internet security authentication milton keynes

Why Hackers Love Companies that Don’t Use Multifactor Authentication

The recent breach of the popular mobile app Timehop was caused by hackers breaching the app. It then exposed the credentials, phone numbers and social media histories of more than 21 million users. There was also a considerable length of time that the hacker’s presence went undetected.

 

This article about hackers, authored by David Vergara, Director of Product Marketing at OneSpan, first appeared July 24, 2018 on Payments Source.

 

It’s remarkable just how many significant security breaches could have been prevented if only multifactor authentication technology had been deployed.

A lack of strong authentication is the reason behind the recent breach of the popular mobile app Timehop, which lets users see social media posts from the same date in previous years. The breach exposed the credentials, phone numbers and social media histories of more than 21 million users. What’s worse is there’s a considerable length of time that the hacker’s presence went undetected, making this application’s user identities ripe for theft.

Here’s what happened. A Timehop employee’s credentials were leaked, which gave a hacker access to their system. The use of strong authentication, multifactor authentication in particular, would have required the hacker provide a second form of authentication beyond a username and password. A failure of the secondary authentication would have stopped the hacker cold.

hackers milton keynes

Making Multifactor Authentication a Business Priority

Still haven’t deployed strong security in the form of multifactor authentication? It’s high time to get started by choosing a solution that’s right for your organization and your end users. Multifactor authentication is a must along with complementary technologies like single sign-on, user directories and other systems that allow for strong authentication and protect social media, email communications and business-critical applications.

It’s easy to point the finger at a company’s IT department and say, “Why didn’t we have this stronger security?” As mentioned on Payments Source, the answer is sometimes simple — companies are confused about which technology to use, these tools were never intended to be used together, and integration can become expensive and cumbersome. Today, the right level of security requires additional technologies to keep up with the emerging threat vectors. All of this points to the urgent need for businesses to implement multifactor authentication and a risk-based approach to access management.

The IBM Security report also found that one major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million, more than the total average cost of a breach globally, and more than double the amount of “lost business costs” of any other region surveyed.

Make adding an MFA solution a priority. Your customers’ experience, brand reputation and bottom line depend on it.

Protect your infrastructure from hackers

To find out more about improving your company security and protecting your systems from hackers visit our network security page or contact us for a free IT security assessment

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What is a firewall?

In computing and networks, a firewall is software, hardware or firmware (which is permanent software programmed into a read-only memory.) that follows a specific set of rules to decide whether to allow information or data to enter or leave a network.

Firewalls have been a crucial defence in network security for over 25 years. They are a virtual barrier between sources that are checked and trusted, and untrusted sources that come from outside an internal network.

Firewalls can be used for a wide range of devices and systems to lower the risk of malicious data travelling to and from the device.

The term firewall is a metaphor relating to a wall or partition designed to inhibit or prevent the spread of fire. The most common ones you see are fire doors in a commercial building or school. There are two main types of computing firewall; network based and host based.

Host-based means it’s installed on individual servers and monitors signals going in and out. A network-based firewall is held in the cloud as a virtual firewall.

When you’re looking at firewalls, you’ll come across some various terms within those host and network-based firewalls; proxy, stateful inspection, unified threat management (UTM), next-generation firewall (NGFW) and Threat focussed NGFW.

 

Why do you need a firewall?

Firewalls are just the first line in the defence against hacks and malicious intent.

In the same way that you lock your doors and windows before leaving the house, your firewall locks out unwanted intruders and makes you much less vulnerable to hackers who want to access your data or imitate your company (also known as spoofing).

Some of the most common attacks are IP spoofing, network packet sniffers, man-in-the-middle attacks, distribution of sensitive internal information to external sources and password attacks.

Password attacks can be achieved via password guessing (like you see in the movies), brute force login (where a programme guesses at a much higher rate per second but can often crash a system due to the resources required to cope with the constant attack) and password cracking (where the attacker gains access to the file on a computer that stores your passwords).

