Gone are the days of being able to easily identify a phishing or scam email, as these are usually caught by our spam filters or move straight into our junk folders.  More and more we need to be vigilant against every email we receive into our inbox as we see increasing threats from hackers.  Today’s blog we want to encourage you to form the habit of answering the following 3 questions for every email you receive.

  1. Was I expecting an email from this individual?

Is this an email on a subject that you have been dealing with this individual previously or an ongoing piece of work you are collaborating on?  If the answer is yes, you are not completely safe yet.  Hackers can be very patient people and will sit and monitor an inbox and will try and learn the type of emails this person may send or that you may receive.  They can even spoof or gain access to this individuals mailbox to make the email look even more genuine.  If the answer is no, pick up the phone and give the individual a call.  It will take you only a few minutes to double check with the individual, but think of the hours of downtime you might save if you have avoided allowing a cyber attack to infiltrate your organisation.

  1. Do I usually receive emails with attachments from this individual?

Is this something which you usually receive attached to an email?  If the answer is yes, has it come at the usual time and day?  Is the file format what you are expecting?  If not, the same solution applies to give the individual a call to check if they meant to send this to you.

  1. Do I usually receive attachments like this?

What we mean by this is, if it’s an invoice do you usually work with invoices and receive them?  Or a quotation or purchase order?  Is it a document you usually receive and work with, if not then question why it’s been sent to you and give the individual in question a call.

As you can see, the same check is relevant to all three questions, just to pick up the phone and give the individual a call to double check this was meant to be sent to you.  At the end of the day, the worst that can happen is you have a chat with them and maybe even discuss what they’ve sent you or what you’re working on, and in the best case scenario, one phone call saves the whole organisation from the threat of a cyber attack.

If you have any questions about phishing or spam emails, please don’t hesitate to get in touch with the team here at MJD.  No question is a stupid question when it comes to protecting your company from a cyber attack.

We all want to ensure our customers are happy with the service we provide, and if our customers are going to be waiting or carrying out daily tasks in our premises, we may want to provide them with an internet connection.  Especially in our area of Scotland, where sometimes the 4G signal may not be up to scratch.  However, are you allowing a security risk to your entire network by handing out your wireless password.

If you haven’t secured your wireless network then plain and simple, this is a massive security risk and you should stop immediately.  The best way to offer your customers a wireless option, is through separate private and public wireless networks.  This allows you to segregate and control the access the public has to your business network to avoid a damaging data breach.  This does not mean you need to have two separate broadband lines and separate access points for private and public.  There are access points on the market that allow segregation within the same access point network.  The team at MJD have fitted and maintain these systems across our clients networks and can do so remotely to reduce site visits and costs for our clients.

While security is the main concern you should have with offering customers wifi, it is also important to consider that this reflects on your business image.  If your wifi is slow and unreliable, then it may be best not to offer wifi until you are able to resolve the issue.  If this is something you and your customers are experiencing, there could be several reasons why.  The speed of your broadband connection, the hardware providing the wireless connection and the activities the wifi users are performing could all be having an affect.  If your wireless network is not setup to limit streaming/downloading one customer could spoil the wireless connection for all users.

If any of these issues seem familiar please don’t hesitate to get in touch with the team here at MJD and let’s make IT work for YOU.

Following on from a blog post last month on what is the cloud, we are taking a look at Microsoft’s 365 cloud services and provide you with some useful information to help you make the decision on whether 365 is right for your business.  Microsoft 365 can help you to become more productive in the new work from home environment we find ourselves in and take us through to the future hybrid working offices with more people continuing to work from home for a percentage of their working week.

Microsoft 365 is a cloud based productivity solution software which is subscription based.  This means you pay a monthly fee per user and you get the latest version of the Microsoft Office software. There are different levels of license which you can choose to purchase depending on what you require.  Microsoft 365 allows you remain connected and stay productive while working remotely, by allowing collaboration on work projects with colleagues and allowing you to store your company data which all employees can access without the need for a server or remote access to PCs in your office.  The subscription service also keeps your business agile and if you need to increase in size, you are not limited by your current IT hardware and infrastructure and require large capital costs for new servers and software, simply add a Microsoft 365 license and install it on the new device for the new employee!

There are 4 main packages to consider: Business Basic, Standard, Premium and Apps for Business.

