Cyber Security Archives - HCS
Webinar: Fortinet Security Fabric Managing Risk and Reducing Complexity

Webinar: Fortinet Security Fabric Managing Risk and Reducing Complexity

Organisations are rapidly adopting digital innovation (DI) initiatives which often involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organisation’s footprint to new branch locations. More recently the move to a remote and distributed workforce has meant some organisations have had to rapidly adapt their infrastructure.

With an evolving infrastructure  comes security risks. Organisations must cope with growing attack surfaces, advanced threats, increased infrastructure complexity, and an expanding regulatory landscape.

On Wednesday Nov 18th at 12pm we will be hosting a webinar with our partner Fortinet who are the world’s leading IT provider of Enterprise Security Solutions. In this webinar we will explore how The Fortinet Security Fabric enables desired DI outcomes while effectively managing risks and minimising complexities.

Last few places available. Book a seat here https://buff.ly/3pjteeg

Fortinet Security Solutions

HCS in the Business Post: Making Security a Priority

HCS in the Business Post: Making Security a Priority

Dan Hegarty, HCS Director was interviewed by The Business Post on why businesses must make security a matter of undivided attention. Dan explains how HCS, as Ireland’s leading Select Partner for Fortinet, delivers not only world class security solutions but the expertise to build on every deployment to make the most of the right technologies for different situations.

In his article Dan suggests that for organisations looking to respond to evolving challenges effectively, there can be a financial barrier to invest in professionals with security skillsets. Managed services can offer an alternative route to achieving comprehensive security, compared with the need to invest in individuals.

“Covid-19 has seen businesses face a steep learning curve to secure productivity and that extends to providingscalability for growth in an unusual time. Providers like HCS are well-positioned in the industry to address these evolving needs.”

To read Dan’s article click here. 

Learn more about our Security Solutions and Services and Contact Us to speak to one of our team.

 

5 easy steps to secure your remote workforce against costly cyber attacks

5 easy steps to secure your remote workforce against costly cyber attacks

With tens of thousands globally working from home and likely to for the foreseeable future IT Security is more important than ever. The FBI have reported a staggering 400% increase in reports to their cyber division since the pandemic began. Cyber criminals use a variety of methods to gain trust and entry into inadequately protected networks. Hackers frequently exploit Office 365 via known weaknesses in the out-of-the-box security configuration and with more sophisticated and convincing phishing emails they can lure people to enable their attack attempts.

Cyber protection measures are varied and can be overwhelming. This guide simplifies what you need to do to step up your IT Security. First here are some real life examples of how attacks happen:

Scenario 1. A hacker sends a cleverly compiled email with an attachment or link to a file loaded with Malware and before you know it, you’ve been hit with Ransomware!

Scenario 2. A hacker sends a very official looking branded email, containing a link for you to login to Office 365, but it wasn’t Office 365. Now they have your login credentials and they can login to your account from anywhere in the world. We have seen hackers setup inbox rules to forward emails containing IBAN etc. out to a Gmail account. This can go completely undetected.

Scenario 3. Once a hacker has access to your Office 365 account, they can intercept routine emails e.g. for accounts payable invoices and then change the target bank account numbers to their own and seek payment.

Here is how to reduce your risks by 99%!

1.SETUP ADVANCED THREAT PROTECTION EMAIL FILTERING

Bad actors are constantly finding ways to get in front of your users. You need an email filtering system that evolves as the threats do and filters out all of the bad emails before your users even lay eyes on them. The best email filtering systems use “sandboxing” so that if your users open attachments or links they are first opened or “detonated” in a safe environment before actually opening for the user on their screen.

Advanced Threat Protection should be added to each Office 365 user subscription.

2. SET SECURITY POLICIES & MONITOR COMPLIANCE

It’s worth sitting down thinking about who needs access to what, from where and when. Segregate your users into logical groups e.g. Static Office User & Mobile Users. Then create policies for each logical group. Once these are configured in Office 365, we can monitor them and report on them and be alerted of any changes to them. Unfortunately, it’s not a case of “set and forget”. Settings can change for various reasons and you can’t be sure your policies are enforced if you don’t audit them frequently.

Restricting access to Office 365 from within Ireland and/or setting up multi-factor authentication are two of the most effective things you can do to eliminate hacked accounts.

365 Protect is a management tool that enables us to manage, monitor and report on your Office 365 tenancy as well as enabling us to respond to preconfigured alerts.

