Download
QuickSupport

Epson ReadyInk

Cyber Security

Windows 10 goes end of life in 2025, when and how should I plan for this?

Published: 18 August 2023
Written by Natalie Finlayson
No comments
Categories: Cyber Security, Desktop PCs, Hardware, Laptops

 

2025 may seem like a long time in the future, but when you consider that this is only two financial years and therefore potential company budgets before Windows 10 goes End of Life (EOL) it is worth planning the refresh of your company devices now.  This will allow you to spread the capital cost over 2 years.  Let’s go through some things to consider when reviewing Windows devices in your network.

First step is to identify all your Windows 10 devices.  Track them down, check if they are still in use by the end users and carry out an audit.  When an Operating System (OS) goes EOL it always presents a useful opportunity to carry out an audit and review of the devices in your business.  If a device isn’t in use, then you can make a saving by not having to replace it and retiring it from your network.  It also gives you the opportunity to create an asset register if you have not already done so, or to update an existing one.

Once you have identified all Windows 10 devices you now need to consider the specification of all devices to identify any newer ones with compatible minimum system requirements needed for Windows 11.  The minimum specification requirements of Windows 11 can be found here at Microsoft’s website.  The requirements are more comprehensive than previous Windows OS versions and therefore may mean it is less likely that existing older hardware can take the upgrade.  But the upside to keep in mind is that this is all working towards modern hardware with improved security.

After all devices which can be upgraded have been identified you now know how many require replacement, and you can now plan a strategy for their purchase and install.  What works best will vary from company to company, whether doing groups at a time, or spacing out individual users throughout the two years, this is where the advantage of doing the review early comes into play.

Here at MJD we would always recommend that people reach out to their IT support provider to help them plan the roll out of Windows 11, to ensure a successful and achievable transition with as little disruption as possible to your business.  If you are unsure about where to start or you know what you need to upgrade versus replace but don’t know how to go about starting the work, don’t hesitate to get in touch with the team here at MJD.

How do I get the greatest return from visiting MJD & Terra at the Moray Business Showcase?

Published: 2 June 2023
Written by Natalie Finlayson
No comments
Categories: Cyber Security, Desktop PCs, Hardware, Laptops, Productivity, The Team @ MJD

So you’ve made the arrangements to come along to the Moray Business Showcase on June 7th at the Moray Sports Centre and you want to stop by and speak with the team here at MJD and Terra.  But how do you ensure that the trip out of the office to speak with us is worth your while?  Here’s our guide on what information to have to hand and what topics to consider to be able to discuss your IT requirements with us on the day.

A good place to start, especially if you are not already a client of ours or don’t have an IT support provider is to read our blog on what to consider when choosing your MSP here.  This covers questions to consider on knowledge, products and services and contract options in a MSPs offering to you.  You then may want to know more about how a per device contract works which you can read about here.  This will allow you to discuss with us what we offer in our per devices on the day and how this might suit your business circumstances.

If you are already a client of ours, or equally a prospective client as well, you may be targeting getting to see the Terra demo hardware on show to see what might augment your current setup to help develop your businesses IT.  We will have laptops, tablets, monitors, AIO and PCs so there will be something to cater any requirements you have in the pipeline.  To help you make the most of the demos, you can read our laptop blog here or our monitor blog here.  We also have a blog on our working from home recommendations here and how to decide between a laptop and PC here.

Regardless if you are a client or ours or not, you may be considering the ever growing threat of cyber attacks to your business.  Where to start can seem a daunting thought, but have a read of our where to start on your cyber security blog here and take along your questions for our Cyber Security Specialist, Craig Lambourne.  He will be there on the day at our stand and also running a workshop alongside Mark Dunscombe on Cyber Security and IT which you can sign up for FREE here.

Even if you don’t have time to read any of our recommendations above, please just come and say hello.  We are always happy to chat and help start you down the right path with your IT and Cyber Security requirements.  Let’s make IT work for YOU.

What can I do to help combat cyber attacks?

Published: 24 March 2023
Written by Natalie Finlayson
No comments
Categories: Cyber Security

Cyber attacks are now part of our business environment and we have to accept and protect our businesses from attacks as best we can.  We can no longer ignore this threat to our businesses.  The National Cyber Security Centre have created a useful start framework to help you work through how to reduce the impact to your business from a successful cyber attack.

