SecurityRisk Archives

Heads up: You need to update Windows 11 by this deadline

Lindy / 19 August 2024

August 19th 2024 By Matthew Phillips Heads up: You need to update Windows 11 by this deadline Microsoft has issued an important update: If you’re using Windows 11, you need to upgrade to version 23H2 before 8th October 2024. After this, older versions will no longer receive essential security updates, putting your systems at risk. Why is this important? Because Microsoft will stop supporting older Windows 11 versions for business accounts. This includes stopping security updates, which are vital for protecting your systems against the latest cyber threats. The latest version includes advanced security features to protect against new threats, making sure your business data remains safe. But updating to Windows 11 version 23H2 brings other benefits beyond security. You’ll also notice performance improvements, making your systems run faster and more efficiently, which is great for productivity. Plus, new tools and features are continually added, helping streamline your workflows and improve overall efficiency. Staying updated ensures compatibility with new software and technologies, maintaining smooth business operations. Delaying the update could leave your business vulnerable to cyber-attacks. Without security updates, your systems will be exposed to potential exploits, risking data breaches and financial loss. Microsoft typically enforces updates post-deadline to keep people safe, especially for business devices not managed by IT departments. While this is helpful, it’s better to update proactively on your own schedule. https://player.vimeo.com/video/993531820? Updating to version 23H2 is straightforward. First, check your current version by going to Settings, then System, and selecting About. Before updating, make sure to back up all your important files to prevent data loss. Navigate to Settings, then Update & Security, and select Windows Update. Click on “Check for updates” and follow the prompts to install version 23H2. Once the update is complete, restart your computer and verify the new version in Settings, System, and About again. Making sure your systems are up to date will keep your business secure and running efficiently. Don’t wait until the last minute… upgrade to Windows 11 version 23H2 now. Keeping businesses protected and productive is our top priority. So, if you need any help with that, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Protect your business from a data leak with Microsoft Edge

Lindy / 8 July 2024

July 8th 2024 By Matthew Phillips Protect your business from a data leak with Microsoft Edge Microsoft Edge for Business has just rolled out new data leak control capabilities. And that could be a good thing for keeping your sensitive info safe. What are data leak control capabilities? In plain English, they help prevent your sensitive information from getting out to the wrong people. Think of it as having an extra lock on your digital doors, making sure only the right people can access your important data. Every business handles sensitive information, whether it’s financial records, client details, or proprietary data. If this information leaks, it could mean big trouble: Financial loss, legal headaches, and a hit to your reputation. This new feature in Microsoft Edge helps keep your data secure by making sure only authorised people can access it. It also stops accidental sharing. Depending on your industry, you may have strict rules about data protection. These new controls can help you stay on the right side of regulations. And let’s not forget your customers. They’re more aware than ever about data privacy. Using a browser with strong data leak controls shows you’re serious about protecting their information, which can boost their trust in your business. Microsoft Edge for Business has added this new feature into an easy-to-use package. You can set policies on how data can be shared – like stopping certain types of data from being copied or emailed to unauthorised recipients. This way, you’re less likely to have accidental leaks. It uses artificial intelligence to spot potential threats and unusual data movements. Edge can alert you to a potential leak before it happens, giving you a chance to act proactively. If you’re already using other Microsoft products like 365 or Microsoft Teams, good news: Edge for Business integrates smoothly with them, letting you apply consistent data protection across all your tools. https://player.vimeo.com/video/968751242 Ready to give it a spin? Here’s what to do: Update your browser: Make sure all your business’s devices are using the latest version of Microsoft Edge for Business. This makes sure you have all the newest features and security updates. Set your policies: Work with your IT support partner to set up data sharing policies that make sense for your business. Microsoft provides guidelines and templates to help you get started. Train your team: Make sure your employees know about the importance of data security and how to use the new features. A quick training session can do the trick. Monitor and adjust: Keep an eye on how things are working and tweak your policies as needed. You want to find a balance that keeps your data secure without disrupting your workflow. Better still, why not get our team to just do this for you. Get in touch. Published with permission from Your Tech Updates.

Uncategorised

Are your employees reporting security issues fast enough… or even at all?

