Are employees undermining your security with weak and shared passwords?

This article talks about the security risks associated with weak passwords in your business. Studies show there is a significant percentage of employees who will use weak passwords so it’s important to talk about the impact that has on your ability to defend against cyber attacks…

Though most employees are not trying to compromise security, you should consider what you can reasonably expect from them given the proliferation of online accounts requiring passwords.  Commonly, 3-6% of employees2,3 will use weak passwords and even share them between accounts.  These kinds of insecure password practices result in leaked passwords, which are exploited in 81% of cyberattacks worldwide, and 61% of all attacks target businesses with less than 1,000 employees3.

Therefore, you can no longer rely on just a password.

To avoid becoming a victim, you need additional proof of identity beyond a simple username and password; such as is made possible with WatchGuard’s AuthPoint service.  AuthPoint delivers multi-factor authentication (MFA) safeguards on an easy-to-use Cloud platform for powerful security with low total cost of ownership.  AuthPoint enables:

  • Effective MFA Protection with Mobile Device DNA
    AuthPoint provides 3 ways to authenticate, and our mobile device DNA matches the authorized users’ phone for an additional identification factor.
  • Easy to Use AuthPoint Mobile App
    Users can authenticate right from their own phone!  No need to carry keyfobs or thumb drives; instead install and activate the AuthPoint mobile app in seconds.
  • Broad Coverage with Web SSO
    AuthPoint supports the SAML standard and our ecosystem includes dozens of 3rd party integrations – enabling you to require authentication before accessing sensitive Cloud applications, web services, VPNs and networks.
  • A Cloud-based Service
    AuthPoint runs on the WatchGuard Cloud platform and is available from wherever you are. There is no need to install software, schedule upgrades or manage patches.


Watch this short video and learn more about how AuthPoint can protect your business.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

National Cyber Security Awareness Month

National Cyber Security Awareness Month (NCSAM) is a collaborative effort between government and industry that aims to inform users about the dangers of cybercrime and how to spot untrusted sources. Here is a little more information and some top tips for avoiding the ever-growing cyber security attacks…


Did you know that October is National Cyber Security Awareness Month? As a collaborative effort between government and industry, National Cyber Security Awareness Month (NCSAM) was created fifteen years ago, and is now observed each year to ensure everyone has the resources they need to stay safer and more secure online.

Most places we go, there’s a network connection for us to link up to—a gateway into the World Wide Web, its endless information, and being able to connect with each other. But how can you protect yourself when browsing online?

Here are four tips you can share with your employees and clients to ensure better security while online.


1. Only Connect to Familiar Networks

I know how tempting free Wi-Fi can be, but it can also be dangerous. Public connections at the local coffee shop are usually unsecure, and therefore leave your machine open to hackers and outsiders.

While these networks provide a convenience, there are risks to be aware of because you can never be too sure who is providing the connection. To avoid any false play, only use trusted network connections or be sure to secure the connection using appropriate VPN settings.


2. Browse and Shop with Caution

Malicious websites are out there, and it only takes one wrong turn to unknowingly download a virus and compromise your computer.

A good—and safe—place to start is by visiting websites that are familiar to you. Stick with the reputable sites that are tried and trusted, like Amazon or Netflix. Always look for that ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of the webpage.

This is especially important when purchasing items that are in your online cart or filling out any other financial or personal information. And, it’s never a bad idea to keep an eye on your bank statements for suspicious activity.


3. Trust Your Instinct: Don’t Click on Anything Suspicious

Most people have a decent scam radar—although, cyber threats are getting more sophisticated and real-looking by the day. But, when browsing online, keep in mind one thing: if an offer looks too good to be true, it probably is. Try to avoid clicking on any links or pages that look suspicious or spammy. If a window pops up while browsing a website, immediately close it.

The same goes for email. If you get an email from an unknown source, do not click any of the links or attachments within it. Familiarity is always your friend, and playing it safe or using your best judgment is always a good defence.


national cyber security awareness month

4. Use Secure Passwords

Always be thinking about the passwords you’re using. Passwords for logging into any website should contain a mix of letters, numbers, and special characters, and keep in mind whether or not you’re sharing these passwords or using them for multiple apps and websites. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain: remembering these, or recovering stolen personal information.

There are a few best practices around strong passwords, including the length being at least eight characters, and staying away from obvious information such as names and birthdays. Additionally, it’s wise to think about changing and/or updating their passwords every six months or so.