The results of not having adequate firewall protection can be minor or devastating. Sometimes the downtime alone is the most costly part of the disruption, but other outcomes can be damage to a company’s reputation or loss of crucial information.

Talk to us about the best firewalls and security for your organisation – get your free consultation via our contact page.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What Is Ransomware and How Do You Avoid It?

Ransomware isn’t exactly a new threat, and it continues to grow over recent years as a means for cyber criminals to extort individuals or businesses by way of locking down their devices and – you guessed it – essentially demanding a ransom for it to be unlocked. With reports of ransomware being more widespread as far back as 2015, you’d think by now it would have been dealt with more efficiently, however, according to research ransomware generated an estimated $1 billion in 2016 alone.  It also has a low cost structure (so, very profitable) and the victim directly sends the perpetrator money.

What is Ransomware?

Ransomware, in a nutshell, is a form of malware that essentially locks down access to your computer data. This is usually done by way of encrypting as much personal information on your PC as it can find, or by just locking your screen entirely. The malicious software will then demand a payment from you (a ransom) before your data will be unlocked again – simply put, it is holding your computer, files and data hostage until you pay a fee. Most commonly, ransomware infects your PC when you click a link in an infected e-mail.

A survey of companies who were infected by ransomware includes cautionary facts for those who might be thinking that paying the ransom and moving on is the fastest and simplest solution.  Most of the companies who paid, paid in excess of $1,000 (per computer) in order to recover their data. But, not surprisingly, only 55% of the companies who paid actually received the decryption keys and re-gained access to their devices. The cheapest and safest ways out of a ransomware attack are: try hard to avoid the social engineering tricks (do your due diligence to avoid an infection happening) and keep backups of your important files and data. Paying the ransom simply isn’t a wise option.

How Does Ransomware Spread?

The most common method of spreading ransomware is using a tactic known as “social engineering”. Generally speaking this is a way of tricking you into infecting your own device. Most commonly this is achieved via an e-mail, but could also be a malicious ad or popup on the web or a web page itself. It usually consists of an enticement to click or download an attachment, document, picture or video. Microsoft Office files, PDFs and multimedia files can all be the carriers for the ransomware program.

How Do I Know If I’ve Been Infected?

It’s quite difficult to not notice that you’ve been infected by ransomware due to the nature of the infection itself. Usually your entire screen will be taken over by something like the below images:

It’s very common for these types of screens to claim to be part of the government or law enforcement. This is social engineering in an effort to create fear of government reprisal for failure to cooperate.

How to Not Get Infected by Ransomware

For businesses, there are many different variables in play that can make it difficult to be completely secure against ransomware attacks. We highly suggest you utilise Managed IT Services to ensure your systems are kept up to date and you have the very best malware and virus protection on your devices at all times.

For individuals and home computers, the below guidelines can be very helpful:

 

  • Don’t click links or open attachments in an e-mail, unless you know who sent it. Even then, consider contacting the person to see if they really did send it.
  • Be suspicious of directives to “click this patch” for Adobe, Flash and some other common tools – there is a high chance this is malware. If you want an Adobe patch, go to the adobe site and get it yourself.
  • Be alert for news that there are new methods of infection. For example, malvertising may become a popular method of infection.

 

Contact Us today, to know more about our IT network support services and discuss your project requirements.

Windows 10 Vulnerability Allows Hijack, Even When Locked!

Is your computer and Network Security up to scratch? Regardless of whether the device has been locked, a recent vulnerability in Windows 10 has given hijackers an easy route to taking over – simply by using the digital assistant, Cortana, to execute commands. If you’re running Windows 10, you may want your IT Support personnel to tighten up the security on your systems.

Security software giant McAfee provided an in-depth analysis of the new vulnerability, which states that the “Hey, Cortana!” voice command (a default feature enabled in Windows 10) could be triggered even when the device was in a locked state, giving potential attackers a route to being able to see files, information and potentially allow arbitrary code execution.