  1. Business Basic – this gives you business email, access to Microsoft Teams, web based Office apps and cloud storage. This is perfect if you just need the ability to communicate with colleagues and clients.
  2. Business Standard – this also includes access to the desktop versions of the Office apps on top of the Basic offering but does not include the device management and advanced security options.
  3. Business Premium – this includes all of Basic and Standard, but with the added Advanced Security and Device Management and this makes it perfect for SME use and the product we recommend if you require more than the basic email address.
  4. Apps for Business – if you simply require the desktop versions of the Office suite, apps for business is designed for just that. Always have access to the latest version of the Office suite.

Another question we are often asked is how reliable is Microsoft 365.  To help our clients understand we explain that if your on premise server were to go down, you’d be without your data until we could resolve the issue or recover your data from your backup to get you running again.  However, with Microsoft 365 as they have a large cloud network of servers around the world, if there is an outage on one server it will move to another server in that data centre.   Then if the data centre fails, it would fail over to a secondary location.  So it would be rare that you would not be able to access your data due to an outage on the cloud server side.

Sometimes, it can be difficult to adjust your thoughts onto paying a monthly cost per user when previously you would have a capital outlay in one payment.  What is important to remember and to consider is that you are shifting from working with what will become outdated technology at the end of its life before you invest in new equipment to always having access to the latest software and technology.  So, rather than the unknown of what a future upgrade project might cost, you can now budget and plan for the known cost of your 365 subscription each month for the latest software and cloud technology that works to make your business more efficient.

The migration to Microsoft 365 from your server based operations can be a daunting thought.  However, the switch is a sensible choice if you are looking to increase your flexibility and allows you to move away from the need to make capital investments in servers to store your own data or run Exchange.  Microsoft 365 offers you flexibility to change your IT requirements to fit with your growing business month by month if required.  Your Managed Service Provider (MSP) will be able to talk your through and plan your migration to 365 to ensure that you experience minimal downtime and migration work is scheduled for out of hours.  Downtime cannot totally be avoided, however with the right planning and teamwork with your MSP minimal disruption can be achieved usually less than an hour downtime in total.  This is what we strive for at MJD in our 365 migrations, each stage is planned with you to best suit your current business activities to ensure the impact on your business operations is minimal.

This blog post will help you to begin to consider and decide if 365 is right for your business, but the Team here at MJD are always happy to discuss your options and make sure you are choosing the right solution to make IT work for YOU!

With World Backup Day approaching on the 31st of March we wanted to highlight the importance of a backup and encourage everyone to run a backup on the 31st of March, especially if you have never done a backup before!

We have previously covered the topic of why a backup is important and tips on how to chose a suitable backup service for your circumstances which you can read here:

Why is a backup important?

Today lets highlight the top 3 reasons why you need to implement a backup system.  Software as a Service (SaaS) apps do not back up your data, examples of these are Microsoft 365 and Google Mail.  Now these services will assure you that THEY won’t lose your data, but what if YOU lost the data?  In a recent report by Aberdeen Group (Read the report here) the top cause of data loss is human error.  Consider your most important document to your business, how well could you cope if you lost it forever or at best had to wait 6 hours or more to retrieve it, could you survive?

Cyber attacks are not slowing down. In the first half of 2020, ransomware attacks increased by 715% exploiting the COVID-19 pandemic.

Also, there are at least 3.4 billion fake emails being sent every day around the world (Read the report here) all attempting to gather more information to determine email accounts to target their attacks on.  Coupled with the fact Microsoft reported 480,000 accounts were compromised by “spraying” attacks.  This is where the attackers run a common password such as “Winter2020!” against numerous accounts until they have success.  If that number sounds big, compare it to the fact Microsoft stop 300 million fraudulent sign in attempts per day!  Same as thinking about that business critical document, what would happen is you couldn’t access your email account for a day or more?  We have a great blog article with advice on setting strong passwords here to help protect yourself from spraying attacks.

The evidence in the Small Business Reputation and the Cyber Risk report (Read the report here) shows that cyber security attacks are damaging SMEs, its not just the large multi national corporations that are targeted.  89% of SMEs reported that cyber breach ramifications are “huge and long-lasting”.  30% of SMEs surveyed reported lost of clients and 29% a reduction in their ability to win new business.  So combined with losing current clients, you could also struggle to replace that business if you don’t protect your data.  These costs far outweigh any capital and monthly costs of implementing a backup solution.

On a positive note, 4 in 5 small businesses with a comprehensive Business Continuity and Disaster Recovery (BCDR) recover from ransomware attacks within 24 hours.  The average cost of downtime as a result of an attack for 2020 was $274,200 which has almost doubled since 2019.

