Are your employees reporting security issues fast enough… or even at all?

Getting your team to report security issues quickly is something that’s important for your business… but maybe something that might not have crossed your mind before.

You might think that with so many security tech tools, you’re covered. But guess what? Your employees are your first line of defence, and they’re irreplaceable when it comes to spotting and reporting security threats.

Imagine this: One of your employees receives a fishy-looking email that appears to be from a trusted supplier. It’s a classic phishing attempt (that’s where a cyber criminal sends an email and pretends to be someone else to steal your data).

If the employee brushes it off or thinks someone else will handle it, that innocent-looking email could lead to a massive data breach, potentially costing your company big bucks.

The truth is, less than 10% of employees report phishing emails to their security teams. That’s shockingly low. Why? Well:

  • They might not realise how important it is
  • They’re scared of getting into trouble if they’re wrong
  • Or they think it’s someone else’s job

Plus, if they’ve been shamed for security mistakes before, they’re even less likely to speak up.

One of the biggest reasons employees don’t report security issues is that they just don’t get it. They might not know what a security threat looks like or why reporting it is crucial. This is where education comes in, but not the boring, jargon-filled kind.

Think of cyber security training as an engaging and interactive experience. Use real-life examples and scenarios to show how a small issue can snowball into a major problem if not reported.

Simulate phishing attacks and demonstrate the potential fallout. Make it clear that everyone has a vital role in keeping the company safe. When employees understand their actions can prevent a disaster, they’ll be more motivated to report anything suspicious.

Even if your employees want to report an issue, a complicated reporting process can stop them in their tracks. Make sure your reporting process is as simple and straightforward as possible. Think easy-access buttons or quick links on your company’s intranet.

Make sure everyone knows how to report an issue. Regular reminders and clear instructions can go a long way. And when someone does report something, give them immediate feedback. A simple thank you or acknowledgment can reinforce their behaviour and show them that their efforts matter.

It’s all about creating a culture where reporting security issues is seen as a positive action. If employees feel they’ll be judged or punished, they’ll keep quiet. Leaders in your company need to set the tone by being open about their own experiences with reporting issues. When the big boss talks openly about security, it encourages everyone else to do the same.

You could even consider appointing security champions within different departments. These are your go-to people for their peers, offering support and making the reporting process less intimidating. Keep security a regular topic of conversation so it stays fresh in everyone’s minds.

Also, celebrate the learning opportunities that come from reported incidents. Share success stories where reporting helped avoid a disaster. This not only educates but also motivates your team to keep their eyes open and speak up.

By making it easy and rewarding for your employees to report security issues, you’re not just protecting your business; you’re also building a more engaged and proactive workforce.

Encourage open communication, continuous learning, and avoid shaming anyone for their mistakes. The faster issues are reported, the easier and cheaper they are to fix, keeping your business secure and thriving.

This is something we regularly help businesses with. If we can help you too, get in touch.

Read more

More businesses are proactively investing in cyber security defences

More and more businesses are making the smart decision to be proactive and invest in their cyber security defences. This is fantastic news, especially since stats show that about half of small and medium-sized businesses still have no cyber security measures at all.

If your business falls into that category, it’s time to change.

Cyber security might sound complex, but it starts with a few simple steps. Let’s talk about some basics you can put in place right away.

First, think about encryption and multi-factor authentication (MFA). Encryption is like putting your data in a secure vault. It ensures that even if someone intercepts your information, they can’t read it without the encryption key.

MFA adds an extra layer of security by requiring you to verify your identity using a second device, like your phone, whenever you log in. It’s a bit like needing two keys to open a lock instead of just one.

Another easy step is using a password manager. These generate long, random passwords for every account and remember them for you. Password managers make life easier and your business more secure in one package. Amazing.

Advanced monitoring tools are another great way to protect your business. They’re a little like security cameras for your digital space, always on the lookout for anything suspicious. These tools help detect unusual activity in your systems, giving you a heads-up if something’s not right.

And let’s not forget about protecting your business from phishing scams. These are attempts by criminals to trick you into giving away personal information by pretending to be someone you trust, like a supplier or a bank. Educating your team on how to spot these scams is crucial. If something feels off, it probably is.

Why is investing in cyber security so important?

