CYBER SECURITY SERVICES

Cyber-attack – why having no backup and continuity plan could be terminal for your business

Your small business is now the preferred target of the cyber-criminal UK businesses still have a lot to do regarding effective backup and continuity planning in the event of a cyber-attack. Despite the clear rise in documented cyber-crimes against UK Businesses, a worrying number remain ignorant to the severity of the risk. Many incorrectly conclude that it will never happen, choosing to believe that their size or niche would not be of any interest to the cyber-criminal. However, failure to take the appropriate steps to adequately protect yourself could result in costing you more than just money. What are the most common forms of cyber-attack? Your enterprise can be targeted in a number of ways; the most common being: hacking/spoofing phishing/spear phishing malware DoSA ransomware. Any network, large or small can be open to attack. But if it is not continually monitored, patched or updated, you are leaving yourself vulnerable to developing exploitable weaknesses. Consequently, you could face your data being encrypted, damaged, lost or stolen, which could have disastrous implications, particularly if sensitive personal information is involved. Prioritise acting now, and protect yourself from cyber-attack EU regulations implemented in 2018 govern the protection of personal data. Not taking cyber-security seriously could mean non-compliance with the General Data Protection Regulation (GDPR). This, in turn, could result in a fine for your business, which could be as much as 4% of your turnover. Obviously, this could be catastrophic for any business, which is why being proactive about cyber-security and planning for a cyber-attack is a must. The action you can take now includes: updating your passwords installing the latest versions of antivirus/malware software regularly updating software/patching training your staff to make them aware enlisting the help of a professional to effectively identify vulnerabilities, detect and stop attacks and planning for continuity in the event of the worst happening. ASL can help you protect your business from attack Data that has been researched and published by our partner, Symantec, identifies how small businesses are being targeted with spear phishing. More than 52.4% of all reported attacks, where an apparently trusted email is used to elicit personal information from the recipient, were against SMEs. The statistics clearly demonstrate that hackers are very aware that a smaller business is less likely to defend itself as vigorously as larger ones, and will take advantage wherever possible. However, by combining our expertise in cyber-security with that of Symantec, we can help you: plan for disaster and assist with continuity services advise on how Cloud technologies can help with security recommend tailored cyber security solutions in line with your specific needs and budget The main issue is lack of awareness of the threat as well as the consequences of doing nothing to mitigate it. As experts in systems monitoring and cyber-security, we can help you identify how your business is most likely to be targeted and where the weakest points are in your network that could be easily exploited. Ignoring the problem, and failing to take any action could prove terminal for your business. To discuss how best to protect your business from the increasing threat of cyber-attack, call us on 0345 862 0350 or email sales@aware-soft.com.

