Remote and hybrid working is now the norm for a lot of people.

But a recent survey has found that, despite it being more than two years since many of us were forced to work from home, too many businesses still don’t have the right cyber security measures in place for those away from the office.

The survey was originally intended to learn about spending plans from now into next year. However, the results highlighted just how few businesses have the right cyber security protections.

And it’s a worry.

Since the beginning of the pandemic, cyber security incidents – like malware, ransomware, and data breaches – have risen sharply. Cyber criminals began by taking advantage of the panic, and have since developed increasingly sophisticated tactics.

It’s costing businesses around the world billions, plus causing excessive downtime.

While the survey did show that around two thirds of businesses have good web security measures in place, like malware filters, some of the results were more disappointing.

Just 50% of companies have cloud-based cyber security systems in place right now (although 15% are exploring their options).

Cloud security gives businesses multiple layers of protection across their network and infrastructure that helps to keep data better protected against breaches or attacks.

Not only is it a good defence, but it also identifies threats before they become an issue.

The survey also highlighted that 10% of businesses plan to implement access management, which ensures only the right people can access the right systems.

A further 9% intend to prioritise VPNs (Virtual Private Networks) to allow secure network access for remote workers.

They’re also looking at zero-trust solutions where your network assumes every device or connection is a threat, until proven otherwise.

Of course, our advice is that you should already have these security solutions in place – especially if you have remote or hybrid workers.

If not, this is something to take action on quickly. All you need to do is pick up the phone or send us an email. We can help.

  Download our latest business guide here!   

It’s likely a lot of the applications and software tools you’re using now are different from the ones your business used before the pandemic.

That’s because we’ve all had to make big adjustments to the way we communicate and collaborate.

And to begin with, it may have been hit and miss. It’s possible in the first few weeks and months that your employees had to use whatever tools they had available to them.

Now that we’ve settled into permanent new ways of working, we can pick the software tools that best suit our businesses.

Unfortunately, your employees might not like your choice of which apps should be used within the company. And some of them may continue to use the ones they prefer, despite the security risk that comes with that.

A recent survey found a massive 92% of employees want more control over the software, collaboration tools, and applications they use. And 51% continue to use apps that have been banned by IT departments.

It’s putting business owners in a difficult position.

Blocking apps and software may lead to employees feeling untrusted. This can lead to frustration and lack of motivation. It can really have a negative impact on your business.

But ignoring the issue can be just as bad. Unvetted apps can be a big security risk, leaving your data open to theft and your systems vulnerable to malware.

So what’s the answer?

We’d always suggest having open conversations with your people. It’s a good idea to invite feedback on the software you want to use. After all, your people are the ones using it day-in, day-out.

Take their suggestions on alternatives if the consensus is you’re using the wrong solutions and commit to looking into their viability.

It’s also a very good idea to make sure your people fully understand the risks that come with using unapproved apps, and the impact that can have on a business.

Even in cases where your team are all sticking to approved tools, keeping them educated on the latest cyber security initiatives is a smart move.

Can we help you find the most suitable communication and productivity tools for your business? We’ve helped lots of business owners do this. Get in touch.

  Download our latest business guide here!  

Microsoft’s decided to retire and rework an AI tool that could not only recognise our facial features, but also identify our mood.

Azure Face is an emotion recognition tool. These are highly criticised by experts who believe they violate human rights.

Microsoft has just published the updated version of its Responsible AI Standard.

It wants AI to be a positive force in the world, and says it recognised Azure Face has the potential to be misused.

It seems like it’s not goodbye for good for the AI facial recognition technology though. Although the public won’t be able to access it, Microsoft sees the value of controlled access for specific needs, such as assistance for the visually impaired.

One thing that has been cut is the AI’s ability to recognise individuals based on their gender, age, hair, and even facial expression. The concern is that the feature could be used by cyber criminals to impersonate individuals and commit fraud.

On top of the Azure Face change, Microsoft’s also limiting which businesses can access its Custom Neural Voice service. This is a text to speech app that’s said to be very lifelike.

In other related news, it’s not the only new step that Microsoft is taking right now to help protect us from fraud and threats.

It’s also adding new features to its email service in Microsoft 365, that improve how something called Tenant Allow Block List works.

Previously, this was a feature that allowed people to block contacts. If a blocked contact tried to email you, the email wouldn’t reach you.

Now, Microsoft is previewing an additional control which also allows you to stop emails being sent to these blocked contacts, too.

It means the threat of being caught out by a phishing scam is reduced, giving you another layer of security as part and parcel of your Microsoft 365 subscription.

With phishing scams becoming increasingly more dangerous, it’s not a moment too soon in our view.

