Archive for Email

How the Bad Guys Get Your Password

How to make your passwords better

Passwords are essential to your safety, but like everyone else you probably have dozens of passwords to remember. So, you might take shortcuts – but taking advantage of this is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Also, some people don’t change the default passwords on their devices and this can be dangerous.

So how to make your passwords stronger?

Avoid the obvious passwords

When you have to create a password, make an effort. Steer clear of simple, easily guessed patterns – an ideal way of getting a good password but one that you will remember, is to think of a word (or combination of words) and change letters for numbers and special characters such as exclamation marks. For example, instead of “strongpassword“, make it “sTr0NgpassW0rd!”

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Be careful what you share on social media

Always remember that as well as updating your friends and relatives, you are potentially updating cyber criminals, giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access, which makes it more important to have a good password (see above).

Don’t duplicate passwords – Company data breaches

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts, so try not to duplicate!

Not only that, a major broadband company in the UK was hacked and millions of accounts compromised, so it can happen here too.

It can be overwhelming to remember all your passwords, and that’s also why you should use a password manager to keep track of it all for you – for more information see our previous Blog page about Passsword Managers.

‘Phishing’ – it’s not what it seems

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar ‘phishing attack’ – something pretending to be from a company but is in fact a fake. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Pay attention to who is sending the email and hover the mouse over the link to see where it actually ponts to. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link. Many times, you will see that it is not the internet address that you would expect, such as instead of barclays. co.uk it is abcdef.barclays.co.uk.

The most important thing to remember is that if you are in any way not sure, pick up the phone to your bank (or other company involved) to verify that the email is from them. As a rule of thumb, try not to use links in emails as fake web pages can be very convincing.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact us on 01455 209505.

Managing Your Email Better

Managing Your Email

A staggering 269 billion emails are sent every day. In fact, the typical business employee in 2018 received 90 emails (excluding those pesky spam emails of course), and sent out 40 – and each year the figure goes higher.

Email is a powerful tool but it can easily get out of hand. Here are five strategies for better email management.

Don’t start your day with email.

Many people do, it’s how they set up for the day. However beginning the day with a cup of coffee and clicking through your Inbox, can backfire. Many of those emails become items on your to-do list. You can put off important tasks from your day responding to other people’s requests.

Try to plan your day around your needs first. Even do some of the more important tasks, before diving into that Inbox!

Think twice about checking email constantly.

It’s tempting to open emails as soon as they arrive, but aim to tackle your Inbox when you have the time to take action. If you open an email planning to get back to it later, you’ll likely forget. When you have to revisit an email to remind yourself what it’s about, you’re doubling the time you spend on that message.

Avoid interrupting your momentum by turning off email alert notifications and phone badges. Instead, try to set regular times to read and respond to accumulated emails.

Write clear, concise emails.

Avoid contributing to someone else’s Inbox chaos by providing as much relevant information as possible. Now, that doesn’t mean writing a War and Peace-length email – just focus your message for your audience, anticipate questions, and answer in that email.

Starting the message with an informative subject line can make a big difference too, rather than a generic one, e.g. instead of having a subject line saying “Update” and then going into your email, say what the Update is about, so that the person at the other end knows what it is and when to open it.

Save time with reusable messages.

You often end up answering the same questions over and again. Create templated emails that you can have at the ready to provide relevant details. Depending on your email software, this capability may be built in or you may need to add a plug-in.

Use filters and folders to sort email.

Learn how to use automatically filter your messages into the appropriate folders. For example, if the email is from accounting@yourbusiness.com then send it to your “Accounting” folder. This can save hundreds of hours a year. The better your folder system, the less time you’ll spend looking for specific emails the you need them.

In Outlook, you can also set up a filter to change the colour of email for different senders. Your boss could be red, and you’d know to handle that one first. Also save time by setting up strong filters for junk and spam.

Unsubscribe from mailing lists that you don’t need any longer, although be careful here that you are unsubscribing from emails that you actually subscribed to in the first place! Some spammers send emails with ‘unsubcribe’ links, but if you click on that link, you are merely confirming to them that you have a valid and active email address for further spam.

Cleaning out the clutter can make your Inbox much less overwhelming.

Email is an essential tool today, especially in business. Don’t let it become a drain on your energy and attention. Make the most of the time you spend in your Inbox with smart strategies for email management.

Need help selecting the right email or setting up useful mailbox management tools? Give us a call on 01455 209505.

Has Your Email Been Hijacked?

Has Your Email been Hijacked?

