Cyber Security Solution

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Here Phishy, Phishy, Phishy….


No Comments

A couple of weeks ago, there was a mandatory ‘here’s how to help keep the company from falling prey to cyber attacks’ lecture at Cetus. We all trooped downstairs, cramming into one of our board rooms, mugs clinking and teas sloshing. One of the lovely ladies from Barclays came in to give us a word of warning- or forty- on how to spot nefarious activity and not fall prey to a scam. By the end of it we were all ready to delete our Facebook, Twitter and Instagram accounts, never use an ATM, and I seriously started questioning my role within social media. It was quite the terrifying afternoon. Between social engineering, ransomware and phishing, it’s a miracle we all aren’t in debt from scammers. But the most terrifying aspect was learning just how prevalent phishing attacks are.

Big ransomware scams make the news constantly- splashed across the news, Sharon from HR standing at the water cooler to share the details in whispers to anyone who passes by- but phishing is the bigger threat here. In reality, a ransomware attack usually only demands several hundreds of pounds from the organisation it invades, while a phishing scam generally scams thousands of pounds from the victim. Not only that, but it’s easier for the cyber criminal to carry out a phishing attack. Now that I’ve given you something short of a heart attack (sorry), let’s turn this around shall we? Here are a few key ways of keeping you off the phisherman’s hook.

Beware of the sender
It doesn’t really matter whether it’s personal or corporate, receiving an email either makes you want to go on an extended holiday or celebrate. At work you’re usually too busy opening and replying in record time to get on with the mountain of tasks that grows with every email. It’s fair to say that you don’t always check who the sender is. I mean, we’re all weary of any Arabian Prince trying to get into contact, but aside from that we’re pretty chill for the most part. If they’ve gone to the trouble of finding your email address (I still can’t figure out how people manage to find me) then chances are they really need to chat, right?

Depending on how much of a nightmare you are in life, you probably won’t know the hacker. So before you jump into your emerging pile of unopened emails, take a quick look. If you suddenly get an email from someone you don’t speak to regularly on the topic of something that you don’t normally think about, be slightly weary. Check the sender’s address- does it look a bit weird? Is there a random ‘0’ instead of an ‘O’? Could that ‘i’ actually be Vietnamese character ‘ỉ’? Is there an extra letter or number in the address that shouldn’t be there? If you see one of these little tricks, bonus points for your great eyesight, and definitely get the email checked out.

‘I get scammed with a little help from my friends’
Did the email check out, but you’re still not 100% sure if you need to detonate your computer immediately to avoid any viruses escaping through the network? Take a quick look at the list of people that received the email. Do you know them? Is it a strange group, ie the sales group being added one name at a time instead of the group link? The cyber criminal might be targeting a large number of people in your organisation, so if you see people on the list that you wouldn’t normally be in contact with, or from a department that has nothing to do with yours, be extra careful.

Bit of a dodgy subject line
Aside from Sharon’s bi-monthly suggestion for drinks in the pub across the way after work on a Monday night, you should really only be getting emails that directly relate to your job function. That is, unless you’re in marketing- we seem to get our noses into plenty of unrelated jobs. If you’re getting emails about things that you know you’re not privy to or they make absolutely no sense to you, don’t open it. If it’s not spam, it’ll be malware. If you do happen to open it (oopsie), check if the email is a reply to one that you didn’t send. Does the message match the subject line? A misalignment of the two should send up an army of red flags. Also, while we all have the office oddball that likes to reply to emails at 3am, is it normal to be receiving this email from this sender at this particular hour?

Attachments and hyperlinks of doom
We’ve all opened random attachments or clicked on hyperlinks that we weren’t quite sure about and sighed with relief when it was just a video of cats acting strangely. We know we shouldn’t, but that curiosity can’t be helped. Besides, it could be important, or cats, after all. A few things to check before you right click; did you expect the attachment? Is it a common file type that you would normally receive? Does it have a weird name, or strange symbols in the file name? If you answer yes to these, maybe don’t open it. It’s quite likely to be malicious.

Not quite what you were expecting?
If you receive an email that contains unsettling, startling or urgent content that requires immediate action on your part, it’s most likely a phishing attack. There have been so many of these popping up recently, panicking the nation. At the moment, a common scam is an email from your bank claiming that your account has been hacked and you need to login straightaway, or even move the rest of your funds to another account. For the Netflix lovers among you, there have also been emails being received saying that billing information needs to be updated. Don’t fall for it. If the email includes a link to login or change account details, be extra weary. Don’t use links, web addresses or phone numbers.