If you do suffer a cyber attack MJD have direct links to The Cyber and Fraud Centre Scotland, and importantly through this centre to Police Scotland and the Banks, this enables us to get rapid action to report the cyber attack and if money has been defrauded get action by the Police and the banks.

There are some cost effective and recommended methods to help reduce your exposure to cyber attacks which are outlined in Cyber Essentials such as firewalls, virus and malware protection, patch management, secure configuration, password policies and how user permissions are setup.  Further steps you can take are security monitoring, training of your users to ensure their awareness of the threats to the business and incident management.  Further reading on the steps to introduce Cyber Security to your business can be found at the following two links:

https://www.ncsc.gov.uk/collection/10-steps

https://www.ncsc.gov.uk/collection/small-business-guide

Lets go through the steps outlined in the NCSC’s infographic below.   As a business you want to mitigate the survey stage.  This is the stage where social engineering is taking place by the potential attackers, they gather as much information as they can on their potential targets through information publicly available and trying to gain information from your employees.  This is why user training, education and awareness is so important in your cyber security defences in today’s environment.  If you are unsure what social engineering is we covered this in a past blog post here (https://www.mjdsystems.co.uk/521-2/) It is also important to ensure employees think about the company information they make publicly available in published documents and on social media.

Here at MJD we have a recommended training system that will send fake phishing emails to users in the business which helps to keep the threat in your employees minds and provide training there and then if they don’t identify the potential risk and click on a link in the email.  This takes the hassle out of organising and keeping training up to date for your employees and ensures they are regularly made aware of the threat.

Antivirus software is not enough! There are various processes and products that you can use to mitigate the delivery stage.  This is when the attackers try to carry out the actual attack to gain access to your systems.  The options available to the attackers can be reduced through the employment of anti-virus and malware protection, firewalls, password policies and secure configuration of permissions to users and devices.

The next stage is the part we all don’t want to get to, but we must plan and prepare for if the eventuality happens to us, and that is the breach stage.  Do you have a disaster recovery plan if the worst happens? Ways to mitigate this stage is effective patch management, anti-virus and malware protection, consistently well-implemented and maintained user access controls and user training and awareness.

We have an industry recommended and leading anti-virus and malware protection software which we recommended and use for our clients.  This software also provides us with remote monitoring and patch management to ensure our clients devices are kept up to date to reduce the risk of known vulnerabilities being exploited.

When we get to the affect stage it can be harder to detect the activities of the attacker, as if all the previous recommendations at each stage are implemented it has been a targeted and bespoke attack to gain entry.  However, here at MJD we have a few systems we can utilize to monitor activity in our clients systems and spot unusual activity.  If you have any questions on this area, we’d encourage you to get in touch to discuss with us as this area requires a more tailored approach to your specific organisation.

https://www.ncsc.gov.uk/guidance/white-papers/common-cyber-attacks-reducing-impact

I’ve been receiving extortion emails and they appear to be coming from myself – what are they?

Published: 3 March 2023
Written by Natalie Finlayson
No comments
Categories: Cyber Security

In recent weeks and months we are seeing our clients reporting to us more of the extortion style phishing emails again, so lets break down what they are, what we need to be concerned with and how to deal with them.

These extortion phishing emails which were first identified by the National Fraud Intelligence Bureau in July 2018, whereby they claim to have evidence of internet activity carried out by yourself, tend to appear as if they are coming from your own email address.  They usually claim to have images or videos of you and threaten to share them and they will demand payment in some form to stop them sharing the evidence they hold.  On the 23rd of April 2020 the NFIB reported they had 9473 reports of this email scam, with 200 reports that week alone. (https://www.actionfraud.police.uk/alert/fraudsters-send-victims-own-passwords-in-sextortion-scam )

Now, this can cause concern as you may think they have gained access to your email account to be able to send the email using your address. However, this is just a clever tactic by the phisher to give their email more credibility and is called spoofing.  It may also include a password which you have used in the past.  This information will have generally be taken from a previous breach of your personal data.  However, if you still use this password for any account you should immediately change these passwords.

The whole aim of these emails is to play on the recipients emotions, and they will have sent this email to enough different individuals that they hope enough will respond and pay the ransom to make their scam profitable.

So what should you do?  You should report the email through your organisation’s reporting procedures or delete the email.  You can also report these emails through the National Cyber Security Centre email reporting service – report@phishing.gov.uk  You should also ensure that if there is a password mentioned that you still use, change this immediately and look to implement any further security measures, such as MFA, on these accounts to improve their security.