If you have a question about your company’s cybersecurity or would like more help, get in touch with Spectrum Networks today.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

internet security authentication milton keynes

Why Hackers Love Companies that Don’t Use Multifactor Authentication

The recent breach of the popular mobile app Timehop was caused by hackers breaching the app. It then exposed the credentials, phone numbers and social media histories of more than 21 million users. There was also a considerable length of time that the hacker’s presence went undetected.


This article about hackers, authored by David Vergara, Director of Product Marketing at OneSpan, first appeared July 24, 2018 on Payments Source.


It’s remarkable just how many significant security breaches could have been prevented if only multifactor authentication technology had been deployed.

A lack of strong authentication is the reason behind the recent breach of the popular mobile app Timehop, which lets users see social media posts from the same date in previous years. The breach exposed the credentials, phone numbers and social media histories of more than 21 million users. What’s worse is there’s a considerable length of time that the hacker’s presence went undetected, making this application’s user identities ripe for theft.

Here’s what happened. A Timehop employee’s credentials were leaked, which gave a hacker access to their system. The use of strong authentication, multifactor authentication in particular, would have required the hacker provide a second form of authentication beyond a username and password. A failure of the secondary authentication would have stopped the hacker cold.

hackers milton keynes

Making Multifactor Authentication a Business Priority

Still haven’t deployed strong security in the form of multifactor authentication? It’s high time to get started by choosing a solution that’s right for your organization and your end users. Multifactor authentication is a must along with complementary technologies like single sign-on, user directories and other systems that allow for strong authentication and protect social media, email communications and business-critical applications.

It’s easy to point the finger at a company’s IT department and say, “Why didn’t we have this stronger security?” As mentioned on Payments Source, the answer is sometimes simple — companies are confused about which technology to use, these tools were never intended to be used together, and integration can become expensive and cumbersome. Today, the right level of security requires additional technologies to keep up with the emerging threat vectors. All of this points to the urgent need for businesses to implement multifactor authentication and a risk-based approach to access management.

The IBM Security report also found that one major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million, more than the total average cost of a breach globally, and more than double the amount of “lost business costs” of any other region surveyed.

Make adding an MFA solution a priority. Your customers’ experience, brand reputation and bottom line depend on it.

Protect your infrastructure from hackers

To find out more about improving your company security and protecting your systems from hackers visit our network security page or contact us for a free IT security assessment

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What is a firewall?

In computing and networks, a firewall is software, hardware or firmware (which is permanent software programmed into a read-only memory.) that follows a specific set of rules to decide whether to allow information or data to enter or leave a network.

Firewalls have been a crucial defence in network security for over 25 years. They are a virtual barrier between sources that are checked and trusted, and untrusted sources that come from outside an internal network.

Firewalls can be used for a wide range of devices and systems to lower the risk of malicious data travelling to and from the device.

The term firewall is a metaphor relating to a wall or partition designed to inhibit or prevent the spread of fire. The most common ones you see are fire doors in a commercial building or school. There are two main types of computing firewall; network based and host based.

Host-based means it’s installed on individual servers and monitors signals going in and out. A network-based firewall is held in the cloud as a virtual firewall.

When you’re looking at firewalls, you’ll come across some various terms within those host and network-based firewalls; proxy, stateful inspection, unified threat management (UTM), next-generation firewall (NGFW) and Threat focussed NGFW.


Why do you need a firewall?

Firewalls are just the first line in the defence against hacks and malicious intent.

In the same way that you lock your doors and windows before leaving the house, your firewall locks out unwanted intruders and makes you much less vulnerable to hackers who want to access your data or imitate your company (also known as spoofing).

Some of the most common attacks are IP spoofing, network packet sniffers, man-in-the-middle attacks, distribution of sensitive internal information to external sources and password attacks.

Password attacks can be achieved via password guessing (like you see in the movies), brute force login (where a programme guesses at a much higher rate per second but can often crash a system due to the resources required to cope with the constant attack) and password cracking (where the attacker gains access to the file on a computer that stores your passwords).

The results of not having adequate firewall protection can be minor or devastating. Sometimes the downtime alone is the most costly part of the disruption, but other outcomes can be damage to a company’s reputation or loss of crucial information.

Talk to us about the best firewalls and security for your organisation – get your free consultation via our contact page.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What Is Ransomware and How Do You Avoid It?

Ransomware isn’t exactly a new threat, and it continues to grow over recent years as a means for cyber criminals to extort individuals or businesses by way of locking down their devices and – you guessed it – essentially demanding a ransom for it to be unlocked. With reports of ransomware being more widespread as far back as 2015, you’d think by now it would have been dealt with more efficiently, however, according to research ransomware generated an estimated $1 billion in 2016 alone.  It also has a low cost structure (so, very profitable) and the victim directly sends the perpetrator money.

