Attacks on WordPress are common, learn how to deal with them.

in ,

As internet implementation is on a swift rise, cybercrime is at an all-time high. According to a report, Google blacklists around 10,000+ websites every day for malware, and more than 50,000 for phishing every week!

As a matter of fact, WordPress operates 34% of all websites worldwide, and this is the reason perhaps why it is always a predominant target for hackers and other cybercriminals.

Why do you ask?

Let us explain.

All a hacker needs to do is find a weakness, and this could serve as a gateway to access thousands of websites using the same loophole.

But it should not happen to you.

Here, in this article, we will talk about the universal WordPress attacks and will explore the solutions that will keep your website safeguarded.

Most Common WordPress Attacks

1.    Plugin exposures

Plugins enhance the functionalities of a WordPress website on the go, and this is the reason why no web creator thinks twice before installing them on their website. This is where things tend to go wrong.

Getting attacked through plugins is ordinary. There is an infinite number of plugins available online by an array of developers. It is difficult to gauge the concealed intentions of each of these plugins. This is how they make your website prone to attacks.

Solution

We appreciate that avoiding plugins altogether is not an option, but we will extremely recommend you install as few as possible. Further, if a plugin is not active, it is better to uninstall it. Also, do not forget to update your plugins from time to time to rule out any possible loopholes.

2.    Brute Force

These attacks are usually initiated by bots who try to access your website through guesswork. They will try as many username and password patterns to log in to your website until they find the right one.

Solution

Quite unsurprisingly, choose your usernames and passwords carefully. Avoid going with common ones like – pas55word, a combination of your name and birth year and so on. These are simple to guess, and by keeping such passwords, you are only favouring the hackers.

Additionally, you should also contemplate activating two-factor authentication to avoid any unforeseen events.

3.    WordPress and Theme Susceptibilities

As we already discussed, all that a hacker needs are one single hiccup in the WordPress and theme and they will exploit it to enter into your website.

Solution

Both the WordPress platform and WordPress themes roll out their updated versions from time to time. You guess it right – all you need to do is make the most out of these updates by updating your WordPress core and themes daily.

4.    Hosting Vulnerabilities

Your web hosting is another critical factor that determines the security of your website. Your web hosting might make you exposed or the software that they use might not be secure enough.

Solution

It is very recommended to go with a secure and reputed web hosting solutions provider company. Check out their reviews, and performance before making a final judgment.

The Next Steps

Securing your website is not overly complicated. Simply, keep doing the right things, and close all the backdoors. As the best practice, we will suggest you take backup of your website periodically to control the damage, just in case!

Want to get the best solution for your business?

At Cloudscape, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

Give us a call about your IT projects – current or future 0207 952 8123

Your firewall is more important than you may think.

in ,

Ransomware is more prominent now than ever before. With devastating attacks continuing to control governments, educational organisations and business operations in multiple states, countries & Continents, with Texas recently under fire from a single Hacker, who took control of more than 23 organisations by himself.

Capital One was also in the news not too long ago, having been torn apart for its data.

Accurate strikes can start in several unprecedented methods – some with a basic phishing email, others with hackers exploiting vulnerabilities in networks in order to jump onto other systems within the network.

One of the most devastating ransomware attacks to happen in years, ensuing a worldwide disturbance, was when Capital One’s networks were manipulated and weaknesses were blown wide open to the public.

Since the assault, new susceptibilities have been detected, but there are still various systems out there that are highly susceptive to cyber-attacks.

Unfortunately, many of these poorly written networks are heaped with problems that are easily ‘wormable’, which otherwise means hackers & malicious software can exploit these gaps in an automated method with no user contact at all, enabling the malware to spread proficiently to a wide group of systems. In other words, taking over your entire infrastructure in moments.

Implementing an industry-leading protection product and managing a strict patch management strategy are the most advantageous practices. But there are also other good quality arrangements you should consider helping keep ransomware, hackers & threats out of your network to begin with.

