Cyber Security Staffordshire

The 3 Cyber Security Vulnerabilities You Need to Ensure Your Business Doesn’t Have

You need to take cyber security seriously, regardless of the size of your business. Criminals are targeting both small and large businesses, and you need to check for any weaknesses in your security regularly. Here are 3 Cyber Security Vulnerabilities you need to ensure your business doesn’t have.

Summary

Check your Antivirus software regularly and keep it up to date
Do you have Weak Login Credentials / have any of your accounts been compromised
Lack of Ransomware Protection

VULNERABILITY #1 – LACK OF ENDPOINT SECURITY

Many businesses don’t have or regularly check their endpoint security solutions such as antivirus programs. This leaves their business susceptible to cyber attacks such as ransomware and malware.

Some endpoint solutions rely on virus definitions or signatures to detect an attack. Some out of date software is often inadequate.

Many cyber criminals can bypass definitions quickly and undetected. Some solutions don’t monitor for unexpected and unusual behaviour that typically happens during a cyber attack.

The best way to combat these issues is to invest in an endpoint solution that involves next-generation antivirus, response and behavioral analysis.

What is Endpoint Security?

Endpoint security Is when you secure the endpoints and / or entry points of devices such as desktops, Laptops and mobile devices etc. It has evolved a lot since the more traditional anti virus solutions of the past. It provides a more sophisticated approach when it comes to malware and ransomware.

As virus threats get more sophisticated, it’s good practice to implement this level of protection. The new systems are designed to detect, analyse and block suspicious activity while they are in progress.

Please get in touch if you would like to know more or have any questions about Endpoint Security.

VULNERABILITY #2 – COMPROMISED OR WEAK CREDENTIALS

Cyber Security Staffordshire

Cyber criminals can easily compromise your Username and Password if you haven’t got the right protection in place. For instance, an unsuspecting team member may fall victim to a phishing email and enter their login information into a fake website.

With these compromised credentials, an attacker can gain access to your business data.

There are a number of ways to combat this, such as by enabling MFA (Multi Factor Authentication) on your systems. MFA provides an extra layer of security.

It ensures that users are who they say they are by requiring two pieces of information in order to sign in. This is usually their password and an additional verification, such as a one time access code, in order to login.

Even if the password is compromised, the chances of the additional verification factor also being compromised is very low.

What is Multi Factor Authentication?

When you sign into any account online, you usually go through a process called authentication. Effectively proving your identity to the website you’re logging into. For many years this has been achieved by using a username and a password.

This is however a very insecure method of authentication. That’s why now almost every bank, some social media websites and online stores use additional authentication.

You may hear Multi Factor Authentication called Two-Step verification or Multifactor authentication. They all work the same way. You still login using your username and password but there is an additional layer of security. This can be a pin number text to your mobile phone or a unique code generated by a separate application.

VULNERABILITY #3 – LACK OF RANSOMWARE PROTECTION

Ransomware is the name given to a cyber attack, where the cyber criminals attack your system and network and encrypt your files making them inaccessible.

This can cause chaos for small and large businesses. In 2017 a notorious ransomware attack called “WannaCry Outbreak” cost the UK £92 million and global costs in the region of 6 billion. This also affected the NHS and all of their computer systems were brought to a standstill.

Even though victims paid the ransom all of the data was virtually unrecoverable. So it’s not just ransomware protection you need. It’s a redundancy plan to make sure all of the data is backed up elsewhere and is accessible in the event of a cyber attack.

The majority of victims in these types of attacks are told to pay the ransom using a crypto currency such as bitcoin. They will then send a passcode, allowing you to get back into your system and files.

Make sure you have software and processes in place to prevent these kinds of attacks. Ensure your systems are up to date with the latest updates installed, ensure you are using a modern endpoint security solution and a working backup solution to ensure you’ve got something to fall back to if the worst should happen.

What is Ransomware?

Ransomware is a type of Malware that adds encryption to a victims files and information. Any data on your computer or network can be compromised. This then stops the IT admin or users from being able to access any critical data.

