Outdated backup systems could leave your business vulnerable

Imagine this: Your business grinds to a halt because your critical files are locked away by scammers. And they’re demanding a ransom for their release.

This is called a ransomware attack, and it’s a growing threat to businesses all around the world.

Ransomware is a type of cyber attack where criminals break into your systems and encrypt your data, making it unusable. They’ll then demand payment (often in cryptocurrency) for the key to unlock it.

Even if you pay the ransom, there’s no guarantee you’ll get your data back. This is why a strong backup system is one of the best safety nets you can have.

Backups are copies of your important files and systems, stored separately from your main network. If something goes wrong (like a ransomware attack or even accidental deletion) you can use your backup tools to restore your data and keep your business running.

Backups are essential for businesses of all sizes. But here’s the catch: Not all backup systems are created equal. Recent research shows that many businesses are using outdated backup technology, leaving them exposed to risks even if they think they’re protected.

Older backup systems weren’t designed to handle today’s sophisticated ransomware attacks. And they leave businesses vulnerable in three main ways:

1. Backup data is a target

Ransomware attackers are getting smarter. They know that backups are your last line of defence, so they target them directly. If your backup system isn’t designed to protect against these attacks, your safety net could be cut away when you need it most.

2. Lack of encryption

Encryption is a way of scrambling your data so only authorised people can access it. Without encryption, scammers can tamper with your backup data – yet nearly a third of businesses report that their backup data isn’t encrypted.

3. Failed backups

It can be difficult to restore lost data with older systems, and this is the point where they often fail. Imagine finding out that your backup didn’t work just as your business is trying to recover from an attack. It can mean long downtimes and expensive repair efforts, which many businesses simply can’t afford.

So, how can you fight back against ransomware threats?

Rethink your approach to backups. Modern solutions like immutable storage are designed to offer the strongest protection against ransomware attacks. Immutable storage makes sure your backup data can’t be altered or deleted, no matter what. 

This technology is built on something called Zero Trust, a security model that assumes nobody and nothing can be trusted. Every access request is validated, and permissions are strictly limited, ensuring your important business data stays safe even if an attacker breaches your system. 

Ransomware attacks are not going away. If anything, they’re getting smarter and even more common. Now is the time to make sure your backup system is solid.

Not sure where to start? This is what we do. Get in touch.

Read more

Beware that corrupted email attachment: It could be a scam

You’re scanning your inbox and spot an important email with a Word document attached. Maybe it’s an invoice, a message from a supplier, or even a request from a colleague. You open it without thinking twice… and just like that, you’ve been scammed.

This scenario is exactly what cyber criminals are counting on. Now they’ve come up with another new way to get past even the most advanced email security filters – this time, using corrupted Microsoft Word files.

It’s a clever and dangerous tactic.

Phishing (pronounced “fishing”) is where scammers try to trick you into giving away sensitive information, like passwords or bank details. They “bait” you with an email that looks legitimate, maybe from your bank, a co-worker, or a company you trust.

These emails often include attachments or links. When you open the attachment or click the link, you could be downloading malicious software (malware) or visiting a fake website designed to steal your details.

Phishing attacks are constantly evolving, and they’re now one of the most common ways scammers break into businesses. Email security filters are usually pretty good at scanning attachments. But since corrupted files can’t be analysed properly, the Word file is able to sneak into your inbox.

When you open one of these corrupted files, Microsoft Word will “repair” it and show you what looks like a normal attachment. But the document will contain a malicious QR code or link that sends you to a phishing site (often a fake Microsoft 365 login page). If you enter your details, scammers could have access to your account – and potentially your entire business. 

Stealing just one employee’s login details can be enough. With access to your cloud systems, scammers could get hold of sensitive customer data, lock your team out of essential files, or even send phishing emails from your account to trick your contacts.

If this happens to you, it could be catastrophic. Your business could face financial losses, legal consequences, and a damaged reputation that could take a long time to rebuild.

Cyber attacks are getting more complicated. But you don’t need a degree in cyber security to help keep your business safe.

The best protection is awareness and caution.

Here are some steps you can take:

  • Slow down and think twice before opening attachments or clicking on links
  • If an email seems urgent, beware – scammers like to rush you, so you’ll act without thinking
  • If you’re not sure an email is legit, check with the person or company that the email seems to be from
  • Never trust an attachment or link just because it looks professional

Most importantly, make sure you educate yourself and your team about what phishing is, why it’s dangerous, and how to recognise the warning signs.

