2021 IT security threats to your business

2021 IT security threats to your business

The past two years have seen the rapid digitalisation of nearly every aspect of our lives.

Technology has infiltrated the way that we communicate, work, monitor our health and fitness, learn, shop and entertain.

While there are many advantages to having such devices and software to enable us to continue with our daily lives, it has brought about a surge in the number of cybersecurity breaches and scams being reported.

This wave of cybercrime has hit both individuals and businesses hard due to the perpetrators creating new sophisticated malware, identifying new techniques to avoid detection, and hijacking reputable software and brands as means to gain the trust of an increasingly cautious public in order to carry out successful scams.

By the end of the year, it is forecast that 6 trillion globally will be spent solely on tackling cybercrime!

As October is “Cybersecurity Awareness Month” this article is going to discuss the main cyber threat trends that we have witnessed over the past year and what businesses need to do to protect themselves moving forward.

2021 IT security threats to your business

1. Phishing in the Cloud

During 2021 the volume of Phishing emails and corrupted apps/sites hit an all-time high.

In the first three quarters of the year, 36 billion company records were exposed!

  • 85% of breaches involved a human element
  • 61% were due to stolen or compromised user credentials
  • Social engineering was observed in over 35% of incidents

Based on the extensive reports and statistics published by leading cybersecurity bodies it was found at least a minimum of 36% of cyber breaches experienced by organisations worldwide was a result of individuals falling prey to phishing emails.

2021 IT security threats to your business Phishing emails

In a workplace context phishing scams usually involve an employee receiving an email that appears to be from a trusted source.

It might feature the hallmarks of a genuine email such as logos and signatures identical to the business or client.

The email will include a link or attachment which once clicked or opened, will redirect the recipient to another site where the login credentials will be harvested.

Alternatively the email might request a payment to be made to a fraudulent account to clear an outstanding invoice.

As you can see this method of obtaining credentials can be an effective way to gain access to a business or organisations’ I.T. system once executed properly.

Over time phishing emails have evolved from clearly identifiable spam to something more insidious which can cause businesses a lot of grief and expense.

When a cybercriminal has access to an Office 365 account they can read and send numerous convincing phishing emails to specific staff members. This is also referred to as BEC (Business Email Compromise).

One form of Phishing that has become popular is Cloud-phishing.

Cloud-Phishing Explained

  • First a phishing email is sent to the target with a link to a legitimate cloud hosting service.
  • Once clicking on this link, the employee will find a fake invoice or document attachment.
2021 IT security threats to your business Sample Cloud Phishing Email 1
  • As the document is held within the Cloud, once clicked on will automatically open in the browser and not notify or alert the individual that they are being redirected to another page/site outside of the hosting service.
  • The victim is unaware of this and will proceed to input their Office 365 credentials into the fraudulent login page that appears. It is at this point that their login details are stolen.
2021 IT security threats to your business Phishing Microsoft Office 365 Login page

The reason why using this phishing tactic is successful is because using a legitimate Cloud service provides an element of credibility to the initial email. Also, the document looks like a standard MOS file that staff deal with on a daily basis so there are no obvious warning signs.

Usually, if a file containing a link to an external website or page is opened outside of the Cloud, applications such as Adobe will notify the user. However, in this scenario, the phishing email avoids raising suspicions.

2. Cloud-Jacking

2021 IT security threats to your business

Cloud Jacking or Cloud-hijacking is a term used in relation to a cyberattack in which a business’s Cloud account is accessed by an unauthorised party.

Similar to the previous topic discussed Cloud -jacking usually occurs when an Office 365 account has been compromised giving the cybercriminal or hacker the opportunity to sift through the wealth of information that is stored within the business’s Cloud and set about wreaking havoc as they wish.

Once a cybercriminal has access to the cloud, they may decide to lay low, observe and take notes on how best to exploit the business.

From this vantage point, numerous BEC or phishing emails can be sent, and payments can be made to clear fraudulent invoices.

Alternatively, they can delete, encrypt, and install malware. This scenario can have a crippling effect on businesses if they do not have a secure backup of their data elsewhere.

It is important to remember that saving documents to a standard Cloud platform is not backup.

Here documents can be deleted and edited so it is vital that businesses understand fully how to differentiate between both.

While these services are fully aware of the risks associated with their product and try to provide their customers with high levels of security it should never be assumed that these are the default settings on your account.

In fact, cybersecurity experts agree that it is the misconfiguration of those settings by users is that is the main cause of cloud account breaches.

Businesses should get an I.T. specialist to configure the settings on all of the software that is used across the board to ensure that the security level is high, reducing the risk of an external breach.

In order to protect against an internal attack staff training relating is essential, to minimise the chances of a successful phishing email causing a security scare. *(1) https://www.magnify247.com/cloud-jacking-keep-safe/ 

According to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.*

3. Exploitation of Remote Working & Mobile Devices

2021 IT security threats to your business Remote working & multiple devices

Work is no longer confined to the office; advanced technology has enabled us to have more flexibility and conduct daily business on the move across multiple devices.

While there are advantages to having the option to work remotely, access files and emails while commuting or travelling there are drawbacks.

The most pressing concern is managing and maintaining a high level of security across an entire team of staff and the various devices on which they access the business’s I.T. system. Desktops, laptops, tablets, phones……the list grows!

In recent times there has been more of a need for businesses to establish a VPN. However, like all software VPNs have vulnerabilities that are ready to exploit.

In fact, 23,000 software vulnerabilities are reported each year!  Many businesses have admitted that due to the rush to enable a more flexible workplace during Covid that they had not fully considered the risk posed by lack of robust I.T. policies and procedures for staff or not getting professional advice on how to manage their VPN network and connected devices safely.

It is always recommended to refer to an I.T. consultant when investing in your security as they can offer guidance as to what measures are required to ensure that software is configured correctly and all devices are being monitored and updated regularly.

There is no point in spending a large chunk of the budget on software and devices if their security settings are not fully optimised.

A systematic approach needs to be taken to reduce the chances of a breach. Staff must fully understand the implications of not following policies and procedures correctly through workplace awareness and training.

A study conducted by PWC found that employees — especially those of the millennial generation (51%) and generation Z (45%) admit to using applications and programs on their work devices that their employer has expressly prohibited.

Human error accounts for the main cause of a potential security breach there is no excuse for lax rules and misuse of devices.

2021 IT security threats to your business Staff Training

The key steps to maintaining a safe network perimeter are:

  • Avoid the use of personal devices for work
  • Ensure that security settings on VPNs, cloud-based software, online accounts etc. are configured properly and maintained.
  • Keep an up-to-date Back-up
  • Use Multi-factor authentication where possible across business accounts
  • Provide cybersecurity training to staff and implement strict policies & procedures

4. Ransomware

2021 IT security threats to your business Ransomware

There is a growing market for Ransomware on the DarkWeb which has resulted in a significant increase in the number of reported cases of attacks made on businesses, especially those in sectors that hold a significant amount of confidential data.

Cybercriminals are not only encrypting I.T. systems and demanding payment but also threatening to release sensitive information which could fatally harm the business and expose clients’ data.

The threat of heavy GDPR fines and possible legal action taken by those affected by the breach are used to instil fear and anxiety into business owners. This is known as a “double exploit” and is now the standard approach favoured by cybercriminals.

In 2021 and beyond, a business will fall victim to a ransomware attack every 11 seconds, and ransomware damage costs will rise to $20 billion – 57 times more than in 2015.

2021 IT security threats to your business Security

It has never been more important to be vigilant against cybercrime, if the levels of reported cases continue to rise at the current rate and steadily grow as we approach 2022 it is vital to take action now!

Protecting your business, staff and clients does not have to be expensive, by contacting an I.T. Consultant you can make the most out of your budget.

Only with the right guidance and expertise on hand can your business greatly reduce the risk of a security breach which results in a much larger cost in the long term.

ITSUPPORT4U Packages
ITSUPPORT4U Packages

IT Support Services For Solicitors

IT support for solicitors Data Protection for Solicitors

Data security should be a top concern for solicitors considering the large volumes of sensitive information which are retained and accessed every day.

As we are all aware the cases of cyber-breaches have increased dramatically over the past two years, this will continue to do so as we move forward.

While it is of vital importance to have advanced Anti-virus/Malware software on your firm’s devices, this alone does not provide guaranteed protection.

Cyber-criminals are highly skilled and resourceful, new sophisticated techniques and malware are continually being developed to try to evade detection.

Despite the efforts that are being made across the cyber-security sector, there is always the chance that a breach can occur.

IT Support For Solicitors Tip 1:

Software cannot protect against human error.