You wouldn’t be able to access any files, databases or programmes on your devices. It does this by using asymmetric encryption. This is a type of cryptography that generates a pair of keys allowing you to encrypt and decrypt files. The hacker generates a unique key which is given to the victim when the ransom has been paid.

Most ransware is distributed via emails or more targeted attacks. In most cases, once your computer has been compromised. It will give you between 24/48hrs to pay the ransom allowing you to gain access to your data.

HERE TO HELP

Anyone running a successful company should have the steps above in place. To ensure your business isn’t a sitting duck for cyber criminals, by implementing reliable defense strategies and keep. So if you’re looking for assistance with your Cyber Security and based in Staffordshire. Reach out to us for a quick, no obligation chat to see how we can protect your business from cyber attacks. Call us on 01543 889 444

Return to News Page

Your Never Too Small for Managed IT Support

A small to medium size business may only have a handful computers and having an in-house person dedicated to IT support may be overkill. Everything is working fine at the moment but is it performing at its best, but at some point, things will crash and stop working. That’s why it can be beneficial to outsource IT.

Having someone who knows technology working for your team can pay huge dividends and add value by:

Providing knowledgeable support and IT help
Identifying where you can be more efficient with the tools you already have which can save money
Learning business needs and making recommendations about the best IT needs for your company
Helping you avoid bad tech purchases or buying software you don’t need
Protecting your business technology and ensuring your computers are up to date with the latest security

Small business Breaches

You don’t have to have a large business to attract the unwanted attention of cyber-criminals, in fact a small business can be a particularly appealing target.

According to Accenture 43% of cyber-attacks were aimed at small businesses and only 14% of small businesses were prepared for these attacks on their networks and sensitive data. In fact hackers will exploit a small business as part of their campaign to attack a larger business, as they know the smaller business is less likely to have the same level of security as the bigger businesses. According to insurance carrier Hiscox the average cyber-attack costs a business £200,000 which can be a killer blow for a small business. Some 60% of small businesses that are hacked go out of business within six months, even if they can survive the financial damage along with brand reputation and customer goodwill is devastating.

Advantages of Outsourced IT

You may not have a clear picture of your cyber-security status right now but by working with a SJH Computing & Technical Services you will get one. We will conduct an informal audit of your current technology and needs.

For instance, your business may not have a data protection procedure or you may think you don’t have a lot to back-up. Can you recover if your business losses an email chain it was keeping for legal or compliance reasons? What would happen if the computer holding all your accounting suddenly died? We can identify all these problem areas and recommend appropriate solutions.

We will make an inventory of all your tech assets and ensure you are compliant with protecting your customers data, employee records, confidentiality, availability, and ensure the security of the business’s intellectual property.

The cost of outsourcing can be a stumbling block to a small business but managed IT services can often lower costs by streamlining processes and ensuring that the business technology is best suited to current needs and if the worst does happen they are only a phone call away to help.

If you would like to know more about outsourcing your IT needs give us a call on 01543 889 444

Return to News Page

Don’t be Afraid of the Cloud

Although the public cloud service is expanding some businesses are reluctant to migrate their IT to this service for a number of reasons. This article addresses the common myths to this highly scalable and cost effective solution.

Fear of Change

The old saying of “why try to fix it if it’s not broke” is often banded about especially when it comes to business computing, and moving all your data from one data center to another takes planning and effort.

The greater flexibility when it is done will make it all worthwhile. Cloud technology offers:

Increased effectiveness
Mobility
Faster implementation
Scalability
Disaster recovery

The Cloud allows you to store data, deliver content, run applications and other IT functions all online, plus you don’t have to invest in the necessary hardware or networking technology on site.

Fear of Losing Control

Most IT departments want full control of their domain and can be reluctant to hand this over to a third party as moving to the public Cloud means partnering with this other third party. Some of your existing technology can move however some may need to be replaced or redesigned.

One solution is to migrate to a private Cloud. This will allow you to control the data and software but will be more costly than a public Cloud. When going into partnership with a public Cloud service provider make sure who is responsible and accountable for what.

