Act on cyber threats to your Business, with EDR

Act on cyber threats to your Business, with EDR

Identify and act on cyber threats to your business with Endpoint Detection & Response

 

Learn lessons from cyber-attacks to better protect your business

Businesses are facing well prepared and perilous attackers, including nation states and cyber-criminals that are determined to crack your cyber defences. Attacks are on the rise and, with the random nature by which IT networks are infiltrated, it’s becoming an ill-fated inevitability that we will all suffer from an attack at some point, irrespective of whether we have been precisely targeted or not.

We shouldn’t have to sit back and suffer… with the dangerous rate of attacks taking place, why should we not learn lessons from what’s happened and use those lessons to better advance our defences for next time?

 

Adapt & better protect yourself with Endpoint Detection & Response

With an Endpoint Detection & Response (EDR) service, you’re not only actively alerted to attacks taking place but you will also benefit from intelligent insights that break-down the steps involved to spot patterns & stop the same attack from taking place again.

All credible security vendors that supply & support EDR services will permit their customers access to the global intelligence and remedial protection insights gained globally from deployments of their software across each endpoint device.

 

What can we do with the insights?

EDR supports targeted attack analytics, which is a holistic approach to attack discovery. Making advanced AI and expert threat research available to any organisation that’s a customer of the EDR product.

There is no longer the need to physically correlate scans of your devices, with limited intelligence gained from only your own network. This disjointed approach results in visibility gaps, too many false positives, longer threat dwell times and less accurate detection.

With the power of EDR, your outsourced IT partner or internal IT personnel, can be the step-ahead in defending your business with security awareness otherwise unavailable to them.

 

How does EDR work?

EDR collects event data across multiple termination points, including end user computers, servers, email and cloud applications, providing a complete view across the business and a global view based on telemetry from thousands of enterprises.

The security vendor employs data scientists that create analytic applications, which employ the newest artificial intelligence and advanced machine learning techniques to detect distrustful activity. This activity is investigated by their own attack investigation teams, who’s role it is to control actual attack patterns occurring in your environment and feedback critical updates to your console in real time, with details of the attack actor, the devices impacted by the attack and advice on remedial actions to take to repair & protect further exposure.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Last layer of Security, Don’t get caught out…

Last layer of Security, Don’t get caught out…

Data backup…your last line of defence in the war against hackers

 

What is the danger to my data?

In the rise of threats to our valuable & private data, cyber-criminals are forever generating new ways to disrupt and defraud our professional and personal lives. One of the cyber threat trends that has seen a sharp upsurge in activity within recent years is Ransomware.

Ransomware takes its action via the arrangement of malicious software that restricts or removes your access to file data stored on your computer or server. Downloaded from an illegitimate website or arriving on your computer via an email link or attachment, the Ransomware application swiftly installs itself & begins to infect or take control of your file data without the computer user even being aware an attack has taken place.

Ransomware, as the name suggests, is a means by which hackers can take something belonging to you or your company and hold it to ransom for release upon receiving a monetary payment from you. Although, there’s no guarantee they’ll even release the file upon receiving your payment!

 

Can we stop ourselves becoming a target?

Although it’s serious to ensure you have cyber defences in place, it is almost impossible to ensure that you are 100% shielded from the threat of cyber-crime, particularly from the specific threat of Ransomware.

The malicious software used to launch a Ransomware attack is constantly developing and can take many forms, despite security vendors frequently updating their software & threat analysis, there is a strong chance that an blameless action by one of your users will result in their machine becoming infected at some point.

 

What we can do if we’re attacked?

Firstly, make efforts to limit your exposure to attack by certifying you have cyber defences in place and have directed awareness training for your team.

But, when you unavoidably suffer from an attack, your last line in the defence against cyber-crime is to rely upon secure recovery point from a current, ring-fenced data backup solution.

With a professional-grade backup service, you can benefit from peace of mind that your up-to-date data is stored, securely, in an alternate offsite location and is ready for recovery at a moment’s notice in the event of loss or corruption to any, or all, of your files or system data.

