20% of wfh staff use work passwords for personal shopping & create security risks

According to a new report from Ivanti 20% of UK remote workers admit to using work emails and passwords for personal on-line activity. Making sure your staff are cyber-aware is crucial, and Cyber-Assure from Labyrinth Technology provides the training to do this. Also it provides the reporting tools needed to tell you if these email accounts have been compromised, and also what data belonging to your business is out in the public domain (via the Dark Web) and which breach they were found in. Contact us today to find out more.

Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download The Full Report Here [5.22 MB]

Adobe flash player may not uninstall automatically: check now!

In early January we wrote about the demise of Adobe Flash Player and how it had reached end of life. Indeed Adobe themselves made a change so that it wouldn’t play any content after January 12th this year. So it effectively became an un-used, un-supported and un-secure piece of software on your computer, which Microsoft have clearly realised. An update to Windows last year (KB4577586 for those of you that worry about these things) made un-installing Flash Player optional, but now Microsoft are re-running this update automatically to actively remove Flash Player.

However...

This update will not work on Flash Player installations that were completed using the Adobe standalone installer. So it is important that you check periodically to make sure that Flash Player does get un-installed. If not, you will have software that could pose a security threat to your device. If you need to uninstall a standalone version of Flash, click here to see the instructions listed on Adobe’s website.

Is TeamViewer Safe? The FBI Described It As “Similar To Remote Access Trojans!”

FBI

In the USA right now there is a lot of attention on a cyberattack that successfully gained access to a water treatment plant’s network. The attacker made changes to chemical dosage settings, increasing them to extremely dangerous levels. The FBI has been investigating this attack, and on Tuesday sent out a Private Industry Notification (PIN) on the matter, specifically raising attention to the desktop sharing software TeamViewer.

TV logo

The FBI PIN specifically names TeamViewer after the app was confirmed as the attacker’s entry point into the Oldsmar water treatment plant’s network. According to a Reuters news report, officials confirmed that TeamViewer was used on two separate occasions to remotely connect to a computer on the water treatment plant’s network. During the second breach, the attacker took control of an operator’s mouse, who sat and watched it move on his monitor all by itself!

Since the attack, several cybersecurity experts have been quick to criticise organisations that make use of products such as TeamViewer for the purposes of remote work, calling them “insecure” and “inadequate” for managing sensitive and business-critical data and assets. In addition the FBI said “Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs)”.

so banner

Do YOU use TeamViewer or similar products to facilitate remote working? If you have any concerns over how your remote workforce IT works, and whether it is secure and robust enough in today’s new way of working, please contact us to have a conversation about what you can do to make your business cyber secure.

Skype For Business Online Is Ending; Move To Microsoft Teams Now

skype for business

In July 2019 Microsoft announced that Skype For Business Online was being retired this year, on July 31st. Of course that was before anyone had heard of Covid-19 or Coronavirus, and a lot has changed since then. So businesses could be forgiven for not having this as a priority on their to-do list.

But one thing hasn’t changed; that retirement date still stands.

So if your business is using Skype For Business Online, you now have just 177 days from today to move to Microsoft Teams. Microsoft themselves issued a reminder about this on Monday, and say that “you may choose to engage a Microsoft Partner to help plan or execute your upgrade from Skype for Business to Teams”.

Labyrinth Technology, a Microsoft Silver Partner is able to provide a cost effective and complete solution for your move to Teams. We can provide customised help in respect of the video conferencing, Microsoft 365 integration, collaboration, voice and other apps that form part of this widely used business communication and collaboration platform.

Contact us today to see how we can make your move to Teams happen seamlessly.

Ransomware Attack: A company paid millions to decrypt their data. Then the hackers came back again!

ransomware

A cautionary tale for all UK businesses is detailed by the UK’s National Cyber Security Centre (NCSC) in a blog post about the rise of ransomware. The company in question fell victim to a ransomware attack and paid cyber criminals £6.5million for the decryption key to restore their network They were then targeted by the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place. They had paid the first ransom, sat back, and then relaxed. Big mistake!

The vulnerability was left open and was immediately exploited again by cyber criminals who have no emotion or sense of fairness when it comes to their victims. This is business to them, and nothing more.

