New phishing scam is smarter than ever… here’s how to protect your business

Microsoft is warning business owners about a new type of phishing scam (where cyber criminals pose as a trusted source to trick you into giving away login info), which uses popular cloud services like SharePoint and OneDrive.

Although these platforms are usually safe, scammers have figured out how to trick privacy settings to get past security checks.

The scammers hack your cloud storage by stealing your login details or buying them on the black market.

Once they get inside, they upload a file that is designed to look authentic – like a fake Microsoft 365 login page. They set the file to “view-only” or limit access to specific people, such as you and your team.

Opening these files or following any links inside the emails could cause serious damage to your business. Scammers can use your information to access your systems, or they can install malware (malicious software) that lets them cause disruption and steal information.

Recovering from these kinds of attacks can be expensive and time-consuming – not to mention the damage it could do to your business’s reputation.

Make sure your employees are aware of this new threat and know to be cautious when opening emails, even if they appear to come from a trusted service.

Before opening any shared files, double-check the sender’s identity. If something feels off, contact the sender directly to verify it.

Make sure you use multi-factor authentication (MFA) across all your team’s devices. This adds an extra layer of security by requiring a second piece of information (like a code sent to your phone) along with your password.

Also, keep your security software up to date so that it’s always ready to block the latest types of attack.

Would you like our help protecting your business with added security, training, and monitoring? Get in touch.

Read more

Beware this malware: It “annoys” you into handing over login details

How cautious are you and your team with online security? You know about phishing scams, dodgy downloads, and not clicking suspicious links, right?

But an even sneakier new malware (that’s malicious software) wants to frustrate you into giving up your Google login details.

The malware doesn’t have a catchy name yet, but it’s part of a larger threat known as “Amadey”, and it’s been on the rise since August.

It forces your PC into something called “kiosk mode” (a setting often used on public computers that only lets you access one window). This allows it to lock your browser in full screen mode, hiding all your usual navigation buttons like the address bar and menus. Then you get sent to a fake Google password reset page.

Normally, you’d just hit the Esc or F11 keys to get out of full screen mode, right? Well, not this time. It won’t work if the malware has infected your PC. It wants to confuse you into thinking you must enter your password to solve the problem.

The password reset page will look like a real Google page. But the second you type in your details, they’ll be stolen by a second piece of malware hiding in the background. Falling right into the hands of cyber criminals.

Pretty scary stuff.

But here’s the good news: You can break free without giving up your details.

If your browser gets stuck in full screen mode, try hitting ALT+TAB to switch tasks, or ALT+F4 to force the window to close. Otherwise, try closing it through your task manager (CTRL+ALT+DELETE).

If all else fails, just restart your PC by holding down the power button or unplugging it, then get an expert (like us) to look at the malware.

Prevention is always the best approach, though. Be wary if your computer starts behaving strangely, especially if your browser suddenly goes into full screen mode and won’t let you navigate away.

Avoid clicking on suspicious links or downloading attachments you aren’t sure about. And as tempting as it might be to get past an annoying screen, never enter your password unless you’re 100% sure the website is legit.

If you’d like us to teach your team how to avoid the latest scams, we can help. Get in touch.

Read more

A third of all data loss is caused by problems with backups

Losing access to your business’s data – even temporarily – is a nightmare worthy of a horror movie.

Data backup tools create copies of your data and store them in a safe place. If something goes wrong, recovery tools will use these copies to restore your lost files.

So, if your business already uses backup and recovery tools, you’d think your data is safe… but this isn’t necessarily true.

A new report shows that some backup tools aren’t always as reliable as they should be. In fact, a third of all data losses are caused by backup-related issues. When people try to recover data, they discover it’s been lost or corrupted.

It’s not just corrupted backups that you should be aware of.

One of the biggest threats to businesses right now is ransomware. This is a type of malicious software (or “malware”) that locks you out of your files unless you pay a ransom to regain access.

