CyberSecurity Archives

Cyber extortion: What is it and what’s the risk to your business?

Lindy / 12 August 2024

August 12th 2024 By Matthew Phillips Cyber extortion: What is it and what’s the risk to your business? Here’s a topic that’s been making headlines and causing sleepless nights for many: Cyber extortion. Is it something that’s on your radar? It should be, because it might affect your business one day. What is cyber extortion? It’s a type of cybercrime where criminals threaten to harm your business by compromising its data and digital assets unless a ransom is paid. These threats often involve ransomware, a malicious software that encrypts your data, making it inaccessible until you pay the ransom. Sometimes, cyber criminals go a step further by stealing data and threatening to release it publicly on dark web leak sites if their demands aren’t met. This dual threat is known as double extortion. According to a 2024 report, the number of victims of cyber extortion scams has skyrocketed by 77% over the past year. What’s more, small businesses are four times more likely to be targeted compared to their larger counterparts. This is a worrying trend, especially considering that smaller businesses often have fewer resources to defend against these attacks. In the first quarter of this year alone, 1,046 businesses fell victim to double extortion. That may not seem huge, but bear in mind the actual number is likely much higher since many cases go unreported, hiding in the shadows of what experts call the “dark number.” The truth is, all businesses, regardless of size or industry, are potential targets. However, certain sectors are more frequently attacked. Manufacturing, professional, scientific, and technical services, as well as wholesale trade, top the list. Alarmingly, the healthcare and social assistance sectors are also seeing a significant rise in attacks, despite the potential societal and political repercussions. Cyber criminals are opportunistic and strategic. They target regions with strong economic growth and shared languages. For instance, cyber extortion attacks in the UK have increased by 96%. https://player.vimeo.com/video/992076839? While the rise in cyber extortion is a big worry, there are steps you can take to protect your business. Here are some key strategies: Back up your data: Make sure you have a robust backup plan. Keep your critical data in an offline or offsite location and regularly test your backup restoration process. Keep software updated: Make sure all your devices use the latest software, especially those connected to the internet. Implement Multi-Factor Authentication (MFA): Strengthen your access controls with MFA. This adds an extra layer of security by requiring multiple forms of verification before access is granted (such as a code on a separate device). Also, limit user access to only the systems they need for their job. Patch and vulnerability management: Regularly update your systems to fix any security vulnerabilities. Cyber criminals often exploit known weaknesses, so staying on top of patches can prevent many attacks. By understanding what cyber extortion is and how it works, you can better prepare your business to defend against it. Remember, the key is to be proactive. If we can help prepare your business and keep it safe, get in touch.

Uncategorised

Slow PCs? Manage which applications launch at startup

Lindy / 5 August 2024

August 5th 2024 By Matthew Phillips Slow PCs? Manage which applications launch at startup Staying on top of how your technology is set up is crucial for maintaining a reliable network. And one often-overlooked aspect is managing which applications start up when your business’s PCs start up. With lots of software wanting to auto-start, it can slow down your system and potentially introduce security risks. But did you know that Windows 11 offers a useful feature that alerts you whenever new apps are added to the startup list? Every time you hit the power button on your PC, it loads a set of apps automatically. While some of these are essential, others might not be, and can slow down your system’s performance. Over time, as you install more software, your startup list can grow, leading to longer startup times and a slow experience. Not only that but keeping an eye on startup apps is good security practice. Unwanted or unknown apps starting automatically can be a red flag for malicious software (malware) or other security threats. By receiving alerts about new startup apps, you can quickly identify and investigate any suspicious additions, making sure that your systems stay secure. How do you enable these alerts in Windows 11? It’s a simple process: Start by opening the Windows 11 system settings. You can do this by clicking the Start menu and selecting the gear icon or by pressing ‘Windows + I’ on your keyboard. In the settings window, click on ‘System’ in the left sidebar, then select ‘Notifications’ on the right. Scroll down to the bottom of the notifications page. Just above Additional settings, you’ll find ‘Startup App Notification’, which is switched off by default. Move the slider to ‘On’. From then on, you’ll receive a notification whenever a new application is added to the startup process. You can even customise what this notification looks like by clicking on the arrow next to the slider button, allowing you to adjust its appearance and sound to suit your preferences. https://player.vimeo.com/video/991637861? Turning on these alerts brings several benefits to your business. First, it helps keep your PCs running efficiently. By staying informed about new startup apps, you can quickly disable any unnecessary software that might be slowing down your system. This means faster start times and better overall performance, allowing your team to get to work without delays. Secondly, it enhances security. Receiving alerts for new startup apps means you can immediately investigate any unknown or suspicious additions. This proactive approach helps prevent potential security threats from taking hold, safeguarding your business data and systems. Lastly, it’s a great way to keep track of what’s installed on your machines. With various team members possibly installing different software, these alerts give you a clear overview of what’s being added to the startup list, making sure that only approved applications are running. To further manage startup apps, you can use Task Manager. Press ‘Ctrl + Shift + Esc’ to open Task Manager, then select the ‘Startup’ tab. Here, you’ll see a list of all the apps that start with Windows, along with their impact on boot time. You can enable or disable apps by selecting them and clicking the appropriate button at the top right. By regularly checking this list and using the new alert feature, you can keep your startup process streamlined and your system secure. A better answer is getting someone to set all of this up and manage it for you. We specialise in making technology easy for businesses. If we can help, get in touch.

