Don’t forget your phone when you think about cyber security
Our phones are a goldmine of private information. Just think of all the financial details, personal messages, banking apps, photos and contact information that live behind that little glass screen.
And if your team use phones for work, they’ll often have access straight into company systems – email, contact lists, network access, file systems. So if they’re not kept as secure as any other device in your workplace, they can become a gaping hole in your cyber security.
Criminals know this, of course, which is why they target us through our phones just as much as they do through our networks and servers.
But cyber crime isn’t the only concern. Just losing your phone, or having it stolen, can put your data at huge risk.
So, whether you issue company smartphones, or your employees use their own, you should make sure everyone implements some simple security steps to protect your data and avoid disaster.
Start with making sure your people set up a PIN and a biometric login (like a fingerprint or face scan) to open the device.
Only install apps from trusted sources to make sure you’re using genuine software.
And enable Multi-Factor Authentication on all apps that store even a small amount of sensitive data.
Be careful about where you connect to Wi-Fi. If you work remotely or often connect to public networks, consider using a VPN – a Virtual Private Network – to add another layer of security. You never know who’s monitoring traffic on a public network.
Finally, ALWAYS make sure your phone is running the latest version of its operating software, and keep all apps up to date.
Smartphones have changed so much about the way we live – at home, and at work – but it’s too easy to take them for granted. And that could be a costly mistake.
If you need help to keep your smartphones safe, just get in touch.
98% of Businesses Have Risky Cloud Configurations Issues
Are you leveraging the cloud to run your business operations? If so, then you're not alone — over 98% of businesses are using the cloud for workloads, enterprise resource planning systems and more. Unfortunately, many organizations have overlooked one crucial element: their cloud configurations. Contrary to popular belief, there is a real risk associated with misconfigured cloud environments. Incomplete or inaccurate configuration settings can create vulnerabilities that lead to data leaks and other security incidents that can negatively impact your organization and its reputation. Keep reading to find out how it happens and what steps you can take to protect yourself from potential disaster.
Cloud technologies are a revolution in cloud computing, enabling businesses to access enterprise-level network applications and computing platforms without physical servers or hardware taking up space. These cloud systems provide round the clock service with efficiency and minimal effort, but they are not without certain risks. According to recent data, 97% of cloud infrastructures have at least one misconfiguration setting, leaving them vulnerable to potential threats like data leaks, identity theft and malicious attacks. This highlights the importance of proper cloud security measures and demonstrates why cloud technology can be such a powerful tool if done correctly.
Misconfigured cloud technologies can be a real danger for many companies and organizations in today's digital world; if the proper protocols, firewalls, and security measures are not sufficiently put in place, the data stored on them can become vulnerable to exploitation. Without these safeguards, companies take the risk of their data becoming compromised and hackers impacting their operations or causing irreparable damage to their network, such as:
Data breaches
One of the most serious outcomes that can arise from misconfigured cloud technologies is a data breach. A data breach occurs when sensitive or confidential information is released to unauthorized individuals. A data breach can have a number of devastating consequences, including financial loss, damage to reputation, and loss of customer trust.
Compliance issues
Another possible outcome of misconfigured cloud technologies is compliance issues. Organizations that use cloud technologies are subject to a variety of regulations, such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. If cloud technologies are not configured properly, it could result in an organization failing to meet its compliance obligations, which could lead to hefty fines or even jail time for executives.
Poor performance
In addition to the potential for data breaches and compliance issues, misconfigured cloud technologies can also lead to poor performance. When cloud technologies are not configured properly, it can result in slow response times, downtime, and other technical problems. Poor performance can lead to a loss of productivity and revenue for an organization.
Another potential outcome of misconfigured cloud technologies is security vulnerabilities. If cloud technologies are not configured properly, it could leave an organization's systems and data open to attack from hackers or other malicious actors. This could result in a loss of confidential information, damage to reputation, and financial loss.
Increased costs
Finally, another possible outcome of misconfigured cloud technologies is increased costs. When cloud technologies are not configured properly, it can lead to wasted resources, such as storage space or computing power. This can ultimately lead to higher costs for an organization. With technology playing an integral role in business success, there is no denying its importance. Knowing the risks associated with different tech solutions is critical to ensure your business remains secure and compliant. It's important to work with a trusted partner who understands the complexity of the tech landscape and solutions which can protect you from risk.
