It’s been reported that 66% of organisations were hit by ransomware in 2021*, demonstrating just how relevant it is to ensure you are implementing robust security measures.

Cyber criminals use tools like Remote Desktop Protocol (RDP) to access networks making early detection very difficult. Trusting solely in these tools is not advised and can lead to a host of issues including compromised networks for both your business and potentially your clients.

Here are some network security tips to enhance your protection.

Micro-segment your network
Micro-segmenting allows you to detect and block threats attempting spread across your network. Create small zones and connect them via managed switches and a firewall to apply anti-malware and IPS protection between segments.

Replace remote-access VPN with a Zero Trust Network Access solution (ZTNA)

ZTNA removes the inherent trust and broad access that VPN provides. It uses the principles of Zero Trust: trust nothing, verify everything. To learn more, read Sophos helpful article about the benefits of ZTNA here.

Implement the strongest possible protection

• Firewalls should have TLS 1.3 inspection, next-gen IPS, and streaming DPI with machine learning and sandboxing.
• Remove remote access or RDP system access through VPN, NAT, or port-forwarding, and ensure that any traffic flows are properly protected.
• Endpoints should have the latest next-gen protection capabilities

Patch and update all software and firmware

Use multi-factor authentication (MFA) – Ensure every user and device repeatedly verifies their identity before accessing your network.

Adopt a strong password policy – Consider implementing authentication solutions like Windows Hello for Business.

Quick response in the event of a cyberattacks

Implement and utilize automation technologies and human expertise to accelerate cyber incident response and remediation.

Ensure your network security infrastructure is set up to automatically respond to and active attack, a combination of automation technologies and cyber security expertise will allow you to isolate and contain an attack before it can cause any serious or further damage.

24/7 fully managed detection and response service

We advise investing in a 24/7 fully managed detection and response service. Engaging with specialist Cyber security experts enhances your protection against threats that technology solutions alone cannot prevent.

For more information about any of the security measured addressed in this article or to discuss your business specific cyber security needs, contact us today and one of our cyber security advisors will be delighted to help.

Learn about Managed Security

As geopolitical conflicts continue to unfold, cyber criminals are seeking to capitalise and exploit this situation wherever possible.

Government agencies worldwide are now warning businesses to exercise heightened caution regarding their cyber security.

Due to the continued growth in attacks on businesses, this month Utilize deployed Geo-IP Filtering for all our managed customers Firewalls to enhance the protection of their business.

What is Geo-IP Filtering?

Geo-IP Filtering blocks network connections based on Public IP addresses in a particular geographic location, thereby reducing a businesses risk of exposure to cyber-attack.

Whole country Geo-IP filtering makes perfect sense for businesses based entirely in the UK, with no reason to accept incoming or outgoing online connections from other countries. However, if your customers or staff require access to your networks from abroad, then you must think more carefully about which countries you block.

Our team spent time researching the top threat source countries before compiling our blocked list. Clients’ requiring access from blocked countries were advised to contact us so that their filtering could be tweaked accordingly.

Consider Geo-IP filtering as just one tool in your cyber security arsenal. It is not a complete security solution; it won’t stop everything. But if used correctly it’s often better to have it switched on than not.

Email us today JustAsk@utilize.co.uk if you are interested in deploying Geo-IP filtering in your own cyber defence plan.

Email us today

The coronavirus pandemic has driven a huge shift in how businesses operate and how their employees go about their daily working lives. Much of this digital transformation has been positive, with a rise in remote working and widespread adoption of productivity tools. However, digital transformation brings with it huge risks – not least from a cybersecurity standpoint.

Over the past year, it’s been all too easy for employees to click on a bad link, open an infected attachment or visit a malicious website from a work device whilst at home. They may have downloaded or installed an unauthorised application on work systems, or even taken advantage of more powerful work hardware to play games in their leisure time.

Enterprising cybercriminals know that the adoption of new technologies or working practices brings with it blind spots; chinks in the armour of businesses both large and small, that could quite easily be exploited.

It’s for this reason that cybercrime attacks within the UK are thought to have increased 31% during the pandemic – costing businesses some £6.2 million in the year to September 2020.

Businesses cite cybersecurity as their second biggest concern for the year ahead. PwC’s latest CEO Survey found that 91% of business owners put cyber threats among their top concerns – behind only pandemics and other health crises. Cyber worries were even named above uncertain economic growth, itself mentioned by just 86%.

