support download

Tel: 01 8734120 hcshcs

Businesses Warned To Be Vigilant As Invoice Scam Costs Business €200k

Businesses Warned To Be Vigilant As Invoice Scam Costs Business €200k

Gardaí are warning the business community of invoice redirect fraud and CEO fraud following an increase in these cybercrimes.

Cybercriminals have succeeded in defrauding companies of large sums of money. It is reported that one company lost over 200,000 and another lost almost 500,000, while many individuals and other businesses have lost smaller sums of money.

These types of cybercrimes consist of criminals sending emails to businesses or individuals purporting to be one of their legitimate suppliers.

Emails such as these, generally contain a request to change the bank account details that the business has stored for a legitimate supplier to an account that these cybercriminals have created.

Requests don’t have to come in the form of an email either, they can come by way of a phone call or letter. Due to this, Gardaí are recommending that businesses take caution in relation to these requests.

The goal of these cybercriminals is that when the legitimate supplier sends an invoice to your business seeking payment, the victim business acts on the new banking instructions, which sends payment to the criminal’s bank account where the funds are then transferred or withdrawn.

Most of the time, the victim business does not know it is a victim, until a time in the future when the legitimate supplier sends a reminder for payment.

CEO fraud is another cybercrime that Gardaí are warning businesses about. This crime takes place when an email appearing to be from the CEO or a senior member of staff is sent to a business’ finance team, requesting they pay a supplier or third party.

Gardaí have issued the following statement:

“Trust no email full stop. Incoming and outgoing mails can be blocked or redirected without you being aware. Assume all emails incoming and outgoing in your company are always being read by fraudsters for extended periods of time and that those responsible for payments within your company are a special target for hackers and their email history is being monitored. 
Check all incoming email addresses – that they are correct and coming from a trusted source. It’s important also to check other emails addresses copied on the mail chain, in order to check that they are also genuine. The hackers, by blocking others on the mail chain, isolate the individual making the payment, thus removing any other stakeholder from questioning the payment process. Simple changes such as swapping, adding or deleting letters in a mail address are commonly used to fool you into thinking it’s coming from a genuine source.”

A telltale sign of this cybercrime is a payment change request. Businesses should be especially vigilant when they are requested to change bank payment details. For example, amounts to be paid, account number, name of the bank, etc.

It is advised that employees call suppliers/vendors to confirm the change request before acting upon it.

Detective Chief Superintendent Pat Lordan, from the Garda National Economic Crime Bureau, said: “Victims of invoice redirect fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic and result in the closure of businesses and redundancies.’

He continued, “If you are not sure, pick up the phone and speak to someone in the invoicing company”.

Is your business protected against modern cybercrime? Learn more about how HCS Business Solutions can help you protect your business by contacting our team!

How To Choose Your Managed IT Security Partner

How To Choose Your Managed IT Security Partner

Business environments are continuously changing, thus forcing businesses in all industries to rapidly evolve to combat these changes. A key aspect of all industries that continues to evolve is security, in particular in terms of program governance, technology and execution. Although cybersecurity is complex and difficult to manage, many businesses try to manage and maintain cybersecurity internally. However, this can often lead to breaches as internal employees cannot keep pace with the role and lack the specialised skills and competencies needed to cost-effectively protect against the increasing range, volume and severity of threats. These challenges can often lead businesses to consider partnering with a Managed IT Security Partner. Partnering with a Managed IT Security Partner can help businesses navigate complex security issues within the rapidly changing realm of compliance and regulatory requirements. When choosing a managed IT Security Partner there are many areas that can help you add value to your partnership. Find out more below!

4 Must-Haves For Your Managed IT Security Partner

Proof of Security Impact & Effectiveness

Your business should not be blinded by meaningless metrics. Your partner should present you with strategic, operational and tactical metrics. These metrics should help you understand KPIs that track the overall effectiveness of security efforts. Your Managed IT Security Partner should demonstrate how security has improved over time and provide recommendations on how to further improve security.

Round The Clock Protection

Hackers never sleep and neither does your business. Your Managed IT Security Partner should offer round-the-clock threat protection. The faster the reaction, the quicker hackers can be pushed back and damage limited.

