Softlink Solutions Ltd

19/03/2019

What Takes Place Every Day, Can Happen To Any-One And Throughout The World?

…Email hacking and it’s one of the most common forms of cyber-attacks today.

The rate of cyber-attacks is increasing and happening to businesses of all sizes. Our goal is to protect businesses against these attacks, which can be difficult if the employees are not properly trained to identify potential threats. I’ve spoken previously about Security Awareness Training in some depth, but you can use this ‘at a glance’ list of seven red flags to look out for:

1. “From” Line
The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but, it could be a spoof. A quick example of this could be:

Real Email: [email protected]
Spoofed Email: [email protected]

There is a double ‘l’ in the spoofed email instead of an ‘i’, therefore at a quick glance it appears legitimate, but the domain is not correct.

2. “To” Line
If there are lots of names in the ‘To’ line, or your email address is being ‘cc’ on an email you are not expecting, that should be a red flag

3. Hyperlinks
This to some extent, is an easier one to spot. Most of us are cautious of clicking on an embedded link within an email unless we are sure it is from a trusted source. To be sure, before you click on a link, hover over it with your mouse to see the destination URL. If the URL has no relevance to what the email says, don’t click on the hyperlink. If you still think the email was from a trusted source, call the person who sent the email to be sure it actually came from them.

4. Time
You come into work, and first thing most of us have to do is check our emails. If your inbox is like mine I have quite a few, but before opening or clicking on an email look at the time you received it. Is this a normal time to receive an email from this person or company? If not, this is an indication of a potentially spoofed email.

Phishing attempts typically increase around public holiday’s, or end of a tax year when financial information is being shared or online shopping sees a surge.

5. Attachments
As a rule of thumb, do not open attachments that you are not expecting. Ask yourself, does this sender usually send you attachments? Another red flag is if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls.

6. Subject
If the subject line seems suspicious, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant to the email content, which can be another red flag.

7. Content
Hackers want to instil fear to prompt an action from you, like your Google email account has been compromised and you need to change a password or update some information. Also, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.

To summarise:

never click on links
download files
or transfer money
…unless you are sure the email is legitimate.

If you haven’t before, you must take email hacking seriously. Having proper spam filters and firewalls installed are vital, but lack of employee education is what makes it difficult to properly secure an environment.

Speak to us about our Security Awareness Training or visit https://softlinksolutions.co.uk/it-support-essex/ to help you keep your employees alert and vigilant at all times. 0845 094 0010.

06/03/2019

Could your Cyber-Insurance be flawed?

Mactavish, the UK’s leading expert on insurance governance has been operating in the commercial insurance sector for over 15 years.

Building on their knowledge they gained in 2018, they have launched a new Cyber Risk Consulting Practice who can negotiate bespoke insurance cover. Why is this important? Mactavish warn that most ‘off-the-shelf’ cyber insurance policies have serious flaws.

When carrying out an analysis of market-leading ‘standard’ cyber insurance wordings, they found at least 8 common flaws :

1. Cover can be limited to events trigger by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions.
2. Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice).
3. Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted.
4. Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded.
5. Exclusions for software in development or systems being tolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems.
6.Where contractors cause issues (e.g. data breach) but the business is legally responsible, policies will sometimes not respond.
7.Notification requirements are often complex and onerous.
8. During a cyber incident, businesses often have no freedom to choose their IT, PR or legal specialist, as the policy only covers insurer appointed advisers
If you’d like to read more you can download Mactavish Cyber Risk & Insurance Report for free:
https://mactavishgroup.com/services/research/cyber-risk-insurance-report/

To find out more information on how we can help protect your company at https://www.softlinksolutions.co.uk/business-it-support-london/ or call us on 0845 094 0010. You can also download our Cyber-security Tips for Employees e-book from our website which covers mobile security, email use, password management and more!

27/02/2019

Most of you have probably already read about the latest horrifying challenge and I thought it might be helpful to post this useful guide from National Online Safety.

