Security

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Here Phishy, Phishy, Phishy….


No Comments

A couple of weeks ago, there was a mandatory ‘here’s how to help keep the company from falling prey to cyber attacks’ lecture at Cetus. We all trooped downstairs, cramming into one of our board rooms, mugs clinking and teas sloshing. One of the lovely ladies from Barclays came in to give us a word of warning- or forty- on how to spot nefarious activity and not fall prey to a scam. By the end of it we were all ready to delete our Facebook, Twitter and Instagram accounts, never use an ATM, and I seriously started questioning my role within social media. It was quite the terrifying afternoon. Between social engineering, ransomware and phishing, it’s a miracle we all aren’t in debt from scammers. But the most terrifying aspect was learning just how prevalent phishing attacks are.

Big ransomware scams make the news constantly- splashed across the news, Sharon from HR standing at the water cooler to share the details in whispers to anyone who passes by- but phishing is the bigger threat here. In reality, a ransomware attack usually only demands several hundreds of pounds from the organisation it invades, while a phishing scam generally scams thousands of pounds from the victim. Not only that, but it’s easier for the cyber criminal to carry out a phishing attack. Now that I’ve given you something short of a heart attack (sorry), let’s turn this around shall we? Here are a few key ways of keeping you off the phisherman’s hook.

Beware of the sender
It doesn’t really matter whether it’s personal or corporate, receiving an email either makes you want to go on an extended holiday or celebrate. At work you’re usually too busy opening and replying in record time to get on with the mountain of tasks that grows with every email. It’s fair to say that you don’t always check who the sender is. I mean, we’re all weary of any Arabian Prince trying to get into contact, but aside from that we’re pretty chill for the most part. If they’ve gone to the trouble of finding your email address (I still can’t figure out how people manage to find me) then chances are they really need to chat, right?

Depending on how much of a nightmare you are in life, you probably won’t know the hacker. So before you jump into your emerging pile of unopened emails, take a quick look. If you suddenly get an email from someone you don’t speak to regularly on the topic of something that you don’t normally think about, be slightly weary. Check the sender’s address- does it look a bit weird? Is there a random ‘0’ instead of an ‘O’? Could that ‘i’ actually be Vietnamese character ‘ỉ’? Is there an extra letter or number in the address that shouldn’t be there? If you see one of these little tricks, bonus points for your great eyesight, and definitely get the email checked out.

‘I get scammed with a little help from my friends’
Did the email check out, but you’re still not 100% sure if you need to detonate your computer immediately to avoid any viruses escaping through the network? Take a quick look at the list of people that received the email. Do you know them? Is it a strange group, ie the sales group being added one name at a time instead of the group link? The cyber criminal might be targeting a large number of people in your organisation, so if you see people on the list that you wouldn’t normally be in contact with, or from a department that has nothing to do with yours, be extra careful.

Bit of a dodgy subject line
Aside from Sharon’s bi-monthly suggestion for drinks in the pub across the way after work on a Monday night, you should really only be getting emails that directly relate to your job function. That is, unless you’re in marketing- we seem to get our noses into plenty of unrelated jobs. If you’re getting emails about things that you know you’re not privy to or they make absolutely no sense to you, don’t open it. If it’s not spam, it’ll be malware. If you do happen to open it (oopsie), check if the email is a reply to one that you didn’t send. Does the message match the subject line? A misalignment of the two should send up an army of red flags. Also, while we all have the office oddball that likes to reply to emails at 3am, is it normal to be receiving this email from this sender at this particular hour?

Attachments and hyperlinks of doom
We’ve all opened random attachments or clicked on hyperlinks that we weren’t quite sure about and sighed with relief when it was just a video of cats acting strangely. We know we shouldn’t, but that curiosity can’t be helped. Besides, it could be important, or cats, after all. A few things to check before you right click; did you expect the attachment? Is it a common file type that you would normally receive? Does it have a weird name, or strange symbols in the file name? If you answer yes to these, maybe don’t open it. It’s quite likely to be malicious.

Not quite what you were expecting?
If you receive an email that contains unsettling, startling or urgent content that requires immediate action on your part, it’s most likely a phishing attack. There have been so many of these popping up recently, panicking the nation. At the moment, a common scam is an email from your bank claiming that your account has been hacked and you need to login straightaway, or even move the rest of your funds to another account. For the Netflix lovers among you, there have also been emails being received saying that billing information needs to be updated. Don’t fall for it. If the email includes a link to login or change account details, be extra weary. Don’t use links, web addresses or phone numbers.

Keeping yourself protected from any cyber crime can be a scary business, but even more so when it’s something you could very well unwillingly stumble into. It takes more than trusting your spam filter to keep yourself safe, having a strong cyber security solution is crucial. We work very closely with Check Point to craft solutions that stand tall against phishing, ransomware bots and all kind of nasties, using their SandBlast advanced endpoint threat prevention. Have a chat with our experts to see how we can whisk some cyber security into your perfect infrastructure solution so that it’s one less thing you need to worry about.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Skyscraper: When Cyber Security Goes Wrong


No Comments

It was one of the biggest blockbusters of the summer. Dwayne Johnson’s Skyscraper thriller grossed $304.1 million during the hottest summer in living memory. Honestly, it probably would have made more, but for the fact that half of the UK population was sitting in any available patch of sun with a beer in their hands. I was one of those people, although with fruity cocktails instead. That was when I wasn’t in the office writing witty blog posts on Citrix Workspace, of course. Alas, while I had every intention on going to see the film, I never got around to it. So it was my pleasure, two Saturdays before Christmas, to snuggle in my pjs and pop it on (I lead the most exciting life when I’m not in the office). Well. While it’s action-packed with an interesting futuristic spin, I couldn’t help but spend the whole movie pointing out, sadly to no one in particular (I’m going to have to get a cat), all the various cyber security blunders that Johnson’s character made. Not one to waste my breath, or a good writing idea, I’m going to lay it all out in this blog post so that you can giggle along with me. Before we go any further though, there may be a spoiler or two, you have been warned.

