Levelling-up your business’ efficiency – The Challenges of our new working world

in ,

2020 has been a challenging year in the business world. The Covid-19 pandemic has thrown businesses in most sectors into a period of rapid change – those who are willing to rise to the occasion and innovate are those most likely to survive this continuing period of uncertainty.

Flexibility, agility, efficiency, resilience…the recipe for survival in 2020

When business slows and uncertainty looms there is a temptation to batten down the hatches, play it safe and hope for a return to better times. However, the current crisis requires exactly the opposite. The possibility of further lockdowns requires businesses to empower their teams with technical solutions that enable greater levels of agility and flexibility. Additionally, continued uncertainty and a difficult economic environment mean it’s never been more important to do as much as possible with the IT resources you have.

 

That sounds great, but where do I begin?

In recent months we’ve been busy helping our clients across London and the home counties make the IT transition necessary to thrive during these troubling times.

For some time now businesses have been discovering the benefits of reducing reliance on physical infrastructure by migrating services to the cloud. The Covid-19 pandemic has accelerated this trend massively and driven home the inherent benefits of operating a flexible, cost-effective, infrastructure-lite IT system.

Cloud services are just one piece of the puzzle; let’s look at some of the ways you can improve your business’ efficiency while offering the same great service to your customers.

 

Discover the ‘Cloud’

The concept of ‘Cloud’ computing has been around for a long time and most businesses are now familiar with its capabilities in some form through the likes of Microsoft 365 or storage services like Dropbox or Google Drive.

The potential of ‘the cloud’ to transform your business is almost limitless due to the range of services it can offer. For example, you could migrate traditionally, fixed infrastructure to the cloud to free up space in your office and eliminate the burden of costly/time-consuming hardware maintenance. Physical firewall appliances, servers and networking infrastructure are some of the hardware you could migrate. In addition to the cost savings cloud migration also gives you the flexibility of being able to access your resources remotely.

 

Discover Automation

It’s estimated that the average small business employee spends 2 out of 5 working days bogged down with repetitive, manual tasks such as data entry. That represents a lot of time spent doing tasks that don’t add value to your business.

Automation is the process of supplementing ‘human effort’ with ‘machine effort,’ giving employees more time to focus on more value-adding tasks such as improving customer relationships, driving sales and developing business strategy. Automation technology comes in a huge variety of forms; it could be a small feature within a larger piece of software (Microsoft 365 has many examples of this) or the software itself could be centred around automation (email marketing software being a prime example).

Nowadays, automation often comes embedded in accounting software, CRMs, HR software and many other applications. Microsoft 365 users benefit from a suite of automation apps, which are often included within 356 subscription bundles. One of these is ‘power automate’ which gives users the tools to automate processes through an intuitive interface without the need for technical expertise.

 

Invest in the home office

As an employer, you may have to invest in technology or the home-office setup of your employees to ensure productivity. If your team are operating using slow, unresponsive, and insecure personal devices efficiency will suffer, your customers may notice a drop in service standards, and you may be exposing sensitive data to unacceptable levels of risk.

  • Provide work devices where feasible. This allows you to control security and ensure devices are working optimally more tightly.
  • Are devices past their best? Old, clunky machines may be an obstacle to your business’ productivity goals. Additionally, unsupported software and operating systems present security vulnerabilities.
  • Is the home environment suitably equipped for 8-hour days? Consider desks, chairs, lamps, and footrests to ensure staff are as comfortable at home as they would be in the office.
  • Is home broadband proving too slow or unreliable? It may be worth considering a business internet connection for key employees, to ensure connectivity issues don’t stifle your ability to operate effectively.
  • Can your team keep in touch? Webcams and headsets may be needed to help all team members participate in Zoom meetings. These virtual get-togethers are a good way of keeping staff engaged and morale levels high.

