Cyber Security

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Here Phishy, Phishy, Phishy….


No Comments

A couple of weeks ago, there was a mandatory ‘here’s how to help keep the company from falling prey to cyber attacks’ lecture at Cetus. We all trooped downstairs, cramming into one of our board rooms, mugs clinking and teas sloshing. One of the lovely ladies from Barclays came in to give us a word of warning- or forty- on how to spot nefarious activity and not fall prey to a scam. By the end of it we were all ready to delete our Facebook, Twitter and Instagram accounts, never use an ATM, and I seriously started questioning my role within social media. It was quite the terrifying afternoon. Between social engineering, ransomware and phishing, it’s a miracle we all aren’t in debt from scammers. But the most terrifying aspect was learning just how prevalent phishing attacks are.

Big ransomware scams make the news constantly- splashed across the news, Sharon from HR standing at the water cooler to share the details in whispers to anyone who passes by- but phishing is the bigger threat here. In reality, a ransomware attack usually only demands several hundreds of pounds from the organisation it invades, while a phishing scam generally scams thousands of pounds from the victim. Not only that, but it’s easier for the cyber criminal to carry out a phishing attack. Now that I’ve given you something short of a heart attack (sorry), let’s turn this around shall we? Here are a few key ways of keeping you off the phisherman’s hook.

Beware of the sender
It doesn’t really matter whether it’s personal or corporate, receiving an email either makes you want to go on an extended holiday or celebrate. At work you’re usually too busy opening and replying in record time to get on with the mountain of tasks that grows with every email. It’s fair to say that you don’t always check who the sender is. I mean, we’re all weary of any Arabian Prince trying to get into contact, but aside from that we’re pretty chill for the most part. If they’ve gone to the trouble of finding your email address (I still can’t figure out how people manage to find me) then chances are they really need to chat, right?

Depending on how much of a nightmare you are in life, you probably won’t know the hacker. So before you jump into your emerging pile of unopened emails, take a quick look. If you suddenly get an email from someone you don’t speak to regularly on the topic of something that you don’t normally think about, be slightly weary. Check the sender’s address- does it look a bit weird? Is there a random ‘0’ instead of an ‘O’? Could that ‘i’ actually be Vietnamese character ‘ỉ’? Is there an extra letter or number in the address that shouldn’t be there? If you see one of these little tricks, bonus points for your great eyesight, and definitely get the email checked out.

‘I get scammed with a little help from my friends’
Did the email check out, but you’re still not 100% sure if you need to detonate your computer immediately to avoid any viruses escaping through the network? Take a quick look at the list of people that received the email. Do you know them? Is it a strange group, ie the sales group being added one name at a time instead of the group link? The cyber criminal might be targeting a large number of people in your organisation, so if you see people on the list that you wouldn’t normally be in contact with, or from a department that has nothing to do with yours, be extra careful.

Bit of a dodgy subject line
Aside from Sharon’s bi-monthly suggestion for drinks in the pub across the way after work on a Monday night, you should really only be getting emails that directly relate to your job function. That is, unless you’re in marketing- we seem to get our noses into plenty of unrelated jobs. If you’re getting emails about things that you know you’re not privy to or they make absolutely no sense to you, don’t open it. If it’s not spam, it’ll be malware. If you do happen to open it (oopsie), check if the email is a reply to one that you didn’t send. Does the message match the subject line? A misalignment of the two should send up an army of red flags. Also, while we all have the office oddball that likes to reply to emails at 3am, is it normal to be receiving this email from this sender at this particular hour?

Attachments and hyperlinks of doom
We’ve all opened random attachments or clicked on hyperlinks that we weren’t quite sure about and sighed with relief when it was just a video of cats acting strangely. We know we shouldn’t, but that curiosity can’t be helped. Besides, it could be important, or cats, after all. A few things to check before you right click; did you expect the attachment? Is it a common file type that you would normally receive? Does it have a weird name, or strange symbols in the file name? If you answer yes to these, maybe don’t open it. It’s quite likely to be malicious.

Not quite what you were expecting?
If you receive an email that contains unsettling, startling or urgent content that requires immediate action on your part, it’s most likely a phishing attack. There have been so many of these popping up recently, panicking the nation. At the moment, a common scam is an email from your bank claiming that your account has been hacked and you need to login straightaway, or even move the rest of your funds to another account. For the Netflix lovers among you, there have also been emails being received saying that billing information needs to be updated. Don’t fall for it. If the email includes a link to login or change account details, be extra weary. Don’t use links, web addresses or phone numbers.

Keeping yourself protected from any cyber crime can be a scary business, but even more so when it’s something you could very well unwillingly stumble into. It takes more than trusting your spam filter to keep yourself safe, having a strong cyber security solution is crucial. We work very closely with Check Point to craft solutions that stand tall against phishing, ransomware bots and all kind of nasties, using their SandBlast advanced endpoint threat prevention. Have a chat with our experts to see how we can whisk some cyber security into your perfect infrastructure solution so that it’s one less thing you need to worry about.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, IT Solutions, Security, Technology, Uncategorized

Skyscraper: When Cyber Security Goes Wrong


No Comments

It was one of the biggest blockbusters of the summer. Dwayne Johnson’s Skyscraper thriller grossed $304.1 million during the hottest summer in living memory. Honestly, it probably would have made more, but for the fact that half of the UK population was sitting in any available patch of sun with a beer in their hands. I was one of those people, although with fruity cocktails instead. That was when I wasn’t in the office writing witty blog posts on Citrix Workspace, of course. Alas, while I had every intention on going to see the film, I never got around to it. So it was my pleasure, two Saturdays before Christmas, to snuggle in my pjs and pop it on (I lead the most exciting life when I’m not in the office). Well. While it’s action-packed with an interesting futuristic spin, I couldn’t help but spend the whole movie pointing out, sadly to no one in particular (I’m going to have to get a cat), all the various cyber security blunders that Johnson’s character made. Not one to waste my breath, or a good writing idea, I’m going to lay it all out in this blog post so that you can giggle along with me. Before we go any further though, there may be a spoiler or two, you have been warned.