Elsewhere, the PwC report found that 77% of businesses expect to invest further in digital transformation throughout 2021 – meaning their cybercrime defences need to not just be robust but ever-evolving, to ensure they don’t allow hackers to exploit any brand-new weaknesses.

The imminent return of workers to their offices provides an opportune moment to check your own cyber security credentials, and to ensure nothing dangerous is being brought back into the work environment.

Receive a free dark web scan when you register for a Utilize Cyber Security webinar

Double down on security by attending our free webinar, which explains the threat that returning workers or new technologies could place on your business. Topics covered include: Cyber Essentials, the Dark Web and Phishing Attacks.

Registered attendees will also qualify for a free dark web scan, so you will be able to see whether your data have been compromised. If information is at risk, our experts can advise you on the next steps you should take.

Contact Utilize

This year’s coronavirus pandemic has seen many traditional workplaces close causing millions more workers to operate remotely – many for the first time. So as we enter this new phase of ‘Working from Home’, it would be a good idea to pause and consider what (if any) the increased risks to our cybersecurity may be, and what we can do to hunker down and stay safe.

Certainly, those workers who are using a personal device for business purposes should ensure they take some extra precautions to help keep both personal and business data secure.

Vishing

If you’re anything like me, you’ll have rediscovered you have a landline, which may be subjecting you to a threat vector otherwise missed when you’re in the office. The primary threat is known as ‘vishing’, which takes everything we love about a Phishing email and transforms it into a phone call. Scammers will claim to be from your cable provider (Virgin, Sky etc.) and ask if you have experienced issues with your connection. They claim to be from the technical team and “can definitely help you with your speed issues if you are near a computer”. I followed their instructions on my last call (for investigative purposes) and discovered they will ask you to log-in to your device and follow commands to allow them to gain remote access to your device. At this point, they will proceed to install all manner of malware, keystroke loggers (to steal passwords), Ransomware etc. Remain vigilant in the face of vishers – Sky have been targeted with a number of vishing campaigns recently, so always call your suppliers directly!

Malicious texts

Alternatively, your telecoms providers (EE, O2, Vodafone etc.) may send you a text message to advise there has been an issue with your payment – with a link. Just because it is a text message does not mean it is safe and of course these messages do not always originate from the companies they purport to be. Be sure to connect to your account via a homepage or call customer support directly. Beware of these malicious texts – messages claiming to be from EE & Vodafone have been doing the rounds recently.

PayPal phishing emails

The good, old-fashioned phishing email has been evolving recently to become even slicker. I have seen an increase in PayPal emails with variants on the theme of “fraudulent activity… your account with be closed forever”. Clearly these messages are designed to panic you into action. I have included below an example of what to look out for. Note that if you use a Password manager you may find that every so often you get stuck in a ‘captcha loop’. You will need to copy your password manually and this should fix the issue. Most importantly, do not be tempted to click on a well-timed email that is more than likely not from PayPal.

Things you can do to keep yourself secure – a handy to-do list!

1. Awareness & user training. Social engineering remains the main way into a network (large and small) with humans proving the weakest link. Talk to us about how to create a plan, how to test employees in a safe environment and how to support them in understanding threats and implications.

2. Password managers. Social engineering remains the main way into a network (large and small) with humans proving the weakest link. Talk to us about how to create a plan, how to test employees in a safe environment and how to support them in understanding threats and implications.

3. Secure solutions. Products like SOPHOS InterceptX, O365, DarkWeb Scanning and SonicWALL can ensure you are well protected against a variety of threats whether you are in the office or WFH.

4. Mobile security. This becomes ever more important as threats continue for both business and personal users.

5. Patch, patch, patch! Check your home and work devices regularly for any new patches (Microsoft Patch Tuesday is a good day to check). Ensure you have up-to-date antivirus software on your PC, laptop and mobile device and, if in doubt, run a scan. If you use SOPHOS, ask us about their free Home Premium Licences available to all your users.

6. 2FA and Multifactor Authentication. This remains a highly recommended measure that everyone should be applying any application wherever possible.

7. Secure connections. Ensure your users are connecting to the office via a Virtual Private Network and that they know how to secure their home routers – these should be password protected and WPS disabled!

8. Sharing is caring. Create an open environment for users to share any worrisome emails, texts, or generally dubious activity without fear of repercussions. When someone inevitably clicks on a link, the sooner it is flagged the more chance you have of isolating it from other parts of your network.