Your firewall provides crucial security against exploits by sealing or guarding vulnerable ports, as well as preventing strikes using an Intrusion Prevention System. IPS looks at network traffic for opportunities, exploits, and stops any attempt for attackers to get through your network border or even cross borders & segments within your internal network.

Here are the firewall essentials to avoid ransomware attacks from accessing your Business network:

  • Decrease the surface area of attack: Examine and re-examine all port-forwarding rules to reduce any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding.
  • Launch IPS protection: Apply proper IPS protection to the rules governing traffic to/from any Windows hosts on your network.
  • Decrease the threat of lateral movement: Safeguard against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.

Want to get the best solution for your business?

At Cloudscape, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

Give us a call about your IT projects – current or future 0207 952 8123

Avoiding the world of online identity theft

in ,

In the modern age, a large part of us lives online – in the form of data! Whether it’s within social media, eCommerce websites or educational pages – you’ll agree with us that crucial information related to ourselves resides online.

This provides an ideal opportunity for the cybercriminals who want to steal your identity to impersonate you to launder money, make purchases and accomplish other malicious intentions.

According to an estimate, identity theft causes $50-billion worth of financial loss every year. For some people, identity theft can cause mere inconvenience that could be fixed with certain measures. For other parties, it can cause serious damage to their financials and reputation.

 

How do they steal your identity you ask?

In the past, identity theft happened when a criminal stole your post, bank receipts, wallets with credit cards, etc. In the digitally connected world, this can happen in any of the following ways:

  • Through phishing websites
  • Malware that gets installed on computers or smartphones
  • Transacting via ATM which has been rigged to skim information
  • Sharing passwords with untrustworthy people
  • Fake social profile
  • Remote access
  • By use of pharming websites

Though it is important to stay vigilant, you can protect your identity by being cautious and following certain steps.

 

Protecting yourself from identity theft?

Rather than facing issues, it is advisable to take some precautionary measures. Here is how you can protect yourself from such an ordeal.

  1. Antivirus and anti-malware software

Keep your computer and smartphones armed with the latest antivirus and anti-malware software. Good software helps you in battling most malware, spyware, and keyloggers.

  1. Be vigilant when using ATMs

While using an ATM, make sure you hide your PIN to avoid being detected by a hidden camera.

  1. Passwords

Always keep different passwords for different websites and social media platforms. Make sure your passwords are strong enough to be undecipherable. To help you remember all the passwords, use the online services of Google to store them.

  1. Watch out for spam or junk mail

Keep an eye for emails that pop-up in your inbox, appearing to be from a credible website or source that ask you to download something. Double-check with the source mentioned to ensure their credibility

  1. Be careful on Social Media

The best way to prevent someone from stealing your information is by limiting their access to it. Limit your disbursement of information.

Follow these easy steps to keep a check on your data and information. Keep an eye on new information, and become aware of new ways to protect yourself digitally.

 

Want to get the best of cybersecurity for your business?

At Cloudscape, we specialise in learning our clients’ business and best-applying security technology to their needs.

If you would appreciate a free brief discussion about your operational challenges & to explore the threats to your business, please get in touch today.

Give us a call about your IT projects – current or future 0207 952 8123

Protecting Your Business with Cyber Essentials Qualification

in ,

Without the amazing benefits and capabilities provided by IT, modern business would look very different. Accordingly, the need to protect your organisation’s IT equipment such as networks, data storage systems and workstations should be a major priority. You only have to take a quick look at the technology headlines to see that hacking makes for big business in the digital age.

How, though, can your business protect itself from the threat of hackers and their arsenal of tools which include DDoS attacks, malware and ransomware? Understanding what those last three terms mean is tough enough, but combatting them is on another level. Thankfully, the Cyber Essentials qualification is a Government-backed scheme that aims to help businesses protect themselves by enhancing their cyber security.

What is the Cyber Essentials Qualification?

