Are you using a malicious browser extension?

/in , /by


There are hundreds of thousands of browser extensions designed to help us to save time, be more productive, and personalize our online experience.

And while the majority of them do what they’re supposed to, some are not designed to help you at all…

If you’re unfortunate enough to download a malicious browser extension without realizing, it could harm your productivity and even flood your work with unwanted advertising.

This is known as adware. It’s a form of malware (malicious software) that’s designed to bombard you with unwanted adverts.

It can also change your search engine and send you to affiliate pages when you’re making purchases. These activities generate revenue for the extension’s creators.

In a recent report from a cyber security company, it revealed more than 4 million of its customers have been attacked by adware hiding in browser extensions over the last couple of years.

And often people didn’t realize they were under attack.

There’s a darker scenario where these malicious extensions are hiding actual malware which can infect your computer.

This can lead to sensitive data such as your logins or even payment details being stolen. And of course malware can spread across an entire network.

To keep your business and its data safe from the risk of malicious browser extensions, it’s important you only ever download them from reliable and trusted sources.

Read reviews and look at ratings. If a browser seems too good to be true it probably is.

As the business owner, you might also look into controlling which extensions can be installed by your team. We can help with this, as well as looking at up-to-date software protection and (fun) security training for your team.

Passkeys could improve the way you work

/in , , /by


Back in May, we heard there would soon be a successor to the password – the Passkey.

Now, we’re hearing that Apple will start rolling out Passkeys in the next few months in iOS 16. And we’re excited.

Though it’s caused a bit of confusion. Apple is going to great lengths to market the Passkey, and understandably, people have assumed that it’s a feature exclusive to Apple.

That’s not the case.

In fact, Passkeys will be used in a joint effort to boost online security by Apple, Microsoft and Google. The reason Apple is promoting this new feature so hard is to get the message out there.

Microsoft and Google are also keen to spread the word so that people understand how Passkeys work.

The more people take advantage of Passkeys, the safer our businesses are online.

Passkeys – otherwise known as FIDO authentication – work by letting you log into an app or website with just your username and your pre-authenticated device, most probably your phone.

Your device generates a cryptographic token, which makes the second part of a cryptographic key pair. When the pair matches, you’re allowed access to the app or website.

What that means in practice is when you’re logging in, you just use your phone to prove its really you. You’ll just unlock it using your face, fingerprint or PIN.

So long as your phone is within Bluetooth range of your computer it will work.

And without needing a password… bliss…

It’s a far more secure way to access apps and keep your accounts safe from cyber criminals. You never see your cryptographic token, so it takes away a lot of the danger of having your login credentials stolen.

Cyber criminals will be unable to use their normal tactics – such phishing emails, brute force attacks, or key loggers – to steal your credentials.

They’ll need your physical device, making remote hacking much less likely.

If you use Windows Hello, you’ll see that Passkeys are already supported. And it won’t be long until all three tech giants roll out support across their entire product range.

Before then, if you’d like any help or advice on keeping your apps and accounts safer, just give us a call.

See if your email has been stolen

/in , , /by

Find out if your business is being targeted by hackers.

Using this tool you can see if your e-mail or phone number has been compromised.

Make sure to enter your mobile number in international format, such as 14841234567.

This is powered by Have I Been Pwned.

If your data has been compromised, it’s possible cyber criminals have used it to attempt to access your systems.

Please contact a cyber security specialist immediately. We can help.

Watch how easily your business can be hacked

/in , , /by

Hacking and phishing scams are easily the greatest threats to your IT systems. In this week’s video series, we show you the perspective of both the hacker and a victim’s business.

Using the help of an ethical hacker, this first video shows how easy it is to encrypt your data and demand a ransom.

The second video shows how a login portal can trick you into giving up your own login credentials.

In the final video our ethical hacker exploits an operating system that hasn’t been updated.

We hope these videos have helped you understand how easily your IT systems can be compromised. Without the proper training, software, or resources, a hacker can ruin your business. Get in touch for a consultation of your business and its IT security.

Read this to avoid phishing scams

/in , , /by

Phishing scams are one of the biggest security threats to your business right now.

A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.

But to make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into taking action and giving away their login details.

This new kind of phishing attack begins like most others.

You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked.

