While it is vital that we are keeping data secure throughout the pandemic, it is an ongoing necessity. Ensuring that remote working is as safe as can be for both employees and companies is essential to implementing successful remote working strategies both now and in the future.

For those who have already adopted remote working, robust data security policies may already be in place. However, many companies have not worked this way before, at least not on this scale, or may have only just begun to dip their toes into the remote working pool, meaning that their security best practices may still be in the initial phases of development.

The main thing to consider when taking operations remotely, in any scenario, is training. The key to keeping data secure is ensuring all employees are comfortable with the systems they are using, they understand the importance of security measures and best practices, are able to spot anything that may be suspicious or out of the ordinary, and know how to report or solve any problems that arise.

When employees are out of the office it is vital that they feel comfortable with these processes without the immediate, on-site assistance of their IT teams or line managers. Make sure that all staff have received up-to-date training and are happy with their new remote set up.

Ensure that all devices being used to access company data have up-to-date antivirus software installed on them and automate any updates if you can. Making sure that updates are done as quickly as possible help to patch any holes or weak spots in previous versions and can be essential for preventing a data breach.

A great option for keeping your data secure while preserving remote access is by using a data centre. Data centres are a terrific option and can come with a range of additional security benefits, such as specialist physical 24/7 security. As well as being able to access data remotely, data centres allow for the deployment of firewalls and antivirus software across your entire network. You can read more about data centres here.

Another thing to consider when working remotely is using a secure connection. While it is easier in these current times to avoid public spaces and unsafe public WiFi connections, the security of your connection is still important. Ensure your WiFi is password protected and you can control who has access to the network.

We would highly recommend using a virtual private network (VPN). A VPN is essentially a secure passage for you to access the world wide web. Cybercriminals will look to exploit a range of areas, so it is important that your browsing and online activity is protected.

Keeping data secure needn’t be a worry for your business, our team are still working remotely and are available to help you with any issues that may arise when working from home. Whether you’re struggling to keep the connection or need some advice on how to implement these strategies on a longer-term basis then please get in touch with a member of our team.

The post Keeping data secure when working from home appeared first on IT Support Services in Huddersfield, Yorkshire.

Strong Passwords

A strong password is essential for staying safe on social media. Weak passwords can often be the window cybercriminals use to gain access to social media accounts. This means they can access any information posted or stored on the site. Make passwords complex and don’t include personal or widely known information such as your name or office address. Enable multi-factor authentication wherever possible to ensure maximum security. This means having two or more layers of protection, for example a password and an additional PIN number sent to your mobile phone.

Use different passwords for each social media platform. This will ensure that if one account is compromised it will limit the potential risks across other accounts. For more tips on how to create and maintain strong passwords for your business, click here.

Don’t Share Personal Information

You wouldn’t stick a poster with all of your bank details on in a busy shop window, so why put them on social media? Lots of businesses are now using social media to help advertise their products and services, which can be a great tool to help get your brand noticed. While it may be easier to tick a box and save your bank details for the next time you run a campaign, we recommend that you do not do this. If for some reason your account is compromised, all of this information could be taken and used elsewhere. It’s better to be safe than sorry!

Be wary of any details you choose to link to your social media accounts. If it isn’t direct contact or banking details, it might be personal details that could be used to guess a password or work out your security questions.

Privacy Settings

Privacy settings are there to keep you safe. Most social media sites allow you to decide what information is public or private on your account, including contact details and locations.

We recommend checking your settings regularly to ensure your privacy is respected even when the platform changes its rules. All platforms should inform you if anything changes with their privacy policies, but it is best to keep an eye on it yourself and manage what information is publicly available.

Keep Antivirus Up-to-date

Treat social media like you would any other website or app that can be subject to attack by cybercriminals. Make sure your antivirus programmes are up to date on all devices across your network. You may not think antivirus software does very much, but it is constantly running in the background, working hard to keep you safe.

Social media sites can be informative and helpful, but some individuals will use these channels to share fake news and bad links. Using an antivirus software will help protect you from straying into dark corners of the worldwide web.

Social media can be a great platform for businesses; however, there are risks and individuals that exist who will try to exploit these channels. The best way to ensure you and your employees are staying safe on social media is to regularly update training so everyone knows how to spot suspicious activity and is comfortable reporting it. Make sure you have a social media policy in place to make employees aware of best practices while using these channels.

For more information on how to keep your business safe, get in touch with a member of our team here.

The post Staying safe on social media appeared first on IT Support Services in Huddersfield, Yorkshire.

If you believe any of your accounts have been compromised you should take action immediately and follow these steps:

Contact your IT Support Team

If your business is covered under an IT support contract or you have an internal IT department, tell them that you suspect your account has been hacked. They will have procedures to follow in the event of suspected breaches. If you do not have IT security support in place then you should:

1. Perform antivirus scans on your devices

Ensure your antivirus software is up to date and perform an antivirus scan on all of your devices. Many breaches occur through malicious software being installed via drive by downloads or by opening malicious attachments in email

2. Change your passwords

Change your passwords for any online accounts you may have (do this from a different trusted PC/device). This includes email accounts, social media pages (such as Facebook, Twitter and LinkedIn), online shopping accounts (e.g. eBay and Amazon) and payment gateways (such as Paypal).

