We'd love to hear from you

If you have an enquiry about our solutions or services then feel free to drop us a line to see how we can help.

News


Cybercriminals Use Green Padlock Icon to Trick Victims

Cybercriminals Use Green Padlock Icon to Trick Victims

  • The green padlock icon has been associated with security for quite some time.
  • Although Google has abandoned it for its Chrome browser, the icon continues to be considered as an indicator of safety.

Criminals are exploiting this belief and branding fraudulent sites with the green padlock icon.

 

What is the green padlock icon?

The green padlock represents that the data exchanged with the website in question is encrypted.

  • Although this represents encryption, the existence of this icon does not mean that every site with this icon is secure.
  • Even when you see the icon, it is always a good practice to check the address bar for typos of legitimate websites to check if you’re accessing a phishing site or not.

What is happening?

With criminals looking for new ways to convince victims to click on phishing links, the use of the green padlock icon has shot up.

The availability of free certificate services has made this quite easy, especially during the holiday season when scams are on the high along with sales and promotional emails.

“The bad actors are getting these phishing domains and registering them. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they’re on a legitimate e-commerce site,” say security experts.

How you can stay safe

Companies and individuals must do their part to stay protected from this type of fraud.

  • For individuals, the most basic thing to do would be to avoid clicking on suspicious links, especially those that seem too good to be true.
  • Organizations can add a layer of security by scanning for suspicious domains and filtering them out before the employees have a chance to access them.
  • Researchers also recommend monitoring the behavior of password managers. If they refuse to provide saved credentials for sites, this may be an indication of the site not being legitimate.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://cyware.com/news/cybercriminals-use-green-padlock-icon-to-trick-victims-ba277e9b

 

Password-stealing hacking campaign is targeting governments around the world

Password-stealing hacking campaign is targeting governments around the world

A mysterious new phishing campaign is targeting government departments and related business services around the world in cyberattacks that aim to steal the login credentials from victims.

In total, the phishing attacks have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link that asks for their username and password.

Anyone who enters their login credentials into the spoofed government agency websites will give cyber criminals access to their account.

 

The campaign has been discovered and detailed by cybersecurity researchers at Anomali; but while it’s clear a lot of work has gone into what researchers describe as a ‘persistent’ campaign, it’s unclear who is behind the attacks or what their ultimate motivations are. It could be an effort to conduct corporate espionage.

“It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long-term gain,” Sara Moore, cyber-threat intelligence analyst at Anomali, told ZDNet.

The majority of the attacks focus on government departments, but a small percentage also target procurement and logistics firms related to the targets.

The country in which the largest number of these attacks have been seen is the United States with the U.S. Department of Energy, U.S. Department of Commerce and U.S. Department of Veterans Affairs among those targeted.

Those behind the attacks have been careful to create unique lures for each of their targets, using phishing emails containing a lure document purporting to be related to bidding and procurement activity of the department. In each case, the phishing email is written in the native language of the target department’s country.

For example, a phishing email targeting the U.S. Department of Commerce claims to contain information related to bidding on commercial products and services, with the target encouraged to open a lure document. The document contains an embedded link, which the target is encouraged to click through to – and it’s this that leads to one of the phishing websites.

Like the email and document lures, the phishing website is designed to look like the real one used by the agency or company that’s being targeted. These websites have legitimate names, information and documents used by the target in an effort to appear more authentic and avoid suspicion by the user.

While it isn’t known what sort of cyber-criminal operation is behind the spoofed websites and associated phishing campaigns, the domains are being hosted in Turkey and Romania. However, although that location doesn’t reveal who could be behind the attacks – because the attackers could set up phishing sites from any county in the world and could use any country to host the domains. During Anomali’s investigation, a total of 62 domains and 122 phishing websites were uncovered.

 

Researchers have notified the relevant CERTs (Computer Emergency Response Teams), informing them about the attacks – although it’s currently unknown if the attackers have managed to make away with any stolen credentials.