 

Invest in a proactive, engaged, and reliable IT partner

With so much going on now you’ll need an IT partner you can rely on. That means someone who takes the time to get to know your business and provide best-fit solutions that address the unique challenges you face. It also means having an experienced and knowledgeable partner who can guide your business seamlessly to new ways of working while ensuring minimal downtime thanks to proactive maintenance and network monitoring.

Ensure you choose an IT partner who’s commercially savvy, and understands the importance of cost-effective, budget-conscious solutions particularly during these uncertain times.

 

It’s about more than efficiency, your reputation is at stake!

Months ago, when the country was first plunged into lockdown a compromised service from businesses was considered acceptable for a while, as companies grappled with new operational challenges. However, by now, as life starts to return to some form of normality, customers are becoming less accepting of a reduced or poor service offering. This means it’s important to invest in fit-for-purpose solutions that allow your team to perform at (or near) maximum capacity while working from home.

  • Are tasks taking longer than they should be due to poor file management?
  • Is communication suffering due to inadequate telephony provision or outdated communication platforms?
  • Are tasks being abandoned due to poor process management and a lack of organisation?

Clients will notice all the above and failing to address such issues now may affect your business’ reputation going forward.

 

How can I get the ball rolling?

As part of the government’s economic response to the Covid-19 pandemic, packages of grant funding are to be announced to help businesses make efficiency transitions. These grants of between £1000 and £5000 could help your business innovate and optimise its IT system, to drive efficiency and productivity gains using some of the ideas we’ve discussed above.

 

Struggling to find a solution that fits around your business?

At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email info@cloudscape.it.

Investing in remote working infrastructure – The Challenges of our new working world

in ,

While the initial scramble to get employees set up for remote working home may seem a distant memory now, you should still consider whether your remote-working arrangements are the best they could be.

Many businesses will have allowed their employees to work from personal devices and while this path offers convenience it can also be a minefield in terms of data security. Similarly, in the hope of normality resuming, its likely many businesses left telephony out of their remote-working plans, resulting in no ability to transfer calls between employees and clunky, staccato communication experience for customers.

While we’ve seen a degree of normality returning to the world of work over the past month or so, working from home remains the government’s recommendation where it is feasible to do so. Implemented properly, remote working can have many benefits; productivity can improve, employees will enjoy a better work-life balance, lengthy commutes are eliminated, and it’s even been shown to improve employee retention and reduce absence rates.

‘Implemented properly’ is the key phrase here, as when too many compromises are made, working from home can also present challenges in terms of productivity, data security and operational performance. In terms of infrastructure, computers and telephony are your 2 main considerations. Let’s consider each of these in more detail.

 

BYOD, COPE, COBO and CYOD – to provide or not to provide?

If you’ve ever looked into issuing your staff with work devices to enable remote working you’ve likely encountered some of the acronyms above. But what do they mean?

  • BYOD (Bring your own device) – Employees use their own devices to access business resources. This gives you the least control.
  • CYOD (Choose your own device) – Employees choose a device from a pre-approved list and the business then buys, manages, and retains ownership of the device. Affords much greater control than BYOD due to remote management.
  • COPE (Company-owned, personally enabled) – Devices are supplied by a business that and managed by the IT department but also set up to enable personal use. It avoids the need for employees to carry separate devices for personal and work use.
  • COBO (company-owned, business only) – This is where a business provides a device and sets it up strictly for business activities. This option offers the greatest level of control for employers and is particularly suitable where high levels of compliance requirements are involved.

For many small to medium-sized businesses, a BYOD program is tempting as there are no hardware overheads to be borne by the company. However, allowing staff to use their own devices almost always means relinquishing control, as employees may be reluctant to agree to mobile device management (MAM) on their personal devices. Having a comprehensive BYOD policy is essential where personal devices are concerned, but again, limited control means this policy will largely rely on employees acting in good faith, which may not be a risk you’re willing to take where sensitive data is concerned.

CYOD, COPE and COBO programmes will give your IT team much greater control and oversight over all aspects of device management, security and access control.

