vulnerabilities? - Are we regularly revisiting our passwords and ensuring they are strong and unique? - Do we know who to contact in case of any cyber-attack? - Are we locking our digital devices and not leaving them unattended when not in use? - Are we logging out from our digital accounts when they are not in use? The holiday season should be a time of joy, not worry. Stay Vigilant. Stay Secure. Above all, enjoy the holidays. #Cybersecurity #DigitalTransformation #CorporateGovernance #BoardroomExcellence #Boardofdirectors #Boardmembers  #AtulGupta

iVirtual decided to restrict communication with customers and partners exclusively to email and live Google Meet sessions due to security concerns and operational efficiency. Here’s a breakdown of the reasons behind this decision: 1️⃣ Identity Verification and Security Risks in Messaging Apps • WhatsApp and Telegram Lack Strong Identity Verification: While convenient, these platforms offer limited identity verification mechanisms, which could lead to impersonation or phishing attempts. For instance, account takeovers are increasingly familiar with SIM-swapping attacks, where attackers can access a person’s phone number and impersonate them. • End-to-end Encryption Is Not Foolproof: Although WhatsApp and Telegram offer end-to-end encryption, this protection is only active during message transit. The message storage remains vulnerable to malware or physical access attacks, posing a risk if partners and customers do not implement strict device security. 2️⃣ Insecure Data Handling • WhatsApp and Telegram Backup Vulnerabilities: These platforms often rely on cloud backups that do not maintain end-to-end encryption. If customers back up conversations to Google Drive, iCloud, or similar services, sensitive information could become accessible through those accounts. iVirtual, which values confidentiality, avoids using these platforms to minimize these risks. 3️⃣ Operational Integrity and Privacy with Google Meet and Email • Secure, Traceable Channels: Google Meet provides controlled, live, and secure meetings that can be verified in real-time, while email creates a digital paper trail for essential exchanges. Email can be used with digital signatures or secure attachments to ensure authenticity, making it harder for unauthorized parties to alter or spoof communications. • Enhanced Data Protection and Compliance: Email communication can be managed on platforms with strict compliance standards (like GDPR) and monitored for potential breaches. Both Google Meet and professional email services offer more granular administrative controls, which allow iVirtual to secure communications with clients in sensitive sectors, ensuring confidentiality and data integrity.

🚨 Real-World Phishing Example: Defence-in-Depth Is Non-Negotiable🚨 Cyber attackers are getting smarter. They've been using legitimate web services to deliver phishing emails. 🎣 📌 The example in the screenshot An attacker used Calendly (a trusted meeting tool) to send an invite. The link looked safe, it pointed to Calendly -> but it secretly redirected to a malicious website. In this case, the goal was to empty the victim’s crypto wallet. 💸 (Attackers can easily adapt this method for other scams too!) 🔒 Why basic email authentication isn’t enough: ✅ SPF, DKIM, and DMARC checks are crucial, ❗ But -> when attackers abuse trusted platforms and clean domains, these checks alone can’t stop them. 👉 That’s why a layered security approach (Defence-in-Depth) is critical. At Proofpoint, our Commercial Prime Threat Protection strengthens your defences with: 🛡️ Email Fraud Defense (EFD) — Stops domain spoofing 🔐 Account Takeover Protection (ATO) — Detects compromised accounts 🤝 Collaboration Protection — Secures tools like Microsoft 365 and Google Workspace ✅ URL rewriting and analysis 🧠 Advanced URL sandboxing Catches hidden redirects and malicious links ✨ Always verify before you click 🤔 and remember, no legitimate service will ever ask for your crypto recovery phrase. #PrimeTime #EmailSecurity #CyberSecurity #Phishing #ThreatProtection #DefenceInDepth

Reduce Domain Spoofing with DMARC! Let’s understand how DMARC ensures that only legitimate emails are sent on behalf of our domain and we have better protection against spoofing. ✅ Objective: Prevent domain spoofing and phishing attacks while ensuring only authorized emails reach recipients. 👨💻 Who’s in Charge? IT admins, DevOps, security teams, or anyone managing the organization’s domain. ⚙️ How It Works: DMARC is set up in the domain’s DNS, and working alongside email authentication systems. 💪 Effort Required: One-time DMARC setup in DNS, ongoing email monitoring, and policy adjustments as needed. Here’s how it actually works: 1️⃣ Set the Rules – Define your DMARC policy in DNS, specifying how to handle unauthorized emails: *None – Monitor only, without taking action. *Quarantine – Mark as spam or move to a separate folder. *Reject – Block the email entirely. 2️⃣ Authentication Checks – Every email sent under your domain undergoes SPF and DKIM validation. 3️⃣ Filtering Suspicious Emails – If an email fails authentication, the system checks if it truly came from you. 4️⃣ Enforcement Decision – Based on your policy, emails can be delivered, sent to spam, or rejected. 5️⃣ Reports & Monitoring – You receive reports on who’s sending emails on behalf of your domain (and detect impersonation attempts). The result? Fewer phishing attacks, better control over your domain, and increased trust in your emails. 🚀 If you haven’t set up DMARC yet—now’s the time! 💡 #CyberSecurity #EmailSecurity #DMARC #PhishingProtection

While I’m in an Uber, I jump on a call from a client - the CEO of a logistics company - completely panicked. He was convinced someone had hacked his email. Why? Because someone just sent a message from his exact email address. Same name. Same email. No obvious red flags. It looked real. But it wasn’t. It was 100 percent fake. This is spoofing - and it’s far more dangerous than most people realize. Here’s what happens: Hackers don’t need access to your inbox to send emails that appear to come from you. They exploit weaknesses in email authentication - especially when SPF (Sender Policy Framework) isn’t configured correctly. If SPF fails, anyone can send emails that look exactly like they came from your account. That doesn’t mean your inbox was breached. It means your identity was impersonated. Most people assume: "If the sender looks legit, it must be safe." But that assumption is exactly what attackers count on. In this case, the attacker sent a spoofed message that looked internal. No links. No attachments. Just a message designed to earn trust. And once it was opened, it triggered a tracking pixel - alerting the attacker that the target was active. That’s how phishing works today. It’s not sloppy anymore. It’s surgical. What can you do about it: - Don’t trust the “from” field blindly - check if SPF, DKIM, and DMARC pass. - Make sure your domain is properly protected and monitored - Train your team to pause, question, and report - Use security tools that detect these attempts before they hit inboxes If you want to check whether your SPF is configured correctly - ping me. #CyberSecurity #EmailSecurity #Phishing