cyber security

Cloud Computing – Security

Posted on May 25, 2022June 13, 2022 by Dave Sutton

In the previous article we explored Cloud computing and the considerations you need to make to be sure your transition is a prosperous one. In this article we will explore cyber security in the Cloud, the ways that threats may target you, and how to combat those threats to keep your system safe.

We don’t need to go into detail about how essential cyber security is because you already know this, but what most don’t know is the methods cyber criminals use to attack your systems.

Cyber Threats

Ransomware

Ransomware is designed with the intention of removing your access to your data. It does this by encrypting your files behind a secure ‘key.’ The cyber criminal responsible for the attack is aiming to hold the key to your system, then after having got the ‘keys’ they ransom your files back to you – demanding money in exchange for returning your files.

Phishing

Phishing scams involve an individual impersonating a known and trusted organisation. The message they send to their target will convey a sense of urgency in an attempt to panic the victim into disclosing sensitive information. The email may contain a message prompting you to act quickly to an ’unauthorised breach’ or a link with a message like ‘please click the link to be redirected, your account will be closed in 5 minutes’. The messages will be accompanied by a link that redirects you to a login portal that is designed with the sole intention of hijacking your data.

It is important that your team know their role in the defence of your system – they must understand the potential dangers of their activities online and they must trust their gut instinct and be vigilant.

There are technical measures that can be introduced to help your team protect your data when online. If you choose the Microsoft suite of tools as your Cloud platform, for example, they take security very seriously. So, what technical measures can you purchase to better secure your Microsoft environment?

There are two key areas to address to reduce the risk of data breach and best secure Microsoft 365 in the Cloud:

Technical controls, policies, filters, and defences.
Policy changes for how users access and use 365.

Technical defences

Technical defences exist within Microsoft 365 to overcome different security threats, including the prevention of:

The interception or viewing of email content or attachments by unauthorised parties.

Your domain from becoming a victim of a ‘spoofing’ attack, with cyber criminals purporting to be your business.

Phishing attacks being received or having their links clicked upon within an email.

Malware, Ransomware, and other malicious file attachments being received or downloaded from emails.

The Users

Your users – as we touched on previously – have an especially important role to play in the defence of your systems: they are your last line of defence, but, unfortunately, for all their responsibility, they can actually end up being the cause of a breach. Your system is very fragile; all it takes is a click on a malicious link and your entire organisation could come tumbling down.

There are a number of risks posed by the way users access and interact with Microsoft 365 that depend upon:

The complexity of their password and whether this password is unique to 365 or used as a general password across other services.

The ability to share files and documents, and with whom.
The ability to share potentially sensitive information within email messages.
The level of system access and permissions assigned.

Let’s take a look at the security options in Microsoft.

Login security.

The risks

Reduce the risk of individual user accounts from becoming breached by cyber criminals as a result of exposed credentials on the dark web or due to accounts being secured with only basic common password formats.

Overcome the risks

Microsoft designed by default a secure password policy that is intended to direct the user to use a complex password. A complex password is exactly that – it needs to be hard to guess a collection of random letters and numbers, which is long, and includes special characters. Traditionally, managers would direct their team to change their passwords on a time cycle, with instruction for those passwords to get longer and more complex when changed.

We now realise that this system doesn’t improve security levels at all, as enforcing longer passwords with a regular password renewal policy on a cycle simply forces users to use their old passwords repeatedly because they know they won’t forget it.

Multi-Factor Authentication (MFA) / 2-Factor Authentication (2FA) is the better, modern approach.

MFA is a second authentication step that takes place after a user has entered their password. They ask you to input a code that is randomly generated on a cycle (usually every few seconds or a couple of minutes apart) that authorises your identity, therefore further improving security. The code is received on a personal mobile device (usually through a text message), but also can be accessed through an authentication app or sometimes via email; this means that only the person with access to that device, app, or email account can see the code. So, with MFA, even if someone has your password, they still may not be able to gain entry. Security is all about layering, and MFA is a great example of that, because they would first need to find out your password and then they need to get hold of your personal device to find out the MFA, and they still need to get past a well-educated team familiar with the threats to the system.

MFA, among other login security best practices, can be enforced for your tenancy through Microsoft 365 security defaults.

The Microsoft 365 security defaults

You can activate security defaults that enforce a number of policies automatically by defining security parameters that apply to all of your users.

Security defaults come at no extra cost, as long as your organisation purchases any of the Microsoft 365 tools at minimum, the Azure Active Directory service is a free tier.