Customer Service

No two businesses are the same and your Managed IT Security Partner should recognise this. Your relationship with this partner should allow a flow of communication when needed. Responsiveness, communication and speed are pivotal in providing a high level of service.

Advanced Security Protocols

Many businesses still believe that traditional technologies like anti-virus and firewalls are the smartest security investment they can make. The fact is, attackers and malware have found ways to easily evade these controls, which is why you should partner with a Managed IT Security Partner that offers high-value security solutions, which allows your business to withstand sophisticated attacks.

Choosing the appropriate Managed IT Security Partner for your business is a vital step in ensuring your business stays protected against modern cyber threats. To learn about our Managed IT Security Services, contact our team! We can help you devise a cybersecurity plan which will combat sophisticated cyber threats that target businesses.

Start Your Managed IT Security Journey With HCS Business Solutions!

Should You Disable Autocomplete in Outlook?

Should You Disable Autocomplete in Outlook?

Microsoft Outlook is the go-to email application for employees around the world. It is where many employees spend a large amount of their work day. Over recent years, Microsoft has grown and evolved Outlook to give users a richer, more enjoyable experience. This integrated email experience for users has a feature referred to as autocomplete, which can autofill the contact details of a recipient.

Autocomplete/Autofill functionality has been available for many years. Once an email has been sent to a recipient, they will then appear in suggested recipients for future emails once you have typed the first few characters of their address. This simple functionality gives users a helpful and practical experience and is intended to improve productivity, as people don’t have to type the full email address each time.  Autocomplete also means you don’t have to add every user you contact regularly to your Outlook address book.

However, because of this, some risks can be associated with this feature, leading to potential data risks. There are also practical issues with this feature, such as;

  • If you enter a new email address incorrectly and send the email, e.g. ddasmith@company.ocm rather than ddasmith@company.com, this new address can be added to your autocomplete list, making it very easy to repeat the mistake in the future.
  • Inbound addresses can be automatically added to your suggestions, even if you have never emailed them.

The risks associated with Autocomplete/Autofill can also not be ignored. These risks may involve sending an email with sensitive data to the wrong recipient, Human Error happens regularly in business, however, some mistakes can lead to severe data loss and reputational damage.

One option to mitigate the risks associated with this issue is to stop using autocomplete, however, this may affect end-user productivity as employees would have to type the email address themselves.

While users are less likely to send an email to the wrong person in their autocomplete list, this may lead to a much larger risk of misdirected emails caused by mis-typiing an email address.

In time, people will end up creating their own ‘autocomplete list’ or address books in other applications, such as Excel, and could end up storing other associated personal data locally on their devices, creating data risks for your business.

We Can Help!

At HCS Business Solutions we can help your business utilise Office 365 to its full potential, while also training your team on the latest Cybersecurity trends to ensure your business remains protected at all times! To learn more, contact our team!

Windows Server 2008 & 2008 R2 End of Life – Risks of ignoring the deadline!

Windows Server 2008 & 2008 R2 End of Life – Risks of ignoring the deadline!

For many years many businesses have been utilising Windows Server 2008 and 2008 R2 technologies. Within these years, however, technology has advanced and due to continuing updates, from January 14th, 2020 Microsoft will no longer support Windows Server 2008 and 2008 R2. This means that Microsoft will no longer provide security updates, exposing your business to security risks, downtime, data protection threats, non-compliance and many more cyber threats. These risks will primarily increase as hackers become aware of weaknesses in these servers and seek to exploit them. The End of Support deadline should be seen as an investment opportunity for your business’ future as upgrading your ageing servers and operating systems will protect your infrastructure, reduce costs and provide significant benefits that will outweigh the cost of upgrading and the risks of not doing so.

5 Risks of Using Outdated Technology

1) System downtime as you waste time fixing IT issues instead of focusing on your business objectives

2) Increased costs as you spend time fixing IT issues instead of growing your business

3) Decreased productivity as employees work to resolve IT issues instead of focusing on business tasks

4) Security holes in outdated software leaves you more open to cyber attacks

5) Legal compliance risks as auditors can fine companies that do not transition from unsupported software

Doing nothing is not a viable option as businesses must begin planning their migration strategies now to avoid disruption.