We’ve included a helpful infographic from NCSC below on extortion emails and ActionFraud have a good further article on the topic which they released in 2018 but is still relevant now.  https://www.actionfraud.police.uk/alert/alert-cyber-criminals-send-victims-their-own-passwords-in-new-sextortion-scam

If you have any queries or concerns surrounding your Cyber Security, please don’t hesitate to get in touch with the team here at MJD.

What happened to NHS 111 and how can I protect my organisation from a cyber attack?

Published: 12 August 2022
Written by Natalie Finlayson
No comments
Categories: Cyber Security

NHS 111 is the 24/7 number you can call to get urgent treatment and advice about an issue. It can be used to talk directly to specialists, or to book patients into their local emergency department. However, on the 4th August 2022, this service was greatly hindered by a cyberattack on a third-party company which provides services to the NHS. In this blog post, I will go into detail on how this cyberattack happened, what the impact of the attack was, and how it may affect other companies in the future.

For a bit of an introduction, this third-party company is a software and service provider for many businesses across many sectors. For the NHS, they provide a software (a flexible patient management software) that helps NHS organisations to access GP records, automatically comply with data protection laws, issue electronic prescriptions and much more. As the third-party provider reports themselves, they work with 85% of NHS 111 services and their software impacts over 40 million patients.

This cyber attack essentially caused the shutdown of the third-party software, resulting in all of the work having to be done manually. The provider has reported that the NHS should be prepared to complete this work manually for the next few weeks as they repair their systems and increase their security. It is currently unknown how the attack originated in the third-party software as of this post.

Many will still remember the 2017 cyberattack on the NHS with the WannaCry ransomware, which caused severe issues for the NHS and their systems. Over 600 NHS organisations were affected, which caused a lockout of their digital systems and important medical devices, such as MRI scanners. Whilst the attack was prevented from spreading further after only a few hours, the disruption caused by the attack was felt for over a week as systems needed to be repaired and cleared of malicious software.

The effect of this latest security attack wasn’t quite as serious as WannaCry, as it did not completely lock users out of systems, but still resulting in multiple NHS organisations having to resort to manual processing of information and instructions due to the inability to use this important software, and it seems that the effect will last for a while longer than WannaCry. The notice given by the NHS reports that 111 callers will likely have to wait for longer than usual to receive service, but that services will still be accessible to everyone.

According to a government survey, withing the last 12 months, 39% of businesses based in the UK have identified some form of cyberattack, this is consistent with findings for the year 2021 too. Of this 39%, around 80% were phishing attempts and around 20% were more sophisticated and serious forms of attack, such as denial of service attacks, malware or ransomware. Ransomware was determined to be the most serious form of these, and the survey showed that over 50% of businesses had a policy to not pay ransoms.

Encouragingly, according to this same survey, cyber security is now being seen as a higher priority by a greater number of businesses compared to any other year the survey has been performed, which means that hopefully less businesses will be affected by cyberattacks in the future, but on the other side of the coin this can be seen as a note that cyber criminals will be required to up their tactics to counteract the increase in security.

This means that no business can afford to be complacent in today’s climate, as for every increase in security, there is an increase in the complexity of attack tactics. Make sure that employees are properly trained to identify and deal with cyber threats, ensure that passwords are secure and changed on a reasonable basis (with multi-factor authentication), make sure all your endpoints are protected with suitable cyber security software, and finally make sure that all of your critical data is regularly backed up to a secure external location so that should your company be affected by anything serious, you’ve got a backup to revert to and nullify the threat. If you have any questions on cyber security or cyber attacks or want to strengthen your cyber security measures please don’t hesitate to get in touch with the Team here at MJD.

 

Written by Aidan Streames

Do you practise Cyber Security in your everyday life?

Published: 1 July 2022
Written by Natalie Finlayson
No comments
Categories: Cyber Security

The majority of us now have smart phones as standard in our pockets and a smart speaker in our homes, we all engage with social media platforms and we love to shop online.  But how often do we consider our cyber security when using this technology in everyday life?  Lets dive in and discuss some of the areas which are important to consider and new intentions to practise in your everyday life to keep your personal details secure!

