Stay on top of the Latest IT Tips and Suggestions with this Selection of Blog Posts from BCS

When can you finally forget your password?

/in , , /by

Passkeys are set to take over from traditional passwords to give us a safer, more secure way of logging into our online accounts.

That will be a major step forward for online security, and it’s gathering pace quickly with more and more big names adopting the technology. So how long will it be before we finally wave goodbye to the password?

This new tech has long been supported by the FIDO alliance – an organization of big tech companies including Apple, Google, and Microsoft – in the hope that it could eventually kill off passwords completely.

These megabrands are already rolling out passkeys on some of their applications. But now some of the big names in password management software are getting in on the act, too, which is likely to speed things up even further.

Passkeys work by creating and storing credentials on your phone, which only you can access. These are called private keys and they’re authenticated by the biometrics you use to log in to that device – your fingerprint, or your phone’s facial recognition system.

When you log into an account, the site will create a public key which then requests your private key. Your matching passkey gives you access to your account, just like a password.

Password managers let you create and store complex passwords, meaning you always have a strong, unique and unguessable password for every site.

But the adoption of passkeys by a growing number of traditional password managers is likely to accelerate the move.

We’ve spent years implementing strong passwords. Will we miss them when they’re gone? Probably not…

Any move towards stronger security is always welcome and we don’t think it will be too long before most online accounts are using passkeys.

If you’d like any help to keep your business secure in 2023, get in touch.

Are your people Christmas shopping from work?

/in , , /by


Almost half of people with social media accounts have admitted to falling for shopping scams. So if members of your team are doing a little last minute Christmas shopping from work, how can you be sure your business is protected?

New research shows that a massive 47% of people have clicked on links hoping to get a great deal, and instead ended up giving financial and personal details to cyber criminals.

That could mean they’re not only putting their own data and money at risk, but your device – and even your network – could be exposed, too.

It’s not just shopping scams that are fooling people online. Phishing links have tricked 36% of people into revealing personal data. Phishing is where you get an email that seems to be from a person or brand you trust, but it’s not.

The same number have fallen for gift card scams – that’s where criminals gain victims’ trust and persuade them to buy gift cards or online vouchers.

If an employee clicks a malicious link or downloads an infected file using their work device, the results for a business can be devastating. The risks go beyond the loss of data and reputation. The cost of downtime while you get going again is enough to put many people out of business for good.

So how can you protect your business against this kind of scam – right now, and throughout the year?

As well as having the right cyber security tools in place – such as firewalls, antivirus software, and strong password management – you should stay focused on training your people. Because your best line of defense is a team that recognizes a threat when they see one.

Make sure they’re aware of the latest scams, and that they know the warning signs to look out for. Advise everyone to check that links are genuine, websites are the real deal, and be suspicious of offers that look too good to be true.

And have a strong plan in place that kicks in the moment a security breach is spotted. Employees should all know to report any incidents immediately, and who they should inform. Acting quickly often lessens the impact of a data breach and makes it faster and less expensive to fix.

As always, if you’d like further help or advice, get in touch.

Why you will not be fine on this Cloud9

/in , , /by

We go to a lot of effort working to protect our clients from online security threats. These could come in the form of key loggers that record you as you enter your login information, or DDoS (Distributed Denial of Service) attacks, which overwhelm a service with fake traffic, causing it to crash.

As part of our service, we always advise our clients to install software updates as soon as they become available, and support them through the process where they need help.

But if you visit a website that asks you to install an Adobe Flash update… STOP!

Flash itself was actually discontinued in 2020 and is no longer supported, so you should assume that any Flash update messages will be a security threat.

Currently, fake Flash messages are being used as a cover for a new ‘botnet’ campaign that installs a malicious browser extension, called Cloud9. If you use Google Chrome or Microsoft Edge you could be a target.

A botnet forms a group of infected devices that are controlled as one, without the owners’ knowledge, stealing sensitive data, sending spam, or performing DDoS attacks.

Worse still, the Cloud9 botnet will attempt to install additional malware to your device or network if it’s not stopped in time.

This type of attack is hard to spot because it looks like a genuine request, and just about anyone can become a target.

But there are things you can do to protect your business.

First, make everyone aware of the threat. If your people know what to look out for it’s less likely they’ll install the update in the first place.