We help businesses like yours with this every day. If you’d like us to help you too, get in touch.

Read more

Are your employees your security’s weakest link?

Let me ask you something: Do you lock your front door when you leave the house?

Of course you do.

But what if you get home and find that someone left a window open? You may as well have left the door unlocked, right?

Now think about your business.

You’ve probably invested in good cyber security to protect it, using strong passwords, firewalls, and the latest software updates. But if your employees accidentally leave the “windows” open, all that security goes to waste.

It’s not about blame – it’s about awareness. The truth is that your employees might be your biggest security risk, without them even realising it.

More people are working remotely, and research shows that four out of five employees use their personal phones, tablets, or laptops for work. It makes sense. Why not use the devices they already own?

Here’s the problem: Your employees’ personal devices probably aren’t set up with the same security measures you’d use in the office. Their phones and laptops might use weak passwords, outdated software, or even be connected to unprotected Wi-Fi networks. All of this is a dream scenario for hackers. 

And here’s where it gets scary…

Two out of five employees admit to downloading customer data onto their own devices. That’s sensitive data leaving the safety of your business, now at risk of falling into the wrong hands.

If that’s not enough to worry you, here’s another shocker: More than 65% of employees admit they only follow cyber security rules “sometimes” or even “never”. This includes forwarding work emails to their personal accounts, using their phones as Wi-Fi hotspots, or ignoring guidelines about handling data when using AI tools.

Passwords are another issue, with nearly half of employees using the same passwords across different work accounts. Even worse, over a third of employees use the same passwords for both their work AND personal accounts.

Imagine a hacker getting into your employee’s social media account and using the same password to get into your business systems? It’s a disaster waiting to happen.

So, what can you do?

The key is education. 

Start by helping your team understand why cyber security is so important. Most people don’t break the rules on purpose – they just don’t realise the risks. Explain that those little habits that seem harmless (like reusing passwords or doing work on public Wi-Fi) can cause serious damage.

Create security rules that are clear, simple, and easy to follow. For example, you can tell your team to: 

  • Use a password manager to create a strong, random and unique password for each of their work accounts
  • Only access work systems on secure, approved devices
  • Never forward work emails to their personal accounts

Also, make sure your employees are getting regular training sessions to keep cyber security at the front of their minds, and don’t forget to celebrate good habits. If someone flags a suspicious email or comes up with a clever way to keep sensitive data safe, be sure to let everyone else on your team know.

Cyber security is everyone’s responsibility.

By giving your employees the right tools and training, you can turn them into your first line of defence instead of your weakest link.  If you’d like help keeping your team up to date on the latest security threats, get in touch.

Read more

Beware that “support call” – it could be a ransomware scam

If you get a call claiming to be from Microsoft Teams support, think twice before doing what they ask.

There’s a new trend for scammers to pose as “help desk” staff, with the aim of tricking employees into letting them take over their devices.

This is part of a larger ransomware attack, where you’ll be denied access to your business data unless you make a hefty payment to get it back.

Recently, a notorious cyber crime group has taken this scam to a new level.

What happens?

First, they’ll flood an employee’s inbox with so much spam that it becomes unusable. Then they swoop in with a phone call, pretending to be from IT support, offering to “fix” the problem.

They may ask your employee to install remote desktop software like AnyDesk or use built-in tools like Windows Quick Assist. Once they have access, they can move around your network, collect sensitive data, and launch ransomware on your devices.

Be warned – they don’t only reach out over the phone. They’ve also started setting up Teams accounts to make employees think they’re part of IT support.

They do this by choosing usernames like “Help Desk” and using fake Microsoft tenant domains such as “securityadminhelper.onmicrosoft .com”. Then they send one-to-one messages to employees, saying they need access to their device.

Ransomware attacks are serious business. Along with locking you out of your data, they can also shut down your operations, disrupt customer service, and potentially leak confidential information.

Recovering from a ransomware attack can be expensive, both in terms of paying the ransom and dealing with the aftermath. It can cause loss of revenue, damage your reputation, and it could even have legal consequences.

Make your team aware of this scam and encourage everyone to be cautious with any unsolicited support calls or Teams chats. And make sure everyone knows to check with your actual IT department first, if someone is asking to install software or gain access.

Also, if you use Microsoft Teams in your business, make sure it’s set up securely. Only allow external chats from trusted domains, and make sure chat logging is enabled.