The feature should go into preview soon, and is expected to be available by the end of the month. In the meantime, if you’re concerned about your business’s email security, get in touch.

  Download our latest business guide here!

It’s no secret that some applications are a little too interested in us and what we’re doing.

We’ve all had this experience. You might be talking to a friend about a new product that you’d like to try. Or perhaps you’ve discussed somewhere you’d like to visit.

Then the next time you go online you see adverts for the exact things you were talking about.

It’s more than a coincidence, surely???

Until recently, we haven’t had a lot of control over what information our apps are gathering about us.

Android and iOS first stepped up to give us more power over our online privacy. We were given the ability to control which apps could access our data, and sensitive things like our camera and microphone.

But while it’s easy to think of this only being an issue with phones… laptops have the same problems.

So here’s some great news. Microsoft’s testing a new feature in Windows 11 to put the power back in our hands.

It’s currently testing a new feature – called Privacy Auditing – which allows you to see which applications have been accessing sensitive hardware, like your webcam and microphone.

You’ll also be able to see if your screenshots, messages, and even your contacts and location data have been accessed. And there’s a log of which apps accessed this info, and when.

When launched, the feature will be available in your Privacy & Security menu, under App Permissions.

There you’ll be able to see a full list of what’s been accessed, by which app, and when. It should become your first port of call if you suspect any suspicious activity is taking place on your device.

When the feature is released, it will be a great tool to check periodically to help you avoid malicious activity and to make sure your sensitive data remains in the right hands.

In the meantime, if you’d like someone to look over the data permissions on your business’s devices, get in touch.

  Download our latest business guide here!

Spam emails. Everyone hates them.

It’s not just the emotional pain of clearing spam from your inbox. Having to do that is a real productivity killer, too.

A recent report found that each one of your employees could be losing up to 80 hours each year, thanks to filtering and deleting spam emails.

That’s a LOT of lost productivity.

Anywhere between 45% and 85% of emails generated each day are spam emails. And worryingly, that also includes malicious emails and those hoping to infect you with malware.

Although we don’t all receive the same number of emails every day, the hours lost to filtering them out adds up.

If one of your employees gets 30 external emails a day, they’d get around 30 spam emails each week. That would work out to around 5 hours each year wasted on sorting through and deleting them.

For an employee who gets up to 60 emails a day, it would be an average of 11 hours a year wasted.

And for someone who gets more than 100 emails each day, you’re looking at around 80 hours of productivity lost to filtering emails each year.

Now add that up for each one of your team and you could be looking at a big number.

Not only that, but since a proportion of these emails will be phishing attempts (that’s where the sender wants you to take an action that will secretly give them access to sensitive data), it’s also a big risk to your data security too.

Of course, there are a few things you can do to cut down the time spent on dealing with spam emails. The first is to make use of the spam and junk email filters available from your email service.

You may also consider bringing in dedicated anti-spam and anti-phishing tools.

Finally, you can make your people aware of the risks of spam, how to spot spam emails, and the best way to deal with it to save time and minimise the risk of malware or a data breach.

If that kind of training is something you’d like some help with, get in touch.

Download our latest business guide here!  

When you’re browsing it can feel like you’re being bombarded with things other people want you to see.

Not only do we have to click on permissions for cookies and tracking, but now a lot of websites ask for our permission to send us notifications.

And while many of these notifications are harmless – news updates, latest recipes, product releases – sometimes they can be outright spam.

It’s distracting, it’s making us less productive at work, and it’s just really annoying.

It’s called ‘notification spam’ and it’s becoming a problem. In fact, Google says it’s one of the top complaint reports from people using its Chrome browser.

So now the tech giant has decided to do more about it.

Back in October 2020, Google first acted on harmful notifications by exposing websites that misled people into giving permission. It created its own prompts to warn people the website may have malicious intent.

Now, Google intends to take things a step further if it feels the website is ‘abusive’ or ‘disruptive’. It’ll revoke a website’s permission to send notifications, and even block attempts to request permission.

Even if you’ve accidentally allowed a malicious site to send notifications, Chrome will be able to step in and block the alerts.

While it’s not yet clear how Google will define websites as ‘abusive’ or ‘disruptive’, it feels like a good move towards reducing the amount of spam we’re exposed to.

Google has explained that this new feature works to strengthen its ‘Developer Terms of Service’ that pledge not to use the company’s API to send any form of spam. It shouldn’t affect the majority of websites, but instead should go some way to keeping your Chrome notifications spam-free.

Development on Chrome’s notification spam block protection has only just started, so we don’t yet have a release date for the new feature.

As always, if you’d like any further advice on protecting yourself from spam and other productivity killers, get in touch.

Download our latest business guide here!