A common problem found by some customers in recent months has been spam emails appearing to come from their own accounts.  Despite not knowing why, there are reports of friends, family, and contacts receiving spam email that appears to come from them and this has understandably worried many people.

Some have had their accounts suspended or shut down by their service providers as a result.  For many, this experience can be highly disruptive as well as worrying. It’s a problem that can cause many issues in both your professional and personal life.

The key to defence is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.

Hackers Using Your Email Against You

Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.

One of the most efficient ways they do this is by hijacking ready-made, trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.

Unfortunately some of the things which make emailing fast and easy to use, means that details such as those in the ‘From’ field, are easy to fake. A hacker might change the ‘From’ information to make it appear as if the email comes from anyone, simply by creating an account in that name in an email program – the details of the real sender are usually hidden away in something called an email header.

Defending yourself against this kind of misuse is difficult but you can help yourself by being cautious and if you believe something to be out of place, such as a strange ‘Subject’ title or attachment, you can try to verify that an email, even one you expect to receive, does come from the person that you believe it to be from. If you have any doubt, give them a quick call to verify – if their emails have been hacked, then they will appreciate the warning.

If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be.

Stolen Credentials

Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers (for example see previous Blog post here).

The value of these details comes from the fact that most passwords are unlikely to have been changed, the details attached to them are trusted, and often get hackers access to additional services too.

It is unlikely that you will know about every single hack incident that happens to a company that you use, so change passwords regularly.

How To Detect an Email Intrusion

It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.

The first sign to look out for is a large number of unexpected emails in your Inbox. These are likely to be replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.

Keep a close eye on unexpected emails appearing suddenly in your Outbox. A hacker may be ‘spear-phishing’ (pretending to be from a trusted source) to someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.

A typical example is a business that receives an email from another business, stating that their bank details have changed and to make payments using the new bank details. Whenever you get an email like this, then always verify with the sender.

Do bear in mind that extra emails in your Inbox or Outbox do not happen every time, so the absence of these emails does not mean that you can relax your cautious approach.

Protecting Yourself Against Hackers, Attackers, And Hijackers

Sometimes your computer might have been compromised to give hackers access to your services, or malicious software may have infected your machine to steal data and infect your contacts. So in the first instance, use a good (and preferably not just a free version) of an Internet Security program.

Take extra care to change your passwords if you believe your email has or may have been accessed by hacker. Use a different, more secure password for your email than you do for every other service, such as using a mixture of capitals, numbers and special characters. Your email account is often the key to accessing many of the services you use most, so you need to protect it as much as you can.

Run a virus scan and maintain security updates. If you think your computer could have been infected, have your machine and services looked at by a professional if you believe there is a risk that your data is being used.

Business Email Users can Authenticate their own Email

If you have your own email service, you can enable various email authentication methods such as SPF, DKIM and DMARC which are ways that your genuine emails can verify that they are genuine – helping to make it more difficult for someone to pretend that they are you. It also has the added benefit that it helps you pass through spam filtering.

Unfortunately, some email services (especially at the cheaper end of the market) don’t check for these authentications, so you do need to be a little bit choosy about which email service you use.

If you think your email could have been hijacked, or your details used elsewhere, give us a call on 01455 209505.

Don’t Fall Victim to Webcam Blackmail

Don't fall Victim to Webcam Blackmail

Many customers have reported recent scam messages from individuals claiming to have intercepted their username and password. These messages often state they have been watching your screen activity and webcam while you have been unaware.

Typically, attackers threaten to broadcast footage and your web browsing details to your contacts, colleagues, or social media channels. Demanding payment in Bitcoin payments, malicious hackers blackmail their victims to keep confidential information private.

Where Have the Attacks Come From?

In many cases where hackers have claimed to have a victims’ password, this has turned out to be true, but usually its not because you have been hacked – but rather that a company you have had dealings with has.

In the last few years alone, many large websites have suffered enormous hacks which have released confidential details on many of their users. LinkedIn, Yahoo, Myspace and TalkTalk all suffered massive and devastating hacks. Some users of these services are still feeling the consequences today.

The details leaked from these sites, and others facing the same issues, are sold online for years after the initial breach. Hackers buy username and password combinations in the hopes of reusing them to access services, steal money, or blackmail their owners.

How to Respond if You get One of these Emails

If you have been contacted by one of these hackers, it is a scary reality that they could have access to your credentials, data, and online services. That said, accounts that share the same password should be changed immediately. Security on additional services you use should be updated too.

The only thing you can do in response to this type of email is to ignore it. This “we recorded you” email is a scam made much more believable because they probably do have one of your real passwords gained from a site hack, but that does not mean that they have access to your computer or Webcam.