Cyber Essentials is there to help protect your organisation from the very real threat of cyber-crime by focusing on the following areas:

  • Securing your internet connection to ensure that only authorised traffic is allowed to enter and leave your network
  • Ensuring that any device on your computer network is correctly configured and secured to reduce the risk of any security vulnerabilities that may be present
  • Underlining the importance of protecting your applications and hardware from the threat of malware
  • Working to differentiate the various levels of access that should be assigned to different computer users across your network.
  • Best practices for patch/update management to give your software the best chance of being protected from vulnerabilities

What Does Cyber Essentials Mean For Your Business?

Cyber Essentials is a form of certification which demonstrates your understanding of cyber security. It not only reassures your customers that you’re reputable and trustworthy, but it also ensures that any potential downtime is significantly reduced. Allowing you to become more proactive with risk management, the visibility that the qualification grants you in the chaotic world of cyber security is priceless. With enhanced knowledge comes the ability to spot risks early on and reduce the impact they could have on your business and its customers.

Not every organisation, of course, has the necessary skills in house to achieve the Cyber Essentials qualification on their own. However, this doesn’t mean that your business has to head out into the digital landscape without the protection afforded by Cyber Essentials. A successful cyber strategy can easily be put into place by teaming up with an external partner who has the Cyber Essentials certification and can help to craft a strategy which suits your organisation and its unique needs.

Cyber Security A Necessary Addition to Your Business

Clearly, the need to protect your IT infrastructure in the modern age should be a paramount concern for all contemporary businesses. After all, the sheer amount of data now held by organisations is staggering and the need to protect this increases with each passing cyber scandal. Despite IT being a niche that is notoriously complex and unfriendly to newcomers, Cyber Essentials represents a fantastic opportunity to start taking back control of your IT defences and keeping your infrastructure online.

Find out more about Cyber Security Services...

Managed IT Support Services in the UK

in ,

What is managed IT service?

IT is such a crucial part of the modern business landscape that even the smallest businesses struggle to operate without some form of IT infrastructure. Technology, of course, can be highly complex and a certain level of expertise is required to get the best out of it.

IT Support for Small Business

Small businesses, however, rarely have the resources to install an in-house IT support team. As a result, IT issues can soon begin to affect the productivity of your organisation and the ability to remain competitive in a world that is becoming more and more digital.

Help is at hand, though, in the form of external partners who can provide managed IT support. Highly experienced and capable of significantly improving your existing IT infrastructure, external IT support comes laden with the following benefits:

  • Installation and configuration of equipment can be easily planned and executed with the minimum of fuss
  • Response times ensure that you’re guaranteed to have any technical faults attended to within a specific time period
  • Remote technology allows external providers to access your networks from anywhere in the world to diagnose faults and solve problems quickly

These benefits, of course, are all fantastic, but how do you go about choosing the right provider for your IT services?

What do managed IT service providers do?

Every organisation is unique in its digital needs, but it’s important to concentrate on these basics when searching for an IT support team:

Working with both PC and Mac:

Office workers, for example, will require desktop computers and remote workers will most likely use laptops. And, regardless of the industry, it’s increasingly common to find PCs and Macs rubbing shoulders under the same roof. Looking after all these different types of equipment requires a level of experience and expertise that the average office manager simply won’t have. However, the best IT support teams are able to tackle all these different challenges with confidence and ease.

Cloud Services:

The headlines surrounding cloud computing have been inescapable over the last few years and this is with good reason due to the amazing benefits it provides. Off-site network solutions and storage facilities free up valuable space in your premises, but how do you know which cloud provider is right for you? If, however, you have an IT support team on hand then they will be able to recommend the best provider for your needs and, as a result, help enhance your IT operations.

 

Plan for Future IT System Growth:

If your business wants to grow then you need to make sure your IT solutions grow at the same pace. And that’s why it’s vital that you work with an IT support team who can plan for future growth. Ideas should be drawn together to schedule a five year plan that allows your organisation to expand as planned and with the minimum of fuss.

The demands of business in the 21st century are such that you need to ensure your IT operations are carefully managed. With this taken care of you can concentrate on remaining competitive and providing your customers with a fantastic level of service. And, with an external IT support team on standby, this has never been easier to achieve

What is a spear phishing attack?

in ,

What is Spear Phishing?