The devices we use everyday, our smart phones, smart speakers, smart TVs etc help to make our lives more convenient we need to be careful as they can be easy targets for cyber criminals to target us.  Here are our recommendations to help keep you secure:

  • Keep social media accounts private and only connect with people you genuinely know and trust.
  • Remember only share information online that you are happy being public knowledge, no matter how careful and how well you setup your privacy settings this information can fall into the wrong hands.
  • Posts which “generate” silly nicknames for you or tell you where your next holiday should be with your friends? They are trying to gather more personal details to help guess passwords and answer security questions, so just remember to avoid posts that encourage oversharing.
  • Stick to well-known and reputable websites for online shopping, and always use a credit or debit card and never send cash to a seller.
  • If it’s too good to be true, it usual is, so remember to choose the safest deal not the least expensive.
  • Ever had that occasion where your TV or radio station sets off your smart speaker? Ever thought about how they are always “listening”? It is recommended that you turn this setting off when working from home or talking about sensitive information.  If it stores recordings, review and delete these regularly too.
  • Smart speakers track your activity like the history on your web browser, so its worth checking this periodically for any unusual activity and then clearing the history on a regular basis.
  • Keep all your devices up to date! Don’t delay your updates, do them there and then to save forgetting and this ensures your device has the latest security updates.
  • With your always-listening devices, when you go away if you are in any doubt, just switch it off or unplug it!

Employing these simple practises can help to add an extra layer of protection between your private information and your technology and help you to stay cyber secure.  If you have any more questions on cyber security please don’t hesitate to get in touch with the Team here at MJD.

How can I increase my Cyber Security through employee training?

Published: 13 May 2022
Written by Natalie Finlayson
No comments
Categories: Cyber Security, Training

The human factor is a large part of your business’ cyber security protection.  Spam filters, anti-virus, anti-malware, firewalls etc can only do so much to protect us and our businesses.  85% of breaches have a human element involved!  This means we need to continually invest in training and awareness of our employees.

If there was a piece of technology or a way to ensure that people never clicked on the link or opened the attachment of a suspicious email, whoever invented it would become a billionaire overnight.  However, as such a piece of kit does not exist, we need to think about training the human element to spot such emails and potential attacks.  One training course is also not going to be enough to make a difference, continuous training is required to keep the learning fresh and current.  The forgetting curve shows that in just as little as 20 mins, we already have forgotten 40% of what we learnt.  The same study that developed the forgetting curve learnt that repetition in learning over a period of time increases the percentage of knowledge retained.

This highlights that with something as important as your cyber security it really is a necessary component of your protection that you enrol your employees in continuous security awareness training.  Here at MJD, we partner with KnowBe4 to provide our clients with continuous training through the form of fake spam and phishing emails and schedule training videos that are sent out to all employees at a company enrolled in the training scheme.  This also allows for analysis of users response times to the fake emails and how they interact with them, allowing the training to be tailored to each user.

If you are interested in starting a cyber security training programme for your employees, get in touch with the team here at MJD!

What is a VPN and do I need one?

Published: 4 February 2022
Written by Natalie Finlayson
No comments
Categories: Cyber Security, Productivity

VPN stands for Virtual Private Network.  It allows you to connect to a different network securely over the Internet.  They can be useful to protect your business activity when working on public wi-fi as well as a few other roles.  VPNs give you the security by encrypting your internet traffic and hiding your IP address in a secure tunnel.

The VPN allows the device you are working on to connect to another device, for example connects your laptop at home to a device in your office, and then allows you to work on files on that device in your office.  This means that your laptop at home now acts like it is on the network you are connected to and allows you to access the local resources on that network.

Let’s now discuss why you might need a VPN or the circumstances in which a VPN would be highly recommended:

  • Using public wifi
  • Access to files and data while away from the office
  • Privacy online, particularly when travelling

When using public wifi without a VPN anyone else on that network could easily intercept and steal your data such as passwords etc and monitor your online traffic, allowing them to steal your identity.  Using a VPN while on a public network means that your online traffic and the data this creates is within a secure tunnel and is very difficult to intercept.

VPN can also allow you a secure way to access important business data and files on your office network while you are away from this network.  The VPN will provide you with an encrypted connection to help prevent data leakage.

If you are concerned about your privacy online and the data tracking and monitoring that your ISP may be sharing with advertisers and other third parties, a VPN will stop this tracking and protect your privacy from third parties your ISP may share the data with.

If you are considering employing the use of a VPN service and want some more tailored advice and guidance for your circumstances please don’t hesitate to get in touch with the team here at MJD we can provide you with the latest encryption and security services.

Top 5 IT Tasks to focus on this year!