What is Ransomware?

Ransomware, in a nutshell, is a form of malware that essentially locks down access to your computer data. This is usually done by way of encrypting as much personal information on your PC as it can find, or by just locking your screen entirely. The malicious software will then demand a payment from you (a ransom) before your data will be unlocked again – simply put, it is holding your computer, files and data hostage until you pay a fee. Most commonly, ransomware infects your PC when you click a link in an infected e-mail.

A survey of companies who were infected by ransomware includes cautionary facts for those who might be thinking that paying the ransom and moving on is the fastest and simplest solution.  Most of the companies who paid, paid in excess of $1,000 (per computer) in order to recover their data. But, not surprisingly, only 55% of the companies who paid actually received the decryption keys and re-gained access to their devices. The cheapest and safest ways out of a ransomware attack are: try hard to avoid the social engineering tricks (do your due diligence to avoid an infection happening) and keep backups of your important files and data. Paying the ransom simply isn’t a wise option.

How Does Ransomware Spread?

The most common method of spreading ransomware is using a tactic known as “social engineering”. Generally speaking this is a way of tricking you into infecting your own device. Most commonly this is achieved via an e-mail, but could also be a malicious ad or popup on the web or a web page itself. It usually consists of an enticement to click or download an attachment, document, picture or video. Microsoft Office files, PDFs and multimedia files can all be the carriers for the ransomware program.

How Do I Know If I’ve Been Infected?

It’s quite difficult to not notice that you’ve been infected by ransomware due to the nature of the infection itself. Usually your entire screen will be taken over by something like the below images:

It’s very common for these types of screens to claim to be part of the government or law enforcement. This is social engineering in an effort to create fear of government reprisal for failure to cooperate.

How to Not Get Infected by Ransomware

For businesses, there are many different variables in play that can make it difficult to be completely secure against ransomware attacks. We highly suggest you utilise Managed IT Services to ensure your systems are kept up to date and you have the very best malware and virus protection on your devices at all times.

For individuals and home computers, the below guidelines can be very helpful:


  • Don’t click links or open attachments in an e-mail, unless you know who sent it. Even then, consider contacting the person to see if they really did send it.
  • Be suspicious of directives to “click this patch” for Adobe, Flash and some other common tools – there is a high chance this is malware. If you want an Adobe patch, go to the adobe site and get it yourself.
  • Be alert for news that there are new methods of infection. For example, malvertising may become a popular method of infection.


Contact Us today, to know more about our IT network support services and discuss your project requirements.

Windows 10 Vulnerability Allows Hijack, Even When Locked!

Is your computer and Network Security up to scratch? Regardless of whether the device has been locked, a recent vulnerability in Windows 10 has given hijackers an easy route to taking over – simply by using the digital assistant, Cortana, to execute commands. If you’re running Windows 10, you may want your IT Support personnel to tighten up the security on your systems.

Security software giant McAfee provided an in-depth analysis of the new vulnerability, which states that the “Hey, Cortana!” voice command (a default feature enabled in Windows 10) could be triggered even when the device was in a locked state, giving potential attackers a route to being able to see files, information and potentially allow arbitrary code execution.

Due to the vulnerability, it is possible to launch a Windows contextual menu by typing when Cortana starts to listen to a query on a device that is locked.

“All the results presented by Cortana come from indexed files and applications, and that for some applications the content of the file is also indexed. Now we can simply hover over any of the relevant matches. If the match is driven by filename matching, then you will be presented with the full path of the file. If the match is driven by the file content matching, then you may be presented with the content of the file itself,” McAfee explains.

Once hackers have gained access to contents and files, they can potentially continue the hijack and gain code execution rights – all from the Windows lock screen. This type of vulnerability will allow malicious individuals to run scripts (via things like PowerShell or Command Prompt) and commands without the need for parameters and without needing to have the device unlocked. It can even be possible, for example, for the hacker to remove software from the system.

You can test your system for the vulnerability simply by following the instructions as outlined by McAfee – if you can successfully follow these steps then we strongly advise you patch your system.

Trigger Cortana via “Tap and Say” or “Hey Cortana”
Ask a question (this is more reliable) such as “What time is it?”
Press the space bar, and the context menu appears
Press esc, and the menu disappears
Press the space bar again, and the contextual menu appears, but this time the search query is empty
Start typing (you cannot use backspace). If you make a mistake, press esc and start again.
When done (carefully) typing your command, click on the entry in the Command category. (This category will appear only after the input is recognized as a command.)
You can always right click and select “Run as Administrator” (but remember the user would have to log in to clear the UAC)

Luckily, Microsoft has already released a patch (as part of this month’s Patch Tuesday rollout) to address this vulnerability, but for systems that haven’t yet received this update, we strongly advise you get the latest patch or simply switch off Cortana until you have updated.