In a nutshell, Johnson plays ex-FBI hostage-negotiator-turned-private-security-expert Will Sawyer, who gets called to Hong Kong in order to assess the security of the world’s tallest skyscraper. The Pearl, 225 stories and a whopping 1,100 metres tall, needs an inspection of the upper residential half before it can be opened to tenants. Since we are, after all, living through the ‘IOT for all of the things!’ revolution, no matter how mundane the appliance, it’s no surprise that the Pearl was built with tech in mind. It’s basically a giant computer, full of safety features and automations that make living and working there slightly more exciting than your average building. We saw absolutely zero evidence of it, but I’m still sure the lights turn on and off by clapping your hands. Anywho, we see Sawyer being given a tablet that controls the entirety of the 225 floors and shooed out of the door to go inspect the offsite security centre that controls the skyscraper. The tablet, obviously, isn’t in his possession for long, as it gets robbed by a group of terrorists who succeed in burning down the $200 billion structure with it. The sad part is, if the IT department had deployed a better cyber security solution, it could all have been avoided. Typical.

Who needs an effective authentication method, am I right?! This was mistake number one. For some incomprehensible reason, the only way of unlocking the tablet that controls the entirety of the building is via facial recognition. That’s it. Sure, in cinematographical terms this looks the best. It’s impressive and futuristic, suave and savvy. It’s every nerd’s dream. And facial recognition as part of multi-factor authentication is really effective. In the blink of an eye, it can analyse billions of tiny little markers on your face to unlock your device. But who on earth would think that it would be enough? For god’s sake, just signing into my Facebook requires my password, mother’s maiden name, list of my three favourite chocolate bars (in order) and the promise of my firstborn. Truth be told, facial recognition alone was irresponsible, and about as effective of protecting all that important data as using ‘1234567’ as a password. Hell, put a photo of Sawyer in front of the camera and that would probably fool it. There are so many effective ways to authenticate identity (I wrote an entire post on it). Why not have a secondary form of authentication, like having a password activate on Sawyer’s smartphone? That would have been clever.

Mistake number two; not informing the IT department of the breach. Err, this should have been the first point of call when Sawyer’s tablet got robbed. Instead, being the idiot that he is, he threw caution to the wind and went running off to save his family. Just one minute on the phone to IT and they could have stopped the disaster that was about to unfold. A good cyber security solution would have removed access to the tablet in a couple of clicks, rendering the terrorists’ efforts moot. In fact, it would have taken no time at all to wipe the data clean from the device, essentially turning it into an expensive, albeit sleek-looking, paperweight. It does echo a current issue facing organisations in terms of cyber security; the majority of security breaches come from employees who, inadvertently or not, allow the threat to infiltrate the network. This can happen from clicking on a dodgy link in an email (it’s sadly not a video of cats acting strangely)- in fact, phishing attacks are more prevalent and more likely to scam large sums of money from an organisation. Realistically, in this situation, Sawyer seriously neglected his responsibility to inform the IT department. While he undoubtedly performed some incredible gymnastics and it was thoroughly enjoyable to watch, I would have loved to hear his rationale when all was said and done. I doubt he’d be hired to assess the security of a paper bag after that!

The moral of this story is, and I’m sure it’s what director Rawson Marshall Thurber wanted to portray; don’t let your organisation become the Pearl and burn down to the ground- make sure your cyber security solution ticks all the boxes. We work closely with Check Point to incorporate secure technology into our solutions, effectively avoiding the risks that we saw Sawyer facing in the film, and many more besides. Have a chat with our cyber security solution experts here at Cetus, and in the meantime book yourself in for one of our complimentary security posture reviews!

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Cloud, IT Solutions, Security, Technology, Uncategorized

Application Testing in the Cloud


No Comments

If you’ve been keeping up with the hype, you’ve probably been looking into deploying a cloud of some form in your organisation. Be it public, private or hybrid cloud, the possibilities that they come with are endless and revolutionary. I’m sure you’ve heard all of those buzzwords before, building the idea of ‘the cloud’ into an amazing, it’ll-fix-any-problem-you’ve-ever-had-and-more! miracle that’s more of a unicorn than anything else. But you might have discovered that it’s not all sunshine and rainbows when it comes to cloud. Application testing has become one of the little bugbears that people forget- or choose to ignore- when putting together a cloud strategy. When you roll out anything new, it’s important that it’s a success- your bottom line could very well depend on it. And without regular testing you don’t even know what you’re throwing out into the world.

Several years ago, virtualisation became a new focus for IT departments. This new ideology of sharing computing resources across multiple operating systems increased productivity through reduced costs and increased scalability and easy administration. This fabulous new way of running IT infrastructure observed the evolution of virtualisation of cloud in the form of cloud computing. It paved the way for the dream of ‘Everything as a Service’, essentially creating a foundation for many of the technological advances we have today (but for some reason I still can’t get a delivery from the McDonalds a mile away, so there are clearly more worldly advances yet to be achieved).

Cloud testing is the actual testing of the resources on demand; think hardware, software etc. Testing is crucial for the health of your IT environment, especially when it comes to your cloud offerings, ensuring that it not only meets functional requirements, but also non-functional. Securing and managing performance of your applications is essential regardless of where they are; in the cloud or on-premises. It’s not the case of testing an application when it first gets deployed and never needing to bother with it again; the status of applications can change over time.

There are so many benefits for cloud testing that are easily obvious when you experience them. The normal testing approach is to invest in the adequate hardware and software infrastructure needed to carry out the testing. Since the environment supplied to the testing team very rarely matches that of the user, testing applications in the cloud can alleviate the issue of rapidly-changing requirements, allowing the tester to easily replicate the user environment and find defects early in the cycle. Migrating apps to the cloud can also reduce the cost of infrastructure licence renewal, as the organisation doesn’t have to purchase the infrastructure that won’t all be in use at the same time. With the end user environment in the cloud, it’s a simple enough task for an IT department to customise the testing environment match. This customisation reduces the cost and time of regular testing. The testing team can easily perform load and performance testing scenarios in various permutations and combinations.