Providing devices and protecting them with remote device management is the most effective way to ensure data security. Microsoft’s Enterprise Mobility Management and Security platform provides a comprehensive set of tools to ensure your remote workforce is operating securely. Incorporated within this platform is Microsoft Intune, an endpoint management platform that helps your secure data, manage access, configure security settings and much more.

 

Hosted VoIP – receive and make calls from anywhere, as though you were in the office.

“If only there were away, I could use my business’ phone system while working remotely.”

Fear not; hosted VoIP could be just what you’re looking for. If you use a traditional private branch exchange system in your office, you may have thought that this was a technology you’d simply have to live without when working from home. Hosted VoIP (often known as a Hosted PBX) simply takes traditional telephony infrastructure and hosts it in the cloud. Users can then access the call interface through a portal or a dedicated VoIP handset and make calls from anywhere using a single phone number. It essential virtualises your office phone system. There is a huge range of Hosted VoIP providers out there, each offering a unique range of features at varying price points. Remote access is an obvious benefit of VoIP telephony, but it has many other advantages over traditional telephony:

 

  • Private branch exchange without the infrastructure. Hosted PBX doesn’t require investment in a physical PBX server as everything is cloud-hosted. Additionally, phone lines aren’t necessary, all that is required is an internet connection.
  • Reduced running costs. It’s estimated VoIP can reduce phone bills by an average of 40%. If your business makes a high volume of international calls the savings would likely be much higher.
  • A plethora of useful features! A hosted PBX can give you access to all the features of a traditional PBX and more. Caller ID, call forwarding, call transfer, call logs, ‘do not disturb,’ call recording and much more.
  • Unified business communications to drive productivity. Some hosted PBX services incorporate other business tools into a single interface, vastly improving communication efficiency among your team.
  • Leverage a single phone number with the ability to transfer calls. Maintain a single point of contact and improve the service experience for your customers.

 

Microsoft Business Voice – Hosted PBX through Microsoft Teams

Users of Microsoft 365 can incorporate a Hosted PBX phone system into Microsoft Teams by subscribing to Microsoft Business Voice. This enables users to bring business-grade telephony into the Teams interface, resulting in a sleek, all-in-one communications hub incorporating instant messaging, video conferencing and telephony in a single unified space.

Investing a little today in robust, remote-working solutions that will stand the test of time could pay dividends in the long run. Secure, managed and high-performance devices will help your staff stay productive while keeping your data secure. While a modest investment in Hosted VoIP could futureproof your business’ communications and give you the ability to work remotely without compromise.

How can I get the ball rolling?

As part of the government’s economic response to the Covid-19 pandemic, packages of grant funding are to be announced to help businesses make efficiency transitions. These grants of between £1000 and £5000 could help your business innovate and optimise its IT system, to drive efficiency and productivity gains using some of the ideas we’ve discussed above.

 

Struggling to find a solution that fits around your business?

At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email info@cloudscape.it.

Tackle your business challenges head on – With Microsoft Forms

in ,

“How can I ensure the data I collect has value?”

Microsoft Forms lets you generate surveys and quizzes and helps you make sense of the data you gather.

Tired of wasting time on ineffective data collection tools?

Problematic forms and over-complicated survey reports; you may think these are par for the course with data collection. However, it’s important to get these considerations right before embarking on data gathering, otherwise, you could end up with screeds of data that are completely useless to your business.

Unnecessary data or data with little to no value represents wasted time, energy and resources. If the data you gather routinely holds little to no valuable insights then it’s time to adopt a new data collection solution. There is a vast range of tools out there that will give you the ability to generate vast quantities of data in a short time, but that’s only half the battle, as knowing what to do with the data afterwards and how to present it in a coherent way can be where the real challenge lies.

Once you’ve gathered data, the task of having to organise it begins, as a random jumble of words and numbers with no analysis won’t present well to your intended audience. Organising the data you gather can be the most agonising aspect of data collection, often involving lots of manual data entry depending on the format used for data gathering. Also, as with other data, your business holds you’ll have to give serious consideration to your data protection obligations by ensuring any personal data remains secure and that it is used and stored in compliance with any relevant legislation.

