by Orlaith Connell | 24 Aug 2017
Phishing…Pharming…Viruses and Worms…OH GOSH!
These cyber security terms might not mean much to you now but, if your business is faced with potential threats, you will no doubt want to know what’s what and, more importantly the most effective ways of protecting your business and its data.
Firstly, creating a better level of general internal awareness amongst your employees to prevent malicious emails infiltrating and affecting your IT systems is a good start. Encouraging each employee to keep vigilant to the different types of spam emails which are doing the rounds, will help protect your business not only from the most recent ransomware attacks, but also from spoofing and phishing emails that can cost your business thousands of euros.
Here are some tips and pointers to guard against the most common forms of email threats:
Spoofing
A classic example of a “spoofing” email seemingly comes from a work colleague. It will try to trick you into believing the email is genuine. And these criminals are really, really, good at it! However, there are tell-tale signs that can let you know it’s not a genuine email.
- If the email appears as if it is from your colleague, check to see if it contains your company’s email signature. If not, this should be flagged as suspicious.
- Does the subject line or email link contain your full name in the greeting? If it does, it should be flagged as suspicious.
- Look at the sign off from the sender- if the email was genuine from a colleague then it is likely they would sign off in a less formal manner using their first name only. Flag it as suspicious.
Phishing
These are usually from a trusted source such as your bank or some government body, seemingly flagging that your urgent attention is needed such as for a payment which has not been received or to inform you that your account has been suspended. The sender will want you to click a link, provide your username and password or act on other instructions provided within the email.
However, again there are tell-tale signs that this could be fraudulent:
- The email has been sent without any personalised information, poor spelling or grammar. Whenever a large company sends out an email the message is usually reviewed for spelling, grammar and legality amongst other things. So, if a message is filled with poor grammar, or spelling mistakes, it most likely did not come from a major company. Do not open it!
- The email includes suspicious attachments – it would be highly unusual for a legitimate company to send you an email with an attachment, unless it’s a document you have a specially requested. Do not open it!
- Something just doesn’t look right – if something looks odd, there is probably a good reason why. Use your judgement, if a message seems suspicious, it’s usually in your best interest to avoid acting on it. Is the email telling you that you have won a competition you have never entered? Is the email asking you to make a donation? Is the email asking you for personal information? Be sceptical when it comes to your email and the different threats which may lye within. If it looks even remotely suspicious do no open it!
Example below:
Additional security features are a must! – It always helps to have an additional layer of protection in place.
In addition to learning how to spot a malicious email there are other things you can do to better protect your company. We recommend Microsoft Exchange Online Advanced Threat Protection (ATP) which helps protect your email against unknown malware and viruses. In the event that you accidentally clicked on an email you thought was legitimate, ATP is there to detect and stop the malware from launching and executing. It can be purchased and added to your existing Office 365 subscriptions, or it can be rolled out on premises along with email filtering software.
Call us today to roll out ATP for your email. Tel 01 8734120 / 051 595200
If you are concerned with any additional security threats or issues in your organisation please enquire about our TechSecure Audit. We can cost-effectively improve your company’s security.
More information on our TechSecure Audit is available here: http://www.hcs.ie/hcs-techsecure
by Neil Phelan | 1 Jun 2017
We believe that there’s a huge positive to come from the recent global ransomware and cyber attacks. This may sound perverse, however the huge media attention given to cybercrime and its consequences has placed the topic of IT Security at the forefront of everyone’s minds and that has got to be a good thing. We’ve now passed the point of no return and IT Security has to be a major focus for business owners and managers going forward, we’ve had our warning! We really do hope the you give it the attention it deserves and trust us that the recommendations we are making are on the basis of protecting you and your business.
In our experience of dealing with Ransomware and cyber attacks on a weekly basis over the past 24 months, 99% of the time it’s initiated from an email that contains attachments or links and a user has to click on it to start an infection. Alternatively it comes from browsing the internet and clicking on a malicious link.
The following is a listing of ways you can help protect yourself and your business from such infections.
