Success Stories – Security Solutions for Jackson Stops & Staff with Sophos UTM

Success Stories – Security Solutions for Jackson Stops & Staff with Sophos UTM

Customer at a Glance

Jackson Stops & Staff

Industry

Property Management

Size

Over 150 users across 13 sites

Website

www.jackson-stops.co.uk

Urban Network Customer

Since 2005

Jackson-Stops & Staff are specialists in prime residential property with a national network of over 40 offices.

Towards the end of 2015, the largest consortium of Jackson Stops & Staff began a review of their security systems. The existing hardware solution had been in place for over 5 years and the leadership agreed that a more robust solution was required to address today’s security threats.

With a distributed network, spanning over 13 regional sites within London and South East, and a user base that frequently roams throughout the organisation, security, uptime and resilience were key requirements.

Business Challenge

In the run up to 2016, Jackson-Stops & Staff migrated a number of Line of Business applications out to the Cloud.

This change of business process and how users access applications placed considerable strain on the throughput capabilities of the existing firewalls.

These ageing units were not able to manage, control and secure the growing number of users and traffic that was being generated by them

In addition to this, a number of intrusion attempts to the corporate network highlighted its vulnerability, and the inability of the existing firewalls to provide the level of continuous protection required.

The Solutions

Urban Network proposed an integrated security solution, powered by Sophos, a Magic Quadrant Leader at Gartner for Unified Threat Management. The solution protects customer’s network using multi-layered proven protection technologies including Advanced Threat Protection (ATP), IPS, VPN, email and web filtering.

We experienced no disruption to our daily operations, Urban Network kept us up to date throughout the process; we always knew what was happening and when it was going to happen. Now the project is complete, we are confident that we have better levels of security and greater visibility of the network.

Law Clark

Group Operations Manager, Jackson-Stops & Staff

Business Results

The solution has allowed for the Jackson-Stops & Staff to provide resilience into each site with multiple routes available, keeping productivity of their teams at optimum levels.

Learn More

Read more on how our Security Solutions can protect your business.

Have A Question?

We’re here to help. Contact us and speak with an IT Security Expert who will answer any questions you might have.

Free Network Health Check

Get a Free Network Health Check completely free of charge, and with no obligation attached.

[Infographic] 10 steps for better cyber security

[Infographic] 10 steps for better cyber security

Security breached are costly and rarely a day goes without you seeing a headline about a new data breach. You might wonder how best to keep yourself safe online. One simple advice: reinforcing the basics. Follow these simple steps in the infographic “10 steps for better cyber security” and you’ll be well on your way to protect yourself against the cyber threats.

1. Look for sites that are secure. Try using sites you trust in preference to sites that you’ve never heard of to purchase goods (secure sites use https:// at the start of their address. The S stands for secure)

2. Be wary of any pop-up they could be genuine, but could equally be a compromised site. Use a blocker, or shut them down

3. Keep your system up to date. Run the patches, refresh the Anti-Virus and keep the Operating System (OS) updated

4. Type the URL or address yourself. Don’t just use links, the likelihood of hijacks reduces hugely if you search the site yourself through the address bar

5. Don’t download software from the web unless you are certain of the source, and have carefully evaluated the software, or file

6. Always log out of the site you’re using. Don’t just shut down logged in

7. Don’t store passwords in browsers, and use different passwords for each service you use

8. Change passwords often, it’s a pain but it is a great way to reduce your risk of being a victim of cybercrime

9. Avoid public or free Wi-Fi where possible, they are often compromised, so if you do use them, be sensible and secure

10. Set the highest security on your browser. You can always lower it on occasions that demand it but evaluate the scenario before doing so

Being aware of the types of cyber scams is also the best way to prevent being a victim. Test your knowledge in our 10-question Quiz “Are you the weakest link?” to see your ability to stay safe in today’s tech-driven world.

Download-free-CyberSecurity-eBook-Quick-Guide-to-Today's-Cyber-Threats

[CyberSecurity Blog Series] Create strong password – DOs and DON’Ts

[CyberSecurity Blog Series] Create strong password – DOs and DON’Ts

A strong password is your first defence against hackers and cyber criminals. This month is Cyber Security Awareness Month, we will share simple tips on how to create secure password to protect yourself online.