As part of our Managed IT Services, you can have peace of mind that your operating systems are always up-to-date with the very latest security patches and rollouts.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

The Top 3 Security Threats To Your E-Commerce Website

In 2016 alone online sales totalled in the region of over 150 billion euros, and more and more businesses are processing sales through online platforms so, as you can imagine, this figure is set to increase each year.

But as the e-commerce population rises, and with it the level of spending online, so does the temptation for cyber criminals. If your business trades online, it’s vital to have the correct security in place to ensure your e-commerce website isn’t vulnerable to malicious attacks.

Here are three of the biggest and most common threats to ecommerce platforms:

Using 3rd Party Web Components

It’s very common practice, if you don’t have a fully custom-built website, to be using third party web components for certain functions on your e-commerce platform. This is often the case with the shopping cart or checkout page. Whilst for the most part there are many trustworthy and reputable vendors for these types of components, they are still a target for cyber criminals. Hackers are known to seek out outdated editions of vulnerable software like this, because often the security weaknesses are publicised.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks have been around for quite some time, but their popularity among cyber criminals continues to grow. They essentially cause a website to crash by way of directing mass, simulated and simultaneous traffic toward it. They can be very difficult to prevent or deflect. Even if your own website does not become a DDoS target, another website that your business relies on could be hit. Any kind of downtime as a result of a DDoS attack could cost your business dearly.

Open Source Codes

Open source software and platforms are fantastic for businesses on a budget. However, due to their public and free nature, they are often lacking in security protocols, and these vulnerabilities are often shared on forums and other online communities. The code is completely open for anyone to see and manipulate, and this leads to obvious opportunity for security to be compromised.

Keeping Your E-Commerce Website Safe

It’s important that your security is pro-active, evolving and has disaster recovery procedures in place. At Spectrum Networks Solutions, we take security seriously and have all of the necessary experience, equipment and knowledge to make your IT systems and online activities as safe and secure as they can be. We have excellent Managed IT services available for businesses small and large, with flexible and scalable packages to suit your requirements and your current IT infrastructure. Get in touch with us today and let us take the worry of having an insecure e-commerce website off your shoulders- for good.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

What is a Firewall and Why do you Need One?

It’s quite likely that you have, or have used or have been recommended to use a firewall as part of your IT Network Security. But often times they are simply tacked on to your overall package without you truly knowing why you require one and what it actually does to protect your computer.

To put it in simple terms, a firewall is a software program or a piece of a hardware that helps to screen out any malicious activity against your computer or network, such as hackers, viruses and worms that try to reach your computer over the Internet or via malicious software, files and programs.

A firewall can come in different forms, and the most common you have probably encountered before, and that is a software Firewall. This is typically a program that is installed directly onto a computer or laptop and actively scans your files and connection or any malicious activity. Some of the big brand names you may have heard of before include Watchguard, McAfee and Symantec. These are most common on personal devices for use at home and on the move, and with the right configuration and management they can be very powerful and accurate. Windows XP service pack 2, Windows Vista, Windows 7, Windows 8, Windows 10 all have an inbuilt software firewall.

A hardware firewall is a device that is placed in between your network and the untrusted internet. If more than one computer is connected to a network, then it is necessary to protect your network from the untrusted internet via a hardware firewall. This is most typically found in a business environment, where many computers connect to a physical server for network management. A hardware firewall is a powerful piece of kit for an extra layer of security, but it is also necessary to protect each computer with a software firewall so that if one computer gets infected with viruses the other computer will remain largely protected from the same malicious attach.

The basic purpose of firewalls is to regulate the flow of traffic in between computer networks of different trust levels. For example, the internet (which is considered as a zone of no trust) and your home network (which is a zone of high trust). All incoming messages are passed through the firewall. The firewall then checks whether these messages satisfy the security criteria. If they satisfy, they are passed through the firewall, otherwise they are blocked. A similar thing happens with the outgoing messages. If you turn your firewall off, then all the messages will pass through firewall freely .As a result, your computer is vulnerable and hackers with the right knowledge can potentially hack your computer and obtain your sensitive data or infect it with malicious software and files.

