Working Remotely: How To Stay Safe Online

With the majority of the world in the same predicament, most of the UK workforce are finding themselves working from home for the first time.

 

Working from home can bring a set of new challenges and risks, so it’s vital to maintain safety precautions while working online.

 

Statistics have shown that instances of cybercrime may have increased as much as 300% since the beginning of the COVID-19 pandemic, so It’s important to keep you and your business secure during this time.

 

It can be easy to become complacent, so make sure you’re following our 9 tips to stay safe and protect your information online.

 

  1. Restrict admin access to files and sensitive information

 

Research has found that 53% of companies had over 1,000 sensitive files open to every employee. If that isn’t worrying enough, it was also reported that, on average, every employee had access to 17 million files.

 

Assess whether it’s necessary for all employees to have access to sensitive files. It’s easy to limit access to particular documents and then grant limited access for however long is needed.

 

This limits the risk of sensitive information being breached and is generally just good security practice for your business.

 

 

  1. Don’t re-use passwords

 

It’s advice I’m sure we’ve all heard a hundred times, but using the same password across multiple accounts makes you a prime target for hackers.

 

Use a unique password that is strong and avoid repeating it across accounts.

 

If remembering them is an issue, don’t write them down!

 

Consider using a password manager to keep track of your details in a secure and safe way.

 

 

  1. Use a VPN

 

If you have to use public wifi or are using wifi that may not be secure, consider using a VPN (a virtual private network).

 

A VPN will protect you, your device and your information by masking your IP address.

 

VPN services also establish secure and encrypted connections.

 

For more information about the benefits of a VPN, here’s a great article from Norton.

 

 

  1. Log out of all sessions

 

One of the key ways to keep your accounts secure is to monitor who has access to them.

 

By logging out of all your sessions, you can get a quick visual of who has access to what.

 

In most settings, whether it be an email or social media account, there is an option to sign-out of all the places the account is signed-in. This can help ensure that no one is logged in that shouldn’t be.

 

Most platforms also support the option to get an email alert whenever there is a new login, making it easy to spot and act fast upon any suspicious activity.

 

We also highly recommended that you set up two-factor authentication for as many accounts as you can, in order to provide an extra deterrent for any unauthorised user attempting to access your account.

 

 

  1. Protect devices with an antivirus solution

 

Antivirus software is an absolute essential for any machine, both for personal and professional use.

 

Not only will you be protected against attacks and malware, but most antivirus software will also help you get the most out of your computer. Scans can help identify areas that may be causing your machine to lag, and with a quick removal, the performance of your machine should improve.

 

Most desktops come with antivirus software preinstalled, but there are plenty available.

The supplier of your machines should provide you with advice for your specific systems, however, if you’d like further advice you can contact us and we’ll be happy to help.

 

 

  1. Update programs and operating systems

 

It’s just as important to keep your systems up to date as it is to have them in the first place.

 

Make sure your machine is updated regularly to avoid becoming at risk.

 

Updates are there for a reason, and most of the time they’re updated to ensure you’re protected.

 

 

  1. Stay vigilant

 

Even with all the above processes in place, staying vigilant is still one of the most important aspects of staying safe online.

 

It’s been found that 48% of malicious email attachments are office files and approximately 1 in 13 web requests leads to malware.

 

Practise caution over any links sent, even within your own company,

 

Be aware of risks both online and offline. If you’ve taken your computer home, it might be worth checking whether it’s protected by your content insurance and keep any sensitive documents securely stowed away.

 

 

  1. Back-up regularly

 

One of the risks of moving to a different environment is the change in back-up regularity.

 

It’s important to frequently back up your machine to reduce the risk of losing files should anything go wrong.

 

Be wary of keeping backups on USBs and hard drives. If you are storing physical backups, keep them in a secure place.

 

 

  1. Outsource your IT services

 

If you’re struggling to manage it might be time to consider outsourcing your IT services. At CCCit we offer IT support and services in Bristol and Bath. We offer a wide range of support packages, with a focus on IT support for small businesses too.

 

With a 24/7 help desk, you’ll never be left out of the loop.

 

If you’d like to discuss your options or you’re just seeking friendly advice, please contact us via our online form or call us today.

