Cyber Essentials is Changing in 2020

Cyber Essentials is Changing in 2020

Cyber Essentials is 5 years old and the National Cyber Security Centre (NCSC) has reviewed the scheme. They will be looking to improve it by appointing a new Cyber Essentials Partner in order to ensure that Cyber Essentials keeps pace with the changing nature of the cyber security threat and remains relevant.

The aim is to:

    • refresh the service
    • increase accessibility
    • provide a simpler path to certification

The current system is administered by several Accreditation Bodies and this has brought about a lack of consistency and added complication. To simplify it there will only be one. The new partner has not been appointed yet, but the new system is expected to be in place by April 2020.

Cyber Essentials is required by Government to be affordable and accessible and the new system will have to meet these requirements.

There are currently 5 Accreditation Bodies operating the scheme on behalf of the NCSC and each one appoints a number of Certification Bodies with the knowledge, training and experience to be able to review and assess Cyber Essentials applications. iTeam is a Certification Body through the IASME Accreditation Body.

As we do not know what the new system will look like it is difficult to predict whether iTeam will continue to be a Certification Body with the new Accreditation Body but whatever happens Cyber Essentials will continue to exist. It is not necessary for iTeam to be a Certification Body for us to continue to provide our Total Secure Systems Management (TSSM) cyber security add-on to our support contracts and continue to get ourselves and our clients Cyber Essentials certified.

Other non-Certification Body MSPs use third parties to certify their clients. Services are being developed to certify in a different way, for instance rather than having us to complete your questionnaire once a year it may be possible to run an application to constantly assess your compliance.

One good thing is that the refresh of the Cyber Essentials scheme will give it better visibility in the business community and encourage more organisations to adopt it which means we will all be safer.

David Hewett
Managing Director
iTeam Solutions Ltd

5 Tips to Secure Your Office

5 Tips to Secure Your Office

When thinking about securing your business from cyber threats, the mind quickly turns to phishing, hacks and viruses, but there are many security threats in and around the office that can expose your business to a host of threats and cybersecurity issues. In conjunction with a solid cybersecurity solution provided by your MSP, be sure you and your employees follow these office tips to protect your physical workspace from system comprises, unauthorised breaches and data loss.

1. Unlocked devices

Mobile phones, laptops, desktops, tablets and even printers/multi-function devices should all be locked and password protected when unattended, as these (and any other) network-connected devices can be comprised, allowing for unauthorised access into your system or unauthorised removal of data from it. Even though most devices lock/power down after idling for some period of time, create an office culture where locking devices becomes second nature for all employees. It’s not that you don’t trust your colleagues, it is just being safe.

2. USB Drives

USB drives pose a host of security issues and we don’t like them at iTeam. Unknown drives should never, ever be used, as they could easily contain hidden malware or spy software that could steal data or install ransomware on your network. However, those drives that you do use for normal business functions must be recorded and kept under lock and key so they are not compromised with malware, misplaced or stolen. USB drives make it far too easy for curious eyes or unauthorised users to get a peek into sensitive or confidential business information and are unfortunately left behind in public places (airports, coffee shops, etc.). Make sure any and all USB drives used in your business are cataloged and their whereabouts known at all times—or perhaps look to cloud solutions for sharing/transporting data and ban the use of them completely.

3. Paper Documents

What may be innocuous to your employees could be valuable to others who want to infiltrate your systems. At the end of the day, be sure that papers, reports, financial records and any other proprietary data is off the desks and locked away. When they are no longer needed, shred any documents with financial records, proprietary data or confidential information. And of course, to minimize the problem, go paper-free wherever possible.

4. Passwords

It’s a common occurrence, even in the face of many strict cybersecurity policies, but many employees use notes or cheat sheets for the various usernames, logins and passwords they require for day-to-day work. Nothing could defeat the purpose of a password more easily than doing this, and leaves the door wide open to anyone who accesses your office to gain entry into your network and systems. We recommend the use of a software-based password management system to prevent this risky behaviour. It may not be as quick to access those important passwords as writing them on a sticky note, but is far more secure so just get used to doing it.

