Close

0131 510 1234

Archive for category: Business Continuity

Top ten remote working security tips
by

Top ten remote working security tips

Severe snow and icy wind have hit the UK  with devastating effect this week. The adverse weather has made conditions treacherous, forcing schools to close as well as having a negative impact on transport infrastructure. A result of the extreme weather is an increase in people taking advantage of remote working.

Fortunately, at Network ROI, we spend a lot of time and effort planning for precisely this type of event. Acting as the IT department for growing businesses in Scotland, England and Wales, it’s important we are able to provide support in all conditions.

We host our critical services and applications in the cloud which provides our team with remote access 24/7. We have equipped our engineers with encrypted laptops for when they need to work remotely, and we use Gamma Horizon, a cloud-hosted telephony system, giving every member of our team the same direct dial number and extension – wherever we are working. Our team use Microsoft Office365, delivering further cloud-based collaboration and communication capabilities.

When working remotely, it is essential to remain secure, especially when dealing with private company information. Follow the tips below to stay secure when working remotely.

If it can be moved, encrypt it!

Before working remotely, ensure your devices and any external hard drives or USB sticks are encrypted. USB sticks, mobile phones, tablets and laptops are easy targets for criminals and are also easy to lose. Losing unencrypted data increases the risk of personal information falling into the wrong hands.  Encrypt all your mobile devices and hardware.

Enable remote wipe

Protecting mobile devices within your business doesn’t need to be taxing. Investing in a mobile device management solution such as Microsoft Intune allows users to wipe devices remotely should the device be lost or stolen, checks devices are encrypted, enforces PIN protection and can allow you to locate lost or stolen devices quickly protecting your company and personal data.

Use a VPN

A Virtual Private Network (VPN) creates an additional layer of security when using private or public networks. It does so by creating an encrypted tunnel between the location you are working from and your company network.  This ensures your data remains private as well as giving you access to your company applications and servers.  VPN technology is no longer the chore it used to be, and seamless VPN technologies make this technology transparent to your users.

Limit the use of public Wi-Fi

Public Wi-Fi is fraught with danger.  You may recall the vulnerability affecting the WPA2 security protocol known as Krack in late 2017. Be wary of connecting to public hotspots, especially those in coffee shops, train stations and airports and use only as a last resort – use your mobile data hotspot on your phone or use a VPN (as above) if using public Wi-Fi as this keeps your data safe.

Limit the use of public computers

In cases where you have no access to a company device or are fresh out of battery, you may need to resort to using a public computer. Although we strongly recommend not using public computers, here are some useful tips:

  • limit the information you send on public computers;
  • never send business-critical information, and;
  • never store passwords in browsers.

If you log into web apps such as Outlook, make sure you log out once finished. Finally, clear browser history and cache before closing down the machine.

Keep passwords strong

We can’t emphasise the importance of strong passwords enough. Cracking a weak password is perhaps the easiest and most common method used by criminals to enter company networks illegally. If you need further assistance to create strong, memorable passwords, see below to download our free password guide.

DOWNLOAD YOUR FREE PASSWORD GUIDE!

Make weak passwords a thing of the past

Have a clear remote working policy

The current weather crisis should act as a catalyst to implement a remote working policy if you don’t already have one in place. When considering a remote working policy, base it on the needs of the business and identify what resources and processes you will need to implement to enable a secure remote working policy.  Plan, document and most importantly, communicate the policy clearly to all members of staff.

Secure your network

Remote working provides criminals with further opportunities to enter the company network. A dispersed workforce accessing the company network from multiple locations can be a headache to manage and secure. Use only secure remote access methods with 2-factor authentications and consider insider threat detection software such as Zonefox to let you see who is on your system, where they are based and what information they are accessing or downloading. The software also sends alerts whenever unusual behaviour is detected.

Keep passwords and PINs secret

Never email or send password across insecure systems. If you do need to send a password, ideally use an encrypted messaging service such as WhatsApp or a text message.   Make sure never to send username and password using the same service. If you are in a public place such as a busy coffee shop – or even your office – we suggest you don’t divulge personal information such as name, address, date of birth or password information over the phone – always do this privately.

Educate your team

Our tenth and final tip is to make sure your team are well versed in remote working and include training as part of your overall information security strategy. As we have said in previous posts, your people are your main strength, but they can also be a significant weakness if they don’t know how to work remotely in a secure manner.

Need help with business continuity planning?

Business continuity planning takes a lot of hard work, but as we can testify, it is entirely worth it. Our service delivery team hasn’t missed a beat throughout the so-called Beast from the East, and we are proud of our team for delivering superb service in challenging circumstances.

When designing a business continuity strategy, consider core products and services you deliver and think about the infrastructure and training your team will need to perform their duties if and when catastrophic situations arise.

Get in touch with us if you need help planning for business uncertainties.

Network ROI Christmas and New Year 2017/18 opening hours
by

Network ROI Christmas and New Year 2017/18 opening hours

We would like to wish all our clients a Merry Christmas and a happy, healthy and prosperous New Year. We are gearing up for an exciting 2018 and we look forward to working with you in the new year and beyond.

Over the festive period out office will be open as usual on normal working days, closing on the 25th & 26th December as well as the 1st January.

Festive opening 2017/18

Closed

From 5pm on Fri 22nd Dec
Mon 25th Dec
Tue 26th Dec

Open

Wed 27th, Thu 28th, Fri 29th
Tue 2nd Jan onwards

Out of hours support

We can offer emergency technical support between 8.30am and 5.30pm on the 25th and 26th December, as well as January 1st.