But, as with everything, there are downfalls. I hate to have to list them, but here we are. By relying on and using the cloud as infrastructure, we do face a few hiccups. But nothing too scary, I promise. Security is one; user privacy needs to be protected, while also allowing the necessary protections that hold up to standards. The security of applications that run in the cloud and security testing techniques also need to be addressed by organisations when it comes to cloud infrastructure. The performance of an application in the cloud is another significant issue that regularly gets overlooked. How are we to know if an application works the same way, especially when hosted in a private cloud? The application itself will be shared amongst plenty of users, so that could cause a delay, especially if bandwidth isn’t good enough for testing. It’s surprising that in certain instances, the particular configurations of a user can be that complex that they just simply aren’t supported by that cloud provider. I don’t get it either. Bottom line, that can make it that much more difficult to emulate a user environment. The last little issue is that of integration testing. It’s easy enough to test the network, database, servers, and whatever else needs to be done. The tester already won’t have control over the underlying environment, but on top of that they’ll have to essentially guess how it would behave. If there are interactions between two components, the tester can only anticipate risks, such as crashes, network breakdown, or your server going on a sudden holiday.

Ensuring the maintenance and performance of your applications in your chosen cloud is crucial for your organisation. Where a lot of people would just love to ignore the finicky bits of testing, here at Cetus we like to dot the Is and cross the Ts, and that includes your testing. Our experts are specialists in application testing and making sure that everything works just right. If testing of your applications is something you’d like to master, make sure to have a chat with one of our experts who will show you first-hand the benefits, while eliminating as many downfalls as possible.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, IT Solutions, News, Security, Technology, Uncategorized

When 2019 Comes


No Comments

It was the mid-nineties, ‘IT’ was the new ‘data processing’, and we’d started using a new gadget called a ‘modem’ to connect our business to the outside world. They were exciting times; technology was changing how we communicated; and we could access technical information at any time. So … I decided that it was time to enlighten my team with a broad-thinking; almost visionary statement: “this Internet thing is really cool … but it’s just for techies”.

In hindsight; it ‘might’ be argued that my statement was, perhaps, a little bit short of ‘visionary’. In fairness; my comment was based on the, then, limited capabilities of CompuServe; which was nothing more than a chat group and download site for technical documents.

And so, with my ability to predict the future firmly and clearly established; it’s time for me to get to the topic of this blog: Top Predictions for 2019. As we, Cetus, look forward to the year ahead; we’re keenly aware that a number of technological drivers will affect the nature of our business. Here’s a few of the key drivers that we are gearing up for 2019:

1. The Internet. I’d better address this one – the Internet will continue to be quite popular in 2019. There, that’s that one put to bed.

2. Windows Desktops. Once the direct target of our VDI marketing efforts (due to its total cost of ownership and unpredictable user experience); the ability of Windows 10, in particular, to deliver a well-managed user environment has put Windows 10 back on the ascendancy.

3. Hybrid-Cloud. It’s been around for quite some time now, and many solutions providers are saying that it’s the future apparently. We beg to differ. Hybrid-Cloud is the ‘now’. You need look no further than Office 365 and SalesForce to see that we have been hybridising our clouds for quite some time now. 2019, however, will see the adoption of IaaS and PaaS, from the likes of Microsoft Azure and AWS, increasingly be the first choice of organisations across all sectors, public and private. 2019 will continue to favour solution providers who recognise that the resulting complexity is a feature not a failure of hybrid cloud; and who provide solutions that embrace and mitigate the complexity, rather than amplify it.

4. SD-WAN. Strongly related to the increasing adoption of the hybrid-cloud model; Software Defined WANs will see significant growth due to their ability to provide: increased resilience, lower price point and better performance over traditional WAN deployment methodologies.

5. Gen-V Security. Also referred to as Next Generation Security – the ability to deploy advanced threat protection that integrates boundary protection, endpoint protection and community threat intelligence is becoming a business necessity, rather than a nicety. Throw in Analytics and Micro-segmentation and you’ll soon realise that technology is providing a robust response to today’s multi-threat cyber security environment.

6. Virtual Workspaces. You might think that this is just the latest marketing term for VDI. We see it rather differently. Virtual Workspaces encompass more than just the desktop; we deliver a workspace that sees the desktop as merely a means to an end; namely a way of accessing applications and data. A Virtual Workspace now, more than ever, must be mindful of the desire of organisations and users to access their workspace using any device; from any location and at any time.

7. Automation. Our principle partners; Citrix, Microsoft and VMware all recognise that the increasing complexity of today’s IT environments require a more open approach to integration. This manifests itself as an increasing focus on cross IT element automation; relieving the IT function of large swathes of BAU activities, allowing them to focus on business innovation.

The above are all encapsulated by our 2019 Solutions Portfolio. By working closely with our primary vendor partners; we are able to draw down their strategic visions, and to combine these with over 17 years of delivering Secure Application and Data Delivery Platform solutions. The result is that we now have hundreds of customers who count on us to help guide them through turbulent times; who see us an extension of their IT teams; and with whom we have the genuine pleasure of travelling into 2019 as partners.

To hear more about how we can help your organisation get ready for the challenges of 2019; why not join us at one of our upcoming Cloud Workshops? Of course; I’ll be presenting, and I’ve prepared a fascinating session on “Why Smartphones are Cool – but just for techies”. I can’t wait!

Speak to an expert

 

Directors-9619Paul Kiveal – Business Development Director
Paul works with business leaders, helping combine strategic objectives with innovative technical solutions, developing inspirational new IT platforms that transform the way technology powers organisations.