The report found that half of businesses using backup tools still ended up paying ransoms to retrieve their files, because it was faster than trying to use their own recovery tools. Even worse? Only a small number of businesses that paid ransoms were able to fully recover their data.

Backup tools are supposed to keep your data safe, so why are they unreliable for so many businesses?

Often, it’s because they haven’t been set up properly. And even when they are, they still need to be verified regularly to make sure they are still backing up your files.

Also, older backup and recovery tools can’t always keep up with today’s sophisticated cyber attacks.

Setting up and maintaining a reliable backup system can be complicated. IT experts (like us) can make sure your tools are running correctly every day.

We can also put in place extra safeguards such as continuous data protection (CDP). This constantly saves changes to your files, allowing you to go back in time and restore your data as it was just before an attack or loss. This is something we do for businesses like yours every day. If you’d like us to help you too, get in touch.

Read more

You’re ready for the upgrade… what’s holding you back?

With the end of support for Windows 10 just over a year away, many business owners are starting to wonder why they haven’t upgraded to Windows 11 yet. Are you one of them?

Research shows that most businesses could make the switch, but a surprising number are still holding back. This despite the upgrade being free and easy.

A recent survey of more than 750,000 Windows 10 systems found that 88% are on hardware that’s fully capable of moving to Windows 11.

Yet, 82% of businesses haven’t taken the plunge.

This is worrying, especially with the clock ticking down to the deadline in October 2025. After then, Windows 10 won’t get any more free updates, including all-important security patches. That could leave your business exposed to risks.

So, what’s the hold-up? For many, it’s the fear of disrupting business operations. Upgrading an entire business’s operating system might sound like a hassle, with concerns about downtime or technical headaches.

But the truth is, upgrading to Windows 11 can be a lot easier than you think, especially with expert assistance (contact us if we can help you with this).

And there’s more to it than just avoiding the risks of sticking with an outdated system. Windows 11 comes with so many benefits:

  • Better security to keep your business safe from modern threats
  • Improved performance to boost productivity
  • And a sleek, intuitive interface that makes work easier for your team

Plus, if you are using newer hardware, Windows 11 will let you make the most of it.

The upgrade from Windows 10 to 11 is free if your devices meet the requirements.

With so many advantages and the deadline fast approaching, there’s no reason to wait.

We help make all upgrades as easy as possible. Let’s jump on a call and we’ll tell you about our extensive preparation, when we schedule upgrades, how we train your team – and answer all your questions.

Our goal is to get you up and running on Windows 11 without disrupting your daily operations. Let’s talk.

Read more

Heads up: You need to update Windows 11 by this deadline

Microsoft has issued an important update: If you’re using Windows 11, you need to upgrade to version 23H2 before 8th October 2024. After this, older versions will no longer receive essential security updates, putting your systems at risk.

Why is this important?

Because Microsoft will stop supporting older Windows 11 versions for business accounts. This includes stopping security updates, which are vital for protecting your systems against the latest cyber threats.

The latest version includes advanced security features to protect against new threats, making sure your business data remains safe. But updating to Windows 11 version 23H2 brings other benefits beyond security. 

You’ll also notice performance improvements, making your systems run faster and more efficiently, which is great for productivity. Plus, new tools and features are continually added, helping streamline your workflows and improve overall efficiency. Staying updated ensures compatibility with new software and technologies, maintaining smooth business operations.

Delaying the update could leave your business vulnerable to cyber attacks. Without security updates, your systems will be exposed to potential exploits, risking data breaches and financial loss.

Microsoft typically enforces updates post-deadline to keep people safe, especially for business devices not managed by IT departments. While this is helpful, it’s better to update proactively on your own schedule.

Updating to version 23H2 is straightforward.

  • First, check your current version by going to Settings, then System, and selecting About.
  • Before updating, make sure to back up all your important files to prevent data loss.
  • Navigate to Settings, then Update & Security, and select Windows Update.
  • Click on “Check for updates” and follow the prompts to install version 23H2.
  • Once the update is complete, restart your computer and verify the new version in Settings, System, and About again.