However, there are things that organisations in all sectors can do in an effort to protect themselves from this campaign or any other phishing attack.

“Organisations should make sure they have access to threat intelligence and research that provides details about the existence of these types of attacks. They should have the ability to integrate intelligence and research into their security infrastructures to enable detection, blocking, and response,” said Moore.

“Security-awareness training that teaches employees how to spot and report suspicious phishing email is also crucial,” she added.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/

 

Avoid ransomware by moving to the cloud, says AWS Public Sector boss

Avoid ransomware by moving to the cloud, says AWS Public Sector boss

 Amazon Web Services (AWS) worldwide public sector vice president Teresa Carlson believes the best place for governments to run their business securely is in the cloud.

Speaking at the AWS Public Sector keynote during AWS re:Invent on Wednesday, Carlson said the world is witnessing an increasingly complex security environment, with cities, states, and home of governments constantly targeted by cybersecurity attacks.

Carlson briefly walked through attacks that have targeted government entities in recent years, such as in Atlanta, which is still recovering from ransomware that crippled the city of Atlanta’s IT network last year, costing officials millions in recovery efforts.

 

“I was just in Johannesburg … the city there had a huge ransomware attack,” she said, noting that while ransom was paid, Johannesburg is still struggling to bring its systems back up.

Carlson also said she met with someone from the education sector recently who said they are getting attacked school by school and are paying in excess of $30,000 in ransom “because they don’t know what else to do”.

“So one of the things we actively talk about with government is a move to the cloud to in order to detect and defend potential cyberattacks,” Carlson said.

“And the good news is that there are some immediate steps you could take right now to protect the organisation, First, to have a viable backup in place for an effective solution to quickly restore.

“All these customers I talk to are running on data centres, unpatched, they talk about having a DR strategy — but guess what, they don’t have that.”

Touching on the City of Atlanta again, Carlson said data was lost and the devastation of this should not be minimised.

“This is an act of terror, this is an act of war,” she said.

“We have to treat this very differently.

“In fact, one of the things that I tell lawmakers is … these are like terrorist attacks. Our organisations, our government, our people, and we have to have laws in place … cloud is a good defender against it.”

There are three things Carlson said will help defend against attacks: Encrypt, backup, and inherit.

 

“All of our services are encrypted by default … and you can also inherit all the security policies and practices and architectures that are available to you,” she said. “Get yourself informed and understand that cloud is a really good way to defend against these … we have to get much more serious.”

Carlson was launching AWS’ new open source government resource catalogue, which aims to arm those in the public sector with standards and best practices for navigating the cloud world.

“The most senior leaders in government didn’t really understand what this whole cloud transformation thing was about … they want a catalogue of government resources,” she said.

Carlson said it will allow governments around the world to share information and best practices, and said AWS wants its customers to contribute to the information repository.

“There are such amazing solutions around the world and we want them to be shared,” she said.

Having used Capital One throughout his keynote on Tuesday as an example of a large company doing good things in the cloud, AWS CEO Andy Jassy was on Wednesday afternoon questioned by media on why he would parade an organisation that suffered a data breach.

“If you look at the major data breaches over the last five years, I think it’s about 26, 25 of them have been on-premises infrastructure,” he said.

“I don’t think this has shaken people’s confidence in any way in the cloud, we continue to see customers full-steam ahead.

“I think when most customers evaluate security posture in the cloud versus on-premises, they mostly come away believing their security posture is better in the cloud.”

Jassy said around eight years ago, security was one of the biggest barriers for government and the enterprise to use cloud, mainly because it was a very different type of technology.

“I would say that today, over the last five years, security has become one of the selling points of people moving to the cloud as they feel like they have stronger security posture in the cloud as they do on premises,” he said.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/avoid-ransomware-by-moving-to-the-cloud-says-aws-public-sector-boss/

 

Attackers Continue to Exploit Outlook Home Page Flaw

Attackers Continue to Exploit Outlook Home Page Flaw

FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.