It feels like every day we’re being warned about a new threat to our cyber security, doesn’t it?

That’s for good reason. Last year, ransomware attacks alone affected 73% of UK businesses.

And the cost of cyber-crime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’.

But we’re still seeing far too many businesses that aren’t taking this threat seriously.

It’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of £££.

And at the same time you’ll suffer an average of 21 days downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about.

That’s not to mention the loss of trust your clients have in you, which could lead to you losing their custom.

It’s really important that your business is taking appropriate steps to keep your data safe and secure.

That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business.

This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make.

Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.

You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster.

But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?

This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.

If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place.

And will be back on their feet faster if the worst does happen.

You should also have an up-to-date plan in place that details what to do, should an attack happen.

This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

Call us, and we’ll review your current security arrangements.

  Download our latest business guide here!   

Ransomware is one
of the fastest growing cyber-crimes in the world

Last year, 37% of businesses
were victim to an attack.

In case you didn’t
know, a ransomware attack is where cyber criminals infiltrate your network (or
device) and steal your data by encrypting it. The data is still there, but you
can’t access it.

Then they demand
you pay a large ransom fee for the encryption key.

If you don’t pay
the demand (which can be tens or even hundreds of thousands of pounds), they
delete your data.

It’s not just the
cost of the ransom fee to worry about. There’s the stress, reputational damage
and downtime that goes with it. In 2021, the average downtime suffered after a
ransomware attack was 22 days.

Official advice is
not to pay any ransomware demands.

However, a new
survey has shown that a massive 97% of business leaders who’ve experienced a
ransomware attack in the past would pay up quickly if they were attacked again

A third of them
would pay instantly.

What does that tell
you about what a nightmare the whole thing is for any business?

The other problem
is, when you pay a ransomware demand, it’s not guaranteed that you’ll get your
data back. On average, only 65% of data is restored once a fee is paid.

You may face
further extortion. And by letting cyber criminals know that your business pays
ransom fees, it’s likely that you’ll face subsequent attacks in the future.

So what’s the best
way to deal with ransomware?

First, you should
put in place the right security measures to try to prevent an attack:

·        
Educate your people on cyber security
and best practice

·        
Implement multi-factor authorisation
across all your applications

·        
Use a password manager

·        
Make sure all updates are installed quickly

·        
And you should always have a working
backup in place – ideally one where older data is retained and cannot be changed

It’s also a great
idea to have a response and recovery plan that details what you will do in the
event of a ransomware attack.

Not only will it
mean your business can respond faster, but it should reduce the amount of
downtime suffered as you’ve already considered exactly what needs to happen.

This is what we do.
We help businesses increase their cyber security to reduce their chances of
being affected. Let’s talk.

Watch our weekly tech update video for more WEEKLY TECH UPDATE VIDEO

Focus more, be interrupted less… and get stuff done

When you’re a business owner or manager, you have a lot of
responsibilities. There are also many people who want to speak to you throughout your working day.

Unfortunately, that means that you may be interrupted more
often than you’d like. And you have to split your focus on things you’d rather give your full
attention to.

It can be a big frustration.

Many business owners and managers feel this way. You are not alone!

Download our latest business guide here! 

The ongoing Russian invasion of Ukraine has led to a sharp rise in cyber-attacks.

And while many of the attacks are between these two countries, there is very real potential for
other countries to fall victim to cyber-attacks by Russia, thanks to the
sanctions placed upon it.

Over in the US, President Joe Biden declared the government had been improving national cyber security defences for some time now.

They’re focusing on the infrastructure to make sure that water, electricity and oil pipeline
services aren’t at increased risk of attack.

Some very sensible cyber security advice has also been issued. There are a series of actions that
businesses should be taking immediately to protect themselves against
cyber-attacks, and other data security risks.

To start with look at implementing multi-factor authentication. This is where you generate a login code on another device, to prove it’s really you logging in.

Data backups should also be checked on a regular basis. Ideally there should be a copy of data that cannot be changed during a cyber-attack.

All data should also be encrypted, meaning it would have no value and be unusable if anyone did manage to access it.

It’s also a good idea to have an emergency plan ready to go that will help mitigate any attack
quickly and effectively.

Businesses are also being advised to give their staff training to help them spot and avoid the
common tactics used by cyber criminals.

These include phishing attacks where they send an email pretending to be someone else. And spoof login web pages, where they hope you will enter real login details in error.

If you have an IT support partner already, speak with them to make sure all of your systems are fully up-to-date and patched as necessary.

They can also help you to audit how well you’re performing with the items above, and get a plan in place to help you respond to an attack or attempted attack.

If you don’t have an IT support partner – or you feel your current one isn’t able to help you
with your data security, we can help. Call us.