Making sure your systems are up to date will keep your business secure and running efficiently. Don’t wait until the last minute… upgrade to Windows 11 version 23H2 now. Keeping businesses protected and productive is our top priority. So, if you need any help with that, get in touch.

Read more

Cyber extortion: What is it and what’s the risk to your business?

Here’s a topic that’s been making headlines and causing sleepless nights for many: Cyber extortion.

Is it something that’s on your radar? It should be, because it might affect your business one day.

What is cyber extortion?

It’s a type of cyber crime where criminals threaten to harm your business by compromising its data and digital assets unless a ransom is paid. These threats often involve ransomware, a malicious software that encrypts your data, making it inaccessible until you pay the ransom.

Sometimes, cyber criminals go a step further by stealing data and threatening to release it publicly on dark web leak sites if their demands aren’t met. This dual threat is known as double extortion.

According to a 2024 report, the number of victims of cyber extortion scams has skyrocketed by 77% over the past year. What’s more, small businesses are four times more likely to be targeted compared to their larger counterparts. This is a worrying trend, especially considering that smaller businesses often have fewer resources to defend against these attacks.

In the first quarter of this year alone, 1,046 businesses fell victim to double extortion. That may not seem huge, but bear in mind the actual number is likely much higher since many cases go unreported, hiding in the shadows of what experts call the “dark number.”

The truth is, all businesses, regardless of size or industry, are potential targets. However, certain sectors are more frequently attacked. Manufacturing, professional, scientific, and technical services, as well as wholesale trade, top the list. Alarmingly, the healthcare and social assistance sectors are also seeing a significant rise in attacks, despite the potential societal and political repercussions.

Cyber criminals are opportunistic and strategic. They target regions with strong economic growth and shared languages. For instance, cyber extortion attacks in the UK have increased by 96%.

What you can do.

While the rise in cyber extortion is a big worry, there are steps you can take to protect your business. Here are some key strategies:

Back up your data: Make sure you have a robust backup plan. Keep your critical data in an offline or offsite location and regularly test your backup restoration process.

Keep software updated: Make sure all your devices use the latest software, especially those connected to the internet.

Implement Multi-Factor Authentication (MFA): Strengthen your access controls with MFA. This adds an extra layer of security by requiring multiple forms of verification before access is granted (such as a code on a separate device). Also, limit user access to only the systems they need for their job.

Patch and vulnerability management: Regularly update your systems to fix any security vulnerabilities. Cyber criminals often exploit known weaknesses, so staying on top of patches can prevent many attacks.

By understanding what cyber extortion is and how it works, you can better prepare your business to defend against it. Remember, the key is to be proactive. If we can help prepare your business and keep it safe, get in touch.

Read more

Is that Chrome extension filled with malware?

If you use Google Chrome in your business, you’re probably familiar with extensions. These useful tools can enhance your browsing experience in countless ways, from blocking annoying ads to reducing distractions.

Extensions are incredibly popular because they can add so much functionality to your browser. But just as you need to be careful when installing new apps on your phone, you must also be cautious when adding new extensions to your browser. That’s because they come with a risk of malware.

It’s short for malicious software – that’s any software intentionally designed to cause damage to a computer, server, or network. Cyber criminals use malware to steal data, hijack systems, and even empty your bank accounts.

Google Chrome holds about 65% of the browser market share worldwide, making it the most popular browser by far. This popularity makes Chrome a prime target for cyber criminals. While cyber attacks sometimes exploit vulnerabilities in the browser itself, there’s an easier way to target Chrome users: Through malicious extensions containing malware.

Although Google keeps a tight watch on its Chrome Web Store, the risk is still there. A recent report claims 280 million people installed a malware-infected Chrome extension between July 2020 and February 2023. That’s a huge number and highlights the importance of being vigilant.

Surprisingly, many malicious extensions remained available for download on the Chrome Web Store for a long time. On average, malware-filled extensions stayed up for 380 days, while those with vulnerable code were available for about 1,248 days. One particularly notorious extension was downloadable for 8 and a half years before being removed.