A 2-year-old vulnerability in Microsoft Outlook continues to cause headaches for companies, as attackers are able to use a specific feature of the program to execute code and persist on previously infected systems, according to an advisory published by cybersecurity services firm FireEye.

The attack, which uses the Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2017-11774) patched in October 2017, abuses the Outlook Home Page feature that allows a customized view to be shown for any e-mail folder. When exploited, the vulnerability allows code to run whenever an Outlook client homepage is opened. 

While the issue was patched, and the vast majority of companies have the update, attackers have been able to circumvent the fix to gain persistence on already-compromised systems, says Matthew McWhirt, senior manager at FireEye.

“We definitely continue to see the Home Page functionality being used by attackers, even though it was patched back in 2017, over two years ago,” he says. “We are also seeing attackers attempting to disable protections that the patch provides by circumventing some controls by modifying the registry on endpoints.”

The alert comes after the United States’ military warned in July that Iranian cyber espionage groups were using the issue as part of their attacks on targets in the United States, Europe, and the Middle East. Two Iranian groups — APT33 and APT34 — have used the attack since June 2018, according to FireEye. APT33, also known Elfin, has attacked industries and government agencies in the United States, Saudi Arabia, and South Korea, focusing the aerospace and oil-and-gas sectors. APT34, also known as Helix Kitten, has focused on financial, government, energy, chemical, and telecommunications targets in the Middle East and has operated since 2014.

Both groups seem to use the Outlook vulnerability as a way to gain persistence on systems that are already compromised. In addition, a recent submission to VirusTotal included an automated version of the attack for working around patched Outlook systems, FireEye stated in its alert.

“APT33 is a heavy user of this technique, and we have also seen APT34 using it as well,” McWhirt says. “I wouldn’t call it an ‘uptick’ — that is not why we are calling this out — but companies may think they are safe because they applied the Outlook patch, and they are not.”

In the automated version, submitted as an Excel file to VirusTotal, the persistence technique aims to modify the WebView registry key with an external URL in a type of cloud storage common to Azure, known as a storage blob, and has a method to “walk through the registry and reverse the … patch,” FireEye stated. Dark Reading could not confirm the existence of the file through a search on the hash provided by FireEye, but the company stated that the file appears to be attributable to an authorized red-team operation.

To foil such attacks, companies should enforce specific values for the registry keys used by the attack, or the use of Group Policy Objects (GPOs) in Windows. In its alert, FireEye listed the complete hardening guidelines that companies can put in place to prevent attackers from bypassing the Outlook patch.

“Without continuous reinforcement of the recommended registry settings for … hardening [against the attack], an attacker can add or revert registry keys for settings that essentially disable the protections provided by the patches,” FireEye warned in the alert.

While the specific attack appears to be industry-generated — with one security company detecting another security company’s exploit — malicious attackers and groups often adopt techniques pioneered by security researchers.

FireEye cautioned organizations to check to ensure that the specified registry changes do not break third-party applications that use the Outlook Home Page functionality. 

Because rolling back the patch’s hardening measures requires “some form of initial access,” the issue is not considered a failure of the patch by Microsoft, according to FireEye’s alert.

“However, the technique is under-reported, no public mitigation guidance is available, and — as a fresh in-the-wild example demonstrates … — initial access and patch overriding can be completely automated,” the alert stated.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.darkreading.com/vulnerabilities—threats/attackers-can-circumvent-outlook-homepage-flaw/d/d-id/1336513

 

44 million Microsoft users reused passwords in the first three months of 2019

44 million Microsoft users reused passwords in the first three months of 2019

The Microsoft threat research team scanned all Microsoft user accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services.

The scan took place between January and March 2019.

Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases.

The scan effectively helped Microsoft identify users who reused the same usernames and passwords across different online accounts.

 

PASSWORD RESETS HAVE ALREADY TAKEN PLACE

The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts.

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side,” Microsoft said.