Reducing cyber-risk through External Penetration Testing

Without PEN Testing, hackers can exploit unidentified weaknesses in your network security Today, maintaining network security is increasingly complex, with more organisations than ever being heavily reliant on a varied range of systems to operate. Gone are the days of a simple PC with a hard drive, amongst many businesses there is a move towards combining flexible and agile mobile devices and tablets with Cloud technologies for; network access, sharing, collaboration and storage. While these developments may transform how your business operates, they create a complicated mix of assets that can leave you susceptible to the ever-increasing risk of cyber-attack. With Vulnerability Monitoring, you can check how secure your network really is, and most importantly, you are enabled to keep your data safe. Why is the risk of cyber-threat increasing? The working landscape of a typical business has changed, and the threat of attack from cyber criminals is increasing as a result. Employees can now work from home, work on the move and work from hot desks for some or all the time. Work devices may be used, which have a level of security installed, but workers’ own devices with less security may also be used to access your network, send and receive emails and files, or search the Internet. The nature of your business may also mean guests have access to your network, and all of this creates the opportunity for hackers to attack in diverse ways. Unfortunately, too many businesses have focused on the benefits of the new technologies and have not paid as much attention to the security implications. Left unchecked weaknesses can be exploited, leaving critical data vulnerable to the spread of a paralysing virus that could result in it being irrevocably damaged or lost. What is the value of External Penetration Testing (PEN Testing)? Understanding how exposed your network is to attack, is key to reducing risk. External Penetration Testing can help to keep your network secure by making visible any of its problem areas and vulnerabilities. It does this by simulating an attack, which is then used to assess your weakest points and/or assess a specific area of interest to your business. PEN Testing offers: continuous network monitoring reports on exposure levels of different resources alerts as to where the most immediate risk is remedial approaches to secure the weaknesses. The value of PEN Testing is in its ability to demonstrate where your system is vulnerable, and whether any of your critical data can be accessed from an outside source. Weaknesses are revealed by attacking your infrastructure in the same way a cyber-criminal would, but without facing the same level of threat. Once any holes in your existing defences have been identified, you then have the opportunity to seal them to maintain the integrity and confidentiality of your data. Reducing your exposure with ASL’s Pen Testing services Trying to defend yourself from attack, when you don’t know when or where it is likely to come from or what form it will take, can lead a business to either ignore the problem altogether or spend much more money than necessary. Many take an uninformed approach and make the mistake of investing in a range of security tools they hope will solve the perceived problem. This may actually increase your exposure as the wise course of action would be to seek expert advice. At ASL, we are highly experienced in protecting businesses from all types of disasters. We offer PEN Testing services in partnership with Tenable.io, who are specialists in identifying and securing against cyber-exposure. Our service does more than address misconfigurations and bugs in your system – it also includes: hacking/virus detection and prevention footprinting and system fingerprinting port scanning service testing/probing password strength testing DNS analysis. In addition, we also offer advice on how to manage your IT security vulnerabilities moving forward. For further information on how ASL can help you to protect your network security from cyber-attacks, call our Sales team on 0345 862 0350.

The importance of a comprehensive email security solution

Why you shouldn’t rely on generic cloud-based email security to protect your organisation An increasing number of internet-based threats are being deployed via email, which is why it is imperative for your business to have a comprehensive security service in place. It is much easier to stop threats before they become full-blown attacks on your network or infrastructure. Prevention, by means of the detection and blocking of threats, is preferable for the business continuity of any enterprise. Dealing with the fallout of the avoidable and damaging consequences of a lack of security can be extremely complex as well as costly. So, what steps can you take to ensure your email system is secure? Understand the threats Internet-based threats are constantly evolving and are a challenge to detect when sent under cover of an innocent-looking email. Sophisticated methods of camouflage are employed to mask the presence of malicious URLs; for instance, emails can be embedded with: spyware bait for the purposes of phishing DoSA (Denial of Service Attack) spam disguised URLs (containing redirects and/or time delays) zero-day attacks (exploiting undiscovered email security vulnerabilities). Any of these can result in damage to your operating system or applications and may also lead to the corruption or loss of sensitive data. Learn how email security works Internet-level defences identify and eliminate spam and viruses before they have an opportunity to enter your network, and web-borne viruses, phishing threats and spyware are detected and controlled with URL filtering. Email content and attachments, either sent or received, are scanned, monitored and managed according to your own defined policies, driven by your business requirements. Appreciate the risks of low-level protection A cloud-based email security service is provided at a basic level with Microsoft Office 365 and Google Apps, etc. However, your business should not be reliant on this limited level of protection as it is not sophisticated enough to neutralise more than the simplest form of malware. Ignoring the need to detect and block an ever-increasing number of complex internet-based threats could make your business vulnerable to exploitation. Having a service that provides a wide-ranging level of email security could mean the difference between you averting a cyber disaster or finding yourself recovering from one. How Awareness can help ASL can offer an all-inclusive level of security for your email system that: protects critical data from the threat of spam and virus blocks spear phishing campaigns restricts web access (customisable, according to your requirements) filters URLs assists administrator controls protects and supports roaming users. Our service also offers the central management of your security requirements without the need for additional hardware or software by providing a web-based console. For more than two decades, we have supported small to publicly-listed UK corporations with their growing needs for reliable email and an effective security solution that maintains network and infrastructure integrity. Our comprehensive email antivirus service detects and blocks threats before they become a serious issue. To discuss how to enhance your email security, call our Sales team on 0345 862 0345 and find out how we can help you and your business safe online.