Human error has been the primary cause of large-scale data breaches and payments made to fraudulent accounts in many high-profile cases.

We have all witnessed the impact that ransomware has had on the HSE.

Many data breaches and cyber-attacks are initially launched through social engineering techniques that staff fall prey to such as phishing emails.

As data controllers and processors, solicitors and law firms should be on guard from possible cyber-breaches and accidental damage/loss of client and firm’s data.

IT support for solicitors consequences of a data breach

The financial cost of recovering and rebuilding an I.T. system can be devasting to practices.

  • Investigation & remediation costs
  • Direct monetary losses-money transferred to fraudulent accounts, client pursuing legal action against the practice for data loss etc.
  • Compliance issues/GDPR fines
  • Downtime due to inaccessible files
  • Damage to reputation

IT Support For Solicitors Tip 2:

The impact of a cyber-attack or an incident that incurs data loss can be greatly minimised by being proactive and taking action before the event.

The current level of IT risk to solicitors and law firms

A European survey from CWSI reveals that 54% of Irish companies have seen a rise in cybersecurity breach attempts in the last year, the highest in Europe and compared to 42% on average for European firms.

Phishing is perceived to be the highest cybersecurity threat in Ireland (76%), followed by human error (58%) and ransomware (46%).

The survey also found that 55% of Irish SMEs/Organisations believe that security is the most important factor to continue a remote working option for staff.

Of those, 97% believe that secure remote working technologies are key to enabling workers to access files and communicate safely and reduce the risk of an I.T. breach. (1)

IT support for solicitors GDPR Compliance

Despite the findings of this survey, which indicates a high level of awareness concerning the subject of cyber security issues there is still a high level of GDPR fines being issued relating to data breaches.

According to Ireland’s Data Protection Commission, a total of 6,615 data breaches were reported in 2020. In comparison to its E.U. counterparts, Ireland has the sixth-highest level of breach notifications across Europe and the third highest on a per capita basis. (2)

Of course, some of these fines would be due to a lack of transparency and consent around the processing of data. However, with the substantial increase in cyber attacks on SMEs/Organisations globally during the pandemic, there is a direct correlation in the figures.

As CWSI Ronan Murphy- CEO comments

“Many businesses and IT leaders are over-confident in their ability to protect data from loss or theft, without the necessary security measures to back this up, and there is a clear disparity and false sense of security here which needs to be addressed.”(1)

Solicitors are well aware of the fines that data breaches can cost a company with many practices specialising in this area. Therefore, a high standard of data protection and cyber security is fundamental to any size law firm or sole practising solicitor.

IT support for solicitors Data Security & GDPR

IT support for solicitors & law firms, security, data protection and GDPR

While the Data Protection Act 2018 and GDPR does not state specifically what security measures organisations should implement, “Articles 25 and 32 do place an obligation on data controllers and processors to implement data protection by design and default and ‘appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account: 

  • the state of the art
  • the costs of implementation
  • the nature, scope, context, and purposes of processing; and
  • the likelihood and severity of the risk to the rights and freedoms of individuals.

It goes on to suggest the following indicative list of appropriate measures.

  • the pseudonymisation and encryption of personal data.
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing, and evaluating the effective of technical and organisational measures for ensuring the security of the processing.

Data controllers and data processors are also obliged to ensure that their staff and “other persons at the place of work” are aware of security measures and comply with them. The legal obligation to keep personal data secure applies to every data controller and data processor, regardless of size.” (3)

IT support for solicitors Conduct a cyber security risk assessment

IT Support For Solicitors Tip 3:

Risk assessments

Conduct a thorough review of your current policies and procedures relating to your firm’s GDPR compliance and Cyber Security protocols.

Here are some points to consider:

  1. Are the measures you have in place robust enough to withstand a breach?
  2. Do you have an emergency response plan in place if such a scenario was to occur?
  3. Does your staff have a direct I.T. specialist to contact immediately if there were suspicious emails, alerts, or unknown software appearing on their work devices?
  4. Are all files securely backed-up and up to date?
  5. Is your back-up sufficient to restore the bulk of the vital documents and files that your firm requires to operate and support clients?
  6. Is your back-up clearly organised and easily accessible to trusted I.T. remediation services?
  7. Have you ever tested your current recovery system to ensure that it is an effective resource to have in a crisis?

If you can’t answer YES to each of the above points take action now.

IT support for solicitors Business Continuity Disaster Recovery

How I.T. Support 4U can upgrade your backup systems

I.T. Support 4U provides top-grade security software. BCDR systems and secure online file sync & share platforms that are all 99.99% HIPAA, GDPR & SOC2 Type II compliant.

These are offered in affordable monthly packages which also gives your solicitors practice priority access to I.T. support for any difficulties that you may experience while in the office or remote working.

This allows you to focus on your work without the inconvenience of having to source various I.T. services to deal with mundane tech-related problems.

It also ensures that you have a designated specialist on call if you were ever in a position that required files and data recovered.

The file protection and BCDR systems that we provide offer a higher level of security and retention time in comparison to other technology on the market.

Six-month versioning protects against accidental deletion, and corrupted data can be recovered quickly by users or with the assistance of our specialist I.T. manager. Our BCDR systems can retain files for longer periods.

IT support for solicitors Datto Partner

Datto’s BCDR technology is reliable and image-based. Through performing continuous file and folder backups business documents are protected against ever-present threats such as human error, hardware failure, ransomware, and lost or stolen devices.

Once connected to the internet the backup is performed whether you are on the move or in the office. “Rapid roll-back” restore options allow users to target specific files and folders rather than having to restore large volumes of data to gain access to certain material.

However, if you were in a scenario in which you required a full restore this can be done quickly and efficiently. This means you can bounce back faster than before rather than the painfully slow process of rebuilding the system from missing every file, folder, and scanned document!

The range of Datto BCDR products can accommodate any size of solicitors or law firm including single solicitors. There are various products to choose from which can meet your requirements.

  • DATTO WORKPLACEFile Sync & Share Platform
  • DATTO FILE PROTECTIONcontinous file & folder backup,data encrypted.
  • DATTO CLOUD CONTINUITY FOR PCsBCDR system for PCs provides complete backup of all data stored on specific PCs- ideal for sole business owners.
  • DATTO ALTO 3Suited to small-medium businesses,all-in-one BCDR system, infinite cloud retention & back-up appliance to provide complete protection.
  • DATTO SIRISSuited to medium to larger businesses,all-in-one BCDR system, infinite cloud retention & back-up appliance to provide complete protection.

To learn more about IT support services for solicitors we provide, click the button below to book a free no-obligation consultation.

(1)https://www.rte.ie/news/business/2021/0726/1237266-ireland-sees-biggest-rise-in-cybersecurity-attacks/

(2) http://www.irishlegal.com/articles/ireland-has-one-of-highest-rates-of-data-breaches-in-eu

(3) https://www.dataprotection.ie/en/organisations/know-your-obligations/data-security-guidance

Back to the office or stay remote???

The Return to the Office

As the Summer holidays draw to a close, the Dáil will be due to start a new term on the 15th September. In recent weeks Leo Varadkar has been promoting the DETE’s “Making Remote-Working-Work” Strategy via Twitter and press conferences. The Government are planning to gear up their efforts to push forward the legislation that is necessary for employees to request for remote work.

It has now been confirmed that the offical date that staff can return to the office is the 20th September. This is largely due to the positive uptake in vaccines and the shift towards regaining some normality, but the experience of remote working has made employees and employers alike question whether a full return is desired?

Going to the Office

Based on the findings of numerous surveys and feedback collected over the past 18 months it seems that employees have found that they would like to keep the flexibility that remote working offers going forward. One of the main factors that has influenced the opinion of many workers is the time that is saved by not having to commute long distances and getting stuck in traffic.

By working from home people are using that extra bit of time to focus on their family and health. However, there is still a want for some element of the traditional office workplace to be included in their life. Many businesses are considering introducing a blended or hybrid model which would allow for staggered workdays on and offsite to meet their staffs’ wishes.

Blended Working

A survey of 226 companies conducted by the Institute of Directors found that just 8% want to have their staff exclusively work in the office after restrictions are lifted. Two-thirds of those 226 participants will be offering blended work to enable social distancing and continue following health & safety guidelines*.

 In the run up to the looming office return date, online resources and checklists have been made available to businesses detailing some practical measures to be taken into consideration when trying to maintain a safe office environment and how best to provide long-term remote working for employees.

Return to Office with Co-Workers

How we can support your business adapt to a new way of working!

I.T. Support 4U wants to help businesses make that long-term transition by offering a range of services and products which will enable your business to work efficiently and productively regardless of location. We have the equipment, security packages and user-friendly online workplace platforms that will serve as an advantage when moving your business forward into a post-covid marketplace.