“On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,” it added.

The OS maker has been a staunch advocate and promoter of multi-factor authentication (MFA) solutions.

Earlier this summer, the company said that enabling an MFA security measure for a Microsoft account blocks 99.9% of all attacks and that MFA bypass attempts are so rare its security team doesn’t even have statistics on this type of threat.

 

DETECTING 100% OF PASSWORD REUSE CASES IS IMPOSSIBLE

Microsoft typically warns against using weak or easy-to-guess passwords when setting up an account, but these warnings don’t cover password reuse scenarios.

This is because users might be using a complex password that would pass Microsoft’s checks, but Microsoft has no way of knowing if the user has reused that password in other places.

Once a third-party service has a security breach, and the user’s password is stolen and leaked online, this inadvertently puts the user’s Microsoft account at risk, despite having a strong password.

Hackers can take the leaked password and use it in an attempt to gain access to the user’s other accounts — such as Microsoft, Google, Facebook, Twitter, etc.. Microsoft calls this a “breach replay attack.”

A 2018 academic research study of 28.8 million user accounts found that password reuse and small modifications to the original password was common among 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

News Source: https://www.zdnet.com/article/44-million-microsoft-users-reused-passwords-in-the-first-three-months-of-2019/

 

Share & Communicate externally with Teams

Share & Communicate externally with Teams

Communicate & Collaborate externally, effortlessly

Microsoft Teams, a cloud-based platform offering a flexible space for collaboration across a substantial number of unique devices, providing a more central approach to communication.

With Teams, you can share, communicate and work externally, (including internally), with clients as well as suppliers, within your personal teams and channels.

Dissimilar to more traditional (perhaps out-dated) applications, Microsoft Teams allows all stakeholders an unparalleled ability to work together & communicate in one place; creating one team, whether they work within your business or not. This creates a more malleable & elastic method for working as a unit, allowing effective and efficient collaboration.

 

All-inclusive

Leave no stone un-turned, Teams has infinite possibilities; Award winning communication and collaboration tools, third-party applications to create an unmatched level of value to your workspace, improving efficiency in offices all over the globe.

Whether it’s individual access or external access you’re after, Teams offers both. Team owners can grant guest access, authorisation to chat, call and access files & resources. External access gives permission for an entire domain, a basic, straightforward technique to link up teams on a much bigger scale.

 

Team up in a safeguarded environment

Enjoy peace of mind with Microsoft Teams, with its safe, shielded environment, work outside the office with ease and minimal difficulty; Engage with members of your team freely, whether they’re next door or down the road, knowing your data & personal information is sheltered and in your complete control.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

Work Together within one application

Work Together within one application

Combine your day to day operations within one application

With a range of tools available to us on our computers these days, it’s difficult to work out what’s the best to use. Few apps are good at more than one job, driving us to juggle copious services to achieve our daily tasks, and worse; everyone has their personal preferences, which means we’re often forced to jump between many applications to achieve the same objective.

Teams is Microsoft’s answer to a single-pane-of-glass application covering a large range of our day to day communication & collaboration requirements. Performing both internally & externally to your business, Teams cuts out the time that is lost in the dark of numerous third-party services, along with the pain & irritation that comes with more traditional team working by older methods, such as email.

 

Stop the continuous back & forth emails

Do away with the ceaseless email chains, being cc’d into emails needlessly, and losing track of the latest file version following multiple versions being passed as attachments between everyone. With Teams, you can merge the conversation.

Every user within Teams, can refer to the “Conversations” pane for that specific group. Just like the feature we’re all acquainted with on social media platforms, users can be tagged, to ensure they are alerted to a point of reference within the conversation appropriate to them. Files, images and videos can all be shared and embedded into the conversation stream. The history can easily be searched through, and importantly all information is viewable on any device in a matter of seconds. Save hours in scanning your Outlook mailbox trying to find that specific conversation from months earlier.