In a nutshell, Johnson plays ex-FBI hostage-negotiator-turned-private-security-expert Will Sawyer, who gets called to Hong Kong in order to assess the security of the world’s tallest skyscraper. The Pearl, 225 stories and a whopping 1,100 metres tall, needs an inspection of the upper residential half before it can be opened to tenants. Since we are, after all, living through the ‘IOT for all of the things!’ revolution, no matter how mundane the appliance, it’s no surprise that the Pearl was built with tech in mind. It’s basically a giant computer, full of safety features and automations that make living and working there slightly more exciting than your average building. We saw absolutely zero evidence of it, but I’m still sure the lights turn on and off by clapping your hands. Anywho, we see Sawyer being given a tablet that controls the entirety of the 225 floors and shooed out of the door to go inspect the offsite security centre that controls the skyscraper. The tablet, obviously, isn’t in his possession for long, as it gets robbed by a group of terrorists who succeed in burning down the $200 billion structure with it. The sad part is, if the IT department had deployed a better cyber security solution, it could all have been avoided. Typical.

Who needs an effective authentication method, am I right?! This was mistake number one. For some incomprehensible reason, the only way of unlocking the tablet that controls the entirety of the building is via facial recognition. That’s it. Sure, in cinematographical terms this looks the best. It’s impressive and futuristic, suave and savvy. It’s every nerd’s dream. And facial recognition as part of multi-factor authentication is really effective. In the blink of an eye, it can analyse billions of tiny little markers on your face to unlock your device. But who on earth would think that it would be enough? For god’s sake, just signing into my Facebook requires my password, mother’s maiden name, list of my three favourite chocolate bars (in order) and the promise of my firstborn. Truth be told, facial recognition alone was irresponsible, and about as effective of protecting all that important data as using ‘1234567’ as a password. Hell, put a photo of Sawyer in front of the camera and that would probably fool it. There are so many effective ways to authenticate identity (I wrote an entire post on it). Why not have a secondary form of authentication, like having a password activate on Sawyer’s smartphone? That would have been clever.

Mistake number two; not informing the IT department of the breach. Err, this should have been the first point of call when Sawyer’s tablet got robbed. Instead, being the idiot that he is, he threw caution to the wind and went running off to save his family. Just one minute on the phone to IT and they could have stopped the disaster that was about to unfold. A good cyber security solution would have removed access to the tablet in a couple of clicks, rendering the terrorists’ efforts moot. In fact, it would have taken no time at all to wipe the data clean from the device, essentially turning it into an expensive, albeit sleek-looking, paperweight. It does echo a current issue facing organisations in terms of cyber security; the majority of security breaches come from employees who, inadvertently or not, allow the threat to infiltrate the network. This can happen from clicking on a dodgy link in an email (it’s sadly not a video of cats acting strangely)- in fact, phishing attacks are more prevalent and more likely to scam large sums of money from an organisation. Realistically, in this situation, Sawyer seriously neglected his responsibility to inform the IT department. While he undoubtedly performed some incredible gymnastics and it was thoroughly enjoyable to watch, I would have loved to hear his rationale when all was said and done. I doubt he’d be hired to assess the security of a paper bag after that!

The moral of this story is, and I’m sure it’s what director Rawson Marshall Thurber wanted to portray; don’t let your organisation become the Pearl and burn down to the ground- make sure your cyber security solution ticks all the boxes. We work closely with Check Point to incorporate secure technology into our solutions, effectively avoiding the risks that we saw Sawyer facing in the film, and many more besides. Have a chat with our cyber security solution experts here at Cetus, and in the meantime book yourself in for one of our complimentary security posture reviews!

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Citrix, IT Solutions, Technology, Uncategorized

How a Secure Digital Workspace Solution will Simplify Your IT


No Comments

A lot has changed since we were children. Children no longer spend all day outside harassing the neighbours and it’s not the norm for cars to stall halfway up every hill. You can book a train ticket on your phone, order a takeaway online and find your way around a foreign city without having to buy a map or ask for directions in the wrong language. In fact, there’s an entire industry of young people whose sole jobs are to create videos, write blog posts and take Instagram photos for their thousands, sometimes millions, of online followers. And these influencers make your entire month’s rent just by posting one sponsored photo. How crazy is that?

The idea of ‘work’ has changed just as much. When we were children, our parents (usually our fathers, because that’s how it was back then) would come home late from a 12-hour shift, exhausted and with frayed nerves, having spent the day in a grey room the size of a teacup doing nothing of particular note. And that’s if they were lucky; sometimes those 12 hours were overnight, so your mother would send you out to play into the freezing rain to give him a few hours of undisturbed sleep during the day before it started all over again. And that’s just how it was, day in, day out; barely making ends meet until they turned 60 and got to retire.

For the most part, that’s not the case anymore, thank god. Work is no longer a tedious, mind-numbing 12 hours; we’ve got robots for that! The idea of ‘work’ has moved from what we go to, to what we actually do. Realistically, what do you need to get done that absolutely can’t be accomplished in your pjs, on the couch, watching Jeremy Kyle reruns? Not a whole lot. And then there are those who can’t stand being in one place for more than a meeting, flitting from one building to another, one city to another, one country to another. And it’s (mostly) thanks to digital workspaces. IT has always been designed to make life that bit easier. From the humble eat-your-finger rotary phone and the computer the size of a closet, to Google Maps and Uber; IT brings with it an improvement- even if that’s ordering a McDonalds through your Deliveroo app instead of on the computer. Unless, of course, we’re talking about the iPhone; nothing really changes year in, year out, aside from how many functions you can squeeze into a jack, and how much more screen space there is for you to break when you drop the damn thing trying to charge it while listening to Spotify. Digital workspaces, such as Citrix Workspace, play into this idea of increased simplicity, ultimately reducing the challenges that have been known to cause issues for all those involved. IT management becomes far simpler for the IT teams, while delivering a better experience for your end user.