Uncategorised

Ransomware threats are surging – here’s how to protect your business

Lindy / 1 July 2024

July 1st 2024 By Matthew Phillips Ransomware threats are surging – here’s how to protect your business Imagine waking up one morning, turning on your computer, and finding that all your important files – everything from customer data to financial records – are locked. Tight. And then a scary message pops up demanding a ransom fee to unlock them. That’s ransomware in a nutshell. It’s a type of malicious software that hijacks your data and holds it for ransom. It usually starts with an innocent-looking email or link. You might get an email that seems legitimate, asking you to click on a link or open an attachment. This is known as a phishing email, where the sender appears to be genuine but isn’t. Once you click, malicious software is silently installed on your system. From there, the cyber criminals quickly go to work. They’ll be encrypting your files so you can’t access them. Then, you get that dreaded ransom note, demanding payment in exchange for a decryption key to unlock your files. Paying the ransom is a risky move because there’s no guarantee you’ll get your data back, and it just encourages the attackers to target more victims. https://player.vimeo.com/video/963146209 2023 was a particularly bad year for ransomware, with attacks surging after a two-year decline. According to a report, there was a huge increase in ransomware incidents, breaking a six-year record. One reason for this spike is the rise of something called Ransomware-as-a-Service (RaaS). This model lets cyber criminals “rent” ransomware tools, making it easier than ever for them to launch attacks. As a result, more businesses are finding themselves posted on data leak sites, with a 75% increase in the number of victims between 2022 and 2023. Ouch. And it gets worse. Attackers are getting smarter. They’re developing new variants of old ransomware, sharing resources, and using legitimate tools for malicious purposes. They’re also working faster, often deploying ransomware within 48 hours of gaining access to a network. And they tend to strike outside of work hours, such as when you’re tucked up in your bed, so they’re less likely to be noticed. If your business falls victim to a ransomware attack, the consequences can be devastating. You might face significant financial losses, not just from the ransom itself but also from the cost of downtime and recovery. There’s also the risk of losing critical data if you can’t decrypt your files. Your reputation could take a hit if customers find out their information was compromised. Oh, and your business operations could be severely disrupted, affecting your ability to serve your clients. The most important question then: How can you protect your business from this growing threat? Start by educating your team. Make sure everyone knows how to spot phishing emails and avoid suspicious links and attachments Regularly back up your critical data and securely store those backups offline Keep your software and systems up to date with the latest security patches, and invest in strong security tools It’s also important to limit access to your data. Only give employees access to the information they need for their jobs Monitor your network for unusual activity and have a plan in place to respond to incidents quickly If you do get hit by a ransomware attack, don’t panic. Work with cyber security experts (like us) to resolve the issue. Remember, it’s best not to pay the ransom, as it only fuels the cyber criminals’ activities. My team and I help businesses take proactive action to protect their data. If we can help you, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Are your employees reporting security issues fast enough… or even at all?

