Close

0131 510 1234

Archive for category: Cybercrime

Network ROI targets security market in plan for expansion
by

Network ROI targets security market in plan for expansion

IT services company Network ROI is scaling up its operations

Network ROI targets security market in plan for expansion. Terry Murden from the Daily Business interviews Network ROI MD Adam Johnson about how Network ROI is scaling up its operations as it tackles growing security issues such as the spread of ransomware and the mis-use of cryptocurrencies.

“The number of attacks shows no sign of slowing…they are using ransomware to undermine companies. It’s a growing problem and the onus is on boards to get their house in order,” Adam said.

The Edinburgh-based firm is embarking on a three-pronged strategy that will see it work more closely with client companies, including those facing a growing risk of exposure to the onslaught of cyber attacks. It will provide more on-call support and offer IT directors ‘for hire’ as it plots expansion of its services, including connectivity, telecoms and consultancy across the UK.

Hackers include teenagers who are easily able to download ransomware tools from the internet, while bitcoin, the cryptocurrency that was meant to become an online currency, has been adopted by criminals to a point where some companies now block the word from their communications systems, including email.

Other digital currencies such as monero, designed to avoid tracking, have become more popular among criminals as law enforcers adopt software tools to monitor those using bitcoin.

Network ROI, which became the first employee-owned managed services company two years ago, now has a staff of 50, mainly at its Roslin head office, with a growing team in Newton-le-Willows in northwest England.

The company now serves firms of all sizes from four to 4,000 employees, in all sectors and across the UK. They include about a hundred in Mr Johnson’s native northwest England.

“Manchester in particular is booming,” he said. “There really is a northern powerhouse thing going on, helped by people like Andy Burnham [mayor of Greater Manchester and former Labour Cabinet minister] who is business focused.”

Read more in the Daily Business article 

What is multi-factor authentication?
by

What is multi-factor authentication?

Multi-factor authentication (MFA) is an extra layer of security that can be used to protect online accounts and other shared computing resources against unauthorised access.

The easiest way to understand MFA is to think about your bank card. When you withdraw cash from an ATM, you need your card (something you have) and your PIN (something you know). There is also a third factor (something you are) – your fingerprint, retina or other biometric information.

When you enter the wrong PIN, the cash machine won’t let you withdraw money and will prompt you to take your card. The same is true with MFA. When you enter the wrong details, access will be denied, and your information will remain secure.

Why is MFA important?

It is more important than ever to protect online assets.

1 – The threat of identity fraud is growing. Hackers have unfettered access to a plethora of personal information from social media accounts, making this type of fraud an easy win.

2 – We have more to lose. We are increasingly reliant on digital infrastructure to manage our lives. Dating, communicating, working, shopping and banking are just some of the areas dominated by digital technology.

3 – Streamlined access. MFA offers a simple and secure method of offering access to the right people at the right time.

4 – Providing another layer of protection against weak or compromised user credentials. MFA should complement strong user credentials; however, it can also provide an additional layer of protection against weak or compromised credentials in some instances.

5 – More organisations and individuals are being targeted by hackers. The chances of being targeted by hackers are increasing. Criminals have many motivations for accessing online data including theft, service disruption, data destruction and more.

What types of authentication exist?

Authentication takes many forms, most of which you will be familiar with already.

Examples of things you know:

PIN – a numeric password such as the one typically used to access your phone or to protect your bank account.

Password – A string of user-defined characters that may include numbers, symbols, upper-case and lower-case letters. It’s important to follow best practice when choosing a password, download our free password guide to get some useful pointers.

Challenge/response – Answers to questions that only you should know. This type of authentication method is less effective due to the amount of personal information available online. Pet names, high-school name, place of birth and even date of birth can, in many cases be accessed by online criminals.

Examples of things you have:

Magnetic stripe cards – Cards that contain user ID data.

Smart cards – A smart card has a pre-programmed integrated computer circuit, usually taking the form of a small chip. Examples include bank cards and mobile SIM cards.

Security tokens – Mobile apps and physical USB tokens that generate a unique one-time passcode (OTP) typically within a minute before generating a new code. Many companies also use SMS messaging to deliver OTPs.

Example of something you are:

Biometrics – Examples of biometric data include voice recognition, fingerprint and iris scanning.

It’s important to note that multifactor authentication is where two unique factors are used in conjunction with one another at the same time – i.e. a smart card must be used with a PIN. Similarly, a security token or authentication app is used to deliver a passcode which must then be entered into the system.

Identity Access Management

Many organisations are seeking to further streamline the login process by using Identity Access Management (IAM) solutions. IAM removes the need for users to know their login credentials and is used to login into apps. Passwords are generated automatically by the software, reducing the possibility of a simple weak password being chosen by the user.

Another benefit of using IAM is during offboarding. If users don’t know the login credentials to various web apps, they can’t access critical business files once their employment comes to an end, making life easier for system admins and business owners.

Why should I care about multi-factor authentication?