Security defaults include:

Blocking legacy forms of authentication.
Requiring users to perform MFA procedures upon certain actions.
Requiring all system administrators to follow MFA.
Requiring all users to register for MFA.

How do you implement security defaults on Microsoft 365?

1. Visit your Azure Portal (https://portal.azure.com).

2. From the main menu scroll to ‘Properties.’

3. Click ‘Manage security defaults’.

4. Move the slider across to click ‘Yes’.

Once having done this, your users will be forced to activate MFA on their accounts – they can’t ‘put it off until later’ like most would.

Now that you know more about the Cloud and how to secure your organisation when working in it, you can be sure that your team are equipped with not only technical tools that are secure and capable but also the education around using those tools and navigating cyber space safely. We hope this article has helped you regarding the considerations you need to bear in mind before making the change to the newest most revolutionary way of working there is.

Your business IT support partner

Uptech is the leading IT support company in Kings Lynn and West Norfolk. We are passionate about the support we offer businesses like yours and provide Enterprise-level tools, Cyber Security Solutions, and IT hardware to businesses in need of a helping hand. Established in 1994, Uptech offers High-end IT Services to Businesses with 5-200 staff, with multiple locations (including WFH), keeping them all Connected. We have helped our clients progress and improve their IT, whilst assisting them to become more profitable and productive. Contact us now to find out how we can help you.

Cloud Computing – Understanding Your Own Business

Posted on May 25, 2022May 25, 2022 by Dave Sutton

The world of work is more flexible than it has ever been before. This flexibility has made the adoption of remote working not only possible but – if the transition is made correctly – quite possibly a better option than the office setting in many ways. Cloud computing is the reason these new ways of working are possible. At the onset of the pandemic, business owners were forced to make the transition as quickly as they possibly could, and most did an okay job at best, but can you blame them? They needed to keep their organisations operational during some of the most perilous times for businesses ever.

Remote working is a transition that can cause a lot of apprehension, because a change of that type is a daunting one for any business. The Cloud causes apprehension through a simple lack of knowledge around what it is, what it does, and, above all, what it can do to help a business thrive.

It is a big step, so a transition to Cloud computing needs to be well thought out – after all, you want to know that what you are putting your money into is worth it. Yes, there are providers out there – like with any tech sale – that want to sell you the most expensive option regardless of whether it is good for you or not, but this isn’t always the case as there are some that genuinely want you to be educated and advised correctly – this is the only way you can be sure you are using the best tools for your organisation.

Before we get into the details about Cloud computing, let’s answer the first – and most important – of all questions, what is Cloud computing?

What is Cloud computing?

Cloud computing is the latest advancement in IT tools, services, and infrastructure. Traditionally, businesses would need to purchase, support, and maintain their own IT hardware and software platforms to cater for their day-to-day work activities. The Cloud provides a subscription-based service designed to cater flexibly around the way your team works and the demands of your organisation.

You must have heard the term ‘on the Cloud.’ This refers to the organisation’s IT services being provided over the internet as opposed to it running from locally based servers.

When ‘on the Cloud’ your computing resources, data storage, email and telephony communication, software databases and applications, are delivered on-demand. This is revolutionary – never before has your team been so agile and flexible, and with a near-instant roll out of new IT services your teams’ days can be more productive than ever before as they now only need to spend time doing their job role. Your monthly payment will only be for what you are actually using, making the scalability of the Cloud a real money saver for your business.

Having your IT provided as SaaS (Software-as-a-Service) will guarantee that your applications are always up-to-date and capable. This service, the back-end infrastructure, and security mechanisms are all included in that rolling fee. No one likes surprises so being sure the fee you agreed on won’t change (without agreement) puts a lot of business owners’ minds at ease.

Of course, the commercial benefits are the clear leading reasons that businesses convert to the Cloud, but its ability to allow your team to work from anywhere in the world with an internet connection is a close second. Your team can access all of the applications, files, and documents that they do in the workplace from the comfort of their own homes!

Before undertaking a Cloud transition, you must understand your business, but this isn’t as straightforward as you may think.

A Cloud migration – Understand your own business

You must take a step back, look internally at your company and acknowledge how it operates. Ask yourself some questions like, “What do I need to prolong my success?”, “What does my team need to achieve their daily goals?” and “What regulations am I obliged to adhere to?”.