Download and share MOMO-Online-Safety-Guide-for-Parents-FEB-2019.pdf uploaded by (Softlink Solutions) and hosted by Ow.ly

29/01/2019

7 Reasons Why Security Awareness Training is Important

A fantastic article I read recently, published by cybsafe.com sums up brilliantly why companies should be prioritising SAT (Security Awareness Training).
In 2018 data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted for anywhere between 60% and 90% of those breaches.
Those facts alone are usually enough to convince people security awareness training is important.
Usually….

A survey CybSafe carried out found that around 31% of businesses are without SAT whatsoever, while a recent UK Government survey found UK businesses introduced fewer new SAT measures than they did in 2017. Crazy!

“Businesses are less likely to have implemented extra staff awareness or training measures than in the 2017 survey (18% versus 28%), despite human error or staff awareness continuing to be among the most common factors contributing to the most disruptive breach.” Department for Digital, Culture, Media & Sport Cyber Security Breaches Survey 2018

As a Managed Service Provider, we can only advise our Client base of the benefits of why they need to introduce SAT. It’s not just another product we’re pushing to get them to spend more money – SAT provides more value than monetary terms. Don’t just take our word for it, here are 7 reasons why SAT is still so important today according to CybSafe:

1. To prevent breaches and attacks
Starting with the most obvious, security awareness training helps prevent breaches.

The precise number of breaches security awareness training prevents is difficult to quantify. In an ideal world, we’d be able to run a controlled trial in which the exact same people working for the exact same company were divided into two groups: a control and a test group. The latter would be given training, the former would not. The two could then be compared.

Such a situation is an impossibility – but that doesn’t mean advanced security awareness training providers are unable to demonstrate the ROI of security awareness software. Although an imperfect measure, it’s possible to measure the incidence and prevalence of breaches pre- and post-awareness campaigns and use the resulting metrics to glean an indication of ROI. The metric might not be ideal, but considering the average costs of a data breach now run into the multi-millions, and considering security awareness training is relatively inexpensive, it certainly doesn’t take much for serious returns.

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should consider mobile device management (MDM) for your users.

2. To influence company culture
A culture of security has long been seen as the holy grail for chief information security officers (CISOs). Equally, such a culture is seen as notoriously difficult to achieve.

With the aid of security awareness training, some are heading in the right direction.

At least some of today’s security awareness training platforms acknowledge the value of a secure culture – and attempt to measure it from the outset. The same metrics are then monitored as time goes on.

By keeping an eye on indicators of culture, advanced security awareness training platforms can actually help security professionals monitor, nurture and develop a culture of security – making their people a proactive defence.

3. To make technological defences more robust
Technological defences are, clearly, a valuable weapon in preventing breaches. But technological defences require input from people. Firewalls need to be turned on. Security warnings need to be acknowledged. Software needs to be updated.

Few businesses today would dream of operating without technological defences. And yet, without security awareness training, technological defences are not used to their full potential.

To make matters worse, attackers today rarely bother attempting to pe*****te businesses through purely technological means. Today’s attackers typically prefer to target people, who are often seen as an easy way in to protected networks.

4. To win more customers
Security awareness training helps people win more high-profile contracts.

This isn’t conjecture. During CybSafe’s recent survey of 250 IT decision makers, more than half said a business customer had made cyber security precautions part of either an existing contract or part of the RFP process in order to win the contract. More than two thirds said at least one customer had required the achievement of a recognised cyber security standard.

While security awareness training might seem unimportant to some, it’s often far from unimportant to some business customers.

5. For compliance
To be clear, compliance alone is no reason to introduce security awareness training. As we’ve highlighted before, those who introduce training solely to comply with regulations are probably heading for trouble.

But more and more regulators are demanding specific industries implement security awareness training.