Multi-factor authentication on its own won’t be enough to protect your business online, but it will help to ensure your people are taking steps to protect their vital information. As your business grows and becomes more reliant on digital services to function, the threat from cybercrime will increase significantly.

Adding an additional layer of security to business and personal logins will help protect your information and will reduce the threat of becoming another hacking victim. Multi-factor authentication should definitely be in your IT security strategy wish-list this coming year if you haven’t already thought about it.

Network ROI can recommend MFA solutions to suit the needs of your business. Call us on 0131 510 3456 for a chat with one of our security experts today.

How big a risk is the Insider Threat to your organisation?
by

How big a risk is the Insider Threat to your organisation?

Meet Team ZoneFox at Infosec 2018 to halt the insider threat in its tracks!

With the recent release of ZoneFox 4.0, the ZoneFox Team will be out in force at Infosec 2018 to showcase our enhanced insider threat detection platform.

InfoSec 2018 is the must-attend show for any security professional. Attending this year? Then head to stand R80 to discover how ZoneFox can mitigate business risk and help you protect business-critical data 24/7.

From identifying anomalous user behaviour, alerting on incorrect access permissions to unauthorised software installs or removable device use – speak to the experts at InfoSec and find out how ZoneFox technology can bring light to the often dark areas of data security.

You can expect to see on the day:

  • Live demo showing threat hunting in action.
  • Witness the advantages and developments of ZoneFox AI
  • Discover all about their latest launch, ZoneFox V4.0, including a number of product enhancements.
  • Understand how to defend against threats, prepare for compliance, and help address the rise of the insider within your organisation.
  • Have the opportunity to ask questions about the product, and how it relates to your industry from the experts.

We know it’s a busy event, so pick a slot and we’ll be ready for you – we’ll be on stand R80. Don’t miss out –

Book your slot now.

Not registered – you still have time – you can sign up for Infosec 2018 here

Not attending but still want to see the award-winning ZoneFox Insider threat detection platform in action? Then we will come to you – book a meeting with us today.

Eliminate the insider threat.
by

Eliminate the insider threat.

In our rapidly evolving technology landscape, the insider threat is a growing problem. Collaboration tools, cloud and mobile computing have significantly increased the risks faced by organisations. A report by Cybersecurity Insiders and CA Technologies recently stated that ninety percent of organisations feel vulnerable to insider attacks.

Not all insider threats are malicious, though. Accidental data breaches caused by careless employees or negligence account for more than 50% of all data loss incidents from inside the network. Organisations storing or accessing confidential data must take action to reduce the risks of losing data from within the confines of company systems.

So, what can you as a business leader do to protect your most important information? The short answer is you need to take a holistic approach to information security. The soon-to-be-implemented GDPR will force organisations to get their data protection house in order, presenting opportunities to do better business.

We are gearing up to attend Scotland’s largest Cyber Security event, ScotSecure at Edinburgh’s Dynamic Earth next week. Two of Scotland’s security software powerhouses, Zonefox and My1Login will be joining us as we aim to help business leaders protect their networks from the inside and the outside.

About Zonefox and My1Login
In case you have been out of the country with no access to the Internet for the past few years, Zonefox and My1login are two of Scotland’s leading lights in the cybersecurity software space.

Protect your network with Zonefox

Zonefox has developed award-winning insider threat protection software that provides a 360-degree view of your network by monitoring every endpoint and every user 24/7. So, whether your employees are working remotely or third parties are accessing and sharing information they shouldn’t be, you will know about it.

Zonefox’s Augmented Intelligence automatically detects when a users’ behaviour changes and it can quickly spot when compromised user accounts are being used to harvest valuable IP and confidential data.

With Zonefox, network administrators have access to detailed forensics, enabling them to answer critical questions about an incident: Where did the incident take place? Who was the perpetrator? What did they take? Where did the data go?

Having answers to these questions not only helps find a quick resolution to data loss incidents, but it also helps organisations comply with data breach notifications – a significant element of GDPR obligations.

Protect your applications with My1Login

Glasgow-based My1Login is a European leader in Identity and Access Management (IAM) and Single Sign-On (SSO) solutions.

The security software provider has won multiple awards, including Identity and Access Management Solution of the Year at the recent Computing Security Awards. They are also an approved UK Government Supplier through G-Cloud 9.

My1Login is the UK’s most secure and most widely-compatible IAM solution that enables organisations to mitigate password-related cyber-security risks, strengthen identity assurance and meet critical compliance obligations such as GDPR. Its Single Sign-On solution integrates with all app types – web apps, mobile apps, flash apps, virtualised apps, and even legacy, thick-client apps and mainframes. Passwords can be updated automatically without revealing credentials, and the IT department can provision new users and manage My1Login via Active Directory (AD), simplifying user management at a stroke.

My1Login SSO also integrates with multi-factor authentication services, further securing employees’ access to corporate applications.

Heading to Scot-secure 2018?

If you are planning to visit Scot-secure 2018 next week, come over and chat with us about a comprehensive approach to network protection. The lovely folks from Zonefox and My1Login will happily take you through a demo of their innovative products.