Key factors to considering when introducing a blended work model

Equipment

  • Employers should provide employees with the devices needed to do their work. This will mean that you can update and monitor the software and security packages that are installed on the device.

It also gives the employer the right to enforce strict protocol around the use and maintenance of the device.

 This should act as a deterrent from employees using the devices for personal use e.g., accessing social media accounts or letting other family members/roommates access the internet and emails which might result in data loss, breach or physical damage.

Policies & Procedures

CYBER SECURITY Policies & Procedures
  • There should be a clear I.T. Policies and Procedures in place to ensure that best practice is followed regarding the maintenance of the device and the security of the information being stored and transmitted. Consider including the following:
  • Use complex passwords-avoid passwords relating to you personally or the business, try incorporating words from a different language or use random/unrelated words mixed with numbers and special characters.
  • Use Multi-Factor Authentication to access various accounts.
  • Try to avoid reusing the same passwords, look at the option of a password manager tool.
  • Set the device to lock after a short length of inactivity.
  • Do not install more than one Anti-virus/Anti-Malware software on the device. Any changes or extra security software/tools should be assessed and approved by the I.T. department.
  • Do not leave confidential information unencrypted at home or in public spaces. Avoid connecting to public Wi-fi.
  • Ensure all hard copies of files are stored appropriately and that any unwanted material is shredded.
  • Run & test Back-ups regularly.
  • Keep all software apps updated with the latest version, these updates are made to address any recently identified vulnerabilities.

Staff Training & Cyber Security Awareness

Cyber-Security Staff Training
  • It is recommended that staff participate in cybersecurity training to reinforce the importance of following these measures to reduce the risk of a breach or malware infection.

Due to the dramatic increase in Phishing scams and similar cyber-based criminal activity, creating awareness amongst staff is key to protecting your business from these threats. During Covid many businesses have fallen prey to fraudulent emails with serious consequences as a result of human error.

  • Remote workers should be advised to harden their Wi-Fi-network and use the business’s VPN.
  • It is important to encrypt any information being communicated online and any request for payments or transfer of funds should be verified with colleagues or senior staff, preferably by phone.
  • Additional caution should be taken when scheduling online meetings or conferences:
  • Use an access password or pin and share this by text, if possible.
  • Enable features that will alert the meeting members of newly joined participants.
  • Lock the meeting after everyone who should be in attendance has joined.
  • Avoid chat/file sharing, especially sensitive information.
  • Do not record the meeting unless it is necessary.

Set your Business up for SUCCESS!

Datto Workplace

Datto Workplace-File Sync & Share Software for SMEs

Datto Workplace is an enterprise grade File Sync and Share solution which enables seamless collaboration across every device and can integrate Microsoft office or G-suite. Staff can access and share files safely from any location which fully accommodates remote workers. It is user friendly and will retain any deleted files for recovery purposes for an extended length of time in comparison to software such as OneDrive. Mistakes do occur and might not be noticed until a later date, so this feature is a time and stress saver!

 Datto Workplace also offers a higher level of protection. The software is designed to detect incoming threats or suspicious files, these are tracked and reverted back to safety without disruption or loss of productivity.

There is no need for staff to feel intimidated by Workplace because the platform is monitored by your MSP which means that you and your employees have the support needed to combat any possible security threats or tackle I.T. issues being experienced at home or in the office. The Datto Workplace Sever supports a hybrid model, enabling real-time access outside the LAN without the need for a VPN.

It is a highly regarded “File Sync & Share” platform that will allow your business to provide a flexibility to staff without much fuss or hassle.

Datto SMEs Back-up

Datto File Protection

Datto File Protection is the first step towards establishing a “Back-Up” system within your business. Datto file protection operates in the background and is constantly storing and protecting your work files against common scenarios in which data is compromised.

 For example, what if the hardware was badly damaged or decided to give out while you were trying to meet a deadline? Another common scenario that we have all experienced is getting distracted and accidently deleting or losing a file that we have been working on, then left struggling to recover the most recent copy-the stress! Most, importantly the situation that most businesses dread to think of is how to recover data if there has been a cyber-attack!?

 Datto File Protection provides a safety net if the business or an employee was unfortunate enough to find themselves in any of these situations. Once connected to the internet, Datto File Protection will be continuously backing up all the business’s valuable data regardless of location or device providing the same level of data protection in the office or at home. Any files that need to be recovered are accessible up to six months in a simple process that either your staff or MSP/Administrator can perform within minutes.

Datto Cloud Continuity for PCs

Datto Cloud Continuity for PCs is a Cloud-based service which we offer for those looking to back-up their computer. It offers fast reliable back-ups for PCs which can sometimes be tricky for less advanced software to offer. Datto Cloud Continuity pauses while the computer is not in use or moves between networks, then resumes once active again and ensures that nothing is lost. Datto Cloud Continuity is an image based BCDR which provides extensive screenshot verification of all data and can be easily accessed if recovery of a specific file or folder is needed. This can be easily integrated with other Datto products to ensure that your business is covered from data loss.

DATTO SIRIS-SMEs BCDR
BCDR – Business Continuity Disaster Recovery

Datto Alto/SIRIS – Business Continuity and Disaster Recovery

SIRIS is an all-in-one Business Continuity and Disaster Recovery solution. By unifying back-up with disaster recovery SIRIS offers recovery of the system within seconds either in the Datto cloud or on the hardware/SIRIS appliance. It also provides multiple recovery options:

  • Full File restore of a deleted or corrupted files/folder
  • Rapid Rollback to quickly undo widespread changes such as ransomware infection
  • Image Export for full virtual server restore
  • Bare Metal Recovery to re-image a server to new hardware.

If most of that is not easy to understand you don’t need to worry as IT Support4U will be the first point of contact to make if there was a need to recover your business’s critical data. This means that you do not have to be an expert in I.T. and can focus on what you do best! By having a BCDR running your business can bounce back faster from a cyber-attack or the aftermath of flooding, fire etc. It is vital that those who work in sectors that involve processing and storing a high volume of sensitive data should be protected with a BCDR system.

Eset Endpoint Security

Eset Endpoint Protection

IT Support4U also is an ESET affiliate and can provide businesses with advanced Anti-virus/Anti-Malware Security packages. ESET Endpoint Protection is an Enterprise Grade Security package which protects against ransomware, blocks targeted attacks, prevents data breaches, stops fileless attacks and detects advanced persistent threats. ESET Endpoint Protection can be use across multiple devices so phones, tablets and laptops which you use while working are kept secure.

Other Services

At I.T. Support4U we do more than back-ups and Internet security, we can help businesses with the mundane I.T. problems that interfere with productivity levels such as poor Wi-Fi coverage, laptops issues and printer connectivity. If your business wants to upgrade their I.T. system, we are just a call away to offer advice and get you the right spec for the job.

We also stock a range of essential products and accessories that are useful for networking and connectivity such as webcams, headsets, keyboards, Wi-fi Extenders, adapters, laptop chargers, cables, external hard-drives, USB keys and can supply the specific ink/toner your business requires.

I.T Support 4U can provide ongoing assistance and resolve any problems that your business may encounter while adopting a Remote working or Hybrid model as part of the ongoing trend to developing a more flexible and mobile workplace. We offer a range of affordable and scalable packages that will help your business operate efficiently and productively no matter where you or your employees are based !

SME Business IT Maintenance Plans

https://www.irishexaminer.com/business/economy/arid-40352669.html

https://www.ncsc.gov.ie/pdfs/WFH-Advisory.pdf

https://www.hsa.ie/eng/topics/remote_working/homeworking_guidance_9mar21_v8.pdf

https://enterprise.gov.ie/en/What-We-Do/Workplace-and-Skills/Remote-Working/Guidance-for-working-remotely.html

Cybersecurity in business misconceptions

This post will discuss some of the pitfalls that SMEs can stumble into when confronted by the subject of Cybersecurity in business.

Cybersecurity in business 43% of cyber attacks target small businesses

Key Cybersecurity In Business Points

  • Ensure that your I.T. System is protected with Internet Security and Anti-Virus/Anti-malware.
  • Get a Back-up! Regularly Up-date & test to see if it works efficiently.
  • Monitor & manage your software, this is the only way that it is truly effective.
  • Use Multi-authentication on your accounts.
  • Introduce policies & procedures regarding the use I.T. devices and online activity, strengthen this with staff training & awareness around cyber-security.
  • Create a Cyber-security Response Plan
  • Consult with I.T. services if extra support and advice is required.

SMEs are not a target for cybercriminals…

It was found that 43% of cyberattacks are targeted at SMEs and this figure has risen over the past 18 months due to Covid-19.