9. Create an internal Playbook. What would you do if you suffered a breach? Who in your team needs to be involved and what are your processes? We can help with specific courses for GDPR and Cybersecurity.

10. Scan, scan, scan! Talk to us about regular vulnerability scanning and possibly penetration testing. We can help you understand which holes the bad guys can leverage and what you need to do to become more secure!

There is one final thing we can all do in the fight against malicious emails. NCSC have introduced a pioneering suspicious email reporting service, which allows you to forward any email you suspect may be harmful to report@phishing.gov.uk

Stay safe out there and, if you have any concerns, do reach out. We are always happy to offer you our expert advice and best practice security knowledge.

Contact Utilize

Reports of cyber attacks originating from the Dark Web are growing at an alarming rate. The attacks are becoming more frequent and increasingly harder to detect.

Hackers who initially compromise a network can be in the network for months, and sometimes even years, before their activity is spotted. It is more rewarding for them to compromise further systems and identify additional criminal opportunities to sell these vulnerabilities, passwords and hacks on to other criminals to exploit.

Alongside selling hacking tools, there are hackers for hire who are paid specifically to compromise a specific company’s networks. Data gained illicitly from your company may already be available in Dark Web data dumps, or from criminals selling data such as your employees personal records, compromised passwords, or system access exploits.

“48% of UK Businesses identified at least one breach or attack a month”

Although many businesses believe they are relatively ‘secure’ from cyber attacks and cyber security in larger businesses is generally improving, cyber attacks on medium and small business are increasing in number and frequency.

These attacks can start with the compromise of a single employee’s login details through a basic phishing attack. With one in every 3,722 emails in the UK being a phishing attempt, and a 350% surge in attacks amid the COVID-19 epidemic, your company cannot afford to ignore the threat of a potential data breach.

You must begin to mitigate your risks and take proactive steps to identify whether your businesses data has already been compromised and protect against the possibility of a future attack.

Read our Free Guide and discover the necessary steps your business should be taking.

Learn about Managed Security

Email attacks, phishing, insider threats, and spoofing have all spiked recently, and these increasingly sophisticated attempts to access your data and personal information are leaving widespread disruption in their wake.

Last year, 32% of businesses and 22% of charities in the UK reported having experienced cybersecurity breaches or attacks within the previous 12 months. The most common types were phishing attacks (identified by 80% of these businesses and 81% of these charities). Many also reported cases of others impersonating an organisation in emails or online (28% of these businesses and 20% of these charities) as well as viruses, spyware and malware attacks.

The nature of these threats

Cyber-attack victims are not necessarily selected at random; many are systematically targeted in order to infiltrate systems. Pen testing tools such as MimiKatz are used to search for the individual credentials of users with domain admin privileges, so that these accounts can proceed to spread malware more effectively. This method is typically behind the largest and most advanced ransomware attacks and breaches, with SOPHOS recently publishing that 54% of businesses have experienced a rise in this method of attack.

Email-based spoofing has also increased, as attackers employ ever more sophisticated methods in their attempts to gain access to money, intellectual property and other credentials. The most common attacks are initially aimed at C-level personnel, before spreading to other members of staff within the organisation. Mimecast’s 2019 report found that this sort of malicious activity from one employee to another could account for as much as 73% of individuals experiencing direct loss of data, finance or brand.

Smartphones today are minicomputers containing a large amount of sensitive information about our lives, including banking details, maps, our health, where we live and where we run. So, it may come as no surprise that 2019 also saw a growth in mobile attacks. Google Play and Apple are getting better at scanning applications, but cybercriminals excel at tweaking their plagiarised applications to avoid detection. When installing little-known applications, always remain vigilant for any small print in ‘free’ trials that require laborious steps to uninstall or unsubscribe. Failure to do so on some apps can result in hundreds of pounds in ongoing monthly payments.

Apps designed to steal credentials for online banking have plagued Android users for some time with malicious code not downloaded until after a user downloads the app – making it more difficult for Google to scan and detect. The malicious code then monitors your actions and keystrokes on virtual keyboards when logging into your banking app.

With the advent of GDPR, protecting our business and personal data has never been more important. So, as phishing, spoofing and spear-phishing increase, businesses must also urgently tackle the biggest risk to their organisation – their users. Yes, human error is a major contributing factor in breaches, which is why many companies undertake internal phishing simulation exercises with employees to evaluate their vulnerabilities. The results are often alarming.