Fortunately, Office 365 features an application that responds to many of the traditional challenges of data gathering and analysis.

Introducing Microsoft Forms

Microsoft Forms is an effortlessly simple, intuitive tool that lets you publish surveys, polls and quizzes in a matter of minutes. Respondents can then interact with your form from virtually any device or web browser. Integrated analytics tools let you visualise and evaluate responses and you can export the data gathered to Excel for more in-depth analysis.

Seamless integration within the Office 365 family makes for a hassle-free experience. See below for a round-up of Forms’ simple yet empowering tools and features.

Surveys. Surveys are an invaluable means by which to gauge customer satisfaction, improve staff engagement and arrange events. Thanks to templated question branching and ready-to-go themes you’ll be able to launch surveys in minutes and have the responses rolling in no time.

Quizzes. These are particularly useful for keeping an eye on staff training and development. By having staff complete quizzes, you can identify knowledge gaps and areas where further training might be required. With the ability to analyse scores and add instructions and explanations these could soon become a vital learning and development tool in your business.

Polls. Perfect for gauging opinions, polls are ideal for many scenarios. Find out what your customers think of your latest product, see what the team thought of their training day or find out when they want to hold their next meeting, the possibilities are endless!

Straightforward yet powerful analysis. As forms gather responses in real-time it automatically visualises the data gathered in easy-to-interpret charts. Thanks to Office 365 integration you can export data to Excel and take advantage of its extensive range of data manipulation tools.

Simple yet extremely effective; Microsoft Forms streamlines data gathering into one effortless process. Gather data from within and outside your organisation, view results in real-time using user-friendly analytics and extract value from your data gathering to make informed decisions and improve your business’ operation.

 

Struggling to find a solution that fits around your business?

At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email info@cloudscape.it.

Over 43,000 Phishing Emails Slip Through NHS Security Filters

in ,

More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.

Think tank Parliament Street asked NHS Digital for the data on spam and phishing emails from March to July 14.

A spokesperson confirmed to Infosecurity that the figures related to user reports of malicious and scam messages in their inbox, so the real total could be far higher.

If correct, it would mean that NHS Digital filters are failing to catch a significant volume of threats at a time when the health service is under extreme strain due to the pandemic.

The FOI request revealed a total of 43,108 reports of malicious emails made by doctors, nurses and other NHS staff during the period. The vast majority came from March (21,188) at the start of the crisis, with fewer reports in April (8085), May (5883) and June (6468), plus 1484 in the first half of July.

With reports circulating of cyber-criminals attempting to deploy malware in hospitals, the email inbox is a vital first-line-of-defense against potentially serious cyber-threats.

Although the 43,108 individuals who reported the emails are unlikely to have fallen for the scams, many attacks have been successful. NHS Digital revealed in June that over 100 NHS inboxes were compromised in such raids, although the end goal was not clear.

In some cases, employee finances have been targeted in the attacks: one NHS trust in the north-west warned that criminals impersonated employees in emails to HR and Payroll staff, with the aim of tricking them into changing staff bank account numbers.

Chris Ross, SVP sales international at Barracuda Networks, warned that hackers may also be after patient data to sell on the dark web.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber-defense weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber-threat facing them,” he argued.

“Our recent research revealed that there has been a spike in cyber-criminals using official email domains, such as Gmail and Yahoo, to bypass inbox defences and trick users into revealing personal details by impersonating a colleague, manager or trusted partner.”

AI-powered tools can help in identifying unusual senders and requests, he added.

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/

Incident Response Exercises Not Taken Seriously by Business Leaders

in ,

Only 2% of organizations have run incident response scenarios related to the pandemic response.

According to research by Immersive Labs of 402 organizations, nearly 40% are not fully confident in their teams training to handle a data breach if one occurred, and 65% of exercises consist of reviewing PowerPoint slides.