With Spectrum Networks Solutions you can be rest assured that we use the very best hardware and software firewalls to ensure the utmost level of security for your personal and business network and computers at all times.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

Why You Should Be Using a VPN

Even with GDPR tightening the reins on personal data collecting and processing, you still have to ask yourself how much of your personal life is transmitted over the internet almost passively. If you want to take your online privacy to the next level, you should consider using a virtual private network (VPN), which gives you extra control over how you can be identified on the web.

What is a VPN?

In a nutshell, a VPN is used to create a virtual encrypted tunnel between you / your computer and a remote server that is operated by the VPN service of your choosing. This means that all traffic is routed through the tunnel, meaning that your data is quite secure from any potential prying eyes. An added benefit is that your IP address will be that of the VPN server rather than your personal IP, thus giving you an extra level of identity masking.

When you are connecting to the VPN server, your data will reach the server and then exit out to the public internet. If your target website utilises HTTPS, your connection will still be secure; but even if your connection was intercepted, it would be very difficult for anyone to trace the data back to your computer, since it would appear as though the connection is coming directly from the VPN server rather than your computer.

Let’s take a look at some real examples of where a VPN shines. For example, you connect to a public Wi-Fi in a coffee shop, something that is often done without a second thought. But when you think about it, do you even know who might be watching what goes on and what traffic travels on that network? Do you even know if the Wi-Fi connection is legitimate? You could be transmitting all kinds of private and sensitive data without even knowing it.

However, let’s say you connect to that same public Wi-Fi connection via a VPN. You can have peace of mind that no matter what, nobody on the network can intercept your data and snoop around for your personal data. It’s vital to remember that it’s difficult to recognise whether a Wi-Fi connection is how it seems – just because, for example, the connection is called Starbucks-Free-Wi-Fi, doesn’t necessarily mean that it’s not a potential data thief laying a trap.

What a VPN Won’t Do

As powerful as a VPN is, it still has a limit to how it can protect your privacy and identity online. Plenty of web services use cookies to keep track of your internet usage, even after you’ve left the website (Amazon, Facebook, and Google for example). It’s important to note that most VPN services are still profit organisations that are vulnerable to subpoenas and warrants if it ever came down to it. Therefore it’s vital to read the privacy policy for the VPN service you are considering, and to find out where the company itself is headquartered. NordVPN, for example, is based in Panama, and is therefore not subject to any laws that would require it to retain user data.

Choosing The Right VPN Service

At Spectrum Networks Solutions, we have the experience and the contacts to give you the best possible security and peace-of-mind when you are browsing the web. Free VPN services are often too good to be true and you may even want to consider an encrypted router as an alternative. Whichever your choice, we can advise and guide you to what best suits your business, the data you handle and your general online usage.

Contact Us today, to know more about our IT network support services and discuss your project requirements.

Are You Using Encryption?

If you’re not utilising any encryption procedures in your overall network security, can your internet connection be tapped like a telephone line?

In a nutshell (although it’s never that simple); Yes!

If you’re using a wireless network to connect to the internet and browse or perform any other daily tasks, other devices in the vicinity that are using wireless connectivity can technically overhear your packets (byte-sized-message) and if they really wanted to, they can see exactly what you’re doing.

This practice of overhearing a “wireless conversation”, much like overhearing a conversation in real life, is also known as ‘eavesdropping’, and can be quite common for hackers or other people performing malicious activities to utilise.

Your neighbour or a person sitting outside your house or office can eavesdrop on your wireless connection with the right hardware and software. If you’re using a wired connection, someone with the right know-how can even directly wiretap your connection just like a telephone line.

If you want your communication to be private, encryption is the key!

The HTTPS in web browsers, for example, indicates that your communication with the server is encrypted. Technically someone can still eavesdrop, but they can’t understand or interpret the content of the conversation thanks to the data being encrypted.

How does encryption work?

To use a simple example, let’s say you lock some confidential information in a box using a unique symmetric key and send it (the key and the box) to the server. The server opens the box using the key it received along with the box. But anyone tapping this connection also receives the box and the key.

To solve this, we use a special type of box at the server side which can be locked using a public key but opened only using a private key. The server provides you this special box and public key but keeps the private key secret from everyone. You can put your original box and unique symmetric key inside this special box, lock it using the server’s public key and send it to the server. Only the server can open this special box using its private key.

Therefore you’ve safely shared the unique symmetric key, which can be used to unlock and lock the original box. Now your browser and server can exchange data in normal boxes and need not share the unique symmetric key again. In a nutshell this is how encryption works (except there is no box really!).

Contact Us today, to know more about our IT network support services and discuss your project requirements.

1 2

Free Assessment

  • Get your free assessment and site survey. We'll give you some key pointers to help you improve your set up and, if any work is needed, a free quote at great prices too.