Unfortunately, SMEs do not have the same financial resources and expertise to invest in their I.T. security or maintenance which leaves them in a vulnerable position in comparison to larger companies.

A survey conducted by the National Cyber Security Alliance (NCSA) it revealed that a quarter of SMEs that suffered a data breach had to file for bankruptcy within a year!

It is much easier to target SMEs due to the lack of robust protection. Cybersecurity in business takes the form of employee training, cyber-security response plans and managed software systems.

Businesses need to start formulating an IT support plan. This is to protect their digital assets and utilise all of the resources available to them.

It cannot be emphasised enough the benefit of contacting an I.T. Consultant or a local Managed Service Provider to discuss your concerns and budget when investing in your cyber-security or upgrading your devices.

They can guide you and recommend products and packages that are specific to your needs and save you money in the long term!

Sophisticated cybersecurity business software will offer complete protection

Cybersecurity in business

It is essential that your devices are protected with a reputable internet security software package to provide a buffer between your devices and any online threats. Like, most products there is a wide range of security software on the market targeted towards households and enterprises, all varying in price.

Of course, the more you are willing to pay will be reflected in the capabilities of the software and frequency of updates, scanning and testing which will be performed, but this does not guarantee an impenetrable shield against cybercriminals.

 These security packages are only fully effective if they are configured, monitored, maintained, and integrated with all the security apps operating.

Anti-Virus & Anti-Malware will provide enough cybersecurity protection

Anti-virus and Anti-Malware software while important to have running on your device are not enough.

As previously mentioned this software needs to be properly managed and does not give you a 100% guarantee that no newly developed malware, virus, or hacker can access your device!

Remember cybercriminals are highly skilled and constantly trying to develop new software and tactics to bypass security, this is how they make their money!

So, it is your responsibility to ensure that you have backed-up all your files securely and continue to do so on a regular basis to avoid complete data loss!

Passwords are strong enough to withstand hackers

Strong passwords can be hacked Cybersecurity in business

Passwords (alone) are not strong enough to withstand a determined hacker. There are numerous ways in which your online accounts and I.T. devices can be accessed by external entities.

Over 80% of breaches involve “Brute Force” or using lost or stolen credentials via “Phishing” and “Form-Jacking”.

There are numerous strategies that hackers can use to crack or steal passwords. It is recommended to add multi-factor authentication on your accounts so there is at least another barrier that the hacker is confronted with before they gain access.

The system will notify us if there is a breach

Email Notifications Cybersecurity in business

While some protective applications may send you notifications about possible spam emails or suspicious activity often Cybercriminals can bypass detection through Phishing or other effective tactics.

48 % of malicious email attachments are sent as Microsoft Office files!

According to IBM in 2020 the average time taken to identify a breach was 228 days. It took an average of 80 days to contain the breach and up to a year to resolve the problems caused by the attack. This results in reputational damage and heavy financial loss!

Our current I.T. System is compliant with industry regulations and therefore must be secure & safe

Cybersecurity in business

If your business/organisation is currently using a software package that ensures that the data being stored and protected is compliant with industry regulations it would be advised to check if the software secures all data rather than specific data e.g. credit card details. If you store a client’s card details, you will more than likely hold other valuable information about that individual/organisation.

PCI compliant packages might not include the other vital information you have on file which needs to be given the same level of protection as the payment details!

Our data isn’t valuable, we don’t need to preform daily backups!

Back-up files to cloud Cybersecurity in business

Firstly, all data stored on a device has some value, think about all the information that is accessed and stored on your work devices. It will hold the details of your employees, clients/customers, suppliers, and credentials to the various online business accounts. Imagine if an individual or group could access these without your knowledge…..

Cybercriminals can and will use the accessed information either by trying to extort money from the business or sell the details on the dark web. There is also the chance of the hacker infecting your website or devices with malicious malware, which will cost time and money to rectify!

 By ensuring that your files are securely backed-up you have the critical data to start a stronger recovery plan.

Our MSP/I.T. department have sole responsibility for our cybersecurity and will keep us protected

Stressed I.T. Worker Cybersecurity in business

While the I.T. Department or Managed Service Provider are assigned the duty of monitoring and managing your I.T. systems, the sole responsibility of securing the business from a cyberattack does not fall on them alone. Unfortunately, when it comes to cybersecurity and I.T. issues you cannot afford to think that a single designated team can be blamed for a breach.

A thorough and effective Cybersecurity Response Plan involves everyone in the organisation doing their part, by strictly following the policies and procedures set out to achieve a high level of adherence and in doing so minimising the risk.

 Regular communication between the I.T. Department or MSP with management is necessary to ensure that everyone involved understands how to fully utilise the software on the system and what steps to take if there are any urgent issues.

Cyber breaches are covered by General Liability insurance

GDPR-Data breach & fines Cybersecurity in business

Not all insurance policies will cover the financial cost of a data breach. Therefore, if your business/organisation holds sensitive information it is advised to negotiate with an insurance broker about what kind of policy would provide you with the best cover if such a scenario occurred. The cost of data breach can cripple any size company so having a policy that could offset some of the burden would be a great advantage!

Cybersecurity requires huge investment

Calculating Business Expenses Cybersecurity in business

Cybersecurity does not require huge investment, if your budget does not allow for advanced software packages and management services you can still protect your business.

Choosing an affordable Anti-virus/Anti-malware package and educating staff on the best I.T. security practice can make a difference.

 In fact, some useful cybersecurity apps are affordable and by implementing strong policies and procedures your business can make the most of its resources until you can upgrade!

Managed Software Cybersecurity in business
Maintenance Packages
Partners

Cyber Security Business Quiz

Cyber Security

Check your level Cyber security awareness now. Use our 10 question cyber security quiz to measure how prepared your company is. Cyber attacks on poorly protected SMEs are more successful and therefore a staple to any hacker wanting to generate an additional source of income.

It is essential for every business who uses I.T. devices to have sufficient cyber security procedures and policies in place.

Many businesses (from all sectors) have been targeted during the pandemic due to the increased use of technology and remote-working policies.

Chose the answer most relevent to your businesses cyber security

1. Do you have cyber security policies and procedures in place?

A.) Yes, we have I.T. policies & procedures in place which are reviewed & updated. All staff are aware and understand the importance of following the measures outlined.

B.) Yes, we have I.T policies & procedures but they are not detailed and have not been reviewed. Staff are aware of them but have the option of reading them at their own discretion.

C.) No, we currently do not have I.T policies & procedures in place as we do not believe we are at a scale that requires them.


2. Do you provide training to staff on cyber security?

A.) Yes, all staff are made aware of our policies and procedures when joining the team.

We also arrange for our employees to complete a short cybersecurity seminar annually, so everyone has a clear understanding of the subject.

B.) No, we do not provide a specific programme, but it is a matter that is discussed either in the office or during staff meetings.

C.) No, our business is small and not heavily I.T. orientated. Also, we believe that our employees have general knowledge of the subject


3. Do you have specific I.T. personnel who manages I.T. & cyber security audits?

A.) Yes, we have a designated I.T. Department which looks after the business. They conduct an annual audit and manage issues that employees may have.

B.) Yes, we have an employee who looks after our I.T. and manages our equipment and software.

However, we are currently not at the scale to employ a full-time I.T. administrator. If we do experience any issues that require specialised attention, we contact an I.T. consultant or service provider to resolve the problem.

C.) No, we do not have a designated person or service to look after our I.T. due to our budget.


4. Do you have an emergency/cyber security Response Plan?

A.) Yes, we have an I.T. Consultant that has conducted a risk assessment and has advised our business on what platforms and security software are needed to protect our data and devices from a malicious attack.

We also have been provided with the tools necessary to create a recovery plan in case of an external breach and contacts for I.T. specialists that can assist if such an incident occurred.

B.) No, we currently do not have a detailed cybersecurity response plan in place. It is difficult to know where to begin in regard to drafting an effective response to a cybersecurity incident.

We have been intending to refer to a consultancy but have done nothing about it yet.

C.) No, we do not believe that the area we work in would be a target for cyber-attacks and that the data we store is not of value to potential hackers.


5. Does your I.T. devices have enterprise standard endpoint protection/antivirus?

A.) Yes, we have Endpoint & Antivirus protection on all our devices as a basic layer of protection. This is strengthened by encryption and remote monitoring.

B.) Yes, we have standard Anti-virus on our devices, but we need to upgrade our security software that offers a higher level of protection.

C.) Yes, we have basic anti-virus but only on the computers based in the office. We do not provide Anti-virus to staff working remotely on their own devices.