Next, make sure everyone’s running the latest version of their browser and that security software is up to date.

Finally, enable Enhanced Protection in your browser’s Privacy and Security settings. This will give you a warning if you stumble upon a risky website or download.

We can help you keep your business protected from cyber criminals. Just get in touch.

Published with permission from Your Tech Updates.

Are you losing hours each week setting up video calls?

/in , , , , /by

You could be losing a full-time working week for every member of your team, thanks to the hassle of setting up video calls.

Video conferencing has revolutionized team meetings, and saves a huge amount of travel time. But we’re still not getting the full benefit from the new technology, according to new research.

Employees aged between 18 and 24 take up to 10 minutes to get set up for each remote meeting.

Times that by a typical five meetings a week, and it’s suddenly lost you 40 hours every year. That’s a whole working week of wasted time – a figure that gets even higher when you look at older age brackets.

It isn’t necessarily a result of differing technological know-how. The research shows that employees blame the tech itself for the loss of productivity.

Almost a third of people said they didn’t have the right tools for the job, and 23% even said they felt excluded from remote meetings thanks to inadequate tech.

Employees often feel that the audio-visual (AV) technology they’re provided for remote and hybrid working simply isn’t up to the job. That means poor microphones that don’t play ball, jittery webcams that interfere with communication, or the wrong choice of video calling software. All that makes meetings harder to set up and causes them to take longer than they should.

Despite this, businesses that offer remote and hybrid working are reaping the rewards in many other areas, including staff engagement and performance.

But there is a solution.

Assess your employees’ AV technology to make sure their tools are not slowing them down – new webcams and microphones could be a cheap and simple fix.

It’s also a good idea to ask your employees to find out where they see that problems are occurring. If they are finding your existing system difficult to use, or slow to log in to, you should consider alternative options or better training.

If this is something that’s slowing you down, we can help – just get in touch.

Published with permission from Your Tech Updates.

Don’t walk the plank with pirated software

/in , , /by

A huge number of small and medium-sized businesses would consider using pirated software to try and save money. A new study has revealed a surprising number of businesses willing to break the law to save costs. Our advice? Think twice before you walk the plank.

Right now, the most popular types of pirated software are project management tools, and marketing and sales software. But a huge 56% of business owners said they’d even think about using illegal cyber security software in an effort to cut costs.

Don’t do it.

Not only is pirated software unsupported – so if you have a problem with it (which you probably will) there’s no help available to rectify the issue – but it can open your business up to bigger problems too.

It’s common for cyber criminals to use pirated software to distribute malware. Some of this is designed to evade firewalls, which means once installed, it can spread malicious files beyond your device to your entire network. That can lead to your sensitive data being compromised or stolen.

The cost of putting things right after this kind of cyber attack can end up costing a fortune, and the pirated software can damage your devices by causing them to slow down or overheat.

We advise our clients to always use genuine software from a reputable source. If the cost of the software seems too good to be true… it probably is.

But there’s more you can do. You should prevent unauthorized employees from downloading software that could be harmful by managing admin rights properly. And you should ensure your whole team has regular cyber security awareness training to make everyone aware of the risks to your business data.

If you’d like help finding genuine software for your business, or creating a cyber security plan, just get in touch.

Published with permission from Your Tech Updates.

None of your team would fall for this trick… would they?

/in , , , /by


Cyber criminals have a reputation for constantly coming up with new ways to scam us into handing over login details or sensitive data.

And while you might think your team would spot an attempted attack, you could be surprised. We’ve seen a lot of intelligent people – including many business leaders – caught out over the years.

One of the latest scams is very retro… and that seems to be why people are falling for it.

Cyber criminals have gone back to basics. They’re sending USB drives in the post.

The packaging and branding on the drives suggests they’re from Microsoft (they are not).

The story is there’s an updated version of Microsoft Office Professional Plus on the drive and it needs to be installed straightaway.

Of course, this is a complete lie. Microsoft has confirmed that these packages aren’t genuine. It’s warning people it would never send out unsolicited packages.

If you plug the drive into your computer, it will detect a “virus” and ask you to call a support line.

The scammers at the other end will pretend to remove the virus, gaining your trust. And then they’ll ask for payment details to help complete your subscription setup.