Compliance

Most organisations carry a lot of responsibility for all the sensitive data they hold across their business. That data being safely protected should be the biggest priority you have, because if it gets stolen, deleted, or somehow goes missing, the consequences could be disastrous. “Why would the Cloud effect your compliance obligations?”, I hear you ask. Well, this is because some data centres are kept abroad and, depending on your compliance obligations, it is illegal to store certain data outside of the country.

Your business goals

“What do I want to achieve with my business?” Answering this question isn’t as simple as you might think either – profit and money may be the overriding goal, but what small achievements could help you get there faster? Learning what these goals are will help you to make a better decision on your Cloud transition, and knowing what you need to achieve your goals will enable your decision to be based less on price and more on value.

Your users

Without your users you wouldn’t even have a business; they are on the front line every day, so therefore it is essential you take the time to hear what they have to say. You should prompt them periodically to learn all you can, ask them questions like “Are the tools we provide you with good enough?”, “Are they fit for purpose?”, “Are they difficult to use?” – only then will you learn what you need to know to make their work environment as productive as you can.

Be mindful that some Cloud providers offer different services than others, so you need to check that the one you choose offers levels of collaboration, communication, and productivity that can rival the office setting. Get to know your team as well as you can – we know this is difficult sometimes, depending on the size of your workforce, how often you and they are in the office, and how busy they are daily. It can be almost impossible, but you must try, because the better you know them the more likely you will be to provide them with what they need.

In the following article we will explore Cloud security, what makes you vulnerable, and what you can do to be sure that your Cloud environment is as secure as it can possibly be.

Your business IT support partner

Uptech is the leading IT support company in Kings Lynn and West Norfolk. We are passionate about the support we offer businesses like yours and provide Enterprise-level tools, Cyber Security Solutions, and IT hardware to businesses in need of a helping hand. Established in 1994, Uptech offers High-end IT Services to Businesses with 5-200 staff, with multiple locations (including WFH), keeping them all Connected. We have helped our clients to progress and improve their IT, and (in the process) they became more profitable and productive. Contact us now to find out how we can help you.

Understanding your business in the Cloud CTA

Cyber Security: Defend Your Business

Posted on April 1, 2022April 1, 2022 by Dave Sutton

In our previous article we explored the importance of an effective cyber security strategy in modern business, we took a close look at some of the most common methods used by cyber criminals to attack your systems and concluded that cyber security has arguably taken pride of place over even the physical security of your organisation.

In the remainder of this article we will explore some of the most integral cyber security measures that will equip you and your team for an effective defence against a strategically planned cyber attack.

The Cyber Security Fundamentals

Good data backup

Cyber attacks are happening all the time, in every industry, in every country in the world. It is this reason that makes it essential you always have current backups in the event of an attack, because you never know when you may become a victim. It is important that you have a strategy in place that ensures your IT systems and essential data are safeguarded to the best possible standard. The survival of your business relies on them, so you must be sure they are safe.

Use the 3-2-1 backup rule, ensure there are three copies of your data – two of them on your choice of separate storage media, and one stored offsite – in the eventuality of a business defining disaster. By having three copies of your data, you will not only have a few fail safes in case of an occurrence, but they will also allow you to rest easy with the assurance that your business can still operate effectively in the event of an attack.

Like your physical security, it is – unfortunately – impossible to guarantee cyber security. New methods of attack are being developed daily so eradication of cyber threats isn’t the goal but about how you manage the risks going forward.

Data backups are the number one tool in your cyber security arsenal. We know it sounds negative when we talk about preparing for an attack, but don’t forget the number one goal – and the reason for implementing these measures – is to keep your business operational, no matter the circumstances. Data backup gives you the opportunity to make guarantees to your customers that were previously not possible.

Secure passwords

Passwords are already a major part of our lives. We should all know the basics of password good practice – don’t use common letter or number sequences, words or phrases that have personal meaning to you, or the same password across multiple accounts. But there are more steps to good password practice that make them far more secure, which are as follows:

Ensure that your team follows a strict set of pre-determined rules when creating their passwords. Following these rules will enable passwords to stand up against the cyber criminals trying to breach them.

Use multi-factor authentication where it is available.

If it is too easy to remember – change it! Avoid easily recalled sequential passwords, recurring numbers (such as 1234, 6789) as well as frequently used words.

If possible, make sure your password is over ten characters long and contains a combination of letters, numbers and even special characters – when it comes to passwords the longer the better!

Use upper and lower-case letters.