In an email to Infosecurity, Heath Renfrow, director and vCISO at the Crypsis Group, said incident response is one of the pillars of a sound information security program, and it needs to be taken more seriously—not only among the organization’s information security team, but all the way to the CEO and board of directors.

“It is evident from the incident response cases we assist with daily that incident response is frequently viewed strictly as information security/IT’s responsibility, rather than from an overall business perspective,” he said. “This is unfortunate, because many across the business—from leadership to legal, communications and HR staff—have a potential role to play and can help influence better outcomes and the right cultural mindset to be better prepared for an incident.”

Renfrow said that to build stronger programs, incident response plans and playbooks should be developed and exercised at a broad company level — but that requires buy-in from the top leadership.

He recommended an approach, in order to achieve buy-in, to first run tabletop exercises just among the information security team to refine the plan, taking the lessons learned and updating the documents. Next, identify a “champion” in the executive ranks — a cybersecurity advocate who is influential among leadership and sit down with inside or outside counsel and discuss the various scenarios the company could face from a range of cyber-attacks and the ramifications of each (e.g. downtime, reputational loss, regulatory notifications, sensitive information exposed, etc).

“With that information in hand, security teams can work with their identified champion to get executive leadership educated on those risks and bought into an incident response tabletop exercise,” he said.

The Immersive Labs research also found that 61% of respondents think having an incident response plan is the single most effective way to prepare for a security incident, however when they do perform crisis exercises, nearly 40% of all senior security leaders surveyed said the last exercise generated no action from the business.

Also a quarter of organizations ran crisis exercises without senior cybersecurity leadership in attendance, and only 20% of exercises involved communications team members.

James Hadley, CEO of Immersive Labs, said: “With three-quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary.

“Dusting off the three-ring binder crisis plan does not cut it today. In the first 30 minutes of a crisis, it is highly unlikely you’re thinking of your plan. It’s the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents.”

Renfrow said a company-wide incident response exercise should include legal, HR, communications, and all senior business executives including the CEO, and should be focused on a plausible cyber-incident, for example, a ransomware attack, and walk through the chain of events and response by the entire organization. It should also include the steps needed to engage (as applicable) any retained cyber insurance companies, outside counsel, and incident response providers.

“These exercises truly do open the eyes of executive leadership, and most of the time they really start seeing cybersecurity as an asset to the business that is vital to the overall success of the organization,” Renfrow said.

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/

Human Error Threatens Cloud Security

in ,

Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published today.

A survey commissioned by Tripwire and carried out last month by Dimensional Research found that 93% of security professionals were concerned that human error could result in the accidental exposure of their cloud data.

Despite their concern over human error, 22% of those surveyed said that they assess their cloud security posture manually.

The survey evaluated the opinions of 310 security professionals on the implementation of cloud security best practices.

According to the research, a number of organizations experience difficulties in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment.

Other findings were that security professionals tend not to keep tabs on their real-time cloud security situation. Only 21% of organizations were found to assess their overall cloud security posture in real time or near real time.

While 21% said they conduct weekly cloud security evaluations, 58% said they wait until a month or more has gone by.

Maintaining security was a challenge for most organizations, with only 22% saying that they are able to maintain continuous cloud security compliance over time.

“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tim Erlin, vice president of product management and strategy at Tripwire.

“Fortunately, there are well-established frameworks, such as CIS benchmarks, which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.”

The amount of automation employed varied across cloud security best practices. While 51% use automated alerts with context for suspicious behavior, only 45% automatically assess new cloud assets as they are added to the environment.

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/

Tackle your business challenges head on – With Power Automation

in ,

“If only there was a way I could get rid of all the manual tasks in my workflow.”

If your working day is bogged down with repetitive manual tasks then Power Automate may be the tool for you!

Are mundane, repetitive manual tasks hindering your productivity?

Efficiency, good organisation and high productivity are the keys to success. For many businesses though, achieving any one of these aims can be enough of a struggle, never mind all three.