Work securely, even on the go
It takes more than sitting in an office to make the world around us tick. But with that freedom comes a security risk that no IT department wants to face. It’s in the name; a secure digital workspace solution is, well, secure. Users are able to access their apps, data and desktops securely from wherever their ‘office’ happens to be that day- be it a McDonalds, a petrol station or their sofa (wifi not included). And since the workspace is device-transferrable, you can trust that they’ll be safe, regardless of whether they’re using a company-supplied laptop or their own device. And that security also translates to any network.

For the IT department, it allows users to do their thing without having to manually intrude in their working days, while you manage and monitor what they do through one control panel. With a single sign-on, the secure digital perimeter will follow your users wherever they are, giving you the peace of mind of contextual access that guarantees that they won’t be accessing what they shouldn’t. Because unified endpoint management comes built-in, a lot of the usual day-to-day management can be done automatically, such as the actions that are to be taken when a user violates certain rules. It basically gives you powers of god, from wherever you happen to be working. Remote wiping a device? Setting it to out-of-compliance? Revoking the device? Sending a notification to a user to correct an issue? You have the power.

Control the risk for your user
Shadow IT is an issue that has exploded in the workplace in recent years. While we have been lucky to experience so much new and amazing software to make our daily tasks faster and easier, often it proves to be too complex for the end user. Instead of making use of these monitored, regulated technologies, users are migrating to free, unsecured software (such as Dropbox or Google Drive), essentially creating an even bigger problem that what you had in the first place. And the worst part is, your IT team probably doesn’t even know about them. Is it that surprising that users are the number one reason for a security breach in an organisation? Hardly.

A good digital workspace solution will have a better, easy-to navigate file-sharing system. Let’s face it, a lot of users aren’t the most technical, and don’t want to spend half an hour trying to share a document with Stacy from HR who sits two doors down. You’d be faster to print it and send via paper plane. At Cetus, we usually set our customers up with Citrix ShareFile. It’s super easy to upload your documents for easy backup (don’t you know how important it is?) and share with other users. Store, share and sync your documents quickly across all of your devices to collaborate with colleagues and customers alike. I particularly like being able to upload a document and be able to share it with someone externally, all by using a link. And it’s just as easy to give the access some parameters; requiring the other person to supply their email to view it, or only give them a certain window to access the documents.

And since security is incorporated into the very DNA of Citrix Workspace, IT will always remain in control. Use closed-loop analytics to track user behaviour and automatically implement security protocols, giving your users all of the flexibility to work effortlessly, while being sure that everything is safe.

Access your data, wherever
With all of this cloud business being so new, a lot of organisations are trying to leverage as best they can while still working in a largely-oblivious environment. As with all things that are brilliant and new, it can take a while to get your head around all the fabulous features of cloud. As a result, it’s not unusual to go searching across your hard drives, clouds, network drives and other solutions for one single document, before giving up and Skyping the person next to you in shame and asking if they’ve seen it recently. It’s a bit of a nightmare, the amount of times you have to ask the person beside you for a document on a daily basis counts as a conversation and it’s impossible to manage everything. Welcome to the world of cloud!

Make sure to find a secure digital workspace solution that allows a simplified access to your files, creating a seamless sync across all of your apps, cloud providers, devices, company servers and content management systems already in place.
Since organisations are all different, it’s important that your digital workspace solution molds itself to you. Your storage needs and requirements will vary from other organisations and industries. Whether you have to host your data on premises for regulatory reasons, or on the cloud, with a digital workspace you have the option to flex to suit the needs of your organisation through one workspace.

Make it easy with single sign-on
Possibly one of the best features of a digital workspace is single sign-on. Because it brings together your apps, data, services and all of your devices regardless of clouds and data centres, you no longer have to worry about managing multiple security protocols. Sign in once with your organisation credentials and you have full access to everything.

Your secure digital workspace solution should work for you, by increasing flexibility, visibility and managements of everything, making everyone happy from the end user to your IT team. As a Citrix Platinum Partner, we have the expertise to bring you the best that Citrix has to offer. Have a chat with our friendly specialists to see what we can do to give you all of the benefits a secure digital workspace solution has to offer, so that you can start working smarter.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

The Cyber Security Threats You Need to Plan for in 2019


No Comments

It’s that time of year again; time to be weary of scary things jumping out on your screen when you’re least expecting it, of monsters following you into your dreams and escaping from your [data] closet. I’m referring, of course, to National Cyber Security Month, the month to take extra care when it comes to protecting your organisation from cyber-gremlins. And I’m sure you’ve been hearing about it non-stop for the last three weeks; participating in the office games, including ‘bobbing for malware’, ‘pin the data on the phishing attempt’ and ‘pass the ransomware’. All party classics. Regardless, it’s an important issue that gets pushed to the side all too often throughout the year. So now is the time to make that extra bit of effort to make sure that you’re protected should the Big Bad Cyber-attack knock on your door (or make you realise just how badly your straw house was lacking).

To switch things up a bit, I thought it would be clever to start thinking about what lies ahead, when the dark, cold nights and endless Christmas parties make way for snow in April. Now is a good time to start planning for 2019, and what the cyber landscape might look like next year. I’ve dusted off my crystal ball and called upon the spirit of Google to tell me exactly what cyber security threats we’re most likely to hear about next year. So buckle up, take notes, and be prepared to impress your boss with your savvy goal-setting ambitions. You’re welcome in advance.

It seems like the world spent the entirety of 2018 running around trying to put out phishing fires. Unless you live under a rock, or are lucky enough to spend your days on a wifi-less beach, you can’t have missed the crazy number of phishing attacks that were publicised. Every second cyber security article had details of attacks and startling statistics (76% of businesses reported being a victim of an attack in 2018 so far). Alas, while phishing has been around since 1980, it has just been ramping up in popularity and severity over the last year or so. When it comes to internal threats, it’s by far the easiest way to get access to sensitive information. According to a Verizon report, 30% of phishing attacks get opened by American users, with 12% of those targeted by the emails clicking on the infected links or attachments. The element of human error makes it that much more appealing. Unfortunately, the only solution to phishing (for the time being anyway) is to train your users to be extra vigilant when opening emails from external sources, and make sure your spam filters are extra strong.