If you want extra help safeguarding your setup, we can do that. Get in touch.

Read more

Beware this malware: It “annoys” you into handing over login details

How cautious are you and your team with online security? You know about phishing scams, dodgy downloads, and not clicking suspicious links, right?

But an even sneakier new malware (that’s malicious software) wants to frustrate you into giving up your Google login details.

The malware doesn’t have a catchy name yet, but it’s part of a larger threat known as “Amadey”, and it’s been on the rise since August.

It forces your PC into something called “kiosk mode” (a setting often used on public computers that only lets you access one window). This allows it to lock your browser in full screen mode, hiding all your usual navigation buttons like the address bar and menus. Then you get sent to a fake Google password reset page.

Normally, you’d just hit the Esc or F11 keys to get out of full screen mode, right? Well, not this time. It won’t work if the malware has infected your PC. It wants to confuse you into thinking you must enter your password to solve the problem.

The password reset page will look like a real Google page. But the second you type in your details, they’ll be stolen by a second piece of malware hiding in the background. Falling right into the hands of cyber criminals.

Pretty scary stuff.

But here’s the good news: You can break free without giving up your details.

If your browser gets stuck in full screen mode, try hitting ALT+TAB to switch tasks, or ALT+F4 to force the window to close. Otherwise, try closing it through your task manager (CTRL+ALT+DELETE).

If all else fails, just restart your PC by holding down the power button or unplugging it, then get an expert (like us) to look at the malware.

Prevention is always the best approach, though. Be wary if your computer starts behaving strangely, especially if your browser suddenly goes into full screen mode and won’t let you navigate away.

Avoid clicking on suspicious links or downloading attachments you aren’t sure about. And as tempting as it might be to get past an annoying screen, never enter your password unless you’re 100% sure the website is legit.

If you’d like us to teach your team how to avoid the latest scams, we can help. Get in touch.

Read more

Cyber extortion: What is it and what’s the risk to your business?

Here’s a topic that’s been making headlines and causing sleepless nights for many: Cyber extortion.

Is it something that’s on your radar? It should be, because it might affect your business one day.

What is cyber extortion?

It’s a type of cyber crime where criminals threaten to harm your business by compromising its data and digital assets unless a ransom is paid. These threats often involve ransomware, a malicious software that encrypts your data, making it inaccessible until you pay the ransom.

Sometimes, cyber criminals go a step further by stealing data and threatening to release it publicly on dark web leak sites if their demands aren’t met. This dual threat is known as double extortion.

According to a 2024 report, the number of victims of cyber extortion scams has skyrocketed by 77% over the past year. What’s more, small businesses are four times more likely to be targeted compared to their larger counterparts. This is a worrying trend, especially considering that smaller businesses often have fewer resources to defend against these attacks.

In the first quarter of this year alone, 1,046 businesses fell victim to double extortion. That may not seem huge, but bear in mind the actual number is likely much higher since many cases go unreported, hiding in the shadows of what experts call the “dark number.”

The truth is, all businesses, regardless of size or industry, are potential targets. However, certain sectors are more frequently attacked. Manufacturing, professional, scientific, and technical services, as well as wholesale trade, top the list. Alarmingly, the healthcare and social assistance sectors are also seeing a significant rise in attacks, despite the potential societal and political repercussions.

Cyber criminals are opportunistic and strategic. They target regions with strong economic growth and shared languages. For instance, cyber extortion attacks in the UK have increased by 96%.

What you can do.

While the rise in cyber extortion is a big worry, there are steps you can take to protect your business. Here are some key strategies:

Back up your data: Make sure you have a robust backup plan. Keep your critical data in an offline or offsite location and regularly test your backup restoration process.

Keep software updated: Make sure all your devices use the latest software, especially those connected to the internet.

Implement Multi-Factor Authentication (MFA): Strengthen your access controls with MFA. This adds an extra layer of security by requiring multiple forms of verification before access is granted (such as a code on a separate device). Also, limit user access to only the systems they need for their job.

Patch and vulnerability management: Regularly update your systems to fix any security vulnerabilities. Cyber criminals often exploit known weaknesses, so staying on top of patches can prevent many attacks.

By understanding what cyber extortion is and how it works, you can better prepare your business to defend against it. Remember, the key is to be proactive. If we can help prepare your business and keep it safe, get in touch.

Read more

Is that Chrome extension filled with malware?