Beyond the chat stream, your users can collaborate on files live – right within the app. Microsoft Office Web Apps are supported within Teams, so you can have several team members, (both internally and externally to your organisation), working on the same document, at the same time. You can actually see your colleagues entering information to the same document right in front of you.

 

You would rather a quick chat over the phone?

Text-based instant message conversations are excellent, but you’d prefer a quick voice chat? No worries, Teams has that covered too. Built from the foundations of Skype, within the very same Teams application, you can access voice & video conferencing between one or multiple users. Calls can be setup on the fly or pre-scheduled – if you use an Outlook calendar, you can create a Teams appointment just like any other calendar entry. The invitation generates a web link button to join the meeting within the details of the Outlook calendar appointment. So, whether you are inviting colleagues, clients or suppliers to a call – with one click, they can join the meeting regardless of whether they are Office 365 or Teams users or not.

Those non-Teams users won’t need to download any software or go through a prolonged setup. They can join the call from their favourite web browser and simply have at least a microphone active on their device.

At the same time of calling, you can be sharing desktop screens or access the same Office file via the cloud and work together as though you’re sat in the same area.

 

Need support?

If you are swimming in a sea of far too many options and are considering consolidating, Teams might well be the best response.

At Urban Network, we take a consultative approach to working with our clients. Unlike most IT providers, we take the time to learn our client’s business, operations and processes; enabling us to better tailor workable technology solutions.

If you are considering migrating to the Cloud, use Office 365 but not to its full extent or need guidance around technology solutions to your operational problems – please get in touch.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase their efficiency.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

Too many options to manage within Microsoft Office 365?

Too many options to manage within Microsoft Office 365?

Perplexed by all the choices in Office 365? Skype, Teams, SharePoint…

Cloud platforms are advancing and so has the range of features and tools available to users within them. As much as they may make many of our lives easy-going, they can also bring a lot of misunderstanding & disorder between a variety of employees.

Giving people access across too many tools and they’ll use them incorrectly or not at all.

Don’t let ‘shadow IT’ tiptoe into your business by letting team members go off and find their own acquainted, often consumer-style products. Why not instead give them a strategy & training on the correct tools that best fit the desires of the business.

 

An understanding into Microsoft Teams

Uniting a long-line of communication and collaboration tools; Team’s is Microsoft’s single-platform response to a variety of business operational desires.

Working from a single ‘pane of glass’, users can access instant messaging, file sharing, calendars, video conferencing, intranet-style information wikis and notes all within one desktop application or online application.

By connecting to the platform, you won’t need to look back on the days of shifting between a host of apps, losing track of your files or sinking under a mountain of emails.

A quite surprising, but totally understandable statistic, is showing Teams to be already outstripping all previous Microsoft products to be their fastest growing platform yet! The simplicity combined with an all-encompassing approach, has secured the crowds looking for a 365-linked substitute to the likes of Slack.

Teams is available on most Office 365 subscriptions at no added cost. Most of the core features are available as normal, however there are further features such as the embedded phone system, which can carry additional fees.

 

Lost in an array of tools and resources?

If you are flooding in a sea of far too many choices and are considering consolidating, Teams might well be the most fitting answer.

At Urban Network, we take a consultative style to working with our clients. Unlike most IT providers, we take the time to learn our client’s business, operations and processes; enabling us to better tailor workable technology solutions.

If you are considering journeying to the Cloud, use Office 365 but not to its full extent or need direction around technology solutions to your operational problems – Please get in touch.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in boosting productivity. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.

If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.

 

4 Reasons why Security Awareness Training is very important

4 Reasons why Security Awareness Training is very important

 Back in 2018 data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted from anywhere between 60% and 90% of them.
Those facts alone are usually enough to convince people security awareness training is very important.
Usually….

As a Managed Service Provider, we can only advise our Client base of the benefits of why they need to introduce Security Awareness Training.

1. To prevent Data breaches and cyber attacks

Starting with the most obvious, security awareness training helps prevent data breaches.

