Author Archives: DPG News

Ever wondered if your apps are spying on you? Now you can find out

It’s no secret that some applications are a little too interested in us and what we’re doing.

We’ve all had this experience. You might be talking to a friend about a new product that you’d like to try. Or perhaps you’ve discussed somewhere you’d like to visit.

Then the next time you go online you see adverts for the exact things you were talking about.

It’s more than a coincidence, surely???

Until recently, we haven’t had a lot of control over what information our apps are gathering about us.

Android and iOS first stepped up to give us more power over our online privacy. We were given the ability to control which apps could access our data, and sensitive things like our camera and microphone.

But while it’s easy to think of this only being an issue with phones… laptops have the same problems.

So here’s some great news. Microsoft’s testing a new feature in Windows 11 to put the power back in our hands.

It’s currently testing a new feature – called Privacy Auditing – which allows you to see which applications have been accessing sensitive hardware, like your webcam and microphone.

You’ll also be able to see if your screenshots, messages, and even your contacts and location data have been accessed. And there’s a log of which apps accessed this info, and when.

When launched, the feature will be available in your Privacy & Security menu, under App Permissions.

There you’ll be able to see a full list of what’s been accessed, by which app, and when. It should become your first port of call if you suspect any suspicious activity is taking place on your device.

When the feature is released, it will be a great tool to check periodically to help you avoid malicious activity and to make sure your sensitive data remains in the right hands.

In the meantime, if you’d like someone to look over the data permissions on your business’s devices, get in touch.

  Download our latest business guide here!

Your business is losing hundreds of hours to spam every year

Spam emails. Everyone hates them.

It’s not just the emotional pain of clearing spam from your inbox. Having to do that is a real productivity killer, too.

A recent report found that each one of your employees could be losing up to 80 hours each year, thanks to filtering and deleting spam emails.

That’s a LOT of lost productivity.

Anywhere between 45% and 85% of emails generated each day are spam emails. And worryingly, that also includes malicious emails and those hoping to infect you with malware.

Although we don’t all receive the same number of emails every day, the hours lost to filtering them out adds up.

If one of your employees gets 30 external emails a day, they’d get around 30 spam emails each week. That would work out to around 5 hours each year wasted on sorting through and deleting them.

For an employee who gets up to 60 emails a day, it would be an average of 11 hours a year wasted.

And for someone who gets more than 100 emails each day, you’re looking at around 80 hours of productivity lost to filtering emails each year.

Now add that up for each one of your team and you could be looking at a big number.

Not only that, but since a proportion of these emails will be phishing attempts (that’s where the sender wants you to take an action that will secretly give them access to sensitive data), it’s also a big risk to your data security too.

Of course, there are a few things you can do to cut down the time spent on dealing with spam emails. The first is to make use of the spam and junk email filters available from your email service.

You may also consider bringing in dedicated anti-spam and anti-phishing tools.

Finally, you can make your people aware of the risks of spam, how to spot spam emails, and the best way to deal with it to save time and minimise the risk of malware or a data breach.

If that kind of training is something you’d like some help with, get in touch.

Download our latest business guide here!  

At last! Google Chrome’s going to block disruptive notifications

When you’re browsing it can feel like you’re being bombarded with things other people want you to see.

Not only do we have to click on permissions for cookies and tracking, but now a lot of websites ask for our permission to send us notifications.

And while many of these notifications are harmless – news updates, latest recipes, product releases – sometimes they can be outright spam.

It’s distracting, it’s making us less productive at work, and it’s just really annoying.

It’s called ‘notification spam’ and it’s becoming a problem. In fact, Google says it’s one of the top complaint reports from people using its Chrome browser.

So now the tech giant has decided to do more about it.

Back in October 2020, Google first acted on harmful notifications by exposing websites that misled people into giving permission. It created its own prompts to warn people the website may have malicious intent.

Now, Google intends to take things a step further if it feels the website is ‘abusive’ or ‘disruptive’. It’ll revoke a website’s permission to send notifications, and even block attempts to request permission.

Even if you’ve accidentally allowed a malicious site to send notifications, Chrome will be able to step in and block the alerts.

While it’s not yet clear how Google will define websites as ‘abusive’ or ‘disruptive’, it feels like a good move towards reducing the amount of spam we’re exposed to.

Google has explained that this new feature works to strengthen its ‘Developer Terms of Service’ that pledge not to use the company’s API to send any form of spam. It shouldn’t affect the majority of websites, but instead should go some way to keeping your Chrome notifications spam-free.

Development on Chrome’s notification spam block protection has only just started, so we don’t yet have a release date for the new feature.

As always, if you’d like any further advice on protecting yourself from spam and other productivity killers, get in touch.

Download our latest business guide here!

Is your business making these cyber security mistakes?

                                                   

It feels like every day we’re being warned about a new threat to our cyber security, doesn’t it?