But fear not, there is good news too. Educating employees and nurturing a culture of vigilance and awareness, through the consistent delivery of fresh and engaging training, can make a real difference and arm businesses with an additional line of defence.

Where to focus your resources

In the face of these every-changing threats, some of the old preventative measures can still provide the most effective protection. But there are some new recommendations and technologies to add into the mix too…

Patching

Many of us will have heard of Patch Tuesday, but not everyone places the same value on patch management. It can be a lengthy and laborious task but having a process in place for this is vital – either internally or via your IT support company.

Multi Factor Identification

MFA – or Multi Factor Authentication means having a separate token or device to confirm your user identity. MFA can take the form of an authentication app (such as Microsoft Authenticator) or Authy, which once paired with an individual’s account, provides a sequence of numbers every 30 seconds. The important part is that this is on a separate device to the one you are using – such as your phone. You should set up MFA on any application that supports it but particularly those with access to sensitive information.

Passwords

It is important to use strong passwords and for users to understand their importance. Passwords should not be reused, and this is particularly important for business passwords (or email/password combinations). Wherever possible, consider using an accredited password manager such as Last Pass, 1 Password or Dashlane. Click here to find out more

Awareness

If your users understand the importance of data privacy and the value of their personal information, they are more likely to look after the keys to your network. Fostering an open environment, where employees feel able to discuss possible phishing attempts and questionable emails or calls without the fear of reprimands, is an excellent start. Utilising a continual education platform is even better.

Accreditations and scanning

Cyber Essentials Plus, ISO27001, PCI DSS are great accreditations for your business to acquire and they show your suppliers and customers that you are serious about security. These accreditations align with GDPR and other requirements such as internal and external scanning. If accreditation is not feasible then a vulnerability scan should be considered as a regular addition as many exploits or breaches lie undetected for up to 6 months. Know the vulnerabilities within your business so you can work to bolster them. Understanding your systems, how they are connected, and the associated risk management, all play a vital role. Depending on your size, you may even want to consider walking through your ‘playbook’ – does everyone in your business know what to do if a breach/hack/disaster happens? This includes understanding how to approach the ICO in the worst-case scenario.

During these challenging times, we are experiencing a spike in cyber-attacks with many themed around coronavirus and the associated government/HMRC advice. As our workforces continue to adapt to remote working and a ‘new normal’, it has never been more important to be vigilant and ensure some of the simple precautions and best practices outlined above are implemented across your organisation.

Learn about Managed Security

Undoubtably you’ve heard mention of the Dark Web – a network of website and servers that
use encryption to obscure traffic and hide exactly who is accessing their content. Because the
tools you need to access the Dark Web are designed to give you anonymity, it has become a
hotbed of criminal activity, used to sell drugs, pornography, weapons and more recently stolen
data.

But why should your business care about the Dark Web, what appears there and how could it
effect your organisations security?

Cyber criminals and cyber attacks are not only becoming more prevalent, with 88% of UK
Business suffering a breach in the last 12 months, but more sophisticated and therefore more
harmful. Hackers who initially compromise a network can be in the network for months, and
sometimes even years, before their activity is spotted.

In fact, Data gained illicitly from your company may already be available in Dark Web data
dumps, or from criminals selling data such as your employees personal records, compromised
passwords, or system access exploits.

Digital credentials, such as usernames and passwords, connect you and your employees to
critical business applications, as well as online services. Unfortunately, criminals know this,
thats why digital credentials are among the most valuable assets found on the Dark Web.

Microsoft sees over 10 million username/password pair attacks every day.
You can’t afford to ignore the Dark Web. Your business needs to take proactive steps to monitor
the Dark Web for employee credentials, insider threats, customer accounts for sale,
compromised banking information, and criminal discussions requesting targeted resource
development focused on compromising your business.

Discover the necessary steps your business should be taking, Read our FREE essential guide.

Learn about Managed Security

It seems every day we are hearing about the latest loss of data, how companies and individuals have been “tricked” into handing over large sums of money and how our personal information is being used without our knowledge.

I am sure that many of these things have always happened, confidence tricksters and “con artists” have been with us for a long time, so why is it happening more frequently now?

Technology has indeed made it easier to communicate and move information around, but unfortunately, this makes it easier for the fraudsters too.

