Business Focused IT Support
Showing posts tagged with: ransomware

Are you considering a Hybrid Workplace?

by Nicki Dowsett in Anti-virus software, Audit Reviews, Back up solutions, broadband, cybercrime, Data Loss Prevention, Disaster Planning, Disaster Recovery, General, Hardware, Helpdesk, Hosted phone, IT Support, IT Systems, Microsoft, Microsoft 365, Microsoft Teams, MPR, networking, Password Security, Ransomware, Remote working, Risk management, rural broadand, SaaS Protection, Software, Tech-as-a-service, Wireless networks

We are aware that many of our customers are investigating a Hybrid Office for the future. Finding a balance between flexible home/office-based staff, those that prefer to be at home permanently and others that prefer to be in the office permanently. Media articles are suggesting that 43 out of the top 50 companies in the UK, do not plan to bring staff back full time.

Last year when everyone made the mass exodus to home working, there was a clear focus on getting everyone on-line and the business continuing. The return to the office is not necessarily as simple as everyone just turning up to work at their desk.  After almost 15 months away from the office some people may find adjusting to the office trickier than others. Individual working styles may have changed.  After working in an environment with little distraction to suddenly being in an office with colleagues on the phone or just generally catching up, may mean that they feel they prefer to be at home for some of the week.  From own conversations with industry colleagues and customers, here are some area’s that we believe you should be considering for your staff and business even if you are not considering a hybrid office.

Cyber Security

Internet Connections and Firewalls

Remote workers will require internet connections to be able to connect to the office network whether it is cloud based apps or a Voip phone system. The most important consideration is the router secured and has the password been changed since it left the factory? The standard routers issued by home broadband have basic security settings and it is unlikely that your employee has ever changed the router name or password. This puts your data at risk, as you have no control over this set up.

Another area to consider is that many home broadband connections state in the small print that they should not be used for business purposes. Although this has been overlooked during the lockdown, now is the time to consider is your employee at risk from using their BT, Virgin or Sky broadband connection. Finally is the connection reliable? Have they suffered, but put up with, outages until now? Or is their chosen home office space receiving a good signal, do they need a booster installed?

Installing a dedicated business internet connection to your employees homes gives you the control to secure the router and firewalls that connect your employee to your business network and data.

Back up Solutions

While cloud-based applications like Microsoft 365 are safe when left alone, they can’t protect you from yourself (or your employees). This is why the #1 cause of data loss in the cloud is human error.

Every day, users trigger data loss/corruption in cloud applications due to:

  • Accidental (and intentional!) deletion
  • Overwriting important data
  • Downloading malware/ransomware viruses
  • And more!

More and more businesses are using SaaS (Software as a service) such as Microsoft Business 365 or Google Workspace (formerly G Suite) and it is often assumed that your data is backed up automatically and that these providers will hold all your data, BUT this is not the case.

For example Microsoft state in their Service Level Agreement the following:

“Microsoft is not liable for data loss due to application outages, it is also not liable for data loss due to deprovisioned user accounts.
We recommend that you regularly backup your Content and Data that you store on the services or store using Third-Party Apps and Services.”

Recent reports show that it could cost your business upwards of £1million in ransom, fines, legal fees, loss of revenue and IT Support to get your business back up and running if you suffer a data loss due to vulnerabilities in your network.   From as little as £2 per seat per month, MPR IT Solutions can support your business against Data Loss see our news article here.

Ransomware and Phishing Scams

Ransomware and Phishing scams are increasing and it is becoming more prolific. This is affecting all industry sectors whether your employees are at home or in the office. Employees using their own hardware are unlikely to have the same level of anti-virus or malware software to protect your data against phishing scams and ransomware. As it is a personal computer you do not have the control over this as you would with a business device. Implementing Security Awareness Testing across your business can identify individuals that require further training on how to spot a scam. For only £2 per seat per month you can help to protect your business by ensuring your staff are more aware of the potential risks on email scams. See our blog articles on Network Security and Is my Network Vulnerable? for further information.

