7 essential layers of cyber security

Unfortunately, there isn’t just one magic piece of technology you can implement in your business to give you 100% security. To give yourself maximum protection against cyber threats, you should be layering your approach like an onion, or an ogre (a little reference for any Shrek fans out there).

Here are 7 things we think you should be looking at to give you and your business the best possible chance when it comes to cyber security.

1. Social engineering

 • Make sure you have a process in place to verify email senders or callers when they are asking for sensitive information, or for something to be carried out in relation to security or finance.

For example, make sure that all staff know that if they receive an email asking for money to be transferred, that they should ring the person asking and verify that it’s a legitimate request before taking action. 

2. Physical security

 Virtual systems are great, and badly needed, but don’t abandon physical security just because you feel protected!

• Keep physical servers locked away
• Don’t leave USBs or passwords out on display. In fact, don’t write passwords down – you should be using a password manager instead. 

3. Wireless security

 WiFi is often overlooked, but WiFi signals extend beyond the four walls your business is situated in which can leave you open to security breaches.

• Make sure the router password has been changed from the default
• Check the protocols it uses are up-to-date giving you the best security. Neither WEP or WPA are sufficient protection anymore
• If you’re offering the use of WiFi as a business, you are legally responsible for what people are looking at online. Make sure you have correct filters, and IP address logging capabilities.

4. Passwords

 • Passwords should be long, not contain personal information (like your favourite football team, or kids’ names) and you should use a different password for each login you have.
• Using a password management tool like LastPass will make this easier.

5. Multi-factor authentication

 • Most systems now support multi-factor authentication which will help protect your account. It means you’ll need to provide an extra piece of information when logging in, such as a code generated by your mobile, but it can stop a hacking attempt dead in its tracks! 

• Check the settings on your critical accounts such as email, or database which holds customer information and make sure multi-factor authentication is enabled

6. Email security

 • You should never click links or open attachments on emails when you don’t know the sender – if you think something is suspicious but aren’t sure, ask your IT provider to check it out for you. They won’t mind – it’s better to be safe than sorry.

• Make sure to have spam and phishing filters in place – these won’t stop suspect emails 100%, but they will reduce the number decreasing the likelihood of a member of staff falling for a phishing attack. 

7. Anti-virus

• Anti-virus should actually be the last line of defence – although there’s nothing out there that’s 100% perfect, so don’t rely on it always picking up on something dodgy.

• For maximum protection for your business, consider using a product that supports application whitelisting and device control which will give you more control over the devices used within your business.

If you’d like us to take a look at your data security setup as it is at the moment, and check that your security is up to scratch, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment to chat with Jon Cross hereWe can help you make sure that your security measures are doing what they should, and keeping you protected.

 

5 reasons you should be using a password manager

5 reasons you should be using a password manager

Most of the time we find ourselves saying things like, one size doesn’t fit all because every business is unique, but in this instance, a password manager is a tool everyone should be using and here are five reasons why.

#1 Every account you have needs a unique password

 That’s right. This might sound like a slightly terrifying concept because when taking into consideration both business, and personal use you could be looking at a number in the hundreds for how many accounts you have that require login information, but having a unique password for each and every one is important.

 Even if you use a relatively strong password, if say, your password is leaked in a data breach at a clothing company, hackers could try your login credentials for that in order to get into your email – where they’ll not only have access to read your emails, they’ll also be able to reset passwords for other things.

 By storing your passwords in a password manager you can be safe in the knowledge that they’re secure, and you don’t need to stress about remembering them all.

#2 Generate passwords at random

 Password managers have a feature that allows you to generate a strong password, using symbols, random letters and numbers, and capitals and lower case. Because you don’t have to remember them off the top of your head, you can use the generator’s suggestions and know that if you don’t even know the password off the top of your head, a hacker is highly unlikely to have success at guessing it either.

#3 You only need to remember one password for everything

‘What? But you said everything should have a different password, make your mind up!’

It’s true, we did say that. But password managers work by saving your passwords for each account so you only need to log in to the password manager to gain access to your accounts. Just one password to remember, but you’re no less secure – result!

#4 Sync across all of your devices

Most password managers also have an app, so you can sync your passwords across your devices so won’t find yourself stuck trying to log in to your emails from your phone and having to manually type in a really long, complicated password. This is such a time saver!

#5 It’s not just passwords

And finally, you don’t just have to use them for passwords. You can also save information like answers to your security questions, or important backup codes for multi-factor authentication.

 

If you’d like to learn more about password managers and how they can improve the cyber security of your business, give us a call on  01732 617788 or drop us an email to [email protected]. We can chat about what you need, and how you might get the best out of it for your business. Got a jam-packed schedule? Book an appointment with Jon Cross here. Password managers are a really great tool, and we think everyone should be using one!

Why you should stop hitting ‘remind me later’

Why you should stop hitting ‘remind me later’

We’ve all done it before.

When the message appears, letting you you know that there’s a software upgrade available, it’s always when you’re in the middle of something important, making it far too tempting to just press ‘remind me later’.

It’s so easy to promise yourself that you’ll run the updates when you’re not in a rush, but, be honest, how often do you remember to run the update after you’ve finished your work? It’s especially easy to forget when you’re working between the office and your home.

We can’t overstate this, updates are critical.

With working from home being prevalent across the UK (and the rest of the world!) we’re all much more vulnerable to cyber-attacks at the moment, with criminals taking every opportunity to leverage the pandemic for their own means.

