Computer viruses are abundant in the 21st century and are only getting more apparent as time goes by. In the last decade, there has been an 87% increase in Malware infections. At present, over 92% of all Malware is delivered by email.¹ They have evolved from something that’s sole purpose is to cause carnage into a tool for criminals to exploit vulnerable systems for financial gain.

Your business infrastructure can be damaged beyond repair if you are not prepared for an attack. Attacks can target different parts of your system and come in a variety of different forms, the most common form of virus is Malware. With Malware, the attack can target many different functions of your computer system, from data theft or loss, onward infection intent on polluting your entire infrastructure, or one to cause malfunctions to the systems. The statistics show that “the average recovery time for a business or individual from a malware attack can be close to two months”². Could you afford a two-month recovery?

 

How infections happen

The most common way for your computer to get infected is through a compromised email commonly called ‘a Phishing email’. Phishing emails are an online scam that is on the rise, in 2019 there were an astonishing 129.9 million during the second quarter of the year alone.³ Criminals pose as legitimate organisations through email, advertisement or text message to scam you out of personal/ sensitive information. They pose as being from a well-established trusted company, usually a credit card company, social networking site, online payment website, or a bank.

 

There are usually key factors to look out for on a phishing email. Take these examples and look them up on the example email.

  1. Think of the channel you would normally communicate with the particular vendor on if this does not match up then that’s an immediate red flag, for example, if you normally communicate via text or Whatsapp an email is out of the ordinary.
  2. They are trying to create urgency, by giving you a 24-hour deadline along with a threat by telling you that you’re going to lose your account altogether.
  3. Hover over the included links before clicking them! Check where the hyperlink is going to take you before you click it blindly, clicking this link in the example would make your information and data available to hackers- if there is no match between the apparent URL and the real URL delete the message!
  4. Check previous emails from the sendee and check if the emails are normally unable to be replied to.

 

This is just an example, some can be noticed by poor grammar and language used in the main text of the message.

Other ways in which viruses manage to get on your system can include that you may browse a compromised website or that it could come from a file on a memory stick or other removable storage media so stay vigilant.

 

Protect your business!

Anti-virus software should be on every computer in your office and at home. A lot of operating systems come with free anti-virus software but this is normally the bare minimum and will not protect your computer adequately. Anti-Malware software is your best option for protection today. A software-based firewall should be installed to avoid any websites, files and suspicious links causing problems on the system. Tablets and Smartphones come with their own security guidance, search these up for individual make and model to know what’s best for your device.

Only use the app stores from the manufacturer, downloading apps from unknown sources isn’t a good idea as they could contain Malware.

Access can be limited by running Apps and Programs in a ‘sandbox’. This is a good tool because it stops interactivity between other parts of your device or network, in turn not allowing them to harm the network or device with infected software. Remember to talk to your staff about Cybersecurity and stress to them how important it is.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

The average British household owns 7.4 internet-connected devices¹. The reason for this is because we have become a society based on having connectivity at our fingertips. We are obsessed with the latest tech, but some business owners don’t seem to have the same interest in keeping their current devices up-to-date and functioning to the best of their capabilities.

Not keeping your devices and software up to date is leaving you vulnerable to complications. A lot of these complications will do serious damage to your computer system, sometimes leaving it surplus to requirements as it won’t function the way it was intended to when purchased. Not updating can also restrict access to some applications, the app will see you as an ‘unsafe’ user.

A software update is a way for the vendor to tweak and fine-tune a product to make it better. A software update is a frequent improvement to functionality and security, it will sometimes have new features and addons to existing apps. Vendors update their software to fix any security vulnerabilities discovered, this is an obligation for the vendor to do so. Although it is in the vendors best interest to give free frequent updates to customers who have bought the latest technology from them. Vendors don’t want the customer going to a different vendor because their tech is lagging and glitching so much it makes the device not useable. Vendors keep the device basic functionality the same while developing and adapting its uses and features, in turn gaining your trust in them as a vendor.

If you have just finished your 12-month contract with a vendor and the vendor has consistently and effectively updated your device software, then you are going to be more likely to sign a new contract with them.

For the most part, updates are automatically installed when the newest version comes out.