  • It protects your data
  • Avoids financial loss
  • And builds trust with your customers and partners

Your business data is valuable, and protecting it means safeguarding your business’s operations and reputation.

Cyber attacks can be costly, not just in terms of money but also time and resources. Prevention is ALWAYS cheaper than dealing with the aftermath of a breach. Plus, showing that you take security seriously helps build trust with your customers and partners. They need to know that their information is safe with you.

Investing in cyber security doesn’t have to be daunting. We’re the experts in this field and would love to help you secure your business. Whether you need advice on getting started or want a comprehensive security plan, get in touch.

Read more

Content and DNS Filtering

What is it

  • DNS filtering involves using the DNS to block malicious websites and filter out harmful or inappropriate content.
  • Content filtering is a software-based approach that prevents domains from resolving altogether.

What do they do and why is it important.

Lets start with content filtering. Content filtering prevents websites from being accessed. Most solutions will use website categories that are then either blocked or allowed. But most solutions will allow you to allow certain groups of people to access certain category of website (Marketing could acccess Social Media). However you might also allow everyone to access social media over their lunch break.

By doing this you are achieving 2 things, firstly you are preventing employees from wasting time, doing stuff they shouldn’t. But it is also helping you to protect employees from stuff online they shouldn’t really be accessing.

DNS Filtering, unlike content filtering where websites are blocked based on the categorisation of the content, this is blocking the site, because of the DNS (The Domain Name) for instance with our solution we block all new domains, and restrict access to domains upto 30 days from registration. We do this because it helps prevent phishing attacks. Imagine you receive a phishing email, and you click on the link, but instead of getting a webpage that looks like something you should sign in to, you end up with a blocked page site.

If you want to know more please contact us

Read more

Uh oh! You’re at greater risk of malware than ever before

Here’s something not-so-fun but incredibly important to talk about: Malware attacks.

And it’s bad news. These scary cyber threats are hitting small and medium-sized businesses (SMBs) harder than ever before. That means you need to know how you can defend your business.

First things first, what exactly is malware?

Think of it as the digital equivalent of the germs that make you sick. Malware, short for malicious software, is like the flu virus of the cyber world. It’s designed to sneak into your computer systems or network and wreak havoc in all sorts of ways.

So, what kinds of malware are we talking about here?

Well, according to a recent report, there are a few major troublemakers: Information-stealing malware, ransomware, and business email compromise (BEC).

You might be wondering why you should care about malware. Let me set the scene. You’re running your business smoothly, minding your own business, when BAM! A malware attack hits.

Suddenly, your files are encrypted, your systems are locked down, and you’re being held hostage for ransom.

Sounds like a nightmare, right?

That’s the reality for many SMBs facing malware attacks. It’s not just about losing money – it’s about the potential damage to your reputation, your operations, and your customers’ trust.

But there are plenty of ways to fight back against malware and keep your business safe and sound:

Educate your team

Teach your employees to spot phishing emails (an email pretending to be from someone you trust), suspicious links, and other sneaky tactics used by cyber criminals. A little awareness goes a long way.

Armour up your devices

Make sure all your computers and devices are equipped with the best software to prevent attacks.

Back up, back up, back up

Regularly back up your data to secure offsite locations. That way, if you are attacked, you’ll have a backup plan (literally) to restore your files.

Fortify your network

Improve your network security with firewalls, encryption, and other powerful weapons. We can help with all of that.

Stay sceptical

Be cautious of suspicious emails or requests for sensitive information. When in doubt, double-check the sender’s identity and never click on risky links or attachments.

Have a plan

Prepare an incident response plan for dealing with malware attacks. Think of it as your emergency playbook, complete with steps for containing the threat, recovering your data, and reporting the incident.

That’s a lot to take in, but remember, knowledge is power. These are all things we help our clients with, so they don’t have to worry about it. If we can help you too, get in touch.

Read more

Firewalls

Perimeter and device firewalls

This week, we turn our attention to the subject of firewalls, both at the perimeter and on your local computer.