6. Do you have measures in place to protect sensitive data. (complex passwords, email encryption & two-factor authentication)

A.) Yes, we use two-factor authentication to access certain accounts and files. An effort is made to not reuse the same passwords to login into devices and files.

Our, I.T. consultant has recommended some useful tools to enable us to protect data while maintaining ease of access.

B.) Yes, we do have passwords to access devices/data. Currently we do not have any software that encrypts email transmissions.

General files that are worked on a regular basis or online accounts have the same standard password for quick access.

C.) Yes, we have passwords on our accounts but tend to use the same passwords to avoid losing them and for staff to enter accounts quickly.


7. Does you have Business Continuity & Disaster Recovery system operating? In other words, an effective backup?

A.) Yes, we have BCDR software scanning our devices for any malicious malware or ransomware while also backing up all our business’s critical data.

All our backed-up files are up-to-date and can be recovered within a short amount of time if an incident did occur relating to a cyber breach or accidental deletion.

It is essential that we are GDPR compliant, and this software enables us to secure our business files and client’s data 24/7. It is tested and monitored by the service that provides the software.

B.) No, we save our files to a popular cloud service and on external hard drives.

However, it is difficult to keep the external drives up-to-date and we are uncertain whether our current measures would be sufficient to stage an effective data recovery if a breach did occur.

C.) No, we do not have any proper back up in place.


8. Does you have a remote-working procedures in place to ensure that any data, emails, and accounts are protected when being accessed off-site?

A.) Yes, we use a file, sync, and share platform that has enabled our staff to work remotely when required and maintain the same level of productivity.

Staff can access their work files from remote locations and collaborate with the team securely.

The service we use detects any suspicious software and monitors the activity on our system so that any threats can be identified and averted.

It has reduced some of the risks associated with remote working.

B.) Yes, we have remote-working procedures in place but are concerned about data loss, unauthorized access to confidential files & accounts and fraudulent emails.

While we do encourage our staff to follow the policies and procedures set out, we do not feel entirely secure with staff using personal devices and trying to access our system off-site.

C.) No, we do not have any official remote working procedures in place we are just waiting for restrictions to lift so staff can return to the office. We are relying on email and Zoom to communicate and transfer files.


9. Do you regularly update and scan your software to ensure that patch management processes are being performed?

A.) Yes, all software is regularly updated and scanned for any issues. It is each employee’s duty to schedule an update on the device that they are working on once receiving a notification.

If the employee receives an alert or notification that they do not understand, they are referred to management for assistance.

B.) Yes, we do run updates but often staff delay them as not to interfere with their work. It is difficult for us to monitor which devices have been scanned and updated due to this.

C.) Only when we do not have a choice as to avoid downtime. Our equipment is old and slower to perform these tasks.


10. Do you understand the threat posed by cybercrime & the implications of a successful I.T. breach?

A.) Yes, we understand that there is always a possibility that the I.T. system could be the target of an attack or a file could be accidentally deleted by human error.

We have contacted a consultant who has recommended a protection package that will provide our business with the level of security we require.

B.) Yes, we understand the threat of cybercrime and would like to upgrade our protection but are concerned about the cost.

We intend to seek advice about how best we can secure our I.T system within budget.

C.) Yes, we understand that cybercrime is an issue but highly doubt that our business would be a target for hackers due to our size and sector.

Quiz Results !

Add up the number of times you selected each letter, read the entry below that is specific to the letter you choose most frequently:

Mostly As:

If you scored mostly A’s, fair play, you understand the importance of cyber security and protecting not only your business but staff and clients’ data.

By referring to I.T. service providers or personnel for trustworthy advice and recommendations, you have essentially saved time and money in the long term!

Protecting your business should be considered an essential investment that will reduce downtime and provide you with the support needed if an incident occurred.

Your business clearly understands the implications in terms of the financial and reputational cost if data was lost or the system is compromised.

In a heavily I.T. reliant world, we need to be constantly alert and informed about the various ways in which our devices can be accessed, monitored, and used by both trusted and criminal entities. Keeping staff up to date with training and following an I.T. consultant’s advice will stand by your organisation.

Mostly Bs:

If you scored mostly B’s, you are on the right track towards protecting your business from cybercrime.

However, there are gaps in your level of cyber security protection and maybe some guidance is needed to help you prepare and implement I.T. policies/procedures, and most importantly draft an effective Cybersecurity Response Plan.

Many businesses fall into this category as it does take time on top of an already busy work schedule to complete audits, draft new policies and then try to find software packages that are suited specifically to your business and budget.

While you may have concerns about the cost; if you take the next step to speak to an I.T. Consultant or Managed Service Provider.

The consultant will assess your needs and can recommend specific packages that are user and budget-friendly!

They can also provide online platforms and tools to enable safer remote-working and maintain your existing equipment or source new upgrades. It is better to seek expert advice than to spend your budget on the incompatible or complex software that will be difficult to integrate into to workplace.

Protecting your business does not have to be overly expensive and will save you time and money!

Mosty Cs:

If you scored mostly Cs you need to reassess the threat that poor cyber security poses to your business. One of the major misconceptions about cybercrime is that many SMEs believe that they will not be hit by an attack due to, size, sector, and profit levels.

These criminals seek vulnerabilities which means that if the devices and software that you use to conduct business on are not protected with standard endpoint protection and are not managed properly by staff you are leaving your business at high risk of attack!

Larger firms that have protection and trained staff serve as a challenge, it takes time and sustained effort to reap any rewards.

Attacks on poorly protected SMEs are usually more successful and therefore a staple to any hacker wanting to generate an additional source of income. It is essential for every individual who uses I.T. devices ensure that they have a standard layer of protection, manage passwords and are cautious online.

Many SMEs (from all sectors) have been targeted during the pandemic due to the increased use of technology and remote-working policies.

Extensive research and statistics over the past 2 years have shown a dramatic increase in the number of reported cases of cybercrime which include the detrimental effect that it can have on businesses.

If you think that your business is lacking the standard level of protection needed to combat any possible threat it is time to get support and advice on how to improve your I.T. security!

What does phishing mean? Protect Your Business From Social Engineering & Phishing Scams

Social engineering Techniques

In this week’s Cyber-crime guide the topic of Social Engineering & Phishing scam will be discussed.

“Phishing” tactics are usually the first port of call for many hackers that are attempting to access your business’s I.T. systems.

In the past two years, there has been an increase in fraudulent emails being sent to employees working remotely, leaving them in a much more vulnerable position.

These hackers take advantage of the fact that those working from home may be more distracted and likely to click or respond quickly to requests without checking with their colleagues.

Even though many businesses claim to educate their staff on cybercrime this still does not stop people from human error.

 In fact, the “Terranova Security 2020 Gone Phishing Tournament Report” found that:

  • 20% of employees are likely to click on a phishing email.
  • 67.5% will then continue to enter their credentials on a phishing website. 

More worrying is that Google has registered 2,145,013 of these phishing websites as of 17th January 2021!

Mistakes, complacency…. whatever you want to call it, is exactly what phishing relies on in order to gain the information they need to exploit individuals and businesses. Phishing is basically a means to enter an I.T. system to commit large scale damage. 

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

This article will give a brief overview of how phishing works and the risks it poses to unprotected businesses.

What is Social Engineering?

Social Engineering is a term used to describe manipulative tactics used by criminals to persuade a targeted individual or group to perform an action or reveal information that will assist them to commit a crime. This can be done in person or using technology, it relies heavily on impulsive behaviour and complying with an authority figure.

By tapping into fear and curiosity the criminal will usually be successful in getting the target to divulge the required information.

Phishing is just one example of cyber-based social engineering. Due to the lack of face-to-face social interaction and the scope of online accounts, it is easier for criminals to exploit large groups by devising malicious campaigns.

In fact, 6,400,000,00 phishing emails are sent a day!

While we are familiar with some “catfishing” stories and have probably received some laughable emails requesting our bank details, we should never underestimate the professional planning and effort that goes into producing an effective Phishing email.


Think about the complexity of developing the malware that is used during an attack and the psychological aspect of ensuring that the email, text, or call triggers the desired response from the target.

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

The Stages of a Phishing Attack:

  • Research: the attacker will identify a target, this could be an individual, business, or specific group. They will collect as much information about the target as possible from websites, social media, and other platforms that they can access remotely.

In terms of a large-scale business, they will attempt to learn about the organisational structure i.e., departments, employees.

Smaller businesses may not require the same level of investigation making them easier to attack and serve as a practice run for future lucrative endeavours.

  • Planning: After collecting the information the attackers will consider their tactics and select the mode that is most likely to reap rewards.
  • Execution: For example, in a Phishing email scam the criminal might choose to target an entry level employee or office junior who is more likely to follow instructions.

