Date:

Author

Category: Ransomware, IT News, IT Security, Latest.

We all know that ransomware and phishing are huge challenges facing all businesses during normal times, but just to kick us when we’re down, there are scammers out there targeting our businesses on the back of the coronavirus whilst we are all extra vulnerable.

Remember, SMEs are the victims of 43% of all data security breaches, with some forced to close as a result of a ransomware attack. The loss of core IT infrastructure, essential data and business confidence forces clients to go elsewhere, and never has utilising that infrastructure, to keep business going, been more important.

I expect we’ll start to see companies approached by criminals to exploit the uncertainties and panic they’re feeling over their cashflow stopping and their struggle to keep their businesses going.

Businesses are desperate for detail, what will happen, when, what money they’ll get and how. So, any information will be jumped on and business owners everywhere may not think to stop and check it’s a legitimate source. One unconsidered click and you could be subject to a ransomware attack, corrupting all your data on top of all the other challenges.

That being the case it’s far better to take sensible cybersecurity measures to prevent a ransomware attack from succeeding in the first place. The Government’s National Cyber Security Centre provides great online advice to protect businesses from cybercrime.  So, rather than frightening ourselves instead, let’s focus on what we can do to protect ourselves and our teams.

  1. Ignore online offers for vaccinations and home test kits. There are currently no vaccines, pills or over-the-counter products available to treat or cure coronavirus disease 2019 (COVID-19) — online or in stores
  2. Watch out for emails with attachments claiming to provide CV19-related information. For the most up-to-date information about the coronavirus pandemic, visit https://www.gov.uk/coronavirus. Other useful sites include and the World Health Organisation or WHO (https://www.who.int/) and Centres for Disease Control and Prevention or CDC (https://www.cdc.gov/)
  3. Watch out for texts and emails claiming to be HMRC, UK Government, or other official organisations; asking for bank details so that money can be transferred directly into your bank account or asking for a payment (e.g. an “admin fee”) in order to hand over a much larger amount of money. The details are still being worked out.  Anyone who tells you they can get you the money now is a scammer. Valid information can be found at:
  1. Never click on a link or an attachment unless you’re certain that it’s safe. This is exactly what the criminal is trying to get you to do, so be absolutely,100% sure that it’s genuine. If this takes some investigation such as a phone call to the sender, it’s well worth it
  2. Add Multi-Factor Authentication (MFA) which will add an extra secure layer to your email account on top of usernames and passwords and makes it almost impossible for hackers to intercept.

And most importantly, share this information immediately with all your staff so they are all vigilant and don’t inadvertently create an additional major challenge for your business.

If you’d like our help to improve your defences against cybercrime or any other aspect of IT or telephony support, call us NOW on 03300 886116 or email info@pcsupportgroup.com

 

Phil Bird

Managing Director, The PC Support Group

Date:

Author

Category: IT Security, IT Support.

The Fourth Industrial Revolution is providing a world of opportunities for UK manufacturing and engineering (M&E) businesses. In particular, the increased use of automation and computer-controlled manufacturing techniques means that IT systems have evolved to become a mission-critical part of all M&E businesses.

Despite economic and political turbulence, UK M&E businesses are investing in the future, contributing almost 70% of total UK spend on research and development and maintaining our reputation as a global centre of manufacturing and engineering excellence.

But it’s never been more important for M&E businesses facing unique security challenges to protect themselves, their people, their intellectual property and other trade secrets from cybercriminals. Manufacturers with large, dispersed operations, MES systems, ERP software, hand-held RFID devices, and collaboration tools that lack security features, are vulnerable to hackers looking to extort businesses owning valuable brands, inventions or designs.

Research by Make UK, formerly EEF, shows that some firms are largely unaware of the threat and lack basic security measures. Its 2019 statistics show that 65% of its members had been attacked, with 27% suffering financial or other losses, while 33% do not train staff in even basic cybersecurity.