5. Wallets and Keys

Just as easily-accessed passwords are a threat, wallets and keys that are left on desks during meetings, bathroom breaks, lunches, etc., can all leave your business exposed to unauthorized entry. Pay special attention to this if there are areas of your business under lock and key, or if ID/keycards are used, as these are typically kept in wallets. Lost keys and access IDs can quickly lead to tampered or duplicated methods of access, so if need be, offer lockers or secure places where employees can store their personal belongings while they work.

So as well as considering technical measures to guard against cyber threats, consider these security best practices. They are largely not about spending money but changing your workplace culture to become more aware of how physical security and cyber security can help protect your business.

I’m always happy to talk about how iTeam might be able to help you look after your data and systems more securely. Please get in touch if you think we can help.

David Hewett
Managing Director
iTeam Solutions Ltd

Act on cyber threats to your Business, with EDR

Act on cyber threats to your Business, with EDR

Identify and act on cyber threats to your business with Endpoint Detection & Response

 

Learn lessons from cyber-attacks to better protect your business

Businesses are facing well prepared and perilous attackers, including nation states and cyber-criminals that are determined to crack your cyber defences. Attacks are on the rise and, with the random nature by which IT networks are infiltrated, it’s becoming an ill-fated inevitability that we will all suffer from an attack at some point, irrespective of whether we have been precisely targeted or not.

We shouldn’t have to sit back and suffer… with the dangerous rate of attacks taking place, why should we not learn lessons from what’s happened and use those lessons to better advance our defences for next time?

 

Adapt & better protect yourself with Endpoint Detection & Response

With an Endpoint Detection & Response (EDR) service, you’re not only actively alerted to attacks taking place but you will also benefit from intelligent insights that break-down the steps involved to spot patterns & stop the same attack from taking place again.

All credible security vendors that supply & support EDR services will permit their customers access to the global intelligence and remedial protection insights gained globally from deployments of their software across each endpoint device.

 

What can we do with the insights?

EDR supports targeted attack analytics, which is a holistic approach to attack discovery. Making advanced AI and expert threat research available to any organisation that’s a customer of the EDR product.

There is no longer the need to physically correlate scans of your devices, with limited intelligence gained from only your own network. This disjointed approach results in visibility gaps, too many false positives, longer threat dwell times and less accurate detection.

With the power of EDR, your outsourced IT partner or internal IT personnel, can be the step-ahead in defending your business with security awareness otherwise unavailable to them.

 

How does EDR work?

EDR collects event data across multiple termination points, including end user computers, servers, email and cloud applications, providing a complete view across the business and a global view based on telemetry from thousands of enterprises.

The security vendor employs data scientists that create analytic applications, which employ the newest artificial intelligence and advanced machine learning techniques to detect distrustful activity. This activity is investigated by their own attack investigation teams, who’s role it is to control actual attack patterns occurring in your environment and feedback critical updates to your console in real time, with details of the attack actor, the devices impacted by the attack and advice on remedial actions to take to repair & protect further exposure.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Last layer of Security, Don’t get caught out…

Last layer of Security, Don’t get caught out…

Data backup…your last line of defence in the war against hackers

 

What is the danger to my data?

In the rise of threats to our valuable & private data, cyber-criminals are forever generating new ways to disrupt and defraud our professional and personal lives. One of the cyber threat trends that has seen a sharp upsurge in activity within recent years is Ransomware.

Ransomware takes its action via the arrangement of malicious software that restricts or removes your access to file data stored on your computer or server. Downloaded from an illegitimate website or arriving on your computer via an email link or attachment, the Ransomware application swiftly installs itself & begins to infect or take control of your file data without the computer user even being aware an attack has taken place.

Ransomware, as the name suggests, is a means by which hackers can take something belonging to you or your company and hold it to ransom for release upon receiving a monetary payment from you. Although, there’s no guarantee they’ll even release the file upon receiving your payment!