Perimeter

A perimeter firewall serves as the first line of defence in network security. Acting as a gatekeeper between internal networks and external threats. It scrutinises incoming and outgoing traffic based on predetermined security rules, blocking unauthorised access while allowing legitimate communication. By monitoring for malicious activities, it prevents attacks such as intrusions, hacking, and data breaches. Implementing a robust perimeter firewall is crucial for safeguarding sensitive data and maintaining the integrity of IT infrastructure, making it an indispensable tool for businesses in the digital age. Its strategic placement on the network edge ensures a secure perimeter, fortifying an organisation’s cyber defences.

Modern perimeter firewalls will also be able to run add on software. To provide a range of additional features. Whilst for many with cloud based email, having anti-spam module enabled is probably a waste of time. Utilising the anti-virus module is always a good idea to try and prevent a virus right at the gateway.

Device firewall

It is important to have a firewall enabled on any device, even if your device is sat behind a perimeter firewall! This is to make sure that it is on if you take your device out and about

Read more

Advanced End Point Security

Advanced End Point Security

Whilst all out packages include Anti-Virus. We are the first to admit Anti-Virus alone is not enough anymore, and will never ever keep you completely safe.

We supplement the Anti-Virus with some advanced end point (Computer) tools.

The first security measure is to make sure you aren’t an administrator on your computer.  Most people when creating their account will select the account to be an administrator account.  This in the main is not needed, and without the administrator permissions, then it is slightly harder for bad actors to do things with your computer.

Secondly we use a tool, that locks down the computer, and the software installed.  Most applications have a wide range of permissions and can do stuff it just doesn’t need to be able to do.  This is then used to make sure any compromise is fully utilised. Bad actors will do this, by making sure they can always access your network (persistence), as well as spread through the network searching for your data.

By locking everything down this should ensure your physical device is safe, and whilst all this means there are a few steps to go through if you want to install something new. The delay is normally less than 10 minutes, we firmly believe this is well worth waiting for. Achieving a safe cyber secure environment.

Of course the biggest issue for most businesses is a compromise of cloud accounts. And so we monitor the log in for unusual behaviour, like:

  • logging in from somewhere you aren’t
  • multiple logins from different locations. 
  • Multiple unsuccessful logins

This along with measures taken to help the computer user, should help keep you safe. But to make sure we also back it up (more to come in few weeks’ time).

For more info give us a call to arrange a complimentry Cyber Security Check

Read more

Patch management

Patch Management

A lot of the time when systems are compromised in a Cyber Security Attack, it is because something that should have been updated hadn’t been! Patch Management.

So, this week we have a look at the various updates that need to be considered. Is your IT support company doing all of this!

Firstly, we will start with the Operating System.

No matter what flavour of system you are using they all need updating, this should include everything from your server, through to your mobile phone. Although manufacturers will rave about the improvements in updates, the biggest reason we think you should install these updates as soon as you can is that they patch critical security holes.

It is also worth bearing in mind that some of these may not be selected to be installed by default. Or your IT support provider may not automatically install them. On operating system updates one of the biggest things, we see is people not restarting their computer.  These updates if they require a restart, are not fully installed until the restart has happened.

Applications

Almost all applications have updates, and a good practice is to make sure these are up to date as well. Especially your web browser, a lot of attacks happen through web browsers this includes a method that bypasses MFA (2FA) So make sure you are updating all of your applications.

If you no longer need an application, then the best thing to do is to uninstall it

Lastly, something you probably have never considered is a piece of software that you won’t normally ever see.

FIRMWARE.

Firmware is software on many devices that control how the hardware operates, these should also be updated. You will find these not only on computers, and servers but switches wifi access points, telephones, printers – The list goes on, and on. You or your IT supplier should make sure these are kept up to date. They are available from the manufacturer, and the systems to keep these up to date have improved over the years. But some are still difficult to know when updates are available.

Whilst looking at the Firmware please remember that when a manufacturer stops updating the firmware this is normally because the device has reached end of life. And even if it is working properly, you should consider changing it,

If you want to make sure you are covered, please get in touch.

Read more

Cyber attacks: Stronger, faster and more sophisticated

A new security report has revealed some alarming trends. 

First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We're talking an average of just 62 minutes compared to 84 minutes last year. 

This is not good news.

Not only are these attacks faster, but they're also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company. 

And guess what? These cyber criminals aren't sitting around twiddling their thumbs. They're getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That's barely enough time to grab a coffee, let alone mount a defence.