 

 

For further government advice on staying safe online while working from home, we recommend this useful guide from the National Cyber Security Centre.

 

How to secure your business from a cyber attack

Cybersecurity is a huge talking point for 2020. Taking measures to protect businesses from cyberattacks is as a top priority for businesses, as the true cost of risk rises.

 

A security breach can have irreparable costs concerning damaged reputation and the financial consequences of unplanned support and downtime. This report from the cyber insurance firm, Gallagher, suggests the average cyberattack costs nearly £6,500 to deal with.

 

Research has shown that only 5% of companies’ folders are properly protected, and with small businesses making up 43% of breach victims, it’s not worth the risk of leaving your business unprotected.

 

Could your business survive a cyberattack – do you really want to wait to find out?

 

It’s becoming more important to ensure the correct procedures are in place – but despite this, many businesses are still not practising good security behaviour.

 

Even the simplest of changes could make a difference in your businesses’ safety. It doesn’t have to be complicated. And if it seems unattainable, at CCCit we can offer you advice and services to help keep your systems secure.

 

Some of the biggest risks are:

 

  • Password sharing/repeating
  • Visiting unsecured websites
  • Sharing sensitive information via email
  • Phishing emails (94% of malware was delivered by email)
  • Lack of training
  • Not encrypting sensitive data
  • No recovery plan in place

 

The best approaches would be to create a focused and security-aware workplace culture. By ensuring each individual keeps good security practise, the business will benefit as a whole. After all, it only takes one mistake for your security to be compromised.

 

What you need:

 

  • Robust firewall and anti-malware software
  • Two-factor authentication enabled across channels
  • Strong passwords that aren’t repeated
  • Improved awareness of risks
  • Be vigilant over security access alerts
  • Restricted editing/admin rights

 

One of the most common issues, mentioned above is the lack of regarding admin rights. Not everyone needs the highest level of access. Consider who has access and for how long they need that access. If an employee has left, or a project has finished, it’s time to go back and restrict access when it’s no longer needed – whether that’s access to documents, folders, websites or social media platforms.

 

If you’re not sure where to begin, there are plenty of resources available online that’ll help improve the cybersecurity awareness of your team.

 

Here are a few short quizzes to test your cybersecurity knowledge:

 

  • Can you tell when you’re being phished? Take this phishing quiz from Google.
  • How good is your security awareness? Find out with this quick quiz from IT Security Awareness.

 

What next?

 

As one of Bristol’s leading providers of IT services and support, if you’re looking to secure and protect your business from cyberattacks, we offer a wide range of services from data backup to recovery plans. Take a look at our services pages or contact us now to get advice and a free, no-obligation assessment from one of our experts.

 

Call us today on 0117 370 0050 to speak to one of our experts.

Does my business need a data recovery plan?

Despite how vital data recovery plans are, it’s no secret that they’re rarely a top priority for small businesses. Recent statistics have shown that 93% of companies without disaster recovery plans who suffer a major data disaster are out of business within one year. If you’ve never heard of a recovery plan, we’ll explain why they’re vital to your company and exactly how to put one in place.

 

If you’re not sure if a data recovery plan is right for you, there’s one question you need to ask; could your business survive a catastrophic loss of data? If the answer is no, it’s time to start seriously considering the implementation of one in your security plans.

 

What is a data recovery plan?

 

A data recovery plan is a structured step-by-step action guide to responding to unplanned incidents. The plan is created to ensure responses to incidents are as effective and efficient as they can be.

 

Do I really need disaster recovery?

 

A recovery plan will protect the important, and often sensitive, data on your computer system. Computers are vulnerable to theft, damage, cyber attacks and viruses, leaving your databases, financial documents, emails, documents and much more at risk. Ensure they stay safe in a moment of crisis with a thorough recovery plan.

 

The key benefits

 

  • Cost-efficiency
  • Testing responses for a variety of potential situations
  • Greater customer retention
  • Eliminate the loss of important data
  • We safeguard your information through encryption
  • Protect your company’s reputation
  • Control and customisation your recovery plan
  • Proactive, daily monitoring

 

A disaster can occur for a number of reasons such as a data breach, hard-drive failure or cyberattack. By implementing a good plan, you can significantly decrease downtime and can ultimately save you money, (as described in our IT support for SME’s blog).

