A spam filter on your emails is a great preventative tool to help keep your business secure.  Spam filters work to block malicious threats like phishing, impersonation, malware, ransomware and spam-type messages.  It is a preventative tool because it works to remove the threat before it has chance to reach the end users inbox, and will flag it in their quarantine to warn them before releasing the email.  This helps to reduce the potential for end users to download malicious attachments and click on links to unscrupulous websites.

But how does a spam filter actually work? Let’s break it down to help you understand how this key feature of your security is working to help protect your business.  The below flow diagram can help to visualise the stages as we describe them.

When we setup your spam filter, we change the direction of your mail flow to pass through the spam filter before reaching the end users in their chosen email client.  This means that the first stage for the email is to pass through a multi-layered filtering engine.

This filter looks at the email header information to determine if the sender is blacklisted, or signs that suggest the email may be junk mail.  There is lots of information within the header of an email for example every server that this email has passed through, date and time and security stamps.  Basically the spam filter is looking to see if the sender of the email is trying to trick you as the recipient and then block you from receiving these emails, so things like replacing the letter O in a company name with the number zero.

Here at MJD we deploy Advanced Email Threat Protection from our spam filter partner, AppRiver, which also provides attachment assurance and link protection.  Attachment assurance will analyse the attachments in a cloud-based sandbox and then if safe, deliver the attachment or deliver a disarmed version or PDF of the attachment.  Link protection means that every link within an email that has passed through this spam filter is re-written and is checked at the time-of-click to always keep you safe no matter when you click on that link after receiving the email.  The testing may take you to a safe site, provide a warning for suspicious content or block the link as a malicious website.

These additional features mean that we can offer you a high level of upfront protection for your end users from phishing attacks and virus/malware attacks in their inboxes.  As with any spam filter, it will take a short period of time to learn your email traffic and need your help to whitelist genuine senders you wish to receive emails from, but after this period rest assured that the 24/7/365 threat analysis team are working to keep adding new threats to your inbox.

If you are interested in setting up Advanced Email Threat Protection please don’t hesitate to get in touch with the team here at MJD, we’d be more than happy to help.

As it’s Halloween, we thought we’d look at a something a little scary in the IT world:  The Dark Web.

Lets begin by breaking down what is the dark web and the Internet which we all access everyday.   The Internet we all tend to access everyday through our favourite search engines is called the surface web, which lends nicely to imagining the Internet like an iceberg.  So everything above the water is the surface web.

Everything below the water of the iceberg is called the deep web and with some basic diving kit you could access some of the iceberg below the water’s surface. The deep web is unable to be searched using our favourite search engines.  Now, not everything within the deep web is malicious and much is legal and safe.  Within the deep web there are things such as databases which are publicly and privately accessible, but only within their database and intranets which you may have one within your organisations, but you can only access when logged into your company devices.  The deep web also includes any blog articles that have yet to be published, web pages that are in the process of redesign and even pages within your online banking account.  All these pages will have instructions written into them to tell search engines not to search them or they are hidden behind passwords and therefore not searchable.

via GIPHY

The dark web is specifically web pages and sites that are not indexed and you must have a specialised web browser to access.  It routes your path to these sites through multiple servers and uses encryption to make users as anonymous as possible.  It was originally created to allow US spies to communicate with the Department of Defence to protect their identities and their safety in the 90s.

The dark web is significantly smaller than the surface web, so could be considered the very bottom submerged tip of the iceberg in our analogy and would require specialist diving equipment and knowledge to reach, but would still be risky to do so even with the equipment and knowledge.  As such, the dark web is not something you can stumble upon in your day to day Internet usage.  So while it is something to be aware of and understand it exists, you would need to go out of your way to access it.  This is the part of the Internet where stolen user credentials, passwords and financial details are traded and sold.  It is an extremely dangerous area of the Internet to access and use.