If you use Google Chrome in your business, you’re probably familiar with extensions. These useful tools can enhance your browsing experience in countless ways, from blocking annoying ads to reducing distractions.

Extensions are incredibly popular because they can add so much functionality to your browser. But just as you need to be careful when installing new apps on your phone, you must also be cautious when adding new extensions to your browser. That’s because they come with a risk of malware.

It’s short for malicious software – that’s any software intentionally designed to cause damage to a computer, server, or network. Cyber criminals use malware to steal data, hijack systems, and even empty your bank accounts.

Google Chrome holds about 65% of the browser market share worldwide, making it the most popular browser by far. This popularity makes Chrome a prime target for cyber criminals. While cyber attacks sometimes exploit vulnerabilities in the browser itself, there’s an easier way to target Chrome users: Through malicious extensions containing malware.

Although Google keeps a tight watch on its Chrome Web Store, the risk is still there. A recent report claims 280 million people installed a malware-infected Chrome extension between July 2020 and February 2023. That’s a huge number and highlights the importance of being vigilant.

Surprisingly, many malicious extensions remained available for download on the Chrome Web Store for a long time. On average, malware-filled extensions stayed up for 380 days, while those with vulnerable code were available for about 1,248 days. One particularly notorious extension was downloadable for 8 and a half years before being removed.

So, how can you protect yourself and your business from these malicious extensions? Here are five steps we recommend.

  1. External reviews: Since checking ratings and reviews on the Chrome Web Store isn’t always reliable (many malicious extensions don’t have reviews), look for external reviews from trusted tech sites to judge whether an extension is safe.
  2. Permissions: Be cautious if an extension asks for more permissions than it should. If a new extension requests extensive access to your data or system, this could be a red flag.
  3. Security software: Use robust software to catch malware before it can do any harm. This is your last line of defence if you accidentally install a malicious extension.
  4. Necessity: Before installing any new software or browser extensions, consider whether you really need it. Often, you can achieve the same functionality visiting a website.
  5. Trusted sources: Only install extensions from trusted sources or well-known software providers. This significantly reduces the risk of downloading a harmful extension.

Chrome is the most popular browser, which means it will always be a target for cyber criminals. Google’s security team works hard to review every Chrome extension to ensure they are safe, but it’s still crucial to be vigilant.

If you’re unsure whether your extensions are safe or not, or you’d like more advice around keeping your business secure, our team can help. Get in touch.

Read more

Save time by accessing your Android phone’s files with File Explorer

Microsoft is working on an update that will allow Windows 11 File Explorer to directly access files on your Android phone, making file transfers smoother and faster than ever before.

Why’s this is such a big deal and how it can boost productivity for you and your team?

Imagine you’re in a meeting and need to quickly pull up a document or photo from your phone. Normally, you’d have to email it to yourself or transfer it using a cloud service. This can be time-consuming and cumbersome.

With the upcoming Windows 11 update, you’ll be able to access your Android phone’s files directly through File Explorer. No more fumbling with multiple steps, just quick, easy access to what you need.

This feature isn’t just about increased convenience; it’s a big productivity booster. By streamlining the process of transferring files between your phone and computer, you can save time. When you’re busy, every minute counts, and fewer interruptions make a smoother workflow.

Your team will also benefit from this update. This can lead to better collaboration and faster decision-making.

From a technical standpoint, this feature is designed to be user-friendly. There’s no need for complicated setups or third-party apps. It will be built right into the Windows 11 operating system, so once the update is rolled out, you’ll have everything you need at your fingertips. It lets everyone on your team take advantage of the new functionality without needing training or support.

Of course, we must mention another important aspect to consider: Security.

Microsoft is known for its robust security measures, and this new feature is no exception. Your data will be protected throughout the transfer process, giving you peace of mind that sensitive information remains secure.

Sounds good, doesn’t it?

We don’t have a release date yet. But if you want more help with productivity tools to make your business more profitable, we can help. Get in touch.

Read more

Protect your business from a data leak with Microsoft Edge

Microsoft Edge for Business has just rolled out new data leak control capabilities. And that could be a good thing for keeping your sensitive info safe.

What are data leak control capabilities?

In plain English, they help prevent your sensitive information from getting out to the wrong people. Think of it as having an extra lock on your digital doors, making sure only the right people can access your important data.

Every business handles sensitive information, whether it’s financial records, client details, or proprietary data. If this information leaks, it could mean big trouble: Financial loss, legal headaches, and a hit to your reputation.

