Category Archives: IT Services

The University That Was Hit by a Cybersecurity Attack (and the 6 Cybersecurity Vulnerabilities You Need to Check)

cyber security ge8cb3c780 640

VULNERABILITY 1 – LACK OF ENDPOINT DEFENCES

Many enterprises fail to set up defence mechanisms. This means their organisation is more susceptible to cyberattacks, allowing targets to easily access their servers.

Inadequate endpoint defences can turn them into vulnerabilities, including the use of signature-based antivirus platforms. They’re no longer efficient since many tech-savvy criminals can quickly bypass them.

Additionally, many programs don’t monitor unexpected or unusual behaviour. They may also be unable to investigate or respond to endpoints, especially on larger scale.

The best way to address these issues is to invest in cutting-edge endpoint defence tools that involve next-generation antivirus, response, and behavioural analysis capabilities. They provide a comprehensive evaluation of malicious actions and flexible prevention options.

If you’re operating a traditional antivirus platform, consider upgrading it to a version with in-depth behavioural inspections. You could also use detailed compromise indicators, forensic details, and real-time response functionality.

VULNERABILITY 2 – POOR ACCOUNT PRIVILEGE CONTROL

Limiting the access privileges of your software users is the hub of controlling vulnerabilities. The less information they can access, the less harm they can do if they have a compromised account.

The problem comes if your company doesn’t control your user account access, enabling practically any user to have administrator-level privileges. It gets even worse if your configuration allows unprivileged members to set up admin-level accounts.

Therefore, you should grant access only to those team members who can’t carry out their duties without the access.

You also need to ensure new accounts don’t have administrator-level access. This helps prevent less-privileged users from creating additional privileged accounts.

VULNERABILITY 3 – COMPROMISED OR WEAK CREDENTIALS

registration g1ba9c5ccd 640

Your password and username may be the most widely used access credential. And cybercriminals can easily compromise them, exposing your user credentials.

This usually happens when an unsuspecting team member falls victim to phishing and enters their login information on a fake website. And with compromised credentials, an intruder gains insider access.

Even though analysing and monitoring can help identify malicious activity, these credentials can bypass security and impede detection. The consequences vary, depending on the access they provide.

For example, privileged credentials offer administrative access to systems and devices, posing a higher risk than consumer accounts.

Keep in mind that humans aren’t the only ones who own credentials.

Security tools, network devices, and servers generally have passwords to enable communication and integration between devices. Intruders can utilise them to activate movements throughout your enterprise – their access is almost unlimited.

To avoid this scenario, you should implement stringent password controls. Another great idea is to include longer and complex passwords, as well as frequent changes. Combining these principles is another effective method to prevent compromised credentials.

VULNERABILITY 4 – LACK OF NETWORK SEGMENTATION

Cybercriminals can target inadequate network monitoring and segmentation to obtain full access to your system. This is a huge vulnerability as it enables attackers to maintain their access longer.

One of the leading causes of this weakness is the failure to develop subnet monitoring or outbound activity control

Overcoming this obstacle in a large company can be challenging if hundreds of systems send outbound traffic and communicate with each other. Nevertheless, solving the problem is a must.

To do that, you should primarily focus on controlling your network access in systems within your subnets and building robust detection strategies for lateral movements. Plus, make sure to pinpoint strange DNS lookups, behavioural traffic trends, and system-to-system communication.

Also, segmentation, firewalls, and proxies can help create restrictive policies for system communications and traffic.

VULNERABILITY 5 – MISCONFIGURATION

Misconfiguration refers to errors in your system configuration. For instance, enabled setup pages and default usernames or passwords can result in breaches.

If you don’t disable setup or application server configuration, hackers can recognize hidden vulnerabilities, giving them extra information. It’s because misconfigured apps and devices are an easy gateway for cybercriminals to exploit.

To prevent this, establish systems and procedures to tighten the configuration process and employ automation whenever possible. Monitoring device and application settings and comparing them to the best practices also reveal potential threats across the network.

VULNERABILITY 6 – RANSOMWARE

Ransomware is cyber extortion that prevents users from accessing their data until the attacker receives a ransom. They instruct the victim to pay a certain fee to obtain their decryption key. The costs can reach thousands, but many criminals also opt for Bitcoin payments.

Making sure your system is ready to address a ransomware issue is integral to protecting your data. To do that, keep your system up to date with the latest security standards as it reduces the number of vulnerabilities. Another recommended defence mechanism is to stick to trusted software providers.

