An IT Support Blog from London

Information technology risks range from the very apparent to the silent and hidden. The majority of businesses mitigate the most obvious risks: only an irresponsible IT operation will do without network firewalls in place or skip on regularly updating operating systems and software. Yet it is the less obvious risks which can trip up even carefully run IT functions – and which can cause progressive or indeed sudden harm to your business.

Based on the 2016 edition of Ponemon’s annual Cost of Cyber Crime report, phishing is now one of the most prevalent cyber-attacks today. Should you be worried about it? It depends. If you think any of the consequences of phishing attacks outlined below can impact your business, then maybe you should be.

Tarnish your company’s image

Most phishing attacks are designed to steal personal information. The way cyber criminals do this is by crafting legitimate-looking emails that compel recipients into disclosing their personal details.

DDoS attacks that force websites to go offline and cripple servers are nothing new, but many of the massive DDoS attacks last year, which also happened to be the biggest in history, had a common characteristic we’ve never seen before. They all originated from hordes of zombified IoT devices, also known as IoT botnets.

Because IoT devices are here to stay, this threat won’t be going away anytime soon. If your network includes websites and other Internet-facing applications, you need to understand what these threats are, how it can impact your business, and what we in the business community can do to protect our IT infrastructures from these types of attacks.

An existential threat with authorities behind the curve

The National Crime Agency didn’t pull any punches in the report Cyber Crime Assessment 2016, published by its Strategic Cyber Industry Group. The Executive Summary warned of “an existential threat to one or more major UK businesses” and that “criminal cyber capability development currently outpaces the UK’s collective response to cyber crime.”

Is IT security in your firm where it needs to be?

IT security is near the top of the agenda for every executive management team. Although IT is not something executive managers are likely to get hands-on with and is best left to qualified practitioners, there are simple spot-checks that executive leaders can make to see if basic security is being implemented.

Insider threats: An unsavoury but unavoidable truth

When it comes to productivity and information security, insider threats are perhaps some of the most unsavoury considerations for a firm. Any business owner or senior executive would prefer to think they can implicitly trust the people that they pay but, unfortunately, it simply isn’t possible to ignore the risk of employee misbehaviour.

User Activity Monitoring (UAM) is a process that is enabled by productivity monitoring software, PMS. These applications are designed to track and record every action performed by a user. The software outputs a log file in plain English (rather than technobabble) and a video file that enables the firm to view each user’s onscreen actions.

National publicity for council ransomware attack

In January it was nationally reported that Lincolnshire County Council (LCC) had fallen victim to a ransomware attack which rendered it unable to access systems and data for a week. Across the authority, as many as 5,000 staff had to revert to manual processes using pen and paper.

The cybercriminals had performed data ‘kidnapping’ by infecting LCC systems and encrypting the data. The data remained on the organisation’s infrastructure but was rendered inaccessible. The ransom demand for its safe release by providing the decryption key was set at the princely sum of $500 (£350).

Don’t fall victim…

One of the most serious risks originating from the Internet to businesses and domestic users is the threat of phishing. Phishing is a form of fraud where a cybercriminal attempts to trick the recipient of a message into revealing information such as login credentials or account information by masquerading as a reputable entity or person, typically in an email, but it can be attempted through other communication channels.

A victim receives a message that appears to have been sent by a known contact or organisation. An attachment or links in the message may install malware on the recipient’s device or send them to a malicious website designed to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.

You then find your personal or business bank account has been raided or your credit cards used to purchase luxury goods. Here are 10 ways to prevent users in your business from being tricked by phishing emails.

IT security and systems availability

IT security is one of the biggest concerns of our time. It might be identity theft from individuals or the hacking of business and corporate networks on an industrial scale by unscrupulous nation states trying to obtain commercial IP or military secrets. Whatever the threat, securing networks against attack is high priority for IT teams.

Besides viruses, malware and hacking, if we look at other factors that impact operational availability of business dependent IT systems, then there are a range of issues which need to be addressed.

Server status and Windows Services, disk space and database sizes are all factors that could  influence a business-critical failure. Storage and back up, the availability of network devices, satellite offices and websites are all hugely relevant.