Blog, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

The Cyber Security Threats You Need to Plan for in 2019


No Comments

It’s that time of year again; time to be weary of scary things jumping out on your screen when you’re least expecting it, of monsters following you into your dreams and escaping from your [data] closet. I’m referring, of course, to National Cyber Security Month, the month to take extra care when it comes to protecting your organisation from cyber-gremlins. And I’m sure you’ve been hearing about it non-stop for the last three weeks; participating in the office games, including ‘bobbing for malware’, ‘pin the data on the phishing attempt’ and ‘pass the ransomware’. All party classics. Regardless, it’s an important issue that gets pushed to the side all too often throughout the year. So now is the time to make that extra bit of effort to make sure that you’re protected should the Big Bad Cyber-attack knock on your door (or make you realise just how badly your straw house was lacking).

To switch things up a bit, I thought it would be clever to start thinking about what lies ahead, when the dark, cold nights and endless Christmas parties make way for snow in April. Now is a good time to start planning for 2019, and what the cyber landscape might look like next year. I’ve dusted off my crystal ball and called upon the spirit of Google to tell me exactly what cyber security threats we’re most likely to hear about next year. So buckle up, take notes, and be prepared to impress your boss with your savvy goal-setting ambitions. You’re welcome in advance.

It seems like the world spent the entirety of 2018 running around trying to put out phishing fires. Unless you live under a rock, or are lucky enough to spend your days on a wifi-less beach, you can’t have missed the crazy number of phishing attacks that were publicised. Every second cyber security article had details of attacks and startling statistics (76% of businesses reported being a victim of an attack in 2018 so far). Alas, while phishing has been around since 1980, it has just been ramping up in popularity and severity over the last year or so. When it comes to internal threats, it’s by far the easiest way to get access to sensitive information. According to a Verizon report, 30% of phishing attacks get opened by American users, with 12% of those targeted by the emails clicking on the infected links or attachments. The element of human error makes it that much more appealing. Unfortunately, the only solution to phishing (for the time being anyway) is to train your users to be extra vigilant when opening emails from external sources, and make sure your spam filters are extra strong.

Here’s an interesting (albeit worrying) one; your new smartphone being compromised before it even gets in your hands. Malware is another one of those evil little buggers that can really cause trouble if you’re not very careful. Like phishing, it’s becoming a prevalent part of the internet landscape that users have to be wary about, kind of like not playing in traffic and eating your vegetables. In a society where being always-on is a necessity, mobile phones have become replacements for desktop computers. Think about it, what do you store or have access to on your laptop that you don’t on your phone? The data your phone collects on a daily basis is a very attractive target for cybercriminals. But the modern cybercriminal doesn’t have to stand on a street corner and ‘accidentally’ bump against you to steal your mobile, and ergo your data. Apps are an easy hands-free way to bypass security measures and cause trouble without even clicking on a malicious link. There have even been reports of smartphones leaving the factory floor with malware built in! This malware, called Cosiloon, can send users to download dodgy apps that they didn’t intend on accessing. The app is passive, only visible to the user in the settings section, but then connects with a website to grab the payloads that hackers want to install on the phone.

Speaking of phones, surprise, surprise; cryptocurrency is going to continue to be a massive deal in 2019. And since it is, the dollar signs in the eyes of hackers are getting even bigger. Cryptomining was a new trend for 2018, but without a doubt will gain traction during the next year. Uber-clever cybercriminals infect machines to commandeer their CPU power and steal Bitcoin. What we will most likely see in 2019 is the rise of cryptomining through mobile devices. Since cybercriminals need the infected device to be running to access the processing power, it only makes sense for them to move onto always-on mobile devices. Clever, huh? Many hackers simply create useful and legitimate apps, such as calculators, music videos or voice recording technology, and then embed a script that allows the cryptomining plugin to work silently in the background (don’t start getting any ideas). Since the nature of mobile is to simply make everything so damn complicated and finicky, you probably wouldn’t even notice the extra tab on your browser. The only thing that would indicate that you were a potential victim would be the quick-draining battery. But let’s face it, how often would you attribute awful battery life to a hacker, rather than just having an older phone? “You’d need terrible mobile security!” you might guffaw, pitying the idiot commoner that wouldn’t think of protecting their mobile devices (oops, that would be me). Alas, cryptomining doesn’t technically compromise the security of the device, as it doesn’t bypass security systems or install any rogue software. If you think you’re being clever by installing app-only or endpoint-based security solutions, you won’t be the one laughing (I don’t feel so bad then).

CheckPoint’s SandBlast Mobile is one fabulous piece of software that can and will protect your mobile devices. It protects users from threats to the OS, apps and network, and boasts the industry’s highest threat catch rate. Zero-day malware, using a software vulnerability for which there isn’t any available fix or defence at the moment, is being created and released onto unsuspecting victims every day. SandBlast Mobile blocks zero-day malware (I think it’s magic, actually), and prevents phishing on your apps. If you’re worried about infected devices accessing corporate data, it will intuitively block the device, while also blocking infected devices from sending on sensitive data to botnets. Possibly the most innovative feature of SandBlast Mobile is how it mitigates threats without having to rely on a management platform, which means that you’re protected even when you might not be on the ball (mobile attacks can also happen after late nights- you can’t have Spidey senses all the time!). Regardless of what you do or access on your mobile, if you work from your phone- even if it’s just to reply to emails- SandBlast Mobile is the all-encompassing solution for you. Well then, we can pretty much strike off two of those potential 2019 issues with just one technology!

We’re all for embracing the future here at Cetus. There is so much to look forward to, and so many awesome new technologies- both malicious and not- that will come about, regardless of how well you try to prepare. Working with CheckPoint, we feel reassured that our cyber security is covered, regardless of time, place or device. If you’re interested in what our experts have to say about all the cool things that CheckPoint offer, you can have a chat with them with here. And don’t forget to tell us what you think; what will 2019 have to offer by way of cyber security threats?