Hybrid Office Workspace and Risks

Suitable environment

Personally I have worked remotely for 7 years. I am therefore well situated to understand the needs long term, as opposed to the last year. I have friends sharing the dining room table with their partner, or know of people that have been using a lap tray to balance their laptop and phone whilst sat on the sofa. These don’t work short or long term. If you partner is in Sales and on the phone constantly and you are in an admin role there are going to be clashes. You can’t both be holding a MS Teams or Zoom meeting at the same time, it is unprofessional and distracting.

Your office is likely to have LED lighting to create a bright environment, and these are on all day long. At home your staff are working in natural daylight and this can cause strain on their eyes when looking at their screen all day. Is their home in a busy street? If so, it can be distracting to hear vehicles or pedestrians going passed constantly. These are all areas to consider along with lone working risk assessments. It is your duty of care as an employer to ensure that your staff when working remotely are safe, cables and power leads across the room are a trip hazard and even though it is their own home you can still be liable if proper provisions and risk assessments are not offered.

Hybrid Office Equipment

Is there a clear separation of home and work space? Is your employee expecting to be able to work from the kitchen or dining room table or do they have a desk? Not every home is large enough for a full office desk, however there are many home office desks available on the market to suit most needs. Having a dedicated work space, allows for your employee to define work and home time.

As a business, if you decide that you want staff to work from home, you need to consider that they have the same equipment and furniture available to them as they would in the office. Desk space, chair, printer and office stationary. Often overlooked are ergonomic items such as wrist or feet rests to allow them to sit comfortably and without risk of long term injury such as back pain or RSI. Be prepared that if staff are working part remote, part office based you will have to pay and provide these items for both home and office, the same as you would if they were in the office full time.

Computer Hardware

Are your staff working on business computers or personal computers? Last year the focus was just to get everyone on-line, many businesses invested in laptops for staff, others sent staff home with their desktop computer. However, for some it was simply a case that staff would use personal computers (Bring Your Own Device – BYOD) as no one expected it would be this long. Linking back to cyber security, it is important to consider the security of the hardware as well as the lifecycle. If your staff are using aged or personal hardware you should consider upgrading or purchasing business hardware to secure your network and ensure employees are able to work remotely long term.

Alternatively, if staff are going to be working in a hybrid office routine, what are your plans for hardware? Whilst cloud platforms are great for being able to connect anywhere, if your employee only has a desk PC, they are not going to be able to transport it back and forth.

VOIP Phones

Hosted telephone systems ensure a professional first impression for your customers, no matter the location of your employees or the size of your business.  With a hosted phone system, staying connected to your customers by telephone is seamless for remote working or the return to the office – it is very simple to switch between the two. Bringing the ultimate in flexibility, with a minimal initial capital outlay, along with an easy to manage monthly subscription. A hosted telephone system will allow your employees to connect whether it be a hybrid office or at home with customers and colleagues. Flexibility comes with the option of using a softphone on your laptop or PC, a physical handset or an app on your mobile.

Employee Status

Re-integration to work place

Expecting your employees to return to a hybrid office or any office, as if the last 15 months hasn’t happened, is not an option. Everyone will have had different experiences and you need to accept that it wont be smooth and there will be friction. For someone that may have been in the office for the majority of the lockdown, they will be used to working in the office, however they are now used to almost silence. For someone that has not set foot in the office for 15 months, it will be daunting. Surrounded by people after being isolated at home with limited interaction to suddenly be around colleagues can be stressful.

Each individual needs to be considered separately. You cannot assume that everyone is the same. Some may have lost family or friends, some may have been in hospital themselves, whilst others may have thankfully escaped any such experience. Some may live alone and have had extremely limited interaction with the outside world due to restrictions. The return to the office will have an affect on mental health in some shape or form. For those returning from furlough it will be a huge step to get back into a routine, whilst others that have worked all through may resent those that were furloughed.