Fear of Cost Increases

Cost is always a concern to businesses especially IT costs and although it may seem costlier by moving to the Cloud, first take stock of your existing IT operating budget. The time and money saving could be surprising as the software provider will take charge of updates, patching and new capabilities which can increase IT productivity in other areas.

With Cloud technology you know your tools are always evolving plus you can quickly add or reduce licenses for data storage and you don’t need to wait for hardware to arrive and be installed by your IT team.

Fear of Data Security

This is probably the biggest fear when moving to a third party, just how secure is your data. Also of concern is any downtime for a data breach and the resulting cost in lost production, business revenue and brand. You don’t want to move to a solution that increases your vulnerability.

There are two ways you can be attacked; digital or physical. A Cloud provider is always focused on security, they do not want an attack as much as you do as their reputation would be in tatters. They know the mitigations and counter measures for cloud computing capabilities. They know the frameworks, architecture and approaches to best protect against digital attack. Azure, which is Microsoft’s cloud offering, has a budget of $1 billion to prevent such cyber attacks. Very few IT budgets can compete with that.

As for physical security your own business premises is probably less secure than a data center. They have patrolled, fenced perimeters, guards, keycard only access, power backups and server redundancy.

Conclusion

With cloud migration you also avoid training employees to support the technology, freeing up office space and paying less for power and cooling to house your equipment. The cloud provides end users with immediate access from almost any device.

The one challenge is migrating to the cloud securely so contact us today on 01543 889 444 to get you migrated swiftly and ensure you’re using cloud computing safely.

Return to News Page

Are your Business Continuity Plans up to date?

Business continuity is preparing for the unexpected and plans ensure you can maintain operations during unexpected disruptions. Such disruptions can include:

national emergencies
sabotage
natural and man-made disasters
utility failures
data breaches or cyber-security attack

There is however a new threat that not only threatens individual businesses but whole economies – COVID-19.

The situation with COVID-19 has shown to be extremely fluid and can change in an instant so what do you need to do?

Prepare for the Unexpected

A business continuity plan tries to anticipate the worst that could happen without knowing what is going to happen; nobody saw a world pandemic coming.

You may never need to use your plan but taking the “it`ll never happen to me” approach is playing a dangerous game and could leave you up the creek without a paddle so to speak.

When COVID-19 hit many governments required businesses of all sizes across many industries to migrate to remote working or “working from home”. Those businesses with business continuity plans were able to respond with great agility whereas those without a plan would have floundered and found it very difficult and rushing to set up the required hardware and software which could lead to costly mistakes.

Now, many countries are starting to reopen for business albeit with constraints and now is the time to see how your business continuity plan coped and look for any weaknesses. Look back at what worked and what didn`t and ensure you are better prepared for the future.

Planning with a Managed Service Provider (MSP)

COVID-19 is not over yet and you could find yourself having to go back to remote working as spikes in the virus occur and local lock downs are forced back upon businesses. Your business continuity plan will lay out how to proceed but beware there can be many pitfalls and security issues with working remote and working with an MSP can enable you to ensure you have the correct hardware and software, set up data protection and develop a backup setup amongst other things.

If you would like to know more give us a call on 01543 889 444.

Return to News Page

World Backup Day

Today, 31st March, is World Backup Day.

What is a Backup?

A backup is a second copy of all your important files — for example documents, emails and photos. Instead of storing it all in one place (like your computer), you keep another copy of everything somewhere safe.

Data Backup

What’s the best way of backing up your data?

Whether it’s due to hardware or software failure, or simply because someone deleted the wrong file, data loss is a real threat that must be taken seriously.