Self Defence On the Web

When using online services, a unique password for every site is your number one defence. A good password manager program makes this practical and straightforward too.

Using a different password for each site you use means that hackers can only gain access to one site at a time. A hack in one place should never compromise your other accounts by revealing the single password you use everywhere – unfortunately we still do come across customers that only use one password for everything.

Often, people think that maintaining many passwords is hard work or even impossible to do. In truth, it’s almost always easier to keep tabs with a password manager than it is to use the system you have in place today.

A high quality and secure password manager such as LastPass, or 1Password, can keep track of all your logins efficiently and securely. They often offer the chance to improve your security by generating random and strong passwords that hackers will have a tougher time cracking.

Password management services offer a host of features that help you log in, remind you to refresh your security, and make your safety a number one priority. After using a manager for just a short time, you can be forgiven for wondering how you managed without it.

If you think you might have been hacked already, or want to prevent it from ever happening, give us a call on 01455 209505 to help update your security.

CSH Computer Services is a local business providing PC and Laptop repair and I.T. support services to Homes and Businesses. We are based near Lutterworth, Hinckley and Broughton Astley in Leicestershire and provide a full range of services, from PC and Laptop repairs, PC and Laptop upgrades, sales of new computers and workstations plus business network support. We also provide Virus and Malware disinfection, Broadband installation and troubleshooting, data recovery, Wireless networking and troubleshooting, plus much more. We work in and around the whole Leicestershire area and can be seen daily in Lutterworth, Hinckley, Broughton Astley, Market Harborough, Nuneaton, Rugby, Leicester and surrounding areas too.

How to Avoid Email Overload

How to Avoid Email Overload

Email has allowed us to send and receive messages more easily than ever before. While this is a good thing, it can also lead to problems. We regularly see people that receive dozens or even hundreds of emails in a day. At this point, it can feel like you’re wasting your entire day dealing with those incoming messages.

Even worse, it makes it difficult to find important messages in your Inbox. You can quickly become overloaded with emails, especially as it is estimated that over 70% of global email is actually ‘Spam’ emails.

So how can we deal with this overload? The first step is to reduce the number of emails you receive overall and then do what few people do – manage what you keep in your Inbox! There are a few ways to do this.

Don’t just delete Spam emails – mark them as Spam first.

We have found that most people just delete spam emails when they receive them, which is the wrong thing to do, as you need to mark them as spam to get them rerouted or blocked altogether. If you don’t, emails from that address will just keep on coming.

Whether you are using an email program or just getting your email through a web browser, if you get a spam email, mark it as spam. That way your email program will automatically put it straight into your ‘Junk’ email folder and your email company will do the same if you are using an internet browser.

Restrict who you give your email address to.

Many people have at least two email addresses – one for everyday use for family and friends and one that they use just for giving to companies that they do business with. For instance, it can be useful to give a separate email address when buying things, such as at shops or online, because that way your personal (or business) email address doesn’t get so cluttered with commercial emails trying to sell you something.

Don’t forget that many companies also sell on your email address to their ‘selected partners’ that you have never dealt with before, so you may get even more emails from companies you have never even heard of.

It’s important to think carefully about who you give your email address to. For example, if you enter a lot of contests, this often automatically subscribes you to several email campaigns. If you type your email into every popup box asking for it, these add up. Reduce who you give your email to.

Unsubscribe

Go through your Inbox and unsubscribe to newsletters that you never read. If you haven’t opened one of their emails in months, chances are that you’re probably not going to start to any time soon. Similarly, if you are getting emails that you are not interested in any more, unsubscribe – it should only take seconds to do.

Turn off notifications from social networks such as Facebook, Twitter, and Pinterest – if you like emails from these networks, then at least adjust the settings so they email you highlights once a week or month rather than allowing them to spam your Inbox several times per day.

Do you need that notification?

If you receive emails that contain information that you can find elsewhere, switch those notifications off. For instance, you might run an e-commerce website that sends an email for every sale. If your website already has a record of this, you don’t need it in two places.

Make sure not to use your email as a to-do list. When you need to remember to do something, put that on a list elsewhere such as an online calendar, to help clear up your Inbox. If this is a hard habit to break, at least make a folder for things you need to do and move emails there and out of your general Inbox.

Change your email habits

Change your own email sending habits. If a topic is complex and will require a lot of back and forth conversation, consider discussing it in person or over the phone. Sending fewer emails will reduce how many you receive in return. Remember that you don’t need to respond to every email you receive. A response indicates a willingness to continue to conversation.