At Tru Technical Partners, we have the expertise in security and compliance to make sure you're always taking advantage of new opportunities while not putting yourself at risk. Plus, our team can help prevent any potential reputational damage due to a data breach or cybersecurity incident. Let us help you create reliable IT solutions that will maximize value while minimizing risk into the future. Contact our team today and get started on creating robust IT systems to protect your business operations – and give yourself peace of mind moving forward!
Let’s start talking about AI
The whole world is suddenly talking about Artificial Intelligence.
From Alexa in your kitchen, to Siri on your phone, AI is already all around us, but new names like ChatGPT, Dall-E, Jasper and more feel like they’ve blown up the internet.
These new concepts take things WAY further, helping us to write articles, search the web with natural conversation, generate images, create code, and introduce new ways to make our daily lives even easier.
But emerging technology nearly always launches in a blizzard of geek-speak before it settles into everyday life. Early PC users might remember the ‘DOS prompt’. And when did you ever have to ‘defrag’ your phone?
Experts believe that these new AI tools will become the building blocks of a whole new world of tech, redefining the way we interact with computers and machines.
So let’s help you decode some of the terms you’ll hear this year.
Chatbot Starting with the basics, a chatbot is an app that mimics human-to-human contact. Just type or speak normally, and the chatbot will respond the same way. ChatGPT is a chatbot. If you haven’t tried it out yet, give it a go.
Deep learning This is the technique that’s used to imitate the human brain, by learning from data. Current search tools and systems use pre-programmed algorithms to respond to requests. AI tools are trained on concepts and conversations in the real-world, and learn as they go to provide human-like responses.
Machine intelligence The umbrella term for machine learning, deep learning, and conventional algorithms. “Will machine intelligence surpass human ingenuity?”
Natural Language Understanding (NLU) helps machines understand the meaning of what we say, even if we make grammatical errors or speak with different regional accents.
Weak AI is the most common form of AI in use right now. Weak AI is non-sentient and typically focuses on a single or small range of activities – for instance writing, or repurposing video content. Strong AI, on the other hand has the goal of producing systems that are as intelligent and skilled as the human mind. Just not yet.
This is just the tip of the iceberg, but trust us – you’re going to be hearing a lot more about AI in the months and years to come.
If you’d like more help to understand how AI might form part of your business, just get in touch.
Cyber attacks are getting bigger and smarter. Are you vulnerable?
Have you ever tried to buy tickets for a huge event and found that the seller’s website has collapsed under the weight of thousands of people all trying to do the same thing at the same time?
The ticket site falls over – usually temporarily – because the server is overloaded with traffic it doesn’t have the capacity for.
Criminal Distributed Denial of Service attacks – DDoS, for short – exploit the same principle.
When a DDoS attack targets a business, it floods it with internet traffic in an attempt to overwhelm the system and force it to fail.
This results in the business and its customers being unable to access services. That may trigger a temporary failure, or it could be more serious. Last year, the average DDoS attack lasted 50 minutes.
That may not sound like a long time, but it’s enough to create angry customers, or to bring business to a grinding halt. And downtime can be costly.
The really bad news is that DDoS attacks are not only lasting longer, but they’re becoming bigger, more sophisticated and more common.
Recently, the biggest ever reported DDoS attack was reportedly blocked. At its peak, it sent 71 million requests per SECOND to its target’s servers. Prior to that, the biggest reported incident stood at 46 million requests per second.
Worse still, more businesses are reporting being targeted by DDoS attacks where criminals are demanding huge ransoms to stop the attack.
What does this mean for you?
It’s important you check all your security measures are up-to-date and working as they should be. Are your firewalls up to the task, with DDoS monitoring and prevention tools set up? And is your team fully aware of the importance of staying vigilant?
We can help make sure your business stays protected. Just get in touch.
Published with permission from Your Tech Updates
AI is making phishing scams more dangerous
AI chatbots have taken the world by storm in recent months. We’ve been having fun asking ChatGPT questions, trying to find out how much of our jobs it can do, and even getting it to tell us jokes.
But while lots of people have been having fun, cyber criminals have been powering ahead and finding ways to use AI for more sinister purposes.
They’ve worked out that AI can make their phishing scams harder to detect – and that makes them more successful.
Our advice has always been to be cautious with emails. Read them carefully. Look out for spelling mistakes and grammatical errors. Make sure it’s the real deal before clicking any links.
And that’s still excellent advice.
But ironically, the phishing emails generated by a chatbot feel more human than ever before – which puts you and your people at greater risk of falling for a scam. So we all need to be even more careful.
Crooks are using AI to generate unique variations of the same phishing lure. They’re using it to eradicate spelling and grammar mistakes, and even to create entire email threads to make the scam more plausible.
