The human factor is a large part of your business’ cyber security protection.  Spam filters, anti-virus, anti-malware, firewalls etc can only do so much to protect us and our businesses.  85% of breaches have a human element involved!  This means we need to continually invest in training and awareness of our employees.

If there was a piece of technology or a way to ensure that people never clicked on the link or opened the attachment of a suspicious email, whoever invented it would become a billionaire overnight.  However, as such a piece of kit does not exist, we need to think about training the human element to spot such emails and potential attacks.  One training course is also not going to be enough to make a difference, continuous training is required to keep the learning fresh and current.  The forgetting curve shows that in just as little as 20 mins, we already have forgotten 40% of what we learnt.  The same study that developed the forgetting curve learnt that repetition in learning over a period of time increases the percentage of knowledge retained.

This highlights that with something as important as your cyber security it really is a necessary component of your protection that you enrol your employees in continuous security awareness training.  Here at MJD, we partner with KnowBe4 to provide our clients with continuous training through the form of fake spam and phishing emails and schedule training videos that are sent out to all employees at a company enrolled in the training scheme.  This also allows for analysis of users response times to the fake emails and how they interact with them, allowing the training to be tailored to each user.

If you are interested in starting a cyber security training programme for your employees, get in touch with the team here at MJD!

VPN stands for Virtual Private Network.  It allows you to connect to a different network securely over the Internet.  They can be useful to protect your business activity when working on public wi-fi as well as a few other roles.  VPNs give you the security by encrypting your internet traffic and hiding your IP address in a secure tunnel.

The VPN allows the device you are working on to connect to another device, for example connects your laptop at home to a device in your office, and then allows you to work on files on that device in your office.  This means that your laptop at home now acts like it is on the network you are connected to and allows you to access the local resources on that network.

Let’s now discuss why you might need a VPN or the circumstances in which a VPN would be highly recommended:

  • Using public wifi
  • Access to files and data while away from the office
  • Privacy online, particularly when travelling

When using public wifi without a VPN anyone else on that network could easily intercept and steal your data such as passwords etc and monitor your online traffic, allowing them to steal your identity.  Using a VPN while on a public network means that your online traffic and the data this creates is within a secure tunnel and is very difficult to intercept.

VPN can also allow you a secure way to access important business data and files on your office network while you are away from this network.  The VPN will provide you with an encrypted connection to help prevent data leakage.

If you are concerned about your privacy online and the data tracking and monitoring that your ISP may be sharing with advertisers and other third parties, a VPN will stop this tracking and protect your privacy from third parties your ISP may share the data with.

If you are considering employing the use of a VPN service and want some more tailored advice and guidance for your circumstances please don’t hesitate to get in touch with the team here at MJD we can provide you with the latest encryption and security services.

This week let’s discuss the top 5 IT tasks to focus on this new year.  We will go into each one in more detail and link to some of our previous blogs to help you make plans and set goals for your IT for 2022.  Let’s look at the top 5 tasks first:

  • Security
  • Work From Home Hybrid Setups
  • Cloud services
  • Microsoft 365 licensing Changes
  • Forward Planning for Hardware Requirements
  1. Security

No matter the time of year security should be the top of your priority list when considering your IT setup.  However, let’s make 2022 the year we all take a proactive step to cyber security rather than a reactive step when a cyber attack happens.  MJD can help you on your proactive security process through getting Cyber Security accreditation and advising solutions that are suitable for your circumstances.  You can read our blog on Cyber Security accreditation here and all our other security related blogs are tagged so you can easily filter and read more on particular topics.

  1. Work from Home Hybrid Setups

As the global pandemic is still with us and affecting the way we live our lives and how we work, we would always recommend considering your office setup.  Do you have the capability to allow employees to securely and productively continue to work from home if required.  Also, don’t just consider this for the pandemic, think beyond the pandemic and the flexibility that this can give your company and your work force, that for whatever reason they can’t work in the office they can continue to work and allow your business to function.  From an office fire or flood which leaves you without a workspace to snow stopping employees travelling to the office, if you have the capabilities and technology in place, business can continue.  We have a blog here on our essential WFH equipment and a blog on the considerations of the WFH environment and your business security here.

