CACTUS IT

bevanpy

Award Winning IT Support

by

We are delighted to announce that the hard work and excellent customer service of our apprentice, Jimmy Arnott has recently been recognised by the Ilkley Business Awards (IBA).

At a Gala Dinner held at the Kings Hall in Ilkley to celebrate the achievements of businesses in LS29, Jimmy was amongst the winners after being initially shortlisted this month. Jimmy qualified to enter as he is currently studying Network Engineer Level 4 at Leeds City College whilst working full time at Cactus IT.

In order to win the ‘Apprentice / Trainee of the Year award’, the IBA’s independent judging panel were looking for ‘an individual who shows a higher level of understanding of their role and the business they work in than would usually be expected, demonstrating a commitment to the business and proving added value to their team or business‘.

We feel that Jimmy understands that ‘customer service comes first’ and that prompt customer service is important. He always responds quickly to email and phone support requests, even reviewing his own response times in our ticketing system. Our customers feedback on Jimmy is very positive!

Jimmy has impressed us with his keenness to tackle his tasks, even when it is something out of his comfort zone. That’s important in a small business and he just gets on with his work, ‘no problem’ for Jimmy.

Congratulation Jimmy on a job well done and an award well deserved!

Email cyber threat on the increase

by

Noisy email

Over 70% of my email in the last week was ‘noise’ at best and malicious at worst, and there seems to be no let up in sight.

It is widely accepted that email has become the delivery method of choice for cyber criminals. There seems to be a threat for every occasion from Malware and Ransomware to SPAM and Spoofing, not to mention newly developed and previously unknown malicious emails referred to as ‘Zero-Day’ attacks.

Businesses are targeted

The threat is very real with some sectors targeted more heavily that others. A recent report from the NCSC (National Cyber Security Centre) on the threat to the UK Legal sector shows a staggering £11 million of clients money stolen in 2016/17 by cyber security breaches. The NCSC go on to identify the significant threats that all lead back to email security as their primary challenge.

If you own a Law firm or Professional Services company in the UK, please contact us today on 01943 666 711 to see how we could help secure your business.

Why do they do it?

The motivations for these attacks can be very varied. From financial gain, nation states seeking strategic or political advantage or even ideological gains for ‘hacktivists’. All of this activity is criminal, with sometimes minimal effort a quickly compiled email could devastate your business costing both financial and reputation damage.

How can you reduce the risk of attack by email?

With such a constant and overwhelming attack by email, Cactus IT are now able to offer email security for your business with the following key advantages:

  • Phishing prevention: blocking fake login pages
  • Click protection: so that you can ‘click with confidence’
  • Spoofing: works on mobiles and desktops to identify Spoofing and CEO fraud
  • Attachments: scanning and blocking all manner of attachments, even password protected documents

Our service includes a daily email report with easy to use ‘Release/Allow/Block’ services, all for an affordable price.

Contact us on 01943 666 711 today for a free 14 day trial of this service and to enquire about our additional advanced threat protection services including ‘Sandbox attachment scanning’ and ‘Email continuity’.

Farewell Windows 7

by

Windows 7, our favourite operating system since Windows XP is due for retirement in less than a year. The most successful operating system ever launched has already reached Microsoft’s ‘end of mainstream support’. With a staggering 630 million licenses sold by 2012 (ref: Wikipedia), on the 14th of January 2020 it will be classified as ‘end of extended support’ with no future updates or Microsoft support available.

But what does that mean to your business?

It’s all about security and keeping your data safe.

  • After January the 14th 2020, Microsoft will STOP releasing those important monthly security updates and bug fixes
  • The risk of viruses aimed at Windows 7 vulnerabilities will increase substantially
  • Running Windows 7 could put your business in breach of the GDPR regulations and go against the current Government advice

What are your options?

  • Just keep using Windows 7

This is an option that some businesses will choose to take (based on information after Windows XP was retired). But the longer you run Windows 7 after the 14th of January 2020, the higher the risk of data loss or disruption to your business (this is a GDPR and security nightmare!).

  • Plan an upgrade to Windows 10

This would be our recommendation. Windows 10 is the current version of the desktop operating system and has proved to be very popular with users. Yes, the interface has moved on since Windows 7, but it’s not too dissimilar, it still have the cherished ‘Windows Start Button’ and supports an array of hardware and software with much improved plug and play functionality (i.e. It just works!).

What to do next?

Start the process of understanding your options and get in touch with us here or give us a call on 01943 666 711.

GDPR IT compliance for Small Businesses

by

The General Data Protection Regulation is coming this year (25th May 2018) and the time to act is now.

The focus of this blog is on Small Businesses in the UK with limited resources and stretched budgets. It’s a collection of practical steps to take in order to assess your compliance, specifically around your IT systems, IT procedures and IT policies.

There is a lot of guidance and documentation available online, but my information comes straight from ‘the horse’s mouth’, in this case, that’s the Information Commissioner’s Office (ICO). They will be policing the new regulations, so it makes sense to go to them for guidance.

There are many reasons to want to comply. Such as business best practice and striving for customer confidence with a secure and safe storage of personal information… then there are the hefty fines that the ICO can dole out. After the 25th of May, the ICO could levy penalties up to the new limit of €20 million or 4% or annual global turnover, whichever is higher!

Give us a call on 01943 666 711 if you would like to know how we could help.

Let’s look at some practical steps to take for your business:

1: Assess the threat and risk to your business
Review all of the data that you hold and consider the damage or stress it could cause if that data was subject to a security breach.