USB Memory Sticks – Also known as flash drives, pen drives or memory sticks, they are extremely portable due to their size. However, the storage capacity of them is limited when compared to a hard drive. Also, their small size makes it easy for you to lose them.
Portable Hard Drives – Portable Hard Drives are great, they can hold a lot more data than a memory stick, and designed to be compact and portable. Although they are less likely to be damaged than a memory stick, they are still prone to failure, especially if it receives a knock when plugged in.
Cloud Backup – Backing up your data to the cloud means your data is backed up to massive servers in data centres. You don’t have to worry about hardware failure as cloud providers have built-in redundancy (multiple copies of your data) to ensure your data is safe. Cloud backup providers will also encrypt your data as soon as it’s uploaded from your computer, meaning no one has access to it apart from yourself. One advantage of cloud backup is that it is offsite, so if the worst should happen, such as a flood or fire, your data remains safe.

No matter what the cause of your data loss, it always has a deep impact, particularly when it comes to precious data like photos and documents. Most importantly, it’s a loss that is very avoidable.

If you want help in protecting your data or need help with anything else, give us a call on 01543 889 444.

Return to News Page

Firewalls – What Are They and What Do They Do

Firewalls in buildings stop fires from spreading from one part of a building to the next so what do they have to do with computers?

Your network does what it says, it connects different people from different departments so they can communicate and work effectively. A hacker is motivated to get into your system and will try everything to bypass your security and get into your network perimeter. A firewall sits between that internal network and the Internet outside reducing and preventing unwanted traffic from getting through, allowing your staff to safely carry on working.

The Packet Filtering Firewall Approach

Your firewall can be a combination of both hardware and software. A packet filter firewall monitors and controls network traffic by filtering data entering the network according to predetermined rules. The firewall is set up to examine small amounts of data called packets to see if they contain threats by checking these against criteria such as allowed IP addresses and packet type. If the data is suspect the firewall stops those packets, if not the data will continue onto its destination.

Firewalls also stops certain software from sending and receiving data to and from the Internet, this reduces the number of entry points for viruses and illegitimate traffic and also monitors outgoing traffic. If an infected computer in your network has become a “bot” due to a malware attack it could be sending out malicious information allowing its owners to attack other systems from your computers.

Firewalls can also help prevent denial-of-service (DDoS) attacks where thousands of computers are used to send an overwhelming amount of traffic to a network causing it to crash. One DDoS attack in 2016 seriously disrupted Amazon, Visa, PayPal, Netflix, Airbnb and more.

Other Types of Firewalls.

Stateful inspection is helping to make firewalls even smarter. These check where the packet came from, where it is going and what application requested it, making the examination more rigorous before the packet is allowed to pass. This approach offers a smart fast way to inspect for unauthorised traffic.

If you need any help on deciding the right type of firewall or want to be sure your firewall is going to withstand an attack give us a call today on 01543 889 444

Return to News Page

Ransomware – 7 Facts You Need to Know

Ransomware is the name given to a cyber-attack by cyber-criminals where they attack your system and network and encrypt your files making them inaccessible. They then demand a payment for a passcode so you can get back into your system and files and get working again. Here are the top seven things you need to know.

1: It can happen to you

Thinking “it won’t happen to me” is all the cyber-criminals need, they rely on your false confidence. Attacks on government, healthcare, education or financial institutions gets publicity but organisations of all types and sizes get attacked.

2: Ransomware spreads fast

Ransomware is malicious software known as malware and can infect an entire network. It only takes one person in one department to open a ransomware file and every single computer on your business network can be infected, very quickly. The virus can also spread between businesses too. The WannaCry ransomware attack of 2017 first detected in Europe, had in four days, spread to 116 countries.

3: Ransomware targets people

A common method is to send phishing emails in the hope people enter their access credentials. Businesses can get targeted communication emails where the attackers get to know your business first, then send an email impersonating a supplier or customer, and ask you to update details or another action by clicking on a link or downloading a file.

4: Ransomware is costly

Once ransomware has locked down your system you will need a password or decryption key to unlock it and regain access to your files. This will only be supplied once you have paid the ransom to the criminals that attacked you, if they keep their end of the bargain, they are crooks after all.