Why should your Business have a proxy URL filtering service?

Using filtering technology to enhance security Employing a Web proxy URL filtering service can deliver many positive benefits for both organisations and end-users that go far beyond the basic implementation of preventing access to named websites or particular types of websites. Filtering technology is predominantly a security tool, one that provides an essential layer of centralised, server-side protection from security threats before they manifest on client devices. Despite its importance, many businesses underestimate the need to have proper web browsing security and leave themselves susceptible to underperformance, risk and liability. What is URL filtering? The internet contains many threats with an increasing number of previously unseen, zero-day vulnerabilities being exploited every day. This mostly occurs when visiting a website or opening an email that contains an unknown URL. Proxy URL filtering or web browsing security is an effective way of protecting your business and maintaining high levels of security. It does this by: creating website allow/block lists controlling data sent to sites or via web-based services detecting and blocking of internet-based threats. Either by using predefined templates or a service that is customisable, allow/block lists can be created according to one or a combination of values, such as user, time of day, URL category, etc. Customisable services allow you to tailor your list in accordance with your business requirements. The scanning and controlling of data sent to sites can help to eliminate the distribution of personal or proprietary data or otherwise unsuitable information. Plus, effective filtering helps detect and block Internet-based threats before they reach your network and pose a much more serious problem. Why URL filtering is necessary Increased security. If you don’t employ a URL filtering policy, you could be giving your users open access to malicious websites that will attempt to disrupt your infrastructure or network, steal sensitive information or infiltrate your entire system to corrupt it or use it to launch an attack elsewhere. This is done either by tricking the user into installing malware e.g. clicking on a disguised link or by drive-by download where the website will attempt an automatic malware installation, which bypasses the need for consent. Liability risk. There is an increased risk of liability if your users are allowed access to sites that display offensive or illegal content, such as hate, drugs, pornography or violence. Improved productivity. The lack of web filtering could mean your users are distracted by social media and instant messaging, leading to time wasting. URL filtering can be used to focus the attention of your workforce where it’s needed most. Improved reporting. Information that could be valuable to your organisation relating to web usage that could impact sales or add value by increasing efficiency, could be lost without URL filtering. Reports and logs can be generated that help to determine how separate areas of the business are performing by highlighting the most visited URL categories. How can Awareness help with your web and data security? ASL can help protect your business from compromised websites and malicious downloads and allows you to control and enforce “Acceptable User Policies “whether the user is in the office or working offsite. The benefits of our antivirus web filtering include: allowing, blocking, reporting or logging of categorised web searches file content analysis (uploaded to cloud-based applications or contained in email) blocking of inappropriate posts preventing the distribution of password-protected content preventing the download of business information to personal email and much more. At ASL, we have more than 20 years of experience assisting businesses to detect and contain hostile attempts to disrupt business operations. Data security is our priority. We believe we can offer you a powerful and flexible way to create custom web filtering policies that serve your business both in terms of performance and security. Contact us on 0345 862 0350 to discuss how our antivirus web filtering services can secure and protect your business.