Follow your business processes and identify where and how your data is stored, collected and disposed of. With this information, you can decide on the appropriate measures for your needs.

2: Cyber Essentials- your Cyber Security Guide
Cyber Essentials is a government backed scheme to help protect businesses against the most common types of cyber threat.

The majority of cyber-attacks can be mitigated by applying good practice configurations and settings in the following 4 areas:

1- Firewalls- implement and configure gateway firewalls and computer firewalls to secure your internet connection.
2- Secure your devices and software- by changing default system passwords and by implementing secure passwords and multi-factor authentication where possible.
3- Control access to your data and systems- minimise damage by giving ‘just enough’ access to data and systems for staff to perform their jobs.
4- Protect yourself from Virus and Malware attacks- only use vendor approved software and always use Anti-Virus software… even better, use Endpoint Protection (Anti-virus, Malware, Firewall and Web control all in one). Always keep your software patched and up to date.

3: Secure your data…. Physically
Theft of filing cabinets and computers holding personal information are a real risk. If you know where your data is, you can better secure it.

There are several practical steps that can be taken to secure your data, like:

-Store sensitive data and computers in a separate, locked room.
-Prevent access to USB drives or CD-ROMs by implementing a device security policy.
-Where personal data is stored on laptops or mobile devices, secure and encrypt those devices.
-If you allow users to BYOD (bring their own device) from home into work, you may want to consider a ‘BYOD policy’ stipulating how that can be used and what (if any) business data can be stored on it.
-Secure your data in the cloud.
-If you decide to move some of your IT services to a Cloud Service Provider, you should assess their security measures to ensure that they are appropriate.

Be aware of what data you have stored in the cloud and implement 2FA (two factor authentication) where possible in case your credentials are compromised.

4: Backup your data
In the event of a disaster (fire, flood, theft, etc.) you need to be back up and running as quickly as possible. Malware and ransomware can also disrupt your data availability, loss of data is a breach of the Data Protection Act (DPA).

Implement a 3-2-1 data backup policy– 3 copies of your data on 2 different media with 1 copy off-site. Having a proper strategy will protect your data in the event of a disaster or ransomware attack (where your data is encrypted).

5: Train your staff
Accidental disclosure and human error are the leading causes of data breaches.

Train your staff on how to recognise threats like phishing emails and malware links. Small businesses often fall victim when publishing items in social media about the business (‘Look at our shiny new delivery of laptops and phones’ could result in a burglary!).

6: Monitor security logs
Regularly reviewing security logs can alert you to a potential vulnerability or attack.

You should be asking your IT provider to help you with this so that you have an automated alerting mechanism.

7: Have a policy so that you know how to react in case of a breach
A good policy will help you to address risks and an incident management document can reduce stress and risk in the event of a breach.

8: Minimise your data
If you don’t need it any longer, delete or dispose of it properly.

Records should be kept up to date and cleared out if they are no longer required. Old computer equipment should be properly disposed of so that no confidential personal data is left on the hard drive.

9: Is your IT contractor doing what they should be?
If you (like many small businesses) outsource any of your IT services, make sure that your provider is treating your data with at least the same respect as you would.

You should have written contracts in place with your IT provider. Visit their premises if you feel it’s appropriate and insure that they are disposing of your equipment properly.

Our advice is to act now, before the 25th of May so that you have time to evaluate the risks and act on your findings.

Please find some links below for further reading, feel free to also contact us via our website, or call us on 01943 666 711 if you have any questions or would like help securing your business critical data and systems?

Cyber Essentials

Preparing for GDPR in 12 steps

Ref: IT security practical guide

HP laptop ‘keylogger’ bug discovered

by

What is a ‘keylogger’  you ask?

‘Keylogging’ is a method of capturing and recording every keystroke you make on your computer from the moment it is turned on. All information from BIOS passwords to credit card and banking information can be collected and harvested by criminals.

How has this happened?

For the second time this year (a buggy audio driver in May 2017 caused a similar problem) HP software that was included with the laptop when it left the factory has been found to include a keylogger bug. The keylogger was a debug trace that the software developers forgot to remove while developing the software.

How do I get this fixed?

HP have fessed up and released an update to rectify the problem. Use the link below to check if your laptop in on the list and to also download the fix.

https://support.hp.com/us-en/document/c05827409

If you are not sure about how to do this, please contact us at Cactus IT and we will be more than happy to help.

WiFi security hack discovered

by

A WiFi security loophole has been found

My WiFi is secure because it’s encrypted, or so I thought. Most modern WiFi networks are secured, we know this because we have to use a password to connect to them and we are told that the connection is encrypted.

Wrong!! A flaw was discovered this week by Mathy Vanhoef, and published here explaining the details of the vulnerability and how it could be exploited.

The weakness was discovered in the WPA2 standard itself and so can be exploited on the majority of modern WiFi networks where the client devices are running the popular Android or Linux operating systems. Microsoft released a patch on October the 10th to fix this issue in Windows operating systems (now is a good time to run your windows updates please everyone).

The attacker set’s up a cloned identical WiFi network including an SSL strip tool that de-crypts information transmitted in a secure web browser using HTTPS. With that, the ‘man-in-the-middle’ attack is ready to harvest your sensitive information.

What can you do to prevent this?

Now is the time to update the firmware on your WiFi access point or router. Don’t delay, check on the manufacturers website or cloud management portal to see if an update is available.

If you need assistance with the update or are not sure how to check the firmware, please contact us at Cactus IT and we will be happy to help.