Due to the vulnerability, it is possible to launch a Windows contextual menu by typing when Cortana starts to listen to a query on a device that is locked.

“All the results presented by Cortana come from indexed files and applications, and that for some applications the content of the file is also indexed. Now we can simply hover over any of the relevant matches. If the match is driven by filename matching, then you will be presented with the full path of the file. If the match is driven by the file content matching, then you may be presented with the content of the file itself,” McAfee explains.

Once hackers have gained access to contents and files, they can potentially continue the hijack and gain code execution rights – all from the Windows lock screen. This type of vulnerability will allow malicious individuals to run scripts (via things like PowerShell or Command Prompt) and commands without the need for parameters and without needing to have the device unlocked. It can even be possible, for example, for the hacker to remove software from the system.

You can test your system for the vulnerability simply by following the instructions as outlined by McAfee – if you can successfully follow these steps then we strongly advise you patch your system.

Trigger Cortana via “Tap and Say” or “Hey Cortana”
Ask a question (this is more reliable) such as “What time is it?”
Press the space bar, and the context menu appears
Press esc, and the menu disappears
Press the space bar again, and the contextual menu appears, but this time the search query is empty
Start typing (you cannot use backspace). If you make a mistake, press esc and start again.
When done (carefully) typing your command, click on the entry in the Command category. (This category will appear only after the input is recognized as a command.)
You can always right click and select “Run as Administrator” (but remember the user would have to log in to clear the UAC)

Luckily, Microsoft has already released a patch (as part of this month’s Patch Tuesday rollout) to address this vulnerability, but for systems that haven’t yet received this update, we strongly advise you get the latest patch or simply switch off Cortana until you have updated.

As part of our Managed IT Services, you can have peace of mind that your operating systems are always up-to-date with the very latest security patches and rollouts.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

It’s time for an IT Audit when…

It’s difficult to conduct business these days without having a degree of reliance on IT systems and practices for your day-to-day operations. Unfortunately it’s also easy to become complacent when it comes to keeping your IT systems up-to-date and operating with the utmost efficiency, if you don’t have a dedicated IT support team.

It’s a general recommendation that you give your business hardware a refresh every 3-5 years, but more often than not small businesses will continue to use their IT systems for even longer than this. In this day and age, computer systems are improving rapidly, and it’s amazing how much a new computer will do for productivity.

If there are any signs of potential vulnerabilities in your IT network security or infrastructure, indicators of inefficiency in IT asset management then it’s probably time for an IT audit.

What is an IT Audit?

In a nutshell an IT audit is “the examination and evaluation of an organization’s information technology infrastructure, policies and operations.” This usually includes a full assessment of hardware, software and the general technical environment and even IT personnel.

When is the best time for an IT Audit?

Many companies conduct IT audits as part of a regular schedule, usually in conjunction with their financial audits. However they can also be performed as a selective audit whenever they are deemed necessary. There are plenty of circumstances when an ad-hoc IT Audit is necessary:

Inadequate Security

If you’re insure of how secure your IT systems are or are suspicious of its security, an audit is one of the best ways to determine vulnerabilities and putting them right by way of updates to software and hardware. IT audit services can help determine if there are vulnerabilities to your system that could create pathways for data loss, leakage, or tampering.

Checking For Compliance

Particularly with the introduction of GDPR, maintaining compliance with laws or policies is on every businesses minds. An IT Audit can assist you in determining if your business is compliant with these policies, and if it isn’t, make recommendations of where you can improve your IT practices, security or hardware to achieve an acceptable level of compliance.

Budgeting

It’s important for your IT budget to remain dynamic and chance with the economic landscape of the company. It’s all too easy for unnecessary software or hardware subscriptions to go unnoticed whilst cuts are being made in other areas of the business. An IT audit can help identify where budget cuts can be made whilst maintaining efficiency and operations.