Top ten remote working security tips
by

Top ten remote working security tips

Severe snow and icy wind have hit the UK  with devastating effect this week. The adverse weather has made conditions treacherous, forcing schools to close as well as having a negative impact on transport infrastructure. A result of the extreme weather is an increase in people taking advantage of remote working.

Fortunately, at Network ROI, we spend a lot of time and effort planning for precisely this type of event. Acting as the IT department for growing businesses in Scotland, England and Wales, it’s important we are able to provide support in all conditions.

We host our critical services and applications in the cloud which provides our team with remote access 24/7. We have equipped our engineers with encrypted laptops for when they need to work remotely, and we use Gamma Horizon, a cloud-hosted telephony system, giving every member of our team the same direct dial number and extension – wherever we are working. Our team use Microsoft Office365, delivering further cloud-based collaboration and communication capabilities.

When working remotely, it is essential to remain secure, especially when dealing with private company information. Follow the tips below to stay secure when working remotely.

If it can be moved, encrypt it!

Before working remotely, ensure your devices and any external hard drives or USB sticks are encrypted. USB sticks, mobile phones, tablets and laptops are easy targets for criminals and are also easy to lose. Losing unencrypted data increases the risk of personal information falling into the wrong hands.  Encrypt all your mobile devices and hardware.

Enable remote wipe

Protecting mobile devices within your business doesn’t need to be taxing. Investing in a mobile device management solution such as Microsoft Intune allows users to wipe devices remotely should the device be lost or stolen, checks devices are encrypted, enforces PIN protection and can allow you to locate lost or stolen devices quickly protecting your company and personal data.

Use a VPN

A Virtual Private Network (VPN) creates an additional layer of security when using private or public networks. It does so by creating an encrypted tunnel between the location you are working from and your company network.  This ensures your data remains private as well as giving you access to your company applications and servers.  VPN technology is no longer the chore it used to be, and seamless VPN technologies make this technology transparent to your users.

Limit the use of public Wi-Fi

Public Wi-Fi is fraught with danger.  You may recall the vulnerability affecting the WPA2 security protocol known as Krack in late 2017. Be wary of connecting to public hotspots, especially those in coffee shops, train stations and airports and use only as a last resort – use your mobile data hotspot on your phone or use a VPN (as above) if using public Wi-Fi as this keeps your data safe.

Limit the use of public computers

In cases where you have no access to a company device or are fresh out of battery, you may need to resort to using a public computer. Although we strongly recommend not using public computers, here are some useful tips:

  • limit the information you send on public computers;
  • never send business-critical information, and;
  • never store passwords in browsers.

If you log into web apps such as Outlook, make sure you log out once finished. Finally, clear browser history and cache before closing down the machine.

Keep passwords strong

We can’t emphasise the importance of strong passwords enough. Cracking a weak password is perhaps the easiest and most common method used by criminals to enter company networks illegally. If you need further assistance to create strong, memorable passwords, see below to download our free password guide.

DOWNLOAD YOUR FREE PASSWORD GUIDE!

Make weak passwords a thing of the past

Have a clear remote working policy

The current weather crisis should act as a catalyst to implement a remote working policy if you don’t already have one in place. When considering a remote working policy, base it on the needs of the business and identify what resources and processes you will need to implement to enable a secure remote working policy.  Plan, document and most importantly, communicate the policy clearly to all members of staff.

Secure your network

Remote working provides criminals with further opportunities to enter the company network. A dispersed workforce accessing the company network from multiple locations can be a headache to manage and secure. Use only secure remote access methods with 2-factor authentications and consider insider threat detection software such as Zonefox to let you see who is on your system, where they are based and what information they are accessing or downloading. The software also sends alerts whenever unusual behaviour is detected.

Keep passwords and PINs secret

Never email or send password across insecure systems. If you do need to send a password, ideally use an encrypted messaging service such as WhatsApp or a text message.   Make sure never to send username and password using the same service. If you are in a public place such as a busy coffee shop – or even your office – we suggest you don’t divulge personal information such as name, address, date of birth or password information over the phone – always do this privately.

Educate your team

Our tenth and final tip is to make sure your team are well versed in remote working and include training as part of your overall information security strategy. As we have said in previous posts, your people are your main strength, but they can also be a significant weakness if they don’t know how to work remotely in a secure manner.

Need help with business continuity planning?

Business continuity planning takes a lot of hard work, but as we can testify, it is entirely worth it. Our service delivery team hasn’t missed a beat throughout the so-called Beast from the East, and we are proud of our team for delivering superb service in challenging circumstances.

When designing a business continuity strategy, consider core products and services you deliver and think about the infrastructure and training your team will need to perform their duties if and when catastrophic situations arise.

Get in touch with us if you need help planning for business uncertainties.

VISIT THE NETWORK ROI BLOG
EMAIL SERVICEDESK HOW TO GET SUPPORT YOUR PORTAL QUICK SUPPORT CHAT SUPPORT