The most effective cybersecurity systems have multiple layers of protection – and a key defence as part of that mix that I believe is essential for all manufacturing and engineering businesses is Multi-Factor Authentication (MFA). When you log in to your online bank, enter your email or username and password, you’re then asked for another code – that’s MFA. It adds an extra security layer, or ‘factor’, on top of usernames and passwords which, as we know, are often not strong enough.

MFA provides a unique, time-limited code via a hand-held device, such as PINsentry from Barclays, that’s almost impossible for hackers to intercept. Even if the criminal has a stolen email address, username, and password, MFA keeps data safe.  Here’s a quick checklist to get you started on MFA:

  • If you haven’t already, make a list of everything you and your business accesses using an email address, username, and password
  • Identify those systems or services that are cloud or web-based – as they are the ones most at risk of being hacked
  • Check with the providers of these systems and services (or ask your IT support company) to see if MFA can be applied – and then do so immediately
  • For those not MFA-enabled, review your current username and password policies, make sure they are securely stored, limit access to them and make them as strong as possible.

We would strongly recommend the Government-backed Cyber Essentials accreditation scheme for all M&E businesses. Cyber Essentials provides advice and guidance on security processes and measures that your business needs to keep your infrastructure safe from attacks. Cyber Essentials accreditation demonstrates achievement of a respected cybersecurity quality standard, providing peace of mind as well as adding weight and value to your offer.

If your current provider hasn’t mentioned MFA to you yet, then you should be a bit worried about that! We regard this kind of advice and guidance as part and parcel of our proactive support service that keeps our clients’ businesses as safe as possible and delivers reliable, smoothly-running IT.

If you’d like to find about more about MFA, or how we can help you with cybersecurity more generally, you can either leave us a message here, email them on info@pcsupportgroup.com or speak to our friendly team on 03300 886116 or for an informal and confidential chat.

www.pcsupportgroup.com

For businesses who have chosen cloud-based data hosting services, there’s a temptation to relax and think “great, we’re paying someone else to take care of our data, we don’t need to worry about it anymore.”

Of course, using cloud-based services can deliver major benefits for businesses. But it’s vital to remember that all the data you have “in the cloud” is still stored in a physical data centre somewhere in the world, managed by your cloud service provider.

So, good data security practice means that it’s essential to have exactly the same knowledge about how and where your data is being handled “in the cloud”, just as if it was sitting on a server in your office!

Unfortunately, worrying research results published recently by leading hosting provider TeleData UK reveals that large numbers of firms are lacking this very basic information:

  • 42% don’t know the location of the data centre their provider is using
  • 25% don’t even know if it’s in the UK
  • 33% don’t know if the data centre is ISO compliant.

That’s alarming enough, but the standout statistic for me is that 43% of businesses don’t know whether the data centre they are using has a failover to a secondary location should an outage occur.

Let’s just think about the size of the huge risk that those businesses are taking. One day, everything’s rosy in the garden, customers are happy and business is booming – then bang! Suddenly they can’t access their data. They don’t know where their data is, they don’t know how long they might be without it – or if they’re ever going to be able to access it ever again!

Committing to a cloud service provider requires detailed due diligence and fact-checking to confirm the service is fit for purpose, that all risks and eventualities have been considered and minimised, and that all GDPR and ISO compliance requirements have been met.

I bet those businesses who don’t know where their data is stored, know every dot and comma about their alarm system – which company supports them, where they are based, how long it will take them to get to the office in the event of a problem. Yet many seem to know far less about their data, their most valuable asset.

At The PC Support Group, we specialise in Microsoft Office 365 because from our long experience we believe it’s the best – and a major advantage is its transparency – you can sign in (or your IT support provider can) and find out everything you need to know about the data centre where your data is stored. That’s hugely reassuring in my opinion.

If you have any concerns about how your data is being stored and handled or would like an  informal chat about how we can help provide peace of mind or improve your data security arrangements, call us NOW on 03300 886 116 or email info@pcsupportgroup.com

Phil Bird

Managing Director, The PC Support Group

Date:

Author

Category: Data Backup, IT News, IT Security.