“Over the next year, we will strengthen our supervisory assessments of the highest impact firms to better understand their current and planned use of technology, resilience to cyber-attacks and staff expertise. We will also review how governance, strategy, systems architecture, risk management and culture contribute to firms’ data security.”

CybSafe partner, the Financial Conduct Authority, on shaping future policies

Compliance can be a happy offshoot of security awareness training. Those who introduce it become more secure and, in many industries, meet a regulatory requirement.

6. To behave in a socially responsible manner
As WannaCry and NotPetya have recently demonstrated, cyber attacks spread at unprecedented speeds. The more networks that become infected, the more at-risk other networks become.

Equally, thanks to connected networks, a decrease in individual network security increases the overall threat landscape for others.

The absence of security awareness training in one organisation makes other organisations vulnerable. It’s a little like leaving your house door unlocked – with the keys to next door waiting inside.

Security awareness training doesn’t just benefit you. It benefits your customers, your suppliers and everyone else interlinked with your network.

7. For employee wellbeing
It’s well-documented that happy people are productive people – hence employee welfare schemes, company away days and a large part of any given HR department’s focus. So it’s worth remembering: security awareness training doesn’t just keep people safe at work. It keeps them safe in their personal life, too.

For the most part, this particular benefit remains unseen. If security awareness training does what it’s supposed to do, it isn’t just an employer benefit. It’s an employee benefit, too.

To find out more information on how we can help protect your company and provide you with SAT please visit here https://softlinksolutions.co.uk/business-it-support-london/ or call us on 0845 094 0010. You can also download our Cyber-security Tips for Employees e-book (https://softlinksolutions.co.uk/cybersecuritytipsforemployees/) which covers mobile security, email use, password management and more!

10/01/2019

We live a mobile lifestyle. Our mobile devices keep us connected, and we can do anything from our mobile devices - from anywhere in the world. Online banking, hotel reservations, email – all can be accessed with a tap of the finger.

If you forget your phone at a restaurant, at work, or at the pub – how confident are you that nobody else can access your information?

While browsing the Internet, how confident are you that your information is only being viewed by you?

Follow these steps for a confidence boost in your mobile security:

1. Set a pin or passcode
This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should consider mobile device management (MDM) for your users.

2. Remote locate and wipe tools
There are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.

3. Keep your device clean
Utilising an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer—they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device.

In the end, the number one security measure on your mobile device is you. Be proactive. Protect yourself and your information using the steps above!

To find out more information on how we can help protect your users mobiles please visit https://softlinksolutions.co.uk/business-it-support-london/ or call us on 0845 094 0040. You can also download our Cyber-security Tips for Employees e-book (https://softlinksolutions.co.uk/cybersecuritytipsforemployees/)which covers mobile security, email use, password management and more!

01/01/2019

Wishing our Customers and Suppliers a very happy and prosperous New Year. Looking forward to working with you all in 2019.

20/12/2018

20/12/2018

Cyber Security will still continue to be a major concern not only in 2019, but going into 2020, and 2021 etc…

Working closely with our Partners, we know that we need to be offering a robust and advanced cyber security solution. Frighteningly, more than 60% of small and medium sized business will suffer from cyber attacks every year and that volume is only going to increase. The complexity and damages resulting from these attacks are also on the rise. This leads to a couple of disruptive realisations that SMB’s must act on:

- It has never been more difficult to effectively protect SMB’s from cyber attacks.
- Businesses need to opt for the full security package (including for example, continuous Security Awareness Training for employees, DNS Filtering etc..)
Assessing what is the businesses acceptable risk

Softlink Solutions can offer a comprehensive cyber security solution to tackle the security concerns for Clients of any size or type. From assessment and reporting options, to protection and remediation, to advanced SIEM and SOC (Security Operations Centre) services, we can build you a package that protects you from Cyber Threats as effectively as possible.

