You might have been hacked, but would you know?

You might have been hacked, but would you know?

Identify and act on cyber threats to your business with Endpoint Detection & Response

 

Learn lessons from cyber-attacks to better defend your business

Businesses are facing well organised and dangerous attackers, including nation states and cyber-criminals that are determined to breach your cyber defences. Attacks are on the rise and, with the random nature by which IT networks are penetrated, it’s becoming an unfortunate inevitability that we will all suffer from an attack at some point, regardless of whether we have been specifically targeted or not.

We shouldn’t have to sit back and suffer… with the extreme rate of attacks taking place, why should we not learn lessons from what’s happened and use those lessons to better improve our defences for next time?

Adapt & better defend yourself with Endpoint Detection & Response

With an Endpoint Detection & Response (EDR) service, you cannot only be actively alerted to attacks taking place, but benefit from intelligent insights that break-down the steps involved to spot patterns & stop the same attack from taking place again.

All credible security vendors that supply & support EDR services will permit their customers access to the global intelligence and remedial protection insights gained globally from deployments of their software across each endpoint device.

What can we do with the insights?

EDR supports targeted attack analytics, which is a holistic approach to attack detection. Making advanced AI and expert threat research available to any organisation that’s a customer of the EDR product.

There is no longer the need to manually correlate scans of your devices, with limited intelligence gained from only your own network. This fragmented approach results in visibility gaps, too many false positives, longer threat dwell times and less precise detection.

With the power of EDR, your outsourced IT partner or internal IT personnel, can be the step-ahead in protecting your business with security awareness otherwise unavailable to them.

How does EDR work?

EDR collects event data across multiple termination point, including end user computers, servers, email and cloud applications, providing a holistic view across the business and a global view based on telemetry from thousands of enterprises.

The security vendor employs data scientists that create analytic applications, which employ the latest artificial intelligence and advanced machine learning techniques to detect suspicious activity. This activity is investigated by their own attack investigation teams, who’s role it is to determine actual attack patterns occurring in your environment and feedback critical updates to your console in real time, with details of the attack actor, the devices impacted by the attack and advice on remedial actions to take to repair & protect further exposure.

 

Want to get the best of cyber security for your business?

At Urban Network, we take a security first approach to everything that we do with technology.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration and initial consultation to explore how exposed your business might actually be.

To book a consultation or to arrange a further discussion, please get in touch via our form here, call 020 7749 6899 or email us hello@urbannetwork.co.uk.

Data backup…your last line of defence in the war against hackers

Data backup…your last line of defence in the war against hackers

Data backup…your last line of defence in the war against hackers

What is the threat to my data?

In the rise of threats to our valuable & private data, cyber-criminals are forever creating new ways to disrupt and defraud our professional and personal lives. One of the cyber threat trends that has seen a sharp increase in activity within recent years is Ransomware.

Ransomware takes its action via the form of malicious software that restricts or removes your access to file data stored on your computer or server. Downloaded from an illegitimate website or arriving on your computer via an email link or attachment, the Ransomware application rapidly installs itself & begins to infect or take control of your file data without the computer user even necessarily being aware an attack has taken place.

Ransomware, as the name suggest, is a means by which hackers can take something belonging to you or your business and hold it to ransom for release upon receiving a monetary payment from you. Although, there’s no guarantee they’ll even release the file upon receiving your payment!

 

Can we stop ourselves becoming a victim?

Although it is critical to ensure you have cyber defences in place, it is almost impossible to ensure that you are 100% protected from the threat of cyber-crime, particularly from the specific threat of Ransomware.

The malicious software used to launch a Ransomware attack is constantly evolving and can take many forms, despite security vendors continually updating their software & threat analysis, there is a strong chance that an innocent action by one of your users will result in their machine becoming infected at some point.

 

What can we do if we’re attacked?

Firstly, make efforts to limit your exposure to attack by ensuring you have cyber defences in place and have conducted awareness training for your team.

But, when you inevitably suffer from an attack, your last line in the defence against cyber-crime is to rely upon secure recovery point from a current, ring-fenced data backup solution.

With a professional-grade backup service, you can benefit from peace of mind that your up-to-date data is stored, securely, in an alternative offsite location and is ready for recovery at a moments notice in the event of loss or corruption to any, or all, of your files or system data.

 

But we already backup data to a disc?

Having a data backup of any kind is a helpful initial step to take in a bid to recover your data in the event of any loss. However! A basic backup to an external disk is by no means a reliable or secure means to achieve true peace of mind with all of your system data.

There are a number of manual elements to a disk backup that limit its effectiveness in a disaster; most critically, the need for a person to take the disk offsite and remember to bring it back again.

In the event of a Ransomware attack, should the disk be connected to the network, it will most likely be infected and render the backup useless. This, twinned with limited means of running effective regularly scheduled backups, results in a data backup to disk being a too restrictive and risky means of recovery in the event of a disaster.

 

What should we do instead?

All businesses should operate with an automated on-site + off-site backup service, confirming to the 3-2-1 backup rule.

3 copies of your data – one active on your server/cloud storage/computers, one local backup copy and one offsite copy.