Mental Health

Going forward, employees that want a flexible working approach will benefit mentally by being able to have a better home/work life balance. For those that are parents will value the opportunity to be more available to their family without a long commute or staying late in the office. With the option to work from home they might stop to take a half hour break to play with younger children. This doesn’t mean they won’t be making the extra effort to get the tasks completed. After all, for the last 15 months much of it has involved home schooling and they still got it done then, nothing will change on that front.

Staff returning to the office will also need to be accommodated. Suddenly being tied to a desk 8 or 9 hours a day will require regular breaks as they settle back in. They will be used to not being observed for every move they make and it really does make for a better environment overall when staff are trusted. In the past many business were concerned that out of sight meant out of mind and that working remote should never be an option. However, these last 15 months have proved that it can be done in most cases.

Communication, Collaboration, Concentration

I found that the last 15 months brought me closer to the team. I have worked at MPR IT for 7 years, all of it remotely and being based in Berkshire my visits to the office are not regular. Initially, when we all started to work remotely and had weekly social gatherings on MS Teams, I suddenly got the opportunity to get to know some of my colleagues better. I would have regular quick teams calls to ask colleagues questions where as before I would probably have dropped them an email. Using teams we were able to throw ideas around quickly and easily in a chat or quick call.

Now that they are all back to the office, I still feel that sense of connection, however I do miss out on the ‘corridor conversations’ as some might call them. Where one person will mention something and it then becomes a discussion. They are great and do keep me up to date with any decision made and ask for my opinion, and with a small team this is easy to overcome. For those businesses that are considering a Hybrid office environment, you will need to ensure that employees do not feel left out by being at home, as opposed to the office and continue to hold regular sessions as a whole team.

How can we help?

Contact our team on 0800 030 20 30 option 1 or email us at sales@mpr-it.co.uk to find out how MPR IT Solutions can support your business with technical solutions for a Hybrid Workplace. Whether just one member of staff will be remote or the whole team, we can identify vulnerabilities in the network, support you in upgrading hardware alongside day to day managed IT Support.

  

Read more

Keeping your network secure

by Nicki Dowsett in Anti-virus software, cybercrime, Disaster Recovery, Engineers, General, Helpdesk, IT Support, IT Systems, MPR IT Work, Password Security, Ransomware, Training

Keeping your network secure – this is a subject that should be carefully considered for any network whether business or personal. Technology is the main way that people communicate today and we increasingly rely on email communication. Cyber criminals are using this as an opportunity to send more and more scam emails, texts and phone calls. Often all very realistic. Making sure your network has the best security systems in place will help to keep your network and data secure.

Password Security and 2FA

When it comes to password security the one main rule is NEVER EVER share your password with anyone. Then next is to ensure that your password is difficult to guess. 123456 or password are sadly still often used despite them being so easy to guess. Making sure you have a password that is harder for criminals to guess is vital. Alongside using different passwords for each account. With so many passwords to remember for your work and personal accounts it is becoming harder to separate these out as well as remember them all. This is where 2FA( 2 factor authentication) is an advantage. Many on-line accounts now require 2FA, where you will enter your normal password and are then required to confirm the log in with an additional code generated by text, email or an authenticator app.

Finally if you are ever asked to reset a password via an email – check it is a genuine request. It is very unlikely that any organisation would ask you to reset a password unexpectedly. Many people unfortunately become victims of scams through realistic looking requests to update passwords.

Firewall – why do you need one?

In the construction industry, a firewall is historically the protection between two buildings to prevent fire spreading across adjacent buildings.

The computing equivalent works in a similar format. Acting as a security fence surrounding your network, a firewall observes and restricts information coming in via email or the internet. The firewall will only allow information from sources pre-determined by your firewall and can either be a network or host based security system.