 

Can we stop ourselves becoming a target?

Although it’s serious to ensure you have cyber defences in place, it is almost impossible to ensure that you are 100% shielded from the threat of cyber-crime, particularly from the specific threat of Ransomware.

The malicious software used to launch a Ransomware attack is constantly developing and can take many forms, despite security vendors frequently updating their software & threat analysis, there is a strong chance that an blameless action by one of your users will result in their machine becoming infected at some point.

 

What we can do if we’re attacked?

Firstly, make efforts to limit your exposure to attack by certifying you have cyber defences in place and have directed awareness training for your team.

But, when you unavoidably suffer from an attack, your last line in the defence against cyber-crime is to rely upon secure recovery point from a current, ring-fenced data backup solution.

With a professional-grade backup service, you can benefit from peace of mind that your up-to-date data is stored, securely, in an alternate offsite location and is ready for recovery at a moment’s notice in the event of loss or corruption to any, or all, of your files or system data.

 

But we already backup data to a disc?

Having a data backup of any kind is a supportive initial step to take in a bid to recover your data in the event of any loss. However! An undeveloped backup to an external disk is by no means a reliable or secure means to achieve true peace of mind with all your system data.

There are several manual elements to a disk backup that limit its efficiency in a disaster; most critically, the need for a person to take the disk offsite and remember to bring it back again.

In the event of a Ransomware attack, should the disk be connected to the network, it will most likely be infected and render the backup useless. This twinned with limited means of running effective repeatedly scheduled backups, results in a data backup to disk being a too restrictive and risky means of recovery in the event of a disaster.

 

What should we do instead?

All businesses should function with an automated on-site + off-site backup service, confirming to the of 3-2-1 backup rule.

3 copies of your data – one active on your server/cloud storage/computers, one local backup copy and one offsite copy.

2 forms of media – varying medium of disk or device used to store the backup copies.

1 copy held offsite.

The service should be managed and monitored day-to-day by your external IT service provider or member of internal IT personnel – with strict urgency placed on acting in the event of a failure or issue logged from the previous day’s backup.

It all sounds pricey, however implementing a professional-grade backup solution doesn’t have to cost the earth; particularly if you factor in the cost and inconvenience of a total, or even partial, loss of data.

Commissioning these rules within your business can go a long way to ensuring a fast & effective recovery from a disaster, should you ache the loss or corruption of any data, however large or small.

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Advanced Threat Protection, with Office 365

Advanced Threat Protection, with Office 365

Keeping your data protected… with Office 365 Advanced Threat Protection

Released back in June 2017, as a brief re-cap; in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their non-compulsory add-on security service. Filtering emails, with little impact on productivity, ATP is among the toughest of the add-ons suite to 365, which we strongly impulse businesses to adopt.

Including key features, such as Safe Links, ATP averts users from inadvertently clicking on malicious links embedded within phishing emails that are misleadingly representing themselves from a genuine source, such as a bank, government body or trusted brand name.

Safe Attachments, protects your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.

 

ATP has been around since 2017, so what’s new about it?

A key feature, which has been added to the service’s Anti-Phishing tools, emphasises on Impersonation Detection. ATP has been at work to defend against phishing attacks for quite some time, though attacks known as, “spear-phishing” or “whaling”, where offenders impersonate a trusted sender often targeting entities within a business that may have access to valuable data, are far more problematic to detect.

If the hacker can get their email distributed to their intended target, they are far more likely to be tricked by domain name impersonation. Where two very similar names are used, so alike in fact, that at first glance most users wouldn’t notice anything wrong with the email.

The new Impersonation Detection service works to detect lookalike email addresses and domain names that may be used to hoax users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a reliable email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to likely risks.

This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.

 

Could someone impersonate my domain?

Simple answer, yes. It is astonishingly easy for those with moderately basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to snip valuable data, or simply cause disruption & down time.