Email:
If you are on Office 365 for email and have the add on for Advanced Email Threat Protection then you have done as much as you can, if you have not then we would strongly recommend you implement it straight away. If your email is not in Office 365 then we are limited in the amount of protection we can provide hence why we believe moving to Office 365 for email is more secure. More information on Advanced Email Threat Protection is available here
Internet:
If you have a Firewall with a UTM (unified threat management) subscription which limits your employees access to only sites in certain categories e.g. (education, health, general etc.) then you have limited your exposure significantly. To really protect yourself, we would recommend you also filter out unrated sites and adopt an approved list of sites that will build up over time. This does curtail internet access significantly but it will reduce your risk of getting a ransomware attack even further.
Should users require more open Internet access then let them connect via their smartphones only either on 4G or over the Wi-Fi.
If your internet is unfiltered then it’s only a case of when someone clicks on a link that they shouldn’t, you will be infected with some form of Ransomware.
Other ways of protecting your business against cyber attacks:
Human Firewall:
Use this opportunity to get the message out to staff to “Think Before You Click”. Call a staff meeting this week, send emails, talk to everyone individually and make them aware that they play a huge role in protecting your business. Your computer users are your last line of defense.
Windows XP PC’s:
If you have any PC’s in your network running anything other than Windows 7 or Windows 10, then get it isolated from the network immediately and disconnect it from the internet. NO EXCEPTIONS.
Windows Server 2003 or older servers.
If you have any servers in your network running anything other than Windows 2008, Windows 2012 or Windows 2016, then take if off the network immediately and disconnect it from the internet. NO EXCEPTIONS.
To Patch or not to Patch:
In an ideal world every server, PC and Laptop should be patched with the latest updates from Microsoft. However the impact of doing patch updates on your IT systems is generally not good especially if you are not up to date with the latest version of your business software (eg. Sage, Navision, Drive, Keyhouse, Opera etc). We would recommend that all PC’s/Laptop’s are patched with the latest updates and that a choice has to be made with servers. Our attitude on this re servers is patch what you can and limit your exposure. The impact of patching servers will mean downtime, but it’s got to be accepted within your business if you want to stay protected. For now, get windows updates on all PC’s and Laptop’s.
Backups:
If you do get infected the backups are your only fail safe. Check you backups, know what’s been backed up, monitor it and test it regularly.
Finally, if you feel that you have done everything mentioned above, there’s probably no more you can do. The threat of cyber attacks are not going to go away and from what we see the attacks are getting more brutal.
IT Security has to be a topic of discussion regularly between your management team, employees and HCS. We have worked with a number of customers over the past 12 months who take IT security seriously and we have devised a security audit which focuses on securing and protecting your business against cyber attacks, malicious intent and disasters. The audit reviews every aspect of your business with regards to IT security and data protection. The output of the report is generally a listing of recommendations and policies that you need to put in place or action to become more secure and protected. The audit generally take about 2 to 3 days to complete depending on the size of your business. More information available at www.hcs.ie/hcs-techsecure
We hope you find this information of benefit to you. Please call HCS Business Solutions on 01 8734120 | 051 595200 or email sales@hcs.ie to ensure your business is protected against cyber crime today.
Be informed, be Secure and protect your business – Be TechSecure!
by Orlaith Connell | 27 Apr 2017
Keeping your data protected from constantly evolving, aggressive malware threats is a worry for companies of all sizes these days. Email has become so critical to day-to-day business that hackers cleverly and frequently infiltrate internal networks via email, embedding harmful malware and other programs with false promotional emails or company communications. With one click, an unsuspecting user can download a number of harmful viruses and unknowingly compromise their companies data and their systems. With these seemingly increasing brazen cyber attacks, its very hard to stay ahead of the game. However, Microsoft Office 365 have added another very welcomed layer of must-have security to defend against these digital threats.
Microsoft have developed Advanced Threat Protection (ATP) which will provide additional real time protection to your email. It compliments existing security features within Office 365 to give two, distinct categories of protection – Safe Links and Safe Attachments. It will also provide rich reporting functions, offering you greater understanding of your businesses threats.
SO HOW DOES IT WORK?
Safe attachments:
Safe attachments is a feature that protects against unknown malware and viruses within your email attachments. All suspicious email content goes through a real time malware analysis to be evaluated and screened, they are then opened in a secure Microsoft area and any unsafe attachments are isolated and destroyed before reaching your 
mailbox. If no suspicious activity is detected the attachment is released and delivered to the mailbox with the original message.
Safe Links:
Safe Links evaluates a link in an email message in real time to determine whether the link is safe or contains harmful content. If the link is deemed to be unsafe, the user is warned not to visit the site or informed the site has been blocked. If the destination is safe the user is redirected to the original website.