Keeping yourself protected from any cyber crime can be a scary business, but even more so when it’s something you could very well unwillingly stumble into. It takes more than trusting your spam filter to keep yourself safe, having a strong cyber security solution is crucial. We work very closely with Check Point to craft solutions that stand tall against phishing, ransomware bots and all kind of nasties, using their SandBlast advanced endpoint threat prevention. Have a chat with our experts to see how we can whisk some cyber security into your perfect infrastructure solution so that it’s one less thing you need to worry about.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Skyscraper: When Cyber Security Goes Wrong


No Comments

It was one of the biggest blockbusters of the summer. Dwayne Johnson’s Skyscraper thriller grossed $304.1 million during the hottest summer in living memory. Honestly, it probably would have made more, but for the fact that half of the UK population was sitting in any available patch of sun with a beer in their hands. I was one of those people, although with fruity cocktails instead. That was when I wasn’t in the office writing witty blog posts on Citrix Workspace, of course. Alas, while I had every intention on going to see the film, I never got around to it. So it was my pleasure, two Saturdays before Christmas, to snuggle in my pjs and pop it on (I lead the most exciting life when I’m not in the office). Well. While it’s action-packed with an interesting futuristic spin, I couldn’t help but spend the whole movie pointing out, sadly to no one in particular (I’m going to have to get a cat), all the various cyber security blunders that Johnson’s character made. Not one to waste my breath, or a good writing idea, I’m going to lay it all out in this blog post so that you can giggle along with me. Before we go any further though, there may be a spoiler or two, you have been warned.

In a nutshell, Johnson plays ex-FBI hostage-negotiator-turned-private-security-expert Will Sawyer, who gets called to Hong Kong in order to assess the security of the world’s tallest skyscraper. The Pearl, 225 stories and a whopping 1,100 metres tall, needs an inspection of the upper residential half before it can be opened to tenants. Since we are, after all, living through the ‘IOT for all of the things!’ revolution, no matter how mundane the appliance, it’s no surprise that the Pearl was built with tech in mind. It’s basically a giant computer, full of safety features and automations that make living and working there slightly more exciting than your average building. We saw absolutely zero evidence of it, but I’m still sure the lights turn on and off by clapping your hands. Anywho, we see Sawyer being given a tablet that controls the entirety of the 225 floors and shooed out of the door to go inspect the offsite security centre that controls the skyscraper. The tablet, obviously, isn’t in his possession for long, as it gets robbed by a group of terrorists who succeed in burning down the $200 billion structure with it. The sad part is, if the IT department had deployed a better cyber security solution, it could all have been avoided. Typical.

Who needs an effective authentication method, am I right?! This was mistake number one. For some incomprehensible reason, the only way of unlocking the tablet that controls the entirety of the building is via facial recognition. That’s it. Sure, in cinematographical terms this looks the best. It’s impressive and futuristic, suave and savvy. It’s every nerd’s dream. And facial recognition as part of multi-factor authentication is really effective. In the blink of an eye, it can analyse billions of tiny little markers on your face to unlock your device. But who on earth would think that it would be enough? For god’s sake, just signing into my Facebook requires my password, mother’s maiden name, list of my three favourite chocolate bars (in order) and the promise of my firstborn. Truth be told, facial recognition alone was irresponsible, and about as effective of protecting all that important data as using ‘1234567’ as a password. Hell, put a photo of Sawyer in front of the camera and that would probably fool it. There are so many effective ways to authenticate identity (I wrote an entire post on it). Why not have a secondary form of authentication, like having a password activate on Sawyer’s smartphone? That would have been clever.

Mistake number two; not informing the IT department of the breach. Err, this should have been the first point of call when Sawyer’s tablet got robbed. Instead, being the idiot that he is, he threw caution to the wind and went running off to save his family. Just one minute on the phone to IT and they could have stopped the disaster that was about to unfold. A good cyber security solution would have removed access to the tablet in a couple of clicks, rendering the terrorists’ efforts moot. In fact, it would have taken no time at all to wipe the data clean from the device, essentially turning it into an expensive, albeit sleek-looking, paperweight. It does echo a current issue facing organisations in terms of cyber security; the majority of security breaches come from employees who, inadvertently or not, allow the threat to infiltrate the network. This can happen from clicking on a dodgy link in an email (it’s sadly not a video of cats acting strangely)- in fact, phishing attacks are more prevalent and more likely to scam large sums of money from an organisation. Realistically, in this situation, Sawyer seriously neglected his responsibility to inform the IT department. While he undoubtedly performed some incredible gymnastics and it was thoroughly enjoyable to watch, I would have loved to hear his rationale when all was said and done. I doubt he’d be hired to assess the security of a paper bag after that!

The moral of this story is, and I’m sure it’s what director Rawson Marshall Thurber wanted to portray; don’t let your organisation become the Pearl and burn down to the ground- make sure your cyber security solution ticks all the boxes. We work closely with Check Point to incorporate secure technology into our solutions, effectively avoiding the risks that we saw Sawyer facing in the film, and many more besides. Have a chat with our cyber security solution experts here at Cetus, and in the meantime book yourself in for one of our complimentary security posture reviews!

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.