Here’s an interesting (albeit worrying) one; your new smartphone being compromised before it even gets in your hands. Malware is another one of those evil little buggers that can really cause trouble if you’re not very careful. Like phishing, it’s becoming a prevalent part of the internet landscape that users have to be wary about, kind of like not playing in traffic and eating your vegetables. In a society where being always-on is a necessity, mobile phones have become replacements for desktop computers. Think about it, what do you store or have access to on your laptop that you don’t on your phone? The data your phone collects on a daily basis is a very attractive target for cybercriminals. But the modern cybercriminal doesn’t have to stand on a street corner and ‘accidentally’ bump against you to steal your mobile, and ergo your data. Apps are an easy hands-free way to bypass security measures and cause trouble without even clicking on a malicious link. There have even been reports of smartphones leaving the factory floor with malware built in! This malware, called Cosiloon, can send users to download dodgy apps that they didn’t intend on accessing. The app is passive, only visible to the user in the settings section, but then connects with a website to grab the payloads that hackers want to install on the phone.

Speaking of phones, surprise, surprise; cryptocurrency is going to continue to be a massive deal in 2019. And since it is, the dollar signs in the eyes of hackers are getting even bigger. Cryptomining was a new trend for 2018, but without a doubt will gain traction during the next year. Uber-clever cybercriminals infect machines to commandeer their CPU power and steal Bitcoin. What we will most likely see in 2019 is the rise of cryptomining through mobile devices. Since cybercriminals need the infected device to be running to access the processing power, it only makes sense for them to move onto always-on mobile devices. Clever, huh? Many hackers simply create useful and legitimate apps, such as calculators, music videos or voice recording technology, and then embed a script that allows the cryptomining plugin to work silently in the background (don’t start getting any ideas). Since the nature of mobile is to simply make everything so damn complicated and finicky, you probably wouldn’t even notice the extra tab on your browser. The only thing that would indicate that you were a potential victim would be the quick-draining battery. But let’s face it, how often would you attribute awful battery life to a hacker, rather than just having an older phone? “You’d need terrible mobile security!” you might guffaw, pitying the idiot commoner that wouldn’t think of protecting their mobile devices (oops, that would be me). Alas, cryptomining doesn’t technically compromise the security of the device, as it doesn’t bypass security systems or install any rogue software. If you think you’re being clever by installing app-only or endpoint-based security solutions, you won’t be the one laughing (I don’t feel so bad then).

CheckPoint’s SandBlast Mobile is one fabulous piece of software that can and will protect your mobile devices. It protects users from threats to the OS, apps and network, and boasts the industry’s highest threat catch rate. Zero-day malware, using a software vulnerability for which there isn’t any available fix or defence at the moment, is being created and released onto unsuspecting victims every day. SandBlast Mobile blocks zero-day malware (I think it’s magic, actually), and prevents phishing on your apps. If you’re worried about infected devices accessing corporate data, it will intuitively block the device, while also blocking infected devices from sending on sensitive data to botnets. Possibly the most innovative feature of SandBlast Mobile is how it mitigates threats without having to rely on a management platform, which means that you’re protected even when you might not be on the ball (mobile attacks can also happen after late nights- you can’t have Spidey senses all the time!). Regardless of what you do or access on your mobile, if you work from your phone- even if it’s just to reply to emails- SandBlast Mobile is the all-encompassing solution for you. Well then, we can pretty much strike off two of those potential 2019 issues with just one technology!

We’re all for embracing the future here at Cetus. There is so much to look forward to, and so many awesome new technologies- both malicious and not- that will come about, regardless of how well you try to prepare. Working with CheckPoint, we feel reassured that our cyber security is covered, regardless of time, place or device. If you’re interested in what our experts have to say about all the cool things that CheckPoint offer, you can have a chat with them with here. And don’t forget to tell us what you think; what will 2019 have to offer by way of cyber security threats?

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, GDPR, Security, Technology, Uncategorized

Is The Password Dead?


2 Comments

My boyfriend was amazing me last weekend when he showed me how he could unlock his brand-new Google Pixel 2 using just his voice. I was seriously impressed until he laughed and showed me the index scanner on the back that actually unlocked it. To be honest, it’s a perfectly useless piece of hardware since I know his pin code anyway. Which isn’t much of a win- I just get full access to the albums upon albums of stupid memes that he stores for later consumption.

These days, it seems as though you’d need to live and work in the Pentagon to keep your data safe. And even then, you’d probably be safer by having a photographic memory and never writing or typing anything. Ever. For the entirety of your life- and chances are, you’ve ballsed that one up already, right? If not, there you go, cyber security problem solved. You can tell that annoying antivirus update pop-up reminder where to stick it because you JUST DON’T NEED IT. However, if you don’t have the privilege of a) living in the Pentagon or b) having a photographic memory, then keeping your data safe can be a smidge harder (and I’m betting that’s most of us). Back in the old days of computers and the internet, simple passwords were enough to keep sensitive data safe. Nowadays, the opportunities for cyber criminals to exploit this information are too good for these less-than-moral people to miss out on.

But, as with the Google Pixel 2, we’re quickly catching on to the fact that a simple password or pin number isn’t enough, especially when it comes to our accounts online. According to password management company Dashlane, a single email address can be registered to a whopping 130 passwords. This tells us that some people either have too much time on their hands or a terrible memory, or both. Let’s be honest, when we have a password that we can remember, has a capital letter, a special character AND contains more than eight letters, we all use the same one for the random things around the web. Deliveroo, Amazon, Tesco Delivery; so many things are online now and they all require an account. And it’s not much better in the workplace. ‘For security purposes’, passwords get changed every three months or so at work, but it’s just a case of using a particular word and going up the number line each time we get that annoying notification. I am definitely guilty of this (I wait until the absolute last minute to message around to all of our IT support techies to get it changed. So they all end up knowing my new password. I like to call it ‘herd immunity’). And 42% of workers admit to sharing their passwords with co-workers. So, in the age of GRPR and a heightened awareness of cybercrime, we have to ask ourselves; is the password dead?