As the dark web is not something we can stumble upon, what is more important is considering the dangers and safe usage of the deep web that is most appropriate for the majority of people.  The deep web can hold piracy sites and unsavoury content and as such this is possible to access and come across while using one of the common browsers and search engines.  Therefore, the best way to protect yourself in the deep web is to always be aware of the links you are clicking through to and what buttons or how you are interacting with a website.  Evaluate if you trust the website you are on and if the link or action you pursue on this website is safe and considered.  This will help to keep you safe on the Internet. If you have any further queries or need more advice on staying safe on the Internet, please just get in touch with the team here at MJD.

With the increase of social engineering and successful phishing attacks which we are seeing every month, combined with the extremely high risk of a sensitive data breach or financial loss without Multi-Factor Authentication (MFA), we want to make sure you are aware and understand what this is and how it can help.

There has been a dramatic and unforeseen shift to remote working through out this year in response to COVID-19, the importance of turning MFA on has increased further.  MFA is the process of using two or more ways to verify the authenticity of a login attempt to a service.  Verifications are usually made up of a combination of your password, an authenticator app on your mobile or biometrics like your finger print or facial recognition.  We’ve included a great video demonstration to help explain the process within Microsoft 365:

 

  

With 365 the MFA feature is included with your 365 subscriptions, so there is no additional cost to your monthly subscription with Microsoft 365.  It is a simple way to add an additional layer of security to your security setup, to deter and minimise the threat of a cyber attack.  Trying to gain access to a 365 account with MFA is a great deal of work for a cyber criminal and can help to encourage them to move on to their next target.

While this does add an extra step to your login to access your 365 and can pose a potential problem should you forget your phone or even worse lose it!  However, when coupled with the fact that 60% of SMEs go out of business within 6 months of a cyberattack, it is a small inconvenience that very rarely occurs, can you really put security over convenience?  If this ever does happen, this is what MJD are here for to help you resolve the issue and get your IT working for you again.

What is important to keep in mind is that one of 365’s main advantages is that you can access it from any device, therefore it is important to remember that employees may use personal devices to check emails or work on documents for your business.  These devices may not have our RMAV package on them and potentially no anti-virus software, opening your business to threats.  With MFA, it means that to gain access to a 365 account they would also require the mobile phone with the authenticator app or your biometric data, alongside the password.

For such a small inexpensive step to add to your security system within your business, this is a function that you cannot afford to leave switched off.  As always, if you have any questions or would like any help setting up MFA please don’t hesitate to get in touch with the team here at MJD.

When considering cyber security we can often jump straight to considering how technology can protect us and completes our security package.  However, there are actually 3 pillars of cyber security.

As you can see from the Venn diagram each pillar is equally important to the overall cyber security of your network.  Your processes may already be in place but you had not considered them part of your cyber security.  Such as hierarchy of access to information, password policies, data control and data request processes.  But this may just require a culture shift to include the review and adaptation of processes and policies within you overall cyber security plan.

The element which has not had as much development over the years to match the speed of technological development is the people asset:  The Human Operating System (OS).

This is the most common area for weaknesses in a companies overall cyber security.  Now if we consider the fact that this year Webroot reports phishing URLs grew by 640%.  This highlights the  importance of gearing our three pillars towards reducing the inherent risk.

Now, under technology our SPAM filters can check links, quarantine potential risk emails and check links as they are clicked on.  Your processes may filter out requests for information, detailing who can have access to what and how someone can request information.  But the people pillar is arguably the most important to focus current investment due to the lack of investment in comparison to the development of the other two pillars in recent years.

So, how can we improve and strengthen the security of our Human OS in our organisation?  Training.

There are various options and plans of how to deploy training in your organisation.  Here at MJD we can offer dedicated training sessions with our Cyber Security Specialist, tailored to our client’s organisation.  We would also recommend implementing a continuous and random on the job training programme.  We can create training campaigns where fake phishing emails are sent to collect data on who clicked on links and how people interact with the email.  It then instantly provides a small training session for those individuals who do click on the link and enter information.

These campaigns allow you to analyse the statistics of how many times people click on the links, to identify individuals who may need more targeted training or equally to give people praise for continuing to ignore phishing emails or improve on their click rate.

