Protect your business from scams with FREE cyber security features

Could your business afford to lose £100,000? We don’t know of many SMEs who easily could, especially in the current climate, where the global pandemic has created extra expenses and minimised income streams in plenty of cases. By layering a few simple, inexpensive, or even free security measures, you can slam the door firmly in the faces of cyber criminals looking to take advantage.

First of all, let’s take a look at a real scenario from the experience of a local business who were scammed out of £100,000, which all started with a spearfishing attack.

 

What is a spearphishing attack?

 A spearfishing attack, is when login credentials are gathered by means of a fake login page. In our example, the victim found himself on a login page which looked legitimate, mirroring the real login page he would usually use, but in actuality it was being used to send his username and password straight to the scammers.

The criminals then didn’t do anything straight away. They monitored the victims’ inbox for six months in order to determine if his was the right inbox to use to carry out their plan, and it turned out that he was. In that time, they analysed the language, the nicknames he used for people, and they learnt who authorised what within the company. Only when they were confident that they had all the information they needed did they make their move.

 They found an email relating to a financial transaction, doctored it with their own financial details, let it loose, and £100,000 was paid into the wrong account.

 

How to prevent being scammed with cheap or even free cyber security features.

  

How to prevent being spearphished

First of all, we’ve written about security before and the importance of layering security measures to give your business the best chance of protection. And this example is great for showing what that might look like.

 First of all, we want to do everything we can to prevent the spearphishing.

 For Office 365 users, there is something called Advanced Threat Protection which you can add to your mailboxes. This checks links for threats in real time, which means if you visit a website one day and it’s fine, but they get hacked overnight, if you go to click on the same link the next day you will receive a warning. Advanced Threat Protection won’t remove the risk of threat completely, but it’s the first line of defence. In our example, this could have alerted the victim that the website he was about to visit wasn’t legitimate.

 The second line of defence here, is DNS filtering. This compares links with a catalogue of known phishing attempts which is kept up-to-date. That combined with the Advanced Threat Protection, provides a good amount of security.

 

But what if someone still managed to slip through the net?

 Office 365 saves the day again with multi factor authentication (MFA). And the really wild thing about this is that it’s completely free. That’s right, if you already have Office 365 – which most businesses do – you can enable MFA at no extra cost.

 MFA means that when you login, as well as your username and password, you also need to enter a code which is usually sent to, or generated by an app on a mobile device. So even if someone elsewhere had your username and password, they wouldn’t be able to login without that extra code as well. This would have stopped our scam example in its tracks.

 So there we have it. Three simple things which are either free, or pretty inexpensive, could stop your business from losing £100,000. It really is a no brainer!

 

If you’d like us to take a look at your data security setup as it is at the moment, and recommend any changes to stop something similar from happening to you, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. We don’t want anyone to lose their money to scammers, when the fix can be so simple.

Don’t let an Arsenal fan ruin everything

Cybercrime is a massive threat to every business on the planet, but there are simple things you can put in place to make your business less attractive to cybercriminals, perhaps the simplest being good practice when it comes to passwords.

Something that makes it only too easy for hackers to gain access to systems and sensitive data that they shouldn’t, is poor password practice. What do we mean by that?

You might have all the data security policies under the sun that have been read and signed by your team, but all it takes is one of your employees to ignore it and set their password as ‘ArsenalRGReat123!’ for everything, get their emails hacked by a cyber criminal who finds them on LinkedIn, looks for them on Facebook, sees them outside the Emirates stadium in an Arsenal shirt and then guesses their password, for you to lose serious money.

Argh!

Don’t leave the security of your business up to an Arsenal fan. (Arsenal fans, please feel free to replace with a different team of choice!) if you’d like us to talk you through, implement, and provide training for the use of a password manager,  give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. Password managers are a really great tool, and we think everyone should be using one!

7 essential layers of cyber security

Unfortunately, there isn’t just one magic piece of technology you can implement in your business to give you 100% security. To give yourself maximum protection against cyber threats, you should be layering your approach like an onion, or an ogre (a little reference for any Shrek fans out there).