Whenever I’m thinking about the topic for my next bulletin, my first port of call is always our support team. These are the folks who spend their days guiding our clients, resolving issues, fixing problems – so they know better than anyone what’s going on.

Maintaining a robust backup is hard work, it’s important to not only build the correct solution for your business and trust your IT support provider to look after it, but to also maintain a sense of urgency as a business owner to ensure you’re doing everything you can to keep data backup and recovery front of mind.  Therefore, today I’m returning to the topic of backing up your data.  So, why is backing up your data absolutely essential for your business?

  • Without it you risk losing your most priceless asset – the information you hold about your customers, your products and services, your finances and your people
  • Loss of just some of this information, for long enough, will sink your business
  • Back up is an important element of GDPR – and serious breaches can result in severe financial penalties
  • By backing up, if a disaster happens – a cyberattack, a fire, flood or break-in at your premises – there’s a good chance you can recover, repair the damage and go again.

I could go on, but I know you know this stuff already!  Regular data backup – ideally on a daily basis – is absolutely central to business continuity and it needs to be regarded with the same importance as activating your alarm system when you leave the office.  If you are unsure about your backup arrangements – whether they’re fit for purpose, or whether it’s happening at all, now is the time for action.  Start by asking yourself:

  • Do you know exactly what data you hold – about your customers, your employees, your business, your suppliers, your finances, your products, and services?
  • How and where is it stored, and how is it secured?
  • Do you back it up, how, where to and how often?
  • What would happen if you suddenly lost access to your live data and onsite backups?
  • How long would it be before this became a serious issue – minutes, hours, days?
  • How often do you review your backup arrangements?

Another key consideration is the choice between onsite or offsite backup arrangements. For me, that’s an easy one. Onsite backup can be just as vulnerable as your live systems. That’s because once criminals have access to your onsite network they may also get access to your onsite backups. The answer is a secure and managed offsite backup solution.

And remember, as your business develops, so will your data backup requirements. So it’s essential to periodically review your backup arrangements to make sure they reflect the needs of your business today – and as far into the future as you can realistically predict. Even if you’re happy with your backup processes, it’s a great idea to schedule regular reviews for peace of mind. For an informal chat about how you back up your data and how we can help, call us on 03300 886116 or email info@pcsupportgroup.com

Phil Bird

Managing Director, The PC Support Group

Date:

Author

Category: IT News, IT Security, IT Support, Latest, News.

The latest Netwrix IT Trends report has been published which outlines the top IT priorities for organisations in 2020; in which over 1000 IT professionals took part.

“74% of organisations name data security as the dominant priority for 2020.”

Given the rising number of breaches and the shortage of cybersecurity experts, it is no surprise that data security was seen as the highest priority.

The top IT priorities highlighted in the global survey included:

  • Maintaining data security                                                             74%
  • Automating manual tasks                                                             70%
  • Digital transformations                                                 57%
  • Cloud migrations                                                             52%
  • Increasing cybersecurity awareness among employees             39%
  • Adhering to compliance standards                         39%
  • Integrate existing solutions                         35%
  • Educate/train IT staff                         30%
  • Employ additional IT talent                         22%

To read the survey in full, visit netwrix.com

Date:

Author

Category: IT Security, IT Support.

The New Year’s Eve ransomware attack on foreign currency firm Travelex was a stark reminder of just how vulnerable today’s businesses are to determined cybercriminals.

Even a successful global enterprise like Travelex, with 1,200 branches in 70 countries, can have its IT systems hijacked and its online services brought to a total standstill. The gang threatened to publish huge quantities of clients’ personal data – social security numbers, dates of birth and payment card information – unless it received a $6 million payment.

Frightening stuff. But what’s almost more frightening is that hackers aren’t just targeting big international businesses, they’re just as likely to attack your business – and mine!

And while Travelex has the scale and resources to fight back and recover, most SMEs do not. Remember, SMEs are the victims of 43% of all data security breaches, with some forced to close as a result of a ransomware attack. The loss of core IT infrastructure, essential data and business confidence forces clients to go elsewhere – never to return.