Remember, feeling like there aren’t enough hours in the day isn’t necessarily a sign you’ve been productive, it could indicate that the way you work is inefficient. Persevering with the old routine may seem like the only option, but if you feel like you’re drowning in a sea of recurring menial tasks you should be looking for solutions that can help slim down your burden of work, and give you time to focus on the more rewarding aspects of running your business. Even if you are managing currently, automating menial tasks will give you time to focus on other things and will increase your capacity to take on more work which means greater revenue potential!

Fortunately, Microsoft offers a platform to help you address these common business problems.

Introducing Microsoft Power Automate

Previously called ‘Microsoft Flow,’ Power Automate is a service that enables users to link apps, services and files and create automated workflows between them without the need for technical expertise.

Power automate will let your business ‘automate-away’ many of the annoying and tedious tasks that plague daily office life using digital and robotic process automation. Listed below are a few of the ways it could benefit your business.

Improved Productivity.  As the name suggests, Power Automate can bring the benefits of automation to your Office. Such benefits include improved organisation, time savings and increased efficiency. By automating mundane tasks your workforce will be able to focus on the things that add value, such as building relationships with clients and working on business performance outcomes.

Easier access to business data. Trawling through files and applications to bring data sources together may not seem like too much trouble, but when you’re doing this many times a day, five days a week the time spent on it soon adds up.  You can use Power Automate to establish ‘flows’ between file locations/apps allowing you to transfer files from one location to the other utilising over 100 data source connectors. For example, you can set up a connector between Outlook and SharePoint so that email attachments you receive are automatically transferred to a SharePoint site.

Fast and easy automation that requires no expert knowledge! You don’t have to be a computer genius to set up workflows in Power Automate. The whole process is guided, intuitive and doesn’t require any knowledge of coding, so you can let all your staff take advantage of the power of automation. What’s more, you can rest assured knowing that your business’ data is secure thanks to cloud-based data loss prevention and access management services.

At least 30% of activities in approximately 60% of job roles are estimated to be technically automatable. By investing a little time now automating those repetitive tasks you could save yourself and your business countless hours in the future.

 

Struggling to find a solution that fits around your business?

At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email info@cloudscape.it.

Many Second Hand Phones Are Sold with Security Vulnerabilities

in ,

A substantial proportion of second hand mobile phones are vulnerable to being hacked due to not being supported by important security updates, an investigation by Which? has found.

The analysis centered around three popular mobile phone retailers: SmartFoneStore, Music Magpie and CeX. The worst affected was CeX, where nearly a third (31%) of phones sold are no longer supported by security updates from manufacturers. For SmartFoneStore, 17% of models sold were unsupported, while for Music Magpie it was 20%.

This is providing cyber-criminals with opportunities to target older vulnerabilities in these devices.

Which? said that it presented the three companies with the findings, and since then SmartFoneStore has issued a warning on unsupported devices so people are aware before they buy them, while Music Magpie has removed all the affected devices from sale. However, it has not yet received a response from CeX.

Which? has advised that customers check the manufacturer’s security updates page to find out this information before purchasing a used phone.

Commenting on the findings, Jake Moore, cybersecurity specialist at ESET, said: “It may sound like a great deal to purchase an older and cheaper device, but unfortunately you can’t put a price on security.

“Older phones notoriously have a use-by-date when they are no longer supported by security patches. These devices will often still work as normal on the surface, but threat actors can use older vulnerabilities under the hood to target their victims with ease, so those at risk must be reminded to check which operating system it currently supports before purchasing.”

For phones operating off an Android operating system, there will typically be two years of operating system updates and three years of security updates. For Apple iPhones, system and security updates are usually packaged together and these will continue for an average of five to six  years.

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/

Cloud Breaches Set to Grow in “Velocity and Scale”

in ,

Cloud breaches are likely to increase in “velocity and scale” due to a prevalence of poor cybersecurity practices in cloud configurations that are creating exposures. This is according to the most recent The State of DevSecOps report by Accurics, which assesses cloud configuration practices that lead to breaches.