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, IT Solutions, Security, Technology, Uncategorized

Improving your Network Security; it Doesn’t Have to be a Scary Business


No Comments

It’s finally October! Time for the quintessential Pumpkin Spice Latté from Starbucks, complaining about the sudden early evenings and frantic last-minute costume shopping for the office Halloween party. It also happens to be International Cyber Security Month; a friendly reminder to take extra care when it comes to your cyber security, lest a cyber-Dracula should invade and exsanguinate you of all of your rich, iron-filled data. Here at Cetus, we’re always up for a bit of spooky fun, but when it comes to security we’re serious. This week, in honour of Anti-Malware,-Ransomware,-Phishing,-And-All-Things-Evil Month (it’s original title wasn’t quite catchy enough), I’m going to try and make improving your network security a little bit more fun. I’m only 125 words in, so there can be no promises.

Along with an effective cyber security policy, creating a plan in the case of a cyber-attack, using micro-segmentation to minimise the damage of said cyber-attack, making sure that you have ample backups in place to maintain your business after a cyber-attack, and many, many more stress-inducing topics for you to worry about, making sure your network security is up to scratch is also crucial for your business. (If you’re looking at that list and wondering what on earth you’ve been missing, they all link to delightfully hilarious posts that will alleviate all of your fears.) Your network is the glue that holds the entirety of your organisation together. Or, in this instance, it’s the stitching that holds the body parts of your Frankenstein Monster of an organisation in place. Ever try sharing a digital document with Stacy from HR in the next building without a network? It would be faster to train a carrier pigeon to knock on her window- but that wouldn’t be without the risk of interception. Or practise morse code- unless Stacy is on the other side of the building. If you’re lucky enough to be by a window directly across from her, there’s always the option of folding up a paper airplane or, my favourite, using a tin can telephone. And those are all well and good, but what about if Stacy’s office is in another country- or continent? An ultra-sophisticated, time-locked carrier pigeon is the only way to go. Unless you have a secure network, that is.

But ‘pub tonight?’ emails aren’t the only things your network adds to your business (though it might be one of the most important ones). Think of all of the many files that are stored on your organisation’s shared network drive, and all of the instances you need to access one. Last-minute edits to the document that your sleepy, unsupervised intern prepared for your board meeting? Holiday request form? I guarantee you, you pop in there at least once a day to spend half an hour looking for a document someone else created. Without your network, you’d be a building of USBs wandering around the office. Your extremely helpful Outlook calendar that allows you to own the time of your colleagues (but also allows them to rule over yours) is thanks to your secure network, too. Want to work in a café/building site/park bench (near a Wi-Fi source; it’s not that magical)/car park? Feel free to use whatever open Wi-Fi network you want without the worry of a cyber-creep stealing all of your organisation’s secrets. And a lack of network security cost UK small businesses a collective, but nevertheless horrific, £11bn in 2016. So, how do you take care of your Frankenstein Monster?

If your network is Frankenstein Monster’s stitching, then a healthy network security policy is the age-defying, pollution-barrier moisturiser that keeps everything supple. A clear, simple and comprehensive network policy makes everything work smoothly. All it takes is a written document that outlines user policies; who is allowed to access the network, what privileges and limitations do they have, etc. There’s no point letting just anyone who happens to be working for the organisation into every file; unless you’re sending her paper airplanes, Stacy from HR shouldn’t be included in the notes of the main board meeting. A good risk assessment test, identifying important data sets and creating a disaster recovery plan is all that is needed to make sure your network security policy is ready to go! It’s also a good idea to organise drills within your IT department to make sure that the new implementations have been well received by your users, and to identify if they need further training.

A lot of organisations do well to make sure that their network is safe, by investing in the most expensive, most sophisticated and most snazzy infrastructure to keep the outside out. However, where they fail is usually keeping the ‘snazzy’ up to date. We already know that loopholes from unpatched networks can cause some serious security breaches (WannaCry, anyone?), so it’s crucial that your IT department acts on whatever updates may come about. If, for example, Frankenstein’s Monster were to lose a finger or nose, you wouldn’t leave it be, right? So, patch, patch, patch. Speaking of, bad passwords are like skin erosion. Let that fester and it won’t take long until the bad outside germs (cyber threats, in this example) pierce through and infect the entire body. In the age of Gen-V cyber-attacks, it’s important that your password policy is up to the security demands of your organisation. Maybe think about multi-factor authentication? I’ve already written loads on that, but to make it brief, think about making passwords expire every 60 to 90 days, just to be safe.

It’s time to don your favourite lab coat and get into your Dr Frankenstein head space, because now we’re talking about auditing and mapping. Place your monster on the slab and open him up! Know everything about your entire network’s infrastructure; what servers, printers, computers, devices and users are connected? How to they connect, and how do they maintain their connectivity throughout the network? Look for vulnerabilities that could end up causing you trouble in the long run. Keep an eye out for ways you could improve security, performance and reliability. Basically, see if you can replace a few weakened patches of skin with some robust tin and give it a zap to bring it to life.

Last but not least, Dr Frankenstein would hardly have created his monster without making sure he had plenty of backup arms and legs, just in case. And neither should you. Chances are, a hacker will find their way into your system. Which sounds a whole lot less scary if you’ve already read all about micro-segmentation and you’re compartmentalising your network. Regardless, it would be best to make sure you’ll never be caught out if it were to happen. As always, we’ve got you sorted, since we always take backup seriously.

IT’S ALIVE! Now that we have all of that sorted (that wasn’t as torturous as you’d thought, was it?), we’d love to hear what you think. Is Frankenstein’s Monster the best monster comparison of your network? Have you suddenly realised that maybe you need to take another quick look into your security? Have a Halloweeny chat with our experts to see what we can do for you, and decide what you’re going to dress up as this year.

Speak to an expert

Speaking of, I’ve finally decided on my costume for the office party; Cyber-Dracula. Sorted.

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, GDPR, Security, Technology, Uncategorized

Is The Password Dead?