What is the pinnacle of technology today will be obsolete this time next year, this is what we have become accustomed to, but what many people don’t know is that your IT has a lifespan as most don’t have their devices long enough to notice. That phone in the draw from 5 years ago won’t run the same as it did when you bought it, not only will it feel outdated and slow but there is a strong chance most features aren’t even accessible anymore and it will not be secure. IT has reached the end of its lifespan when the vendor stops performing frequent updates, making the device more vulnerable to cyber threats. Companies simultaneously release brand new models of products, this makes the old device obsolete forcing you to buy the new model to keep everything functioning as productively and securely as possible.

Updating software and devices as often as the updates are available is the way to get the most from your devices, it is also the way to be as safe and secure as possible.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

Access control is automatically embedded into our daily lives; from the stair gate for the kids, to the keys to your car. Access control is a reflex daily but it is often neglected when it comes to IT. Without the correct measures, your computer system will be vulnerable to breaches, and simply using passwords and anti-virus software isn’t enough.

Data theft or loss, damage to infrastructure or breach of privacy are just a few of the serious problems that could be the result of poor access controls within your business.

Keeping your team up to date with correct practice when it comes to data protection and access control is of the utmost importance, with human error being a common cause of data breaches nationally with digit.FYI stating ‘Human error was responsible for 90% of the UK’s cyber data breaches in 2019’¹.

 

How strong authentification protocols can help you be Cyber secure

Ensure staff only have access to a point that is valuable to their role within the company. Keeping as few people on the ‘special access privilege’ accounts as possible is a good way of improving security, it reduces the amount of staff with access to confidential and potentially infrastructure threatening information if accessed by non-authorised personnel.

Special access privilege accounts require the best protection if one of these accounts is hacked the hacker can exploit the platform and provide a base for a large-scale attack aimed at the main functions of your business, causing in some cases irreparable damage.

 

For example

A user is logged into a ‘privileged’ account. He opens an email which turns out to be a malware virus. The malware is known as ‘ransomware’ which encrypts all data on the network and demands a ransom to get it back. “In 2019, a business will fall victim to a ransomware attack every 14 seconds”². These ransomware attacks can be extremely expensive and time-consuming to put right and can be avoided. “Nearly 60% of all ransomware attacks in the enterprise demanded over £1,000. Over 20% of attacks asked for more than £10,000, £1% even asked for over £150,000”.³

Training staff that have access privileges is very important, if unaware of potential risks and if for example they open an infected email attachment, viruses are normally active from the same level of privilege to the account the user is signed into.

Access control systems identify the user by evaluating required login credentials that can include, personal identification numbers (PINs), biometric scan, security tokens, passwords or other authentification factors. Requiring two or more authentication factors a multifactor authentification (MFA) is a great addition to have as part of a layered defense.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

As we have spoken about previously, cybersecurity is the protection of computer systems from theft or damage to the hardware or data.

Cybersecurity is an issue in practically every person’s life in the modern world. With 70.7% of the population of the Philippines using the internet last year¹, along with the advancements of technology, our lives and personal information have become more accessible to potentially dangerous strangers than ever before. This in turn should make your cybersecurity at the forefront of concerns within your daily life and business.

With the correct Form of cybersecurity, you will not only be protected from what I mentioned above, but you will also appear more credible on a business level if companies and customers know you are doing everything possible to keep their information safe and secure at all times.

Here is a key element of cybersecurity in more detail.

 

Firewalls

Defining a ‘Firewall’

A ‘Firewall’ enables the enforcement of ‘security rules’ which protect users on the ‘trusted’ network from cyber threats originating typically from the internet (‘untrusted’ networks).

Firewalls can be divided into two distinct types based on where they sit within a network:

 

Boundary firewalls

Boundary firewalls are implemented at a network’s outer limits, resulting in all the devices within the network being subject to its protection.

Personal firewalls

Personal firewalls are installed software by individuals’ for devices.

 

How do firewalls work

Firewalls have predetermined rules they adhere to whilst policing traffic passing across a network. The firewall administrator manages these ‘rules’, configuring the firewall to block high-risk actions while allowing access to services online needed by users. Firewalls use several methods to ‘filter’ data. Here are three of the most common examples.

 

Deploying a Firewall

The size of your network will play a role in deciding the best way to install firewall protections. In very small networks featuring a handful of software firewalls installed on each device may offer sufficient protection provided they are managed effectively.