WiFi/Wireless Security Best Practices

Protect your enterprise or face serious consequences There are many advantages for your enterprise working wirelessly, but unless you are adhering to wireless security best practices, you could be running unnecessary risks that threaten your network and data. This is especially true if your business grants access to your LAN to BYOD users and guests. The consequences of ignoring your WIFI/wireless network vulnerabilities are serious and could have damaging consequences to your business. Advantages of WiFi technology Wireless access points are cost effective, easy to install and provide instant access to your enterprise’s LAN to anyone who is in range and has the password, including guests. WiFi technology also enables: mobility BYOD scalability. Mobility – Total mobility is permitted as co-workers and guests can connect to a server from anywhere on premises via WiFi. This allows for information to be accessed and shared, which facilitates collaboration and contributes to productivity. BYOD – Enterprises can gain from Bring Your Own Device as co-workers and guests use their own smartphones and laptops for work purposes. WiFi throughout the premises enables users to work on the LAN with their own equipment. As well as being convenient, BYOD represents an opportunity for your enterprise to save money at the same time as increasing productivity levels. However, while implementing BOYD has many benefits, there are risks that need to be considered such as data security implications – find out more. Scalability – New and guest users can be accommodated very easily with a wireless network as it usually involves the issuing of a password and making a corresponding server update. Users can be removed just as easily too, making the entire system cost-effective and flexible. Threats and vulnerabilities posed by WAP technology Mobility, BYOD, and scalability are significant advantages but they can also increase the risk of network security threats. BYOD users’ devices may already have malicious code embedded in them that could wreak havoc the minute they gain entry to your network. If not properly secured and monitored, WiFi can leave you exposed to menace, malicious or accidental, from both internal and external sources. This is because unsecured wireless access points can be easily recorded and information such as logins and passwords picked up. Network security threats can also come in the form of: broadcast storms man-in-the-middle attacks using rogue APs stealing sensitive data and/or bandwidth spam attacks or wireless packet floods data modification/loss/leakage/corruption attacks being launched from your network. The cost of downtime to your bottom line and reputation as a result of exposure to one or more of these threats can be much more significant than the investment it takes to obtain the necessary protection in the first place. 5 WiFi security best practices If you are not sure how to take advantage of wireless technology at the same time as reducing network vulnerability, below are five practices to implement as soon as possible. 1. Seek expert advice from professionals in wireless network security. 2. Identify which of your business assets need protection and why. 3. Define access requirements and create separate networks using firewalls and VLANs for: corporate users staff users guest users. 4. Carry out a site survey to identify areas of vulnerability. 5. Implement continuous network monitoring to identify unusual traffic. To protect your network against security threats and vulnerabilities, consult with Awareness. Our high level of skill has been gained over a period of more than two decades – assisting our clients with their network security requirements. To discuss WiFi security in more detail or to book a site visit, call Awareness on 0345 862 0350.

Could your BYOD policy be risking your data security?

The implications for disaster recovery when staff use their own devices at work BYOD (Bring Your Own Device) is a popular trend among UK SMEs, which without a proper policy in place to govern its usage, might be harmful to your data security. When staff access sensitive business information using their own laptops, phones and tablets, there is a corresponding increase in the risk of a disaster happening. Typically, an individual’s own devices are set up with less security and virus protection. Why businesses like BYOD Savings can be made when employees use their own devices for work purposes. Their laptops, tablets and phones are often more up to date and advanced as well as being lighter, more portable, with bigger screens and wider capabilities than your existing company hardware. Productivity increases because of the level of familiarity with your own device. People work better and your business benefits as a result. However, it is important to consider how you could be impacted if you are employing BYOD. You could be making yourself more vulnerable to data breaches and loss and suffer legal consequences as a result. So, what risks should you consider? The associated risks of BYOD Lack of security Disaster is more likely in the form of accidental leakage and data loss, viruses and cyber-attacks when your staff use their own devices. Their device could be easily compromised, lost or stolen, which could give a third-party easy access to sensitive data. The consequence could be extremely serious or possibly fatal for your business. Management of different operating systems Devices are being updated and upgraded all the time, meaning the operating systems are too. The number of different versions make it very complex for a business to manage and support and this can lead to security breaches occurring. Your disaster recovery plan should include an effective solution that addresses this management issue. Having no BYOD policy Arguably the biggest risk of a disaster happening at all is failing to have a company BYOD policy. As well as weakened data security, there are also legal implications. BOYD legal implications and responsibilities Depending on the nature of your business, you may have to comply with legal requirements to do with the Data Protection Act, the Official Secrets Act or the Freedom of Information Act, etc. Your BYOD policy should address who is responsible for the protection of personal information and the implications of non-compliance with legal obligations. BYOD policy planning – what to include Apart from having a legal compliance strategy, other considerations are: network security data encryption local data storage prevention protection controls and limiting access tracking and deploying of applications establishing secure app-to-app workflows. Communicating your policy fully to your employees means they will be aware of what their responsibilities are when it comes to safeguarding your sensitive information. It will also help to reduce the risk of a disaster being caused internally. ASL can help you to successfully benefit from BYOD by performing a full assessment of the risk involved on all devices that access your company data. We can offer qualified advice on the security implications of jailbreaking and sandboxing, as well as assessing encryption methods and the use of passcodes to protect sensitive areas. For further details on creating a BYOD policy for your business that reduces the risk of a disaster, contact ASL on 0345 862 0350.