Tracking:
Advanced Threat Protection also provides reporting and tracking capabilities to give you valuable insight into who is being targeted in your company and to gain a better understanding of the level of attack your company is facing. This information can then be used to prevent further attacks and avoid placing your data and systems at further risk.
HOW TO BUY
ATP is an add on service to all subscribers already using Office 365. The capabilities of ATP make it an ideal solution to protect your business from cybercriminals looking to gain entry through your email. It costs as little as €1.70 per user per month to properly safeguard your mailbox and lower the risk falling victim to malicious activity beyond your control.
I am sure you will agree that having an advanced multi-layered approach to help protect your business against the risk of cybercrime and suspicious activity is an absolute must and for this reason we strongly recommend you implement Advanced Threat Protection immediately.
Please call HCS Business Solutions on 051 595200 or email sales@hcs.ie to protect your business against cyber crime today.
by Neil Phelan | 30 Nov 2016
“Prevention is better than the cure” that’s why protecting your IT Systems against cybercrime, disasters, malicious intent is always better than having to face the pain of a cure when the damage is done.
While no one can guarantee 100% protection for your IT Systems, you can limit the risk by being prepared against the threats of cybercrime, disasters or malicious intent. If you fail to prepare the likelihood is you will be facing the cure, if prepare to fail then you have done yourself a big favour and the chances of facing the cure is far less likely.
TechSecure from HCS is a comprehensive practical approach to Securing and Protecting your business. HCS will carry out an independent audit of your business focusing on the following areas;
- User Accounts Security
- Company Policies (Internet, email, remote, BYOD)
- Servers
- Workstations (desktops/laptops)
- Network equipment
- Vulnerability/Penetration testing
- Backups
- Disaster Recovery and Business Continuity
- Remote Access
- Wireless
- Email
- Internet Access
- File shares
- Tablets/Smartphones
- Printing Security
- Application Security
The information gathered during this assessment will generate the information needed to identify the security weaknesses in your business. Armed with this information HCS will then work with your business to formalise a security strategy that will have you prepared and limit your risks to the threats of cybercrime, disasters or malicious intent.
The ex CEO of CISCO John Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. In my opinion, there is a third type of company, “those that will be hacked in the very near future”. Don’t get hacked and have to face the cure, be prepared and get as secure as you possibly can, Be TechSecure.
For more information on TechSecure visit our website www.hcs.ie\techsecure or call us on 01 8734120/051 595200.
by Neil Phelan | 21 Oct 2016
The HCS Software Division is a growing team of currently 6 software developers who specialise in delivering custom applications on behalf of a number of national and multinational customers. We place a strong emphasis on cloud and mobility and therefore work with the latest in Microsoft technologies to deliver our vision of producing quality software that delivers for our customers. HCS uses the Microsoft development stack of Office 365, Microsoft SharePoint Online, Azure, .NET and SQL.
HCS Business Solutions is now looking for a Senior and Junior .NET Developer to add to this growing software team. Based in either our Waterford or Dublin Citywest office this is a good opportunity to work in a flexible environment with the latest technologies.
Senior .Net Developer
Scope of role
The role is to develop, test, document and implement custom applications within agreed deadlines to the required standard in order to meet the functional requirements set by our Customers.
Key skills
Primary responsibility for the design, development and deployment of software solutions and components based on a mixture of .Net MVC, SQL Server, Azure, SharePoint, Angular JS.
Developing applications from detailed design specifications.
Ability to liaise with clients during the development life cycle.
Experience/Skills:
At least 5 years design and development experience using Microsoft based tools & frameworks such as: C#, .NET MVC, SQL Server, SSRS, Angular JS, Web API, VSO, Azure and SharePoint.
Web/Mobile development experience.
Excellent written/verbal skills.
Excellent communication and interpersonal skills.
Understanding and experience of Agile based development methodologies.
Education:
Relevant third level qualification in IT.
Microsoft MCP certifications would be an advantage.
Junior .Net Developer
Scope of role
The role is to support and work with our senior developers to develop, test, document and implement custom applications within agreed deadlines to the required standard in order to meet the functional requirements set by our Customers.
Key skills
Take responsibility for the development of software solutions as assigned based on a mixture of .Net MVC, SQL Server, Azure, SharePoint, Angular JS.