DO

DON’T

R

Create unique passwords that use a combination of words, numbers, symbols, and both upper and lower case letters.

Q

Avoid using the same password for multiple accounts; one hack exposes many accounts.

R

Passwords need to be changed on a regular basis: every 60 days is OK, but every 30 is better.

Q

Include your personal information (name, birthday) or username in your password

R

Password complexity is good, but the length is key. Increasing password length to 12 characters can increase password security significantly. Tips: turn a sentence into a password, also called a ‘pass phrase’. For example the sentence ‘This is my password & it’s for my eyes only!’ is easier to remember than ‘Syz8#K3!’ and far more secure.

Q

Use easily guessed passwords ie. ‘password’, keyboard patterns such as ‘123456’, ‘qwerty’ or words in the dictionary.

Using stronger passwords won’t keep you secure from all the threats out there, but it’s a good first step. Be safe, not sorry and enjoy all the great technology out there with awareness.

password strength demo

[CyberSecurity Blog Series] How to spot Macro-based Malware attachment

[CyberSecurity Blog Series] How to spot Macro-based Malware attachment

In 2015, we observed an increase of macro-based malware along with the spike in spam volume. The majority of the macro-based attacks often start with spammed messages containing attachments such as Microsoft Word document and Excel files. These messages often use attention-grabbing topics, mostly related to finances, such as remittance and invoices for services.

Macro malware, as we have seen throughout the past year or so, is experiencing a revival of sorts, driven by social engineering. Thought to have been banished in the early 2000s, macro malware is proving to everyone that old threats die hard.

What are macros?

Macros are a set of commands or code that are meant to help automate certain tasks, most often used in software such as Microsoft Excel or Word but recently the bad guys have yet again been utilising this heavily to automate their malware-related tasks as well.

What happens when the user opens an attachment and enables macros?

Most documents that carry macro-based ransomware include some sort of explanation or excuse to encourage you to ‘enable editing’ and change your security settings – often, ironically, under the guise of improving security somehow.

Enabling macros in this instance will have the allow the PC to run the code and download the Ransomware as an EXE (Windows program) file, and run it.

How to spot a bad attachment - Example Office Macro Malware

To combat macro malware, Microsoft built a permission-based step for enabling macros that serves as a double check. Microsoft Office now disables all macros by default, so macros cannot run without the user’s permission.

The most likely outcome for this type of threat is that the malware will attempt to encrypt all data it can access. This type of malware is termed as Ransomware, and will attempt to encrypt all data the PC or users have access to and render it useless. It will then typically change the user’s desktop with a ransom notice requesting payment in order to receive the key enabling you to unencrypt your data.

Security tips

  • Ensure your accounts don’t all have admin rights or access to data they don’t need to have at all times.

  • Disable Macros wherever possible

  • Use great caution when opening attachments, especially when those attachments carry the .doc or .xls extension.

  • Never open unsolicited emails or unexpected attachments—even from known people.

  • Implement a robust patching/update cycles on all IT hardware to keep them patched against known vulnerabilities

  • If you have mail filters, have it block dangerous file types (e.g. zip files)

  • Consider disabling USB ports unless they are essential

  • Backup, image based are the best type, but files if nothing else

[CyberSecurity Blog Series] How to spot fake email

[CyberSecurity Blog Series] How to spot fake email

There are numerous ways to spot a fake email. The list below is not exhaustive but covers most common types of phishing attempts.

The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

You didn’t initiate the action

If you received an email message informing that you have won a contest you did not enter or won the lottery but you never bought a lottery ticket, you can bet that the message is a scam.

The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The message contains a mismatched URL

Check the integrity of any embedded URLs. Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

Paypal Phish Email Example Spot a fake email

The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

hmrc-tax-fake-sms

The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, HMRC or just about any other entity that might scare the average law-abiding citizen.

You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get asked for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.urbannetwork.co.uk would be a child domain of urbannetwork.co.uk because urbannetwork.co.uk appears at the end of the full domain name (on the right-hand side). Conversely, urbannetwork.co.uk.maliciousdomain.com would clearly not have originated from urbannetwork.co.uk because the reference to urbannetwork.co.uk is on the left side of the domain name.

We have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

Alternatively, the scam email may also use a domain name that is very similar to the authentic domain name such as “urbannetwork.co”

The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam.

Page 1 of 3123