Ensuring business continuity after a DDoS attack

Keeping your business running after a Distributed Denial of Service attack. Throughout 2016 there was a significant rise in serious DDoS attacks, with many large organisations including; PayPal, Twitter, GitHub, and Spotify having reported disruption to their online services. In 2017, we expect to see a rise in the number of organisations targeted for financial gain, as it’s predicted that the increased use of IoT and mobile devices will open the door to attack. Today, the resources often used to increase business flexibility and agility, can unfortunately also increase cyber-threat and attacks, these include: increased employee use of mobile devices virtualized computing infrastructure increased texting and emailing of employees outside of work employees working from home or remote locations. Is your business prepared for a DDoS attack? A Distributed Denial of Service attack happens when a machine is targeted by other maliciously corrupted systems. The purpose is to cause your IT infrastructure to crash, ultimately resulting in your business shutting down. The reasons behind attacks vary and are not limited solely to financial gain. Attackers may want to steal data or be motivated by revenge, as in the case of a disgruntled employee, or they might simply want to demonstrate their knowledge and skill in launching an attack. Reports in the media of DDoS attacks against well-known brands, mean that most of us are well aware of the level of disruption they cause. Despite this, few organisations have a business continuity plan in place. If your business was attacked today, how confident are you that you would be up and running again with minimal delay? The impact of a DDoS attack can have far-reaching consequences. The vast majority of businesses rely on IT systems to operate, and uninterrupted access to the Internet is fundamental to our digital economy. Any break in service, for whatever reason and however temporary, has an immediate impact on your bottom line. In addition, reputations are quickly damaged and client confidence diminished. ASL – keeping your business up and running 24/7/365 In order to safeguard against DDoS attacks and ensure the continuity of your business, it’s extremely important to be prepared. As business continuity can only really be guaranteed with professionally implemented backup and recovery services, the advice is to seek assistance from ASL. We have 20 years of specialist knowledge and expertise in ensuring our customers are prepared for cyber-crime. In the event of such an attack, with backup and recovery in place, you can be up and running again with minimum disruption and loss. To find out more about ensuring business continuity after a cyber-attack, call us at ASL on 0345 862 0350.

Why perform regular systems updates?

Are you putting your business at risk by neglecting systems updates? After spending time and money to ensure your IT systems and software meet your business requirements, it’s important that you don’t just sit back and think – job done. It’s too easy to forget the most simple and fundamental tasks, such as software updates and firmware patches. By neglecting to update to the latest versions, you open your business up to unnecessary risk. The risks of using outdated software Increased Security Issues – Outdated software is a ticking time bomb that presents a huge security risk. Your best defence against malware and viruses is through installing the software updates released to address specific threats. By carrying out regular updates, you can patch the vulnerabilities hackers rely on to infect your IT system. It’s important to be aware that hackers pay close attention to security patch release dates, as this tips them off to the vulnerabilities of the previous version. By not applying a patch, you could expose your business to serious risk. Impact on Workflow – Security issues aren’t the only risks you’ll encounter by not updating your systems and software. You also run the risk of impacting employee workflow. For instance, if your employees want to work on joint projects but they are running different versions of software, then compatibility issues may arise hindering their progress. To prevent this issue, you need to synchronise every piece of software across your network, which also includes mobile versions. According to Microsoft, businesses unnecessarily expose themselves to cyber-attack when they fail to update their software. Why make time to update? Your system may be working fine so you might be thinking – why bother updating and applying a patch? Failure to patch leaves the door open for malware to enter, however, patching is not only about security. An update may be released to improve an application’s stability. To ensure you are both protected and able to operate applications effectively, you need to make system upgrades a priority. However, this is time-consuming and can be a complex task if you have a large infrastructure. You can’t afford to risk being hacked or having your employee productivity levels drop, but you don’t have time to prioritise systems updates. So what are your options? The answer is easy – you need to consider outsourcing. ASL software systems updates and patching. By outsourcing to us you can be confident in keeping track of all updates, we take on the responsibility so you can concentrate on your core business. We deliver proactive protection, we monitor to find outdated software and security vulnerabilities. The larger your infrastructure the more difficult it is to keep on top of updates, which is why it makes sense to contact us at ASL to discuss our IT support services. We update your software to ensure that you’re running the most current and bug-free version, we offer; A quarterly systems update – too often can become a hindrance to business operations, and not often enough can leave your business open to security threats. Urgent patches that have serious consequences are performed on an as-needed basis. A proactive review of all Firmware updates, Windows updates and software updates (working in partnership with your other suppliers). A server snapshot to ensure that any update issues can be rolled back, quickly and safely. Urgent updates out of business hours to limit disruption. To find out more about ASL IT service and support call 0345 862 0350

