Tag Archive for: Cyber Security

The Fort of Cyber Security – What is Smishing?

Pull up the drawbridge and protect your business from Smishing

But what exactly is Smishing?

The word ‘Smishing’ originates from both ‘SMS’ and ‘phishing’ combined. Phishing is the trickery of using imitation to get you to reveal personal, sensitive, or private information.

However, instead of using email, normal phone calls, hoax websites or VoIP, Smishing is carried out through text or SMS messages.

In similarity to both Phishing & Vishing, Smishing also uses a vast selection of scare tactics and emotional manipulation to trick you into giving up your information. The goal of is simple and exactly the same: To steal your money, your identity, or both.

 

Why is Smishing so perilous to my business?

Your private information needs to stay private, with a simple text message, that could all go up in flames.

Build a moat around your data and learn how to protect it, here are a few key tactics of Smishing:

 

The use of Social engineering – Leveraging your trust in order to obtain your private information

The threatening approach – “If you ignore this message you will be charged daily until you accept the terms”

Links & attachments (malicious) – Simple but effective, send 1000 texts with a single link, someone’s bound to click it

 

Along with various amounts of siege tools available, cybercriminals have an endless number of tricks to get your information.

 

How do you prevent Smishing attacks?

Everyone receives texts on a daily basis, most of the time they are from your friends, family or a legitimate source. But, every once in a while, you’ll be targeted by an anonymous number. To help you remain vigilant, below are some specific steps to prevent Smishing:

– Never reply to unknown numbers unless you are 100% confident it’s trustworthy

– Don’t reply to text messages riddled with errors & mistakes.

– Don’t click on any links or attachments within a text message.

– Never install applications that come through a text message, verify things first but always stick to the app store.

– If the preview looks dodgy, don’t even open it, just delete it.

 

Also, in order to maximise security for your mobile phone, we recommend a VPN. A Virtual Private Network will secure and encrypt any communication taking place between your mobile and the Internet on the other end. Therefore, giving you an extra layer of protection.

 

** Get your FREE pinpoint guide on Smishing below **

>Download the guide here<

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

The Fort of Cyber Security – What is Vishing?

Protect your business from the realms of Vishing

But what exactly is Vishing?

The word ‘Vishing’ is a mixture of ‘voice’ and ‘phishing.’ In which Phishing is the method of using imitation to get you to reveal personal, sensitive, or private information.

However, instead of using email, normal phone calls, or hoax websites, Vishers use an internet telephone service (VoIP).

Using a vast selection of scare tactics and emotional manipulation, the aim is to trick you into giving up your information. These Vishers even create fake Caller ID profiles which make the phone numbers seem trustworthy & legit. The goal of Vishing is simple: steal your money, your identity, or both.

 

Why do I need to know about Vishing?

Alike anyone else, your identity is everything. Vishing can come in a variety of forms, you need to be ready to catch out what’s real & trustworthy, compared to what’s fraud and will steal everything from you.

The most common form arrives in the voice of your Bank or your Credit card company.

 

“Your personal account has been breached. Please call this number to reset your account.”

 

The method of approach here is to inflict anxiety and panic, the fear of losing everything you’ve worked so hard for.

You might also see Vishing in the form of excitement and freebies.

 

“Congratulations! You’ve just won our grand prize of a 2-week holiday to the Maldives.”

 

From this point of view that seems fantastic, however, you’ll soon be asked to pay a ‘returnable fee’ to claim the prize, you won’t get that back.

As you can tell, there are hundreds of different methods to trick you into paying money or sharing your details.

 

How do you prevent Vishing attacks?

Everyone receives phone calls on a daily basis, 100% of the time they are completely legitimate, however you’ll always get an unknown number pop up when you least expect it. To help you remain vigilant, below are some specific steps to prevent Vishing:

 

– Be aware

– Don’t give into pressure

– Ignore phone calls from unknown numbers (If they’re important they’ll leave a message that’ll give you an idea if they’re trustworthy)

– Stay calm, if you’re unsure just hang up

– Always be cautious, certain people can be very convincing

 

** Get your FREE pinpoint guide on Vishing below **

>Download the guide here<

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

Let us guide your business to Remote Working

Let us guide your business to Remote Working!

 

If your employees have to work from home because of the Coronavirus emergency, the obvious question to ask is: Does your team have the equipment they need to work remotely?

 

With the majority of office devices being desktop, it’s important to consider sooner rather than later whether you need to buy laptops, should they need to access shared networks and if your business uses a Virtual private network.  It is advisable to provide your employees with safe and secure work laptops.

 

Due to increased demand, supply restrictions and shipping constraints, the availability of the required devices may be affected.  It is therefore essential that decisions are made with a degree of urgency.