Lindy / 24 June 2024

June 24th 2024 By Matthew Phillips Are your employees reporting security issues fast enough… or even at all? Getting your team to report security issues quickly is something that’s important for your business… but maybe something that might not have crossed your mind before. You might think that with so many security tech tools, you’re covered. But guess what? Your employees are your first line of defence, and they’re irreplaceable when it comes to spotting and reporting security threats. Imagine this: One of your employees receives a fishy-looking email that appears to be from a trusted supplier. It’s a classic phishing attempt (that’s where a cyber criminal sends an email and pretends to be someone else to steal your data). If the employee brushes it off or thinks someone else will handle it, that innocent-looking email could lead to a massive data breach, potentially costing your company big bucks. The truth is, less than 10% of employees report phishing emails to their security teams. That’s shockingly low. Why? Well: They might not realise how important it is They’re scared of getting into trouble if they’re wrong Or they think it’s someone else’s job Plus, if they’ve been shamed for security mistakes before, they’re even less likely to speak up. https://player.vimeo.com/video/958475930 One of the biggest reasons employees don’t report security issues is that they just don’t get it. They might not know what a security threat looks like or why reporting it is crucial. This is where education comes in, but not the boring, jargon-filled kind. Think of cyber security training as an engaging and interactive experience. Use real-life examples and scenarios to show how a small issue can snowball into a major problem if not reported. Simulate phishing attacks and demonstrate the potential fallout. Make it clear that everyone has a vital role in keeping the company safe. When employees understand their actions can prevent a disaster, they’ll be more motivated to report anything suspicious. Even if your employees want to report an issue, a complicated reporting process can stop them in their tracks. Make sure your reporting process is as simple and straightforward as possible. Think easy-access buttons or quick links on your company’s intranet. Make sure everyone knows how to report an issue. Regular reminders and clear instructions can go a long way. And when someone does report something, give them immediate feedback. A simple thank you or acknowledgment can reinforce their behaviour and show them that their efforts matter. It’s all about creating a culture where reporting security issues is seen as a positive action. If employees feel they’ll be judged or punished, they’ll keep quiet. Leaders in your company need to set the tone by being open about their own experiences with reporting issues. When the big boss talks openly about security, it encourages everyone else to do the same. You could even consider appointing security champions within different departments. These are your go-to people for their peers, offering support and making the reporting process less intimidating. Keep security a regular topic of conversation so it stays fresh in everyone’s minds. Also, celebrate the learning opportunities that come from reported incidents. Share success stories where reporting helped avoid a disaster. This not only educates but also motivates your team to keep their eyes open and speak up. By making it easy and rewarding for your employees to report security issues, you’re not just protecting your business; you’re also building a more engaged and proactive workforce. Encourage open communication, continuous learning, and avoid shaming anyone for their mistakes. The faster issues are reported, the easier and cheaper they are to fix, keeping your business secure and thriving. This is something we regularly help businesses with. If we can help you too, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Cyber security training once a year isn’t working

Lindy / 6 May 2024

May 6th 2024 By Matthew Phillips Cyber security training once a year isn’t working We all know how important it is to keep our people up-to-date on the latest cyber threats. After all, with cyber-attacks on the rise, staying one step ahead is crucial to protect your business from potential breaches. But here’s the thing – annual cyber security training just isn’t cutting it anymore. Sure, it’s become a routine part of the calendar for many organisations. And it’s great that it’s happening at all. But ask any security leader, and they’ll tell you… employees find it time-consuming and uninspiring. From clicking through slides to skimming through videos at double-speed, it’s usually seen as just another box to tick. And let’s be honest, even for those who do engage with the training, there’s little evidence it leads to real behaviour change. That’s because the traditional approach lacks interactivity and doesn’t connect with employees on a personal level. It’s more about ticking boxes than building a culture of cyber security vigilance. https://player.vimeo.com/video/936681329 Guess what? There’s a better way. It’s all about small, regular, human-centric interventions. Think of it like the speed signs you see when you’re driving. They remind people to stop and think before they engage in risky behaviour. Just as the signs work for driving, this kind of training makes your employees more aware of what they’re clicking. By nudging employees toward safer decisions in real-time, we can help them develop better cyber hygiene habits without overwhelming them with information overload. It’s about empowering them to make smarter choices every day. And with the amount of Generative AI and third-party tools we’re surrounded with right now, it’s more important than ever to give employees the guidance they need to navigate potential risks. Whether it’s through real-time coaching or policy reminders, we can help employees understand the importance of safeguarding sensitive data. So, while there may be a place for annual training, it’s time to think about using a more proactive approach to cyber security education. This is something we can help you with. If you want to learn more, get in touch. Published with permission from Your Tech Updates. Share