In most homes and businesses, routers are used to enable the connection of various devices to the internet. Prior to routers, each individual device would need to be plugged directly into the modem. When connected directly in this way, a device has a public IP address a allowing information to be accessed by anyone on the internet. As technology has developed most devices will have their own firewall built in. However larger networks will have a separate firewall to protect the security of the network.

Antivirus Software – why do you need it?

Did you know that the first computer virus was released in 1971? The Creeper virus was not designed to be malicious or cause damage but was an experiment to demonstrate a mobile application. Today, it is believed that over 6000 new viruses are released each month.

Antivirus software, also known as anti-malware, is a computer program designed to prevent, detect, and remove malware. Antivirus software can protect users from: malicious browser helper objects, browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. There are various levels of protection available on the market. It is important that your choose the right anti-virus software for your network. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity, online banking attacks, social engineering techniques, advanced persistent threat and botnet DDoS attacks.

Security Awareness Training and Testing (SATT)

In addition to Firewalls and anti-virus software, MPR IT Solutions also offer SATT, Security Awareness Training and Testing. The purpose of this is to stop security incidents on your network, by providing your end users with Security Awareness Training and regular Testing. SATT is a fully managed service that is bespoke and tailored to every individual organisation. It takes up none of your time or resources, and is guaranteed to make a difference.

The SATT service combats the weakest cyber security link in any organisation – your end users – and is delivered in three stages over a 12-month service agreement. The total cost for the 12 month SATT service is far less than the cost of just one security incident.

Contact our team today

Supporting companies from a wide number of industries, MPR IT Solutions are experienced in the multitude of options across the markets and can tailor the right security systems to keep your network secure.

For more information on protecting and securing your network contact our team today on 0800 030 20 30 or email sales@mpr-it.co.uk

Read more

ANTI VIRUS PROTECTION – PROTECTING YOUR BUSINESS

by Nicki Dowsett in cybercrime, IT Support, Ransomware

ANTI VIRUS PROTECTION – PROTECTING YOUR BUSINESS

Ransomware! CryptoLocker! Blaster Worm!

In recent years the threat from Cyber-criminals using these and many other virus and malware has been increasing and evolving.  An attack on your network can be extremely costly, time consuming and frustrating for you, your employees and your customers.

Don’t think it can’t happen to you, until it’s too late.

Anti Virus Protection

Anti Virus Protection

MPR IT, is trusted and relied on by hundreds of businesses in the South East for many areas of IT Support and infrastructure, including network protection from such virus and malware threats?

Malicious Virus

Malicious Virus

MPR IT Solutions, continually strive to ensure that we offer the market leading services to all our clients.  Our team of experts regularly review the market leaders in all services that we offer, and work hard to ensure that we are providing the best services to our clients to meet your individual needs.  With this in mind we have recently taken the decision to use Webroot for protecting both our own and our customer networks.  We feel that this is the best option in the market.

Virus Detected

Virus Detected

Contact us today to discuss how we can protect your business 0800 030 20 30 or sales@mpr-it.co.uk

Read more

Email Security & Cybercrime

by Nicki Dowsett in cybercrime, Industry News, IT Support, IT Systems, Password Security, Ransomware

Email security and cybercrime –  Almost daily there is a story that covers this subject in the news, whether it’s a large global corporation or an elderly retired person.  So many people are still unaware of the risks that can be faced with email security.

Here at MPR IT, we have sadly gained a considerable amount of experience in dealing with these threats.  We would therefore like to remind our customers of some simple guidelines that you should ensure your staff follow for email security.  These include recommendations from the Government Cyber Essentials Scheme.  We also strongly advise if you or any employee is concerned they have an affected PC/Laptop – call us asap