The team at MJD can help you create a plan to keep your Human OS up to date, as well as managing your technology updates and IT security.  Get in touch and let’s make IT work for YOU!

Today we want to talk about phishing emails.  A phishing email is an email which has been sent to the recipient with the purpose of convincing you to provide them with your personal information or account details.  Once they have this information they may use it to create accounts in your name or to gain access to steal more of your sensitive data. Reports conducted for this year by Webroot show us that there has been a 640% increase in phishing URLs being sent.  This highlights the importance of being aware of how to protect yourself from phishing campaigns.  The key to protecting yourself against phishing attacks is a continuous training programme.  Statistics in this report also show that after 1 year of training, end users are 70% less likely to click through to a phishing attempt. The team at MJD can help to setup email training campaigns to help combat phishing attacks, so if after readying this article and encouraging your colleagues and peers to read this blog article you would like more training please just get in touch.

The key to remember is that most legitimate companies you conduct business or personal dealings with will not request sensitive information from you via email.  However, the cyber criminals behind the phishing emails are getting ever cleverer and more careful about the look and feel of their emails, making our daily job of determining genuine emails from dangerous more difficult in our already hectic work lives.  For this reason, we are going to dissect and exam a phishing email we recently received ourselves, to help you to understand the various warning signs and parts of an email to check before interacting with the information contain in the message in anyway.

The first point of call is to consider the supposed reason for receiving the email.  In this example, we are being told our email is limited.  So take a moment, and think am I experiencing an issue like this.

We currently don’t have any issues with this email account being limited, so already alarm bells are ringing.

Next, we consider who the email is coming from.  In this instance its coming from “Webmail Security”.

We don’t use webmail, so already this would not be someone we would expect to get messages about email issues from.  On top of that, the actual email address of @m5-domains.com is not a company we have our domain with, therefore again we would not expect them to know anything about any email problems.  So question do you interact with this company and use this company’s services?  Therefore, should they be getting in touch with you?

Within the body of the message you can see they use a term User Agent, which is like a fingerprint when you may have logged into a website or service through an Internet Browser.  It takes details of the browser you used to access the service or webpage.  Now, for a MSP we know what this is and straight away know we haven’t tried to log into our emails using these browsers.  However, this specialist terminology is used to try and confuse the recipient in the hopes they don’t know what it is.  This is another tactic all working towards encouraging you to act on the email and click their link.

At this point, we have already decided that this is a phishing email, but for the purpose of our blog post we will continue to question the remaining aspects of the email.  For the cyber criminal who has sent this email, the next part is the most important part of their email, the link to their web page.

 

When we hover over the link you can see the URL which this button would take you too.  In this case it lists a web page that has a different domain name, m4 domains rather than m5 domains, to the email address sending the email.  Another red flag.  Most likely this would lead you to a web page where it would ask for your username and password to “verify your identity”.  These would then be stored in a database and used to try and gain access to your account.  It is key that you should remember to NEVER enter your credentials anywhere other than when genuinely gaining access to your emails and you should NEVER share your credentials with anyone.

What you will also notice with this URL is the “link.edgepilot.com” at the start.  This is because of the SPAM filter we use and have setup with many of our clients.  This is an additional feature of the SPAM filter which, in addition to filtering out potential SPAM emails will check all links in emails if they are clicked on prior to taking the user to the site.  While this doesn’t mean you can get click happy, it does offer another layer of protection against phishing emails.

A time limit with a threat of losing access to your account, is another pressuring tactic to get you to take the wrong action.

If you are worried that there is potential the issue may be genuine, raise it with your IT department or your MSP/IT provider first.  They will always be happy you checked with them, even if it turns out to be a phishing or spam email.  The key is not to interact with the link or the sender of the email, any concerns ALWAYS contact your IT department or MSP first.

The final point to make is the small print.

First off, it’s in a lovely pale grey and small font to make it more difficult and off putting to read.  But once you do read it, the references to laws and legislation do not make sense or aren’t relevant to any of our actual UK legislation.  It also references a company, which hasn’t been mentioned previously, again providing us with further information that everything in this email doesn’t add up to a genuine warning from an email provider.