Spear phishing has been present in the digital landscape for over 20 years, but it’s only in the last 10 years that it’s started making headlines.

Primarily using email to deliver its malicious payload, spear phishing presents a very real and current threat to any business with an email account. Key to combatting the threat of phishing is by educating your business on the signs and symptoms of such an attack, so let’s take a look at what you’re up against.

Spear Phishing Techniques

A number of techniques are employed when launching a phishing technique and these can include:

  • Macros contained within Microsoft Office documents that, once activated, allow hackers to gain remote access of the infected PC
  • Tricking employees into disclosing sensitive data such as login details for company emails or databases
  • Redirecting victims to malicious websites where malware can be downloaded to their PC

What’s Different About Spear Phishing?

Phishing is frequently in the headlines, so many businesses are aware of this threat and know how to protect themselves. Spear phishing, however, is a little different.

Where phishing emails tend to target large numbers of individuals with generic content, spear phishing is a much more personalised attack. For example, rather than starting an email with “Dear Sir/Madam”, a spear phishing email will use the recipients exact name to engender trust and move the recipient closer to taking the malicious bait.

What are the Characteristics of a Spear Phishing Attack?

Phishing attacks are generally executed by sophisticated hackers, but there are still a number of telltale signs which characterise spear phishing such as:

  • Multiple Levels of Attack: Phishing attacks businesses on a number of different levels following the initial infection, so further attacks are likely to involve malware downloads, logging keystrokes and capturing screenshots.
  • A Combination of Threats: To enhance the chances of outwitting standard web defences, spear phishing incorporates a number of different techniques to deliver their payload including infected URLs, documents and unauthorised downloads.
  • Exploiting Zero Day Vulnerabilities: Spear phishing specialises in exploiting the numerous zero day vulnerabilities that can arise in browsers, apps and the various plugins that are found within desktop PCs.

Spear Phishing Examples

If you take a look at the IT headlines from the last couple of years then it doesn’t take long to find a mention of spear phishing.

In 2016, an employee of Snapchat fell victim to a spear phishing scam which involved an email being sent which claimed it was from the Snapchat CEO. Falling for the scam, the employee duly followed the request within the email and forwarded on payroll details to a spoof email address.

However, the most famous example of spear phishing is the attack launched on the US Democratic Party in 2016. Hackers sent spoof emails claiming to be from Google representatives and advising recipients to update their email passwords to strengthen security. However, the links contained within these emails merely led the victims to malicious websites which allowed the hackers to take control of their email accounts.

Rather than becoming the next victim of phishing, it’s important that you understand how such an attack is likely to be launched against your business. Knowledge is a valuable currency when it comes to cyber-attacks, so it’s crucial that you educate yourself and your employees to not only protect your sensitive data, but also maintain your productivity.

Cyber Security in the Office

in ,

Cyber Security Tips For Employees

We live in a digital age where computers are crucial for any forward thinking business, but this landscape is one that’s blighted by cyber attacks such as ransomware and malware. Combatting this is important, but instilling a good cyber security culture in the office is even more important. All of your employees, no matter how conscientious they seem, are vulnerable to cyber attacks. After all, it takes just one click of a mouse to activate an email’s malicious payload. To help you minimise the chances of this happening, we’re going to take a look at the principles of cyber security in the office.

Cyber Security Awareness

The absolute bottom line of developing cyber awareness is training. Your employees are often the final (and weakest) line of defence when it comes to cyber security, so they need to be seriously schooled in its best practices.

And this needs to begin when an employee starts working for your business. Therefore, cyber security training needs to make up a significant part of IT inductions for new starters and this should be signed off by an IT professional. Following this, regular refresher courses need to be put on internally to update employees on current threats and the best methods of defence.