Here are 7 things we think you should be looking at to give you and your business the best possible chance when it comes to cyber security.

1. Social engineering

 • Make sure you have a process in place to verify email senders or callers when they are asking for sensitive information, or for something to be carried out in relation to security or finance.

For example, make sure that all staff know that if they receive an email asking for money to be transferred, that they should ring the person asking and verify that it’s a legitimate request before taking action. 

2. Physical security

 Virtual systems are great, and badly needed, but don’t abandon physical security just because you feel protected!

• Keep physical servers locked away
• Don’t leave USBs or passwords out on display. In fact, don’t write passwords down – you should be using a password manager instead. 

3. Wireless security

 WiFi is often overlooked, but WiFi signals extend beyond the four walls your business is situated in which can leave you open to security breaches.

• Make sure the router password has been changed from the default
• Check the protocols it uses are up-to-date giving you the best security. Neither WEP or WPA are sufficient protection anymore
• If you’re offering the use of WiFi as a business, you are legally responsible for what people are looking at online. Make sure you have correct filters, and IP address logging capabilities.

4. Passwords

 • Passwords should be long, not contain personal information (like your favourite football team, or kids’ names) and you should use a different password for each login you have.
• Using a password management tool like LastPass will make this easier.

5. Multi-factor authentication

 • Most systems now support multi-factor authentication which will help protect your account. It means you’ll need to provide an extra piece of information when logging in, such as a code generated by your mobile, but it can stop a hacking attempt dead in its tracks! 

• Check the settings on your critical accounts such as email, or database which holds customer information and make sure multi-factor authentication is enabled

6. Email security

 • You should never click links or open attachments on emails when you don’t know the sender – if you think something is suspicious but aren’t sure, ask your IT provider to check it out for you. They won’t mind – it’s better to be safe than sorry.

• Make sure to have spam and phishing filters in place – these won’t stop suspect emails 100%, but they will reduce the number decreasing the likelihood of a member of staff falling for a phishing attack. 

7. Anti-virus

• Anti-virus should actually be the last line of defence – although there’s nothing out there that’s 100% perfect, so don’t rely on it always picking up on something dodgy.

• For maximum protection for your business, consider using a product that supports application whitelisting and device control which will give you more control over the devices used within your business.

If you’d like us to take a look at your data security setup as it is at the moment, and check that your security is up to scratch, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment to chat with Jon Cross hereWe can help you make sure that your security measures are doing what they should, and keeping you protected.

 

5 reasons you should be using a password manager

5 reasons you should be using a password manager

Most of the time we find ourselves saying things like, one size doesn’t fit all because every business is unique, but in this instance, a password manager is a tool everyone should be using and here are five reasons why.

#1 Every account you have needs a unique password

 That’s right. This might sound like a slightly terrifying concept because when taking into consideration both business, and personal use you could be looking at a number in the hundreds for how many accounts you have that require login information, but having a unique password for each and every one is important.

 Even if you use a relatively strong password, if say, your password is leaked in a data breach at a clothing company, hackers could try your login credentials for that in order to get into your email – where they’ll not only have access to read your emails, they’ll also be able to reset passwords for other things.

 By storing your passwords in a password manager you can be safe in the knowledge that they’re secure, and you don’t need to stress about remembering them all.

#2 Generate passwords at random

 Password managers have a feature that allows you to generate a strong password, using symbols, random letters and numbers, and capitals and lower case. Because you don’t have to remember them off the top of your head, you can use the generator’s suggestions and know that if you don’t even know the password off the top of your head, a hacker is highly unlikely to have success at guessing it either.

#3 You only need to remember one password for everything

‘What? But you said everything should have a different password, make your mind up!’

It’s true, we did say that. But password managers work by saving your passwords for each account so you only need to log in to the password manager to gain access to your accounts. Just one password to remember, but you’re no less secure – result!

#4 Sync across all of your devices

Most password managers also have an app, so you can sync your passwords across your devices so won’t find yourself stuck trying to log in to your emails from your phone and having to manually type in a really long, complicated password. This is such a time saver!