We recommend a straightforward four-step process:

1) Discover: Determine which applications are running on Windows Server 2008 or 2008 R2

2) Assess: Categorise applications and workloads by type, importance, and degree of complexity

3) Target: Choose a migration destination for each application and workload, either on-prem or in the cloud

4) Migrate: Build your migration plan and begin the migration

Start your Windows Server 2008 and 2008 R2 Upgrade Journey today!

At HCS Business Solutions, we have helped many businesses like yours through the emigration process. For help in planning and executing your migration strategy, contact our expert team by emailing enquiries@hcs.ie!

5 Recommendations For Cybersecurity

5 Recommendations For Cybersecurity

Cyber Security is an essential aspect of all businesses, however many businesses fail to make it a priority, thus leaving your business and team members vulnerable to sophisticated cyber threats from experienced hackers. There are many basic steps a business can take to ensure that your sensitive data is guarded against potential threats. To learn more, contact our expert team!

Utilise A Modern Operating System

Using a modern OS is essential to a business’ cyber security. An example of this is the Windows 7 End of Support Deadline that is quickly approaching. From January 14th, 2020, Microsoft will no longer support Windows 7 devices, therefore leaving them open to cyber threats.

Password Hygiene

Users should update passwords regularly and businesses should enforce password policies to ensure passwords are as secure as possible. Similar passwords should not be used on multiple devices/services and users should be discouraged from sharing passwords with others.

Multi-Factor Authentication

Multi-Factor Authentication is a means of logging in to your accounts through using two or more verification techniques. Hackers are less likely to be able to breach these accounts when multiple factors of authentication are requested. As passwords can often be hacked through brute force or simple guessing, a second level of verification will ensure data security is maximised.

Beware When Working Out Of The Office

When connecting to hot spots it is recommended that you utilise a VPN to ensure security is maintained on your device. Generally it is recommended that when working outside of your office, do not connect to public hotspots. These hot spots can leave your device open to security breaches from unknown attackers.

Backup Your Data!

There are many reasons to back up your data, such as data loss, hacking, data breaches, ransomware, etc. It is essential that you back up all data to the cloud to ensure that copies are stored securely. This will help your business avoid essential data loss that will impact your business activities and processes.

Want to learn more about Cyber Security? Contact us below!

Businesses Beware, Social Engineering Attempts Are On The Rise!

Businesses Beware, Social Engineering Attempts Are On The Rise!

Those who work in IT and Cybersecurity are all too familiar with  Social Engineering. These types of attacks have increased in recent years which has caused many businesses to lose data through data breaches.

What is Social Engineering?

Social Engineering is a cybercrime which involves hackers taking advantage of employees to access private information. Social engineers generally pose as a person that the victim would trust, e.g. a colleague, friend or a company that the business works with. This ‘trust’ is then used to trick the victim into clicking a link which will then steal passwords and/or confidential information.

For hackers, it is often easier to take advantage of an individuals trust rather than hack into a system. Although Social Engineering is not a new concept, Social Engineering techniques have certainly become more sophisticated and personalised. This has made them even more difficult to recognise.

Examples of Social Engineering

To help you spot a Social Engineering attempt, we have a selection of examples below. However, Social Engineering may be presented in a variety of ways, it is essential that team members are diligent in ensuring they do not fall victim to there cyber breaches.

The Boss

This Social Engineering attempt looks like an email from your boss requesting your assistance with something urgently. This could be a request for files containing confidential information etc. This can lead to unauthorised individuals having access to sensitive data that can damage your business or cause serious delays in processes.

The Account Suspension

This is a difficult one to dismiss. If you receive an email that your account has been suspended or compromised and you need to verify your information or reset your password, double-check with your IT provided to ensure it is legitimate as these emails can seem authentic. If you are unsure check the site that the email is supposedly from to ensure it is official and if there are any notices or warnings for users. Just be sure not to click the link embedded in the email.

The Dream Offer

If you hear from a LinkedIn recruiter offering you the role of your dreams, with all the benefits and perks you could wish for, be wary! If you receive one of these, ensure that it is official and not an attempt to steal your data. Although there are many recruiters online headhunting people, ensure that the email is official and not an attempt to steal data.

 

A lot of cyberattack prevention comes down to ensuring your team members are appropriately trained to spot these attempts. To learn more about Social Engineering and how to train your team to protect your business’ confidential data contact our team!

Begin your journey in improving your busiess security by contacting our expert team today!