Hopefully, this will give you an initial check list of things to be mindful of when accessing emails and help you to identify emails that you need to be wary of and potentially ask your MSP for help to deal with.  The team here at MJD have a variety of tools and packages which we can implement on your network to carry out on the job training for your organisation.  If you’d be interested in developing a phishing email training programme for your organisation please don’t hesitate to get in touch with us.

 

Think before clicking on that Link!

The team here at MJD are becoming increasingly aware of instances of links in emails which appear to “do nothing” when clicked on. This is not something to be ignored and needs to be report to your MSP immediately. If nothing appears on your screen or nothing seems to have happened as a result of clicking on a link, this does not mean that nothing has ACTUALLY happened. Unfortunately, this more than likely means that information has been gleaned from the registry of your device to enable access to emails, to form an incredibly clever socially engineered attack.

As we all are now more aware of the classic SPAM emails which try to entice the recipient to respond and generate dialogue to encourage the transfer of funds to ensure an some threat is not carried out, the cyber criminals are increasing the ante, and we now have to be aware of social engineering. Cyber criminals are leaning towards social engineering due to it being easier to gain the crucial information they need through our human nature to trust, rather than try to hack your network or password. It’s a lot easier to enter the correct password first time, than to have to work with their tools to figure out the correct password. As it is for us in business, time is money to cyber criminals too.

You may be asking what exactly is social engineering then. This is the process of manipulating an individual and the situation to encourage them to give up confidential information and therefore potential access to your network and devices. These are all based on the way we think and act as human beings and using this to their advantage. We have shared this video before, but we think it is a great example of demonstrating their ability to manipulate the situation to achieve their desired outcome. It really is worth spending 11 minutes of your life watching this video and encouraging all your colleagues to watch this too!

The current example we are responding to and working to resolve with clients is whereby the information stolen from the PC registry when the link is clicked gives them the login credentials for the email account on the PC.  This then allows them to setup rules within Outlook, to send copies or completely forward certain emails to another email address.  Most commonly, invoices are targeted.  All the emails are then monitored for a period of time until they identify their best target, and a simple email is sent from within the account to explain bank details have changed.  And they now hope that the process on the other side will allow for this to slip through.  These attacks are highlighting how important it is that IT security doesn’t stop at your firewall or anti-virus scanner.  IT security encompasses your people and your processes too.

If after reading this you’d like more information on training for your business or to discuss and review your security policies the team here at MJD would be more than happy to help.  Let’s make your IT work for YOU!

Currently, with many of us working from home and varying shift patterns or hours of work due to furlough, client requirements or childcare requirements the frequency of use of our Out of Office notifications has increased dramatically.   It is worth considering the potential impact that these notifications can have on the security of the company.

Have you ever considered the information that you freely give to any recipient of your Out of Office?  By saying we are on annual leave or away from the office until a set date/time, you are giving specific detail to the fact you won’t be in the office and are on holiday for this set period of time.  If you work within a small office/premise, does this mean there is more time where you premise may be unoccupied?  Or is your business based at home, which provides details that you are potentially away from your home on holiday?

Using an out of office can be useful to allow senders to know who to contact in your absence, however, providing detailed contacts and email addresses to everyone opens your business up to potential spear phishing attacks.  Cyber criminals are able to use the names and details provided within an out of office, especially if details of projects or departments these contacts work within are given, to create trust and a genuine feel to their requests for more information or other more sinister actions.

When drafting your out of office, it is best to use the option to set separate messages for internal and external contacts.  This way, you can provide the detail required for your colleagues to continue their daily activities during your absence.  While also minimizing the information provided to potential cyber criminals.

So, the top tips for your Out of Office are as follows:

  • do not specify a date and time for when you will return
  • use a generic email address for people to forward their request onto (such as an office@ or sales@ address) and a main telephone number for the business
  • do not advise where you are or what you are doing
  • avoid providing specific details of projects/departments you are working within

An example of how to build your out of office could include some of the following phrases:

  • “I am currently unable to respond to my emails…”
  • “For urgent enquiries please contact the main office on ….”
  • “For all other requests I will respond as soon as possible.”