 

Safeguard administrative accounts – strong passwords and authentication protocols

Use strong passwords

As tempting as a short repetitive password is, accounts should be accessed using long, complex passwords featuring a series of numbers, special characters, and letters in upper and lower case.

 

> Restrict access to a small number of devices

Make access limited only to a small number of ‘trusted’ IP addresses. These could be PC’s configured with limited functionality to reduce cyber risk.

 

> Use two-factor authentication

Use additional access criteria to verify the identity of those accessing administrative accounts.

 

> Carefully record and manage Firewall rules

You should appoint someone to oversee the running of the firewall and also the implementation of rules as and when needed.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

¹https://www.statista.com/statistics/975072/internet-penetration-rate-in-the-philippines/#:~:text=In%202019%2C%2070.7%20percent%20of,the%20population%20using%20the%20internet.

As we explored in our last article, cybersecurity is an integral part of every business in the current age. There were 1,100,000 cyberattacks in the Philippines in 2019¹ highlighting the importance of cybersecurity.

Here are a few of the things to look out for.

 

System configuration

System configuration control requires businesses to optimize all settings within their network for maximum security, ensure the upkeep of the system via maintenance as this minimizes opportunities for cybercriminals.

As easy as this sounds, breaking down your network into its component parts and fine-tuning each part to be as secure as possible can be a daunting task to undertake for the unconfident or uninitiated.

 

A poorly configured IT system could set you up for failure!

Keeping up with, and applying secure settings requires you to stay vigilant and aware of the latest security protocol! Regular system reviews are essential, be proactive when it comes to maintenance and make regular changes to your settings as your business develops. A poorly configured system could set you up for failure with disastrous consequences.

 

Unauthorized Access

To avoid unauthorised access, managing permissions is of the utmost importance, (by individuals within or outside your organization) to confidential information, system settings and sensitive data. Unauthorised access could result in malware intrusion, data theft/loss, or deliberate or accidental changes to security settings which could present future opportunities for cybercriminals.

 

Poorly maintained software

Patch management is vital to stop hackers. Failing to have the correct security infrastructure and fixes can leave software vulnerabilities exposed for longer- leading to a greater probability of a damaging cyber-attack.

 

Stay secure

Only use the latest supported software

 If you’re using unsupported programs that are no longer being updated and maintained by the vendor then you are leaving your system open to a cyber-attack. Hackers are always looking to exploit problems and vulnerabilities in outdated software.

 

Use a vulnerability scanning tool

Vulnerability scanners are useful tools in identifying weak points across networks, devices, online services and applications. Make regular scans as part of your cybersecurity routine.

 

Disconnect unnecessary peripherals and avoid removable media

Disarm ports to discourage the use of flash drives and other removable media. Such devices are common causes of transmission for malware and stop the use of them wherever possible.

 

Form guidelines for secure software configuration

Create a set of rules on how software programs should be set up to ensure maximum security. Perhaps include a rule that requires unnecessary apps, services and functionality to be removed or disabled, or be sure that said app or service has a multifactor authentication wherever available. And keep a record of any cases that the rules cannot be adhered to.

 

Draw up an inventory of all hardware and software

A good basis to begin configuring your network for maximum security is to create an inventory of all the hardware and software components of your network. Keep record details such as purpose, version, location, and patch status to aid in system maintenance efforts.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

¹https://www.statista.com/statistics/1136151/philippines-number-hacking-incidents-by-region/#:~:text=In%202019%2C%20the%20number%20of,Capital%20Region%20and%20Region%20

Cybersecurity is the protection of computer systems, networks, mobile devices, electronic systems, and data from malicious attacks. The objective of cybersecurity is to prevent harm to your computer networks, applications, devices and data.

Cybersecurity is constantly evolving to keep up with the shifting strategies and technology used by hackers.

The importance of cybersecurity can’t be stressed enough, it encompasses everything that involves protecting personally identified information (PII), protected health information (PHI), personal information, intellectual property; practically all information of value in the modern world as everything is stored via a computer system, an easily hackable platform unless adequately protected.

A Clark School study at the University of Maryland is one of the first to gauge the magnitude of the problem with hacker attacks of computers with internet access happening every 39 seconds on average, affecting 1 in 3 people every year. Most attacks could have been avoided if people used secure usernames and passwords.

Having the correct technical and organizational measures in place to protect the sensitive data that your business holds is very important, not just for you but for your employee and customer information also.