 

You should also consider Telephony systems.  Could you utilise Office 365 to minimise costs (particularly if you are already using it)?  Or, should you instead consider other systems and online work phones such as VoIP?

 

Some of your employees may find working from home difficult. This is why every effort should be made to ensure your employees have an appropriate workspace at home. We do not suggest that you go out and buy everyone a desk and a chair. But we do advise that you clarify with your employees what their home working environment is, and offer support where it is possible and appropriate.

 

WE’RE CLOUDSCAPE.

 

It’s our belief that you should have the best solutions for your business.

We’ll get to know your business so that solutions can be tailored around your operation.   We are commercially savvy, so we will always aim to find the most cost-effective, time-efficient solutions that meet your technical/performance requirements.  If you feel that your data isn’t being backed up correctly, please get in touch.

The Fort of Cyber Security – What is Phishing?

What exactly is Phishing?

Phishing is the attempt and procedure of trying to gather private information using fraudulent emails and websites.

It’s more so known as a cyberattack that uses disguised emails as a weapon. The aim of the cybercriminals is to trick the email recipient into believing that the message is something of high importance — a message from the bank, for instance, or a note from someone in their company. All in hope of getting them to click into the email and open up the attachments or worse, hit reply and send over there identity.

 

What are the different types of Phishing?

Phishing comes in all different shapes and sizes, with a mixture of attacks that all link together in the hope and goal to steal your information.

 

Deceptive Phishing – The most common type of attack, usually an email from a recognised sender, hoping to steal your information via the means of imitating a legitimate provider

Spear Phishing – More prominent on social media platforms, an email from a recognised sender with personalised information to gain your trust and hopefully your private information

CEO Fraud – Phishing aimed primarily at the big fish companies; specifically targeting executives. Used to authorise fraudulent financial transfers as well as key information all of the employees.

Pharming – The method in tricking the user onto a malicious website, by changing the IP address to a trusted name and gaining information via login forms that farm your details.

 

How do you prevent being targeted by phishing attacks?

Phishing attacks are easy to spot once you understand what they want from you and what they look like, whether they plan on stealing your identity, your money or just personal information, there are a few ways to tell if it’s real or attempted theft:

  • Always check the spelling of the URLs in email links before you click or enter sensitive information
  • Watch out for URL redirects, where you’re subtly sent to a different website with identical design
  • If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than just hitting reply
  • Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media

 

** Get your FREE pinpoint guide on Phishing below **

>Download the guide here<

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

The Fort of Cyber Security – What is a VPN?

But what exactly is a VPN?

A Virtual Private Network gives you online privacy & anonymity by creating a private network from a public internet connection.

VPNs hide your IP address so your online actions are untraceable. Most importantly, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.

 

Why do you need to use a VPN you ask?

Browsing the web or transacting on an unsecured Wi-Fi network means you could be potentially exposing your personal information and browsing endeavours. Which is why a virtual private network, more commonly known as a VPN, should be a must for anyone concerned about their online security and privacy. Especially from a business point of view.

 

How do you go about choosing a VPN?

What’s the best way to choose a virtual private network you’re probably thinking? Here are some questions to ask when you’re choosing a VPN provider:

– Do they respect your privacy?  (You’ll be surprised that not all providers will have a no-log policy…)

– Do they run the most current protocol?

– Do they set data limits?

– Where are the servers located?

– Will you be able to set up VPN access on multiple devices?

– How much will it cost?

 

** Get your FREE pinpoint guide on Virtual Private Networks below **

>Download the guide here<

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

The Fort of Cyber Security

Let us guide your business to the Fort of Cyber Security!

Cyber threats are everywhere…

It’s important to understand the current patterns in security threats, which enable you to identify your vulnerabilities and ultimately take steps to better protect your sensitive data.

 

Cyber Security on the most part is about being aware and alert of potential threats – with knowledge and insight you can work to ensure your team know what to look out for and, should a potential threat arise, do the right thing as your ‘human firewall’ to common threats.

 

In this guide, we will take you through 14 key cybersecurity awareness topics to be aware of. There are many very cost-effective, (some even free!), steps you can put in place to begin protecting your business more effectively. Alongside best practice procedures is a range of cybersecurity tools, which will considerably step-up your defensive barriers by design.

 

Cyber threats come in many different & unique forms

 

We all think of viruses as the age-old problem that impacts the health of our computer systems, however, in this digital age, we’re open to a whole host of threats each with their own name and set of problems as showcased in this educational series of content we are releasing.

 

** Discover our top 14 recommendations for your Cyber Security **

>Download the guide here<

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

Protecting Your Business with Cyber Essentials Qualification

Without the amazing benefits and capabilities provided by IT, modern business would look very different. Accordingly, the need to protect your organisation’s IT equipment such as networks, data storage systems and workstations should be a major priority. You only have to take a quick look at the technology headlines to see that hacking makes for big business in the digital age.