2 Comments

My boyfriend was amazing me last weekend when he showed me how he could unlock his brand-new Google Pixel 2 using just his voice. I was seriously impressed until he laughed and showed me the index scanner on the back that actually unlocked it. To be honest, it’s a perfectly useless piece of hardware since I know his pin code anyway. Which isn’t much of a win- I just get full access to the albums upon albums of stupid memes that he stores for later consumption.

These days, it seems as though you’d need to live and work in the Pentagon to keep your data safe. And even then, you’d probably be safer by having a photographic memory and never writing or typing anything. Ever. For the entirety of your life- and chances are, you’ve ballsed that one up already, right? If not, there you go, cyber security problem solved. You can tell that annoying antivirus update pop-up reminder where to stick it because you JUST DON’T NEED IT. However, if you don’t have the privilege of a) living in the Pentagon or b) having a photographic memory, then keeping your data safe can be a smidge harder (and I’m betting that’s most of us). Back in the old days of computers and the internet, simple passwords were enough to keep sensitive data safe. Nowadays, the opportunities for cyber criminals to exploit this information are too good for these less-than-moral people to miss out on.

But, as with the Google Pixel 2, we’re quickly catching on to the fact that a simple password or pin number isn’t enough, especially when it comes to our accounts online. According to password management company Dashlane, a single email address can be registered to a whopping 130 passwords. This tells us that some people either have too much time on their hands or a terrible memory, or both. Let’s be honest, when we have a password that we can remember, has a capital letter, a special character AND contains more than eight letters, we all use the same one for the random things around the web. Deliveroo, Amazon, Tesco Delivery; so many things are online now and they all require an account. And it’s not much better in the workplace. ‘For security purposes’, passwords get changed every three months or so at work, but it’s just a case of using a particular word and going up the number line each time we get that annoying notification. I am definitely guilty of this (I wait until the absolute last minute to message around to all of our IT support techies to get it changed. So they all end up knowing my new password. I like to call it ‘herd immunity’). And 42% of workers admit to sharing their passwords with co-workers. So, in the age of GRPR and a heightened awareness of cybercrime, we have to ask ourselves; is the password dead?

A recent Verizon report states that two thirds of data breaches are caused by stolen passwords or misused credentials. So basically human error. And it’s not like we can remove that problem until AI progresses enough to create robots that can do the work for us- wouldn’t that be convenient? Maybe robots are the answer, but not in the short term.

Passwords are a lot like mayonnaise. You wouldn’t consume it on its own (or at least not more than a tablespoonful or two straight from the jar at a time), but it’s a nice little addition to a dish. So what would be the ‘piece de resistance’? We have biometrics that are starting to become popular. Even I managed to fall into the ‘high tech’ phenomenon of having a thumb scanner on my ancient iPhone. And how many times has NatWest bothered me about getting their banking app? “It’s so much safer!” they say. “I don’t trust mobile devices!” I scream back. “WE’VE NEVER HAD A SECURITY BREACH!” they holler. “I WILL NOT BELIEVE IT!” I finish. I’m paraphrasing, of course, the conversation I had with my, considerably older, banking agent. Shocked that a twenty-something would have so little faith in technology, he took out his fancy phone to show me. Needless to say, I won that argument. As it was, it took me a while to get into the idea of biometrics. Realistically, all it takes is some criminal genius to sever your finger to access your bank account. I don’t know about you, but having someone steal my money after stealing my thumb is, quite literally, adding insult to injury.

So what about removing the password altogether? I’m not suggesting we scrap the whole thing, of course. But multi-factor authentication has become something of interest recently. Microsoft shocked the world in May when they announced in a blog post that they were trying to rid the world of passwords for good. Promising a future where end users will never have to deal with passwords while also vowing that user credentials will never be ‘cracked, breached or phished’ seems too good to be true. But apparently, with 47 million users worldwide, Windows Hello is very much a thing. And it only needs one authentication method; facial recognition (luckily, you’re slightly less likely of having your face severed), fingerprint or retina scan. If you are absolutely adamant that fingerprint scan is the way you want to go, you can buy a tiny little USB device to plug into your laptop, a bit like the connection bit of a wireless keyboard. I’ve said it before, but starting my day like Tom Cruise in Minority Report sounds pretty cool. I might just start getting out of bed at the first alarm every morning. My ultimate favourite feature of Windows Hello is Dynamic Lock. It’s a fancy name for something pretty simple; essentially, your computer detects when you’re out of reach and automatically locks itself. And by ‘you’, I mean your phone. So you’ll never have to worry about fire drills, emergency pee breaks, or having your laptop stolen out of the window by sleuths with fishing rods. True peace of mind.

What makes Windows Hello so secure? If you use facial or fingerprint recognition, Microsoft does not transfer the raw data over the internet. So that’s already a huge chunk of potential Mission Impossible criminals who won’t be able to make latex copies to break in. Apparently, Microsoft doesn’t even store the raw data, creating a digital abstraction instead that can only be interpreted with a machine. And what user information does get transferred across the internet gets encrypted to almost-Pentagon standards. And all you need is the Windows 10 Anniversary Update- easy!

So, what do you think? Will you be chucking that little black notebook full of usernames and passwords? (Maybe burn it instead) Or will you insist on keeping the same password you’ve used since you had to put your social media profiles on private? Either way, you might be interested in hearing what our experts can do for you.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

Cyber Criminals are at Gen-V; Are You?


No Comments

Since the dawn of the internet, we’ve learned that keeping our sensitive information under lock and key is important. Even more so nowadays, with the explosion of ecommerce asking for everything short of your National Insurance number. And nine times out of ten you can choose to save your card details for the next time you’re feeling too lazy to get out of bed to grab your wallet. If you really think about it, that’s probably not the best thing to do. But while putting our bank accounts at risk, you’d expect big corporations who have entire qualified, skilled and experienced IT teams to have a handle on their security, right?