 

The business benefits of having a good standard of cybersecurity

The cost of a cyber-attack

‘Overall: We estimate that malicious cyber activity cost the U.S economy 57 billion’ in 2019.¹

 

Customer appeal 

Stating to your customers that you have a cybersecurity protocol in place will also prove attractive to potential customers concerned about the security of their data, possibly resulting in new revenue streams for the business.

 

Certification inspires confidence

Some cybersecurity programmes provide certification, following the correct procedure which will allow you to be permitted to display a badge or certificate. This badge or certification will distinguish your business as one that cares about online security. It will ensure customers, suppliers and partners that their personal and business data is safe in your hands.

 

Where to start with cybersecurity

A good place to start with cybersecurity is by implementing best practices, known as five key controls for cybersecurity.

These include:

  1. Firewalls
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

There are of course factors outside of these five controls to aid in the protection of your data, however, these are a good place to start. In each of our following blogs, we will be exploring each of these controls in more detail and how you can implement the best practices around each in your business.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them.

To find out how we can help you with your security and protection, contact us for more information.

 

Sources

¹https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf

remote work

The world’s second-biggest fashion retailer was today handed a monumental fine for violating the European Union’s General Data Protection Regulation (GDPR).

A German subsidiary of Hennes & Mauritz AB (H&M) was fined €35,258,707.95 by regulatory body the Hamburg Data Protection Authority (HmbBfDI) for excessive use of employee data. H&M employs around 126,000 people globally.

The fine imposed on H&M Hennes & Mauritz Online Shop A.B. & Co KG is the largest to be levied so far against a company for GDPR violations involving how employee data is handled.

“We are likely to see more pressure on employers to justify the handling of employee data as a result of today’s fine,” commented Jonathan Armstrong, partner at Cordery Legal Compliance.

HmbBfDI launched an investigation into H&M’s Service Center in Nuremberg after a 2019 data breach caused by a configuration error revealed how much data H&M Germany was collecting about the private lives of its employees.

The authority found that since at least 2014, H&M had been collecting and storing on its company network copious amounts of data concerning their employees’ holiday experiences, family issues, religious beliefs, and symptoms of illness and diagnoses.

The data was collected during one-to-one conversations between employees and their supervisors and during “welcome back talks” held between employees and team leaders after an absence from work. Some of the data was accessible by up to 50 other managers.

After evaluating 60GB of H&M data and reviewing witness evidence and the company’s internal procedures, HmbBfDI ruled that “the combination of collecting details about their private lives and the recording of their activities led to a particularly intensive encroachment on employees’ civil rights.”

H&M subsequently apologized to its employees. Today the company confirmed that financial compensation would be given to everyone employed at the impacted entity since May 2018, when GDPR became law.

News of the financial penalty comes as the Swedish multinational clothing company announced plans to close 250 of its stores globally. The company said the closures, scheduled to take place in 2021, are driven by customers’ showing a marked preference for shopping online.

The firm has 5,000 stores worldwide, 166 of which are currently closed due to restrictions put in place to slow the spread of COVID-19.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

remote work

Microsoft’s Teams had a very busy September adding a host of new features. Now, the firm is looking to improve the performance of its Teams service as it continues in the battle to beat Zoom in the video conferencing space.

In an update detailing the features added in September, Microsoft explained how it was trying to improve Teams’ performance as a large proportion of the workforce continues to work from home.

Microsoft says it’s working to ensure businesses and schools “have a high-performance experience that scales across their devices and levels of internet connectivity.”

 

Performance improvements in Teams 

For times when there is limited network connectivity, Microsoft is working on enabling offline support in Teams so users can write messages offline and these can be automatically sent when connectivity is re-established. It’s already possible to run the desktop client on Windows and macOS in environments with limited bandwidth or without a network connection.

Meanwhile, Microsoft says it has boosted Teams’ desktop launch time on Windows and macOS by up to 30% and is making changes to video rendering. At the same time, Microsoft is optimizing battery life for Teams iOS users in a move aimed to help support Firstline Workers and those away from their desktops throughout the day. In addition, Microsoft says it’s optimizing the Android Teams app for low bandwidth environments.