  1. Cloud Services

This area ties in nicely with the previous area, but should be given it’s own importance and time to be considered as this can benefit the business not just for the WFH benefits.  As more and more of the software we use daily offers cloud based options it is important that we make ourselves aware of these if the options are available to us.  Cloud based services can give us the flexibility to work from anywhere and reduce the capital costs required with servers and the maintenance of this equipment.  Most cloud services are monthly based subscriptions so allow you to budget for a fixed cost each month and not have to guestimate your maintenance budget on servers and any parts that may be required further down the line for them.  We wrote a blog on what is the cloud which you can read here.

  1. Microsoft 365 Licensing Changes

This year Microsoft are making some changes to the way in which they offer their 365 licensing.  These changes will see a shift from monthly licensing charges to annual commitments and we would urge you to speak with your Microsoft 365 provider to plan and discuss the impact this may have on your business in the coming year.  We will be in touch with all our clients to discuss these changes.

  1. Forward Planning for IT Hardware Requirements

Unfortunately, the worldwide chip shortage is going nowhere anytime soon, so we still need to consider our IT hardware requirements as far in advance as possible.  We are still seeing shortages of equipment with no forecast dates of arrival of the stock to our suppliers from the manufacturers, so the more time you can give your IT service provider to get the hardware the more chance of success you will have.  You can read our blog on the chip shortage here.

If you would like to discuss any of these IT areas and would like help to plan your IT for 2022 please don’t hesitate to get in touch with the team here at MJD, and let’s make 2022 the year your IT works for YOU!

 

Rudolph will be preparing his usual Christmas email to be sent to all the hardworking elves and Santa’s suppliers to wish them a Merry Christmas from his fellow reindeers and Mr & Mrs Claus.  But what does he need to consider from GDPR while sending his email?  The team at MJD wanted to give Rudolph some guidance and advice to keep everyone’s data safe.

Rudolph can still send a Christmas email to all his intended recipients; he just needs to consider the content in his email.  If he wants to include direct marketing and the emails are sent to individuals, then he would need to ensure he has the individuals’ consent to receive this type of communication.  However, if he just wants to wish everyone Merry Christmas and all the best for the New Year without any marketing included this will be fine.

Another important email feature that Rudolph should make use of is the Bcc box.  This will mean that he doesn’t give anyone’s data or contact information to anyone else in the email.  It is a very simple function, but a very important one for a Christmas Wishes email.  This advice should allow Rudolph to send a successful Christmas message for Santa and the other reindeer.  If you have any other questions around GDPR and cyber security, please don’t hesitate to get in touch with the team here at MJD.

Santa has a very important responsibility with his Christmas Lists, as they contain a lot of personal data!  This means they come under GDPR because of the personal identifiers held on the list.  So, what advice would we give Santa if he came to MJD for IT support on keeping his Christmas Lists safe and secure, let’s jump in:

  • Ensure that he has them stored electronically in a location that is backed up regularly.
  • Ensure that only the elves who need access to the lists have access to the lists and review permissions every year.
  • Only store the data he needs to on the individuals on his Christmas List and clearly state why he is keeping the data.
  • Ensure that the lists are held securely and adequate protection measures put in place.

So, for Santa to do this we’d recommend the following:

  • Layered security software to protect all devices on his network (antivirus alone is no longer sufficient).
  • A robust back up system, such as a Datto.
  • Have permission levels and security groups setup for users on the network.
  • Review the data each year and check that he still needs to keep the data and if so for how long (For Example – scrooge should be removed from the list).
  • Review his processes for data requests, right to erasure requests and correcting data held (For Example – if the grinch wants his data removed then he can ask and it will be done.)

We here at MJD are always happy to help Santa with his IT support requests to ensure he can concentrate on his core business activities of delivering presents to all the lucky girls and boys.  If you would also like some advice on GDPR and cyber security please don’t hesitate to get in touch with the team here at MJD.

 

We all love to get the most for our money, but we want to highlight the potential dangers that lurk within “Black Friday Deal” emails.  We encourage everyone to exercise just as much caution, if not more, before you click on any link within these emails.  Our previous blog posts on phishing emails and staying safe within your emails are linked here: The silent threat in your InboxGone Phishing!

We urge everyone to remember, these emails are just as likely as any other type of email to be spoofed by cyber criminals to get you to click on the link.  They may even allow you to buy a product, albeit a counterfeit product, to get your details and your money.  If you do receive an email with a deal you’d really like to purchase from a trusted shop, try typing the website straight into the web address bar in your browser and finding the product that way.  Then you don’t have to worry about clicking on a potentially malicious link.  In the past twelve months alone, the Active Cyber Defence programme has removed 113000 malicious URLs from fake online shops where consumers ended up with counterfeit goods or nothing at all.