The study found that 93% of cloud deployments analyzed contained misconfigured services, while 91% of deployments have at least one network exposure where a security group is left wide open. Accurics noted that “these two practices alone have been at the center of over 200 breaches that exposed 30 billion records in the past two years.”

There were also other emerging practices that were observed to be creating exposures. This included the presence of hardcoded private keys in 72% of deployments. Additionally, half of deployments had unprotected credentials stored in container configuration files. The report added that “these keys and credentials could be used by unauthorized users to gain access to sensitive cloud resources.”

Close to a third (31%) of organizations were shown to have unused resources, with the primary cause being that resources are added to a default virtual private cloud (VPC) upon creation if a scope is not defined.

Commenting on the report, Matt Yonkovit, chief experience officer at Percona, said: “The best approach here is to have an audit to check that your best practices are in place and being followed. This can help show where security steps are missing, and you can then put them in place where needed. Over time, you can check that all your responsibilities around data backup, security and management are done correctly.

“It’s less about the department and more about the situation. Security problems can be caused by people who are underqualified, using complex and powerful tools they don’t fully understand or haven’t enough experience with. Easy access to technology can give users a false sense of security, and a misconception that because it is backed by a big name, it must be tested, trusted, and fail-safe.”

Greg Martin, general manager for security at Sumo Logic added: “Increasingly organizations are experiencing serious data breaches due to basic cloud vulnerabilities such as this study highlights. Developers and security teams need to focus on awareness and training for common cloud security issues and more importantly automation to audit and identify gaps and vulnerabilities as they arise. Cloud security is the new frontier and most organizations are significantly lagging behind.”

Last month it was revealed that 260,000 actors had their personal data exposed due to a cloud misconfiguration error on a server belonging to a New Orleans-based casting agency.

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/

Malware Attacks Exploiting Machine Identities Double

in ,

The number of commodity malware campaigns exploiting machine identities doubled between 2018 and 2019, according to new research.

The rapid increase in this particular type of cyber-scourge was unearthed by threat analysts at Venafi, who gathered data on the misuse of machine identities by analyzing security incidents and third-party reports in the public domain.

Among the attacks encountered by Venafi’s Threat Intelligence Team were several high-profile campaigns, including TrickBot, Skidmap, Kerberods, and CryptoSink.

Overall, malware attacks utilizing machine identities were found to have grown eightfold during the last 10 years. Within the last five years, the number of attacks was found to have increased more rapidly.

The findings are part of an ongoing threat research program focused on mapping the security risks connected with unprotected machine identities.

Campaigns exploiting machine identities were once the preserve of large-scale cyber-criminal operations but are now being used in off-the-shelf malware, according to Yana Blachman, threat intelligence researcher at Venafi.

“In the past, machine identity capabilities were reserved for high-profile and nation-state actors, but today we’re seeing a ‘trickle-down’ effect,” said Blachman. “Machine identity capabilities have become commoditized and are being added to off-the-shelf malware, making it more sophisticated and harder to detect.”

Blachman said these deceptively simple campaigns are far more dangerous than they appear.

“Massive botnet campaigns abuse machine identities to get an initial foothold into a network and then move laterally to infect further targets,” said Blachman.

“In many recorded cases, bots download crypto-mining malware that hijacks a target’s resources and shuts down services. When successful, these seemingly simple and non-advanced attacks can inflict serious damage on an organization and its reputation.”

The millions of applications and billions of devices that exist in the world use machine identities made from cryptographic keys and digital certificates to authenticate themselves to each other so they can communicate securely.

“To protect our global economy, we need to provide machine identity management at machine speed and cloud scale,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.

“Every organization needs to ensure they have full visibility and comprehensive intelligence over every authorized machine they are using in order to defend themselves against the rising tide of attacks.”

 

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

 

News Source: https://www.infosecurity-magazine.com/