Does Your Business Need an IT Audit?

At Spectrum Networks Solutions, we’ve got you covered. We have the knowledge and experience to conduct accurate, efficient IT audits and not only advise you of where your infrastructure can improve, but how and we can even supply you with the necessary hardware or managed IT services. Let us make your IT systems as good as they can be!

Contact Us today, to know more about our IT network support services and discuss your project requirements.

The Top 3 Security Threats To Your E-Commerce Website

In 2016 alone online sales totalled in the region of over 150 billion euros, and more and more businesses are processing sales through online platforms so, as you can imagine, this figure is set to increase each year.

But as the e-commerce population rises, and with it the level of spending online, so does the temptation for cyber criminals. If your business trades online, it’s vital to have the correct security in place to ensure your e-commerce website isn’t vulnerable to malicious attacks.

Here are three of the biggest and most common threats to ecommerce platforms:

Using 3rd Party Web Components

It’s very common practice, if you don’t have a fully custom-built website, to be using third party web components for certain functions on your e-commerce platform. This is often the case with the shopping cart or checkout page. Whilst for the most part there are many trustworthy and reputable vendors for these types of components, they are still a target for cyber criminals. Hackers are known to seek out outdated editions of vulnerable software like this, because often the security weaknesses are publicised.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks have been around for quite some time, but their popularity among cyber criminals continues to grow. They essentially cause a website to crash by way of directing mass, simulated and simultaneous traffic toward it. They can be very difficult to prevent or deflect. Even if your own website does not become a DDoS target, another website that your business relies on could be hit. Any kind of downtime as a result of a DDoS attack could cost your business dearly.

Open Source Codes

Open source software and platforms are fantastic for businesses on a budget. However, due to their public and free nature, they are often lacking in security protocols, and these vulnerabilities are often shared on forums and other online communities. The code is completely open for anyone to see and manipulate, and this leads to obvious opportunity for security to be compromised.

Keeping Your E-Commerce Website Safe

It’s important that your security is pro-active, evolving and has disaster recovery procedures in place. At Spectrum Networks Solutions, we take security seriously and have all of the necessary experience, equipment and knowledge to make your IT systems and online activities as safe and secure as they can be. We have excellent Managed IT services available for businesses small and large, with flexible and scalable packages to suit your requirements and your current IT infrastructure. Get in touch with us today and let us take the worry of having an insecure e-commerce website off your shoulders- for good.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

Why Your Business Needs External Support

As cyber-attacks continue to evolve, it’s almost impossible for your internal IT and office processes to keep up and prevent every type of attack against your IT systems. This also means that your internal resource can be tied up with trying to recover from a cyber-attack when they should be focusing on their important business roles. Let’s take a look at why it’s important for you to have access to external, industry leading specialists to handle your IT network security and support.

Expert Knowledge & New Technologies

Our IT managed services come equipped with the very best tools and resources that most small businesses don’t naturally have access to or can’t necessarily afford to have as on-site resources. By having access to teams of experts in an array of services such as network and data management to cyber security, you will have the best defence against cyber-attacks all whilst keeping your internal resources focused on their business roles.

With Managed IT services such as Spectrum Networks Solutions, all specialist training is taken at our own expense, and we’ll always have a technician available and on hand that is fully trained on the latest industry developments.

Past Experiences

We have been offering network security services and IT support to businesses for many years and as a result of this we have seen, prevented and recovered from. This means we can implement and manage backups and disaster recovery procedures with efficiency and with the best cyber defence protocols possible. This way your team would still be up and running after suffering from an IT emergency without disrupting much of your day-to-day business operations.

Our external support experience with data protection will ensure your systems are monitored around the clock so your security systems are always functioning properly to keep cybercriminals at bay.

