Protect your business from scams with FREE cyber security features

Could your business afford to lose £100,000? We don’t know of many SMEs who easily could, especially in the current climate, where the global pandemic has created extra expenses and minimised income streams in plenty of cases. By layering a few simple, inexpensive, or even free security measures, you can slam the door firmly in the faces of cyber criminals looking to take advantage.

First of all, let’s take a look at a real scenario from the experience of a local business who were scammed out of £100,000, which all started with a spearfishing attack.

 

What is a spearphishing attack?

 A spearfishing attack, is when login credentials are gathered by means of a fake login page. In our example, the victim found himself on a login page which looked legitimate, mirroring the real login page he would usually use, but in actuality it was being used to send his username and password straight to the scammers.

The criminals then didn’t do anything straight away. They monitored the victims’ inbox for six months in order to determine if his was the right inbox to use to carry out their plan, and it turned out that he was. In that time, they analysed the language, the nicknames he used for people, and they learnt who authorised what within the company. Only when they were confident that they had all the information they needed did they make their move.

 They found an email relating to a financial transaction, doctored it with their own financial details, let it loose, and £100,000 was paid into the wrong account.

 

How to prevent being scammed with cheap or even free cyber security features.

  

How to prevent being spearphished

First of all, we’ve written about security before and the importance of layering security measures to give your business the best chance of protection. And this example is great for showing what that might look like.

 First of all, we want to do everything we can to prevent the spearphishing.

 For Office 365 users, there is something called Advanced Threat Protection which you can add to your mailboxes. This checks links for threats in real time, which means if you visit a website one day and it’s fine, but they get hacked overnight, if you go to click on the same link the next day you will receive a warning. Advanced Threat Protection won’t remove the risk of threat completely, but it’s the first line of defence. In our example, this could have alerted the victim that the website he was about to visit wasn’t legitimate.

 The second line of defence here, is DNS filtering. This compares links with a catalogue of known phishing attempts which is kept up-to-date. That combined with the Advanced Threat Protection, provides a good amount of security.

 

But what if someone still managed to slip through the net?

 Office 365 saves the day again with multi factor authentication (MFA). And the really wild thing about this is that it’s completely free. That’s right, if you already have Office 365 – which most businesses do – you can enable MFA at no extra cost.

 MFA means that when you login, as well as your username and password, you also need to enter a code which is usually sent to, or generated by an app on a mobile device. So even if someone elsewhere had your username and password, they wouldn’t be able to login without that extra code as well. This would have stopped our scam example in its tracks.

 So there we have it. Three simple things which are either free, or pretty inexpensive, could stop your business from losing £100,000. It really is a no brainer!

 

If you’d like us to take a look at your data security setup as it is at the moment, and recommend any changes to stop something similar from happening to you, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. We don’t want anyone to lose their money to scammers, when the fix can be so simple.

How to solve the problem of voicemail

We’ve all experienced that situation phoning a company as a customer and either being put on hold, or reaching voicemail. It’s a frustration for customers, and a very real concern for businesses – particularly those who are currently in a stage of growth without quite enough resource to answer all of the calls they’re receiving.

The frustration for your customers can be lessened if you think about their experience when they call you.

Reduce the number of missed calls in the first place

With a VoIP phone system, you can easily have it set up so that multiple phones ring at the same time. That way if the main person answering the phones is busy, someone else can pick it up if they need to. Even if they’re taking a name and number for the relevant person to give them a call back, it does a lot for keeping customers happy.

Sometimes voicemail is inevitable

With all the best will in the world, sometimes people will still need to leave you messages. With a VoIP phone system, you can set up voicemail to email. This means that when someone leaves a voicemail, you instantly get a notification to your email, as well as a recording of the message. This makes it much easier to go through your voicemails and deal with their contents methodically, making sure nothing gets missed.

If you’ve been thinking about updating your phone system to help reduce the number of missed calls and reduce customer frustrations, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment to chat with Jon Cross here. We’re all about excellent communication!

