Cyber Attack Archives

Heads up: You need to update Windows 11 by this deadline

Lindy / 19 August 2024

August 19th 2024 By Matthew Phillips Heads up: You need to update Windows 11 by this deadline Microsoft has issued an important update: If you’re using Windows 11, you need to upgrade to version 23H2 before 8th October 2024. After this, older versions will no longer receive essential security updates, putting your systems at risk. Why is this important? Because Microsoft will stop supporting older Windows 11 versions for business accounts. This includes stopping security updates, which are vital for protecting your systems against the latest cyber threats. The latest version includes advanced security features to protect against new threats, making sure your business data remains safe. But updating to Windows 11 version 23H2 brings other benefits beyond security. You’ll also notice performance improvements, making your systems run faster and more efficiently, which is great for productivity. Plus, new tools and features are continually added, helping streamline your workflows and improve overall efficiency. Staying updated ensures compatibility with new software and technologies, maintaining smooth business operations. Delaying the update could leave your business vulnerable to cyber-attacks. Without security updates, your systems will be exposed to potential exploits, risking data breaches and financial loss. Microsoft typically enforces updates post-deadline to keep people safe, especially for business devices not managed by IT departments. While this is helpful, it’s better to update proactively on your own schedule. https://player.vimeo.com/video/993531820? Updating to version 23H2 is straightforward. First, check your current version by going to Settings, then System, and selecting About. Before updating, make sure to back up all your important files to prevent data loss. Navigate to Settings, then Update & Security, and select Windows Update. Click on “Check for updates” and follow the prompts to install version 23H2. Once the update is complete, restart your computer and verify the new version in Settings, System, and About again. Making sure your systems are up to date will keep your business secure and running efficiently. Don’t wait until the last minute… upgrade to Windows 11 version 23H2 now. Keeping businesses protected and productive is our top priority. So, if you need any help with that, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Ransomware threats are surging – here’s how to protect your business

Lindy / 1 July 2024

July 1st 2024 By Matthew Phillips Ransomware threats are surging – here’s how to protect your business Imagine waking up one morning, turning on your computer, and finding that all your important files – everything from customer data to financial records – are locked. Tight. And then a scary message pops up demanding a ransom fee to unlock them. That’s ransomware in a nutshell. It’s a type of malicious software that hijacks your data and holds it for ransom. It usually starts with an innocent-looking email or link. You might get an email that seems legitimate, asking you to click on a link or open an attachment. This is known as a phishing email, where the sender appears to be genuine but isn’t. Once you click, malicious software is silently installed on your system. From there, the cyber criminals quickly go to work. They’ll be encrypting your files so you can’t access them. Then, you get that dreaded ransom note, demanding payment in exchange for a decryption key to unlock your files. Paying the ransom is a risky move because there’s no guarantee you’ll get your data back, and it just encourages the attackers to target more victims. https://player.vimeo.com/video/963146209 2023 was a particularly bad year for ransomware, with attacks surging after a two-year decline. According to a report, there was a huge increase in ransomware incidents, breaking a six-year record. One reason for this spike is the rise of something called Ransomware-as-a-Service (RaaS). This model lets cyber criminals “rent” ransomware tools, making it easier than ever for them to launch attacks. As a result, more businesses are finding themselves posted on data leak sites, with a 75% increase in the number of victims between 2022 and 2023. Ouch. And it gets worse. Attackers are getting smarter. They’re developing new variants of old ransomware, sharing resources, and using legitimate tools for malicious purposes. They’re also working faster, often deploying ransomware within 48 hours of gaining access to a network. And they tend to strike outside of work hours, such as when you’re tucked up in your bed, so they’re less likely to be noticed. If your business falls victim to a ransomware attack, the consequences can be devastating. You might face significant financial losses, not just from the ransom itself but also from the cost of downtime and recovery. There’s also the risk of losing critical data if you can’t decrypt your files. Your reputation could take a hit if customers find out their information was compromised. Oh, and your business operations could be severely disrupted, affecting your ability to serve your clients. The most important question then: How can you protect your business from this growing threat? Start by educating your team. Make sure everyone knows how to spot phishing emails and avoid suspicious links and attachments Regularly back up your critical data and securely store those backups offline Keep your software and systems up to date with the latest security patches, and invest in strong security tools It’s also important to limit access to your data. Only give employees access to the information they need for their jobs Monitor your network for unusual activity and have a plan in place to respond to incidents quickly If you do get hit by a ransomware attack, don’t panic. Work with cyber security experts (like us) to resolve the issue. Remember, it’s best not to pay the ransom, as it only fuels the cyber criminals’ activities. My team and I help businesses take proactive action to protect their data. If we can help you, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Are your employees reporting security issues fast enough… or even at all?