That is why firms shouldn’t just take the “it will never happen to me” approach to cyber security. If you haven’t brought in a good Managed Security Service Provider (MSSP) to fully protect your systems you obviously increase the risk of cyber attack. With 65,000 cyber attacks on UK businesses every day, your attitude must be that IT WILL HAPPEN, so get advice today! And if you do find yourself under attack it’s not enough to just pay a ransom or whatever demands the cyber criminal make and then do nothing else. Speak to a reputable MSSP like Labyrinth Technology to find out WHY and HOW the cyber attack occurred to make sure your business learns from the experience and is protected in the future!

The best way to avoid any of this is, of course to secure your network against cyber attacks in the first place. Simple things like using multi-factor authentication and making sure operating systems and security patches are upgraded regularly and up to date. Also make sure that you regularly backup your networks so that in the event of a successful ransomware attack your data can be restored with the least disruption possible. But while some of these things can be done “DIY”, it all needs to be part of a Unified Threat Management (UTM) approach.

unified Threat Management

What is UTM? Well, put simply it is all of the things you need for cyber security in a single strategic package, such as;

– initial Cyber Security Consulting: to determine the risk opportunity (for criminals), appetite (for you) and therefore options available. If you don’t know your weaknesses and vulnerabilities, they cannot be addressed!
Security Awareness Tools: the process of increasing awareness within management and staff of what cyber crime is and how it works, so as to minimise the “human error” factor. Do your staff have adequate knowledge of phishing and business email compromise attacks for instance?
– Focussed Email and Network Security: looking at specific “tools for the job”, such as encryption, firewalls and mobile device management.
– An ongoing Managed Security Service: making sure that everything continues to provide what you want – Cyber security!

special offer

If you would like to have a discussion on how Labyrinth Technology can help your business in the fight against cybercrime, and find out about our special offer on our Security Awareness Tools, contact us now.

What Was The PDL Data Breach?

In 2019 two Security Researchers called Vinny Troia and Bob Diachenko first uncovered the PDL Data breach, and found that over a billion personal data records were easily accessible via an insecure server on the Dark Web. Part of the data in this breach was traced to People Data Labs of San Francisco (hence the acronym PDL), which is a data company that holds huge amounts of personal data for sale including more than a billion email addresses and phone numbers.

PDL Breach

The information disseminated by the PDL Data breach contained records including usernames, social media accounts, email addresses and phone numbers. Fortunately, the data set did not contain passwords or national insurance numbers but the sheer volume of personal data made available on the Dark Web would make it easy for malicious actors to impersonate someone.

Vinny Troia

In an article for Wired, Troia said, “This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.”

These sorts of data sets can be used by criminals for various activities such as phishing, spear-phishing, scamming, account takeovers and identity theft. Interestingly however, the intention of the PDL Data breach remains unclear, as this data was openly made available and accessible at no charge, and no individual or group laid claim to the breach. For their part PDL has claimed that the data was not obtained as a result of a security breach but was possibly posted by one of their customers.

IT Security

Data leaks unfortunately happen relatively frequently, and unlike the PDL Data breach can be far more serious in execution, content or cost. For example, in 2016, 164 million LinkedIn account credentials were stolen, and in this particular data breach the data set contained passwords. Every year, the detected number of breaches increases, and whilst GDPR regulations are partly responsible for this increase, as businesses are now required by law to report data breaches, the sheer quantity of personal data that is now available online is also a major factor.

Criminals and hackers will keep improving their techniques and developing new ways to defraud individuals and businesses. For them, it is just a job or a business. It’s not personal so they have no remorse of guilt over what they do or what the repercussions are. And because they are attacking everybody, not just institutions or government bodies, it is the responsibility or everybody to do as much as possible to prevent them succeeding.

uSecure Security Awareness

To help in this fight Labyrinth Technology has a number of security tools and services that we supply to businesses all over London to help them with their IT security needs. Whether it is cybersecurity awareness tools, consultation on cybersecurity or the implementation of security plans, as a Managed Security Service Provider in London, Labyrinth Technology has the tools to help you protect you, your colleagues, and your business.

Call us now on 020 3790 7500 or contact us to find out more.