Don’t let an Arsenal fan ruin everything

Cybercrime is a massive threat to every business on the planet, but there are simple things you can put in place to make your business less attractive to cybercriminals, perhaps the simplest being good practice when it comes to passwords.

Something that makes it only too easy for hackers to gain access to systems and sensitive data that they shouldn’t, is poor password practice. What do we mean by that?

You might have all the data security policies under the sun that have been read and signed by your team, but all it takes is one of your employees to ignore it and set their password as ‘ArsenalRGReat123!’ for everything, get their emails hacked by a cyber criminal who finds them on LinkedIn, looks for them on Facebook, sees them outside the Emirates stadium in an Arsenal shirt and then guesses their password, for you to lose serious money.

Argh!

Don’t leave the security of your business up to an Arsenal fan. (Arsenal fans, please feel free to replace with a different team of choice!) if you’d like us to talk you through, implement, and provide training for the use of a password manager,  give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. Password managers are a really great tool, and we think everyone should be using one!

7 essential layers of cyber security

Unfortunately, there isn’t just one magic piece of technology you can implement in your business to give you 100% security. To give yourself maximum protection against cyber threats, you should be layering your approach like an onion, or an ogre (a little reference for any Shrek fans out there).

Here are 7 things we think you should be looking at to give you and your business the best possible chance when it comes to cyber security.

1. Social engineering

 • Make sure you have a process in place to verify email senders or callers when they are asking for sensitive information, or for something to be carried out in relation to security or finance.

For example, make sure that all staff know that if they receive an email asking for money to be transferred, that they should ring the person asking and verify that it’s a legitimate request before taking action. 

2. Physical security

 Virtual systems are great, and badly needed, but don’t abandon physical security just because you feel protected!

• Keep physical servers locked away
• Don’t leave USBs or passwords out on display. In fact, don’t write passwords down – you should be using a password manager instead. 

3. Wireless security

 WiFi is often overlooked, but WiFi signals extend beyond the four walls your business is situated in which can leave you open to security breaches.

• Make sure the router password has been changed from the default
• Check the protocols it uses are up-to-date giving you the best security. Neither WEP or WPA are sufficient protection anymore
• If you’re offering the use of WiFi as a business, you are legally responsible for what people are looking at online. Make sure you have correct filters, and IP address logging capabilities.

4. Passwords

 • Passwords should be long, not contain personal information (like your favourite football team, or kids’ names) and you should use a different password for each login you have.
• Using a password management tool like LastPass will make this easier.

5. Multi-factor authentication

 • Most systems now support multi-factor authentication which will help protect your account. It means you’ll need to provide an extra piece of information when logging in, such as a code generated by your mobile, but it can stop a hacking attempt dead in its tracks! 

• Check the settings on your critical accounts such as email, or database which holds customer information and make sure multi-factor authentication is enabled

6. Email security

 • You should never click links or open attachments on emails when you don’t know the sender – if you think something is suspicious but aren’t sure, ask your IT provider to check it out for you. They won’t mind – it’s better to be safe than sorry.

• Make sure to have spam and phishing filters in place – these won’t stop suspect emails 100%, but they will reduce the number decreasing the likelihood of a member of staff falling for a phishing attack. 

7. Anti-virus

• Anti-virus should actually be the last line of defence – although there’s nothing out there that’s 100% perfect, so don’t rely on it always picking up on something dodgy.

• For maximum protection for your business, consider using a product that supports application whitelisting and device control which will give you more control over the devices used within your business.

If you’d like us to take a look at your data security setup as it is at the moment, and check that your security is up to scratch, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment to chat with Jon Cross hereWe can help you make sure that your security measures are doing what they should, and keeping you protected.

 

5 reasons you should be using a password manager

5 reasons you should be using a password manager

Most of the time we find ourselves saying things like, one size doesn’t fit all because every business is unique, but in this instance, a password manager is a tool everyone should be using and here are five reasons why.