If you want further advice on your Out of Office or help to set this feature up, please don’t hesitate to get in touch with the Team here at MJD.

Here at MJD, we understand that the volume of passwords and the complexity required in the present day can be overwhelming and a difficult task to manage in secure manner.  Internally we here at MJD use a password manager to keep track of all our passwords and ensure we can use highly complex and unique passwords for all our online accounts that we use on a daily basis.  Password managers are not expensive and can be synced across all devices such as laptops, tablets, phones etc so that you are NEVER without your passwords.  If this sounds like something that would be useful get in touch with us here at MJD.

However, we also want to help our clients generate their own secure passwords, so we have created a top tips list below with some helpful suggestions and recommendations for creating passwords.

To create a strong password consider the following advice:

  • Choose three random words to make a pass phrase
  • Use numbers and symbols as well as upper and lower case letters.
  • Consider the line of a song other people would not associate with you
  • Take the first letters from a phrase known to you, for example “Making your IT work for you” would be “myiwfy”

Avoid the following:

  • Anything from your username, individual or business name.
  • Family members and pet names.
  • Birthdays
  • Favourite sports teams or hobbies.
  • “password” itself.
  • Sequences of numbers or letters i.e 1234 or ABCD
  • A single word with no numbers or special characters, lower or uppercase.  These are very easy for hacking programmes to guess.
  • Duplicated characters i.e 999 or AAA
  • Easily recognisable keypad patterns i.e 36987 or 159

General password advice:

  • Never disclose your passwords to anyone else.
  • If you think someone knows your password change it immediately.
  • Use a different password for every account that requires one.
  • Don’t reuse a password with differing numerical sequences i.e Winter1, Winter2
  • Try to avoid writing passwords down, instead consider an online password vault or safe.
  • Do not send your password by email.
  • When working in public, consider your surroundings, who can look over your shoulder or in the window and see your password being entered?

Please find below a link to our Business Breakfast, the perfect opportunity to get the real information about Cyber Essentials and GDPR in plain English, at the moment there are still places left and we would love to see you there, don’t worry if you’re not a chamber member, non-members can attend.

http://www.moraychamber.co.uk/chamber-news/exciting-new-addition-to-business-breakfast/

“MJD systems are delighted to announce that they are also being joined at the business breakfast by Kirk Tudhope, Partner with Ledingham Chalmers one of Scotland’s leading law firms,  Kirk heads the firm’s Employment Law Team and has a particular interest in GDPR.  Kirk will explain how data protection operates and translate some of the GDPR’s most torturous terminology into plain English. If we understand what the legislation says then we can have a meaningful discussion about the practical implications for our businesses. This will dovetail with Mark Dunscombe’s Cyber Security information which covers an essential  part of GDPR compliance.

 Data Protection affects every business as it governs how all of us should handle individuals’ personal details including those relating to staff, clients, customers, suppliers and contacts.  The duties to protect these details already places significant obligations on us all but the new GDPR regime,  which will come into force in May 2018,  will significantly increase the demands we have to meet. It also increases the penalties if we are in breach.  

 Handling personal details is something we do every day of our working lives. All businesses now need to understand and embrace the duties in relation to the vast amount of personal data we all hold and start preparing for the GDPR. A failure to do so means we are creating real risks for ourselves and the future of our businesses.

 The Moray Chamber of Commerce Business Breakfast will showcase a joint presentation and Q&A with the speakers from both MJD Systems and Ledingham Chambers. As always there will be networking time which will allow the opportunity to speak to the presenters individually afterwards and, will be the perfect opportunity to have your Cyber Security and GDPR questions answered from trusted, knowledgeable advisers.

 There are still spaces available and Moray Chamber look forward to seeing you all there to learn from this essential informative presentation and network over a delicious breakfast provided by the team at The Eight Acres Hotel.

 Thursday 26th October
8am – 10am

Eight Acres Hotel Elgin

Contact Georgia on gdunk@moraychamber.co.uk or 01343 543344 for tickets”