How, though, can your business protect itself from the threat of hackers and their arsenal of tools which include DDoS attacks, malware and ransomware? Understanding what those last three terms mean is tough enough, but combatting them is on another level. Thankfully, the Cyber Essentials qualification is a Government-backed scheme that aims to help businesses protect themselves by enhancing their cyber security.

What is the Cyber Essentials Qualification?

Cyber Essentials is there to help protect your organisation from the very real threat of cyber-crime by focusing on the following areas:

  • Securing your internet connection to ensure that only authorised traffic is allowed to enter and leave your network
  • Ensuring that any device on your computer network is correctly configured and secured to reduce the risk of any security vulnerabilities that may be present
  • Underlining the importance of protecting your applications and hardware from the threat of malware
  • Working to differentiate the various levels of access that should be assigned to different computer users across your network.
  • Best practices for patch/update management to give your software the best chance of being protected from vulnerabilities

What Does Cyber Essentials Mean For Your Business?

Cyber Essentials is a form of certification which demonstrates your understanding of cyber security. It not only reassures your customers that you’re reputable and trustworthy, but it also ensures that any potential downtime is significantly reduced. Allowing you to become more proactive with risk management, the visibility that the qualification grants you in the chaotic world of cyber security is priceless. With enhanced knowledge comes the ability to spot risks early on and reduce the impact they could have on your business and its customers.

Not every organisation, of course, has the necessary skills in house to achieve the Cyber Essentials qualification on their own. However, this doesn’t mean that your business has to head out into the digital landscape without the protection afforded by Cyber Essentials. A successful cyber strategy can easily be put into place by teaming up with an external partner who has the Cyber Essentials certification and can help to craft a strategy which suits your organisation and its unique needs.

Cyber Security A Necessary Addition to Your Business

Clearly, the need to protect your IT infrastructure in the modern age should be a paramount concern for all contemporary businesses. After all, the sheer amount of data now held by organisations is staggering and the need to protect this increases with each passing cyber scandal. Despite IT being a niche that is notoriously complex and unfriendly to newcomers, Cyber Essentials represents a fantastic opportunity to start taking back control of your IT defences and keeping your infrastructure online.

Find out more about Cyber Security Services...

What is a spear phishing attack?

What is Spear Phishing?

Spear phishing has been present in the digital landscape for over 20 years, but it’s only in the last 10 years that it’s started making headlines.

Primarily using email to deliver its malicious payload, spear phishing presents a very real and current threat to any business with an email account. Key to combatting the threat of phishing is by educating your business on the signs and symptoms of such an attack, so let’s take a look at what you’re up against.

Spear Phishing Techniques

A number of techniques are employed when launching a phishing technique and these can include:

  • Macros contained within Microsoft Office documents that, once activated, allow hackers to gain remote access of the infected PC
  • Tricking employees into disclosing sensitive data such as login details for company emails or databases
  • Redirecting victims to malicious websites where malware can be downloaded to their PC

What’s Different About Spear Phishing?

Phishing is frequently in the headlines, so many businesses are aware of this threat and know how to protect themselves. Spear phishing, however, is a little different.

Where phishing emails tend to target large numbers of individuals with generic content, spear phishing is a much more personalised attack. For example, rather than starting an email with “Dear Sir/Madam”, a spear phishing email will use the recipients exact name to engender trust and move the recipient closer to taking the malicious bait.

What are the Characteristics of a Spear Phishing Attack?

Phishing attacks are generally executed by sophisticated hackers, but there are still a number of telltale signs which characterise spear phishing such as:

  • Multiple Levels of Attack: Phishing attacks businesses on a number of different levels following the initial infection, so further attacks are likely to involve malware downloads, logging keystrokes and capturing screenshots.
  • A Combination of Threats: To enhance the chances of outwitting standard web defences, spear phishing incorporates a number of different techniques to deliver their payload including infected URLs, documents and unauthorised downloads.
  • Exploiting Zero Day Vulnerabilities: Spear phishing specialises in exploiting the numerous zero day vulnerabilities that can arise in browsers, apps and the various plugins that are found within desktop PCs.

Spear Phishing Examples

If you take a look at the IT headlines from the last couple of years then it doesn’t take long to find a mention of spear phishing.

In 2016, an employee of Snapchat fell victim to a spear phishing scam which involved an email being sent which claimed it was from the Snapchat CEO. Falling for the scam, the employee duly followed the request within the email and forwarded on payroll details to a spoof email address.

However, the most famous example of spear phishing is the attack launched on the US Democratic Party in 2016. Hackers sent spoof emails claiming to be from Google representatives and advising recipients to update their email passwords to strengthen security. However, the links contained within these emails merely led the victims to malicious websites which allowed the hackers to take control of their email accounts.