#1 Every account you have needs a unique password

 That’s right. This might sound like a slightly terrifying concept because when taking into consideration both business, and personal use you could be looking at a number in the hundreds for how many accounts you have that require login information, but having a unique password for each and every one is important.

 Even if you use a relatively strong password, if say, your password is leaked in a data breach at a clothing company, hackers could try your login credentials for that in order to get into your email – where they’ll not only have access to read your emails, they’ll also be able to reset passwords for other things.

 By storing your passwords in a password manager you can be safe in the knowledge that they’re secure, and you don’t need to stress about remembering them all.

#2 Generate passwords at random

 Password managers have a feature that allows you to generate a strong password, using symbols, random letters and numbers, and capitals and lower case. Because you don’t have to remember them off the top of your head, you can use the generator’s suggestions and know that if you don’t even know the password off the top of your head, a hacker is highly unlikely to have success at guessing it either.

#3 You only need to remember one password for everything

‘What? But you said everything should have a different password, make your mind up!’

It’s true, we did say that. But password managers work by saving your passwords for each account so you only need to log in to the password manager to gain access to your accounts. Just one password to remember, but you’re no less secure – result!

#4 Sync across all of your devices

Most password managers also have an app, so you can sync your passwords across your devices so won’t find yourself stuck trying to log in to your emails from your phone and having to manually type in a really long, complicated password. This is such a time saver!

#5 It’s not just passwords

And finally, you don’t just have to use them for passwords. You can also save information like answers to your security questions, or important backup codes for multi-factor authentication.

 

If you’d like to learn more about password managers and how they can improve the cyber security of your business, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. Password managers are a really great tool, and we think everyone should be using one!

Keep your sanity intact when it comes to projects, with Microsoft Teams

Keep your sanity intact when it comes to projects, with Microsoft Teams

When you’re working on a big project, it can be hard work at the best of times, even when you’re all together in the same office space. The challenges become greater, when you add distance and not being able to see each other in person, into the mix. One of the best ways we’ve found for removing the frictions that come associated with remote working, is making sure the tools you’re using are completely fit for purpose and well-suited to everyone. For this, we recommend Microsoft Teams in particular.

What’s so great about Microsoft Teams?

Since it was launched, it’s the fastest growing app in the history of Microsoft – more than 330,000 companies are using Teams worldwide very successfully, and they can’t all be wrong!

#1 Not just about the chit chat

When you conjure an image of MS Teams in your head, what are you thinking of? Video calling? Chat? Well yes, it does have both of those features but the power of it goes far beyond that. Within the chat feature, you can share files or integrate it with other Microsoft products like OneNote or Office which means you don’t need to keep switching windows to find information that you need. You can even schedule meetings straight from chat – what a timesaver!

#2 Streamline your meetings

Hands up who likes hosting meetings? We thought not. In the age of virtual meetings especially, it’s easy to get involved in something and then realise 5 minutes beforehand that you need to find the agenda, agreed action points from somewhere else, and there was another document you wanted to go through- where’s that?

Meetings in Teams are a breeze. As soon as you’ve created the meeting you can chat to participants about the agenda, share files so they can all see them, and keep the meeting notes all in one place for easy access and finding. Once the meeting is over, the recording is available right alongside the notes and agreed actions – easy for anyone who missed the meeting, and a great way to keep on top of things.

four avatars on a group video call

A reduction of the dreaded emails

By structuring the conversation in Teams, in a way that suits your business, quick conversations can be held here rather than clogging up your inbox and giving you more stuff to wade through every time you check it.

Collaborate on documents from within Teams

Teams integrates seamlessly with Office 365, which means there’s no need to switch apps when collaborating on a document. You can create one, and share it with your teammates immediately so you can work on it together – it’s as easy as pie.

Get the app!

If your work takes you beyond the desk, then there’s no need to miss out on important conversation. You can download the Teams app and have access to all of your apps and documents as well as chatting, and joining meetings. You’ve got the power!

Would you like to know more? Give us a call on 01732 617788 or drop us an email to [email protected]. We’ve also got a guide about how to download and set up Teams to make the most out of it. You can download that here.