Focus On Your Business

We appreciate that your business doesn’t focus on technology or specialise in IT systems. Let us take the worries of keeping your IT infrastructure secure so that you can focus on your day-to-day corporate activities and growing your business. With our managed IT services, we fully expect and are also ready for emergencies that occur outside of the traditional 9-5 hours. We know that time is precious and downtime can mean a loss of revenue for your business, so we pride ourselves in fixing any issues and getting your systems back up and running in the quickest time possible. What’s better; with our Managed IT these types of disasters are rarer as we’re constantly monitoring and correcting problems before they occur.

Our goals are clear and simple – we aim and pride ourselves in keeping you a happy customer for as long as we can, thus providing you with the highest level of service possible at all times.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

5 Areas of IT You Can’t Ignore in 2018

With 2018 in full swing, it’s time to take a look at 5 areas of your business IT infrastructure that you simply can’t afford to ignore:

  1. Disaster Recovery

It’s amazing to think that a recent survey showed that over 50% of businesses in the UK have no Disaster Recovery processes in place. This means that over 50% of businesses could find themselves in serious bother if their IT systems fail! It wouldn’t be unreasonable to assume that these businesses have insurance to cover their employees and office space so why don’t they have reasonable cover for their IT and computer systems?

A sound disaster recovery provision is like an insurance for your IT infrastructure and will safeguard all of your critical business systems should disaster strike. Do you have disaster recovery (DR) for your computers and IT systems?

  1. Those 4 letters that have been in everyone’s minds: GDPR!

As of 25th May 2018, the General Data Protection Regulation aims to harmonise the data protection regulations and strengthen data protection for all individuals in the European Union. GDPR applies to almost all companies operating in the EU and the regulation applies also to organisations outside the European Union, if they collect or process personal data of EU residents. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. Our IT Support services include all the necessary security updates, threat detection and response and encryption procedures so that you don’t have to worry about it!

  1. Saving Money With VOIP

VoIP, or Voice over Internet Protocol, is a telecommunication system that offers an alternative to traditional systems based on a PBX – Private Branch Exchange – and an internal network that is separate to other networks in a building. Paying a fixed monthly fee to a service provider makes budgeting more predictable and preserves capital for strategic investments. We would be delighted to assess your current phone system and advise which hosted telephony service would suit your business best.

  1. Upgrade Your Hardware

It’s a general recommendation that you give your business hardware a refresh every 3-5 years, but more often than not small businesses will continue to use their IT systems for even longer than this. In this day and age, computer systems are improving rapidly, and it’s amazing how much a new computer will do for productivity. Not only can we advise you of the best hardware for your business requirements, but we can also supply you with all of the necessary systems and set them all up for you too.

  1. Using a Human Firewall

We’ve already written about “What is a Firewall and Why do you Need One?”, and a software or hardware-based firewall is simply a must in any business. But even still, these types of firewalls can only do what they are programmed to do and require updates to stay efficient against an ever-improving hacking community. That’s why it’s vital to have personnel who stay on top of your IT system security at all times and thoroughly penetration test your equipment.

 

 

 

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What is a Firewall and Why do you Need One?

It’s quite likely that you have, or have used or have been recommended to use a firewall as part of your IT Network Security. But often times they are simply tacked on to your overall package without you truly knowing why you require one and what it actually does to protect your computer.

To put it in simple terms, a firewall is a software program or a piece of a hardware that helps to screen out any malicious activity against your computer or network, such as hackers, viruses and worms that try to reach your computer over the Internet or via malicious software, files and programs.

A firewall can come in different forms, and the most common you have probably encountered before, and that is a software Firewall. This is typically a program that is installed directly onto a computer or laptop and actively scans your files and connection or any malicious activity. Some of the big brand names you may have heard of before include Watchguard, McAfee and Symantec. These are most common on personal devices for use at home and on the move, and with the right configuration and management they can be very powerful and accurate. Windows XP service pack 2, Windows Vista, Windows 7, Windows 8, Windows 10 all have an inbuilt software firewall.