That’s for good reason. Last year, ransomware attacks alone affected 73% of UK businesses.

And the cost of cyber-crime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’.

But we’re still seeing far too many businesses that aren’t taking this threat seriously.

It’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of £££.

And at the same time you’ll suffer an average of 21 days downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about.

That’s not to mention the loss of trust your clients have in you, which could lead to you losing their custom.

It’s really important that your business is taking appropriate steps to keep your data safe and secure.

That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business.

This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make.

Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.

You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster.

But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?

This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.

If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place.

And will be back on their feet faster if the worst does happen.

You should also have an up-to-date plan in place that details what to do, should an attack happen.

This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

Call us, and we’ll review your current security arrangements.

  Download our latest business guide here!   

Most ransomware victims would pay up if attacked again

Ransomware is one
of the fastest growing cyber-crimes in the world

Last year, 37% of businesses
were victim to an attack.

In case you didn’t
know, a ransomware attack is where cyber criminals infiltrate your network (or
device) and steal your data by encrypting it. The data is still there, but you
can’t access it.

Then they demand
you pay a large ransom fee for the encryption key.

If you don’t pay
the demand (which can be tens or even hundreds of thousands of pounds), they
delete your data.

It’s not just the
cost of the ransom fee to worry about. There’s the stress, reputational damage
and downtime that goes with it. In 2021, the average downtime suffered after a
ransomware attack was 22 days.

Official advice is
not to pay any ransomware demands.

However, a new
survey has shown that a massive 97% of business leaders who’ve experienced a
ransomware attack in the past would pay up quickly if they were attacked again

A third of them
would pay instantly.

What does that tell
you about what a nightmare the whole thing is for any business?

The other problem
is, when you pay a ransomware demand, it’s not guaranteed that you’ll get your
data back. On average, only 65% of data is restored once a fee is paid.

You may face
further extortion. And by letting cyber criminals know that your business pays
ransom fees, it’s likely that you’ll face subsequent attacks in the future.

So what’s the best
way to deal with ransomware?

First, you should
put in place the right security measures to try to prevent an attack:

·        
Educate your people on cyber security
and best practice

·        
Implement multi-factor authorisation
across all your applications

·        
Use a password manager

·        
Make sure all updates are installed quickly

·        
And you should always have a working
backup in place – ideally one where older data is retained and cannot be changed

It’s also a great
idea to have a response and recovery plan that details what you will do in the
event of a ransomware attack.

Not only will it
mean your business can respond faster, but it should reduce the amount of
downtime suffered as you’ve already considered exactly what needs to happen.

This is what we do.
We help businesses increase their cyber security to reduce their chances of
being affected. Let’s talk.

Watch our weekly tech update video for more WEEKLY TECH UPDATE VIDEO

The business owner’s briefing: Reduce the burden on your brain

Focus more, be interrupted less… and get stuff done

When you’re a business owner or manager, you have a lot of
responsibilities. There are also many people who want to speak to you throughout your working day.

Unfortunately, that means that you may be interrupted more
often than you’d like. And you have to split your focus on things you’d rather give your full
attention to.

It can be a big frustration.

Many business owners and managers feel this way. You are not alone!

Download our latest business guide here

Russian cyber-attack threat: How to protect your business

The ongoing Russian invasion of Ukraine has led to a sharp rise in cyber-attacks.

And while many of the attacks are between these two countries, there is very real potential for
other countries to fall victim to cyber-attacks by Russia, thanks to the
sanctions placed upon it.

Over in the US, President Joe Biden declared the government had been improving national cyber security defences for some time now.

They’re focusing on the infrastructure to make sure that water, electricity and oil pipeline
services aren’t at increased risk of attack.

Some very sensible cyber security advice has also been issued. There are a series of actions that
businesses should be taking immediately to protect themselves against
cyber-attacks, and other data security risks.

To start with look at implementing multi-factor authentication. This is where you generate a login code on another device, to prove it’s really you logging in.

Data backups should also be checked on a regular basis. Ideally there should be a copy of data that cannot be changed during a cyber-attack.

All data should also be encrypted, meaning it would have no value and be unusable if anyone did manage to access it.

It’s also a good idea to have an emergency plan ready to go that will help mitigate any attack
quickly and effectively.

Businesses are also being advised to give their staff training to help them spot and avoid the
common tactics used by cyber criminals.

These include phishing attacks where they send an email pretending to be someone else. And spoof login web pages, where they hope you will enter real login details in error.

If you have an IT support partner already, speak with them to make sure all of your systems are fully up-to-date and patched as necessary.

They can also help you to audit how well you’re performing with the items above, and get a plan in place to help you respond to an attack or attempted attack.

If you don’t have an IT support partner – or you feel your current one isn’t able to help you
with your data security, we can help. Call us.