The National Cyber Security Centre offer some great advice on keeping yourself safe while online purchasing this Black Friday here.

They offer some key top tips such as:

–              Be selective of where you shop

–              Only provide necessary information

–              Use a secure and protected payment method

–              Keep your accounts secure

If you do receive a suspicious-looking email over this festive period, forward it to report@phishing.gov.uk for the NCSC and the City of London Police to include it within their Suspicious Email Reporting Service.

As always, if you think you have fallen victim to a scam email or phishing email please don’t hesitate to contact the team here at MJD to help you get yourself or your business secure again.  And if you find any great black Friday deals let us know too!

As a Cyber Essentials accreditation body here at MJD, we always highly recommend our clients go through the process of Cyber Essentials and always encourage clients to take the next step in their security journey to Cyber Essentials Plus as well.  But, we often get asked why they should take these steps to become accredited, so today let’s explain our reasoning behind the recommendations of becoming a Cyber Essentials accredited company.

The process of achieving Cyber Essentials accreditation should be viewed as a method of checking your current work practices and identifying areas that need improvement to achieve the accreditation.  The process of becoming accredited acts as your checklist to ensure and know that your company is hitting a certain level of cyber security protection for you and your clients.  It may identify areas that you didn’t even realise were related to cyber security.  In this sense it is a valuable exercise to go through to help identify and then resolve weaknesses in your security.  This is then used every year when you reassess to know that you are still working to the same standard.

Through becoming accredited you have a standardised level that any client can recognise and immediately understand how secure your setup is.  It can greatly help when tendering for bids with potential clients as you can answer any cyber security questions with your accreditation rather than trying to explain and demonstrate the policies and technology you have in place.

Another benefit of the Cyber Essentials accreditation is that it comes with Cyber Insurance which is an added benefit, aside from all that we’ve discussed above.  We believe at MJD that this is an investment in your business that will not only benefit you now but in the future as well.  The peace of mind that going through this process will also generate is a benefit that has no monetary value but will put to rest some of the worry that comes with the threats out in the cyber world.

If you have any questions about this process or are interested in getting started on your Cyber Essentials journey please don’t hesitate to get in touch with the Team here at MJD.

Ransomware is used by cyber criminals to hack a device and encrypt the files.  They then ask you for a payment to decrypt the files if you are lucky and they do give you the key.  Unlike other computer viruses where they can usually be removed after infecting your device, the only way to resolve a ransomware is to have the key to decrypt the encryption, which usually only comes from paying the ransom.  Ransomware is a costly cyber crime, with WannaCry estimated to have caused losses of $4 billion and NotPetya upwards of $1.2 billion.  It is not something to be taken lightly and the best form of protection is prevention and preparation for what to do in the event of a ransomware attack.  Anti-virus and anti-malware software is no longer enough to protect against these attacks, you need robust layered security measures, procedures and protocols, training on how to deal with suspicious emails and never postpone or cancel updates on your devices.

Several key points to ensure that you protect yourself from ransomware are:

  • Always use robust antivirus/antimalware software
  • Always purchase legitimate software where updates are regularly available to keep it secure
  • Use layered security such as firewalls & device/network monitoring systems
  • Backup your data regularly and ensure the backup you use detects ransomware attacks & protects your data accordingly
  • Keep your device security and software up to date
  • Use a password manager, they are very well priced and can make life so much easier for you.

The best way to protect yourself from a ransomware attack is to avoid and prevent, due to it being highly unlikely you will decrypt the files without the key from the hackers.  This explains why we always recommend installing anti-virus and anti-malware software and why we encourage you not to postpone or cancel updates on your devices.  This also highlights the importance of a good back up system, so that if you do get attacked by ransomware, you can restore from the last clean back up and at most lose a couple of hours to a day’s work.

We have a couple of previous articles on these points which go into more detail on Windows updates here and on back up systems here  and here.

When trying to reduce your chances of downloading ransomware onto your devices practising good online habits such as using complex passphrases and changing them frequently, avoid suspicious websites or downloading files from unverified sources will also help prevent a ransomware attack.  If you have any concerns about your device or network security in relation to ransomware please don’t hesitate to get in touch with the team here at MJD.  Lets make IT work for YOU.