The precise number of breaches security awareness training prevents is difficult to count. In an ideal world, we’d be able to run a controlled trial in which the exact same people working for the exact same company were divided into two groups: a control and a test group. The latter would be given training, the former would not. The two could then be compared to see the difference in knowledge.

Such situation is almost impossible – but that doesn’t mean advanced security awareness training providers are unable to demonstrate the ROI of security awareness software. Although an imperfect measure, it’s possible to measure the incidence and prevalence of breaches pre- and post-awareness campaigns and use the resulting metrics to glean an indication of ROI.

This is your first line of defence. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your pass code or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should consider mobile device management for your users.

2. To influence company culture in security

A culture of security has long been seen as the holy grail for chief information security officers. Equally, such a culture is seen as notoriously difficult to achieve.

With the aid of security awareness training, some are heading in the right direction to gain this credible reputation.

By keeping an eye on indicators of culture, advanced security awareness training platforms can actually help security professionals monitor, nurture and develop a culture of security – making their people a proactive defence.

3. To make technological defences stronger

Technological defences are, clearly, a valuable weapon in preventing breaches. But technological defences require input from people. Firewalls need to be turned onto maximum security. Security warnings need to be acknowledged. Software needs to be constantly updated.

Few businesses today would dream of operating without technological defences. And yet, without security awareness training, technological defences are not used anywhere near their full potential.

To make matters worse, attackers today rarely bother attempting to penetrate businesses through purely technological means. Today’s attackers typically prefer to target people, who are sceptical but suffer from accidental clicking & lack of knowledge.

4. GDPR compliance

To be clear, compliance alone is no reason to introduce security awareness training. Those who introduce training solely to comply with regulations are heading for trouble.

But more and more regulators are demanding specific industries implement security awareness training throughout the entire Business.

Compliance can be a happy offshoot of security awareness training. Those who introduce it become more secure and, in many industries, meet a regulatory requirement to be secure & protected.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

Your servers are full of Data, Cyber Criminals love them.

Your servers are full of Data, Cyber Criminals love them.

P 37% of cyber attacks are discovered directly on servers, making them the most likely place to identify an attack within an organisation. That’s one of the alarming stats taken from a recent survey of 2,700 IT managers around the world.

 

 But why are servers such tempting targets for cyber hackers?

1. Servers are at high value

Servers often contain an organisation’s most valuable data. For example, personally identifiable information (PII) such as employee and customer records could be stolen if they’re not adequately secured (for example, with encryption) on the server.

Regulations, such as the strongly introduced GDPR that protects EU citizens’ data, levy significant fines for non-compliance. Attackers know this and will threaten to release sensitive data if their demands are not met.

2. Server downtime is very costly

Servers are the motherboard of organisations and are critical to their day-to-day functioning. Unexpected downtime can seriously impact productivity by revoking access to important files or communication tools such as Microsoft Teams. Ransomware attacks can cause organisations to grind to a halt unless a costly ransom is paid.

In instances where an organisation is reliant on servers for commercial function downtime can be even more severe.

3. Servers are the perfect staging ground to attack

Servers are usually strongly connected in an organisation’s network. They are also online & running 24/7 all year round, which makes them an ideal platform for launching further attacks and performing reconnaissance looking for weak spots to exploit across the entire network. If you can’t identify a compromised server, the gates to your IT stronghold could be wide open to the elements.

So what can be done in order to secure your organisation’s servers? The answer is in the right combination of advanced protection, visibility with powerful tools like Endpoint Detection and Response (EDR) and server specific features such as File Integrity Monitoring.

With Sophos Sandstorm, you’ll receive a next-gen advanced threat defence. It provides a whole new level of targeted attack protection, visibility & Analysis. IT can quickly & accurately identify evasive threats before they enter your network.

What other solutions miss, Sophos Sandstorm uses powerful, cloud-based, next-generation sandbox technology.

 

We’re Urban Network, we can help save your Business.

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.