 

What next?

If you’ve decided that you can’t risk not having a recovery plan in place, a recovery plan is included in most comprehensive IT support contracts. If you’d like to know more call us today on 0117 370 0050 to discuss your options or complete our contact form.

 

We offer different levels of IT support to suit your needs – visit our services page to find out which of our support packages are right for you, or read our blog on the benefits of remote IT support.

 

 

8 Benefits of Remote IT Support

Present-day businesses rely on technology more than ever to keep day-to-day operations intact.  As a result, IT issues need to be addressed swiftly to minimise the impact on businesses. Which is exactly why businesses are turning to remote IT support.

 

Remote support gives you all the benefits of having your own in-house IT team without any of the business burdens.

 

Our remote IT support gives customers access to an account manager and engineer, as well as our highly trained help desk team—helping us quickly fix and update your systems without needing to visit you on-site (in 90% of cases).

 

Remote security sounds great, right? But what are the real benefits?

 

1. Improved productivity

Remote IT support can help improve your productivity and operational efficiency as you reduce (or eradicate) downtime. You’ll be able to spend less time trying to manage issues. Handing over the responsibilities to someone that you can’t see in your office can sound daunting, but our remote engineers are only a phone-call or email away. With our Remote Plus Monitoring support package, over 90% of our support queries are fixed remotely by our IT support help desk, without the need for an on-site visit by one of our engineers. This lets you reclaim time wasted on IT issues, so you can focus on your driving your business towards its goals, with minimal interference.

 

2. Available after-hours

One of the biggest shared fears of businesses is that an IT issue will arise while the person responsible is out-of-office, issues with your website, data loss or crashed servers could leave potential customers (or even your own staff) in limbo as it’s left unresolved. Most remote services offer full-time cover so there’s no need to worry about issues cropping up while you’re away. Our 24/7 service desk prevents inconvenient downtime and allows for constant monitoring of your system—giving you peace of mind with the knowledge that technical issues will be handled in a way that saves valuable time and improves business productivity.

 

3. Access to IT professionals

Get a fast response from our team of experts. At CCCit our team have years of experience. Once you have access to these sources of expertise in IT, you’ll never have to Google an issue again.

 

4. Proactive management

A huge benefit of having remote IT support is the proactive management that can preemptively solve issues before they even arise. With this approach we don’t wait for problems to surface, we work towards preventing any potential conflict in the first place.

 

5. Cost efficiency

Outages and downtime can result in loss of time and money, as well as priceless damage to your reputation, which is why IT support can be such a valuable asset for any small to medium-sized businesses. With predictable monthly fees, it can be up to 70% cheaper to outsource.

 

6. Regular maintenance and optimisation

If your systems aren’t regularly updated they can become more susceptible to issues that slow you down. On the other hand, maintenance can be counterproductive, especially if it prevents you from working. We work with you to schedule maintenance that creates minimal disturbance. Our maintenance and optimisation can work to support your growth.

 

At CCCit we value scalability, we understand that companies are constantly evolving, so we give suggestions for you in line with new updates. We’ll analyse how your processes can be improved in order to optimise performance and reach your business goals. All our solutions are tailored to your business.

 

7. Reduced pressure on IT departments

It’s a common misconception that you don’t need to outsource IT support if you have an IT department. In reality, the two can work effectively together. We can help reduce the amount of maintenance and upkeep that’s keeping your in-house IT staff from other tasks.

 

8. Reduced risk & disaster recovery

Remote support can ensure protection from data loss with remote back-ups and all our staff are well equipped to deal with such situations. Our data recovery and disaster recovery plans, allow us to minimise damage if any emergencies take place. Data corruption can happen, don’t let it affect your business.

 

Whether you’re looking for a fully supported network, or just need occasional IT support, at CCCit we have a selection of IT support packages designed to fit your needs.

Contact us today if you’d like to know more!

 

Important information which affects some HP devices

We’ve received information from the manufacturer, HP, that some HP devices that have we have sold may be unsafe for use due to potential risk of overheating and fire.

Note: Not all batteries in all HP ProBook 64x, HP ProBook 65x, HP ProBook 4xx, HP x360 310 G2, HP ENVY, HP Pavilion x360, HP 11 notebooks, HP Thin Clients, and HP Zbook mobile workstations are affected by this recall.  If you believe that a device you are using may be affected please follow the link below and download the HP Battery Program Validation Utility.

