How has Email Compromise Evolved?

The murky world of business email compromise has changed. Hackers are becoming more and more resilient to the traditional methods of thwarting their attempts at stealing data.

Keeping data safe is critical for businesses, but for each strategy used to combat security threats another appears. In some cases, generally low skill is required to carry out attacks against infrastructures, but successful attempts could result in large payouts for the attackers. 

According to the FBI 2017 Internet Crime Reportlosses were reported of $13.4 billion. The top cyber crimes reported involved personal data breaches and phishing. 

So what’s changed? 

Over the past 12 – 18 months, the rise of email phishing has been documented across the globe. An email impersonating a business CEO, finance director or executive with a sense of urgency requests money to be sent to (usually an international) account or transfer via crypto-currency. These emails are usually short and to the point, and often look as though they have been sent from a personal email address. 

Email phishing is very difficult to contain. It does require user awareness, as well as a robust anti-spam filter in place. 

Malware infected emails and attachments not only have the ability infect and encrypt entire networks from one email on one PC, but also launch remote access tools and keyboard logging software. 

Voice phishing is less common, but equally as devastating. A call posing as a supplier, such as the company bank may not raise too many questions. You could be advised that an urgent payment hasn’t been received. People are more likely to trust the voice of another human being, and this basic physiology is exploited during these conversations. 

You may remember the Microsoft scam; an attacker posing as a Microsoft technical employee will call and advise the user that their PC has been infected by Malware. A ‘fix’ is then downloaded which is capable of stealing personal data, such as financial details from the PC. 

Social media also has a role to play. Using sites such as Facebook, Instagram and Twitter allows attackers to research their targets to help improve their impersonation. Just the way users communicate on the platforms can assist attackers. 

Cryptocurrency use has boomed over the last 12 months. The use of such sites as BitCoin makes it near impossible to trace accounts and once the currency has been transferred, it’s not something the target will ever see again. 

So what can we do to keep our data safe? 

User awareness is more important than ever. Training schedules must be in place to ensure all employees (including remote workers) are aware of their role in maintaining email security, and how to spot phishing attempts. Having the right resources in place helps employees to keep themselves, and the business safe during their working days. 

An effective backup system must be tried, tested and have a frequent schedule in place (nightly preferred). Cloud based services reduces the risk of data loss, corruption or theft over the traditional hardware based backup media. An off-site backup will also provide an extra layer of security. A robust anti-virus and patch management programs should also be maintained. 

If you would like further information on how Netshield can assist with securing your infrastructure, please give us a call on 0333 200 1636, or email info@netshield.net
Advertisements

Security Audit

What is it?

A detailed IT security audit that covers all your external threats.

What does this cover?

We will look for the most common website and infrastructure vulnerabilities. This includes exploits like; Injection vulnerabilities, Cross site scripting and unsupported or outdated services.

What is the benefit of this?

Discover and fix the same vulnerabilities a hacker would exploit to steal or manipulate your database, redirect people to malicious 3rd party content or a full defacement of your website.

How often will this take place?

One of the technical team will schedule in a test once a quarter. This will give you ongoing audits to cover any new threats.

What will get I get from this?

A clear report that highlights what impact this could have on your business alongside easy to manage fixes. A hassle-free service that requires no technical expertise.

iStock_000013067728Large

 

t  +44 (0) 333 200 1636

e    info@netshield.net

w    http://www.netshield.net

Is it possible to keep your Remote work force happy, secure and cost effective?

SPOILER ALERT: YES! 

Remote working helps employees stay productive where ever they are, at home, before and after meetings. This does place extra pressure on IT departments to meet expectations but also maintain security and support levels.

Our Citrix and Microsoft powered hosted options securely allow remote connections to desktops, email, applications and IT services from the Cloud.

  • Secure access to data; all data remains in the Cloud rather than the device
  • Any device can be used; PC, Mac, tablets, smart phones
  • Access from any location
  • Predictable costs; a simple and easy monthly pay as you go model – so only pay for the amount of employees using the system

 

For  more information, please contact us today on 0333 200 1636, or info@netshield.net. 

 

 

 

 

Office 365: Is your data as protected as you think?

THERE’S NO DENYING THAT OFFICE 365 has certainly revolutionised the way users are able to work. The ability to work anytime, from anywhere has given employees control over their working day. Applications such as Exchange Online, SharePoint Online and OneDrive are all accessible in one place. As the platform can be billed monthly per user, O365 is also a bonus for companies who have fluctuations in their user counts on a regular basis.

All sounds pretty good, right? However, were you aware that the data held is not actually backed up by Microsoft? In the event of data loss or a breach, you can’t rely on the O365 platform to restore. If you weren’t aware of this, you should now be asking yourself:

What can I do to ensure the security and safety of my data?

 

Office 365 offers geo-redundancy which can often be mistaken for a full backup. This only protects against the Microsoft site and hardware failure so users can continue working in either of these scenarios. You won’t be able to restore data that is lost, deleted or maliciously attacked.

Retention policies are limited, and when deleting a user you also delete their data held on their personal SharePoint and OneDrive so you won’t be able to refer back for very long. ExchangeOnline has limited recovery functions and cannot handle serious attacks.

It is YOUR data, YOU control it and YOU need to have the correct backups in place to protect it and your business.

Veeam® Backup for Microsoft Office 365 eliminates the risk of losing data and gives you control over your backup policy. 

Benefits include:

  • Protecting your data from deletion and security threats
  • Access backup archives
  • Store data according to long-term retention policies that quite your compliance or regulatory needs
  • Multi-repository/multi-tenant architecture
  • Quick search and restore of individual files
  • Backup hybrid email and SharePoint deployments

You have a lot of flexibility and control over the backup policy, it can be set to weekly, daily or even as often as every five minutes! Copies can also be stored in a location of your choice; on-premise, public Cloud or a local data centre provider.

The product is licensed per user, so only pay for the amount of employees you actually have using the platform on a monthly basis.

 

If you would like more information or a quotation, please contact us today. 

Maximising Data Availability

DATA AVAILABILITY has become paramount to the success of an organisation. Reliability as well as performance and manageability are critical to ensuring as much data up-time as possible.

The first step in maximising your data availability is to have a good backup in place that takes into account your whole infrastructure, Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Think you’re protected with just one backup however?

Legacy approaches to data backup and recovery are simply outdated and ineffective. Gone are the days where a single on-premise backup would tick any compliance boxes. To ensure the security and availability of data, backing up to an offsite location as well as the first on-premise should be considered. This can be achieved through a replication job. This has two major benefits:

a) Helps work towards a disaster recovery scenario. Should the initial site be affected by a hardware failure, or complete site failure, the backup offsite will not be affected and could be restored to another location ensuring business continuity.

b) Should data be compromised (accidentally or maliciously, the offsite backup copy would ensure some security and not be affected. A restore could occur, giving peace of mind that a second unaffected copy is available to fall back on.

 

Veeam® Backup & Replication™

Veeam® Backup & Replication™ is straight forward, cost effective and increases service recovery SLA’s with Recovery Time Objectives (RTO) in seconds and minutes rather than outdated hours/days. High speed recovery allows instant file recovery and can fully recover a failed virtual machine in under 15 minutes, minimising the amount of working time lost.

Advanced replication can be used, with replication able to be set to occur as little as every 15 minutes. Essential if you cannot afford for your business to lose even an hour of work. Secure end-to-end encryption achieves security and confidentiality. Pretty straight forward!

 

Recover faster than ever, improve data protection and save money with the Veeam Backup and Replication product. To discuss your requirements or find out more information, please contact us today