New features to beat Zoom

The improvements to performance come hot on the heels of some major Teams feature updates during September as Microsoft looks to leapfrog Zoom in the videoconferencing space. For example, Teams Together Mode has seen the addition of Scenes, which will enable work colleagues to meet in a variety of settings including coffee shops, auditoriums and conference rooms.

This month, Microsoft Teams will launch breakout rooms allowing people to break off into smaller groups during a meeting or conference.

Other Teams features to rival Zoom include improvements to Teams on both iPhones and Android smartphones and the ability to see up to 49 participants on a call. In order to take advantage of this new view, Microsoft says users will need to turn on the multi-window meeting experience.

A lot of these capabilities are already available in Zoom, but Microsoft has integrated Teams features into the rest of its offerings.

For example, the new Advanced Communications offering really takes advantage of the IT giant’s other services, and it’s also announced more Microsoft 365 integrations coming soon.

Zoom lacks that integration, plus a lot of people still have concerns over its security—despite its best efforts to improve.

As well as these exciting new features, the Teams improvements will certainly be welcome, since some users have complained about performance issues when using the video conferencing service. If Microsoft can combine solid performance with a feature rich and integrated service, Teams has a serious chance of beating Zoom.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.forbes.com/

remote work

Ransomware gangs are performing wide-ranging internet scans to find vulnerable systems and then accelerating attacks to just minutes to capitalize on COVID-19, Microsoft has warned.

Corporate VP of customer security and trust, Tom Burt, revealed the findings in a blog post introducing the firm’s Digital Defense Report yesterday.

He claimed that threat actors have “rapidly increased sophistication” over the past year, with ransomware the number one reason for Microsoft incident response between October 2019 and July 2020.

“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system — compromising, exfiltrating data and, in some cases, ransoming quickly — apparently believing that there would be an increased willingness to pay as a result of the outbreak. In some instances, cyber-criminals went from initial entry to ransoming the entire network in under 45 minutes,” Burt explained.

“At the same time, we also see that human-operated ransomware gangs are performing massive, wide-ranging sweeps of the internet, searching for vulnerable entry points, as they ‘bank’ access – waiting for a time that is advantageous to their purpose.”

Attackers have also become more sophisticated in performing reconnaissance on high-value targets, so that they appear to know when certain factors like holidays will reduce the victim organization’s chances of patching, or otherwise hardening their networks.

They’re also aware of how billing cycles operate in certain industries, and thus when specific targets may be more willing to pay, Burt claimed.

In total, Microsoft blocked over 13 billion malicious and suspicious emails in 2019, over one billion of which contained phishing URLs. Phishing now comprises over 70% of attacks, although the volume of COVID-related threats has dropped significantly from a peak in March, it said.

This isn’t the only threat to home workers: Microsoft said it also saw an increase in brute force attacks on enterprise accounts in the first half of the year and urged widespread use of multi-factor authentication (MFA).

Burt said nation-state actors have also been changing their tactics of late, shifting targets to healthcare providers and vaccine researchers, public policy think tanks and NGOs. Although each group has their preferred techniques, reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits were most common over the past year, said Burt.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

remote work

The way cybersecurity awareness training is conducted in organizations has a huge bearing on employees’ subsequent security outlook and behaviours, according to a new report from Osterman Research.

The researchers discovered that users who found security training “very interesting” were over 13-times more likely to make “fundamental changes” to how they think about security compared to those who considered the training “boring.”

The survey of 1000 US everyday employees, IT managers and decision-makers also found that the quantity of security awareness training given makes a major difference, with the ability of staff to spot and deal with security threats such as phishing and business email compromise improving as more training is provided.

Encouragingly, it appears as though organizations are set to place much greater emphasis on security awareness training going forward, with around 45% of employees surveyed expecting to spend 15 minutes or more per month in training by mid-2021, a substantial rise from 26% in 2020. In addition, this type of training was regarded as just as important as technology in dealing with security threats by respondents.

Despite this, the authors said that although organizations generally want to establish a strong cybersecurity culture, IT, security and business leaders are not effectively conveying that idea to a large proportion of their employees, with senior IT and business management much more enthusiastic about security awareness training than non-management employees.

Overall, the report noted that “security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.”

Lisa Plaggemier, chief strategist at MediaPRO, which co-sponsored the research, added: “Security awareness training doesn’t do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall.

“Good security awareness training should get and keep your attention. That’s what it means to be engaging.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/