Uncategorised

Uh oh! You’re at greater risk of malware than ever before

Lindy / 22 April 2024

April 22nd 2024 By Matthew Phillips Uh oh! You’re at greater risk of malware than ever before Here’s something not-so-fun but incredibly important to talk about: Malware attacks. And it’s bad news. These scary cyber threats are hitting small and medium-sized businesses (SMBs) harder than ever before. That means you need to know how you can defend your business. First things first, what exactly is malware? Think of it as the digital equivalent of the germs that make you sick. Malware, short for malicious software, is like the flu virus of the cyber world. It’s designed to sneak into your computer systems or network and wreak havoc in all sorts of ways. So, what kinds of malware are we talking about here? Well, according to a recent report, there are a few major troublemakers: Information-stealing malware, ransomware, and business email compromise (BEC). You might be wondering why you should care about malware. Let me set the scene. You’re running your business smoothly, minding your own business, when BAM! A malware attack hits. Suddenly, your files are encrypted, your systems are locked down, and you’re being held hostage for ransom. Sounds like a nightmare, right? That’s the reality for many SMBs facing malware attacks. It’s not just about losing money – it’s about the potential damage to your reputation, your operations, and your customers’ trust. https://player.vimeo.com/video/930625770? But there are plenty of ways to fight back against malware and keep your business safe and sound: Educate your team Teach your employees to spot phishing emails (an email pretending to be from someone you trust), suspicious links, and other sneaky tactics used by cyber criminals. A little awareness goes a long way. Armour up your devices Make sure all your computers and devices are equipped with the best software to prevent attacks. Back up, back up, back up Regularly back up your data to secure offsite locations. That way, if you are attacked, you’ll have a backup plan (literally) to restore your files. Fortify your network Improve your network security with firewalls, encryption, and other powerful weapons. We can help with all of that. Stay sceptical Be cautious of suspicious emails or requests for sensitive information. When in doubt, double-check the sender’s identity and never click on risky links or attachments. Have a plan Prepare an incident response plan for dealing with malware attacks. Think of it as your emergency playbook, complete with steps for containing the threat, recovering your data, and reporting the incident. That’s a lot to take in, but remember, knowledge is power. These are all things we help our clients with, so they don’t have to worry about it. If we can help you too, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Which ransomware payment option is best? (Hint: none)

Lindy / 26 February 2024

February 26th 2024 By Matthew Phillips Which ransomware payment option is best? (Hint: none) Picture this: Your business gets hit by a ransomware attack, and your valuable data is locked away by cyber criminals demanding a huge ransom fee. You can’t afford to pay it. But there’s a twist – just like those “buy now, pay later” schemes, some ransomware gangs are offering victims payment extension options. Recent research reveals that ransomware groups are getting creative with their extortion strategies. One group is even offering victims various choices when it comes to their ransom demands. These “choices” include: Paying to delay the publication of their stolen data, with a standard fee of $10,000… or paying to have their stolen data deleted before it’s made public. The exact amounts charged are often negotiated with victims, adding a chilling dimension to the whole ordeal. To increase the pressure on victims, these ransomware groups have added some terrifying features to their web sites. These include countdown timers displaying how much time businesses have before their data is released, view counters, and even tags revealing the victim’s identity and description. https://player.vimeo.com/video/912315206 It’s all designed to make victims feel cornered and more likely to give in to the demands. You might be tempted to pay that ransom to protect your business data. Not so fast. Paying is always a bad idea and here’s why… Paying doesn’t guarantee that you’ll get your data back or that the cyber criminals won’t demand more money later. By paying, you’re essentially funding criminal activities, encouraging them to continue their attacks on others. Paying a ransom might even get you into legal trouble, as some governments have made it illegal to pay cyber criminals. So, what can you do to safeguard your business from falling victim to ransomware? Ensure you have regular, secure backups of your data. This way, you won’t be at the mercy of cyber criminals. Educate your staff about the risks of ransomware and train them to recognise phishing emails and suspicious links. Invest in robust cyber security software and keep it up to date. Keep your systems and software updated with the latest security patches. Segment your network to limit the spread of ransomware if one device gets infected. Develop a clear incident response plan, so you know exactly what to do if you’re ever hit by a ransomware attack. Paying cyber criminals rarely makes things better, and we’re seeing businesses that do pay become targets time and time again. Instead, invest in the proactive measures above to help you stay secure. And if we can help you with that, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Don’t think your business is a target? Think again

Lindy / 12 February 2024

February 12th 2024 By Matthew Phillips Don’t think your business is a target? Think again You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that’s where the big bucks are, right? Think again. Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from independent shops to global enterprises. And they’re doing it with the help of something called “botnets.” You may have heard about the rise of malicious botnets, and you’re probably wondering, “what on earth is a botnet, and why should I care?” Botnets are the secret weapons of cyber criminals. They’re armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart fridge. Yes, even your fridge can be turned into a cyber weapon. A new report observed “massive spikes” in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that’s a hundred times the usual levels of botnet activity. https://player.vimeo.com/video/907530131 Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That’s a lot of compromised devices. And it didn’t stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on the 5th and 6th of January there were spikes of more than a million devices! Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems. Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific “ports” that serve as entry points. What can you do to protect yourself from these cyber threats? It’s all about strengthening those doors and windows. Here are a few simple steps: Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities. Install a good firewall and reliable antivirus software to protect your devices. Educate your employees about cyber security best practices, such as avoiding suspicious links and emails. Enforce strong, unique passwords for all your accounts and devices. Regularly back up your data to prevent loss in case of a cyber attack. Keep an eye on your network for any unusual activity. Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures. If we can help you keep your business better protected, get in touch. Published with permission from Your Tech Updates.