NEUTRALISE THREATS FOR PEACE OF MIND

Successfully running a company with poor cybersecurity measures is virtually impossible. The risk of losing precious data and reputation is just too high.

To ensure your organisation isn’t a sitting duck for cyberattacks, you must implement reliable defence strategies.

To figure out the problem with your IT, reach out to us for a quick, obligation-free chat. We’ll see if we can help you boost performance and set up an impregnable system for your business. Take a look at our services page here: https://www.cirrusits.co.uk/human-risk/

This blog article by Cirrus IT Service is adapted with permission from The Technology Press.

Featured Image Credit: Darwin Laganzon from Pixabay

 

Stay Systems Safe with Patch Management

patch 2328289 640

In the two years since the May 2017 large scale cyber-attack called WannaCry there has been much publicity about the widespread mayhem that cyber attacks can cause across many thousands of organisations worldwide. Since that time, we’ve seen an increase in the number of organisations asking about our Managed Service. With the benefits of multiple layers of security, our customers have accurate spam filters, antivirus, antimalware, filtering, content control, firewalls and more.

Patch management is the most common type of IT service offered by managed service providers (MSPs). After all, patch management is an effective way to strengthen security. We thought it would be a good time to talk about why patch management is so important. With Microsoft end of support for Windows 7 looming, business owners will be stuck without security patches after January 14th2020.

What is Patch Management?

Put simply for anyone reading this blog who doesn’t manage IT; patch management adds changes to existing software to add up-to-date security functions. Using a patch is used to address a specific bug or cyber attack; it’s often called a fix.

Why Outsource Patch Management?

For any IT managers looking to justify spending a part of their IT budget on keeping track of addressing IT threats, patch management is vital. Depending on the number of workstations and system involved, it can be a full-time job for someone hands-on. Fortunately, a managed services provider can deliver the service remotely.

Our monitoring processes discover latest vulnerabilities every day. We receive releases of critical patches from worldwide security experts and implement patches as soon as they are available.

We know from experience that reserving work related to core business needs and business specific IT issues is best for organisations own in-house IT team.

How to Find the Best MSP for you.

Many MSP providers claim to have excellent patch management programs. We’re happy to provide proof, customer testimonials, industry certificates. And you can see from our track record of growth, that our customers refer other business owners to us.

For an MSP to trust, please do contact us for more information.

How to choose the right size Backup Solution for your Business

one size does not fit all clipart 850 354

When it comes to backups, it’s certainly not a case of one size fits all

There are so many great options available, so how do you know which is best for you and your business?

Should you be using cloud or on-site storage, image or file-based backups?

Here’s my practical, simplified guide about what you need to consider and why.

First, let me explain two critical backup measurements – Restore Point  – Restore Time. Continue reading

What is “The Cloud”?

Cloud Header Image

This phrase “The Cloud” has become so commonplace over recent years that many people are now afraid to ask what it is. As the technology is talked about all the time, most believe that they should already know all about it, so think that asking would make them look silly or uneducated.

Continue reading

Ransomware Cyber-Attack Information

It will not have escaped your attention that Friday 12th May 2017 an unprecedented large scale cyber-attack has been causing widespread mayhem across more than 150 Countries and affecting thousands of organisations, including the NHS.
This attack has been all over the news and there has been lots of differing advice passed on from multiple sources, leaving people confused and concerned.  This information is intended to help clarify the situation and reassure computer users on how they can protect themselves from becoming a victim.

Continue reading

Why is Office 365 Microsoft’s fastest-growing corporate product ever?


… find out for yourself with a free trial on us*.

Microsoft

As a Microsoft Partner we can now offer free trials for yourself and up to 24 of your colleagues to test drive Microsoft’s fastest-growing corporate product for yourself and see what all the fuss is about.

*Trials are subject to geographic restrictions, these trial subscriptions are provided for UK Businesses only.

We have setup the following 3 trial links depending on the products you want to test drive with the most feature rich subscription level at the top.

Buisness_is_better_with_office365

You can change your subscription at any point so why not start at the top and test drive everything before deciding on which subscription you want to stay with and which applications you can do without.

  1. Office 365 Enterprise E3 Trial – 25 user licenses
  2. Office 365 Business Premium Trial – 25 user licenses
  3. Office 365 Business Trial

To see the difference between subscriptions levels, check out this page

https://products.office.com/en-GB/business/compare-more-office-365-for-business-plans