Rather than becoming the next victim of phishing, it’s important that you understand how such an attack is likely to be launched against your business. Knowledge is a valuable currency when it comes to cyber-attacks, so it’s crucial that you educate yourself and your employees to not only protect your sensitive data, but also maintain your productivity.

Ransomware Protection

Using IT Security to Mitigate the Costs of Ransomware

Ever since we have had widespread use of computers, we have had people trying to exploit users using viruses and other malware. One common type of malicious software is ransomware, which is designed to block the user’s access to a computer system until they are paid a sum of money.

This started off as a relatively small-scale issue, but hackers have now figured out ways to hit financial markets with this ransomware.

When ransomware is used, hackers can gain access to:

  • Emails
  • Addresses
  • Phone numbers
  • SSNs
  • Other customer information

Cyber crime is a major problem, and is expected to get worse as the difference in terms of technological expertise widens. What this is means is you have many hackers with a huge amount of expertise, and governments with not nearly the same ability to play defense to these hackers.

The scale of these attacks has increased because major financial institutions serve as honey pots to these hackers, and they are incentivized to invest more resources in order to gain the information of many people at one time.

Using Cyber Security to Improve Ransomware Security

By implementing proper IT security, it becomes possible to manage the risk associated with ransomware. Every company which holds its customers’ information has a huge potential liability should that information be compromised.

A cyber security strategy can help to protect your company in a number of ways including:

  • Enforcing strict password policies, requiring a mixture of letters, numbers and special characters makes it more difficult for hackers to break in via the front door
  • Control internet access, by blocking access to suspicious sites and maintaining a list of sites that other companies have flagged as inappropriate
  • Prevent external hardware use, like USB drives, this makes it easier to control how files enter and exit your network
  • Firewalls and intrusion detection make it more difficult for hackers to break in via more unscrupulous methods

Invest in IT Ransomeware Security

IT security can help make sure that ransomware doesn’t hurt your company in an irreparable manner. The trust you have built with your customers is important and you want to do everything you can to maintain that.

Cyber crime will always be a reality in the world we live in, but it doesn’t have to be a constant threat to your company. The two best things you can do to prevent the effects of ransomware are:

  • Implement comprehensive IT security to prevent massive ransomware cost
  • Train your employees to make the correct decisions in risky situations

By following through on these two steps, you can increase your cyber security and save your company a ton of money and time as the potential cost of ransomeware damage is incalculable. This may seem like a hassle now, but as you watch more and more players become compromised, you are going to be happy you took the time to invest in yourself.

Want to know how to do more to improve Ransomware Security?

Cyber Security Threats

Are You Taking The Cyber Security Threat Seriously?

The threat of cyber-attacks has been talked about with increasing frequency in the media over the past few years, and recent incidents have brought to light how real this threat is. In May 2017, the WannaCry ransomware attack disrupted computer systems around the globe, and a similar style attack was announced at the end of June, impacting sites such as the Chernobyl nuclear power plant.

Despite the fact that these attacks were over a month apart, many companies still seem to have been caught off guard, suggesting that they failed to take necessary precautions.

This is indicative of a problem within cyber security circles. Even when the threat is well known, people often don’t think that it will happen to them, and put off making the strategic decisions about how best to protect their systems.

Is Cyber Security just a “nice to have”?

Although companies are increasingly aware of the risks they are exposed to, when it comes to justifying investment in security, it can be very difficult to get the business case through. Investment prioritisation exercises tend to favour revenue generating initiatives, without fully appreciating that a cyber threat could cripple the business entirely.

One method to help raise the profile and importance of cyber security is to look at the types of attacks that could occur and consider the impact each will have on your business.

For example:

  • You are hit by a ransomware attack that downs your systems and prevents you trading. What is the cost to your business if you can’t trade for even one day? How many days could you survive without trading while you tried to fix the problem?
  • Your customer data is stolen by hackers. Could your brand survive the reputation damage and legal fines for not properly securing customer data? How long would it take you to regain customers trust?

The Likelihood of a Cyber Attack

Calculating the likelihood of a cyber security threat occurring is difficult, but understanding the devastating effect they can have on your business helps to justify the comparatively small investment you would need to make in cyber security to help prevent them occurring.
Going a step further and looking at the exposure of each of your individual systems will enable you to decide which risks you want to mitigate, and which you are happy to live with.

If you don’t have the expertise in house to carry out this analysis, it is worth getting a security audit from an external provider. An independent review of your systems could also help to support your business case for investment in cyber security initiatives.

Create a response plan in advance

Whatever level of cyber security you decide to opt for, it is worth crafting a response plan should the worst occur.

Many companies have been praised for how swiftly they shut off corporate email in the wake of the WannaCry attack to stop the virus spreading. If you know what steps to take in advance and act quickly, it can make a huge difference to the outcome of the attack.