Resist the urge to send messages with a single word like “Thanks!” or “Ok” and you’ll notice others will stop sending you similar, unnecessary messages. When sending group emails, you can also remind others not to use “reply all” unless it’s information relevant to the entire group.

Start clearing emails out

This is the big one, that everyone just keeps putting off!

Start emptying out your Inbox and getting rid of any old emails you don’t need to keep. Using the word “need” is deliberate – you have to be selective about the emails that you keep. Delete old calendar invites, advertisements, or any emails where the problem has already been resolved. Respond to any messages that can be answered within only a few minutes.

Archive messages where you can so they are not clogging up your main Inbox – you can search and find these later if necessary – this has an added bonus because it can actually speed up Outlook if your archive folder is not open all the time. Put other emails into folders based on the type of email and the priority level.

From now on, all of this can be automated. You can have receipts automatically go into a receipt folder, calendar invites go into another, etc. A cluttered inbox can lead to your mind feeling just as cluttered so free up your Inbox to create more time for yourself. Let email overload become something of the past.

If you need help with your emails, give us a call on 01455 209505.

Why You Need 2-Factor Authentication

Why you need 2-Factor Authentication

You hear about hacks all the time, whether its major websites who have had data leaks containing email and passwords, or computers getting infected and login details for bank accounts and credit cards being obtained. In the worst cases, identity theft occurs because it is an easy crime to commit with a high reward.

Why Passwords are Not Enough Anymore

In 2018, the passwords you used to trust to keep the bad guys out of your accounts, are simply not enough anymore. Cyber attackers now use methods such as ‘phishing’ (pretending to be trustworthy), ‘pharming’ (redirecting to a fake website), and keylogging (monitoring keyboard strokes) to steal your password. Some have the power to test billions of password combinations.

If you’re like the majority of people, you use the same password for several websites. That means anybody who has figured out that password has access to everything you’ve logged into with it. In a time when it is extremely easy to look up what a person named their first pet or high school mascot thanks to social media, such security questions aren’t much help.

Consider how a jewellery store operates. They don’t simply keep their valuables locked away with one key. There are alarms ready to be triggered, motion detectors, and sometimes even bars on the windows. Your data is valuable, just like jewellery. You need more than one line of defence to protect it.

What is 2-Factor Authentication?

In the computer world, your second line of defence after your username and password combination is called “2-factor authentication.” 2-factor authentication is a way to double check a person’s identity by sending a text or email code to confirm that the person logging in, is the genuine person. No code – no login.

It is sometimes referred to as ‘multiple-step’ or ‘multi-factor’ verification, depending on the company using it.

This can be enabled every time a person logs in or just under certain circumstances. For example, signing in from a new device or different country might trigger 2-factor authentication.

Many of the services you may already use, such as Facebook, Gmail, and more, have 2-factor authentication options already. If your bank has ever sent you a special code through text or email to enter before logging in, you’ve already used a type of 2-factor authentication. They can also be in the form of a smartphone app or a physical electronic dongle.

2-factor authentication is absolutely crucial for online banking, email, and online shopping such as Amazon or PayPal. It’s also a must-have for cloud storage accounts (like Dropbox or Sync), password managers, communications apps, and productivity apps. This is especially true if you frequently use the same passwords for different websites and apps.

When should I use it?

Clearly, as much as possible. Some may consider 2-factor authentication unnecessary for social networks, but these are actually very important to keep safe. For ease, a lot of websites and apps allow you to sign up through your Facebook or Twitter account so you need to keep these networks safe, so that somebody with your password can’t suddenly get into every account you have linked.

The point of using 2-factor authentication is to make hackers’ lives harder and prevent them from getting into your accounts. If they have captured your login username and password, they still need a second device to get in, especially when the computer or phone they are using has never logged into your account before. This makes it significantly more difficult for anybody to breach your account.

Plus, if you receive a notification with a special code to enter for logging in, and you weren’t trying to log into that account, you have a good signal that somebody else was trying to get in. That means it’s time to change that password and be grateful you had 2-factor authentication.

It’s unfortunate that there is currently an abundance of skilled hackers ready to take advantage of those unprepared. Luckily, you can still stop them -even if they have your login information at hand. 2-factor authentication is one of the easiest methods to keep your accounts safe.

If you want help in securing your accounts, give us a call on 01455 209505.

Should You Pay for a Ransomware Attack?

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you can no longer access them, so you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone.

Here’s what you should consider if you’re ever in this situation.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key or that it will even work? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands.

If they do send the decryption key and you successfully decrypt your files, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact of a Ransomware attack?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation.

On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact.

The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.

There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals (remember the NHS Ransomware incident not too long ago) are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits.