So, how can you protect yourself and your business from these malicious extensions? Here are five steps we recommend.

  1. External reviews: Since checking ratings and reviews on the Chrome Web Store isn’t always reliable (many malicious extensions don’t have reviews), look for external reviews from trusted tech sites to judge whether an extension is safe.
  2. Permissions: Be cautious if an extension asks for more permissions than it should. If a new extension requests extensive access to your data or system, this could be a red flag.
  3. Security software: Use robust software to catch malware before it can do any harm. This is your last line of defence if you accidentally install a malicious extension.
  4. Necessity: Before installing any new software or browser extensions, consider whether you really need it. Often, you can achieve the same functionality visiting a website.
  5. Trusted sources: Only install extensions from trusted sources or well-known software providers. This significantly reduces the risk of downloading a harmful extension.

Chrome is the most popular browser, which means it will always be a target for cyber criminals. Google’s security team works hard to review every Chrome extension to ensure they are safe, but it’s still crucial to be vigilant.

If you’re unsure whether your extensions are safe or not, or you’d like more advice around keeping your business secure, our team can help. Get in touch.

Read more

Protect your business from a data leak with Microsoft Edge

Microsoft Edge for Business has just rolled out new data leak control capabilities. And that could be a good thing for keeping your sensitive info safe.

What are data leak control capabilities?

In plain English, they help prevent your sensitive information from getting out to the wrong people. Think of it as having an extra lock on your digital doors, making sure only the right people can access your important data.

Every business handles sensitive information, whether it’s financial records, client details, or proprietary data. If this information leaks, it could mean big trouble: Financial loss, legal headaches, and a hit to your reputation.

This new feature in Microsoft Edge helps keep your data secure by making sure only authorised people can access it. It also stops accidental sharing.

Depending on your industry, you may have strict rules about data protection. These new controls can help you stay on the right side of regulations.

And let’s not forget your customers. They’re more aware than ever about data privacy. Using a browser with strong data leak controls shows you’re serious about protecting their information, which can boost their trust in your business.

Microsoft Edge for Business has added this new feature into an easy-to-use package. You can set policies on how data can be shared – like stopping certain types of data from being copied or emailed to unauthorised recipients. This way, you’re less likely to have accidental leaks.

It uses artificial intelligence to spot potential threats and unusual data movements. Edge can alert you to a potential leak before it happens, giving you a chance to act proactively.

If you’re already using other Microsoft products like 365 or Microsoft Teams, good news: Edge for Business integrates smoothly with them, letting you apply consistent data protection across all your tools.

Ready to give it a spin? Here’s what to do:

1. Update your browser: Make sure all your business’s devices are using the latest version of Microsoft Edge for Business. This makes sure you have all the newest features and security updates.

2. Set your policies: Work with your IT support partner to set up data sharing policies that make sense for your business. Microsoft provides guidelines and templates to help you get started.

3. Train your team: Make sure your employees know about the importance of data security and how to use the new features. A quick training session can do the trick.

4. Monitor and adjust: Keep an eye on how things are working and tweak your policies as needed. You want to find a balance that keeps your data secure without disrupting your workflow.

Better still, why not get our team to just do this for you. Get in touch.

Read more

Ransomware threats are surging – here’s how to protect your business

Imagine waking up one morning, turning on your computer, and finding that all your important files – everything from customer data to financial records – are locked. Tight.

And then a scary message pops up demanding a ransom fee to unlock them.

That’s ransomware in a nutshell. It’s a type of malicious software that hijacks your data and holds it for ransom.

How does it happen?

It usually starts with an innocent-looking email or link. You might get an email that seems legitimate, asking you to click on a link or open an attachment.

This is known as a phishing email, where the sender appears to be genuine but isn’t. Once you click, malicious software is silently installed on your system. From there, the cyber criminals quickly go to work.