There will be a standby rate charge of £300 for the three days, irrespective of whether you require support (equating to £100.00 per day). Calls or call-outs on these days will incur additional charges at the hourly rate detailed in your contract.

Contact us on 0131 510 1234 or email helpdesk@networkroi.co.uk before Wednesday, 20th December if you would like to arrange out of hours support over the festive period.

BAnk Holiday Disaster
by

BAnk Holiday Disaster

British Airways experienced a massive bout of business turbulence over the busy bank holiday weekend when a power shutdown caused their entire IT estate to go offline. Global online systems including company websites, booking systems and call centres were crippled – leaving thousands of customers stranded in different airports across the world. It took the company almost three days to clear the backlog of travellers, many of whom have yet to be reunited with their luggage.

The fallout has been dramatic, with some reports stating the company share price shed almost £500m over a few short days. Then, of course, there’s the compensation bill that’s expected to exceed £100m and the millions of tweets and column inches of negative press that have accompanied such a high-profile situation.

Make Disaster Recovery part of your  ongoing strategy

Regardless of what went wrong and who is responsible, the key takeaway is; disasters are never planned.

The BA crisis illustrates the need for you, as a business owner or decision maker, to have a look at this unfortunate incident in greater detail:

  • Read the papers to get an idea of the scale of the impact
  • Listen to the testimonies of the angry customers
  • Think about the brand and reputational damage
  • Check the share price in the press
  • Think about how much BA relies on the internet and computing infrastructure to make money

These examples aren’t exclusive to BA; they apply to every kind of avoidable business disaster and impact every type of organisation.

Get in touch with Network ROI

If your business relies on secure, reliable and well-maintained IT to achieve growth and prosperity and you would like to have a conversation about your Disaster Recovery strategy, please fill out the form below.

Thanks for reading,

Neil.

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
7 Essential tips to avoid WannaCrypt
by

7 Essential tips to avoid WannaCrypt

WannaCrypt, WannaCry or WannaCrypt0r 2.0 is a type of malicious software program called ransomware that targeted a known vulnerability to infect and encrypt the contents of Windows PCs around the globe. This attack affected over 100,000 machines in over 100 countries in under 24 hours, affecting individuals and high-profile organisations including the NHS. The attack could have had much more serious consequences if it wasn’t for the quick-thinking of a researcher who stopped the threat spreading by just registering a domain name!

Ransomware is a piece of malicious software or malware that blocks access to a computer, or it’s files and demands payment for release. criminals don’t always play by the rules, access to data is not guaranteed, even after paying the ransom Ransomware is typically triggered when a user opens an email containing a malicious attachment such as a PDF or Microsoft Office document.

WannaCrypt is a game-changer!

WannaCrypt is different from traditional forms of ransomware as it can replicate itself and spread to other machines on the computer network, making WannaCrypt a hybrid ransomware/worm program. The infection spreads via SMB (Server Message Block) protocol used by Windows machines to communicate with other file servers over a network. An infected machine will then spread the malicious program to other at-risk devices.

Once infected, the WannaCrypt installer will extract a resource in a password protected zip file (wary.zip) which contains the executable ransomware files. WannaCrypt will also download a TOR client that it uses to communicate with the WannaCrypt servers.

What does WannaCrypt do?

The malicious program encrypts most of the files on a machine, and then a payment demand appears on the screen.  The criminal gang behind WannaCrypt request $300 in Bitcoin. Upon payment, you will receive a decryption key. The figure doubles to $600 if they haven’t received payment within three days. Access to files may be lost forever if payment still hasn’t been made within a week.

How to avoid the threat of WannaCrypt and other Ransomware threats

As mentioned earlier in the article, WannaCrypt targets a particular vulnerability within the Windows Operating System. There is, however, a high probability that other vulnerabilities will become exposed and exploited within the coming days, weeks, months and even years. Here are some tips to help you, your family and colleagues avoid falling victim to cyber crime.

  1. Delete any suspicious emails immediately, or if it’s from a known source, call the person to confirm they sent it
  2. Never forward such emails to colleagues
  3. Never click on an attachment in a suspicious email
  4. Alert your IT department if you receive a suspicious email
  5. Keep Anti-Virus and anti-Spam software up-to-date
  6. Keep Windows Operating System software up-to-date
  7. Ensure that you have email and web security that can block malicious emails and malware Command & Control server communications
  8. Keep essential software up-to-date to the latest version

What to do if you have a ransomware problem

If you have fallen victim to WannaCrypt or any form of ransomware, do the following:

  • Pull the power lead from your machine immediately
  • Inform a member of your IT team or your line manager

Finally

Security incidents such as WannaCrypt can strike at any time. Therefore it is important to maintain a regular backup schedule as part of your wider Disaster Recovery strategy.

The National Cyber Security Centre (NCSC) has released a statement with guidance and more information regarding the attack.

About Network ROI

Network ROI is a Managed Service Provider based in Scotland with skilled technical engineers throughout the UK.

As a Cyber Essentials and IASME certified company, we help organisations improve the security of their internal networks and reduce the likelihood of outside threats.

If you are worried about WannaCrypt or any other form of cyber crime, call us on 0131 510 3456 or fill out the form below and a member of our team will be in touch soon.

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
VISIT THE NETWORK ROI BLOG
EMAIL SERVICEDESK HOW TO GET SUPPORT YOUR PORTAL QUICK SUPPORT CHAT SUPPORT