A recent Verizon report states that two thirds of data breaches are caused by stolen passwords or misused credentials. So basically human error. And it’s not like we can remove that problem until AI progresses enough to create robots that can do the work for us- wouldn’t that be convenient? Maybe robots are the answer, but not in the short term.

Passwords are a lot like mayonnaise. You wouldn’t consume it on its own (or at least not more than a tablespoonful or two straight from the jar at a time), but it’s a nice little addition to a dish. So what would be the ‘piece de resistance’? We have biometrics that are starting to become popular. Even I managed to fall into the ‘high tech’ phenomenon of having a thumb scanner on my ancient iPhone. And how many times has NatWest bothered me about getting their banking app? “It’s so much safer!” they say. “I don’t trust mobile devices!” I scream back. “WE’VE NEVER HAD A SECURITY BREACH!” they holler. “I WILL NOT BELIEVE IT!” I finish. I’m paraphrasing, of course, the conversation I had with my, considerably older, banking agent. Shocked that a twenty-something would have so little faith in technology, he took out his fancy phone to show me. Needless to say, I won that argument. As it was, it took me a while to get into the idea of biometrics. Realistically, all it takes is some criminal genius to sever your finger to access your bank account. I don’t know about you, but having someone steal my money after stealing my thumb is, quite literally, adding insult to injury.

So what about removing the password altogether? I’m not suggesting we scrap the whole thing, of course. But multi-factor authentication has become something of interest recently. Microsoft shocked the world in May when they announced in a blog post that they were trying to rid the world of passwords for good. Promising a future where end users will never have to deal with passwords while also vowing that user credentials will never be ‘cracked, breached or phished’ seems too good to be true. But apparently, with 47 million users worldwide, Windows Hello is very much a thing. And it only needs one authentication method; facial recognition (luckily, you’re slightly less likely of having your face severed), fingerprint or retina scan. If you are absolutely adamant that fingerprint scan is the way you want to go, you can buy a tiny little USB device to plug into your laptop, a bit like the connection bit of a wireless keyboard. I’ve said it before, but starting my day like Tom Cruise in Minority Report sounds pretty cool. I might just start getting out of bed at the first alarm every morning. My ultimate favourite feature of Windows Hello is Dynamic Lock. It’s a fancy name for something pretty simple; essentially, your computer detects when you’re out of reach and automatically locks itself. And by ‘you’, I mean your phone. So you’ll never have to worry about fire drills, emergency pee breaks, or having your laptop stolen out of the window by sleuths with fishing rods. True peace of mind.

What makes Windows Hello so secure? If you use facial or fingerprint recognition, Microsoft does not transfer the raw data over the internet. So that’s already a huge chunk of potential Mission Impossible criminals who won’t be able to make latex copies to break in. Apparently, Microsoft doesn’t even store the raw data, creating a digital abstraction instead that can only be interpreted with a machine. And what user information does get transferred across the internet gets encrypted to almost-Pentagon standards. And all you need is the Windows 10 Anniversary Update- easy!

So, what do you think? Will you be chucking that little black notebook full of usernames and passwords? (Maybe burn it instead) Or will you insist on keeping the same password you’ve used since you had to put your social media profiles on private? Either way, you might be interested in hearing what our experts can do for you.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

Cyber Criminals are at Gen-V; Are You?


No Comments

Since the dawn of the internet, we’ve learned that keeping our sensitive information under lock and key is important. Even more so nowadays, with the explosion of ecommerce asking for everything short of your National Insurance number. And nine times out of ten you can choose to save your card details for the next time you’re feeling too lazy to get out of bed to grab your wallet. If you really think about it, that’s probably not the best thing to do. But while putting our bank accounts at risk, you’d expect big corporations who have entire qualified, skilled and experienced IT teams to have a handle on their security, right?

Oh boy, could you be any more wrong. In a recent CheckPoint survey, 97% of the organisations that were assessed were not prepared for a Gen-V cyber attack. The thing is, cyber-attacks and security protections have evolved significantly in the last 30 years, but not at equal levels. Currently, organisations are at Gen-III. We fell into Gen-III in the early 2000s, when attackers learned to leverage vulnerabilities in the components of an IT infrastructure. This includes operating systems, hardware and applications. A fantastic example was the SQLSlammer worm. Since then, Gen-IV has emerged in 2010 as cyber criminals became more sophisticated, targeting the world of finance, where sandboxing and anti-bot were the main protections.

Back in 2017, the dreaded Gen-V cyber attack made a roaring entrance with the world-shattering WannaCry ransomware attack. We’re looking at large-scale, multi-vector attacks, using uber-sophisticated attack tools. It’s safe to say that we’re not in Kansas anymore. These attacks are major, generally using ‘state-sponsored’ technologies that can target networks across countries, companies and even continents. Cyber criminals are getting their hands on these technologies from simple leaks or as a result of reverse engineering, and cause major reputational damage for the organisations affected.

So what can be done? The risk of a security threat is omnipresent. No matter what you do, your organisation will be exposed in one way or another (unless you favour the slate-and-chalk method of working).

Check Point’s Infinity is one of the best ways to handle the stress of cyber security. Focusing on prevention instead of detection, it’s a hyper-aware platform that provides consolidated security across networks, cloud and mobile. Combining a single security platform, pre-emptive threat protection capabilities and a unified system for management. With the release of R80.10, it features plenty of clever capabilities and enhancements which include unique policy layers, security multi-zones and boosted performance, to ensure security management. With the move to cloud earmarked for most organisations, the integrated Check Point vSEC Cloud Security’s comprehensive portfolio integrates with both private and public cloud platforms, so you’re covered regardless of your cloud preferences.

Infinity also boasts an impressive threat prevention in the form of anti-ransomware technology that enables businesses to remain protected against even the most sophisticated ransomware and cyber extortion. If your organisation is big into mobile (whose isn’t?), SandBlast mobile has the intelligence to detect both known and unknown malware, effectively blocking it before it becomes a problem. You’ll never have to worry about poisoned wi-fi networks, ‘man-in-the-middle’ attacks or SMS phishing. There are so many nifty features of Infinity that make it a clever investment for an organisation, no matter its size. Centre stage, it has centralised management and role-based administration that allows it to apply to all organisation use cases.