The Phisher will create a convincing email with all the hallmarks of a genuine email i.e. signatures, logos etc. accompanied by fraudulent invoices as supporting documents.

They will then send an email from a “senior” member of staff that is urgent in tone and requires immediate action on the recipient’s part, such as transferring money to pay an outstanding invoice to a specific account.

The office junior will automatically feel compelled to comply with the request and may not hesitate to question the credibility of the email. This can result in sums of money being sent into the criminal’s bank account.

This type of Phishing email is also referred to as a BEC scam (Business Email Compromise)

More advanced Phishing emails will feature an attachment containing malware/spyware which once clicked on will being to install itself.

The software will enable the hacker to access the I.T. system and monitor the business; its accounts, transactions, take note of suppliers and the behaviour of staff.

This will help the cyber-criminal devise a more elaborate plan using convincing material!

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

Understanding Phishing Techniques

  • Link manipulation: Phishing Emails involve Link manipulation which relies on the recipient of an email to open and impulsively click on the content. This will either direct them to a fraudulent website or inject a malicious script into their browser which will give the criminal access to the website and the credentials stored on it.
  • Use of Subdomains: If you look at a website link, the main domain name should be positioned at the end.

Phishing Emails will reorder the link, so the shuffled order is easily overlooked.

Example:

Authentic link: support@itsupport4U.ie

Phishing-link:    itsupport4U@support.ie  *note the subdomain is positioned at the end

  • Hidden URLs

Sometimes the malicious link will be hidden under plain text e.g., “CLICK HERE” or “SUBSCRIBE”.

Advanced Phishing Emails or “time-bombing” may have a legitimate-looking URL but will ultimately redirect to a fake website once successfully delivered to the recipient.

Text-based image obfuscation is another technique used to disguise URLs, it is an image only email that is hosted by the phishing site. It appears to look like a standard text email when really it is just a large clickable link.

  • Misspelled URLs, Website Forgery

Cyber-criminals will also purchase domain names that are similar to popular trusted sites in a bid that those mindlessly scrolling on their phones or tablets might enter their details on the fake website without realising they’ve clicked into a forged website.

The Phishing site might have a slight variation in the spelling, or an alternative character is used so that the differences go unnoticed.

e.g. www. itsupp0rt4U.ie

Once the individual enters the site, they will proceed to fill in their details and unwittingly give away their personal information and login passwords.

Website forgery can be carried out by using “cross site scripting”, which is when a hacker injects a malicious script into a link. The target will click on it and enter a legitimate site.

However, while the browser loads the website the injected script runs simultaneously and sends the data that is being accessed on the website back to the hacker.

Pharming is an advanced form of this technique by which the DNS server is compromised, and traffic is redirected to an alternative site controlled by the cyber-criminal.

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.
  • Clone Phishing

As well as BEC, businesses are at risk of “Clone Phishing”. This is a technique that is used if a Phisher i.e., the hacker has access to an individual’s work email.

Typically, the employee has previously fallen for a phishing scam, clicked on a malicious link and entered their credentials into a fraudulent webpage/website.

Once obtaining passwords the Phisher can work silently in the background to set about causing harm.

Clone Phishing involves using a legitimate email in the inbox of the employee to format a replicate email. The difference is that the links and attachments are replaced with corrupted files and links to a different bank account.

Usually, the cloned email will be sent as an “updated” version from the senior member of staff that will be acted upon by the employee.

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.
  • Spear-Phishing & Whaling are often terms to describe phishing campaigns that are targeted at specific individuals within an organisation.

Spear-Phishing refers to employees who may have control over I.T systems and accountants/finances. Time and effort are put into study the target’s online behaviour and role in the company before they are sent a fraudulent email.

Spear-phishing emails have an average open rate of 70% and 50% go onto click the link!

Whaling refers to targeting the CEOs/Directors/Financial controllers of large organisations or businesses by convincing them to make substantial payments to a third-party account. This is usually achieved when the Phisher poses as a member from Revenue or by spoofing an email from a business partner.

Evil Twin Wifi What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.
  • Evil Twin Wi-Fi: is a technique used to gain access to individual’s wireless communications. It is like Phishing in that a fraudulent Wi-Fi access point is set up in a public space where victims are lured into connecting to it.

Once connected the cyber-criminal can intercept passwords and other information being communicated over the connection.

Think of how useful this tactic could be to a Phisher who picks a busy lunchtime spot near a business they have been targeting!

Phishing Pop-Ups What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.
  • Pop-ups/Email Alerts: A popular Phishing scam (that can be sent to the masses) is an email from a trusted institution, brand, or service. It notifies the recipient that they either need to update their profile due to suspicious behaviour or that they need to pay an outstanding fee/Invoice on the account.

A link will be provided to perform the request which will lead to the inevitable stealing of bank details or personal information.

An alternative version of this scam involves pop-ups that will appear alerting the potential victim that their online session is about to time out and they must resubmit their login details.

Most Impersonated brands used in Phishing Scams

Brands used in Phishing Scams What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.
TOP 5 : Google 13%, Amazon 13%, Whatsapp 9%, Facebook 9%, Microsoft 7%
  • Vishing: Scam that is committed over the phone. The caller will claim to be from a financial institution or from a governmental department e.g., Revenue/Social Welfare and convince the individual to reveal personal information such as PPSN and bank details.
  • Smishing: Scam performed by text message, this works like vishing except there is a link included to the text to lure the victim to the website where they will submit their details or make a payment.

Effects of successful Phishing Attacks on Businesses

Research conducted by ProofPoint found the main consequences experienced by businesses as a result of successful Phishing attacks were the following:

What does phishing mean? What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

60% reported Data Loss

52% reported compromised passwords/account credentials

47% reported Ransomware Infections

29% reported Malware Infections

Protect your Business from Online threats

What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

This is very troubling for businesses and staff, the financial cost of rectifying a situation that involves data breaches and malware infections can be detrimental to the survival of businesses in the aftermath of an attack.

In a period of steadily increasing cases of cyber-security breaches, it’s time that SMEs start to invest in protecting themselves from being left exposed to online hackers.

 These individuals and gangs are professional and highly skilled in developing more sophisticated methods to exploit their targets. Businesses need to take the action to safeguard their data and finances instead of procrastinating.

This can be achieved by ensuring that employees’ devices are protected with enterprise-grade anti-virus and endpoint security and that all files are secure and have an up-to-date backup.

While many SMEs may feel under pressure over the past year in terms of budget, protecting all the data which your business collects, stores and works with on the daily basis is critical.

We want to highlight that this kind of security should be deemed as essential as insurance, so that if an unexpected incident did occur; your business has the means to recover quickly and get back working as soon as possible.

I.T Support4U offers flexible and affordable software packages that can provide that necessary layer of security. Once a business signs up for our package they will also have access to our I.T support services.

Maintenance Packages What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

If you have any queries or concerns about your current I.T system or if you are a Start-up needing assistance, we can provide the help that you need to build up a secure and smooth running I.T. structure from scratch.

Partners What does phishing mean? Read our cyber-crime guide on how to protect your business from social engineering & phishing scams.

Remote working Ireland Strategy 2021

How your business can offer the “Blended-Workplace Experience” of remote or hybrid working to your employees.

Remote Working Strategy 2021

Back in January 2021 the Department of Enterprise, Trade and Employment published “The Remote Working Strategy” which outlined the government’s future plans to accelerate the movement towards a remote or hybrid model of working.

This plan had been in the pipeline for some time to tackle the issue of rural migration and the pressure for accommodation in urban areas.

The main aim was to enable people the flexibility to work from their home counties outside of Dublin, Cork and Galway which would hopefully revitalise the towns and villages of Ireland.

COVID-19 HITS

However, no one expected that this initial transition would roll out as rapidly as it did due to the Covid-19 crisis.

Businesses and employees were forced into a position that would see people having to set up their offices in their homes for the foreseeable future.

It was difficult for many to adapt to remote working in the early phase, largely due to a lack of preparation and access to essential resources. Such as adequate technology, obtaining work files, strong Wi-Fi connectivity, space, and childcare.

While some of these factors still cause challenges, we are now are moving out of crisis mode and progressing towards a more manageable future.

Those obstacles can be tackled to enable businesses to thrive despite the threat of variants and restrictive measures.

Remote Working & COVID-19

The Department of Enterprise, Trade and Employment has taken advantage of this situation and are beginning to look at developing the infrastructure needed to achieve The Remote Working Strategy’s main objective which is to “ensure that remote working is a permanent feature in the Irish workplace”.