As restrictions are easing and we are moving into a new phase of living with the COVID-19 pandemic, we are seeing a trend develop for a hybrid working pattern and home working is here to stay.  That’s why this week we wanted to highlight the essential pieces of equipment that we would recommend to make your work from home setup more efficient and make your IT work for YOU.

  1. Docking Station

The most useful piece of kit you could have in your work from home and your office setup is a universal docking station.  We recommend and use the Terra 731 Docking Station, which means that all you have to do is connect a USB cable to your laptop and you can be connected to your monitors, speakers, internet, keyboard and mouse as quickly as you can connect the cable!  This can make the transition between office to your home desk feel effortless and you won’t even think about it.  This means you and your employees can concentrate on getting down to work and not having to setup your desk and work station each time you move between the two setups.

  1. Height adjustable monitors/Monitor Stands

                           

It is important to make sure that you now consider your work from home setup as a permenant fixture and therefore, are your monitors at the correct height for ensuring you have good posture?  If you have two monitors are they both at the same height?  If not, it would be worth considering new height adjustable, or if these monitors are still in good working order a monitor stand which would allow you to properly adjust the height of the monitor screen.  Terra have a range of monitors so please get in touch with your specific requirements for a bespoke recommendation.

  1. Microsoft 365

By using Microsoft 365 for your whole business setup or as a hybrid solution, this can help you to move seamlessly from office to home by having access to your files in the 365 cloud.  This also gives you access to use Teams to help manage your business remotely and to collaborate and stay in touch even while you are all in different locations.  If you have any questions or want to maximise the use of your 365 licenses, just get in touch with the MJD team and we’d be more than happy to help.

  1. Laptop

     

A laptop goes without saying, due to its portability will allow you to take it between the office and your home office with ease and combined with a docking station at both desks will allow you to always have everything you need at all times.

  1. Headset

If you are not the only one in your house then to ensure privacy and that your clients and colleagues can hear you clearly in video calls a headset is a must and not an expensive part of your kit.

  1. Security Software

This is a rather vague heading, but by this we want to encompass not just anti-virus & anti-malware but also security monitoring services which constantly monitor for suspicious activity on your devices which could be a result of malware or a ransomware attack plus remote management software for mobile devices to allow you to wipe them and protect your data if they are lost.  This is the most important part of your hybrid setup and why we left it to last to ensure it’s the one that sticks with you.  Portable devices are more likely to get lost, be left behind and be outwith your nice secure office network and therefore need protection from the environments they find themselves in.  Get in touch with our Cyber Security Specialist here at MJD to discuss your security software requirements and how to best manage your portable devices.

 

Gone are the days of being able to easily identify a phishing or scam email, as these are usually caught by our spam filters or move straight into our junk folders.  More and more we need to be vigilant against every email we receive into our inbox as we see increasing threats from hackers.  Today’s blog we want to encourage you to form the habit of answering the following 3 questions for every email you receive.

  1. Was I expecting an email from this individual?

Is this an email on a subject that you have been dealing with this individual previously or an ongoing piece of work you are collaborating on?  If the answer is yes, you are not completely safe yet.  Hackers can be very patient people and will sit and monitor an inbox and will try and learn the type of emails this person may send or that you may receive.  They can even spoof or gain access to this individuals mailbox to make the email look even more genuine.  If the answer is no, pick up the phone and give the individual a call.  It will take you only a few minutes to double check with the individual, but think of the hours of downtime you might save if you have avoided allowing a cyber attack to infiltrate your organisation.

  1. Do I usually receive emails with attachments from this individual?

Is this something which you usually receive attached to an email?  If the answer is yes, has it come at the usual time and day?  Is the file format what you are expecting?  If not, the same solution applies to give the individual a call to check if they meant to send this to you.

  1. Do I usually receive attachments like this?

What we mean by this is, if it’s an invoice do you usually work with invoices and receive them?  Or a quotation or purchase order?  Is it a document you usually receive and work with, if not then question why it’s been sent to you and give the individual in question a call.

As you can see, the same check is relevant to all three questions, just to pick up the phone and give the individual a call to double check this was meant to be sent to you.  At the end of the day, the worst that can happen is you have a chat with them and maybe even discuss what they’ve sent you or what you’re working on, and in the best case scenario, one phone call saves the whole organisation from the threat of a cyber attack.

If you have any questions about phishing or spam emails, please don’t hesitate to get in touch with the team here at MJD.  No question is a stupid question when it comes to protecting your company from a cyber attack.