2 forms of media – varying medium of disk or device used to store the backup copies.

1 copy held offsite.

The service should be managed and monitored daily by your external IT service provider or member of internal IT personnel – with strict urgency placed on taking action in the event of a failure or issue logged from the previous day’s backup.

It all sounds costly, however implementing a professional-grade backup solution doesn’t have to cost the earth; particularly if you factor in the cost and inconvenience of a total, or even partial, loss of data.

Employing these rules within your business can go a long way to ensuring a fast & effective recovery from a disaster, should you suffer the loss or corruption of any data, however large or small.

 

Want to get the best of cyber security for your business?

At Urban Network, we take a security first approach to everything that we do with technology.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration and initial consultation to explore how exposed your business might actually be.

To book a consultation or to arrange a further discussion, please get in touch via our form here, call 020 7749 6899 or email us hello@urbannetwork.co.uk.

Who else knows your username & password?

Who else knows your username & password?

Your details might be all over the Dark Web… what is it?

There are three varying grades of the internet – the ‘Public Web’, surprisingly forming only around 4% of the internet, is what we all use everyday, and includes services like websites and social media platforms. The ‘Deep Web’, representing the largest amount at around 93% of the internet, consists of private servers & systems, such as cloud services and CRM databases. Which leaves around 3% of the internet cordoned off typically for illegal activity. Identified as the ‘Dark Web’, untraceable and difficult to access, it is therefore a prime location for the shared activities between criminals of all kinds.

 

How do my details get there and why?

If a hacker has been able to steal a list of user login credentials from a particular system or service; these private details will have value to other cyber criminals, and therefore are shared and sold with other parties on the Dark Web.

This community want access to your details to penetrate your lifestyle, mimic your actions and, through a number of different means, look to defraud you and those you are connected with.

 

Should I be worried?

If your login credentials, email addresses and passwords, have been exposed and listed on the Dark Web, they will likely be available to anyone & everyone that wants them….

And, far worse; if you typically use the same passwords, email addresses and login IDs across lots of different platforms you access, such as accessing your online banking, social media profiles, email accounts and private photo & data storage; you are incredibly vulnerable to cyber-attack and being defrauded via your entire internet presence.

With access to all of these private services, it is incredibly likely your identity will be stolen and used as a platform to try to defraud those you are connected with via social media and email.

 

But, what can I do?

There are services available that can scan the Dark Web and first & foremost identify whether you are at risk. Such services can maintain a constant look & watch by trawling the data found within the dark web for your personal credentials, such as; email address, or other associated usernames or handles, and then raise an alert if anything of note can be found at any time.

If your details are found, you are then immediately made aware of your position of vulnerability, and critically can take action by at least resetting your passwords and user IDs wherever used.

 

How can I avoid becoming a target?

It is almost impossible to stop yourself from becoming a target; an unfortunate harsh reality we must all accept, is that at some point, our personal data will be stolen from somewhere. Whether that’s through our own lack of cyber security, being the victim of a phishing attack, or, a mistake on someone elses part.

BUT! What’s more far more important is being aware when you’re at risk, and having a process in place to mitigate your exposure both personally, and for your business. By implementing best security practices, such as the setting of secure passwords, ensuring that you regularly change those passwords, differ the passwords & login details across different systems, and lastly, implement cyber security features such as 2-Factor / Multi-Factor Authentication (2FA/MFA).

By enforcing cyber security features, such as 2FA or MFA, you are able to add another hurdle to cyber criminals in the process of accessing web-based data & services, beyond the first-tier of only usernames and passwords. Should your password be obtained elsewhere and that person tries to access a system that you use, you’ll receive notification by text message, phone call, or email, to your device to authorise that login; therefore faulting cyber criminals from getting to your data.

 

Want to get the best of cyber security for your business?

At Urban Network, we take a security first approach to everything that we do with technology.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration and initial consultation to explore how exposed your business might actually be.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 020 7749 6899 or email us hello@urbannetwork.co.uk.

Dark Web Demo

Keeping your data protected… with Office 365 Advanced Threat Protection

Keeping your data protected… with Office 365 Advanced Threat Protection

Keeping your data protected… with Office 365 Advanced Threat Protection

We released a blog back in June 2017, soon after the release of the Advanced Threat Protection (ATP) service within Office 365. As a brief re-cap; in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their optional add-on security service. Filtering emails, with little impact on productivity, ATP is among the strongest of the add-ons suite to 365, which we strongly urge businesses to adopt.

Including key features, such as Safe Links, ATP prevents users from inadvertently clicking on malicious links embedded within phishing emails that are falsely representing themselves from a genuine source, such as a bank, government body or trusted brand name.

Safe Attachments, protects your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.

 

ATP has been around since 2017, so what’s new?

A key feature, which has been added to the service’s Anti-Phishing tools, focuses on Impersonation Detection. ATP has been working to defend against phishing attacks for quite some time, however attacks known as, “spear-phishing” or “whaling”, where criminals impersonate a trusted sender often targeting individuals within a business that may have access to valuable data, are far more difficult to detect.