What is ransomware?

There are two types, usually delivered through a phishing attack. The first type encrypts the files on a computer or network. The second type locks a user’s screen. Both types require users to make a payment – the ‘ransom’ – to be able to use the computer normally again.

However, there’s no guarantee that the key or password, to ‘unlock’ the computer, will be provided once the ransom has been paid. In fact, you should assume that making a payment is a fruitless exercise and plan your business continuity on that basis.

That being the case it’s far better to take sensible cybersecurity measures to prevent a ransomware attack from succeeding in the first place. The Government’s National Cyber Security Centre provides great online advice to protect businesses from cybercrime but my advice would be to ensure that you’re covering the basics, which, for me, includes:

  • Regular security surveys and testing – to identify and manage vulnerabilities
  • Internet firewall protection
  • Managed antivirus services – ensuring your protection is always working correctly and up-to-date. Out of date or failing AV software is as good as no AV protection
  • Multi-Factor Authentication (MFA) – in addition to usernames and passwords when logging in to web-based systems
  • Data encryption – keeping data safe if your computer or smartphone is lost or stolen
  • Always updating software – because hackers target older systems first
  • Employee training on safe working – for example how to identify a phishing attack
  • Controlling how employees interact with the internet – to minimise browsing risks.

Although, of course, prevention is far better than cure, we can also help you to recover in the event of a successful attack, by, for example, ensuring you have robust back-up procedures in place.   For an informal chat about your approach to cybersecurity and how we can help, call us on 03300 886116 or email info@pcsupportgroup.com

Phil Bird

Managing Director, The PC Support Group

Date:

Author

Category: IT News, IT Security, Latest, News.

UK travel money firm Travelex is still offline more than 5 days after a cyberattack.

The foreign-currency seller has been working on the issue since the software virus attack on New Year’s Eve.

“We regret having to suspend some of our services in order to contain the virus and protect data,” Travelex boss Tony D’Souza said.

The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.

Travelex has a presence in more than 70 countries and has over 1,200 branches and 1,000 ATMs worldwide, with exchange machines a common sight at airports, and customers can also use a smartphone app.

It has affected Sainsbury’s Bank, Barclays, and HSBC amongst others which all use the Travelex platform.

For more information about how to protect your business, please download our free cybercrime bulletin here

Date:

Author

Category: IT News, IT Security, Latest, News.

As of January 2020, Windows Server 2008 and Microsoft Exchange 2010 have both officially reached end of support. So, if you’re still using either of them, you’re issuing an open invitation to cybercriminals.

Whilst the systems will continue to work, Microsoft will no longer support them through security patches, upgrades or customer support; which means that your software will no longer receive updates to protect against viruses, malware or other cyberattacks.

If security is important to your business or you are required to maintain a cybersecurity accreditation standard such as Cyber Essentials, then it’s vital that you address this issue as soon as possible as not doing so will fail most security audits and accreditation standards.

So, what should you do? There are several options including migrating to Microsoft Office 365 or upgrading to a later version of Windows Server, depending on your requirements.

To ensure you protect your data from today, contact us NOW and we can discuss which is the best option for your business.   Email us on info@pcsupportgroup.com  and mention Windows Server 2008 or call our friendly team on 03300 886 116.

 

 

Date:

Author

Category: Windows 7, Windows 10, IT News, IT Security, Latest, News.

Make sure you make this year a Happy New Year by not missing the imminent Windows 7 deadline. 

At The PC Support Group, we have kept our clients up-to-date with the approaching deadline, January 14th when Windows 7 will reach its end of life.  So, if you’re one of the thousands of UK businesses still using it, you have exactly a week today to upgrade – or you could be issuing an open invitation to cybercriminals.

While your PCs won’t suddenly stop working, from next week, Microsoft will stop updating or supporting your operating system, meaning that automatic security and bug fixes will end, making it increasingly costly to maintain and vulnerable to attack.