If you have a comprehensive backup solution in place, such as a Datto system which is MJD’s chosen backup partner of choice, you can reduce that downtime cost considerably and not have to even consider paying the ransom to then also pay a MSP to decrypt the data as well.  Not to mention the unproductive time of employees unable to perform your core business activities without access to your data.

If you are interested in implementing a Datto Backup System, or would like some advice on a backup solution please don’t hesitate to get in touch with the team here at MJD.

Today’s blog topic may be something you have never even considered or realised exists.  So lets explore why it’s required and the benefits for your business.  It is important to remember that we now use our mobiles like laptops and computers to access and browse the internet and this means they are vulnerable and exposed to the same threats as our laptops and computers.  Like with your PC or laptop you should always keep your mobile software up to date and try not to delay installing a new update.

There are two main type of mobile OS: Android and Apple iOS.  The Apple iOS is more locked down in comparison to Android and all apps are subject to security checks prior to being released through the app store.  Now this does not mean that Android is without its own security features from Google, however, with Android devices it is recommended that an additional anti-virus software package is installed on your Android mobile device.

The mobile anti-virus software will scan your device regularly and alert you to any potential security threats and help remove these threats.  One of the key features which are important to make sure your mobile anti-virus software has is remote wipe.  This means that if a mobile device has been lost or stolen you can wipe all data on the phone and the memory card.  This way, even if the device is lost/stolen the data on the device can’t also be used to the criminals advantage.  This means you are protecting your data and the data of your clients and complying with GDPR.

Mobile anti-virus software allows you to continue your business security protection beyond the walls of your office and when unfortunately the device has left the hands of your employees.  But this is not a free ticket to let your  guard down, it is important that you are still vigilant for phishing emails, unknown senders and attachments and dodgey websites with the anti-virus software being the icing on the cake of your security mindset.

If you are interested in implementing a mobile anti-virus package across your devices please just get in touch with the team here at MJD.

A password manager is a fantastic software tool to add to your IT kit to help increase the security of your passwords without the main issue of how to remember and store your details securely.  A password manager is a software tool that allows you to store your passwords securely and easily access them across your devices such as your PC, tablet, laptop and even your mobile.  They also have auto-generation tools to create secure passwords for you.  No more having to think of a random phrase and insert numbers and symbols! A password manager when used across the company can provide warnings if staff are using weak passwords or repeating their passwords thus giving you confidence that your business is not being left vulnerable due to staff weak passwords.

Everyone here at MJD would and probably could not go back to managing their passwords without using a password manager since we implemented them several years ago.  You can even have 2FA setup on your password manager to make it even more secure.  In addition, the autofill features are extremely useful when it recognises a login page on your device and fills the details in for you before you can even think “What email is registered to this account?”  It really is an essential tool to managing and maintaining secure passwords for all your accounts.

Another useful business function of a password manager is when setup within your organisation you can give permission to other users who need to share a login with you securely.  This can also facilitate everyone being able to update the password when it needs to be reset without the need to send the information in an unsecure format such as an email or post it notes.

Here at MJD we recommend the password manager Keeper, which also has a feature called Breachwatch which will scan your records and advise which passwords are at high risk and should be changed to be made more secure.  This can be extremely useful when you initially move to using a password manager to help you work through and change existing passwords to ones generated within your password manager.

If you are interested in getting a password manager please don’t hesitate to get in touch with the team here at MJD.

As we continue to work from home due to COVID-19 and a shift in our working practises and business models brought on by the pandemic, we need to consider that we are moving our business activities into potential hostile environments outside the safe confines of our office security systems.

Out of a need to move quickly we have all been learning how to connect remotely from our personal devices and how to continue business within our new work environment.  But, what may have be left out of your considerations is how secure is this new work environment.  Also, how many new work environments does my business now have which I currently have little or no control over?  Each employee working from home will have their own unique setup within their household for their own personal IT.  What we need to consider is this:  was this setup with business in mind?

The answer will likely be no as before now, unless they worked from home as part of their contract, the most they might have done remotely is to check emails on their home network via webmail or on their phone.  What their home setup will predominately be catering for is their personal use: entertainment, children, life admin!  The security setup will depend on their personal interest in IT and their appetite for risk.  If they are a security conscious individual concerned with internet safety they may have anti-virus software on personal laptops and have changed the default password on their router (if they know how to do this).  However, they could also have no software and have left the default password on their router as supplied from the manufacturer resulting in every hacker in the world knowing the password for their router in fact a 10 second internet search will likely provide the password to anyone that wants it.