  • Email Attachments – Never open an email or attachment if you don’t know the sender.  If you are not expecting an attachment from a known sender – call them and check they did send you something
  • Check email addresses – criminals will set up accounts with very similar email addresses making it easy to trick you into thinking you know the sender  joe@bloggs.com or joe@bloggs.co
  • Malware Protection – do you have a robust malware in place? This will stop viruses and ransomware from getting through to your emails and employees
  • Access Control – encourage your staff to choose passwords that would be hard to guess and not simply change the number on the end each time it needs to be Password or 123456 are not ever going to be good choices.  Also ensure that admin passwords are only given out to members of staff that should have access to these.
  • Firewalls – investing in a high end firewall can prevent hackers from gaining access to your systems and to make certain there are no leaks.
  • Secure configuration – Is your system configured to ensure security for your organisation. Are all laptops, PC’s and phones password protected? Do files need to be password protected?
  • Patch Management – the likes of Microsoft and other operating systems regularly release new updates to their software. Ensure you are fully up to date as these updates will often include patches to ensure your systems are more secure.  As hackers become more clever the software providers work hard to identify areas to increase security.

We also recommend you view the following websites

Whilst the majority of news stories cover ransomware and data being lost or damaged, we have known criminals to spend months watching systems, gathering information and general daily routines.  Then with a simple email, that looks to have come from a sender you know they have managed to gain access to your bank accounts and emptied them before anyone has realised.   Either way it is extremely costly to your business.  Please ensure your staff are fully briefed on email security and the types of scams and crimes that can & have happened.  If any doubt or you would like more information please contact us to discuss.

 

Read more

Cyberscams & how to stay cybersafe

by Nicki Dowsett in cybercrime, Industry News, IT Support, Password Security, Ransomware

Cyberscams affect people in many walks of life.  We have all seen the stories in the news of large corporations that have been hacked such as the recent NHS attack or Talk Talk in recent years.  Companies of all sizes are at risk to being hacked or cyberscams,  SME’s are targeted just as often, we just dont see it reported as much.  Even in your personal life you can be at risk for cyberscams, through social media or email.  The cyber criminals are getting sharper and also now send text messages as well as emails to trick people.  Everyone no matter their age can be at risk.

Cyberscams can be devastating, with criminals asking you to click on a link to confirm your details and taking you to a dummy site that looks very real.  They can also access your systems and monitor your activity, create ghost accounts that make you think you are dealing with a supplier you deal with all the time when in fact they are scammers looking to steal your data and money.

Whilst as a company MPR IT, often given advice and have written a number of blogs on this subject, we have recently come across these two books written by Thames Valley and Metropolitan Police.  We feel these are extremely useful and would strongly suggest that you take the time to read and digest.  Obviously if you have any questions or require any additional support regarding this subject our team will be pleased to help.

big book of scams

The Little Book of Big Scams

Read more

Ransomware will the battle ever be won?

by Nicki Dowsett in cybercrime, Helpdesk, Industry News, IT Support, Password Security, Ransomware

Ransomware, cryptolocker and cybercrime seem to be the most popular topics in the news this year.  I look after the social media here at MPR IT and a large chunk of my role is to review numerous websites looking for news that may be of interest to not only our customers but also to our team.  By keeping on top of the news means we can be one step ahead of new technology coming out, and also what to watch out for.

Most of the news seems to be about cybercrime and hackers lately.  Companies are attacked daily, from small websites through to the American government.  Utility companies, dating sites, children’s toys they have all been in the news and not for the best reasons.  Just this week it was reported that train companies in the UK had been hacked.  With more and more companies relying on technology to run it, I sadly fear it won’t be long till some unscrupulous organisation will try a major attack to infrastructure.

Example of a ransomware screen alert

Ransomware & Cryptolocker

Whilst reviewing news sites this week, I was extremely pleased to see a report on a University in Florida.  They are one small step closer to helping the world combat cybercrime, by designing a technique called Crypto Drop. The report showed that by monitoring activity on targeted files, it was possible to block ransomware when only a tiny percentage had been encrypted. Whilst it is not fail safe, it is a new approach against hackers.  The technique includes countermeasures which are triggered once ransomware infiltrates the network.  This technique relies on three indicators of ransomware activity:

  • Bulk modification of file types
  • Dissimilarity – plain text looks nothing like encrypted file
  • Entropy – encryption produces high entropy

Whilst running the demonstration it was proven that Crypto Drop can contain the action of malware.  Only 0.2% of files were encrypted. In essence this is an early warning system as opposed to a fail safe solution.  Ransomware will still be on your network, and action should still be taken to clean the network, however only a small percentage of files will be lost as opposed to the network.  This will not be an automated piece of software and will require your network administrator to run the software to help distinguish between expected and unexpected activity.