You’re then asked to click a link to verify your email address and password.

That’s worrying enough, right?

But what makes this phishing attack even more dangerous, is the countdown timer that appears on screen.

Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends, otherwise your account will be deleted.

Yes, deleted! That catches a lot of people’s attention.

This is a powerful manipulation tactic designed to scare people into taking immediate action – and think later.

In reality, if that countdown hits zero nothing will happen. But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is the real deal or not.

The page you’re entering your details on is fake. Criminals will steal your details and login to your real account. That’s a major problem you don’t ever want your business to face.

You’ll be at risk of data theft, financial loss, or malware, as well as potentially putting other accounts at risk (if you’ve reused your password).

Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.

Here are some basic phishing protections for you and your team.

Look at the email address the email was sent from. Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.

If you think you’ve fallen for this kind of scam, it’s important you change your login details immediately. Don’t click a link in an email – type in the website address in your browser.

We’d also recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have.

It will store these passwords for you. And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).

Share this article with your whole team right now. And if anyone ever clicks a link they’re not sure about, ask us how to keep your business safe.

Windows 10 is getting a very useful Windows 11 feature

/in , /by


There’s no denying the Windows 11 has a lot of really cool new features.

If you haven’t made the move from Windows 10 yet, you’re missing out.

But there’s good news. To make the (eventual) move from Windows 10 to 11 a little easier, Microsoft is sharing a couple of 11’s most useful features.

The first should make printing a little easier. We can hear your cheers from here! Anything that makes printing easier is OK in our book too. Printers don’t have a terrible reputation for nothing…

This feature makes printing PIN-protected. That means when you want to print a document, you’ll send it off to the printer – but it’ll only print when you’ve reached the printer and entered your PIN.

This removes the risk of you printing something confidential and leaving it on the printer for everyone to see.

Or accidentally printing several copies of the same document. Yes, this will reduce paper waste.

And that’s not all…

There’s a second really useful feature coming over to Windows 10. It’s called Focus Assist and works alongside do not disturb.

Switching on do not disturb is great when you want a little uninterrupted time to finish a task or do some research. But if you use it a lot, you might miss a notification that you really needed to see.

Focus Assist stops that from happening. You use it alongside do not disturb and it still allows important and time-sensitive notifications and messages to reach you.

These features have been in testing since June this year. There’s still no date for when they’ll be released to everyone with Windows 10. But they’re on their way.

If you can’t wait to try more of the time saving and productivity boosting features that Windows 11 has to offer, give us a call to see how we can help you make the switch.

Is working from home really good for your business?

/in , /by


Working from home. Or remote working, as it’s now called.

It’s the big thing in business, isn’t it? And some people love it.

They’re happier working where they want, and when they want. And that makes them more productive and less likely to leave.

But have you stopped to consider the downside to remote working? The negative elements for your business and your people?

While many employees are happy to work from home using video calls and collaborative software to stay connected, there’s a small percentage who find the whole experience isolating.

And when that happens, it can quickly lead to a drop in motivation and happiness. It can even change the culture within your business.

In turn, this can lead to performance issues which may be trickier to spot.

At the other extreme, some employees will become more susceptible to burnout as they struggle to draw a line between work and personal time. That change in environment can be so important for some.

And while you want your team to be happy and fulfilled in their roles, there are also some practical considerations you need to make for your business.

Such as the cost of remote working. Does everyone have the right tools for the job – laptops, phones, office equipment? Maybe even a desk and chair, or an internet upgrade?

Do you need to spend twice – giving them an at home setup and investing in hot desks in the office?

Most importantly, you must put in place full cyber security protection wherever someone is working.

Here’s how we can help you stay safe and potentially save money.

Would you like us to audit your current setup and suggest some options? This is what we do every day. Just get in touch.

Microsoft’s taking leadership on AI

/in , /by


Microsoft’s decided to retire and rework an AI tool that could not only recognise our facial features, but also identify our mood.

Azure Face is an emotion recognition tool. These are highly criticised by experts who believe they violate human rights.

Microsoft has just published the updated version of its Responsible AI Standard.

It wants AI to be a positive force in the world, and says it recognised Azure Face has the potential to be misused.