It is highly recommended that you periodically change your passwords; accounts can be hacked without the knowledge of the account holder, so it makes sense – even if you have no suspicion of suspicious activity – to change it now and again.

Passwords are the first line of defence for your systems. We get why people make their passwords easy to remember and simple to write – they are simply thinking of the ease of their experience and work is hard enough already without adding to work processes. But, making things ‘easy’ could be jeopardising the very survival of your business. Good passwords are a necessity and not a choice!

Manage permissions

It is essential that you manage permissions to your system. Your users should only be granted access to accounts that are required for them to perform their role. Data loss, theft, or – if the attack is particularly sophisticated – deliberate changes to your security settings, could facilitate future attacks. Only giving access as required lessens the likelihood of a user accidentally granting access to a cyber criminal.

Anti-Malware measures

Anti-Malware software MUST always be downloaded on your laptops and computers. A lot of the good operating systems often come with a free version as standard – which can be described as okay at best, but under no circumstances is this free version good enough for business use. It must be replaced with quality rated software as soon as possible.

Data encryption

Theft is not the sole aim of cyber criminals – their aim is, in fact, to encrypt your data. So, you need to beat them to the punch. This sounds confusing, I know, so let me explain. By encrypting your data, you hold ‘the keys to the kingdom’ – you must always have control.

Education

Your team are the most important line of defence for your organisation. They are targeted due to their usual ignorance around the importance of cyber security, so, to counteract this, they must be equipped with the knowledge of not just what to look out for that could be a threat but also how to use the various security tools at their disposal, and their role in the defence of your system.

Implement an IT Security Policy

You must have an IT security policy; it must be clear and concise – and both you and your team must be clear on it. It is essential that your entire team know and sign it regardless of their dependence on IT. (They may only use IT for something relatively small in the grand scheme of things, but that individual is still on a system which contains information that in the wrong hands could be business debilitating.) Your IT security policy will make your organisation more secure before you’ve even implemented any new technologies, because if everyone knows what their role is in the pursuit of a cyber secure workplace then that is arguably even more valuable than any tools you can buy.

The policy must be meticulously constructed and contain the security guidelines and obligations of the team, both when working on premise or remotely. The policy will allow you to feel safe in the fact that your team not only know how to conduct themselves in the most secure way possible but also that they know how important their role is in the safety of the organisation. Whether they consistently do this is another thing, but once they have written their signature next to the procedure you can relax knowing they have read and understood what is required of them. This, of course, means that you are within your rights to take action if they don’t behave as they promised to.

We hope that these two articles have put you in good stead to not only know what threatens your organisation but also what your and your team’s roles are in the defence of it. This can all seem a bit much – it is a lot of information to take in – so, if you are struggling, please don’t hesitate to get in contact with our team for expert IT consultancy.

Your Cyber Security Partner

Uptech is the leading IT support company in Kings Lynn and West Norfolk. We are passionate about the support we offer businesses like yours and also provide Enterprise-level tools, Cyber Security Solutions, and IT hardware to businesses in need of a helping hand. Established in 1994, Uptech offers High-end IT Services to Businesses with 5-200 staff, with multiple locations (including WFH), which enables them all to remain Connected. We have helped our clients to progress and improve their IT, and so become more profitable and productive. Contact us now to find out how we can help you.

Cyber Security and Its Importance in Your Business

Posted on April 1, 2022April 1, 2022 by Dave Sutton

The cyber security of your business should be of the utmost importance – and if it isn’t then you are playing with fire. With the planet saturated with internet connected devices, it is essential that you and your team have some knowledge of cyber security, the ways that cyber criminals target and attempt to breach your business, and the tools and methods you can use to better protect your vital data. It is fair to say that, in today’s digitally dominated world, cyber security now takes priority over the physical security of your business, because the consequences are far bleaker if your cyber environment is breached.

As we said, our workplaces – like every part of our lives today – revolve around the effective use of internet connected devices. The criminal community have grown wise to the extensive opportunities offered by these devices, so not protecting them properly simply makes the task of accessing them that bit easier for criminals.

Criminals also like the anonymity offered through cyber attacks. Instead of kicking a door down or smashing a window, they can – if the cyber attack is sophisticated enough – sneak in undetected and be gone before you even know they were there.

For smaller to medium sized businesses, it is predominantly through indirect means that they get attacked, either as collateral damage as consequence of an attack on a larger business or by becoming one of the many victims of a publicly launched attack that originates from the target’s mailbox.