In Coveware`s analysis of Q3 in 2019 the average ransom payment increased by 13% to 41,198 US dollars compared to Q2 and that does not include the cost of downtime, lost revenue and long term brand damage along with the additional cost removing the ransomware, forensic analysis and rebuilding systems

5: Ransom requires Cryptocurrency

The ransom payment is usually made by bitcoin or another cryptocurrency as it is difficult to trace. Your business will need to buy cryptocurrency with actual cash then transmit the ransom and it doesn’t help that bitcoin is not something you can charge back like a credit card.

6: A recovery plan can help

Planning in advance can help you respond if you do get attacked. Document plans to disconnect infected computers from your network as quickly as possible and power down any machines that might be vulnerable to attack to avoid further spread of the virus.

You should also decide in advance whether your business would pay a ransom. Weighing the costs and benefits before any attack can help you react more strategically.

7: Take action

You don’t have to wait and worry about the consequences of any attack, there are many things you can do to help prevent this type of attack.

Filter traffic preventing it from coming into your network in the first place
Scan inbound emails for known threats and block certain attachment types
Use antivirus and anti- spam solutions and regularly upgrade and patch vulnerable software
Allow remote access to your network only from secure virtual private networks
Educate all users on the various threat methods used by attackers
Back up all your data to more than one location so that you can restore any impacted files from a known source.

Ransomware can happen to any business at any time. If you need any help implementing the best solution to keep your business safe give us a call today on 01543 889 444.

Return to News Page

The Dark Web and Its Impact on Your Business

Today most people use the Internet for good intentions, however some exploit it for ill intent using what is known as the Dark Web and small businesses need to understand the risks.

The Dark Web

What is the Dark Web?

There is a good chance you and your employees will spend time daily on the Web researching clients, checking competitors or searching for information. They are not accessing the Dark Web. The Dark Web is usually used for illegal activity be it black market drug sales, illegal firearms sales or illicit pornography.

The Dark Web’s collection of websites is inaccessible using standard search engines or browsers as the Dark Web users use what is known as Tor or I2P encryption tools to hide their identity and activity, and they use spoofed IP addresses. You need to be using one of the above services to access the Dark Web.

You would also need to know where to find the site you are looking for, there are directories, but they are unreliable as the people on the Dark Web do not want their victims to find them. Ultimately you do not want your employees to be on the Dark Web.

So why do we need to know about it? Because Dark Web users can buy:

usernames and password
counterfeit money
stolen credit card numbers and subscription credentials
software to hack into computers
operational, financial or customer data
intellectual property or trade secrets
hire a hacker to attack your computers

The Dark Web business risk

The Dark Web itself is not illegal. It is used by law enforcement agencies to try and track criminals using it, along with journalists trying to get information. It is also used in countries where open communication is prohibited.

The number of Dark Web listings that could harm your business is growing and a 2019 research study found that 60% of all listings could harm your business and that number has risen by 20% since 2016.

Business risks from these Dark Web listings include:

undermining brand reputation
loss of competitive advantage
IP theft
Fraudulent activity
Denial of service attack or malware disruption

With media attention on data breaches impacting millions it is easy to think that a small business is not at risk, but it is the ease of access to a business’s systems, not its size that attracts these hackers.

Dark Web information is up to twenty times more likely to come from an unreported breach. A Federal Trade Commission Conference was told by privacy specialists that victims included medical practices, retailers, restaurant chains, schools and other small businesses.

Reduce your risk

Rather than let your information end up on the Dark Web where you can do little about it, be proactive and keep your security protections current and install security patches regularly.

Consider a UTM (unified threat management) device or UTM appliance. The UTM plugs into your network to serve as a gateway and protect your business from malware, illicit access and other security risks.

Your UTM security appliance can provide:

application control
data loss prevention
email security
anti-malware scanning
wireless and remote access management
URL and content filtering

To stay on top of the latest cyber security threats call us on 01543 889 444.

Return to News Page

How Secure is Your Password?

Passwords are essential to your cyber security, but you probably have dozens of them and its difficult remembering them all. Over time you are prompted to change your password, or you forget one and rather than create yet another new one to remember you start using the same password for everything. You are not alone, over half the Internet users in the world have only one password.