This is where our term “hostile environment” comes into play.  When you ask employees to work from home, whether using company issued devices or not, you are introducing a new network into your business network parameters.  This means to ensure your network security is comprehensive you need to consider each employee who works from home as a satellite office and part of your overall IT network.  Ask the questions would you allow your employee to take commercially sensitive files out of the office and leave them in an unlocked home overnight?  This is effectively what you maybe doing with your electronic files.

Now we’re not trying to panic anyone and we’re not saying that you need to stop people working from home, quite the opposite!  Working from home has been vital for many businesses during COVID-19 and will probably continue with many workers afterwards. Here at MJD we’ve been working hard with our clients to set everyone up with safe and secure work from home solutions to allow them to protect their workforce and their business as best they can from the effects of the pandemic.  What we want is to increase the awareness of the security risks posed from the work from home movement and highlight that there are some key tools to implement to increase your opportunities and decrease your threats because of working from home.

In fact have you considered the fact that your employee could be in the kitchen making a cup of tea while other members of the family may have access to the computer and ultimately your valuable business information and whilst not being malicious children can be very inquisitive and can cause a lot of damage deleting things in the 5 minutes that the pc is unsupervised?

First and foremost, if your employee is working from home using a personal device it is highly recommended to make sure you have a Bring Your Own Device policy in place and that a stipulation of this is that a company approved anti-virus and anti-malware software is installed.  The National Cyber Security Centre have a fantastic advice document on their website on Bring Your Own Device policies which can be found here.

The team here at MJD can help you to implement such a policy and we can recommend suitable Remote Access software to help you manage this policy for mobile devices, laptops and PCs.

An IT policy should also be implemented alongside your BYOD policy, which we recently wrote a blog article on and can be read here.  This will help to protect the business should any IT hardware or services provide by the business to your employees be used outwith the manner agreed to and intended for while in the work from home and office environments.

A password manager should also be utilised to ensure the secure management of company passwords and allow employees to share credentials in a safe and secure method.  You can even share read only view permissions between members of your organisation so they can login but not view or edit the password themselves.

We would also recommend the use of Email Encryption for members of your organisation who require to send confidential or sensitive information.  This allows you to add a further layer or security on your business communications in these new hostile environments.  We recently wrote a blog article on email encryption which you can read here.

This is by no means an exhaustive guide on to how to fully protect your IT network and business in the work from home environment, but is a good starting point to encourage discussion and planning on the area.  If you have any questions about your remote setups or would like advice or guidance on improving your work from home security please don’t hesitate to get in touch with the team here at MJD.

A spam filter on your emails is a great preventative tool to help keep your business secure.  Spam filters work to block malicious threats like phishing, impersonation, malware, ransomware and spam-type messages.  It is a preventative tool because it works to remove the threat before it has chance to reach the end users inbox, and will flag it in their quarantine to warn them before releasing the email.  This helps to reduce the potential for end users to download malicious attachments and click on links to unscrupulous websites.

But how does a spam filter actually work? Let’s break it down to help you understand how this key feature of your security is working to help protect your business.  The below flow diagram can help to visualise the stages as we describe them.

When we setup your spam filter, we change the direction of your mail flow to pass through the spam filter before reaching the end users in their chosen email client.  This means that the first stage for the email is to pass through a multi-layered filtering engine.

This filter looks at the email header information to determine if the sender is blacklisted, or signs that suggest the email may be junk mail.  There is lots of information within the header of an email for example every server that this email has passed through, date and time and security stamps.  Basically the spam filter is looking to see if the sender of the email is trying to trick you as the recipient and then block you from receiving these emails, so things like replacing the letter O in a company name with the number zero.

Here at MJD we deploy Advanced Email Threat Protection from our spam filter partner, AppRiver, which also provides attachment assurance and link protection.  Attachment assurance will analyse the attachments in a cloud-based sandbox and then if safe, deliver the attachment or deliver a disarmed version or PDF of the attachment.  Link protection means that every link within an email that has passed through this spam filter is re-written and is checked at the time-of-click to always keep you safe no matter when you click on that link after receiving the email.  The testing may take you to a safe site, provide a warning for suspicious content or block the link as a malicious website.

These additional features mean that we can offer you a high level of upfront protection for your end users from phishing attacks and virus/malware attacks in their inboxes.  As with any spam filter, it will take a short period of time to learn your email traffic and need your help to whitelist genuine senders you wish to receive emails from, but after this period rest assured that the 24/7/365 threat analysis team are working to keep adding new threats to your inbox.