 

But we already backup data to a disc?

Having a data backup of any kind is a supportive initial step to take in a bid to recover your data in the event of any loss. However! An undeveloped backup to an external disk is by no means a reliable or secure means to achieve true peace of mind with all your system data.

There are several manual elements to a disk backup that limit its efficiency in a disaster; most critically, the need for a person to take the disk offsite and remember to bring it back again.

In the event of a Ransomware attack, should the disk be connected to the network, it will most likely be infected and render the backup useless. This twinned with limited means of running effective repeatedly scheduled backups, results in a data backup to disk being a too restrictive and risky means of recovery in the event of a disaster.

 

What should we do instead?

All businesses should function with an automated on-site + off-site backup service, confirming to the of 3-2-1 backup rule.

3 copies of your data – one active on your server/cloud storage/computers, one local backup copy and one offsite copy.

2 forms of media – varying medium of disk or device used to store the backup copies.

1 copy held offsite.

The service should be managed and monitored day-to-day by your external IT service provider or member of internal IT personnel – with strict urgency placed on acting in the event of a failure or issue logged from the previous day’s backup.

It all sounds pricey, however implementing a professional-grade backup solution doesn’t have to cost the earth; particularly if you factor in the cost and inconvenience of a total, or even partial, loss of data.

Commissioning these rules within your business can go a long way to ensuring a fast & effective recovery from a disaster, should you ache the loss or corruption of any data, however large or small.

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Advanced Threat Protection, with Office 365

Advanced Threat Protection, with Office 365

Keeping your data protected… with Office 365 Advanced Threat Protection

Released back in June 2017, as a brief re-cap; in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their non-compulsory add-on security service. Filtering emails, with little impact on productivity, ATP is among the toughest of the add-ons suite to 365, which we strongly impulse businesses to adopt.

Including key features, such as Safe Links, ATP averts users from inadvertently clicking on malicious links embedded within phishing emails that are misleadingly representing themselves from a genuine source, such as a bank, government body or trusted brand name.

Safe Attachments, protects your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.

 

ATP has been around since 2017, so what’s new about it?

A key feature, which has been added to the service’s Anti-Phishing tools, emphasises on Impersonation Detection. ATP has been at work to defend against phishing attacks for quite some time, though attacks known as, “spear-phishing” or “whaling”, where offenders impersonate a trusted sender often targeting entities within a business that may have access to valuable data, are far more problematic to detect.

If the hacker can get their email distributed to their intended target, they are far more likely to be tricked by domain name impersonation. Where two very similar names are used, so alike in fact, that at first glance most users wouldn’t notice anything wrong with the email.

The new Impersonation Detection service works to detect lookalike email addresses and domain names that may be used to hoax users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a reliable email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to likely risks.

This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.

 

Could someone impersonate my domain?

Simple answer, yes. It is astonishingly easy for those with moderately basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to snip valuable data, or simply cause disruption & down time.

One specific risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to mimic your domain, with the one key objective of fooling your personal staff.

Recent examples include, a Finance Director’s email account being impersonated – with an exact mask of the name, full email address, and even his email signature! An email gets sent from this counterfeit account to another member of the Accounts Department, requesting them to make payment on a fictitious invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing error.

 

How can I use ATP to shield against this impersonation?

ATP will routinely keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-selected choices) that fall into an untrusted category, perhaps a spoof domain that is very similar to your own (down to simple variances, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team well out of harm’s way.

The threat management dashboard encompasses real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the fears.

There is of course the risk that honest emails may well be filtered out, so you can of course view a list of all the quarantined emails and choose to act on them all collectively or by individual email.

 

What are the next steps?

If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately! Contact the team to receive support in obtaining and best configuring the service to sufficiently protect your data, users and livelihoods.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Your details might be out there on the Dark Web

Your details might be out there on the Dark Web

 

Your personal details & passwords might be up for grabs on the Dark Web… but what is it?

