Get Unparalleled Managed IT Support when you Partner with BCS Voice & Data Solutions in Virginia Beach. Read our Latest IT Support Related Blog Posts

3 essential security tools for every business

/in , , , /by

Your data is one of your most valuable business assets. Keeping it safe should be one of your main priorities. So if you don’t have much security in place, there’s a minimum standard you should be implementing, right now.

There are dozens of security solutions available that all perform different tasks – from preventing criminals gaining access, to recognizing attacks in progress, and then limiting the damage that can be done. There’s no one-size-fits-all as every business has different priorities and different types of data to protect.

Here are three essentials that every business should put in place as a basic level of protection.

A firewall

A firewall monitors the internet traffic coming into and leaving your IT network. It acts as a wall between your network and the outside world. It’s your first line of defense against an intruder breaking in to your network.

A password manager for everyone in the business.

A password manager stores all your credentials securely, and can also generate nearly impossible-to-guess passwords for all your accounts and applications.

That’s useful against brute force attacks, where cyber criminals essentially try to force their way into your system by guessing the password. It also stops you writing down your passwords somewhere ‘safe’!

A VPN (Virtual Private Network)

A VPN is important for any remote or hybrid workers in your business.

It means your employees can access your network from wherever they’re working, without worrying that their online activity is being watched by a criminal.

VPNs make your browsing completely private, hiding your device and location details, and anything you download. If you or your employees regularly use public Wi-Fi – especially to access your network – a VPN is essential.

These are our absolute minimum recommendations.

The strongest security uses additional tools like Multi-Factor Authentication to prove the identity of all users, and antivirus software to deal with any intrusions.

These work together to create a multi-layered security shield to defend against threats on many fronts.

But it’s important you create a security plan that’s right for your specific business. It’s a good idea to seek some professional help.

Not everyone’s as excited about IT security as we are! But we definitely have a passion for it.

If we can help you, get in touch.

Published with permission from Your Tech Updates.

Criminals are exploiting AI to create scams

/in , , , /by

One of the many cool things about the new wave of Artificial Intelligence tools is their ability to sound convincingly human.

AI chatbots can be prompted to generate text that you’d never know was written by a robot. And they can keep producing it – quickly, and with minimal human intervention.

So it’s no surprise that cyber criminals have been using AI chatbots to try to make their own lives easier.

Police have identified the three main ways crooks have found to use the chatbot for malicious reasons.

Better phishing emails

Until now, terrible spelling and grammar have made it easy to spot many phishing emails. These are intended to trick you into clicking a link to download malware or steal information. AI-written text is way harder to spot, simply because it isn’t riddled with mistakes.

Worse, criminals can make every phishing email they send unique, making it harder for spam filters to spot potentially dangerous content.

Spreading misinformation

“Write me ten social media posts that accuse the CEO of the Acme Corporation of having an affair. Mention the following news outlets”. Spreading misinformation and disinformation may not seem like an immediate threat to you, but it could lead to your employees falling for scams, clicking malware links, or even damage the reputation of your business or members of your team.

Creating malicious code

AI can already write pretty good computer code and is getting better all the time. Criminals could use it to create malware.

It’s not the software’s fault – it’s just doing what it’s told – but until there’s a reliable way for the AI creators to safeguard against this, it remains a potential threat.

The creators of AI tools are not the ones responsible for criminals taking advantage of their powerful software. ChatGPT creator OpenAI, for example, is working to prevent its tools from being used maliciously.

What this does show is the need to stay one step ahead of the cyber crooks in everything we do. That’s why we work so hard with our clients to keep them protected from criminal threats, and informed about what’s coming next.

If you’re concerned about your people falling for increasingly sophisticated scams, be sure to keep them updated about how the scams work and what to look out for.

If you need help with that, get in touch.

Published with permission from Your Tech Updates.

Microsoft 365 makes Multi-Factor Authentication easier

/in , , /by

Microsoft is planning to enable Multi-Factor Authentication (MFA) directly in its Outlook app for many 365 business users.

MFA is a vital tool to help protect your online accounts from cyber criminals. It works by generating a second, single-use passcode every time you log into an account. It’s usually sent to an authenticator app on your phone that you have to download and set up first.

Security codes can also be sent via SMS text message, by a phone call, or you might be given a special USB key to plug into your computer.

The process is often made quicker by using a biometric login like your fingerprint or face ID. It’s a minor chore, but the protection it offers far outweighs the couple of extra seconds it takes to access your account.

Microsoft isn’t so sure about those extra seconds, though. If the tech giant can save you that time, it’s going to do it. That’s why it’s looking to streamline MFA for Microsoft 365 business accounts.

It’s rolling out the improvement by building MFA directly into the Outlook app in a feature called Authenticator Lite. Until now, it’s relied on a separate authenticator app or sending login codes.

There’s no news yet for those of us who want faster authentication on our personal PCs. If Microsoft does announce plans to make this feature available to more hardware or operating systems, we’ll update you with any news.