Please follow this link https://softlinksolutions.co.uk/cybersecuritytipsforemployees/ to download our latest e-Book on Cyber Security Tips for Employees, or call us on 0845 094 0040 to see how we can help keep your business safe. Alternatively visit https://softlinksolutions.co.uk/business-it-support-london/

03/12/2018

Recent data from anti-phishing company PhishLabs shows that 49% of all phishing websites in the third quarter of 2018 bore the padlock security icon next to the phishing website domain name in the browser bar.

Once upon a time this use to be a sure sign that you were visiting a legitimate site. This is not the case anymore.

A great example found by Krebsonsecurity on a site called phishtank.com (for phishing sites that use SSL), found this cleverly crafted page that attempts to phish credentials from users of Bibox. Can you spot what's wrong about the web address? The green lock is there, but all is not as it seems.

If you look carefully at the URL in the address bar, you'll notice a squiggly mark over the 'i' in Bibox. This particular website takes advantages of internationalised domain names (IDNs) to introduce visual confusion. As a result, these discrepancies can be very difficult to spot.

To keep in touch with more tips and recent news that can affect your business, be sure to follow us on Facebook and Twitter or visit our website https://softlinksolutions.co.uk/it-support-essex/

29/11/2018

Train your employees continually to recognise phishing

I’ve spoken many times about what to look out for to avoid being ‘phished’. Importantly, this time of year you need to be extra vigilant, and this is just a little reminder what you and your employees can do as the first line of defence to help protect your business from phishing emails.

1. What is Phishing?
Phishing is a type of fraud whereby a hacker attempts to gather personal information. They do this by impersonating a legitimate source or by sending users to a malicious web site.

2. The sender of that email may look legitimate.
Your employees should never trust an email based simply on the suggested source e.g your bank or your company. Therefore, always certainly be on your guard.

3. Subject lines are used to lure people in.
Cyber criminals will do whatever it takes to get people open their emails. As a result they will often use particular language in subject lines that urge immediate action therefore evoking a sense of urgency and panic, or maybe curiosity e.g. ‘You must read this email now or your account will be blocked’ or ‘We are giving away 100 i-phones to the first 100 people’.

4. Impersonal greetings are a red flag.
Phishing emails are often sent to many people at once, therefore they usually lack personal greetings. Furthermore, your employees should be cautious of terms like ‘customer’ or ’employee’ especially if the email is asking for personal information.

5. It;s important to notice grammatical and stylistic errors.
Above all employees need to read their emails carefully but if they haven’t got the time to read to do this advise them to leave it for when they do. Many phishing attacks come from other countries, this results in an abundance of grammar and stylistic errors. Therefore, if an email from a supposedly reputable company has spelling and grammar issues, it is probably a scam.

6. It is important to check the link destination within the emails and the sender address.
Make sure your employees hover over all links in the email before clicking them. Likewise, it is also good practice to hover over the senders address to see if that looks legitimate. Websites that end in alternative domain names to .co.uk, .com or .org you should to be cautious of.

7. Emails demanding “immediate action” are probably scams.
Potential email scams can have an aggressive tone or claim that immediate action must be taken. Consequently, this technique is often used to scare people into giving up confidential information.

8. Don’t rely on images or logos.
Almost all mages can be downloaded or easily replicated. Similarly, brand logos and trademarks are no guarantee that an email is real. In addition, anti-virus badges can also be inserted into emails to persuade victims into thinking there is no real threat. None of these add any actual legitimacy to an email.

Finally, the security landscape is constantly changing, and as such employees need to be continuously trained and kept on their toes. Furthermore, increased investment in employee training can reduce the risk of a cyber attacked 45 to 70 percent.

To find out more information on how we can provide continuous Security Awareness Training for your business please read more at https://softlinksolutions.co.uk/it-support-essex/ or call 0845 094 0010.

28/11/2018

New 5.0-star Review: "Always great service."

25/11/2018

New 5.0-star Review: "Excellent service. Very helpful and friendly. Have been using Softlink for many years!"