Gen-V will certainly not be the last upgrade in cyber security. As technology improves, expanding and intruding into more and more of our lives, the sophistication of cyber criminals will progress just as fast. It won’t be long until I’m writing about a major Gen-VI cyber-attack and its implications affecting another group of international organisations. So now is the time to start getting ahead of the hackers. We work hand-in-hand with Check Point to ensure that your infrastructure is at the highest level of cyber security so you don’t need to worry about that.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Continuum, IT Solutions, Security, Technology, Uncategorized

How to Develop an Effective Cyber Security Strategy


2 Comments

We thought 2017 was particularly bad for cyber security threats. WannaCry (on which I’ve only just gone and written a one-year update), Peyta/NotPeyta…. The monthly rate of ransomware attacks against UK organisations increased up to 10 times the rate of 2016. But 2018 is set to beat every record made in 2017. In January alone, there were 7,073,069 attacks on UK organisations, and that number is set to soar throughout the rest of the year. The threat that a cyber attack poses is only getting worse. There were constant instances of security breaches being plastered over the news in the first half of this year alone; Ticketmaster, University of Greenwich and Timehop are only a handful of high-profile examples. So it’s not really a surprise that security and risk management were rated the most important priority in 2018 for CIOs in NASCIO’s November 2017 survey.

Panicked? Sorry, you weren’t supposed to be. In reality, all organisations- big or small- should expect a security breach at some time or another. There’s no way of avoiding it, but there is a way of being prepared. I’ll stop waffling on and get to the good stuff; how you can develop a cyber security policy and improve your best practices so that when disaster strikes, you’ll already be sorted. Mostly. (And if you do happen to face/be facing a security breach I’ve got you covered)

If you’ve got software and systems, update!
It’s really a no-brainer; IT needs to be updated regularly. Maybe in the 90s or early 00s you could get away with only updating whenever you happened to fancy the latest version of Windows to replace your current Windows 95, but it’s not the case now. With the internet, automatic updates are here to stay- whether we find them an annoyance or life-saving. Windows 10 only has two major updates a year and countless little ones that improve so much about the platform- including its security. After all, it was a dodgy unpatched Windows system that started the whole WannaCry debacle. So guys, make sure you update!

Understand the cyber security risk in relation to your organisation
Your organisation depends on a lot of things. Digital processes, data, systems, and your employees mastering the trick of gossiping and doing their work. All of these (minus the employee issue) are vulnerable to being manipulated. The whole point of a robust cyber security strategy is to protect them against fraud, theft of sensitive data and business disruption- along with the risk to your reputation along with it all. Your entire organisation has to work together to protect these vital processes from the threat. Thankfully, here at Cetus, we understand just how important it is to keep everything ticking along smoothly. In fact, we offer a complimentary security posture review to ensure that your business has the necessary security that it needs. We analyse where your organisation is exposed to security risks and provide you with recommendations on how to address them. Our finished report will analyse your network traffic to detect security threats; malware infections, usage of high-risk web applications, intrusion attempts, loss of sensitive data…. The list goes on. It will also evaluate your organisation’s end-point security, focusing on mobile management, user rights management, advanced end-point protection, patch and user rights management, and enterprise file sync and share. Importantly, the report will assess any threats posed from within your infrastructure – east-west traffic, privileged user access and user access rights. Basically, your entire infrastructure will be analysed to make sure that as little of the bad stuff as possible can breach your systems.

Taking a look at your social engineering
This is an interesting one. If you’ve never heard of this before, it’s basically GDPR handling in the office. We’ve all been panicking as we worked towards the deadline on May 25th, but privacy protection doesn’t just end there. Social engineering can be the simple calling out of a password to another co-worker behind them, or the more serious incident of pulling up a website at work and volunteering passwords and other vital information that can end up in the wrong hands. Hell, someone on the end of a phone saying the right things with the right amount of confidence could potentially sweet-talk the more trusting to give out a piece of information- and sometimes that’s all they’ll need.

Perform regular data backups
I’ll try and keep this one quick because here at Cetus we rabbit on about them all the time. Backups are great. Should you have the misfortune of having a ransomware attack, having a copy of the data that’s held hostage can be a life saver. Firstly, you’ll know exactly what data the hackers have- or if they gained access to personal information that could cause problems-, and you won’t have to worry about data loss regardless of whether you pay the ransom or not. Backups; if you haven’t got them sorted what are you waiting for?! With so many types of backups to choose from, from tape to replication (we suggest keeping up with the times and trying out Continuum), there’s no excuse not to have that sweet disaster recovery/business continuity plan in place.

Lock everything up tight
There’s no point in having the best firewalls money can buy, along with the most secure cyber security solution, and cyber attack just-in-case plan of action if a criminal can just waltz through the front door and calmly collect all of your information on a USB. If your sever room (or server part of the floor as the case may be) isn’t locked up tighter than Alcatraz then eventually there’ll be a problem. Remember, not everyone in the office needs access to the servers!

These are the most basic points to note for a cyber security strategy. Cyber threats are real and preventing attacks will always be a better alternative to reacting to one after it has breached your infrastructure. One of the most important in the list is understanding the cyber security risk in relation to your business. Make sure to book a complimentary security posture review today, and take the biggest step towards securing your infrastructure or speak to one of our cyber security experts today.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Citrix, Cloud, Continuum, IT Solutions, Security, Uncategorized

Top Trends in Digital Transformation for Your Business


No Comments

The tech world is fascinating. We’re always on our toes, trying to figure out how to use the latest innovation that’s been rolled out office-wide. We’re lightyears ahead of where we were only ten years ago. With that, it’s so easy to fall behind in what’s going on in the world of tech and all the great improvements that come with it. Hell, just go on a two-week holiday and you’ll come back to 2,000 urgent emails and a brand-new content collaboration system that eclipses the old one. There are new ways of doing everything, so god forbid you don’t pay attention. The trends in digital transformation change quickly, but these are the main ones your business needs to keep up with to stay ahead.