Regardless of the number of internet connected devices you have, the number one reason that businesses – and individuals – become victims of cyber attacks is through a severe lack of knowledge. Our eagerness – and, in most cases, impatience – forces our hand – we grab the device, take it out of the box and get going with all the amazing new features it has, not realising how potentially dangerous it can be if the wrong person gains access.

Let’s explain this in a way that applies across the board regardless of business size and sophistication. At the end of the workday someone will go around and check that the windows and doors are securely locked – these checks are automatic; in fact they are ingrained into us so much that some of us get ten minutes away from the office and then have to drive back just to be sure the building is secure. This is the level of paranoia you also need to have regarding your cyber security. Obviously, we aren’t saying take stock of your cyber security measures every single day like you would the windows but the premise is the same, because leaving your cyber landscape undefended is like finishing your workday and leaving the doors and windows wide open when you leave.

Every business is at risk! Cyber criminals don’t discriminate or pick a sector to attack for any particular reason – this makes it even more essential that your cyber security measures are up to scratch.

Understandably, cyber security can cause apprehension, as most have no clue as to what would be best for their business, what the options are, or how much it will all cost.

There are recommended ways of ensuring your systems are defended, one of which is by working toward the Cyber Essentials Accreditation – it will help you remain secure and allows you to project a cyber secure image to your clients – in the modern age of cyber threats this can be a crucial factor for some consumers. But, for some, this can seem like overkill; for these individuals, learning the different methods of attack cyber criminals are using is essential, because how can you defend your system from something you know nothing about?

The Methods of Cyber Attack

Malware

Malware is a file that has been designed with the specific intention of attacking and undermining the functions of an application or even the entire computer system. It comes in many variants but, most commonly, Malware is used to attack your network via email attachments.

Ransomware

Ransomware is a very common form of Malware attack; it works by locking and encrypting your access to your own data. The cyber criminals demand a ransom under the promise that they will safely return your access. They aren’t silly, because they then attempt to force your hand by introducing a sense of urgency to your actions; they want you to pay the ransom before you have had a chance to think about it – they set time limits on payments under the threat of deletion of your files if the payment isn’t made promptly and within the demanded time limit.

Understandably, many just pay the criminals. They have the attitude of ‘Oh well, I’m down x amount, but that isn’t anywhere near the value of all that data’, and they would be right in this respect as, both literally and in a reputational sense, your data is invaluable, usually far more valuable than the amount the criminal is demanding. But remember, criminals can’t be trusted – do you really think you are going to be regranted access and left alone after paying? Instead of securing your files you are simply letting the criminals know that you have the funds to pay them, and (just with a gentle push) are willing to do exactly that.

Phishing

A Phishing attack is when a cyber criminal assumes a false identity in fake/fraudulent emails in order to gain access to private information.

Phishing Emails carry malicious links; these links are key to the cyber criminal’s attack being a success. The cyber criminal will pose as a trusted source of the recipient (usually a bank or government entity). Again, they bring a sense of urgency and time sensitivity in the contents of their message; they – like with Ransomware attacks – are trying to force the recipient to decide quickly and on a whim. When the rouse is believed it would then involve the recipient clicking the link and facilitating the attack.

Now you have a beginner level familiarity with the methods cyber criminals are using to attack your systems, in the following article we will look at some of the cyber security fundamentals that every business in the world should have in their arsenal.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_clck	1 day	This cookie is set by Microsoft Clarity.This is used to monitor the performance of the website and does not collect any personally identiable information.
_clsk	1 day	This cookie is set by Microsoft Clarity.This is used to monitor the performance of the website and does not collect any personally identiable information.
_ga	2 years	This cookie is set by Google Analytics.This is used to monitor the performance of the website and does not collect any personally identiable information.
_gat	1 day	This cookie is set by Google Analytics.This is used to monitor the performance of the website and does not collect any personally identiable information.
_gid	1 day	This cookie is set by Google Analytics.This is used to monitor the performance of the website and does not collect any personally identiable information.

REMOTE SUPPORT

REMOTE SUPPORT

Tag: cyber security

Cyber Security: Defend Your Business

The Cyber Security Fundamentals

Good data backup

Secure passwords

Manage permissions

Anti-Malware measures

Data encryption

Education

Implement an IT Security Policy

Your Cyber Security Partner

Cyber Security and Its Importance in Your Business

The Methods of Cyber Attack

Malware

Ransomware

Phishing

Your Cyber Security Partner