There are three different levels to the internet – known as the ‘Public Web’, forming only around a very tiny 4% of the internet; is the platform that we all use each and everyday and it is formed of services like websites and social media platforms. The ‘Deep Web’, which represents the largest part of the internet at around 93%, consists of private servers & systems, such as cloud services and CRM databases. Which leaves a small corner of the internet at around 3% of the internet, which is typically for illegal activity and is not as easily accessed. Named the ‘Dark Web’, untraceable and sealed away from normal internet users, it is a prime location for the conduct of business between criminals of all kinds.

 

How do my credentials get there and why?

If a hacker has been able to gain access to a list of user login details from a particular platform or service, your details might well be on that list. These private details will have value to other criminals, so therefore are shared and sold with other parties within the Dark Web.

This malicious community want access to your details to penetrate into your business and personal life. They can easily mimic your actions and, through a number of different routes, look to defraud you and indirectly those they identify you are connected with.

 

Should I be worried?

If your login credentials, email addresses and passwords have been listed on the Dark Web, they will likely be exposed to anyone & everyone that wants them….

And, worse; if you have the habit of using the same password, email address and login ID across lots of different platforms you access, such as your online banking, social media, email accounts and private file storage; you are hugely vulnerable to cyber-attack and a potential subject of being defrauded across your entire internet presence.

With access to all of your cloud services, it is incredibly likely your identity will be stolen and used as a platform to try to conduct further fraudulent activity by targeting those you are connected with via social media and email.

 

But, what can I do?

There are tools available that can firstly scan the Dark Web and critically identify whether you are at risk. Such services then maintain your peace of mind with monitoring & alerting, by constantly looking up the dark web for your personal credentials, such as; email address, or other associated usernames or IDs, and will then raise an alert to you if anything concerning has been identified.

If your details have been located on the dark web; you benefit from being immediately made aware of your vulnerability and can critically take action by securing access to all of your impacted accounts.

 

How can I avoid becoming a target?

It is almost impossible to prevent yourself from becoming a victim; an sad reality we must all accept is that at some time, our personal data will be stolen or exposed from somewhere. This could be for a number of reasons, such as; your own lack of cyber security, falling victim to a phishing attack, or, a mistake or security flaw by a third party holding your information.

HOWEVER! What’s more far more vital is the fact you can become aware swiftly when you’re at risk. Having a process that includes the implementation of best security practices, such as the setting of secure passwords, ensuring that you regularly change those passwords, differ the passwords & login details across different systems, and lastly, implement cyber security features such as 2-Factor / Multi-Factor Authentication (2FA/MFA), will help you mitigate the risks of exposure.

By enforcing cyber security features, such as 2FA or MFA, you are able to add another key hurdle to the steps hackers have to take to try and get to your data. Should someone else try to access a system that you use, you’ll receive notification by text message, phone call, or email, to your device to authorise that login; therefore helping cyber criminals fail to gain access to your data.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Phishing for your data

Phishing for your data

 

Phishing is rife, and they’re only getting smarter

Hackers are badgering away via a number of routes to get access to your personal details. Email is by far one of the simplest means of access for cyber criminals into a computer network.

You can of course spam filter your emails, but only to a slight degree – otherwise you’d never receive any ever again!

Phishing is the act of tricking an email recipient into inadvertently sharing their data. The tactics by which these sorts of ‘cyber attacks’ are conducted are getting smarter all the time.

In turn, users need to get sharper – Scoping out fraudulent emails on a day to day basis.

 

How do they do it?

Faking email addresses as though they were sent from someone else’s mailbox is unfortunately quite easy to do.

The email itself, (in most cases), isn’t really dangerous. You can simply delete it from your inbox.

The damage comes from clicking any link embedded within or opening the attachment from the email. From this link or attached file, a virus, malware or malicious software will download and install itself to your PC – quite often without the user being aware that anything has happened.

See an example below, (with the victim sender’s details omitted), to which we refer to through this blog article.

 

Phishing Email

What does it look like in my inbox?