3. BACK UP YOUR OFFICE 365 MAILBOX, ONEDRIVE & SHAREPOINT DATA

Many people assume that saving their data into their personal OneDrive means it’s backed up. But that’s not strictly true. Even though it’s in the cloud, Microsoft only replicates your data for availability purposes. This means that it takes the most recent file version and saves a copy. If your files were locked for ransom or they were infected with malware, the replicated copies may not be retrievable, or at best, it could take up to 6 hours or more to retrieve just one file. Think about how that may affect your business.

HCS Managed 365 Backup automatically backups up data in your mailbox, your OneDrive and SharePoint.

4. PROTECT YOUR ENDPOINTS

Once the perimeter has been breached, your last line of defence is generally the anti-virus software running on your desktop and server. Traditionally, these solutions work from a known list of virus signatures and rely on a central database for updates. Such solutions have been poor at preventing ransomware attacks and result in significant disruption and cost.

Modern Endpoint Detection and Response solutions are an upgrade from traditional antivirus and incorporate Al learning to detect abnormal activity on each Endpoint. They also incorporate features to “rollback” a ransomware attack and automatically disconnect a PC/Laptop from the network.

5. TRAIN YOUR USERS IN CYBER SECURITY

The bad actors are always looking to be one step ahead. They do this by exploiting the habits of your users and vulnerabilities in the software systems. There is always a chance that they will circumvent the security measures you have in place. Therefore, making your users cyber security aware, is an important part of your strategy to catch what all else fails to.

In addition to all this above you should setup internal controls to follow before making payments online.

Our team of security experts can help you determine what solutions you need to put in place. They will review what you currently have, identify where the gaps are and make easy to digest recommendations to reduce your cyber risk. We speak your language, we don’t over do the tech talk. We understand what businesses need and we partner with the best in IT Security to bring enterprise level, tried and tested solutions that fit businesses of all sizes within their budgets.

Contact us today to have a no obligation conversation with one of our team. 

Cybersecurity During Covid-19

Cybersecurity During Covid-19

It is expected that the Covid-19 outbreak will increase the amount of employees who are impacted by cyber threats. As businesses react to significant environmental challenges, hackers may use this opportunity to infiltrate systems and steal essential data.

It has been noted that in recent weeks Phishing Attempts have increased, with hundreds of Covid-19 themed emails being sent daily. These phishing emails may contain false bank information, links to false VPN or Video Conferencing software and more.

With this in mind, how can you protect your staff?

Three Ways To Manage Covid-19 Cybersecurity Risks

1. Ensure Your Team Can Work Remotely Securely

Covid-19 has forced businesses to embrace remote working. Due to this your business’ IT infrastructure and requirements may have evolved, because of this your business’ vulnerabilities may have changed.

During times of crisis such as this, businesses must:

  • Advise employees that cyberattacks are more likely to occur and their role in maintaining security.
  • Advising staff to only use company-approved solutions
  • Ensure remote access systems are fully patched and security configured
  • Review key security controls which may have been overlooked
  • Ensure employee training is up to date. Remote cybersecurity training is a fantastic resource  to ensure your team are aware of modern threats and how to manage them

2. Ensure Functionality of Critical Systems

As the Covid-19 outbreak develops, businesses need to be strategic and resilient. Ensure that your IT systems are managed and maintained and that your cybersecurity systems are monitored and updated where necessary.

3. Train Your Team

Cybersecurity threats are ever-evolving and your team should be updated on potential threats that they may encounter. Businesses should be prepared for loss of data through cyberattacks such as Phishing Attempts and Brute Force, but also through Human Error.

How can we help? Secure your data during the Covid-19 outbreak by contacting our Expert security Team today!

Cybersecurity Risks To Be Aware Of In 2020

Cybersecurity Risks To Be Aware Of In 2020

2019 has seen cybersecurity awareness increase, primarily due to increased threats and updates. Although the majority of businesses are now more aware of the importance of cybersecurity, most are struggling to implement appropriate protocols internally. However, in 2020, cybersecurity will continue to be an important aspect for businesses worldwide. Data breaches, automation and integration will all impact cybersecurity within 2020.

As 2019 was a time of growth for cybersecurity awareness, 2020 is expected to continue this trend.

Data Breaches Are A Major Cyberthreat

Data breaches are expected to continue to be the most common cybersecurity risk in 2020, with data being set to remain as a valuable commodity for hackers and cybercriminals around the world.