Published: 14 January 2022
Written by Natalie Finlayson
No comments
Categories: COVID-19, Cyber Security, Hardware, Productivity

This week let’s discuss the top 5 IT tasks to focus on this new year.  We will go into each one in more detail and link to some of our previous blogs to help you make plans and set goals for your IT for 2022.  Let’s look at the top 5 tasks first:

  • Security
  • Work From Home Hybrid Setups
  • Cloud services
  • Microsoft 365 licensing Changes
  • Forward Planning for Hardware Requirements
  1. Security

No matter the time of year security should be the top of your priority list when considering your IT setup.  However, let’s make 2022 the year we all take a proactive step to cyber security rather than a reactive step when a cyber attack happens.  MJD can help you on your proactive security process through getting Cyber Security accreditation and advising solutions that are suitable for your circumstances.  You can read our blog on Cyber Security accreditation here and all our other security related blogs are tagged so you can easily filter and read more on particular topics.

  1. Work from Home Hybrid Setups

As the global pandemic is still with us and affecting the way we live our lives and how we work, we would always recommend considering your office setup.  Do you have the capability to allow employees to securely and productively continue to work from home if required.  Also, don’t just consider this for the pandemic, think beyond the pandemic and the flexibility that this can give your company and your work force, that for whatever reason they can’t work in the office they can continue to work and allow your business to function.  From an office fire or flood which leaves you without a workspace to snow stopping employees travelling to the office, if you have the capabilities and technology in place, business can continue.  We have a blog here on our essential WFH equipment and a blog on the considerations of the WFH environment and your business security here.

  1. Cloud Services

This area ties in nicely with the previous area, but should be given it’s own importance and time to be considered as this can benefit the business not just for the WFH benefits.  As more and more of the software we use daily offers cloud based options it is important that we make ourselves aware of these if the options are available to us.  Cloud based services can give us the flexibility to work from anywhere and reduce the capital costs required with servers and the maintenance of this equipment.  Most cloud services are monthly based subscriptions so allow you to budget for a fixed cost each month and not have to guestimate your maintenance budget on servers and any parts that may be required further down the line for them.  We wrote a blog on what is the cloud which you can read here.

  1. Microsoft 365 Licensing Changes

This year Microsoft are making some changes to the way in which they offer their 365 licensing.  These changes will see a shift from monthly licensing charges to annual commitments and we would urge you to speak with your Microsoft 365 provider to plan and discuss the impact this may have on your business in the coming year.  We will be in touch with all our clients to discuss these changes.

  1. Forward Planning for IT Hardware Requirements

Unfortunately, the worldwide chip shortage is going nowhere anytime soon, so we still need to consider our IT hardware requirements as far in advance as possible.  We are still seeing shortages of equipment with no forecast dates of arrival of the stock to our suppliers from the manufacturers, so the more time you can give your IT service provider to get the hardware the more chance of success you will have.  You can read our blog on the chip shortage here.

If you would like to discuss any of these IT areas and would like help to plan your IT for 2022 please don’t hesitate to get in touch with the team here at MJD, and let’s make 2022 the year your IT works for YOU!

 

How does Rudolph stay GDPR compliant when sending his Christmas email?

Published: 10 December 2021
Written by Natalie Finlayson
No comments
Categories: Cyber Security

Rudolph will be preparing his usual Christmas email to be sent to all the hardworking elves and Santa’s suppliers to wish them a Merry Christmas from his fellow reindeers and Mr & Mrs Claus.  But what does he need to consider from GDPR while sending his email?  The team at MJD wanted to give Rudolph some guidance and advice to keep everyone’s data safe.

Rudolph can still send a Christmas email to all his intended recipients; he just needs to consider the content in his email.  If he wants to include direct marketing and the emails are sent to individuals, then he would need to ensure he has the individuals’ consent to receive this type of communication.  However, if he just wants to wish everyone Merry Christmas and all the best for the New Year without any marketing included this will be fine.

Another important email feature that Rudolph should make use of is the Bcc box.  This will mean that he doesn’t give anyone’s data or contact information to anyone else in the email.  It is a very simple function, but a very important one for a Christmas Wishes email.  This advice should allow Rudolph to send a successful Christmas message for Santa and the other reindeer.  If you have any other questions around GDPR and cyber security, please don’t hesitate to get in touch with the team here at MJD.

Newsletter Signup

If you would like to receive a notification when a new blog post goes live, please enter your email address below.