One specific risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to mimic your domain, with the one key objective of fooling your personal staff.

Recent examples include, a Finance Director’s email account being impersonated – with an exact mask of the name, full email address, and even his email signature! An email gets sent from this counterfeit account to another member of the Accounts Department, requesting them to make payment on a fictitious invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing error.

 

How can I use ATP to shield against this impersonation?

ATP will routinely keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-selected choices) that fall into an untrusted category, perhaps a spoof domain that is very similar to your own (down to simple variances, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team well out of harm’s way.

The threat management dashboard encompasses real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the fears.

There is of course the risk that honest emails may well be filtered out, so you can of course view a list of all the quarantined emails and choose to act on them all collectively or by individual email.

 

What are the next steps?

If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately! Contact the team to receive support in obtaining and best configuring the service to sufficiently protect your data, users and livelihoods.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Your details might be out there on the Dark Web

Your details might be out there on the Dark Web

 

Your personal details & passwords might be up for grabs on the Dark Web… but what is it?

There are three different levels to the internet – known as the ‘Public Web’, forming only around a very tiny 4% of the internet; is the platform that we all use each and everyday and it is formed of services like websites and social media platforms. The ‘Deep Web’, which represents the largest part of the internet at around 93%, consists of private servers & systems, such as cloud services and CRM databases. Which leaves a small corner of the internet at around 3% of the internet, which is typically for illegal activity and is not as easily accessed. Named the ‘Dark Web’, untraceable and sealed away from normal internet users, it is a prime location for the conduct of business between criminals of all kinds.

 

How do my credentials get there and why?

If a hacker has been able to gain access to a list of user login details from a particular platform or service, your details might well be on that list. These private details will have value to other criminals, so therefore are shared and sold with other parties within the Dark Web.

This malicious community want access to your details to penetrate into your business and personal life. They can easily mimic your actions and, through a number of different routes, look to defraud you and indirectly those they identify you are connected with.

 

Should I be worried?

If your login credentials, email addresses and passwords have been listed on the Dark Web, they will likely be exposed to anyone & everyone that wants them….

And, worse; if you have the habit of using the same password, email address and login ID across lots of different platforms you access, such as your online banking, social media, email accounts and private file storage; you are hugely vulnerable to cyber-attack and a potential subject of being defrauded across your entire internet presence.

With access to all of your cloud services, it is incredibly likely your identity will be stolen and used as a platform to try to conduct further fraudulent activity by targeting those you are connected with via social media and email.

 

But, what can I do?

There are tools available that can firstly scan the Dark Web and critically identify whether you are at risk. Such services then maintain your peace of mind with monitoring & alerting, by constantly looking up the dark web for your personal credentials, such as; email address, or other associated usernames or IDs, and will then raise an alert to you if anything concerning has been identified.

If your details have been located on the dark web; you benefit from being immediately made aware of your vulnerability and can critically take action by securing access to all of your impacted accounts.

 

How can I avoid becoming a target?

It is almost impossible to prevent yourself from becoming a victim; an sad reality we must all accept is that at some time, our personal data will be stolen or exposed from somewhere. This could be for a number of reasons, such as; your own lack of cyber security, falling victim to a phishing attack, or, a mistake or security flaw by a third party holding your information.

HOWEVER! What’s more far more vital is the fact you can become aware swiftly when you’re at risk. Having a process that includes the implementation of best security practices, such as the setting of secure passwords, ensuring that you regularly change those passwords, differ the passwords & login details across different systems, and lastly, implement cyber security features such as 2-Factor / Multi-Factor Authentication (2FA/MFA), will help you mitigate the risks of exposure.

By enforcing cyber security features, such as 2FA or MFA, you are able to add another key hurdle to the steps hackers have to take to try and get to your data. Should someone else try to access a system that you use, you’ll receive notification by text message, phone call, or email, to your device to authorise that login; therefore helping cyber criminals fail to gain access to your data.

 

Want to get the best of cyber security for your business?

At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.