A hardware firewall is a device that is placed in between your network and the untrusted internet. If more than one computer is connected to a network, then it is necessary to protect your network from the untrusted internet via a hardware firewall. This is most typically found in a business environment, where many computers connect to a physical server for network management. A hardware firewall is a powerful piece of kit for an extra layer of security, but it is also necessary to protect each computer with a software firewall so that if one computer gets infected with viruses the other computer will remain largely protected from the same malicious attach.

The basic purpose of firewalls is to regulate the flow of traffic in between computer networks of different trust levels. For example, the internet (which is considered as a zone of no trust) and your home network (which is a zone of high trust). All incoming messages are passed through the firewall. The firewall then checks whether these messages satisfy the security criteria. If they satisfy, they are passed through the firewall, otherwise they are blocked. A similar thing happens with the outgoing messages. If you turn your firewall off, then all the messages will pass through firewall freely .As a result, your computer is vulnerable and hackers with the right knowledge can potentially hack your computer and obtain your sensitive data or infect it with malicious software and files.

With Spectrum Networks Solutions you can be rest assured that we use the very best hardware and software firewalls to ensure the utmost level of security for your personal and business network and computers at all times.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

Why You Should Be Using a VPN

Even with GDPR tightening the reins on personal data collecting and processing, you still have to ask yourself how much of your personal life is transmitted over the internet almost passively. If you want to take your online privacy to the next level, you should consider using a virtual private network (VPN), which gives you extra control over how you can be identified on the web.

What is a VPN?

In a nutshell, a VPN is used to create a virtual encrypted tunnel between you / your computer and a remote server that is operated by the VPN service of your choosing. This means that all traffic is routed through the tunnel, meaning that your data is quite secure from any potential prying eyes. An added benefit is that your IP address will be that of the VPN server rather than your personal IP, thus giving you an extra level of identity masking.

When you are connecting to the VPN server, your data will reach the server and then exit out to the public internet. If your target website utilises HTTPS, your connection will still be secure; but even if your connection was intercepted, it would be very difficult for anyone to trace the data back to your computer, since it would appear as though the connection is coming directly from the VPN server rather than your computer.

Let’s take a look at some real examples of where a VPN shines. For example, you connect to a public Wi-Fi in a coffee shop, something that is often done without a second thought. But when you think about it, do you even know who might be watching what goes on and what traffic travels on that network? Do you even know if the Wi-Fi connection is legitimate? You could be transmitting all kinds of private and sensitive data without even knowing it.

However, let’s say you connect to that same public Wi-Fi connection via a VPN. You can have peace of mind that no matter what, nobody on the network can intercept your data and snoop around for your personal data. It’s vital to remember that it’s difficult to recognise whether a Wi-Fi connection is how it seems – just because, for example, the connection is called Starbucks-Free-Wi-Fi, doesn’t necessarily mean that it’s not a potential data thief laying a trap.

What a VPN Won’t Do

As powerful as a VPN is, it still has a limit to how it can protect your privacy and identity online. Plenty of web services use cookies to keep track of your internet usage, even after you’ve left the website (Amazon, Facebook, and Google for example). It’s important to note that most VPN services are still profit organisations that are vulnerable to subpoenas and warrants if it ever came down to it. Therefore it’s vital to read the privacy policy for the VPN service you are considering, and to find out where the company itself is headquartered. NordVPN, for example, is based in Panama, and is therefore not subject to any laws that would require it to retain user data.

Choosing The Right VPN Service

At Spectrum Networks Solutions, we have the experience and the contacts to give you the best possible security and peace-of-mind when you are browsing the web. Free VPN services are often too good to be true and you may even want to consider an encrypted router as an alternative. Whichever your choice, we can advise and guide you to what best suits your business, the data you handle and your general online usage.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

1 2 3

Contact Us