Cloud and hybrid cloud are taking over
It’s a bit like opening a tin of chocolates to yourself; you just can’t stop the outpouring of those delicious chocolates wrapped up in colour just constantly getting plucked out of the tin. There’s been a huge movement towards cloud in recent years. Everyone and their mother loves cloud and just can’t get enough of it. Business-wise, improving your IT infrastructure to respond to change just makes sense. With the exponential creation of data becoming an issue that has to be considered early rather than in hindsight, digital transformation surrounding cloud brings with it numerous benefits. Organisations love the dexterity of scalability; never needing to worry about what they have but knowing that there will always be room to grow or decrease depending on needs. Of all the cloud options, hybrid cloud is by far most popular, almost indispensable for most organisations, big or small. The ability to have that little bit more control over your data with on-prem data centres is the best first step into the wonderful world of cloud.

Importance of user experience
User experience will always be a major factor in digital transformation for businesses. It goes without saying that when your employees are happy, the higher productivity rises. And that’s what we all want, right? But user experience goes beyond just having coffee and chocolate digestives available downstairs. So what about the other niggly techy bits? Cloud sprawl can be a massive problem for businesses. Chunks of data here, there and those few spots you least expect it can quickly become a problem. We’ve (read: I have) already discussed how cloud sprawl can irritate your users enough for them to abandon your well-established IT infrastructure and turn to the world of shadow IT. A good IT solution will go above and beyond what the user wants and needs. Think of the basics; an email platform, a file-sharing platform, the ever-popular instant messaging app that allows your users to make quick work of small issues. The necessities, basically. Then think of what your users will want to ensure the smooth running of their work day. Now amalgamate and watch the productivity rise!

Remote workforce
We’ve heard it a million times before. Mobile workspace, digital workspace, modern workspace – whatever you want to call the ability to work from anywhere that isn’t the office – it’s the future of work. What’s new? Shockingly, there is more excitement around every corner in the tech world (I did say that it’s fascinating). The latest updates to Citrix Workspace were unveiled in May’s Citrix Synergy. It encompasses all of the usual things that you’d expect from a digital workspace; ultra-secure security, ultra-fast one-sign-in-works-for-them-all authentication, ultra-easy access to any of your files from any of your devices, clouds, networks. All that fun stuff. But the fun just doesn’t stop there. From collating collections of your favourite apps for quick sharing, universal search and – my favourite – using any screen as a presentation screen (no matter how big) just by using a QR code. I swear, it’s magic. And it really makes a difference.

Cyber security priority
WannaCry really wasn’t that long ago, but, even over a year later after the devastating attack, 66% of IT security pros have admitted that they haven’t improved their patch management systems. The biggest issue facing organisations when it comes to cyber security is the lack of progress and drive to be ahead of cyber threats. Terrifyingly, WannaCry was a Gen V-level cyber-attack. It’s terrifying because not only has tech advanced so quickly in so little time (the firewall is the cure for Gen II cyber threats), the majority of businesses are way behind. According to Check Point’s Cyber Security Generations Survey from March 2018, only 10% of IT security professionals are at Gen IV and, worse still, only 3% are at Gen V. If that doesn’t scare you, not much will. So it’s pretty clear; stepping up the digital transformation of your organisation is for absolutely nothing if you ignore the cyber security part of it because then you’re opening yourself up to more attacks. It doesn’t matter how careful you are, how much garlic you hang by the window or how much you trust that Starbucks Wi-Fi, there’s only one way to make sure that you’re protected.

Back up all of the things
Again, it’s one of those things that we hear over and over; backup is important. If there’s a fire; fire up (pun intended) your backup system. If there’s a flood; fire up your backup system. Attack of the tin-eating frogs; fire up your backup system. Backup is a major part of the digital transformation because it’s often overlooked. Everything is up and running and perfect and you just couldn’t imagine anything going wrong. There’s really no point in sorting out your backup after disaster strikes. And in this day and age, there’s no excuse – there are so many different types of backup and replication that can be used for disaster recovery. Here at Cetus, we favour replication – it’s the future of backup – and we proudly suggest our very own Continuum.

Digital transformation should be a top three priority for every organisation that wants to keep up and ahead of the curve. If any of the above sound too difficult for you, or if you need a bit of a refresh on any of them, why not have a quick chat with one of our experts to see what we can do for you? In the meantime, it’s worth looking into our
free business challenge consultation to help you navigate your business challenges, while here in the office we argue about the best tin of chocolate (it’s obviously Roses).

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Security, Uncategorized

What Would You do in the Case of a Cyber Attack?


2 Comments

A cyber attack. You’d get shivers down your spine just thinking about it. As more of our lives- both personal and professional- are being moved online, the threat of a cyber attack increases, and with it the repercussions it would entail. We all have firewalls, anti-virus software, a few bulbs of garlic by the window, all to keep the bad from coming in. But eventually, regardless of what measures you take (most IT professionals would not recommend the garlic), there will be a breach. Speaking in statistics, 83% of businesses believe that the complexity of their organisational structures and IT infrastructure is putting their company at risk. And just think about what you have online; so much of your personal life, and your business. While both are sensitive (though I personally don’t really mind if my chocolate-eating habits become public knowledge), the latter could really affect your business reputation. While we all know that an attack is a real possibility, a lot of businesses haven’t really put much thought into it, and haven’t put a contingency plan in place.
So, what should you do in the case of a dreaded cyber attack?

Don’t panic- find out what happened
First of all, breathe. Until you know exactly what has been hacked into, there’s no point in fearing the worst and losing your cool- you’ll need it going forwards. Now, it’s important to find out what exactly caused the breach, and fast. Speed is a priority, and might just be what saves your reputation. What data has been compromised? How much data has been compromised? It’s also vital to determine whether you’re looking at a malicious attack or a technical glitch.