Currently, legislation is being drafted to enable employees the right to request to work remotely and for employers to facilitate that request.

Therefore, businesses should start reassessing the way their workplace is operating and put in place a plan that will accommodate both in-house and remote working for the long term.

Remote Working Covid 19 Office Protocol-Hybrid Model

Remote Working Hybrid Model – what employees want

Fórsa conducted a survey which found that over 80% of those working from home would like to adopt a “hybrid model” going forward.

This was backed up by NUIG’s Whitaker Institute and WDC study which revealed in October 2020 that 94% would like to continue working this way.

The Central Statistics Office gathered data in relation to a number of enterprises that were staggering the days employees were on-site to follow Covid protocol. It found that 57.7% of staff were working remotely at any given time.

The data also revealed that 40% of these enterprises are already planning to make the remote/hybrid model a permanent arrangement.

Remote Working Hybrid Working Tools

Considering the short length of time that businesses have had to change their workplace environments; there has been an abundant amount of research and surveys conducted.

These are primarily to identify both the challenges and positive effects that such a model poses to individuals, businesses, and communities. The positive feedback has only encouraged businesses to make this plan a viable option.

Remote Working Services We provide

We want to help businesses put in place the I.T. infrastructure that is needed to keep productivity levels up, while also providing the online security that is essential when conducting business from remote locations.

According to Aisling Curtis-Commercial Director Microsoft Ireland, 72% of organisations have already implemented remote working policies over the past year.

This indicates that businesses should invest in providing Enterprise-Grade File Sync & Share tools and Endpoint Security to ensure that employees can work productively off site. Read more here.

As IT managed service providers and affiliate to Datto, Microsoft & Eset Security we can recommend the most appropriate package suited to your business and budget.

Once accessing these services, we will provide you and your staff with support for any of your business’s I.T. issues.

datto Workplace solutions for remote working

Datto Workplace: Enterprise Grade file Sync & Share tool which enables secure, remote collaboration. Staff can access files remotely via desktop, laptop, tablet, and mobile phones without using a VPN.

Datto Workplace also has advanced ransomware features that can detect and mitigate threats from syncing across devices in the event of an attack. This is an effective tool for any size business and can be scaled up or down easily allowing you to tailor it specifically to your needs.

Datto RMM: provides your managed service provider with a platform that can monitor the performance of all your business’s devices and apply any necessary software patches and updates. If there are issues with a device this service will alert your managed service provider so that an I.T. specialist can access the device remotely and resolve the problem.

Datto File Protection: this service provides continuous file and folder backups. Users can restore any files that have been accidently deleted through human error. It will also reduce the amount of time spent trying to recover files that have been compromised due to hardware failure, ransomware, or lost/stolen devices.

Business Continuity & Disaster Recovery (BCDR): This service provides businesses with an instant backup of critical data so that the chances of data loss are minimal. The Datto BCDR runs 24/7 and it continually saving updates of files that are being worked on and provides ransomware protection against any possible threats.

It is essential for any business or organisation which holds a high volume of confidential records. It ensures that the information is secure and in compliance with GDPR regulations. Installing a BCDR saves time and money by providing a back-up that can restore files within a matter of hours rather than weeks. The amount of downtime is dramatically decreased,allowing your business to recover quickly.

Eset Internet Security for Business remote working

Eset Endpoint Security: Protect your business’s I.T. devices with Eset Endpoint Security. This software offers a much more robust level of protection against any possible data breaches. Endpoint runs anti-virus software while simultaneously detecting advanced persistent threats, blocking targeted attacks, protects against ransomware and “Fileless-Attacks”, and includes mobile protection/multi-device monitoring.

SME Business IT Maintenance plans for business

We offer a range of affordable and scalable packages that will help your business operate efficiently and productively no matter where you or your employees are based.

I.T Support 4U can provide ongoing assistance and resolve any problems that your business may encounter while adopting a Remote working or Hybrid model as part of the ongoing trend to developing a more flexible and mobile workplace.

It support business our partners

https://www.gov.ie/en/publication/51f84-making-remote-work-national-remote-work-strategy/ (1)

https://www.irishtimes.com/sponsored/microsoft/we-ve-seen-the-future-and-it-works-1.4406257 (2)

Malware protection guide for business

Malware protection for business

Malware protection guide for business. I.T. Support4U explains the techniques that cybercriminals engage in to exploit your online accounts & devices.

Every day, we are confronted with news about hacking, data breaches and scams aimed to target a world that is currently dependent on I.T. to work, communicate, purchase, and manage bills/banking.

It is important for everyone to learn exactly what techniques and tactics Cyber-criminals use to target both individuals and businesses.

Malware Protection Guide: viruses, ransomware, spyware, trojans &worms.

Malware is malicious software that once downloaded gains unauthorized access to your computer and other connected devices. It can then harvest the data or corrupt the operating system so the computer no longer functions properly.

Usually, Malware is distributed through email attachments or infected websites and links. Once the attachment is opened or when the link is clicked; the malware will automatically install itself. The following includes the different kinds of malware that can infect your devices!

Ransomware

Ransomware allows the hacker to gain access to the computer and encrypt the files. The authorized user will then be sent an email that will demand a payment to be made for the information to be released.

Many cyber-criminals demand that this is paid in the form of a cryptocurrency like Bitcoin. This is because cryptocurrencies are harder to trace which makes it difficult for these criminals to be tracked and charged.

Businesses in particular are vulnerable to this form of cybercrime. Hackers are indiscriminate to the scale or profitability of the enterprise, if a weak point is found in the I.T. system it will be attacked.

Malware Ransomware IT support business

Spyware

Once installed spyware will access the infected computer and mine a treasure trove of information and personal details. This data can be sold on the dark web or used by hackers for purposes that suit their agenda.

Spyware will gather any information that is entered into the computer such as passwords, personal identification numbers and information, credit card details etc. without the victim being aware.

Spyware malware IT support business

Viruses

Viruses are the most common type of malware; it is self-replicating and can travel through programmes. Viruses spread from one computer to another using various pathways such as a local network, file-sharing systems, email attachments and disks.

Most viruses are attached to an executable file. It always best to take precautions before opening an attachment or file like this because once given permission to install the malware can override the security on the computer.

Worms

This software can enter a computer network by exploiting a vulnerability in the operating system or gain access through a “phishing” email. Once the malware has entered the system it can travel through the network wreaking havoc.

Some advanced worms can carry ransomware or other encryption tools which will cause damage to the computer making it impossible to perform any simple task.

malware Worms IT support business

Trojan Malware

Just like the myth Trojan malware software appears to be a useful piece of free/cheap downable software, a gift from a hoax website. However, once installing the seemingly harmless programme, the Trojan malware infects the computer.

It will attack the operating system so that it makes it extremely difficult to perform many tasks with numerous pop-ups and corrupting files. Trojan malware can also create “backdoors” or identify vulnerabilities in the OS to enable hackers to access the files on the computer.

So, if you ever see free software that guarantees that it 100% genuine think twice……Trust us, no tech company is going to give you anything for free without a catch or price attached!

Malware Bots

Bots are automations that perform specific tasks like providing information or gather information needed to access a service. Think of when you are trying to reduce your tv package.

You are confronted by pop-up chats from a Bot before getting to an actual human. While many large service providers use this automation, there are malware bots trolling the internet, looking for access points into I.T. devices.

These “bad” bots are controlled by a central server. Once, a bot has gained access to a device; it can gather passwords, financial/personal information, and log keystrokes which are then sent back to the central server.

This is controlled by the Cyber-criminal. Advanced Bots can create “back-door” access points for hackers, launch DDoS attacks and perform crypto-mining activities. The network of malware bots and the compromised devices in which they silently infiltrate is called the Botnet.

Malware bots IT support business

Malware protection: How to protect your devices from Malware?

The most important malware protection measure to take for personal devices and business’s I.T systems is to educate yourself and your colleagues on how malicious software can infect an entire network.

If everyone is aware that most malware infections are caused by human error by clicking impulsively on a link or email attachment without checking the credentials; then this is a good starting point to develop a cyber-safe workplace.

Malware protection Tip 1: I.T. and Cyber-Security Policy.

Every office should have an I.T. and Cyber-Security Policy in place which outlines the importance of following good cyber-safety practice regarding; emails, passwords, back-ups and performing updates as required.

I.T. and Cyber-Security Policy

Malware protection Tip 2: Cloud Security, Back-ups & RMM Scanning

Cloud security is an effective option for businesses to protect their critical files and that of their clients.

Services such as Datto can provide you 24/7 remote monitoring and scanning while also creating back-ups of files that are continually changing on a daily basis.

The Datto platform offers flexibility to employees who may be working staggered days in the office to access work files remotely while keeping all the data secure from threat.

