Windows is the prime target for cyber criminals

Windows is the prime target for cyber criminals

Windows is the prome target for cyber criminals, the bigget reason why is its huge dominance in the workplace. The bad actors are trying to steal your information, disrupt your business, or hold your data to ransom.

Tens of millions of attempted malware attacks were discovered throughout this year, and a massive 95% of those threats were targeted at Windows.

Although most of these are unsuccessful, those that are succsessful can cause havoc for the affected businesses. The best way to minimise or prevent this is by taking all possible precautions to protect your business and your data.

  • Hardware and software companies release regular updates to address threats to Windows users, as well as security patches designed specifically to deal with new risks. These should all be installed as soon as they become available.
  • Your people should be regularly trained in how to spot cyber security threats and what to do if they suspect one.
  • And because it’s not possible to protect every business from 100% of all threats, it’s also important that you have a strong resilience plan in place.

Resilience Plan

This should detail exactly how your business should react if it falls victim to a cyber attack and who should be notified to take action. Everyone in the company should have access to this document and know to report any potential attack as quickly as possible – that’s the best way to lessen its impact.

If you have an IT service provider, they’ll be able to make the best recommendations to keep your business safe and secure, train your people, and even provide monitoring to spot any potential danger before it becomes a problem.

This is something we do every day. So if we can help your business become more resilient, just get in touch.

Read more

Holiday Cyber Attacks

Holiday time is coming and so are the Holiday cyber-attacks!

Before working in IT, and Cyber Security, I was in the Military, and whenever we were operating during holiday periods, we knew in the back of our minds that if something was going to happen it would happen during holiday time.

The same is true of cyber-attacks and cybercrime. This year we might see more than previous years, already in early October there was an attack on some of America’s largest airports websites.

It isn’t just the Christmas holiday period that we see the increase

  • Colonial Pipeline (Mother’s Day Weekend (US))
  • Kaseya 4th of July
  • Sony and Microsoft Christmas Eve)

Holiday Cyber Attacks, why and what you can do.

The bad guys are aware that during holiday periods there are fewer employees around to look after the infrastructure. Also we are all preoccupied with thoughts of the festive season. So may click on items that we might not normally do.

Security tips:

  • Train empolyees in cybersecurity and phisihing awareness.
    User error is still the number one cause of malware attacks, make sure all employees undergo an annual social engineering training.
  • What are the internal threats, including scanning and patching software?
    If you are able to make sure these are taken care of this will help in securing your organisation from exploits whilst there is limited supervision during this period.
  • Who has access to your Systems.
    Have you implemented a strategy to restrict who has access to data stores, and applications. Only allowing team members access to what they need and having the right levels of privileged access will help.
  • Protect the Network
    Although perimeter firewalls will assist in a strong defence, you should also deploy firewalls at the endpoint, and this should block applications and traffic, unless it is required.

Don’t get caught out this year! If you need any help on this please call 01752 546967 and we will be happy to help.

Read more

Malicious browser extension are you using them?

There are hundreds of thousands of browser extensions designed to help us to save time, be more productive, and personalise our online experience.

And while the majority of them do what they’re supposed to, some are not designed to help you at all…

If you’re unfortunate enough to download a malicious browser extension without realising, it could harm your productivity and even flood your work with unwanted advertising.

This is known as adware. It’s a form of malware (malicious software) that’s designed to bombard you with unwanted adverts.

It can also change your search engine and send you to affiliate pages when you’re making purchases. These activities generate revenue for the extension’s creators.

In a recent report from a cyber security company, it revealed more than 4 million of its customers have been attacked by adware hiding in browser extensions over the last couple of years.

And often people didn’t realise they were under attack.

There’s a darker scenario where these malicious extensions are hiding actual malware which can infect your computer.

This can lead to sensitive data such as your logins or even payment details being stolen. And of course malware can spread across an entire network.

To keep your business and its data safe from the risk of malicious browser extensions, it’s important you only ever download them from reliable and trusted sources.

What to do

Read reviews and look at ratings. If a browser seems too good to be true it probably is.

As the business owner, you might also look into controlling which extensions can be installed by your team.

We can help with this, as well as looking at up-to-date software protection and (fun) security training for your team.

Published with permission from Your Tech Updates.

Read more

Are you under pressure to take action.

Phishing scams are one of the biggest security threats to your business right now. As we all get used to these emails the scammers are upping the pressure to take urgent action.

A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.

But to make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into taking action and giving away their login details.

This phishing attack begins like most others, then the pressure to take urgent action.

You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked.

You’re then asked to click a link to verify your email address and password.

That’s worrying enough, right?

But what makes this phishing attack even more dangerous, is the countdown timer that appears on screen.

Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends, otherwise your account will be deleted.

Yes, deleted! That catches a lot of people’s attention.

This is a powerful manipulation tactic designed to scare people into taking immediate action – and think later.

In reality, if that countdown hits zero nothing will happen. But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is the real deal or not.

The page you’re entering your details on is fake. Criminals will steal your details and login to your real account. That’s a major problem you don’t ever want your business to face.

You’ll be at risk of data theft, financial loss, or malware, as well as potentially putting other accounts at risk (if you’ve reused your password).

Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.

Here are some basic phishing protections for you and your team.

Look at the email address the email was sent from. Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.

If you think you’ve fallen for this kind of scam, it’s important you change your login details immediately. Don’t click a link in an email – type in the website address in your browser.

We’d also recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have.

It will store these passwords for you. And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).

Share this article with your whole team right now. And if anyone ever clicks a link they’re not sure about, ask us how to keep your business safe.

Published with permission from Your Tech Updates.

Read more

Working from home, is it good for your business?

Working from home. Or remote working, as it’s now called.

It’s the big thing in business, isn’t it? And some people love it.

They’re happier working where they want, and when they want. And that makes them more productive and less likely to leave.

But have you stopped to consider the downside to remote working? The negative elements for your business and your people?

While many employees are happy to work from home using video calls and collaborative software to stay connected, there’s a small percentage who find the whole experience isolating.

And when that happens, it can quickly lead to a drop in motivation and happiness. It can even change the culture within your business.

In turn, this can lead to performance issues which may be trickier to spot.

At the other extreme, some employees will become more susceptible to burnout as they struggle to draw a line between work and personal time. That change in environment can be so important for some.

And while you want your team to be happy and fulfilled in their roles, there are also some practical considerations you need to make for your business.

Practical Considerations

Such as the cost of remote working. Does everyone have the right tools for the job – laptops, phones, office equipment? Maybe even a desk and chair, or an internet upgrade?

Do you need to spend twice – giving them an at home setup and investing in hot desks in the office?

Most importantly, you must put in place full cyber security protection wherever someone is working.

Here’s how we can help you stay safe and potentially save money.

Would you like us to audit your current setup and suggest some options? This is what we do every day. Just get in touch.

Published with permission from Your Tech Updates.

Read more

Are your Apps spying on you?

Are your apps spying on you. It’s no secret that some applications are a little too interested in us and what we’re doing.

We’ve all had this experience. You might be talking to a friend about a new product that you’d like to try. Or perhaps you’ve discussed somewhere you’d like to visit.

Then the next time you go online you see adverts for the exact things you were talking about.

It’s more than a coincidence, surely???

Until recently, we haven’t had a lot of control over what information our apps are gathering about us.

Android and iOS first stepped up to give us more power over our online privacy. We were given the ability to control which apps could access our data, and sensitive things like our camera and microphone.

But while it’s easy to think of this only being an issue with phones… laptops have the same problems.

So here’s some great news, to stop your apps spying on you.

Microsoft’s testing a new feature in Windows 11 to put the power back in our hands.

It’s currently testing a new feature – called Privacy Auditing – which allows you to see which applications have been accessing sensitive hardware, like your webcam and microphone.

You’ll also be able to see if your screenshots, messages, and even your contacts and location data have been accessed. And there’s a log of which apps accessed this info, and when.

When launched, the feature will be available in your Privacy & Security menu, under App Permissions.

There you’ll be able to see a full list of what’s been accessed, by which app, and when. It should become your first port of call if you suspect any suspicious activity is taking place on your device.

When the feature is released, it will be a great tool to check periodically to help you avoid malicious activity and to make sure your sensitive data remains in the right hands.

In the meantime, if you’d like someone to look over the data permissions on your business’s devices, get in touch.

Published with permission from Your Tech Updates.

Read more

3 common cyber security mistakes?

As a security first IT services company we know our customers are being warned almost daily from many sources about Cyber Security.

Well that is because last year, ransomware attacks alone affected 73% of UK businesses.

And the cost of cyber-crime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’.

But we’re still seeing far too many businesses that aren’t taking action, we firmly believe this is simply because this may all be far too overwhelming.

However it’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of £££.

And at the same time you’ll suffer an average of 21 days downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about.

That’s not to mention the loss of trust your clients have in you, which could lead to you losing their custom.

It’s really important that your business is taking appropriate steps to keep your data safe and secure.

That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business.

This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make.

Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.

You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster.

But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?

This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.

If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place.

And will be back on their feet faster if the worst does happen.

You should also have an up-to-date plan in place that details what to do, should an attack happen.

This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

Call us, and we’ll review your current security arrangements.

Published with permission from Your Tech Updates.

Read more