Tips To Improve Your Cyber Security

To ensure good cyber security in the office you need to invest in a strong cyber security culture. This approach allows you to build organisation and regularity into your fight against cyber crime and, ultimately, provides a safer and more secure environment to work in. To create a strong cyber security culture, it’s recommended that you implement the following:

Test Your Cyber Defences:

There’s no room for complacency in cyber security as hackers are constantly evolving their techniques, so you need to regularly test your defence systems to guarantee they can deflect any attacks.

  • Protect All Devices:
    With the rise in popularity of the Internet of Things, we’re connecting more external devices than ever to our internal networks such as smartphones and even smart fridges. Including all of these devices in your security approach is paramount for protecting your networks.
  • Backup Your Data: Ransomware has the capability to encrypt all of the data on your network, so backing up your data has never been more important.
  • Analyse Inbound and Outbound Traffic: You need to know exactly what activity is taking place on your networks to stand any chance of detecting cyber attacks. Therefore, monitoring traffic in and out of your network is the best way to keep an eye on any rogue activity before it escalates into something more disruptive.

Cyber Security Awareness in the Office

By following the advice above it’s relatively simple to create a level of cyber security awareness in the office which protects both your employees and your data. You only have to take a quick look at the headlines to understand just how commonplace cyber attacks are, so bolstering your defences is essential for your business to remain productive and avoid any potential data losses.

 

 

Benefits of Private Cloud Technology for Businesses

in ,

Private Cloud Technology for Businesses

Cloud computing is one of the top trends to emerge in technology and instantly impact the way we work. When you use cloud technology, you experience a massive amount of upside, with only limited additional risk.

Benefits of cloud technology include:

  • Reduced Costs – The capital expenditure required to maintain cloud technology is minimal, and your costs become variable based on the amount of storage and computing power you require.
  • Improved Flexibility – The ability to quickly scale is one of the top benefits of using cloud technology. This is because you can quickly increase the amount of compute power and storage you use, but without having to shut down your system or make large expenditures.
  • Better Employee Experience – Cloud technology both allows employees to work from anywhere, and to collaborate more easily. The result is they can get more done and do it much more efficiently, which will benefit both you and your employees.
  • Protects from Disaster – Some companies are extremely vulnerable to physical disasters, and the static nature of their servers mean that if they are damaged, the information will be lost. Cloud systems are the best remedy for that, and are known to have great backup and recovery systems.

 Public Cloud vs. Private Cloud

The use of cloud technology is usually considered to mean public cloud computing, which scares away many potential users because of their worries about security. The initial concern with cloud security is that you were sharing hard drive space and servers with other companies, which meant your information was more vulnerable. Any compromises in security can result in a massive reputational and financial hit, which is why cyber security has become so important.

As a result, private cloud solutions have gained a lot of popularity. Having hardware that is specifically dedicated to your company helps reduce the potential harm of any cyber threats. You can gain all the benefits of having your servers located offsite, and therefore not being vulnerable to a disaster at your office, while still knowing all your information is segregated and secure.

Cloud Security

When you use private cloud services, assuming you have the proper anti-virus software and firewalls in place, your information is as secure as it would be if it were on your desktop. Some companies are experimenting with a 2:1 ratio of private to public cloud usage, which is representative of the emphasis companies are putting on having proper security on all their data.

They know that the flexibility of cloud technology is good, but it becomes even more powerful when it is secure, as private cloud computing solutions are.

 

More about private cloud in cloud computing

The Future of Cloud Technology

in ,

The Future of Data Transfer

As technology has advanced and the level of automation and data collection necessary in ordinary business has increased, the need for every company to have their own data management solutions has continued to grow.
These days, every competitive firm is a technology company in a sense.

Hybrid & Private Cloud vs. Public Cloud

In the cloud computing world, there are two major categories: private and public. Private clouds consist of internal solutions which are often referred to as enterprise cloud solutions. These are hosted on the company’s intranet or in a data centre, and have the benefit of a firewall to protect them. If a company is already managing their own data centre, this is fine, but for a fledgling company, the costs can be prohibitive and outside of their expertise.