More details on which units are affected and what you should do can be found in the following notification:

https://batteryprogram687.ext.hp.com/en-GB/Home/ProgramSummary

Please feel free to contact us if you would like any help with this information or are unsure of anything mentioned here. We’re sorry for the inconvenience caused and hope to see you again soon.
Kind regards,

CCCit Team

Service Announcement – KRACK Wi-Fi security weakness

We wanted to notify our clients about a recent hack that has been discovered that affects all Wi-Fi networks. This includes Wi-Fi networks that we manage, however we have taken every necessary step to resolve this issue by patching computers and installing firmware updates where available.

KRACK is an attack that currently threatens all Wi-Fi networks protected using the Wi-Fi Protected Access II (WPA2) security protocol. In full, KRACK means Key Re-installation AttaCK. KRACK Wi-Fi security weakness is a result of a network vulnerability that makes it possible for a hacker to break into a WPA2 protected network, inject, manipulate and steal data such as photos, passwords and chat messages. It is a vulnerability that exists on almost every platform including Apple, Windows, Android, Linux and OpenBSD.

Scary as it may sound, there are several factors that downplay the risk posed by KRACK.
First, the attack must be executed within the range of the wireless signal as opposed to being done remotely. An attacker would need to be between an access point and your device. This makes it relatively easier to deal with the attack, since work areas can be protected using advanced technology such as motion sensor cameras to detect the presence of people in restricted areas and fingerprint access to keep out unauthorized personnel.

Second, sensitive information such as financial data or emails that malicious people are usually after is normally already protected using Secure Sockets Layer (SSL). WPA2 only adds an additional layer of protection. As such, should such data get into the wrong hands, it would still be protected by an end-to-end encryption that is practically impossible to defeat.

To add a layer of protection to data, it is advisable to surf the internet using browsers with security add-ons such as HTTPS Everywhere. Such add-ons force connections to protect your data through encryption whether such encryption is the default for the website or not. So far, there has been no reported breach traced to this vulnerability. Wi-Fi Alliance chose to report this vulnerability merely to inform Wi-Fi users and also to encourage them to patch their systems as soon as updates were available. These updates are backed up by the fact that so far, new versions of Apple and Windows operating systems have not appeared to been vulnerable to this attack. However, experts say there is a very slim chance that in very specific circumstances, KRACK may be successful in penetration attempts.

Although many people enjoy the convenience a Wi-Fi network offers, we would not recommend using any form of Wi-Fi on a secure corporate network. Wi-Fi should only be enabled on separated networks giving access to the internet but not files and folders on the network. Here at CCCit we take network security very seriously and always endeavor to keep up to date with any changes or important information released about products and services we manage and support. If you have any questions regarding the information provided here please feel free to contact us. If you think the information here will be of benefit to someone you know please share it.

Kind regards,

CCCit Team

Service Announcement – Email scammers warning

Scam Warning

Here at CCCit we have been made aware of a number of businesses that have fallen for an email spoofing scam which could end up costing them a tremendous amount of money.

Scammers are doing their research and are finding out the key decision makers within a business. This includes finding out who the owners, managing directors and staff working in the finance/accounts departments are. When they know this information they spoof the email address of an owner or director to impersonate them, an email is then sent to key finance resources asking to transfer potentially thousands of pounds into a bank account owned by the scammers themselves.

As emails look to be coming from legitimate email addresses belonging to owners or directors of the business many people have been fooled and this, in turn, has left them considerably out of pocket. Companies caught out by this type of scam will find it tremendously difficult to recover the lost funds as many banks will have very little sympathy.

What is spoofing an email?

Spoofing an email is as simple as sending an email with a forged or fake sender address. This address might be owner@yourcompany.co.uk however when you respond, the reply address will belong to the scammer e.g. scammer@scamaddress.co.uk
Spoofing an email is a comparatively simple thing to do, as the main protocols that email use had originally been developed to be open and basic with only a small number of people enable the more advanced security features.