Cloud security also is an effective means to provide a set of clean, backed-up files if there was an attack made on the I.T. system. By ensuring that the business has an updated backup the recovery time and financial cost is greatly reduced in comparison to those without any protection.

Malware protection Tip 3: Anti-Virus and Endpoint Security

It is essential for everyone to invest in anti-virus software for basic protection. Anti-Virus detects and removes malware but it is not as sophisticated as Endpoint protection.

If you own a business it is recommended to add that extra layer of protection by using Endpoint security.

The difference between standard anti-virus and endpoint protection is that endpoint security runs anti-virus operations, maintains firewalls, anti-malware detection, IDS (Intrusion Detection Systems) and performs “Sandboxing” (A test used to check any vulnerabilities in the CPU that might come under attack).

It is clear that Endpoint security is the superior of the two and is the future of cyber-security. I.T Support 4U is an affiliate of ESET Security Systems which provides enterprise-grade anti-virus and endpoint security.

Malware protection Tip 4: Multi-factor Authentication/2FA

2-factor authentication is another means to protect online accounts. As mentioned previously there are bots online that will try to crack the login details of various accounts.

Hackers may also have accessed certain information and passwords from other online profiles you may have and attempt to reuse them to access multiple accounts.

By using 2FA the hacker will not be able to just input the username and password and instantly gain access. Instead, an alert will be sent to a chosen device which will either ask a specific question only you can answer or display a pin number that needs to be typed in before access can be granted.

I.T. Support 4U specialises in providing your business with the highest standard of cyber-security available. Our cloud-based platforms enable your business to operate as normal even if the current circumstances in which we live today are not….

It Support SME Business

IT managed service provider. Top 4 problems we can solve for your business.

IT managed service provider Wicklow

Your business is an expert on the products and services you sell. Let our experts focus on what we’re great at. Protecting your IT systems from failure and malicious activity.

Using IT Support 4U as your IT managed service provider ensures the smooth operation of your IT systems, no matter where you are.

As a IT managed service provider we have listed the top 4 problems that businesses have when it comes to managing the IT systems.

Top 4 problems an IT managed service provider can solve for your businesses.

1. Outdated Equipment & Software

The most common problem that faces all businesses is outdated, unreliable computers & printers/copiers that freeze and often need a bang to get going again. 

This isn’t an ideal scenario that business owners and staff want to contend with every day. Especially during peak trading periods. 

New equipment and software can be expensive. The right advice on how to integrate both the old and new IT equipment/software; saves you time and money.

Having an IT managed service provider to provide support means no time is wasted on installing new devices and transferring the data over. We do it all for you!

Staff can breathe a sigh of relief and can get back to work much faster than if it was left to the social media expert who is nominated as the office I.T. guy! 

Regular maintenance checks make a difference in regard to the performance of equipment and extending their life that bit longer before budgeting for an upgrade. 

2. Lack of Security Measures.

Many businesses do not have adequate security procedures. Let’s be honest, out of convenience we tend to use the same password. It is usually stuck somewhere near the desktop so everyone in the office can log in without any hassle, even the newbie! 

IT managed service provider ransomeware

Think about the numerous files, emails & social media accounts that can be accessed through a compromised password! 

While it is easy to turn a blind eye to the risks associated with these bad habits, now is time that everyone in the office should start being mindful of the possibility of falling prey to cyber-criminals.

It is not just large-scale businesses or organisations that are targeted. All data can be exploited. Smaller businesses and organizations can serve as a training ground for hackers, offering the chance to practice and test out their technique.

Here are just some of the methods being used by cyber-criminals today:

  • Phishing
  • Malware/Ransomware
  • SQL Injection Attacks
  • Cross-Site Scripting
  • Denial of Service
  • Session Hi-jacking
  • Credential Reuse

In order to protect your staff and clients, it is imperative that every business makes the effort to get enterprise grade anti-virus & malware software.

Developing an I.T. policy combined with enterprise-level security should be considered essential.

Your businesses I.T. managed service provider can identify your needs and provide you with an affordable security package that will monitor your devices and decrease the potential threat of malware and hacking. 

3. Data Loss & Recovery

Data loss can have a drastic effect on a business and it is not until after the event that it becomes a major concern. Most incidents of data loss occur due to human error (e.g., overwriting, deleting files).

IT managed service provider data loss

Other common causes of data loss are:

  • Power outages.
  • Software corruption.
  • Workplace accidents like liquid damage, dropping devices and fire.
  • hard drive re-formatting. 

It is best practice to ensure that you have access to a secure backup. An external hard drive kept in one of the office drawers is not a reliable backup. while it is better than nothing it will not be sufficient when it comes to restoring all your data in a crisis! 

It was found that 140,000 hard drives crash a year from overheating, mechanical issues, dirt and misuse. You need an alternative means to secure your data is necessary to avoid complete disaster!

Imagine the panic and fear in the office if critical data was lost and the stress of trying to recreate your IT system from scratch using only old hard copies or whatever bit of information that is stored on USBs!

The loss of a client’s personal details is expensive between the downtime, GDPR fines and recovery period the cost can financially cripple businesses. There are also the reputational repercussions to consider when looking at the impact data loss can have on a business.

Having a cloud-based backup that is updated and regularly scanned protects your data and saves you time.

IT managed service providers can provide you with a recovery plan that will secure your files remotely while also enabling you to access them easily from all your I.T devices.

These protection packages can be offered on a monthly subscription making them more flexible for growing start-ups or offered on an annual contract.

Wi-fi Strength & connection issues

There is nothing more frustrating for staff when either working from home or in the office than losing Wi-fi strength and encountering connectivity issues.

IT managed service provider wifi

In a recent survey conducted by Zen Internet, it was found that poor WIFI strength can result in a 38% loss of productivity with the workplace.

However, this issue can be overcome by arranging a consultation with your local I.T. support service, who can assess the workplace (whether that is the home or on-site office) and make recommendations on how best to alleviate the issues.

Usually, Wi-Fi connectivity problems can be solved using a range of devices. These can be installed to give your office better coverage and decreasing the chances of the signal dropping or slowing down.

 As the workplace is evolving and we are becoming more dependent on reliable internet connection and speed, it is worth ensuring that staff are available to perform tasks online without having to wait and struggle to complete them on-time.

It is not a costly job to install these devices and in the long run, can make the workplace run more efficiently by keeping productivity up.

 

Benefits of an IT Managed Service Provider

IT Managed Service Provider Cloud

Focus on your business goals instead of resolving I.T. issues. I.T. Support 4U offers your business the benefits of an IT managed service provider. It’s like having your own IT department for a fraction of the cost.

From our offices in Wicklow town, we provide managed IT services to small, medium and large enterprises in South Dublin, Wicklow, Wexford and Waterford. 

Why you should have a designated IT Managed Service Provider

Product data & Systems

Your business is protected from cybercriminals. Our enterprise-grade antivirus software protects your business devices. We also deploy email scanning software to scan and evaluate risks on any incoming email on your business email accounts.

IT Managed Service Provider

We then add a remote management system that manages system updates and patches. This helps make sure all devices have running the latest version of any software.

Our systems then run a continuous backup. Stored and updated regularly to ensure that your critical data is secure and protected from hackers.

Increase productivity

We will also streamline your I.T. system. Staff can reach essential files across multiple devices; offering the flexibility of working from home or in the office.

Our user-friendly platform ensures security while allowing staff to access their work files. safely online and increases productivity levels for those on the move. This platform integrates with popular business tools like Microsoft 365 & Gsuite.

This cloud-based system runs the latest in security and virus protection and has a 99.99% uptime. Servers are located in Europe and comply with all European data protection laws.

There to help, When you need it

We can answer any queries or address difficulties you may experience on a day-to-day basis.

Slow running software programmes. Connection issues and Wi-fi strength can be resolved with just a simple phone call. 

Our I.T. specialists can remotely log in to your I.T. system and provide assistance, cutting downtime dramatically. Don’t waste your own time or your employees time trying to fix I.T. problems.

If we can’t fix a problem remotely, a callout can be arranged. This leaves you time and resources to focus on other matters.

IT Managed Service Provider Cloud

Plan your IT requirements

We can conduct I.T audits that can help your business budget for future upgrades and offer the right advice to get the most from your budget.

Efficiency within the workplace is everyone’s priority. Instead of spending your valuable time hunched over a computer, make that call, that will make the difference!

We can develop a budget and plan that can deliver world-class I.T. services for your business.  

By booking a “free no-obligations” consultation call with I.T. Support 4U, you may be surprised how affordable a tailored plan specific to your business is; saving time and money.