Cloud services like AWS ( Amazon Web Services) are examples of public cloud technology that seek to solve this issue. Companies choose a provider to be responsible for the management and maintenance of their data and it is then stored in that provider’s data centre. This has a clear cost and convenience advantage, but comes with more security risks.

Choosing the best of Cloud Services

Debate about the strengths and weaknesses of each of these cloud solutions has led to more companies going the hybrid cloud IT infrastructure route. This is where companies use a mix of cloud services that has both in house and external cloud computing services.

As anyone could tell from looking at the news today, businesses are learning they need to be much more careful about how they transfer and protect data. This caution is a lot of what has enabled hybrid and private cloud solutions to gain so much steam in the marketplace.

As one would expect, hybrid clouds are a mix of private and public clouds. Considering each solution has its own pros and cons, once you take them into account, you can optimise your cloud computing solution to harness the best of both worlds.

Data sensitivity and the benefits of a hybrid approach

With data regulations constantly changing, the goal is to have the sensitive data stay in house, but have other data go into the public cloud. Using hybrid cloud technology allows companies to keep their costs down and save lots of time, while maintaining their reputation and security by keeping the most important data safe.

Data transfer will continue to evolve, and with hybrid solutions there are certain applications and data that will run on both solutions. For example, a company could maintain an application on their private server, but when demand picks up have the overflow go to the public data center.

As time goes on and the need for security picks up, we will see many more innovative cloud technology solutions work their way into the foreground of the IT security world.

Click here to learn more about Cloud Services…

GDPR Compliance

in ,

Are you Ready for GDPR?

Preparing For GDPR and Data Protection Reform

Data privacy laws have been consistently intensifying in the last few decades as technology has advanced and the reach of some companies has continued to expand. In the EU, the big news is that GDPR, or General Data Protection Regulation, is going to be enforced as of May 25th, 2018.

Data Privacy Laws

GDPR is planned to bring all the data privacy laws across Europe into harmony so there is less confusion about how to protect the information of consumers. With this, there will be significant complications for businesses in the short-run, as they work to adjust their policies to be accordance with regulations.

Key GDPR Changes

The three key changes to past privacy regulations are around the increased territorial scope, the penalties levied, and the conditions for consent.

  • Scope – The most important thing to realise about GDPR is that it doesn’t just pertain to EU businesses, it pertains to any businesses that provide services to and collect data on EU data subjects. This puts nearly every business under the microscope, since it is difficult to completely avoid customers from the EU.
  • Penalties – The penalties can be harmful with fines up to 4% of annual global turnover. The highest fines are taken when a company does something egregious like failing to gain customer consent to process data. It is important to realize this applies to both data processors and data controllers, so “cloud” companies won’t be able to escape unscathed.
  • Consent – Prior to GDPR, it would be possible to gain the consent of subjects by using hard to decipher terms or advanced legalese to confuse the consumer into acquiescing. Now, consent must be based on clear and plain language, so no confusion can result, and withdrawing consent must be as easy as it is to supply it.

Other major changes involve the mandatory notification of a breach pertaining to a consumers’ data, data portability, and the right to be forgotten. These will all require their own processes to be put in place for when a consumer makes a specific request. Additionally, companies will now require the consent of parents if the consumer in question is under the age of 16.

Preparing for GDPR

To prepare for GDPR, it is important to assess which aspects of these regulations your company is not currently in compliance with, and take measures to remediate them. Key points of interest are regarding children, consent, data breaches, subject access requests, and the international aspect of all these points. Additionally, public institutions and companies meeting other conditions will be required to appoint a Data Protection Officer (DPO), who would be in charge of addressing all these points.

GDPR Going Forward

Individuals have data rights, and the EU regulators are beginning to get very aggressive around their desire to protect these rights. Every organisation that processes personal data must be compliant with new GDPR rules on 25 May 2018 and this includes charities and voluntary organisations. Your senior staff should be aware that the law is changing and take appropriate action. If you don’t know what personal data you hold and where it came from you will need to organise an audit of your different systems and departments to find out.

Let us help you navigate the GDPR rules and ensure your company is ready