They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data.

It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

Can you prevent Ransomware attacks in the first place?

There may have been a time when you didn’t have to consider ransomware as an issue and just had to have some form of basic antivirus service running on your computer – but unfortunately this is no longer the case. You need a good security system in place that includes some form of ransomware protection.

Ransomware is constantly evolving and security is always playing catch-up, so go for the best performing security system – not necessarily the cheapest.

Reduce routes of infection

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee.

We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, we can help! Call us on 01455 209505.

Fake Invoice Scams are on the Rise

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors or suppliers that you actually use.

Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:-

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore.

The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

We have come across two small business customers recently which have been affected by this scam, locally in Lutterworth and Burbage, so it does happen to businesses of all sizes.

You may well be thinking that you would not be caught out by this – but can you say that about all your employees?

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks (or some other well known accounting package), making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches.

While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Third party spam filters on top of your security software may also help.

Then, consider implementing a simple set of procedures regarding payments.

These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorisation for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed.

Also consider placing a message on your email signature which includes the warning that you would never advise of a change your bank details by email – only by phone or personally – to help prevent other people from falling for it.

Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

If you need help to increase your security, talk to us today. Call us on 01455 209505.

Phishing – What Is It and How to Avoid It

Phishing – What Is It and How to Avoid It

There’s always some IT jargon to contend with and here is another one – ‘Phishing’ – but you do need to look out for it. ‘Phishing’ is the attempt to obtain your personal information (login details, credit cards etc.) by someone pretending to be someone trustworthy in an email or other electronic communication.

Typically, they may try to get you to a website which may look completely legitimate and identical to the genuine website, such as a bank, and there they get you to disclose information that they want for their own purposes. On the face of it you may read this and think “They wouldn’t catch me out”, but they are very good at what they do and can be very persuasive.

A single click can be the difference between maintaining data security and suffering financial losses and not just personal bank accounts – businesses are especially vulnerable. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

As well as being vigilant, here are a few tips for things to look for :-

1. Poor spelling and grammar

While occasional typing errors happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through reviews where errors are caught and corrected. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is possibly fraudulent.

2. An offer too good to be true?

Free items or a lottery win sound great, but when the offer comes out of nowhere and with no catch? Take care not to get carried away and do not click without investigating deeper. Remember, this can look as though this is coming from anyone that you may actually happen to deal with – your broadband provider, bank or any other source – and the criminals have just struck lucky in your case that you are an actual customer.

3. Random sender who knows too much

Phishing has advanced in recent years to include ‘spear phishing’ (more jargon!), which is an email or offer designed especially for you or your business. Culprits take details from your public channels, such as a recent function or award, social media, etc. and then use it against you.

The only clue can be that the sender is unknown – they weren’t at the event or involved with you in any way. Take a moment to see if their story checks out.

4. The Website address or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]. This technique is also used in search engine listings where someone pretends to be a company.

Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.

5. It asks for personal, financial or business details

Alarm bells should ring when any message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can check using established, trusted channels such as calling the company using a telephone number that you know is genuine.

Take care if using a search engine to get the number – ensure that the information comes from the genuine website (see tip No.4 above).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind – especially if you are running a business.

Give us a call on 01455 209505 to discuss how we can help secure your system against costly phishing attacks.

Business Security When an Employee Leaves

Security after an employee leaves

We have seen businesses which have experienced issues after an employee has left their job – either when leaving voluntarily or otherwise – and any in many cases it is because no-one has considered the potential for disruption caused by I.T. when staff are leaving.

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when they leave? What effect can their leaving have on the security of the business? Nobody likes to think of this but nonetheless, it’s a responsibility every business owner and manager must face at some point.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage the hand-over to their replacement so that your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion.

Either way the risk to your business remains high until action is taken.

Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented a huge amount of  business information on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed.

A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees should appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour.

Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps, for example as we found a local business in Lutterworth had an ex-employee still accessing their work email address!

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee has left, if at all. Unfortunately, this is the one type of delay your business can’t afford.

In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially if they leave to start their own business or work for a competitor. Having a contract preventing an employee from setting up in competition with you does not prevent someone getting a copy of the customer database.

It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support staff often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc.

Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage and hassle you’ll experience. The best option is to change passwords fast as this lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your password risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text.

Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they leave, you can use the dashboard to see who is having access to what and add/revoke permission at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

Having a procedure in place when an employee leaves, as well as a review of your employees access levels can prevent a lot of disruption in the future and is a worthwhile investment in your time.

We can help you set up password management and lock down your network. Call us on 01455 209505.