Over the last few months, I have seen a growing number of organisations caught out by such fraudsters. These tend to be smaller businesses where staff know the CEO or Owner and are used to taking informal instruction from them and do not question too much when this happens.

So, what can we do to combat this? One piece of advice I can give is to take an “old fashioned” approach.

This may seem at odds with today’s fast-paced world of technological marvel, but just think, in the past did shops give you something essentially on the promise that you would pay? It would have been interesting to go into a shop and tell the staff that their Manager before going on holiday, said that it would be okay for you to pick up the latest TV for free whilst they were away. And just to prove it, you have an unsigned letter with their name on it. I suspect you would have been politely asked to leave!

Adopting an “old fashioned” approach is one way to combat this. Don’t give anything to anyone until you have spoken to the person who has authorized it, either face to face or on the phone (and of course, you ring them, not vice versa). Always be suspicious if the authorizing person is conveniently on holiday or not in the office.

Be “old fashioned”, take your time, check and do not be hurried into making a decision. If the person doing the asking in the email is really your CEO, they should appreciate your thoroughness.

And if you are the CEO and have just received a quick phone call from your accounts person while you lie on the beach in the Bahamas, don’t be upset with them for double-checking. That few minutes of your time could probably be the best investment you have ever made. After all, where can you save £100,000 by taking a 2-minute call today?

Contact Utilize

Unfortunately, it’s a sad fact that smaller companies are more likely to fall victim to cyber criminals than larger ones. You may think that because you don’t have a high turnover or a prominent public profile that you can escape detection from cyber criminals, but don’t be fooled. Criminals know that larger companies have significant security resources, thus making circumvention of these defenses much harder and this challenge often acts as a deterrent.

If they do manage to break-in, the payback may be substantial, but so is the risk. Spending three months trying to hack into an organization takes significant investment from a hacker and the risk of detection will grow each day. A large company is far more likely to report a breach to the authorities and try to recover its lost data or money.

Often it is easier to target 50 small companies, where the risk of detection is minimal. These small companies won’t have the skills or the resources to put in place complex defenses and 50 small targets can often be more valuable than one large one.

I often hear “well the hacker will get in anyway, won’t they? So why bother spending all this money when it won’t do any good!” A well-resourced hacker or sovereign state with limitless resources will indeed get in, but this is not what you are trying to defend against. Making your company less palatable, is the goal you want to achieve.

Most hacks, like thefts, are opportune. The hacker will scan thousands of IP addresses until they find a vulnerable one and then exploit it. They may even be in your system for months or years, gathering information before you are aware of it. On average, it takes 177 days for a break in to be detected, for every threat that is detected quickly, there are far more that are not. Your company could have been breached in January and you may not even be aware yet!

So, what can you do?

Well, you wouldn’t leave your car unlocked in the street, would you? Yes, we all know that if someone wants to steal it they will. You lock it to prevent the opportune thief and that is what you need to do with your IT systems.

If you’re not a cyber security expert, where do you start?

Luckily you don’t have to be an expert to make a difference. Schemes such as Cyber Essentials and Cyber Essentials Plus address the most common themes. Think of these as mini-audits of your IT systems against the most common ways hackers get in. If you carry out a Cyber Essentials certification, you will address 80% of the most common vulnerabilities in IT systems today. This may not be 100% foolproof, but it goes a long way in helping you to deter that opportune hacker, encouraging them to move on to the next easier target, the next car in the street.

So lock your car – show clients and hackers that your company takes information security seriously. Complete Cyber Essentials/Essentials Plus and help to secure your IT systems from attack

We’ve written a short guide to help you better understand Cyber Essentials Certification and how it can benefit your organisation.

Contact Utilize

The lack of multi-factor authentication helped criminals to steal usernames, email addresses, social media tokens and 4.7 million phone numbers from 21 million users of social media app Timehop. The app, based in the cloud, resurfaces old photos and posts by connecting to your social media profiles. “Access tokens”, which are allocated to Timehop by social media providers, were also taken and could allow criminals to view a range of social media posts without permission.

Multi-factor authentication is the process of confirming your identity in two different ways before access is granted to an account or service, such as a PIN or password, a secondary device such a key fob or card reader, or via biometric data such as a fingerprint. We recommend that all our clients implement a multi-factor authentication process to help protect they IT systems and data.

Learn about Managed Security