The NCSC UK Cyber Survey found that 23.2 million victim accounts worldwide used 123456 as a password! You should always ensure that every password that you use is unique and not easy to guess – this will help to mitigate the scale of a compromise.

3. Enable 2/Multi Factor Authentication (MFA)

This is an authentication method whereby the user is only allowed access after successfully giving two or more pieces of evidence to confirm their identity, for example their mother’s maiden name or place of birth. Enabling 2, or MFA, offers a second tier of protection for your account. Even if your password is discovered, a hacker would still need the code provided by your second authentication method to get to your data.

2FA (and the use of unique password methods) will help to protect you against hackers using ‘credential stuffing’ techniques. This type of cyberattack is one of the top threats to web and mobile applications because of the sheer volume of accounts involved. It usually consists of large lists of email addresses and/or usernames, along with the associated passwords, being used to hack into user accounts. This usually happens as a result of a data breach and can be devastating for businesses that fall prey to this type of attack, not least because of the huge reputational risk that comes with it.

4. Check your accounts

Many malicious actors will leave back-door methods to enable them to continue to access your information even if you have realised you have been hacked and already changed your details.

The key things to check are:

• Make sure you don’t have any unknown forwarded emails in your account(s)
• Check your email account(s) sent folder – while some malicious users would delete the contents here, some may not
• Make sure your email address hasn’t been changed on any sites that you usually log into online
• Check your ‘forgotton password sections’ haven’t been changed (e.g. phone numbers, secret questions, date of birth)

5. Notify third parties

While it may seem like a daunting task, if your account has been hacked, we would recommend informing third parties associated with your account/business. This will ensure they can react appropriately and with caution to potentially malicious emails from your account.

As of 25 May 2018, the General Data Protection Regulation (GDPR) introduced a responsibility for businesses to report certain types of data breaches to the Information Commissioner’s Office. To check if your incident qualifies you can go here: https://ico.org.uk/for-organisations/report-a-breach/

The post What to do if you think you’ve been hacked appeared first on IT Support Services in Huddersfield, Yorkshire.

How many times a day are you asked to input a password online? Your work email, personal email, online banking account, social media, to name just a few, all require a password and it can be tempting to use the same one for everything.

But stop right there! Using the same password for all your online activity, or one that is easy to guess, carries a heavy risk of cyber-attack. So, SMEs that don’t have adequate password security in place are leaving themselves vulnerable.

In February it was reported that as many as 2.2 billion email accounts had been compromised in what could be the biggest data breach in history, with hackers sharing the leaked passwords and emails on cyber-criminal forums.

Cyber-attacks are an ongoing risk for SMEs and businesses should do all they can to protect their password security.

Cyber attackers use a range of techniques to discover passwords. This includes:

Searching

IT systems can be searched for password information that is stored electronically;

Interception

Attackers can intercept passwords as they are transmitted over a network;

Social Engineering

This is where the attacker uses a variety of techniques, including phone calls and social media, to trick people into revealing their passwords;

Stealing passwords

If you store your passwords insecurely then you are leaving yourself vulnerable to attack e.g. passwords written on a note stuck to your computer;

Manual guessing

Many people use personal information in their passwords, such as the name of their spouse, child or pet, all of which can be figured out with minimal research on the hacker’s part;

Key logging

This is when a person’s keystrokes on a computer, phone or tablet are recorded.

With the array of techniques that attackers use, it’s essential that SMEs have a robust and workable password security policy.

It is advisable to:

• Ban the most common passwords
• Monitor failed logins and train staff to recognise and report suspicious activity
• Never store passwords in plain text format
• Prioritise administrator and remote user accounts

On average people use the same password for four different websites and the average UK citizen has a total of 22 online passwords. That’s a lot of passwords to remember however, there are measures you can put in place to help your staff to remember them.

This includes:

• Only using passwords where they are necessary
• Putting systems in place that allow staff to securely record and store their passwords
• Only asking staff to change their passwords if there is suspicious compromise
• Allowing staff to reset passwords easily and cheaply

You can help staff to improve their password security by:

• Advising against using predictable passwords
• Encouraging them to use different passwords at work and at home
• Making them aware of the limitations of password strength meters
• Putting technical defences in place so less complicated passwords can be used

With cyber attackers becoming smarter and more sophisticated, businesses should also consider Multi-factor authentication (MFA), which adds an extra layer of security that can help reduce the risk of cyber-attacks. You may have already come across MFA through your online banking, where you use a secure key pad on top of your passwords to access your accounts.

In a nutshell, MFA is an authentication method in which the user is granted access only after successfully presenting two or more pieces of evidence (or factors) that they possess on them.

Factors generally used in MFA are:

• Knowledge – something only the user knows

• Password
• PIN
• Phrase etc.

• Possession – something only the user has

• Disconnected Tokens
– Separate device (usually provided by vendor, bank etc)

• Connected Tokens
– Card Readers
– Wireless Tags

• Software Tokens
– Authenticator App

• Inherence – something on the user

• Biometrics
– Fingerprint
– Face
– Voice
– Iris

The post Password security for SMEs – why it’s important they can’t be guessed appeared first on IT Support Services in Huddersfield, Yorkshire.