Oh boy, could you be any more wrong. In a recent CheckPoint survey, 97% of the organisations that were assessed were not prepared for a Gen-V cyber attack. The thing is, cyber-attacks and security protections have evolved significantly in the last 30 years, but not at equal levels. Currently, organisations are at Gen-III. We fell into Gen-III in the early 2000s, when attackers learned to leverage vulnerabilities in the components of an IT infrastructure. This includes operating systems, hardware and applications. A fantastic example was the SQLSlammer worm. Since then, Gen-IV has emerged in 2010 as cyber criminals became more sophisticated, targeting the world of finance, where sandboxing and anti-bot were the main protections.

Back in 2017, the dreaded Gen-V cyber attack made a roaring entrance with the world-shattering WannaCry ransomware attack. We’re looking at large-scale, multi-vector attacks, using uber-sophisticated attack tools. It’s safe to say that we’re not in Kansas anymore. These attacks are major, generally using ‘state-sponsored’ technologies that can target networks across countries, companies and even continents. Cyber criminals are getting their hands on these technologies from simple leaks or as a result of reverse engineering, and cause major reputational damage for the organisations affected.

So what can be done? The risk of a security threat is omnipresent. No matter what you do, your organisation will be exposed in one way or another (unless you favour the slate-and-chalk method of working).

Check Point’s Infinity is one of the best ways to handle the stress of cyber security. Focusing on prevention instead of detection, it’s a hyper-aware platform that provides consolidated security across networks, cloud and mobile. Combining a single security platform, pre-emptive threat protection capabilities and a unified system for management. With the release of R80.10, it features plenty of clever capabilities and enhancements which include unique policy layers, security multi-zones and boosted performance, to ensure security management. With the move to cloud earmarked for most organisations, the integrated Check Point vSEC Cloud Security’s comprehensive portfolio integrates with both private and public cloud platforms, so you’re covered regardless of your cloud preferences.

Infinity also boasts an impressive threat prevention in the form of anti-ransomware technology that enables businesses to remain protected against even the most sophisticated ransomware and cyber extortion. If your organisation is big into mobile (whose isn’t?), SandBlast mobile has the intelligence to detect both known and unknown malware, effectively blocking it before it becomes a problem. You’ll never have to worry about poisoned wi-fi networks, ‘man-in-the-middle’ attacks or SMS phishing. There are so many nifty features of Infinity that make it a clever investment for an organisation, no matter its size. Centre stage, it has centralised management and role-based administration that allows it to apply to all organisation use cases.

Gen-V will certainly not be the last upgrade in cyber security. As technology improves, expanding and intruding into more and more of our lives, the sophistication of cyber criminals will progress just as fast. It won’t be long until I’m writing about a major Gen-VI cyber-attack and its implications affecting another group of international organisations. So now is the time to start getting ahead of the hackers. We work hand-in-hand with Check Point to ensure that your infrastructure is at the highest level of cyber security so you don’t need to worry about that.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cloud, Cloud Hosting, IT Solutions, Security, Technology, Uncategorized

Saying Goodbye to your Legacy Systems


No Comments

If, when you were six, someone had asked you what 2018 would look like, how far off would you have been? In the last 20 or 30 years, the world of tech- and therefore the world around us- has been changing exponentially. And what person hasn’t been amazed by what we’ve achieved as a human race? But with innovation to that degree, we now live in a world where what we have is never good enough, and where money exists in creating the future. Before we get bored of a new technology, something bigger and better has been produced. People camp out in all weathers to be the first to get their hands on the latest gadgets. We all know someone who insists on buying the latest iPhone, spending thousands every year, purely to be able to say that they have it. Let’s face it, new gadgets can be exciting; moving images on a screen? Having a camera in our phones? Storing something in the cloud? What magical sorcery is this?

But with that comes a lot of change. And no one likes change. It’s a fact of life. Little innovations, yes, but big, huge, drastic change is never welcome. Unfortunately, in the world of tech, human instinct is rarely prioritised (this is why our screen-addicted children with all of the child-friendly apps have lesser social skills than us). Such is the case with legacy systems. When they first were created, they constituted a benchmark in the world of business and industrialisation. Suddenly, IT was more than manually putting numbers into a computer to systematically create graphs, it was running critical business operations such as general ledgers, inventory management and other back office systems. With legacy systems, key business activities could be done quickly and automatically, changing the focus of employees from mundane tasks to improving the organisation.

It will be zero surprise that the latest big, bold and brilliant innovation of the last ten years has been cloud. Organisations are waking up to the realisation that to stay ahead of the curve, and indeed keep up with the demands of customers, cloud and a cloud strategy is a major priority. We are smack-bang in the middle of the digital transformation revolution, and cloud is the ultimate destination, an essential business driver that is completely altering the world of industry. But one of the biggest challenges that face organisations yearning for cloud is their legacy systems. These siloed, inefficient and uneconomical systems are a towering behemoth to digital transformation that refuse to come into the 21st century.

They’re just plain difficult
One of the biggest barriers for migrating to cloud is the simple difficulty that a legacy system poses. One might think that maintenance costs would be minimal. With less upgrading, patching and training, legacy systems should be easy to replace and never think of again, right? Alas. Support for updates have become more challenging to come across as they reach end-of-life, and the ones that are available are usually quite expensive because of this. Legacy systems are also complex, fragile and about as flexible as concrete. Because they were created for another time, with a completely different set of parameters, they’re just disastrous in the face of the new, application-centric systems.

Security is not a priority
Oh boy, is security a problem when it comes to legacy systems. If your Data Protection Officer isn’t going prematurely grey and chain-smoking as soon as they walk into the building then someone should be worried. There wasn’t so much as a whisper of GDPR when legacy systems first became a thing, and because of this they’re way behind. This is an obvious one; updates and changes in IT are done to keep up and ahead of evolving security threats. After Wannacry, we know that cyber criminals are at Generation V when it comes to technical capabilities, and as it stands, even with improved cloud security most organisations are still at Gen III. Legacy systems are so behind they almost don’t figure on the Gen chart. And if you’re lucky enough to have a developer that’s willing to mastermind an update capable of patching major holes like Wannacry, it would be so late that the next disaster would be impending. Essentially, your legacy system is a disaster waiting to happen. But we can fix it, I promise.