Some people also use “password” or “123456” as their logins or don’t change device default passwords meaning anyone can pick up a router for example, look at the sticker identifying the password and access the network.

Cyber criminals can also guess your password with a little bit of research about you online then make informed guesses. Common passwords include pet names, birthdays or anniversaries and are all easy to find via your social media accounts.

Criminals can also use brute force, they may script an automation bot to run thousands of password permutations until they get a hit.

Criminals might also work with information from a data breach. 360 million MySpace emails and passwords and 117 million LinkedIn account details have been leaked and in early 2019 a security researcher found more than 2.7 billion email/password pairs available on the Dark Web.

They can also access your account if you’ve used a hacked public computer where they install a key logger, recording all the keys you press on the keyboard, or they may have compromised a router or server.

Another method criminals may use is phishing. For example, you may get an email from your bank but with a very slightly different email address that you do not spot. The email will be very urgent and directs you to what looks like a credible page.

What Can You Do?

All the above can look frightening and unnerving knowing they are trying to get their hands on your valuable data by all these different methods, but you can try these handy tips to try and keep you safe:

Be careful what you share on social media. Special birthdays giving your date of birth, nicknames, addresses, where you used to live are an absolute goldmine of information to hackers
Avoid obvious passwords, when you must create a new one or update one steer clear of simple, easily guessed patterns. Use complex passwords using capital letters, numbers and symbols, it might seem complicated but <character> <word> <something about the site> <numbers> <character> becomes !K1ttyFB75! for example which is based around the word “kitty” and where FB is for Facebook and just change the FB for something else on a different site.
You could also use a passphrase rather than a password. A passphrase is a whole sentence, no spaces, typically at least 19 characters long and which means something memorable to you but again not easily guessable.
Use a unique password for each site and although it might seem overwhelming do not store them on your computer, if hackers do get onto your computer, they will have hit the jackpot. You could use a “password manager” which is a secure site that will keep your passwords secure.
Be cautious about your online activity on shared computers or networks you don’t trust.
Pay attention to who is sending you emails and hover the mouse over the link to see where it goes. If you are concerned about your bank account for example open a browser and type the URL manually rather than clicking the link.

What to do if Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like “haveibeenpwned.com”. If it alerts a breach you need to change your passwords immediately, all of them. Use the example system described earlier to create a new set. If you are struggling to remember your set of passwords consider using a password manager described earlier such as LastPass (http://www.lastpass.com).

If you need help changing your passwords or setting up a secure password system, let us know on 01543 889 444 and we’ll be more than happy to help you.

Return to News Page

Destroying Business Data Properly

When you delete a file on your computer, it doesn’t permanently delete the data from the hard drive. All you are doing is telling your computer that it can now use the space on the hard drive that used to contain the data you just deleted. Cyber criminals can still recover this file and steal the information from it. Just like you shred and destroy paperwork, you need a policy in place for destroying data when you dispose of old equipment.

You have an obligation to protect customer and staff information. Disposing on old equipment needs to be done properly to ensure information doesn’t get into the wrong hands.

How to destroy your data properly

Deleting or even formatting the hard drive in your device simply won’t cut it. You must ensure the data is gone forever. We recommend either crushing the hard drive, or the other option is called zeroing.

Crushing the hard drive is exactly that. You shred or crush the drive into tiny pieces. There is simply no way the data can be recovered if the hard drive is in pieces.

Zeroing the drive is the process of overwriting the drive with random data, essentially destroying the existing data stored on there. While one pass will destroy the data, we use a three-pass process. During the first pass, random data is written to the drive, then on the second pass, a series of 1’s and on the final pass, a series of 0’s.

Under GDPR regulations, you must protect customer and staff information. Whenever you are disposing, recycling or even donating old IT equipment, make sure the data is already deleted or destroyed. The last thing you want is for the data to get into the wrong hands.

Need help recycling or destroying data on your old equipment? Give us a call on 01543 889 444

Return to News Page