Secure your systems
Now that you know what exactly you’re dealing with, you need to contain the breach. You might think that the first call of action would be to shut everything down. Push that big red button, sound the alarms, go into lockdown. This may not be the best idea though; the hackers could sense that you’ve cottoned on and that could in turn make it harder to identify the culprits. Using another device, change your passwords and logins- the hackers may have installed software to track and record your movements. Implement a firewall on the affected machine to prevent it from broadcasting outside of your building. If you try and track down the source of the attack it may leave you open to further attacks. This is where good business continuity comes into play; even ten minutes of system downtime can be extremely costly, so switching over to an unaffected back-up can help minimise financial impact. So, does your IT solution include business continuity? Have a chat with our experts at Cetus to alleviate that worry.

Call in your legal army
As soon as you discover a breach, call in your army- of legal defence. If you don’t have a company lawyer, now is definitely the time to get one. There are plenty of legal issues to be considered, including whether or not to inform the regulator. In The UK, we have the Information Commissioners Office (or the ICO, who are spear-heading the GDPR movement in the country). Protecting your organisation from claims of malpractice is paramount. This includes how you will be informing those customers of yours that are affected. Clearly, having legal defence to point you in the right direction is crucial. At this point, it’s important to begin keeping detailed records of everything that happened and your steps to resolving the issue. Everyone who is participating in the incident response needs to keep detailed, ongoing accounts of what steps are being taken and why, as well as any costs incurred as a result of the attack. Things of particular importance to note; all incident-related communications, the identity of the systems, services, accounts, network and data affected by the breach. Don’t forget to record all of the information that is related to the amount and the type of damage that has been inflicted.

Stay alert- it might not be over yet
This is the last thing you want to hear, but realistically, it might not be the end of the nightmare. I know you just want to start putting things back together and start healing, but with the variety of scams at the moment, you might not know what you’ve fallen into. Depending on the nature of your attack, there might be more suitable incident plans to minimise damage. Ransomware attacks are the most common forms of attacks recently, as criminals scare you into paying them for control over your computer. Get in contact with your leading anti-virus firm, they always keep on top of the latest attacks- you might not be the only victim. Just make sure to keep your other devices secure- the hackers are also able to attack tablets and smartphones!

Hearing the word get out
Be prepared- you might be in the press spotlight after the attack. This is another reason why it is so important to work quickly and ensure that you take all the necessary steps to detail what you do to contain the breach and how you work towards minimising the damage. You’ll need to have a tailored statement ready as soon as possible- if you don’t have an internal PR department it would be worth investing in external support. But before the press even start reporting on the story, it is wise to inform your affected- or potentially affected- customers. It’s not a nice prospect, but the sooner your affected customers know that their data was part of the breach, the sooner they can take measures to protect themselves.

Learn from the attack- investigate!
You’ve made it, hopefully with minimum breach and your reputation still standing. But now is not the time to celebrate- it’s time to learn from the incident. Carry out a full investigation, determining how it occurred, its affects and any remedial factors that would prevent it from happening again.

And there we have it. While a cyber attack isn’t on anyone’s wishlist, these are some of the best ways of dealing with the aftermath. Not in the middle of a cyber attack right now? Come talk to one of our experts today to complete a complimentary security posture review, where we will analyse network traffic to detect a variety of security threats including malware infections,
evaluate end-point security with focus on mobile device management,
assess any threats posed within your infrastructure such as east west traffic, and more.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Microsoft, Technology, Uncategorized

Future Decoded – The Microsoft Security Story


No Comments

Change has been the only constant in 2016 – with Brexit, and a change of prime minister, notably creating a great deal of noise and uncertainty around the future of the UK economy. With 44% of UK business leaders indicating their current business models will not exist in 5 years and predictions intensifying that we are entering the fourth industrial revolution, it is increasingly apparent that as businesses we must understand change, explore transformation and adapt in order to avoid extinction.

So, it came as no surprise the key theme of Microsoft’s annual UK event Future Decoded was centred on digital transformation. Whilst Microsoft’s core mission remains unchanged – to empower every organisation and every person to achieve more – the first day of Future Decoded focused less on the things we know that Microsoft do consistently well – providing rich user experiences, suites of applications, and intuitive interfaces, and instead cemented their strategy around security and proved how Microsoft are enabling business and digital transformation.

But it wasn’t just Microsoft’s strategy around security that took centre stage. During one of the opening keynotes, the Chancellor, Philip Hammond, formally launched the government’s new National Cyber Security Strategy, which sets out decisive action that we will be taking to protect the UK economy, the privacy of British citizens, whilst encouraging and equipping industry to prevent damaging cyber-attacks.

The Chancellor recognised that cyber security is one of the greatest threats to business around the world – with the global cost of crimes estimated at in excess of $445 billion. However, the Chancellor predicts that this new strategy underpinned by £1.9 billion of investment will position the UK as one of the safest places in the world to do business – perhaps a compelling reason for businesses to remain in the UK instead of fleeing in the aftermath of Brexit.

“If we want Britain to be the best place in the world to be a tech business then it is also crucial that Britain is a safe place to do the digital business,” The Chancellor said, “Trust in the internet and the infrastructure on which it relies is fundamental to our economic future.”

With data the currency of today’s world, a predicted 1 million new devices coming online per hour by 2020 and Microsoft opening UK data centres that deliver world-class reliability and data residency earlier this year, I was interested to explore how Microsoft’s security strategy has evolved. I was not disappointed.

During a breakout session, Microsoft illustrated exactly how they have upped their game, and integrated their products to create a solution which is seriously cool, effortlessly delivered, and oh… it’s available today when using EMS, Intune and Windows 10. Sophisticated security built on principles around user ‘identity’, facial recognition and multi-factor authentication, and integrated access and control policies, resulting in a solution that presents itself as simple, seamless… and can be completely self-provisioned by any end user (seriously it looked idiot proof… perhaps even I could replicate the demo – perhaps that’s a vblog for another time!)

Security has been one of the many, and important, focus areas at Future Decoded. Make sure you follow Cetus Solutions on LinkedIn, where over the next few days I will be posting additional blogs around some of the product announcements and updates, forward thinking around big data and AI, workspaces, Skype for Business, and migrating to Windows 10.

Speak to an expert