The emails are very cleverly hidden. They will appear as any normal email would, with a real email address and could possibly contain an email signature & disclaimer from a real business. The contact may well be known to you and the sort of content contained within the email, may be something that you would generally expect to see from that person. Tricking you as the recipient into a false sense of security.

The email itself, however, is most likely to contain a suspicious link or unrelated attachment, which is the lure to draw you into their grasp, by which they can enter your PC & steal your credentials. This hopefully would differ from the sort of communication you would normally expect to receive (if at all) from this particular email address – helping it stand out as an email to be wary of.

 

What should I look out for?

When you receive any new emails there are a few key things to check straight away, even if you know & trust the sender.

  1. The sender’s name & email address. Is it someone you know? Could you call them and check they meant to send you this particular email?

 

  1. Does the email contain an attachment?

If it is a PDF document, there’s a strong chance that you’re safe.

If it is a Word or Excel document, it may well contain a virus hidden in a script that will run automatically once you open the file.

One thing to keep in mind is that you can’t tell from looking at the file whether it is genuine or malicious before you open it. If you do open it and it’s malicious, it’s usually too late.

 

  1. Does the email contain any links?

Links are fairly simple to check. Hover over the link and your computer will show the website destination where it will actually take you.

If the link appears to be the real website, or where you would expect to land, like in the example below, then it may well be genuine, but that is no guarantee!

Phishing Email

 

With this example, the link takes you to a file hosted in a Microsoft OneDrive account. The email makes it look like this user did actually want to send you this file, which is stored in a reputable place. If the link appears to be of an untrusted source, it would naturally appear to be more suspicious, but on face-value this particular example link appears to be legitimate.

Clicking the link to visit the website, which appears to be a real Microsoft OneDrive file share, you can see an overview of the document, which is apparently a PDF.

Phishing Email

 

Upon further inspection however, hovering over the preview shows the Microsoft notification box with the “Open” button is actually entirely fake – it’s just an image, not a real notification box at all. Hovering anywhere over the open screen shows the entire image to be hyperlinked to a shortened url, (via tinyurl), cleverly and simply masking a malicious website.

Had the “Open” button been genuine and the document was able to be viewed within the browser it would have likely been entirely legitimate.

However on this example, clicking this link does actually take you through to a virus riddled website, leading to the recipient’s email accounts vulnerable to being hacked.

Phishing Email

 

In Conclusion

Always double check. Even if you believe to know the person that sent you the email.

Follow our straight-forward 3-step check list – sender’s name & email address, attachments and links. Checking these three key things before taking any action with the email will help you remain protected.

 

Want to get the best of cyber security for your business?

Here at ITeam, we specialise in studying our clients’ business and best applying security technology to match their needs.

If you would like a free brief discussion about your operational challenges & to explore the threats to your business, please get in touch today – 0117 944 4949 or drop us a line info@iteam.co.uk

Creating a Secure Password

We get asked a lot of questions about passwords and why when we change them people think they might be somewhat obscure. Hopefully I can answer a few of these questions with the information below:

What is a secure password?

Simply put a secure password is difficult/impossible to guess, unique to the system it is protecting and not shared with anyone.

What makes a password secure?

There are a number of things that can make a password more secure some general rules are:

  • Make it at least 8 characters long, longer if you are happy to do so!
  • Make sure it includes a mix of the following:
  • Does include upper and lower case letters.
  • Does include numbers.
  • Does include special characters (e.g. ? ! # @)

Why use a secure password?

People are trying to access your data, FACT, and those people using poor passwords will have their data compromised at some point, another FACT, using a secure password decreases the chances of you data being compromised. It is as simple as that!

What is an example of a secure password?

A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example 3redwaTerMonkeys27!

Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as family names or favourite sports team which are easy to guess.  Cyber criminals know many of the simple substitutions we use such as ‘Pa55word!” which swaps numbers for letters so there is no point in doing that.

Never use the following personal details for your password:

  • Family members’ names
  • Pets’ names
  • Place or date of birth
  • Favourite holidays
  • Something related to your favourite sports team

If you are not speaking to your IT Support provider about this, why not give us a ring?

James Reed
Technical Director