This new feature in Microsoft Edge helps keep your data secure by making sure only authorised people can access it. It also stops accidental sharing.

Depending on your industry, you may have strict rules about data protection. These new controls can help you stay on the right side of regulations.

And let’s not forget your customers. They’re more aware than ever about data privacy. Using a browser with strong data leak controls shows you’re serious about protecting their information, which can boost their trust in your business.

Microsoft Edge for Business has added this new feature into an easy-to-use package. You can set policies on how data can be shared – like stopping certain types of data from being copied or emailed to unauthorised recipients. This way, you’re less likely to have accidental leaks.

It uses artificial intelligence to spot potential threats and unusual data movements. Edge can alert you to a potential leak before it happens, giving you a chance to act proactively.

If you’re already using other Microsoft products like 365 or Microsoft Teams, good news: Edge for Business integrates smoothly with them, letting you apply consistent data protection across all your tools.

Ready to give it a spin? Here’s what to do:

1. Update your browser: Make sure all your business’s devices are using the latest version of Microsoft Edge for Business. This makes sure you have all the newest features and security updates.

2. Set your policies: Work with your IT support partner to set up data sharing policies that make sense for your business. Microsoft provides guidelines and templates to help you get started.

3. Train your team: Make sure your employees know about the importance of data security and how to use the new features. A quick training session can do the trick.

4. Monitor and adjust: Keep an eye on how things are working and tweak your policies as needed. You want to find a balance that keeps your data secure without disrupting your workflow.

Better still, why not get our team to just do this for you. Get in touch.

Read more

Ransomware threats are surging – here’s how to protect your business

Imagine waking up one morning, turning on your computer, and finding that all your important files – everything from customer data to financial records – are locked. Tight.

And then a scary message pops up demanding a ransom fee to unlock them.

That’s ransomware in a nutshell. It’s a type of malicious software that hijacks your data and holds it for ransom.

How does it happen?

It usually starts with an innocent-looking email or link. You might get an email that seems legitimate, asking you to click on a link or open an attachment.

This is known as a phishing email, where the sender appears to be genuine but isn’t. Once you click, malicious software is silently installed on your system. From there, the cyber criminals quickly go to work.

They’ll be encrypting your files so you can’t access them. Then, you get that dreaded ransom note, demanding payment in exchange for a decryption key to unlock your files. Paying the ransom is a risky move because there’s no guarantee you’ll get your data back, and it just encourages the attackers to target more victims.

2023 was a particularly bad year for ransomware, with attacks surging after a two-year decline. According to a report, there was a huge increase in ransomware incidents, breaking a six-year record.

One reason for this spike is the rise of something called Ransomware-as-a-Service (RaaS). This model lets cyber criminals “rent” ransomware tools, making it easier than ever for them to launch attacks.

As a result, more businesses are finding themselves posted on data leak sites, with a 75% increase in the number of victims between 2022 and 2023.

Ouch.

And it gets worse. Attackers are getting smarter. They’re developing new variants of old ransomware, sharing resources, and using legitimate tools for malicious purposes.

They’re also working faster, often deploying ransomware within 48 hours of gaining access to a network. And they tend to strike outside of work hours, such as when you’re tucked up in your bed, so they’re less likely to be noticed.

If your business falls victim to a ransomware attack, the consequences can be devastating. You might face significant financial losses, not just from the ransom itself but also from the cost of downtime and recovery.

There’s also the risk of losing critical data if you can’t decrypt your files.

Your reputation could take a hit if customers find out their information was compromised. Oh, and your business operations could be severely disrupted, affecting your ability to serve your clients.

What can you do?

The most important question then: How can you protect your business from this growing threat?

  • Start by educating your team. Make sure everyone knows how to spot phishing emails and avoid suspicious links and attachments
  • Regularly back up your critical data and securely store those backups offline
  • Keep your software and systems up to date with the latest security patches, and invest in strong security tools
  • It’s also important to limit access to your data. Only give employees access to the information they need for their jobs
  • Monitor your network for unusual activity and have a plan in place to respond to incidents quickly

If you do get hit by a ransomware attack, don’t panic. Work with cyber security experts (like us) to resolve the issue.

Remember, it’s best not to pay the ransom, as it only fuels the cyber criminals’ activities.

My team and I help businesses take proactive action to protect their data. If we can help you, get in touch.

Read more