Lindy / 24 June 2024

June 24th 2024 By Matthew Phillips Are your employees reporting security issues fast enough… or even at all? Getting your team to report security issues quickly is something that’s important for your business… but maybe something that might not have crossed your mind before. You might think that with so many security tech tools, you’re covered. But guess what? Your employees are your first line of defence, and they’re irreplaceable when it comes to spotting and reporting security threats. Imagine this: One of your employees receives a fishy-looking email that appears to be from a trusted supplier. It’s a classic phishing attempt (that’s where a cyber criminal sends an email and pretends to be someone else to steal your data). If the employee brushes it off or thinks someone else will handle it, that innocent-looking email could lead to a massive data breach, potentially costing your company big bucks. The truth is, less than 10% of employees report phishing emails to their security teams. That’s shockingly low. Why? Well: They might not realise how important it is They’re scared of getting into trouble if they’re wrong Or they think it’s someone else’s job Plus, if they’ve been shamed for security mistakes before, they’re even less likely to speak up. https://player.vimeo.com/video/958475930 One of the biggest reasons employees don’t report security issues is that they just don’t get it. They might not know what a security threat looks like or why reporting it is crucial. This is where education comes in, but not the boring, jargon-filled kind. Think of cyber security training as an engaging and interactive experience. Use real-life examples and scenarios to show how a small issue can snowball into a major problem if not reported. Simulate phishing attacks and demonstrate the potential fallout. Make it clear that everyone has a vital role in keeping the company safe. When employees understand their actions can prevent a disaster, they’ll be more motivated to report anything suspicious. Even if your employees want to report an issue, a complicated reporting process can stop them in their tracks. Make sure your reporting process is as simple and straightforward as possible. Think easy-access buttons or quick links on your company’s intranet. Make sure everyone knows how to report an issue. Regular reminders and clear instructions can go a long way. And when someone does report something, give them immediate feedback. A simple thank you or acknowledgment can reinforce their behaviour and show them that their efforts matter. It’s all about creating a culture where reporting security issues is seen as a positive action. If employees feel they’ll be judged or punished, they’ll keep quiet. Leaders in your company need to set the tone by being open about their own experiences with reporting issues. When the big boss talks openly about security, it encourages everyone else to do the same. You could even consider appointing security champions within different departments. These are your go-to people for their peers, offering support and making the reporting process less intimidating. Keep security a regular topic of conversation so it stays fresh in everyone’s minds. Also, celebrate the learning opportunities that come from reported incidents. Share success stories where reporting helped avoid a disaster. This not only educates but also motivates your team to keep their eyes open and speak up. By making it easy and rewarding for your employees to report security issues, you’re not just protecting your business; you’re also building a more engaged and proactive workforce. Encourage open communication, continuous learning, and avoid shaming anyone for their mistakes. The faster issues are reported, the easier and cheaper they are to fix, keeping your business secure and thriving. This is something we regularly help businesses with. If we can help you too, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Which ransomware payment option is best? (Hint: none)

Lindy / 26 February 2024

February 26th 2024 By Matthew Phillips Which ransomware payment option is best? (Hint: none) Picture this: Your business gets hit by a ransomware attack, and your valuable data is locked away by cyber criminals demanding a huge ransom fee. You can’t afford to pay it. But there’s a twist – just like those “buy now, pay later” schemes, some ransomware gangs are offering victims payment extension options. Recent research reveals that ransomware groups are getting creative with their extortion strategies. One group is even offering victims various choices when it comes to their ransom demands. These “choices” include: Paying to delay the publication of their stolen data, with a standard fee of $10,000… or paying to have their stolen data deleted before it’s made public. The exact amounts charged are often negotiated with victims, adding a chilling dimension to the whole ordeal. To increase the pressure on victims, these ransomware groups have added some terrifying features to their web sites. These include countdown timers displaying how much time businesses have before their data is released, view counters, and even tags revealing the victim’s identity and description. https://player.vimeo.com/video/912315206 It’s all designed to make victims feel cornered and more likely to give in to the demands. You might be tempted to pay that ransom to protect your business data. Not so fast. Paying is always a bad idea and here’s why… Paying doesn’t guarantee that you’ll get your data back or that the cyber criminals won’t demand more money later. By paying, you’re essentially funding criminal activities, encouraging them to continue their attacks on others. Paying a ransom might even get you into legal trouble, as some governments have made it illegal to pay cyber criminals. So, what can you do to safeguard your business from falling victim to ransomware? Ensure you have regular, secure backups of your data. This way, you won’t be at the mercy of cyber criminals. Educate your staff about the risks of ransomware and train them to recognise phishing emails and suspicious links. Invest in robust cyber security software and keep it up to date. Keep your systems and software updated with the latest security patches. Segment your network to limit the spread of ransomware if one device gets infected. Develop a clear incident response plan, so you know exactly what to do if you’re ever hit by a ransomware attack. Paying cyber criminals rarely makes things better, and we’re seeing businesses that do pay become targets time and time again. Instead, invest in the proactive measures above to help you stay secure. And if we can help you with that, get in touch. Published with permission from Your Tech Updates.

Uncategorised

Don’t think your business is a target? Think again

Lindy / 12 February 2024

February 12th 2024 By Matthew Phillips Don’t think your business is a target? Think again You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that’s where the big bucks are, right? Think again. Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from independent shops to global enterprises. And they’re doing it with the help of something called “botnets.” You may have heard about the rise of malicious botnets, and you’re probably wondering, “what on earth is a botnet, and why should I care?” Botnets are the secret weapons of cyber criminals. They’re armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart fridge. Yes, even your fridge can be turned into a cyber weapon. A new report observed “massive spikes” in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that’s a hundred times the usual levels of botnet activity. https://player.vimeo.com/video/907530131 Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That’s a lot of compromised devices. And it didn’t stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on the 5th and 6th of January there were spikes of more than a million devices! Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems. Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific “ports” that serve as entry points. What can you do to protect yourself from these cyber threats? It’s all about strengthening those doors and windows. Here are a few simple steps: Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities. Install a good firewall and reliable antivirus software to protect your devices. Educate your employees about cyber security best practices, such as avoiding suspicious links and emails. Enforce strong, unique passwords for all your accounts and devices. Regularly back up your data to prevent loss in case of a cyber attack. Keep an eye on your network for any unusual activity. Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures. If we can help you keep your business better protected, get in touch. Published with permission from Your Tech Updates.