Why is this relevant? Even though they might be invisible to you, updates often contain security fixes for newly discovered vulnerabilities. By not installing updates, you’re leaving yourself and your network vulnerable to attack.

By keeping up with alerts, you’ll be ensuring that your devices are:

• Safeguarded against the most current threats
• Using the most recent versions of the apps
• Being in better overall tech health

Could you really afford to deal with a data breach right now, on top of everything else that’s going on?

No way.

So stop ignoring the updates! Skip the ‘remind me later’ button, set your updates to run, and go and make yourself a well-earned cuppa. Or, even better, get them out of your hair and give them to Crosstek IT to do for you.

Would you like us to handle your updates to minimise disruption to your workday? Give us a call on 01732 617788 or drop us an email to [email protected] Got a jam-packed schedule? Book an appointment with Jon Cross here. We’re always happy to help.

Security considerations when working from home

Security considerations when working from home

Having employees working from home since the start of the first lockdown back in March 2020 may not have been the disaster you were expecting it to be.

Are the spirits of your team high, productivity on the increase, and some people may even be enjoying themselves? Have you saved money on buying mediocre sandwiches and coffee on the commute? Have you gained time?

While it’s been a pretty horrible time for most of us in one way or another, one of the positive changes to have come out of the pandemic is this shift towards remote working, with 74% of businesses wanting to incorporate the ability to work from home going forward when COVID-19 is but a distant memory, according to a survey conducted by the Institute of Directors (IoD).

Is this you? Are you looking at ditching your overheads and having your team work from home indefinitely? Or are you thinking of offering part-time working from home opportunities?

Either way, there’s no time like the present in order to ensure you have thought of everything when it comes to technical considerations. It may have been a necessity up until this point, but employees working on personal devices presents a whole host of security vulnerabilities which could be easily exploited by cyber criminals.

Make security decisions for the long-term

 Nearly a year into the pandemic and with high infection rates across the UK, it’s clear that we’re in this for the long haul. With that in mind, don’t hastily make security decisions. Have a think about where you’re wanting your business to be in a few years’ time, and make sure that anything you put in place can cope with the development plans to save yourself some future hassle.

 Ensure members of staff have work laptops and aren’t using personal devices

 When your team started working from home, you expanded your network which needs protecting. If some, or all of them are using their own devices, then you’ve expanded your network and it’s now about as protective as a colander when you take into account the potential security issues of shared devices, out of date anti-virus, devices with no password protection – the list is endless. Giving them all a work laptop brings the network very much back under your control.

Think about implementing a VPN for secure remote access to your business network

VPN stands for Virtual Private Network, and it allows users to access your network remotely in a secure manner.

 Look at long-term options for communication

 These are all things you should be bearing in mind, and if you’re considering implementing them in your business it’s well worth starting to look into now, before other businesses also looking to make the permanent change are also demanding the same hardware and/or services.

If you’d like us to take a look at your setup as it is at the moment, have a chat about your plans, and make some suggestions for maximizing your security when it comes to remote working going forward, give us a call on 01732 617788 or drop us an email to [email protected] and we’ll be happy to help.

Beat the scammers, get security training, protect your business

Beat the scammers, get security training, protect your business

We’ve all received those annoying emails which are so obviously a scam, haven’t we?

Usually sorted with an eye roll and a swift click of the delete button, it’s easy to get complacent because dodgy emails are obvious, right?

Wrong.

A scam email doesn’t just have to be a wealthy distant relative from distant lands asking you to keep their multi-million-pound fortune safe in your current account.

Scammers are getting smarter, and the times we’re living in are seeing a huge rise in sophisticated scams, which are disgustingly looking to capitalise on the panic and heightened anxiety of their targets.

Could you be 100% sure that a member of your team wouldn’t fall foul of an email telling them they need to click a link in order to book a Covid-19 test, only for a malicious programme to be downloaded to their work machine?

Could you be 100% sure that one of your employees wouldn’t act upon an email claiming to be you, asking them to transfer some money from one business account to another?

At a time when people are scared and many are frazzled trying to work from home while ensuring their children can continue to learn from home, the perfect stage has been set for cyber criminals to exploit chinks in usual defenses against scams.

The biggest weakness when it comes to a potential data breach affecting your business, is you and your team. We’re not saying that anyone has any ill intent, but a believable scam being delivered into an inbox at a moment when you or a member of staff is feeling most vulnerable could cause you an untold amount of stress and cost if it results in harm to your business.

With this in mind, it’s really important to make sure that everyone who has access to your system, no matter how clued up they appear to be, have up-to-date training and information to enable them to spot scams, as well as being security conscious in their use of technology for work – especially if they’re working from home using their own devices.

If you are currently looking for someone to provide training on this, please give us a call on 01732 617788 or drop us an email to [email protected]. It’s our mission to beat the scammers, and keep your business from coming to harm.

Your new employee of the month

Your new employee of the month

Do your managers ever become employee of the month?

This one will.

Which manager? It’s your password manager.

Because using a password manager is the best way to keep your passwords safe and strong. Without you having to remember anything.

Better still, it ensures that none of your passwords are the same. And that no one will be able to guess them, because they’re genuinely random (strings of characters that make no sense at all).

We’ve helped loads of our clients to implement password managers in the last couple of years. Not only does it add that extra level of cyber security, but it also makes it easy to lock out former staff when they leave.

Shall we talk about getting this implemented for you and your team?

Call us on 01732 617788 or drop us a line at [email protected].