And you can guarantee that cybercriminals will be targeting Windows 7 users after January 14th, because they know that their defences are down.

While Windows 10 isn’t right for everyone, there are many advantages of upgrading from 7 to 10:

  • It’s simple, with a minimum of disruption – in most cases you can keep your files and software on your existing PC
  • Many programs you use will already have been updated to work on Windows 10, so you can just carry on as normal
  • Although, the layout and interface is different with a little patience you’ll be able to transition and use it relatively easily
  • There are many great additional features and functionality on Windows 10 that will be a big help for your business, such as the Cortana virtual assistant and enhanced security
  • Support for Windows 10 is expected to run until at least 2025, so a small investment now will provide peace of mind for the next five years or more.

So, if you’ve decided to go-ahead and upgrade, here are just a few things to bear in mind:

  • You’ll need to calculate how many users you have and how many licences you need
  • While Windows 10 will run perfectly happily on most existing hardware, it may struggle on older machines, so now may be the time to upgrade some of your hardware too
  • Although as mentioned earlier, most software has been updated to enable it to run on Windows 10 you will need to check that this is the case with all the software you use before going ahead
  • Once you’ve established what you require, you’ll need to identify a budget and potentially look into financing options
  • Time, resource and investment will be required but upgrading will almost certainly bring productivity and business efficiency benefits, which will deliver a fast return on your investment.

It’s not too late – if you’re still using Windows 7  – contact your IT support provider to discuss if upgrading is the best solution for your business before the support ends next week,  or contact our friendly team on 03300 886 116 or by email on info@pcsupportgroup.com to find out about our IT and telephony services.

www.pcsupportgroup.com

Date:

Author

Category: IT Security.

Did you know that the UK’s SMEs are on the receiving end of an average of 65,000 cyber attacks every day? Or that the average loss from a successful attack is £25,700, per business?

I was shocked when I read these statistics, published by insurers Hiscox. Perhaps the most worrying trend of all for me is the relentless growth in ever-more sophisticated phishing scams. Even IT experts and senior executives are being tricked by bogus emails in order to steal your personal info and login details, or get you to make a payment – or simply to corrupt your computers to disrupt your operations.

The bottom line is, while some scam emails are easy to spot, the majority look very, very convincing. If it looks like it’s from a trusted company, with branding to match, it could just as easily be from a cybercriminal.

And, as Hiscox and other surveys reveal, the consequences can be extremely serious. Your business bank account could be compromised. Confidential customer data stolen. Or even worse, your entire IT estate paralysed by ransomware. Make no mistake, phishing could kill your business.

The best defences are education and motivation. Share the problem with your employees and give them guidance, after all failing to spot these emails could ultimately impact their job security.  Helping them spot the dangers now could be the best thing you can do to protect your business.

“So how do I spot a bogus email?” I’m often asked.  Here are six things that I would share immediately with everyone in your business. Beware of any emails that ask you to:

  1. make an immediate payment – don’t pay without speaking with the person to check the request is valid. Do not check via email!
  2. enter your ID and password – check with your IT support provider/department that this is a genuine requirement before entering anything you’re not 100% sure about
  3. start paying invoices into a new account – phone the requester to check it’s a genuine requirement
  4. click on a given link – check with your IT support provider/department that this is a genuine requirement
  5. download something onto your computer – don’t download anything unless you’re 100% sure of it’s content. If you’re not – check with who asked you to download it or check with your IT support provider
  6. respond because your account is under attack, been compromised or frozen – there is often no compromise and these are designed to create a panic response. Don’t! Check with your IT support provider that the alert is genuine before responding or clicking on anything

I treat everything as potentially suspicious – sadly that’s the mindset we all need to adopt. If you’re in any doubt, do not open or click on any link or divulge any personal or corporate information, without first contacting your IT team or support partner.

If you’re concerned about your business’s vulnerability to phishing attacks, email info@pcsupportgroup.com or, leave us a message here and we’ll get back to you or call us on 03300 886116 or for an informal and confidential chat.

Phil Bird,

Managing Director, The PC Support Group