As we all know the people behind cybercrime are equally as clever and constantly coming up with new ways to infiltrate our systems and come up with new scams, once a program such as this is developed fully and launched they will no doubt be looking at ways to break through Crypto Drop.

So there is a little light at the end of the tunnel in the war against cybercrime.  In the meantime please ensure you review your network security and business practises to ensure you do not become a victim to cybercrime.  We have blogged before about the best ways to stay ahead of hackers and this technique will be no excuse to not continue ensuring your systems are secure and backed up regularly.  If you require any assistance on making sure your network is secure at all times please contact us at MPR IT Solutions.

Read more

April Newsletter

by Nicki Dowsett in B2B, cybercrime, Exhibitions, General, Industry News, IT Support, IT Systems, Monthly Newsletter, MPR

Welcome to our April newsletter, the main stories in the last month have all been about cybercrime and the Apple V FBI argument continues to roll on.  These are both subjects that are going to continue for many months to come.  Both will in many ways be important to us different ways.  See our social media pages for the many stories that we have been posting over the last few weeks.

It’s not long now till our first major event of the year.  MPR IT will be exhibiting at Kent Vision Live on stand 231.  Kent Vision Live is the South East’s premier B2B event, with over 3,000 visitors. This is the event to attend this year, and why not come along to see us. We will have 2 of our partners with us as well, Rainbow Global and Purdicom. Members of the technical team will be on hand to answer any questions you have about existing or new services and packages we offer.  You might even walk away with a little treat.  It is free to register and come along.

Blogs this month have been about cybercrime and hacking, this has been such a key subject we cannot reiterate enough how important it is for you to review your current security procedures in terms of networks and passwords.  It is not only business practices but also your own personal security you should be conscious, so many scams are taking place on social media and emails.  Please read our blogs for full details on recent news regarding attacks and how you can protect yourself. As an IT support business we are experiencing more and more customers that are affected by ransomware, cryptolocker and hacking.  We cannot reiterate enough how important it is to be aware of keeping your data secure.

Cyber Crime

Cyber Crime

In addition to security we have also blogged about how MPR IT can support your business through office moves or refurbishment for cabling and new server cabinets.  Are you considering re-locating your office?  Or has it been quite some time since your existing cabling has been replaced.  With increased productivity and technology moving forward have you considered if the cabling needs to be replaced.  As with anything cabling only has a certain life span.  Or if your server cabinets look  untidy, have you considered the additional time that could be involved in rectifying any problem that may occur.  MPR IT with all their skills and knowledge can only fix a problem once they can find the issue and if your cabling is messy this will mean more time needs to be spent before they can get to the bottom of the problem.   See our blog for more information or our website for examples of work we have previously carried out.

Floor-Channeling

MPR Helpdesk team have been extremely busy over the last month with over 800 tickets completed and achieving an average survey score of 4.8 out of 5.  Well done to the team and keep up the hard work.  The team have been experiencing an increase in calls regarding security issues so please read our blogs on our tips on how to keep ahead of the cyber criminals or if you have any concerns please contact the team and they will be happy to talk through with you how you can stay cyber safe.

The sales team have also been working hard and have secured a number of new customers over the last month, we would like to welcome all our new customers to MPR and we look forward to working with you.  The team are also planning for the event at Kent 20/20 in early May.  If you are going along to the event please make sure you come along to stand 231 and say hi to the team.