Security tools to detect messages written by AI are in development, but they’re still a way off.
That means you need to be extra cautious when opening emails – especially ones you’re not expecting. Always check the address the message is sent from, and double-check with the sender (not by replying to the email!) if you have even the smallest doubt. If you need further advice or team training about phishing scams, just get in touch.
Is your security focusing on the right things?
To protect your home from an intruder you make sure your doors and windows are all locked and secured. You might go further: build a fence around the perimeter, perhaps even get an angry-looking dog to stand guard.
But there’s no point going to all that effort if someone’s already broken in and set up camp in the basement.
Yet that’s the security policy of thousands of big businesses trying to protect their data from cyber criminals.
They do many of the right things. They invest in security software. They take a strong, multi-layered approach to security – including all the things we recommend, like multi-factor authentication, encryption, reliable backup systems and staff training.
But they don’t pay enough attention to detection and response. That involves constantly scanning systems for any sign that a crook may have gained entry somewhere, and having a process to stop an attack in its tracks.
A new study shows that only a third of businesses place detection as their main priority, while two thirds say prevention is their primary focus.
That means, they could be building 10-foot walls around their systems with intruders already inside.
In-house security teams might be super-confident in the security measures they’ve put in place. But the data suggests that they’re being too complacent. The study reveals that more than eight in ten businesses experienced more than one data breach last year – even with good security in place.
Criminals are constantly finding ways to evade security. That tells us that we need to take a rounded approach, with strong prevention AND detection policies providing the best protection against today’s determined criminals.
If you need world-class security, get in touch today.
Young employees have different attitudes to cyber crime
A new study has revealed that a host of worrying online behavior has become almost normalized among many young people. And much of this activity is illegal.
We’re not talking serious cyber crime such as ransomware attacks or stealing data.
But one in three 16 to 19-year-olds have admitted to digital piracy; and a quarter have tracked or trolled someone online.
Most of these behaviors may not directly affect your business. But some are so commonplace that too many young people view them as a part of everyday life.
That’s not something you want them bringing to work.
Casual software piracy or illegal downloads on devices used for work could open the door to a massive security breach.
The answer is simple: Hold cyber security training for all your employees on a regular basis.
This training should:
- Highlight the impact of bad online behavior and potential for security breaches
- Help everyone understand how this kind of activity can harm people – and your business
- Make everyone aware of the scams and attacks that your business is vulnerable to, as well as the part they play in keeping everyone protected
- Make the consequences clear for anyone found to be engaging in this behavior
If this is something you need some expert help with, it’s what we do. Get in touch.
Take action to avoid a devious new phishing scam
Another day, another scam. And this is a sneaky one.
Cyber criminals are getting smarter. This recent malware threat is unusually smart. It impersonates a highly trusted brand name to get a foot in the door.
Targets receive a convincing looking email that appears to come from a widely used e-signature platform.
Attached to the email is a blank image that’s loaded with empty svg files, which are carefully encoded inside an HTML file attachment (stay with us here).
In short, it’s very clever and it’s tricking its way past a lot of security software.
That puts businesses like yours at risk. Because code within the image sends people to a malicious URL.
Open the attachment and you could unwittingly install malware onto your device – or even your network – which risks exposing your data and leaving you open to a ransomware attack.
Recently, there’s been a wave of HTML attachment attacks on small and medium sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals.
If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments.
There’s a reason why the criminals have chosen to impersonate a trusted name.
Taking things a step further, you could block all emails with this type of attachment, to prevent employees from being exposed to scam emails in the first place.
If you’d like any further advice, or help implementing extra security measures, get in touch.
When did you last have a health check?
How’s the January health kick going?
Lots of us take our health seriously – once a year, anyway – and it’s good to spend time thinking about whether you’ve been looking after yourself (and better still, doing something about it).
Your doctor would probably like to see you once a year for a health check, just to pick up any small problems and stop them getting worse.
It’s exactly the same principle with your technology.
So why not book in for an IT check-up, to make sure everything’s in great shape for the journey ahead?
You do this for yourself, you do it for your car, and it’s a good plan to think the same way about your workplace tech. Because it might have to work pretty hard in the year to come.
Getting everything checked out now will pay dividends later.
We’ll help to pick up any minor-but-urgent fixes that could help prevent a disastrous breakdown in a few months’ time. Sometimes a simple software update will speed things up dramatically – which means less time watching the egg timer!
If there are bigger, but non-urgent jobs that you can safely leave for another day, we’ll tell you that too.