But here's the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks. 

They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.

Or they pretend to be someone your team trusts. This is called social engineering.

So, what can you do to protect your business from these cyber threats? 

•	Educate your employees
Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes.

•	Implement strong password policies
Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in).

•	Keep your systems updated
Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.

•	Invest in cyber security software
Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).

•	Back-up your data
Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss.

When it comes to cyber security, it's better to be safe than sorry. If we can help you to stay better prepared, get in touch.

A new security report has revealed some alarming trends.

First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year.

This is not good news.

Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company.

And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence.

But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks.

They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.

Or they pretend to be someone your team trusts. This is called social engineering.

So, what can you do to protect your business from these cyber threats?

  • Educate your employees

Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes.

  • Implement strong password policies

Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in).

  • Keep your systems updated

Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.

  • Invest in cyber security software

Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).

  • Back-up your data

Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss.

When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch.

Read more

Why IT needs to be monitored and managed

Why IT needs to be monitored and managed

Why does IT need to be Monitored?

To put it simply what isn’t measured (monitored), can’t be improved!

So we monitor a whole range of things. Some are basic physical items, such as storage space used.  We do this so if the drive is full we can run a script and try and free up some space to keep it working at it’s best. Other items may just raise an alert so we can track the history, like high temperature alert.

Other items we measure, is looking for cyber Security issues. This is just basic items, this supplements the security measures we also recommend (coming in a future post)

We monitor the software, as well, this is partly to make sure nothing is installed that shouldn’t be, but also what is installed is fully up to date.  Similar to our process for updating Windows itself.

If it is monitored it can be managed.

As mentioned above the items we can monitor can then also  be managed. The whole idea around this isn’t to monitor what the user is doing! But to ensure that the computer is always running as well as it can, and to make sure the computer is also cyber secure.

But it doesn’t stop with computers. We can also monitor and manage Network equipment to ensure that this is also running well, and securely.

What does this mean for your Business

Aside from knowing your employees are working on devices running as they should and securely. It also means they are able to work efficiently. And it also means that you can make decisions on when to update/upgrade equipment based on facts and not on a feeling.

You might want to look at our IT Support or IT Services Pages

In summary, IT monitoring and management are not optional; they are critical for business continuity, security, and growth. Organisations that prioritise these practices can harness the full potential of their IT infrastructure, drive innovation, and stay ahead in a rapidly evolving digital landscape.

Read more

Why we do Security packages and not support

Why we do Security packages and not support

For the last 2 years, we have been working on moving from providing support to providing security. We no long just sale support!

Why!

Since I started Limbtec way back in 2002, what we did and how we did it was far different to today. About 50% of our work was support including installing, and configuring, and about 50% from sales of hardware and software.

Our business model has changed over time, most recently to providing support mainly via remote means. And this being around 80% of our business model, with the remaining being cloud services.

Security

A little over 2 years ago, I sat down and looked at whats next! And the continual biggest issue facing our customer base was Cyber Security, and Cyber Hygene. There is a saying, that if you haven’t had a cyber security breech, then you either don’t know about it, or you are about to!

What needed to change.

The biggest problem is up to this point we were looking at what could be done to help businesses grow. And use technology to achieve that. What the whole of the IT industry seemed to have done is forgotten about making sure this was done in a secure manner! A security first approach.

Methodology

I am not a great fan of reinventing the wheel! And in the UK, there is a certifcation scheme called Cyber Essentials. So we used this framework to build out 3 tiers to achieve Cyber Essentials Standards. Even if Cyber Essentials Certification is not taken up! Our clients should be secure, due to massively improved Cyber Hygene.

Monitoring

So the biggest issue with Cyber Essentials is that it is done on a snap shot. At that point you have a good cyber hygene, but there is no requirement to monitor this. This is where our packages come in, we will monitor the items required, and we budle extra measures in to the mix (depending on package) to strengthen your security.

We haven’t forgotten Support

We started as a support company! And as the biggest growing support requests are around Cyber Security, we are facing these head on, but haven’t forgotten about other support issues, we bundle support into all packages at various levels.

Over the coming weeks, On a wednesday I will be blogging details of what we thing is important to consider, with your business and cyber security. If you want to have a free review please contact us

Read more