As you know we post many stories on our social media and we suggest you follow us on Facebook, Linkedin or twitter to keep up to date with the latest stories.  We also have a status update page on our website that is checked daily or sometime more often.  This page will tell you if we are aware of any known issues before you contact us, it will also be updated to social media.  Checking these resources will help you find out if there is a general issue on Email filtering, Office 365, DNS/Web hosting, AVG Cloudcare, Hosted wireless or connectivity/ ISP.

Read more

Cybercrime and your business

by Nicki Dowsett in cybercrime, Industry News, IT Support, Password Security, Uncategorized

Cybercrime and you

The hot topic for the first half of 2016 has been all about cybercrime, hacking and ransomware.  It seems that no company no matter the size is safe from attack.  In this blog we will talk about some of the companies that have been attacked and how this can ultimately affect you.  We will also talk about the steps you need to take to ensure your systems and network are secure.

cyber crime

Can you name a well-known organisation that has been attacked?  Here are just a few that you will know and possibly use:

Talk Talk – 57,000 customer personal details accessed and 15,600 customer bank details taken.  This caused uncertainty for many customers as to what had happened to their bank details and at what cost to them.  This attack cost the company upwards of £35million in compensation and loss of customers.  4 people were subsequently arrested in connection to the attack.

Vtech – Over 5 million customers affected by this attack on children’s manufacturer.  Accounts set up online to allow children to play games were hacked, leaving them vulnerable.  Whilst it did not store any bank or credit card details, it did store personal contact information.  The company were not even aware of the attack until contacted by a journalist.  A 21 year old was arrested, he had carried out this attack from his home in Berkshire.

BBC News, The New York Times, MSN – One of the more recent occurrence. These news sites were unwitting victims to malicious adverts on their sites or malvertising.  Tens of thousands of people were exposed to these adverts, which could deliver malware to your device, encrypting your files.  This was a large attack on well-known news outlets and if they had been successful could have been devastating for millions of people, however all ads were removed quickly.

Ashley MadisonThe chances are you don’t know the company by name, but will have heard this story.  The company are an on-line site encouraging extra-marital affairs.  The site was hacked and user details stolen.  The information was then leaked on-line causing many spouses to be very unhappy. We can all guess how that ended up for many people.

FBISlightly concerning that the Federal Government of America are also at risk.  The same hackers also accessed the CIA director’s personal email.  Having accessed the FBI Portal the hackers were then able to view records on arrested suspects.  These details were then leaked on-line.

Donald TrumpNow no matter your view on the Presidential candidate for the US, it is surprising that even businesses owned by one of the most successful businessman at are risk.  Malware was put into the Trump Systems and stole credit card details from hotels across the US.  It is not known how many people were affected by this, but expected to be in the thousands.  The hacktivists Anonymous have also recently announced they are declaring war on Trump.

cryptolocker

Now for some of the lesser known companies, some of which are in our own region, just to show you that it is not just the large companies in the world that can be vulnerable.  Do not have a false sense of security that this cannot happen to you.  Sadly everyone is at risk.

Solar UK – Based in Battle, East Sussex, this small business of just 11 people were hacked by the current largest terrorist organisation, ISIS. The company website was vulnerable to attack and unbeknown to them, the website had been taken off line.  Anyone searching for them, would be horrified to see CCA or the Caliphate Cyber Army videos.  This hack was apparently in revenge for a drone strike in Syria.  It is believed that the company was targeted by a search Robot trawling through the internet to find unsecure websites.

Chatham Town FCIn January of 2015, this small part time football club had its page hacked and in place of the usual content an image was put up supporting the perpetrators of the Charlie Hebdo attack in Paris.  Luckily all the content of the Football website was backed up and was back up and running after a couple of days with no data lost.