In recent times, legislation, such as GDPR has helped put Data Security to the forefront of cybersecurity concerns, however, businesses must think about the other various risks that a data breach can present to a business and not just legislative issues.

Cloud Security

Throughout 2020 it is expected that businesses will continue to migrate their processes, infrastructure and data to the cloud. Because of this, protecting data and critical infrastructure requires a proactive approach from Managed Security Partners.

Due to the popularity of the cloud, cybercriminals will continue to create sophisticated threats with the aim of infiltrating your business’ cloud systems. If your cloud is not secured properly, this could lead to major data breaches.

Growing Awareness Of Data Back-Ups

Digital Transformation is an ongoing trend within businesses and has raised awareness of cybersecurity issues. This affects businesses of all sizes, from SMBs to Enterprises.

Businesses have realised that cybersecurity and backing up data is not a luxury but an essential aspect of any business.

Mobility Can Hamper Cybersecurity

With the rise of cloud computing, mobile use for work purposes has also increased, with many employees accessing data and documents through devices such as mobile phones and tablets.

Due to this, 2020 is expected to see an increase in data breaches through mobile devices. Every device that is used to access company systems is another endpoint to secure to ensure vulnerability is minimised.

Phishing Attacks

Phishing Attacks are set to remain as a common cyber threat, as it is seen by cybercriminals is an effective method of obtaining user credentials, distributing malware, cryptojacking, stealing money, etc with ease.

The most effective way to counteract Phishing Attacks is to train your team to recognise these attempts. In 2020, cybersecurity training should be a key aspect of your cybersecurity strategy.

Now is the time to begin your cybersecurity strategy for 2020! To learn more, contact our team today!

Businesses Warned To Be Vigilant As Invoice Scam Costs Business €200k

Businesses Warned To Be Vigilant As Invoice Scam Costs Business €200k

Gardaí are warning the business community of invoice redirect fraud and CEO fraud following an increase in these cybercrimes.

Cybercriminals have succeeded in defrauding companies of large sums of money. It is reported that one company lost over 200,000 and another lost almost 500,000, while many individuals and other businesses have lost smaller sums of money.

These types of cybercrimes consist of criminals sending emails to businesses or individuals purporting to be one of their legitimate suppliers.

Emails such as these, generally contain a request to change the bank account details that the business has stored for a legitimate supplier to an account that these cybercriminals have created.

Requests don’t have to come in the form of an email either, they can come by way of a phone call or letter. Due to this, Gardaí are recommending that businesses take caution in relation to these requests.

The goal of these cybercriminals is that when the legitimate supplier sends an invoice to your business seeking payment, the victim business acts on the new banking instructions, which sends payment to the criminal’s bank account where the funds are then transferred or withdrawn.

Most of the time, the victim business does not know it is a victim, until a time in the future when the legitimate supplier sends a reminder for payment.

CEO fraud is another cybercrime that Gardaí are warning businesses about. This crime takes place when an email appearing to be from the CEO or a senior member of staff is sent to a business’ finance team, requesting they pay a supplier or third party.

Gardaí have issued the following statement:

“Trust no email full stop. Incoming and outgoing mails can be blocked or redirected without you being aware. Assume all emails incoming and outgoing in your company are always being read by fraudsters for extended periods of time and that those responsible for payments within your company are a special target for hackers and their email history is being monitored. 
Check all incoming email addresses – that they are correct and coming from a trusted source. It’s important also to check other emails addresses copied on the mail chain, in order to check that they are also genuine. The hackers, by blocking others on the mail chain, isolate the individual making the payment, thus removing any other stakeholder from questioning the payment process. Simple changes such as swapping, adding or deleting letters in a mail address are commonly used to fool you into thinking it’s coming from a genuine source.”

A telltale sign of this cybercrime is a payment change request. Businesses should be especially vigilant when they are requested to change bank payment details. For example, amounts to be paid, account number, name of the bank, etc.

It is advised that employees call suppliers/vendors to confirm the change request before acting upon it.

Detective Chief Superintendent Pat Lordan, from the Garda National Economic Crime Bureau, said: “Victims of invoice redirect fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic and result in the closure of businesses and redundancies.’

He continued, “If you are not sure, pick up the phone and speak to someone in the invoicing company”.

Is your business protected against modern cybercrime? Learn more about how HCS Business Solutions can help you protect your business by contacting our team!