It’s way behind on like, everything
If you are B2C and you’re relying on your legacy system to be in with the hip young consumers of today, you’re going to be in for a shock. Chances are, your competition may or may not be that new breed of internet-built company that began in a world where having an in-house data centre isn’t a thing. If anything, they probably don’t even know what a legacy system is. They didn’t exist when dial-up internet was the only option. Hell, they probably don’t even remember the pain of following the weak wifi signal to the top of the stairs to send an email only to sneeze and lose it again. So while they’re moving from new app to new update, optimising their performance with the latest Instagram or Windows 10 features, chatting away on instant messaging that you can’t achieve, your legacy system is restricting you and your potential.

You don’t have to be a prisoner of your legacy system, nor does it have to be super complicated. The thought of switching to a whole new way of doing something might seem scary, I know. It’s not easy to put all of your faith into an idea that you’ve never dealt with before, and the risks that you take while moving over. Luckily, here at Cetus, we’re pros. Register now for a free consultation with one of our senior solutions architects, they love a good challenge!

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Citrix, IT Solutions, Security, Technology, Uncategorized

When a User Leaves


No Comments

(Potential) door slamming, cardboard boxing, silent goodbyes; it can be a bit dramatic when an employee leaves the business. Even on good, moving-on-to-better-things terms, it can take its toll. Writing up job descriptions, endless interviews, the empty desk. There’s lots to do when the ex-employee closes the door. And that’s all well and good, but what about the IT side of things? It’s not simply a case of handing over a laptop and starting anew. Without realising it, you would be watching not only a good friend walk out the door, but a security breach too. A walking, talking security breach. Imagine the nightmare. With BYOD becoming more and more popular, you don’t know what devices they were using to work or what data they have stored where. Let’s be honest, if it wasn’t a stressful situation before, the recent enforcement of GDPR has only made it worse. And it’s not like you can ask them to take out all of their devices and go through all of their files, contacts and photos. The desk would be covered in personal and company phones and laptops, USBs, the company iPad and the slightly sicky, sort-of cracked personal iPad that has every indication of a child being given it to play with during a moment of parental weakness. There would be drama for the water cooler. Or, as we call it in the UK; the Hallway Stop n’ Chat. So, what should be done when a user leaves?

Regardless of how an employee leaves, they’re going to walk away with something. Whether it’s your business practices, how you like your coffee, or behind what book Lorna hides her chocolate, something’s going to go. In this scenario, it’s a case of looking at what’s sensitive and what’s not (Lorna needs a hiding place rota regardless). Back in the day, people would slip files into their briefcases and quickly waltz out the door, whereas nowadays it’s quick and easy just to copy a digital file, and none will be the wiser.

Before there’s even chats about Having Been Here Too Damn Long or the more popular I’ve Wasted My 20s At This Desk, it’s best to prepare for the worst. And even more so if you have, or are thinking of establishing, a BYOD policy at work. Start with an extensive, written BYOD policy. Sounds easy, but I promise you that it’s not.

Treat it more like a software development project- compile ‘what if’ scenarios. Include some ‘beta testing’; a period of time to review real-life situations before handing in the final copy. A few things to consider, since there is 100% going to be the office eejit that will take the mickey; ‘acceptable business use’ is just as important as the limits of ‘acceptable personal use’- you just know some yob is going to be playing Candy Crush if they find even the tiniest loophole. Decide what kind of apps you don’t mind being downloaded, and what apps you most certainly do. What company resources (think email, calendars and so on) is acceptable to have access to on a personal device? Obviously, harassing people on company time on a company device is a no-no, just make sure everyone else knows. Same goes with texting or emailing while driving. Sounds obvious, but you’d be surprised how much it isn’t to some people. Think security; what security requirements are needed before being allowed to connect to company networks? What happens of the device is lost or stolen? At this point, you may as well bookmark this post to come back to after doing the above. I’ll wait. Now that you have your policy defined – how do you enforce it? We use Citrix XenMobile and Citrix ShareFile to provide a centralised, single point of management for our mobile devices.

Right, with that niggly bit out of the way, let’s look at monitoring. Not the breach-of-privacy looking-over-shoulders kind of monitoring that will definitely end in tears and a lawsuit, monitoring where your data is going. That sounds much less dramatic. It is time for your IT department to shine. Set up shared company file servers for starters. There are plenty on the market, but I can say from experience that Citrix Sharefile is the best one (that’s mostly because it’s so simple even I can use it). With these file servers, make sure to set up protocols, such as who can access what files and how. With ease, IT can now monitor who is accessing those files and when. Likewise, copying anything from the company server onto a company or personal device is logged. Local devices are cool, until they’re riddled with company data. A big help in not letting too much data get downloaded is knowing the ins and outs of the applications and services that your users use. What kind of liberties do these apps allow? A central repository that can be monitored is a really good idea, adding a layer of security to company networks.

According to a report from Osterman Research, 67% of organisations don’t know if they can detect whether an employee is still accessing corporate resources. Think that’s bad? A whopping 76% can’t tell if a third party (like a contractor) has stopped working on their organisation’s systems and data. If that’s not scaring you, the thought of the fine for breaching GDPR because of some eejit who sees their chance and takes it should. But I’m not here to panic you (only a little, or you wouldn’t be reading all the way to the bottom). Like all well-established organisations, Cetus has had its fair share of employees leave for one reason or another (although thankfully far lower than the average tech company). Thankfully, we’re a team of experts that know exactly how to deal with it. If you haven’t sorted out some policies to prevent your sensitive data from walking out the door, make sure to have a chat with one of our experts. They’re only a phone call away and they’re sure to help you eliminate some of that stress.

We’ve helped hundreds of organisations to implement their mobility strategies and we’d love to share our experiences with you. We can provide everything to get you started from Business Case analysis (at no cost) to high level designs and implementation…

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.