They’ll be encrypting your files so you can’t access them. Then, you get that dreaded ransom note, demanding payment in exchange for a decryption key to unlock your files. Paying the ransom is a risky move because there’s no guarantee you’ll get your data back, and it just encourages the attackers to target more victims.

2023 was a particularly bad year for ransomware, with attacks surging after a two-year decline. According to a report, there was a huge increase in ransomware incidents, breaking a six-year record.

One reason for this spike is the rise of something called Ransomware-as-a-Service (RaaS). This model lets cyber criminals “rent” ransomware tools, making it easier than ever for them to launch attacks.

As a result, more businesses are finding themselves posted on data leak sites, with a 75% increase in the number of victims between 2022 and 2023.

Ouch.

And it gets worse. Attackers are getting smarter. They’re developing new variants of old ransomware, sharing resources, and using legitimate tools for malicious purposes.

They’re also working faster, often deploying ransomware within 48 hours of gaining access to a network. And they tend to strike outside of work hours, such as when you’re tucked up in your bed, so they’re less likely to be noticed.

If your business falls victim to a ransomware attack, the consequences can be devastating. You might face significant financial losses, not just from the ransom itself but also from the cost of downtime and recovery.

There’s also the risk of losing critical data if you can’t decrypt your files.

Your reputation could take a hit if customers find out their information was compromised. Oh, and your business operations could be severely disrupted, affecting your ability to serve your clients.

What can you do?

The most important question then: How can you protect your business from this growing threat?

  • Start by educating your team. Make sure everyone knows how to spot phishing emails and avoid suspicious links and attachments
  • Regularly back up your critical data and securely store those backups offline
  • Keep your software and systems up to date with the latest security patches, and invest in strong security tools
  • It’s also important to limit access to your data. Only give employees access to the information they need for their jobs
  • Monitor your network for unusual activity and have a plan in place to respond to incidents quickly

If you do get hit by a ransomware attack, don’t panic. Work with cyber security experts (like us) to resolve the issue.

Remember, it’s best not to pay the ransom, as it only fuels the cyber criminals’ activities.

My team and I help businesses take proactive action to protect their data. If we can help you, get in touch.

Read more

More businesses are proactively investing in cyber security defences

More and more businesses are making the smart decision to be proactive and invest in their cyber security defences. This is fantastic news, especially since stats show that about half of small and medium-sized businesses still have no cyber security measures at all.

If your business falls into that category, it’s time to change.

Cyber security might sound complex, but it starts with a few simple steps. Let’s talk about some basics you can put in place right away.

First, think about encryption and multi-factor authentication (MFA). Encryption is like putting your data in a secure vault. It ensures that even if someone intercepts your information, they can’t read it without the encryption key.

MFA adds an extra layer of security by requiring you to verify your identity using a second device, like your phone, whenever you log in. It’s a bit like needing two keys to open a lock instead of just one.

Another easy step is using a password manager. These generate long, random passwords for every account and remember them for you. Password managers make life easier and your business more secure in one package. Amazing.

Advanced monitoring tools are another great way to protect your business. They’re a little like security cameras for your digital space, always on the lookout for anything suspicious. These tools help detect unusual activity in your systems, giving you a heads-up if something’s not right.

And let’s not forget about protecting your business from phishing scams. These are attempts by criminals to trick you into giving away personal information by pretending to be someone you trust, like a supplier or a bank. Educating your team on how to spot these scams is crucial. If something feels off, it probably is.

Why is investing in cyber security so important?

  • It protects your data
  • Avoids financial loss
  • And builds trust with your customers and partners

Your business data is valuable, and protecting it means safeguarding your business’s operations and reputation.

Cyber attacks can be costly, not just in terms of money but also time and resources. Prevention is ALWAYS cheaper than dealing with the aftermath of a breach. Plus, showing that you take security seriously helps build trust with your customers and partners. They need to know that their information is safe with you.

Investing in cyber security doesn’t have to be daunting. We’re the experts in this field and would love to help you secure your business. Whether you need advice on getting started or want a comprehensive security plan, get in touch.

Read more