If you don’t already use MFA for your apps and online accounts, we recommend that all businesses implement it as soon as possible. The additional security it offers protects against the vast majority of today’s cyber threats.

For more help and advice about implementing MFA or getting the best from Microsoft 365, just get in touch.

Published with permission from Your Tech Updates.

Bot malware is a growing security threat

/in , , /by


If we talk about ‘bots’ you’d be forgiven for thinking of the amazing AI chatbots that have been all over the news lately.

But this isn’t a good news story. Bots are just automated programs, and bot malware is a worrying new security risk you need to defend your business against.

Malware bots are particularly dangerous because they steal whole user profiles – that’s a complete snapshot of your ID and settings. This potentially allows cyber crooks to bypass strong security measures like Multi-Factor Authentication (MFA).

Usually, if a criminal steals your username and password, they still can’t access your account because they don’t have access to your MFA authentication method. But with your whole profile available to them, using your cookies and device configurations, they can trick security systems and effectively switch off MFA.

Once profile information is stolen, it’s sold on the dark web for as little as $5.

And it’s not even super-sophisticated cyber criminals deploying this technique. Just about anyone can obtain your details and use them for phishing emails, scams, and other criminal activity.

Since 2018, 5 million people have had 26.6 million usernames and passwords stolen, giving access to accounts including Microsoft, Google, and Facebook.

All this means there are things you need to do – right now – to keep your profiles and your business protected from bot malware.

? Update your antivirus software and keep it on at all times.
? Use a password manager and Multi-Factor Authentication to keep your login credentials safer
? And encrypt all your files so that, if anyone does access your profile, there’s very little to steal.

These are the things we help our clients with every day. If we can help you, just get in touch.

Published with permission from Your Tech Updates.

Let’s start talking about AI

/in , /by


The whole world is suddenly talking about Artificial Intelligence.

From Alexa in your kitchen, to Siri on your phone, AI is already all around us, but new names like ChatGPT, Dall-E, Jasper and more feel like they’ve blown up the internet.

These new concepts take things WAY further, helping us to write articles, search the web with natural conversation, generate images, create code, and introduce new ways to make our daily lives even easier.

But emerging technology nearly always launches in a blizzard of geek-speak before it settles into everyday life. Early PC users might remember the ‘DOS prompt’. And when did you ever have to ‘defrag’ your phone?

Experts believe that these new AI tools will become the building blocks of a whole new world of tech, redefining the way we interact with computers and machines.

So let’s help you decode some of the terms you’ll hear this year.

Chatbot Starting with the basics, a chatbot is an app that mimics human-to-human contact. Just type or speak normally, and the chatbot will respond the same way. ChatGPT is a chatbot. If you haven’t tried it out yet, give it a go.

Deep learning This is the technique that’s used to imitate the human brain, by learning from data. Current search tools and systems use pre-programmed algorithms to respond to requests. AI tools are trained on concepts and conversations in the real-world, and learn as they go to provide human-like responses.

Machine intelligence The umbrella term for machine learning, deep learning, and conventional algorithms. “Will machine intelligence surpass human ingenuity?”

Natural Language Understanding (NLU) helps machines understand the meaning of what we say, even if we make grammatical errors or speak with different regional accents.

Weak AI is the most common form of AI in use right now. Weak AI is non-sentient and typically focuses on a single or small range of activities – for instance writing, or repurposing video content. Strong AI, on the other hand has the goal of producing systems that are as intelligent and skilled as the human mind. Just not yet.

This is just the tip of the iceberg, but trust us – you’re going to be hearing a lot more about AI in the months and years to come.

If you’d like more help to understand how AI might form part of your business, just get in touch.

Published with permission from Your Tech Updates.

Cyber attacks are getting smarter. Are you vulnerable?

/in , , /by

Have you ever tried to buy tickets for a huge event and found that the seller’s website has collapsed under the weight of thousands of people all trying to do the same thing at the same time?

The ticket site falls over – usually temporarily – because the server is overloaded with traffic it doesn’t have the capacity for.

Criminal Distributed Denial of Service attacks – DDoS, for short – exploit the same principle.

When a DDoS attack targets a business, it floods it with internet traffic in an attempt to overwhelm the system and force it to fail.

This results in the business and its customers being unable to access services. That may trigger a temporary failure, or it could be more serious. Last year, the average DDoS attack lasted 50 minutes.

That may not sound like a long time, but it’s enough to create angry customers, or to bring business to a grinding halt. And downtime can be costly.

The really bad news is that DDoS attacks are not only lasting longer, but they’re becoming bigger, more sophisticated and more common.

Recently, the biggest ever reported DDoS attack was reportedly blocked. At its peak, it sent 71 million requests per SECOND to its target’s servers. Prior to that, the biggest reported incident stood at 46 million requests per second.

Worse still, more businesses are reporting being targeted by DDoS attacks where criminals are demanding huge ransoms to stop the attack.

What does this mean for you?

It’s important you check all your security measures are up-to-date and working as they should be. Are your firewalls up to the task, with DDoS monitoring and prevention tools set up? And is your team fully aware of the importance of staying vigilant?