If the hacker can get their email delivered to their intended target, they are far more likely to be fooled by domain name impersonation. Where two very similar names are used, so similar in fact, that at first glance most users wouldn’t notice anything wrong with the email.

The new Impersonation Detection service works to detect lookalike email addresses and domain names that may be used to trick users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a trusted email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to possible risks.

This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.

 

Could someone impersonate my domain?

Simple answer, yes. It is surprisingly easy for those with relatively basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to steal valuable data, or simply cause disruption & down time.

One particular risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to impersonate your domain, with the one key objective of fooling your own staff.

Recent examples include, a Finance Director’s email account being impersonated – with an accurate mask of the name, full email address, and even his email signature! An email gets sent from this fake account to another member of the Accounts Department, asking them to make payment on a fictitious invoice to a particular bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing mistake.

 

How can I use ATP to protect against this impersonation?

ATP will automatically keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-defined choices) that fall into an untrusted category, perhaps a spoof domain that is very similar to your own (down to simple differences, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team out of harm’s way.

The threat management dashboard contains real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the threats.

Phishing

There is of course the risk that genuine emails may well be filtered out, so you can of course view a list of all of the quarantined emails and choose to take action on them all collectively or by individual email.

Phishing

 

What are the next steps?

If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately! Contact the team to receive support in obtaining and best-configuring the service to sufficiently protect your data, users and livelihoods.

 

Who are Urban Network?

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

Security, without the burden

Security, without the burden

Theft is on the rise!

Thieves are stealing from you… but, no longer are they climbing out of the bedroom window with your television. Today’s cyber criminals want to get access to your valuable & sensitive data, and with some slightly more sophisticated tools at their disposal, they are rather easily stealing your login credentials to get access to such private files & documents.

With businesses continually adopting cloud computing, it is only natural that cyber attackers are following this trend by shifting their focus towards these evolving cloud environments. They’re using their tried and tested methods, such as password guessing and phishing campaigns, to drive these attacks.

As one of the largest cloud communication & collaboration tools today, Microsoft’s Office 365 platform has become a particularly juicy target.

So, there’s most definitely a credible threat, completely regardless of your business size, type or location. But, what can you do about it?

 

Better secure your cloud services in a straight-forward way

Cyber Security tools & practices need not be ludicrously complex or expensive. There are many best practice methods that could be deployed within your business to mitigate the risk of attack & heavily reduce your vulnerability.

Multi-factor authentication (MFA), or often referred to as 2-factor authentication (2FA), is a straight-forward process of adding another user verification step, beyond just a password, to the login process for a system or cloud-based service.

As a simpler end-user friendly security provision, MFA typically triggers a single-use code to the user that must be input into the website/system before the login can complete. The code can be delivered to the user by text message, phone call or via an in-app notification – at the user’s choice.

Should a user receive such a notification without having requested it first, their account is likely vulnerable, and it would be advised to reset their password. Importantly, however, their account remains secure, as without the single-use code the account may not be accessed.

 

But this might be difficult for our users to adopt

The single-use codes may be difficult to rollout to your team without resistance. But there other means you can deploy to achieve the same goal – such as restricting the IP addresses from which user’s may login from, or control which devices may login through a pre-authorised list controlled by Azure Active Directory, are just two examples.

Businesses with the appropriate tier of licensing may be able to use conditional access to enforce the use of MFA within their organisation – giving users no choice but to comply with the more secure process.

 

New Office 365 guidance from Microsoft

Microsoft have recently released new security guidance, (albeit aimed at the public sector – is relevant to all industries), which provides up to date advice on how best to implement Office 365 installations, so that they meet the National Cyber Security Centre’s (NCSC) cloud security principles. We recommend this advice to organisations of all sizes & types.

The guidance covers the use of all Office 365 services. So, the measures suggested will provide you with the confidence that you are safely using newer cloud-only features that cover all of your familiar applications & services.

 

How can I implement this within my business?

Depending on your current licenses and tools you have access to, there may be different options available to you.

At Urban Network, we’re best placed to review, consult with you and configure cyber security best practice.

If you are an existing client of Urban Network, then we will be actively reviewing your cyber protection and providing direct advice to you to keep ahead of this ever-growing threat. If you have any questions, concerns or simply wish to discuss your cyber security options further, please consult your Account Manager.

If you are new to Urban Network, we’d love to help. We take a proactive stance on the review of technology within our client’s businesses – it’s our mission to help you and your business get the best value from technology to drive an efficient & profitable operation.

With such a heavy-reliance on our tech systems these days, protecting the data held within them is important, now more than ever. To receive some guidance & peace of mind, please contact us to schedule a free, no obligation review session to discover your current position & the options open to you.

 

Can I stay ahead?

The cloud tools we use are constantly changing & so are the risks to our data security. It is therefore worth planning to periodically review the configuration of your services and check to see if your vendor or support partner have updated their recommendations.

 

Who are Urban Network?

We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.

Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.

If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.

 

References –

Office 365 security guidance from the National Cyber Security Centre.

Microsoft public sector cloud security guidance.

National Cyber Security Centre cloud security principles.