What IT disasters should you prepare for?

The top 5 causes of IT disaster – is your business prepared? For most, the word disaster recovery conjures up images of environmental catastrophes such as earthquakes or flood, however for those businesses that have experienced an IT disaster, the reality is often far more mundane but as easily catastrophic in nature. If you’re thinking – I don’t need to plan for disaster because I don’t operate my business in a flood area, have fire prevention measures in place, and being in the UK I’m low risk for other natural disasters, think again. You’re only ever one step from disaster, and should the worst happen you need a backup and recovery plan in place to protect your business from loss, BOTH data and financial. What IT disasters should you be preparing for? You’ve ruled out an imminent earthquake and your business is fortunately located 1000s of miles from Tornado Alley, so what are the more likely disasters you will face? Computer virus Today viruses are a common occurrence that can infect or delete mission critical data, the worst of which is Ransomware. An infected machine that remains connected to your network will systematically encrypt all of the network files it has access to, making them useless. Hardware/equipment failure The most common example is the failure of a hard drive in a server. Malicious intent The most obvious perpetrator is a hacker trying to gain access and cause damage. However, not all malicious intent is from the outside, sometimes the damage can come from within. A disgruntled employee can easily delete/corrupt data to cause an IT disaster. Environmental catastrophe IT disasters can be caused by natural events such as flood; however, they can easily be caused by structural failures within the office environment. For example, a water leak from pipes above or next to where your servers are located, can easily lead to disaster. Human error Humans make mistakes, from overwriting critical files to deleting sensitive data. By regularly backing up your data and having a recovery plan in place, you can protect yourself from disaster. Can you afford downtime and financial loss? NO? Contact us at ASL for no-obligation backup and disaster recovery advice 0345 862 0350 How can you prevent permanent critical data loss? Most businesses are at risk of experiencing some form of IT disaster. The obvious thing therefore is to take the threat seriously, and plan what to do when it happens. By assessing likely risks and considering every eventuality, you can take control. Knowing what might happen can help you to plan how best to restore your critical data and services, to keep your business up and running. For advice on disaster recovery contact us at ASL. Can you afford not to have a backup and recovery plan? Any business that has experienced a disaster, will tell you that the cost and losses incurred by not having a plan in place, were far more than the cost of developing and implementing one. Downtime equals losing time, money AND customers, and this is something that no business can afford. The simple fact is customers are fickle and vote with their feet, and most businesses that experience extended outages and downtime lose custom. After all, why deal with a business that has production issues or can’t access your data, when you can go elsewhere? If disaster has already struck and you need to prevent it ever happening again, or you’re concerned about what could happen if you lost critical data, then contact us at ASL on 0345 862 0350. About ASL Disaster Recovery Services. For over 20 years we have been a specialist disaster recovery provider for SMEs across the UK. We have the expertise you need to implement a disaster and recovery solution that minimises business disruption and financial loss through downtime. ASL keeps UK businesses up and running 24/7/365. Find out more about our disaster recovery service by calling 0345 862 0350.

Find out how our knowledge can grow your business.