We can help make sure your business stays protected. Just get in touch.

Published with permission from Your Tech Updates

AI is making phishing scams more dangerous

/in , , , /by


AI chatbots have taken the world by storm in recent months. We’ve been having fun asking ChatGPT questions, trying to find out how much of our jobs it can do, and even getting it to tell us jokes.

But while lots of people have been having fun, cyber criminals have been powering ahead and finding ways to use AI for more sinister purposes.

They’ve worked out that AI can make their phishing scams harder to detect – and that makes them more successful.

Our advice has always been to be cautious with emails. Read them carefully. Look out for spelling mistakes and grammatical errors. Make sure it’s the real deal before clicking any links.

And that’s still excellent advice.

But ironically, the phishing emails generated by a chatbot feel more human than ever before – which puts you and your people at greater risk of falling for a scam. So we all need to be even more careful.

Crooks are using AI to generate unique variations of the same phishing lure. They’re using it to eradicate spelling and grammar mistakes, and even to create entire email threads to make the scam more plausible.

Security tools to detect messages written by AI are in development, but they’re still a way off.

That means you need to be extra cautious when opening emails – especially ones you’re not expecting. Always check the address the message is sent from, and double-check with the sender (not by replying to the email!) if you have even the smallest doubt.

If you need further advice or team training about phishing scams, just get in touch.

Published with permission from Your Tech Updates.

Is your security focusing on the right things?

/in , /by


To protect your home from an intruder you make sure your doors and windows are all locked and secured. You might go further: build a fence around the perimeter, perhaps even get an angry-looking dog to stand guard.

But there’s no point going to all that effort if someone’s already broken in and set up camp in the basement.

Yet that’s the security policy of thousands of big businesses trying to protect their data from cyber criminals.

They do many of the right things. They invest in security software. They take a strong, multi-layered approach to security – including all the things we recommend, like multi-factor authentication, encryption, reliable backup systems and staff training.

But they don’t pay enough attention to detection and response. That involves constantly scanning systems for any sign that a crook may have gained entry somewhere, and having a process to stop an attack in its tracks.

A new study shows that only a third of businesses place detection as their main priority, while two thirds say prevention is their primary focus.

That means, they could be building 10-foot walls around their systems with intruders already inside.

In-house security teams might be super-confident in the security measures they’ve put in place. But the data suggests that they’re being too complacent. The study reveals that more than eight in ten businesses experienced more than one data breach last year – even with good security in place.

Criminals are constantly finding ways to evade security. That tells us that we need to take a rounded approach, with strong prevention AND detection policies providing the best protection against today’s determined criminals.

If you need world-class security, get in touch today.

Published with permission from Your Tech Updates.

Young employees have different attitudes to cyber crime

/in , /by


If you employ anyone aged between 16 and 19, you need to pay special attention to the cyber security training you’re giving your team.

A new study has revealed that a host of worrying online behavior has become almost normalized among many young people. And much of this activity is illegal.

We’re not talking serious cyber crime such as ransomware attacks or stealing data.

But one in three 16 to 19-year-olds have admitted to digital piracy; and a quarter have tracked or trolled someone online.

Most of these behaviors may not directly affect your business. But some are so commonplace that too many young people view them as a part of everyday life.

That’s not something you want them bringing to work.

Casual software piracy or illegal downloads on devices used for work could open the door to a massive security breach.

The answer is simple: Hold cyber security training for all your employees on a regular basis.

This training should:

? Highlight the impact of bad online behavior and potential for security breaches
? Help everyone understand how this kind of activity can harm people – and your business
? Make everyone aware of the scams and attacks that your business is vulnerable to, as well as the part they play in keeping everyone protected
? Make the consequences clear for anyone found to be engaging in this behavior

If this is something you need some expert help with, it’s what we do. Get in touch.

Published with permission from Your Tech Updates.

Take action to avoid a devious new phishing scam

/in , /by

Another day, another scam. And this is a sneaky one.

Cyber criminals are getting smarter. This recent malware threat is unusually smart. It impersonates a highly trusted brand name to get a foot in the door.

Targets receive a convincing looking email that appears to come from a widely used e-signature platform.

Attached to the email is a blank image that’s loaded with empty svg files, which are carefully encoded inside an HTML file attachment (stay with us here).

In short, it’s very clever and it’s tricking its way past a lot of security software.

That puts businesses like yours at risk. Because code within the image sends people to a malicious URL.

Open the attachment and you could unwittingly install malware onto your device – or even your network – which risks exposing your data and leaving you open to a ransomware attack.

Recently, there’s been a wave of HTML attachment attacks on small and medium sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals.

If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments.

There’s a reason why the criminals have chosen to impersonate a trusted name.

Taking things a step further, you could block all emails with this type of attachment, to prevent employees from being exposed to scam emails in the first place.

If you’d like any further advice, or help implementing extra security measures, get in touch.

Published with permission from Your Tech Updates.