And if you’re all good to go, you can carry on with confidence.
It may even be a great time to think about new technology and prioritize your IT projects. Do you know what you need to prepare for if you want your system to develop as your business grows? That could be something as simple as switching to cloud storage, or it could be a larger project, such as digital transformation.
Our experts carry out top-to-toe IT health checks for all kinds of businesses, and we’ll give you honest, jargon-free advice on the best solutions for a trouble-free tech set-up.
To book your check-up, get in touch.
Are your younger employees experiencing ‘tech shame’?
Younger workers may have grown up using Snapchat, TikTok and Minecraft, but they’re not always equipped with the skills they need to adapt to the workplace.
A recent study has found that one in five employees aged 18 to 29 feel judged when they encounter technical issues at work. That’s compared to just one in 25 employees aged 40 or over.
The solution may lie in providing better training, not just for younger colleagues and first-jobbers, but for the whole team. Some Gen Z workers may have started their careers during the pandemic. That means they will never have experienced anything other than a digital working environment. Especially if they work remotely or in a hybrid role.
As well as fixing any skill gaps there may be, whole-team training can provide a much-needed confidence boost for young employees.
Another consideration is the provision of tools and devices your team has access to – especially if they’re working remotely.
Younger workers with less available income to spend on home office equipment may be less likely to speak up if they’re struggling.
Simply checking in with employees – particularly if they’re not in the office – can make a big difference to their engagement, productivity, and confidence. If there are any issues, big or small, find a way to put them right, and you’ll notice a positive shift in the whole business.
If you’d like any advice about tech shame or help with training, boosting efficiency or sourcing equipment, we’re here when you need us. Just get in touch.
A little trust can go a long way
Countless employers still don’t trust their people to do their best work unless they’re physically in the office. But while managers may be struggling to adjust to our new hybrid world, this perception is a long way from the truth.
Research from around the world reveals that greater flexibility from remote and hybrid working often results in a major boost to productivity. Yet still some firms are bringing back an office-only policy.
Employers may be grappling with the fallout of the last few years and hoping that a return to the office will result in a post-pandemic productivity boost.
But seeing as hybrid workers show improved morale, greater creativity and better collaboration (compared with pre-pandemic levels), this could be a big step in the wrong direction.
Big Brother will never be popular
Some businesses have increased their employee monitoring to try and track performance. But this is often perceived as a Big Brother tactic that ends up having the opposite effect – a drop in productivity, a lack of trust, demoralized teams, and a greater feeling of ‘us and them’.
All businesses need to understand how they are performing and decide which metrics give the best insight into productivity. But this has to be done in a way that doesn’t leave employees feeling like cogs in a machine.
So what’s the answer?
There is some clear advice for building a productive and successful hybrid environment:
- Encourage people to work in the way that’s best for them
- Find the right ways to measure performance – without people feeling like they’re constantly being watched
- Automate repetitive tasks to free up your team’s creativity
- And provide everyone with the tools and tech they need to do their job properly. That could include choosing the right devices, using communication tools that aid collaboration, and making the right connectivity choices.
We can help with all of this.
So if you’re having trouble adjusting to a hybrid world, get in touch – we’re here to help.
Windows is the prime target for cyber criminals
With its huge dominance in the workplace, Microsoft’s Windows has become the prime target for cyber criminals. They’re looking to access your information, disrupt your business, or hold your data to ransom.
Tens of millions of attempted malware attacks were discovered throughout this year, and a massive 95% of those threats were targeted at Windows.
The vast majority of attacks are unsuccessful, but those that do succeed can create havoc for the affected businesses. So you need to be sure that you’re taking all possible precautions to protect your business and your data.
- Hardware and software companies release regular updates to address threats to Windows users, as well as security patches designed specifically to deal with new risks. These should all be installed as soon as they become available.
- Your people should be regularly trained in how to spot cyber security threats and what to do if they suspect one.
- And because it’s not possible to protect every business from 100% of all threats, it’s also important that you have a strong resilience plan in place.
This should detail exactly how your business should react if it falls victim to a cyber attack and who should be notified to take action. Everyone in the company should have access to this document and know to report any potential attack as quickly as possible – that’s the best way to lessen its impact.
If you have an IT service provider, they’ll be able to make the best recommendations to keep your business safe and secure, train your people, and even provide monitoring to spot any potential danger before it becomes a problem.
This is something we do every day. So if we can help your business become more resilient, just get in touch.
Published with permission from Your Tech Updates.