#5 It’s not just passwords

And finally, you don’t just have to use them for passwords. You can also save information like answers to your security questions, or important backup codes for multi-factor authentication.

 

If you’d like to learn more about password managers and how they can improve the cyber security of your business, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. Password managers are a really great tool, and we think everyone should be using one!

Why you should stop hitting ‘remind me later’

Why you should stop hitting ‘remind me later’

We’ve all done it before.

When the message appears, letting you you know that there’s a software upgrade available, it’s always when you’re in the middle of something important, making it far too tempting to just press ‘remind me later’.

It’s so easy to promise yourself that you’ll run the updates when you’re not in a rush, but, be honest, how often do you remember to run the update after you’ve finished your work? It’s especially easy to forget when you’re working between the office and your home.

We can’t overstate this, updates are critical.

With working from home being prevalent across the UK (and the rest of the world!) we’re all much more vulnerable to cyber-attacks at the moment, with criminals taking every opportunity to leverage the pandemic for their own means.

Why is this relevant? Even though they might be invisible to you, updates often contain security fixes for newly discovered vulnerabilities. By not installing updates, you’re leaving yourself and your network vulnerable to attack.

By keeping up with alerts, you’ll be ensuring that your devices are:

• Safeguarded against the most current threats
• Using the most recent versions of the apps
• Being in better overall tech health

Could you really afford to deal with a data breach right now, on top of everything else that’s going on?

No way.

So stop ignoring the updates! Skip the ‘remind me later’ button, set your updates to run, and go and make yourself a well-earned cuppa. Or, even better, get them out of your hair and give them to Crosstek IT to do for you.

Would you like us to handle your updates to minimise disruption to your workday? Give us a call on 01732 617788 or drop us an email to [email protected] Got a jam-packed schedule? Book an appointment with Jon Cross here. We’re always happy to help.

Security considerations when working from home

Security considerations when working from home

Having employees working from home since the start of the first lockdown back in March 2020 may not have been the disaster you were expecting it to be.

Are the spirits of your team high, productivity on the increase, and some people may even be enjoying themselves? Have you saved money on buying mediocre sandwiches and coffee on the commute? Have you gained time?

While it’s been a pretty horrible time for most of us in one way or another, one of the positive changes to have come out of the pandemic is this shift towards remote working, with 74% of businesses wanting to incorporate the ability to work from home going forward when COVID-19 is but a distant memory, according to a survey conducted by the Institute of Directors (IoD).

Is this you? Are you looking at ditching your overheads and having your team work from home indefinitely? Or are you thinking of offering part-time working from home opportunities?

Either way, there’s no time like the present in order to ensure you have thought of everything when it comes to technical considerations. It may have been a necessity up until this point, but employees working on personal devices presents a whole host of security vulnerabilities which could be easily exploited by cyber criminals.

Make security decisions for the long-term

 Nearly a year into the pandemic and with high infection rates across the UK, it’s clear that we’re in this for the long haul. With that in mind, don’t hastily make security decisions. Have a think about where you’re wanting your business to be in a few years’ time, and make sure that anything you put in place can cope with the development plans to save yourself some future hassle.

 Ensure members of staff have work laptops and aren’t using personal devices

 When your team started working from home, you expanded your network which needs protecting. If some, or all of them are using their own devices, then you’ve expanded your network and it’s now about as protective as a colander when you take into account the potential security issues of shared devices, out of date anti-virus, devices with no password protection – the list is endless. Giving them all a work laptop brings the network very much back under your control.

Think about implementing a VPN for secure remote access to your business network

VPN stands for Virtual Private Network, and it allows users to access your network remotely in a secure manner.

 Look at long-term options for communication

 These are all things you should be bearing in mind, and if you’re considering implementing them in your business it’s well worth starting to look into now, before other businesses also looking to make the permanent change are also demanding the same hardware and/or services.

If you’d like us to take a look at your setup as it is at the moment, have a chat about your plans, and make some suggestions for maximizing your security when it comes to remote working going forward, give us a call on 01732 617788 or drop us an email to [email protected] and we’ll be happy to help.