Protecting your business

Due to the nature of spoofed emails, even with the correct security features in place it can still be very difficult to prevent a scammer from setting up an email to look like it has come from an owner or managing director. Some technical prevention methods have been set-out below although one of the most important prevention methods is staff awareness training and implementing processes that limit the risk.

Staff training – It is important for staff to recognize a fake email or invoices and what to do if they receive one. It is essential to make your accounts payable personnel aware of possible scams and train them to follow policies on purchasing and processing of payments. These processes should be documented and available to all employees.

Obvious Indicators of fraud:

– An incorrect domain name used to send emails, invoices and fund transfers. Hovering over the email address may reveal the originator’s email address if different from that displayed.

– The delivery address is not a company address.

– Poorly written email with grammatical errors.

– Use of a false or unknown contact from the company. If requests for quotations, invoices, purchase orders or fund transfers are received from a new company contact or account that raises your suspicion then please contact the person directly to verify the validity of the request. Do not contact the name/number used on the email/invoice/purchase order.

– Phone numbers not associated with the Business.

– Unusually large amounts are requested.

Purchase Order Process – It is a good policy to implement a purchase order process which requires a purchase order for all payments made using company money. Most popular accounting software will include the ability to create purchase orders or incorporate a purchase order system to make sure any payments or transfers are correctly authorised and properly recorded. These authorisation systems do not rely on email making it extremely difficult for a fraudster to replicate and it will make spotting a genuine fund transfer much easier.
Some popular cloud based accounting software that support purchase orders are Xero and QuickBooks Online.

SPF and DKIM Email Vailidation – Authentication is a way to prove an email is not fake. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are both ways to implement email validation systems which detect email spoofing. SPF achieves this by allowing your email server to check the emails you receive are coming from a host that is authorised to send from that domain. When you receive an email that is not from an authorised server but seeming to appear to come from that servers sending domain, it will either be marked as SPAM or not delivered.
DKIM and DomainKeys embed information in the email, which makes it harder to copy (but they can also be more difficult to implement for senders and receivers).
Some scam emails you receive may not come from your companies exact domain name. For example, they may seem to come from someone within the business using a personal or slight variation on the company email not protected by SPF or DomainKeys. As there are many variations on the kind of emails you may receive the steps above should not be the only precautions taken and implementing these methods would be considered as an added security measure.

Protect yourself using services from CCCit

CCCit implementing SPF across domains and email servers we manage is something we carry out as standard. In some cases, we also recommend implementing DKIM along with SFP. Enabling spam filters as well as managing anti-virus and patching across a network are also very important in reducing the risk of being a victim of a scam, CCCit implement and manage all these areas for our support customers. We can also provide help in getting you setup using a secure online purchase order system allowing you to safely and reliably validate all purchases and transfers of company funds.

To find out more about please contact CCCit on 0117 3700 050 or send an email.

Review’s Google Search Placing Results In A Fine

A judge in France has decided to rule against Caroline Doudet, a French blogger whose negative restaurant review was reported due to being “too prominent” in it’s Google search ranking. The judge’s order was that the title of the blog post had to be changed and Ms Doudet had to pay damages to the owners of the restaurant.
The decision was incredibly controversial due to the fact that it’s suggesting a high search ranking is a crime. Many people have questioned the validity of the order, and bloggers across the globe have spoken out in anger.
The claim put forward by the owners said that the strong prominence of the article was an unfair harm to their business, seeing as it portrayed them in a negative light and cost them valued customers.
The blog post that was made by Ms Doudet was called “The Place To Avoid in Cap-Ferret”, followed by the name of the restaurant, II Giardino. It’s located in southwestern France’s Aquitaine region.
The court’s documents stated that the review had featured 4th in the results when you searched for the name of the restaurant. The decision that the judge came to was that the title had to be altered, so the “place to avoid” was not as prominent in the results of a search.
The harm put forward on the restaurant was pointed out by the judge sitting in Bordeaux, who said that it was exacerbated by the blogger’s 3,000 followers on her literature and fashion blog. A famous blogger from Bristol has spoken out in outrage to his 5000+/- followers on Twitter.
Her article, which has now been removed, stated that there was a generally poor service and negative attitude on behalf of the restaurant’s owner when she visited the shop in August 2013. The owner found the entire article to be an issue, but the judge decided to just rule that the title be changed and a fine was sent to Ms Doudet.