MS Lists App now available for iPhone users

Microsoft has released the Lists app for iOS iPhone owners.  The app allows users to create and share lists, keep track of team events & projects, and track issues.

Microsoft trailed the Lists app at its Build 2020 conference in May.  Since then it has rolled out the List app for Microsoft Teams and the web version for Microsoft 365 (Desktop) customers across the world.  Now the Lists app is available from the Apple App Store.

You can use the Lists app instead of a spreadsheet or physical clipboard for things like managing students’ progress or keeping track of visitors.  It is designed to work with Microsoft 365 apps, including Excel, SharePoint, Power Apps, Power Automate and Power BI. Lists is an updated take on Sharepoint lists, which can consist of people, links, pictures, dates, and more.

The iOS app should help users manage and create lists while on the move.

Microsoft says users can track and manage lists, see recent and favourite lists, view lists offline, edit lists, add pics with QR codes, share track lists, view ready-made templates, and customize views using sort, filter and group.

Additionally, the app has dark mode support and can be used in landscape mode.  There’s also Intune device management support with mobile device management (MDM) and mobile app management (MAM) policies for use in enterprise environments.

And that’s the catch!  This is an enterprise app and organizations need an Office 365 commercial subscription that includes SharePoint to use it.

Microsoft is planning on delivering improvements designed for Lists usage on the iPad soon. It’s also working on a Lists app for Android phones but there is no firm indication when that will be available.

To find out more about this or any other Microsoft 365 product for your business please contact us today!

iPhone, iPad and iPod Security Alert

If you have an iPhone, iPad or iPod, please update it now. A remote attacker cyberthreat has been identified and fixed in the 14.4 release from Apple. And remember, one of the easiest ways to protect ANY device from security threats is to allow automatic updates such as this. Do it today!

If you need any advice regarding your business mobile communications service, Labyrinth Technology can help. We have partnered with Plan.com, one of the largest mobile comms providers in the UK and a Sunday Times Top 100 firm. So you can be sure that you always have the best, most protected mobile phones for you and your colleagues.

Security Vulnerability Discovered in some ZyXEL Firewalls

A team of security researchers from the Dutch company EYE have found a serious security vulnerability in certain Zyxel firewalls.

If you have a Zyxel USG, ATP, VPN, ZyWALL or USG FLEX you should update the firmware on the device to the latest version immediately.  Moreover, you may wish to consider replacing older devices.

You can find the full list of affected devices here and the original Zyxel advisory notice here.

Zyxel is a well-known brand of firewalls aimed at the small to mid-market.  The use of firewalls VPNs has increased dramatically in recent months due to the explosion in home working so it is very important that they are kept secure.

We find that businesses who do not have efficient IT support in place often do not realise how important it is to update the firmware in hardware devices.  Outdated firmware has often been shown to introduce security vulnerabilities.

At Labyrinth Technology we automatically check and update firmware for all our client devices at least every three months.  Consequently, this ensures that they are protected by the latest advances in technology, functionality and security.

If you need help or advice with any aspect of IT support or security for your business, please do not hesitate to contact us.

Adobe Flash Player Reaches “End of Life”

Adobe Flash player, the browser plug-in that was originally released in 1996, has reached End of Life.  (A plug-in is a small app that adds to the functionality of your internet browser).

The plug-in enhanced web pages with animation and interactivity in a way that had not been seen before.  Much of what we take for granted on the modern web was brought about by the changes started by Flash player.

Back in 1996, by far the majority of internet users were still connecting by dial-up modems.  Typically, these were achieving speeds many times slower than our broadband connections of today.  Despite this, Flash Player’s technology allowed web designers to deliver content relatively quickly.

However, modern web technologies, have far superseded Flash player, and Adobe have announced that the product will be made end-of-life.  No more security updates will be released for the software, which means having it installed now presents a significant security risk.

Adobe have provided instructions on their website for how to uninstall the software (on windows) here.

If you still have concerns about this or any other aspect of IT security for your business, please do not hesitate to contact us.  Labyrinth Technology has been supporting and advising businesses in the London area for nearly 20 years.  We can assure you of simple, friendly and honest advice!

Posts navigation