Developing suitable applications from detailed design specifications that align to the level of experience you have
Ability to liaise with clients during the development life cycle.
Experience/Skills:
At least 18 months development and support experience using Microsoft based tools & frameworks such as: C#, .NET MVC, SQL Server, SSRS.
Excellent written/verbal skills.
Excellent communication and interpersonal skills.
Understanding and experience of Agile based development methodologies.
Education:
Relevant third level qualification in IT.
Microsoft MCP certifications would be an advantage.
by Sean Hegarty | 27 Jun 2016
In a previous blog entitled “How Can You Protect Yourself and Your Business from Potentially Costly Ransomware Attacks?” I discussed three ways in which you can protect your organisation. I broke it down into 3 steps that need to be taken to mitigate against the risk of being attacked and infected and suffering data or financial loss;
-
Step 1 – Create a human firewall.
-
Step 2 – Have up to date IT systems.
-
Step 3 – Have good backups.
In this blog I’m going to focus on how you create a human firewall in your organisation because remember, it’s the users who are being targeted by the cyber criminals. These criminals are using a variety of digital deceptions to trick users into opening email attachments or click on compromised links on websites. Today’s computer users, Employers and Employee’s, need to wise up fast and get with the program before your business pays a hefty price!
The Human Firewall?
When we talk about the human firewall we’re talking about computer users within your organisation and their levels of awareness and understanding about the cybercrime threats they face today. The digital world we live in now is vastly different from years ago. No longer can we curiously and carelessly click on things presuming that everything is safe on the internet. The new reality is that there is danger around every corner and as a computer user you need to take responsibility for your actions and be very clear that you know and understand what you are doing when using email and internet! Users must condition their minds to be much more security aware and continually be asking questions;
Who is this email from, do I know the sender? Why have I just received this particular email? Is this website safe, how do I know it’s safe? Why is someone asking me to download something, how do I know that this download is what it says it is? Is it really my boss asking me to transfer money into a bank account? Should I really be doing personal stuff on my company’s IT system and putting my employer’s business at risk?
The first line of defence that the cybercriminal needs to penetrate is the user, it’s the user’s interaction with the email or a link that allows a network intrusion. Only after the initial intrusion will the secondary layers of protection like a firewall and AV software come into play. Organisations must strengthen their first line of defence and this is achieved through security awareness training with the key objective to condition the user’s minds to the new security threats and realities.
Security awareness training
Users do not come to work with the intention of contracting a horrible crippling virus at their place of work and so will naturally be predisposed to being receptive to training in this area. Acquiring basic knowledge of the main cyber threats and an understanding of how social engineering works can make a huge difference in the awareness and ability of the user to be alerted to suspicious activity and to act on it!
Cyber criminals constantly innovate!
It is vitally important that users are kept up to date with the latest threats. Criminals are constantly coming up with new ways to hack your systems either through social engineering or other means. We all know about the Nigerian prince who wants to pay us an exorbitant sum of money for doing very little but next week it will be something different and the week after that something new again.
We’ve touched on social engineering already however its worth considering this point, there is often a huge amount of data in the public domain, on the web, about our organisation and on us as individuals, through social media. It’s not that difficult for a cybercriminal to carry out basic desk research on your company and employees and then use that information, in what is a premeditated and customised attack on your organisation. Information gathered from the web will make the trick even more convincing than usual to get you to open an email attachment or even transfer money to an account.
How to create the human firewall in your business?
- Give your staff “Be Alert to Cybercrime” Security Awareness Training.
- Get users to sign off on the training they received.
- Ensure your staff regularly receive the latest cybercrime threat information.
- Provide users with an easy way to report suspect emails.
- Carry out simulated attacks to test your human firewall and record the results.
DON’T BE A VICTIM OF CYBERCRIME! TOP 5 X TIPS FOR USERS!
- Develop a 6th “Security” sense when it comes to email, attachments, website links and confidential data.
- Slow down! Think first, Act second, not the other way around. Criminals want you to act quickly without thinking about your actions.
- Delete requests for personal or financial information or passwords.
- Be highly suspicious of unsolicited email! If an email appears to be from someone you know, treat requests made with suspicion and verify authenticity independently.
- Shut down your computer at night! You’ll save power and cut off the criminal’s opportunity to have unfettered access to your machine!
For additional information or help with Cybercrime protection please get it touch