Lindy / 24 June 2024

June 24th 2024 By Matthew Phillips Are your employees reporting security issues fast enough… or even at all? Getting your team to report security issues quickly is something that’s important for your business… but maybe something that might not have crossed your mind before. You might think that with so many security tech tools, you’re covered. But guess what? Your employees are your first line of defence, and they’re irreplaceable when it comes to spotting and reporting security threats. Imagine this: One of your employees receives a fishy-looking email that appears to be from a trusted supplier. It’s a classic phishing attempt (that’s where a cyber criminal sends an email and pretends to be someone else to steal your data). If the employee brushes it off or thinks someone else will handle it, that innocent-looking email could lead to a massive data breach, potentially costing your company big bucks. The truth is, less than 10% of employees report phishing emails to their security teams. That’s shockingly low. Why? Well: They might not realise how important it is They’re scared of getting into trouble if they’re wrong Or they think it’s someone else’s job Plus, if they’ve been shamed for security mistakes before, they’re even less likely to speak up. https://player.vimeo.com/video/958475930 One of the biggest reasons employees don’t report security issues is that they just don’t get it. They might not know what a security threat looks like or why reporting it is crucial. This is where education comes in, but not the boring, jargon-filled kind. Think of cyber security training as an engaging and interactive experience. Use real-life examples and scenarios to show how a small issue can snowball into a major problem if not reported. Simulate phishing attacks and demonstrate the potential fallout. Make it clear that everyone has a vital role in keeping the company safe. When employees understand their actions can prevent a disaster, they’ll be more motivated to report anything suspicious. Even if your employees want to report an issue, a complicated reporting process can stop them in their tracks. Make sure your reporting process is as simple and straightforward as possible. Think easy-access buttons or quick links on your company’s intranet. Make sure everyone knows how to report an issue. Regular reminders and clear instructions can go a long way. And when someone does report something, give them immediate feedback. A simple thank you or acknowledgment can reinforce their behaviour and show them that their efforts matter. It’s all about creating a culture where reporting security issues is seen as a positive action. If employees feel they’ll be judged or punished, they’ll keep quiet. Leaders in your company need to set the tone by being open about their own experiences with reporting issues. When the big boss talks openly about security, it encourages everyone else to do the same. You could even consider appointing security champions within different departments. These are your go-to people for their peers, offering support and making the reporting process less intimidating. Keep security a regular topic of conversation so it stays fresh in everyone’s minds. Also, celebrate the learning opportunities that come from reported incidents. Share success stories where reporting helped avoid a disaster. This not only educates but also motivates your team to keep their eyes open and speak up. By making it easy and rewarding for your employees to report security issues, you’re not just protecting your business; you’re also building a more engaged and proactive workforce. Encourage open communication, continuous learning, and avoid shaming anyone for their mistakes. The faster issues are reported, the easier and cheaper they are to fix, keeping your business secure and thriving. This is something we regularly help businesses with. If we can help you too, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Cyber-attacks: Stronger, faster and more sophisticated

Lindy / 25 March 2024

March 25th 2024 By Matthew Phillips Cyber-attacks: Stronger, faster and more sophisticated A new security report has revealed some alarming trends. First off, cyber-attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year. This is not good news. Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber-criminal groups, bringing the total to over 230 groups tracked by the company. https://player.vimeo.com/video/922457618? And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence. But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber-attacks. They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over. Or they pretend to be someone your team trusts. This is called social engineering. So, what can you do to protect your business from these cyber threats? Educate your employees Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes. Implement strong password policies Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in). Keep your systems updated Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key. Invest in cyber security software Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this). Back-up your data Regularly back-up your data and store it in a secure location. In the event of a cyber-attack, having backups can help minimise downtime and data loss. When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Which ransomware payment option is best? (Hint: none)

Lindy / 26 February 2024

February 26th 2024 By Matthew Phillips Which ransomware payment option is best? (Hint: none) Picture this: Your business gets hit by a ransomware attack, and your valuable data is locked away by cyber criminals demanding a huge ransom fee. You can’t afford to pay it. But there’s a twist – just like those “buy now, pay later” schemes, some ransomware gangs are offering victims payment extension options. Recent research reveals that ransomware groups are getting creative with their extortion strategies. One group is even offering victims various choices when it comes to their ransom demands. These “choices” include: Paying to delay the publication of their stolen data, with a standard fee of $10,000… or paying to have their stolen data deleted before it’s made public. The exact amounts charged are often negotiated with victims, adding a chilling dimension to the whole ordeal. To increase the pressure on victims, these ransomware groups have added some terrifying features to their web sites. These include countdown timers displaying how much time businesses have before their data is released, view counters, and even tags revealing the victim’s identity and description. https://player.vimeo.com/video/912315206 It’s all designed to make victims feel cornered and more likely to give in to the demands. You might be tempted to pay that ransom to protect your business data. Not so fast. Paying is always a bad idea and here’s why… Paying doesn’t guarantee that you’ll get your data back or that the cyber criminals won’t demand more money later. By paying, you’re essentially funding criminal activities, encouraging them to continue their attacks on others. Paying a ransom might even get you into legal trouble, as some governments have made it illegal to pay cyber criminals. So, what can you do to safeguard your business from falling victim to ransomware? Ensure you have regular, secure backups of your data. This way, you won’t be at the mercy of cyber criminals. Educate your staff about the risks of ransomware and train them to recognise phishing emails and suspicious links. Invest in robust cyber security software and keep it up to date. Keep your systems and software updated with the latest security patches. Segment your network to limit the spread of ransomware if one device gets infected. Develop a clear incident response plan, so you know exactly what to do if you’re ever hit by a ransomware attack. Paying cyber criminals rarely makes things better, and we’re seeing businesses that do pay become targets time and time again. Instead, invest in the proactive measures above to help you stay secure. And if we can help you with that, get in touch. Published with permission from Your Tech Updates.