The list seems to go on and on of varying different business types that are vulnerable, we highly recommend that you review all your network and personal security.  The Government Cyber Essentials scheme backed by the FSB is key to help win any government contracts and is good practices for all businesses.  It is no longer something that businesses should think it would be nice to have in place, it is essential.  The risks are extremely high, not just for your customer’s details, but also your business as a whole.  If you are unfortunate enough to be attacked, it will be costly both in monetary value for custom, but also in getting it fixed and downtime for your staff.

These are the 5 key points on the Government Cyber Essentials scheme

Malware Protection – do you have a robust malware in place?  This will stop viruses and ransomware from getting through to your emails and employees.

Access Control – encourage your staff to choose passwords that would be hard to guess and not simply change the number on the end each time it needs to be updated.  Password or 123456 are not ever going to be good choices.  Also ensure that admin passwords are only given out to members of staff that should have access to these.

Firewalls – investing in a high end firewall can prevent hackers from gaining access to your systems and to make certain there are no leaks.

Secure configuration – Is your system configured to ensure security for your organisation.  Are all laptops, PC’s and phones password protected? Do files need to be password protected?

Patch Management – the likes of Microsoft and other operating systems regularly release new updates to their software.  Ensure you are fully up to date as these updates will often include patches to ensure your systems are more secure.  As hackers become more clever the software providers work hard to identify areas to increase security.

We also recommend you view the national cybercrime website or if you have any concerns about any of the issues raised in this blog – please contact MPR IT to discuss the current state of your network and if there is anything else we can help you with to improve security.

Read more

Ransomware – CryptoLocker

by Nicki Dowsett in Uncategorized

Ransomware – Cryptolocker

In simple terms this is a version of ransomware based on holding users to random for their data.   Malware is installed on your system through spam emails and will hijack your data, then hold you to ransom by demanding payment to release the data.  Chances are you will never see your money or your data again.

How this works

Using social engineering, CryptoLocker will trick the user.  A Trojan email will be sent to you with a Zip file and ask you to open this with a password that is included in the email.  Once the system attempts to open the files, CryptoLocker will take advantage of Windows default behaviour by hiding the real malicious file and installing this on your system.  It will save itself to a folder in your user profile with a key register to make sure it runs every time your computer is started.

Once installed it will generate a random key for each file that it encrypts, the only person with the key is the person that has sent the Trojan email and only they can decrypt it to open your files.  Once it has encrypted all your files, it will pop up a message on your screen asking for a ransom to obtain the key and a time limit for you to pay.

Cryptolocker pop up warning

Cryptolocker pop up warning

How to ensure you are not affected by this

Essentially this is down to the individual.  The one main rule everyone should follow is ‘Never open an attachment from someone you don’t know’.  Following this rule is the first step to avoid any virus, not just CryptoLocker.  The second key rule to follow is ‘Regular and consistent back up of all files’.  This means that you will effectively only lose the data that has been created since the last back up e.g the night before. The third and quite possibly one of the most important rules ‘Never pay up’.  By paying these ransoms you are effectively letting them win.  Scams such as these and many others will only continue if people pay up.  It becomes a source for a large amount of income and encourages these scammers to come up with new and wonderful ways to scam people. Make sure that your Operating system is regularly updated to ensure that any fix/patch from Windows is installed in your system to avoid any infiltration.  Operating systems are regularly updated to combat any new virus threat as they become known.

Rules:

  1. Never open an attachment from someone you don’t know
  2. Regular and consistent back up of all files
  3. Never pay up
  4. Make sure that your Operating system is regularly updated.

 

As time has gone on and Operating Systems have been patched for these threats, we are now starting to see variation on Cryptolocker and it is now often seen as CrytpowallIt is essentially the same threat, however sticking to the above rules you are more likely to escape this threat.

We have had a number of cases of this being reported to us from companies.  If you have any concerns for your current email filtering and virus protection, please contact us a matter of urgency to discuss your options.  It is easier and more cost effective to protect you from virus threat than it is fix the problem.  If you become a victim of any virus it will not only be costly to fix, you may lose valuable data and work time.

 

Read more