It seems like it’s not goodbye for good for the AI facial recognition technology though. Although the public won’t be able to access it, Microsoft sees the value of controlled access for specific needs, such as assistance for the visually impaired.

One thing that has been cut is the AI’s ability to recognise individuals based on their gender, age, hair, and even facial expression. The concern is that the feature could be used by cyber criminals to impersonate individuals and commit fraud.

On top of the Azure Face change, Microsoft’s also limiting which businesses can access its Custom Neural Voice service. This is a text to speech app that’s said to be very lifelike.

In other related news, it’s not the only new step that Microsoft is taking right now to help protect us from fraud and threats.

It’s also adding new features to its email service in Microsoft 365, that improve how something called Tenant Allow Block List works.

Previously, this was a feature that allowed people to block contacts. If a blocked contact tried to email you, the email wouldn’t reach you.

Now, Microsoft is previewing an additional control which also allows you to stop emails being sent to these blocked contacts, too.

It means the threat of being caught out by a phishing scam is reduced, giving you another layer of security as part and parcel of your Microsoft 365 subscription.

With phishing scams becoming increasingly more dangerous, it’s not a moment too soon in our view.

The feature should go into preview soon, and is expected to be available by the end of the month. In the meantime, if you’re concerned about your business’s email security, get in touch.

Ever wondered if your apps are spying on you?

/in , /by


It’s no secret that some applications are a little too interested in us and what we’re doing.

We’ve all had this experience. You might be talking to a friend about a new product that you’d like to try. Or perhaps you’ve discussed somewhere you’d like to visit.

Then the next time you go online you see adverts for the exact things you were talking about.

It’s more than a coincidence, surely???

Until recently, we haven’t had a lot of control over what information our apps are gathering about us.

Android and iOS first stepped up to give us more power over our online privacy. We were given the ability to control which apps could access our data, and sensitive things like our camera and microphone.

But while it’s easy to think of this only being an issue with phones… laptops have the same problems.

So, here’s some great news. Microsoft’s testing a new feature in Windows 11 to put the power back in our hands.

It’s currently testing a new feature – called Privacy Auditing – which allows you to see which applications have been accessing sensitive hardware, like your webcam and microphone.

You’ll also be able to see if your screenshots, messages, and even your contacts and location data have been accessed. And there’s a log of which apps accessed this info, and when.

When launched, the feature will be available in your Privacy & Security menu, under App Permissions.

There you’ll be able to see a full list of what’s been accessed, by which app, and when. It should become your first port of call if you suspect any suspicious activity is taking place on your device.

When the feature is released, it will be a great tool to check periodically to help you avoid malicious activity and to make sure your sensitive data remains in the right hands.

In the meantime, if you’d like someone to look over the data permissions on your business’s devices, get in touch.

Your business is losing hundreds of hours to spam

/in , /by


Spam emails. Everyone hates them.

It’s not just the emotional pain of clearing spam from your inbox. Having to do that is a real productivity killer, too.

A recent report found that each one of your employees could be losing up to 80 hours each year, thanks to filtering and deleting spam emails.

That’s a LOT of lost productivity.

Anywhere between 45% and 85% of emails generated each day are spam emails. And worryingly, that also includes malicious emails and those hoping to infect you with malware.

Although we don’t all receive the same number of emails every day, the hours lost to filtering them out adds up.

If one of your employees gets 30 external emails a day, they’d get around 30 spam emails each week. That would work out to around 5 hours each year wasted on sorting through and deleting them.

For an employee who gets up to 60 emails a day, it would be an average of 11 hours a year wasted.

And for someone who gets more than 100 emails each day, you’re looking at around 80 hours of productivity lost to filtering emails each year.

Now add that up for each one of your team and you could be looking at a big number.

Not only that, but since a proportion of these emails will be phishing attempts (that’s where the sender wants you to take an action that will secretly give them access to sensitive data), it’s also a big risk to your data security too.

Of course, there are a few things you can do to cut down the time spent on dealing with spam emails. The first is to make use of the spam and junk email filters available from your email service.

You may also consider bringing in dedicated anti-spam and anti-phishing tools.

Finally, you can make your people aware of the risks of spam, how to spot spam emails, and the best way to deal with it to save time and minimise the risk of malware or a data breach.

If that kind of training is something you’d like some help with, get in touch.