If you are interested in setting up Advanced Email Threat Protection please don’t hesitate to get in touch with the team here at MJD, we’d be more than happy to help.

As it’s Halloween, we thought we’d look at a something a little scary in the IT world:  The Dark Web.

Lets begin by breaking down what is the dark web and the Internet which we all access everyday.   The Internet we all tend to access everyday through our favourite search engines is called the surface web, which lends nicely to imagining the Internet like an iceberg.  So everything above the water is the surface web.

Everything below the water of the iceberg is called the deep web and with some basic diving kit you could access some of the iceberg below the water’s surface. The deep web is unable to be searched using our favourite search engines.  Now, not everything within the deep web is malicious and much is legal and safe.  Within the deep web there are things such as databases which are publicly and privately accessible, but only within their database and intranets which you may have one within your organisations, but you can only access when logged into your company devices.  The deep web also includes any blog articles that have yet to be published, web pages that are in the process of redesign and even pages within your online banking account.  All these pages will have instructions written into them to tell search engines not to search them or they are hidden behind passwords and therefore not searchable.

via GIPHY

The dark web is specifically web pages and sites that are not indexed and you must have a specialised web browser to access.  It routes your path to these sites through multiple servers and uses encryption to make users as anonymous as possible.  It was originally created to allow US spies to communicate with the Department of Defence to protect their identities and their safety in the 90s.

The dark web is significantly smaller than the surface web, so could be considered the very bottom submerged tip of the iceberg in our analogy and would require specialist diving equipment and knowledge to reach, but would still be risky to do so even with the equipment and knowledge.  As such, the dark web is not something you can stumble upon in your day to day Internet usage.  So while it is something to be aware of and understand it exists, you would need to go out of your way to access it.  This is the part of the Internet where stolen user credentials, passwords and financial details are traded and sold.  It is an extremely dangerous area of the Internet to access and use.

As the dark web is not something we can stumble upon, what is more important is considering the dangers and safe usage of the deep web that is most appropriate for the majority of people.  The deep web can hold piracy sites and unsavoury content and as such this is possible to access and come across while using one of the common browsers and search engines.  Therefore, the best way to protect yourself in the deep web is to always be aware of the links you are clicking through to and what buttons or how you are interacting with a website.  Evaluate if you trust the website you are on and if the link or action you pursue on this website is safe and considered.  This will help to keep you safe on the Internet. If you have any further queries or need more advice on staying safe on the Internet, please just get in touch with the team here at MJD.

With the increase of social engineering and successful phishing attacks which we are seeing every month, combined with the extremely high risk of a sensitive data breach or financial loss without Multi-Factor Authentication (MFA), we want to make sure you are aware and understand what this is and how it can help.

There has been a dramatic and unforeseen shift to remote working through out this year in response to COVID-19, the importance of turning MFA on has increased further.  MFA is the process of using two or more ways to verify the authenticity of a login attempt to a service.  Verifications are usually made up of a combination of your password, an authenticator app on your mobile or biometrics like your finger print or facial recognition.  We’ve included a great video demonstration to help explain the process within Microsoft 365:

 

  

With 365 the MFA feature is included with your 365 subscriptions, so there is no additional cost to your monthly subscription with Microsoft 365.  It is a simple way to add an additional layer of security to your security setup, to deter and minimise the threat of a cyber attack.  Trying to gain access to a 365 account with MFA is a great deal of work for a cyber criminal and can help to encourage them to move on to their next target.

While this does add an extra step to your login to access your 365 and can pose a potential problem should you forget your phone or even worse lose it!  However, when coupled with the fact that 60% of SMEs go out of business within 6 months of a cyberattack, it is a small inconvenience that very rarely occurs, can you really put security over convenience?  If this ever does happen, this is what MJD are here for to help you resolve the issue and get your IT working for you again.

What is important to keep in mind is that one of 365’s main advantages is that you can access it from any device, therefore it is important to remember that employees may use personal devices to check emails or work on documents for your business.  These devices may not have our RMAV package on them and potentially no anti-virus software, opening your business to threats.  With MFA, it means that to gain access to a 365 account they would also require the mobile phone with the authenticator app or your biometric data, alongside the password.

For such a small inexpensive step to add to your security system within your business, this is a function that you cannot afford to leave switched off.  As always, if you have any questions or would like any help setting up MFA please don’t hesitate to get in touch with the team here at MJD.