It’s old fashioned, but we can see how the mixture of the physical USB, the belief it’s from Microsoft and the fake support line would be compelling for someone who’s busy and just wants to get back to work.

We’re expecting elaborate, clever attacks through our email. Our guard is down with this mix of events.

Play it safe and warn everyone in your business about this scam.

This is also a good time to review the software and staff training you use to protect your business.

You need the right combination of the two… we can help with that. Get in touch.

Published with permission from Your Tech Updates.

Passkeys could improve the way you work

/in , , /by


Back in May, we heard there would soon be a successor to the password – the Passkey.

Now, we’re hearing that Apple will start rolling out Passkeys in the next few months in iOS 16. And we’re excited.

Though it’s caused a bit of confusion. Apple is going to great lengths to market the Passkey, and understandably, people have assumed that it’s a feature exclusive to Apple.

That’s not the case.

In fact, Passkeys will be used in a joint effort to boost online security by Apple, Microsoft and Google. The reason Apple is promoting this new feature so hard is to get the message out there.

Microsoft and Google are also keen to spread the word so that people understand how Passkeys work.

The more people take advantage of Passkeys, the safer our businesses are online.

Passkeys – otherwise known as FIDO authentication – work by letting you log into an app or website with just your username and your pre-authenticated device, most probably your phone.

Your device generates a cryptographic token, which makes the second part of a cryptographic key pair. When the pair matches, you’re allowed access to the app or website.

What that means in practice is when you’re logging in, you just use your phone to prove its really you. You’ll just unlock it using your face, fingerprint or PIN.

So long as your phone is within Bluetooth range of your computer it will work.

And without needing a password… bliss…

It’s a far more secure way to access apps and keep your accounts safe from cyber criminals. You never see your cryptographic token, so it takes away a lot of the danger of having your login credentials stolen.

Cyber criminals will be unable to use their normal tactics – such phishing emails, brute force attacks, or key loggers – to steal your credentials.

They’ll need your physical device, making remote hacking much less likely.

If you use Windows Hello, you’ll see that Passkeys are already supported. And it won’t be long until all three tech giants roll out support across their entire product range.

Before then, if you’d like any help or advice on keeping your apps and accounts safer, just give us a call.

See if your email has been stolen

/in , , /by

Find out if your business is being targeted by hackers.

Using this tool you can see if your e-mail or phone number has been compromised.

Make sure to enter your mobile number in international format, such as 14841234567.

This is powered by Have I Been Pwned.

If your data has been compromised, it’s possible cyber criminals have used it to attempt to access your systems.

Please contact a cyber security specialist immediately. We can help.

Watch how easily your business can be hacked

/in , , /by

Hacking and phishing scams are easily the greatest threats to your IT systems. In this week’s video series, we show you the perspective of both the hacker and a victim’s business.

Using the help of an ethical hacker, this first video shows how easy it is to encrypt your data and demand a ransom.

The second video shows how a login portal can trick you into giving up your own login credentials.

In the final video our ethical hacker exploits an operating system that hasn’t been updated.

We hope these videos have helped you understand how easily your IT systems can be compromised. Without the proper training, software, or resources, a hacker can ruin your business. Get in touch for a consultation of your business and its IT security.

Read this to avoid phishing scams

/in , , /by

Phishing scams are one of the biggest security threats to your business right now.

A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.

But to make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into taking action and giving away their login details.

This new kind of phishing attack begins like most others.

You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked.

You’re then asked to click a link to verify your email address and password.

That’s worrying enough, right?

But what makes this phishing attack even more dangerous, is the countdown timer that appears on screen.

Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends, otherwise your account will be deleted.

Yes, deleted! That catches a lot of people’s attention.

This is a powerful manipulation tactic designed to scare people into taking immediate action – and think later.

In reality, if that countdown hits zero nothing will happen. But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is the real deal or not.

The page you’re entering your details on is fake. Criminals will steal your details and login to your real account. That’s a major problem you don’t ever want your business to face.

You’ll be at risk of data theft, financial loss, or malware, as well as potentially putting other accounts at risk (if you’ve reused your password).

Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.

Here are some basic phishing protections for you and your team.

Look at the email address the email was sent from. Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.

If you think you’ve fallen for this kind of scam, it’s important you change your login details immediately. Don’t click a link in an email – type in the website address in your browser.

We’d also recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have.

It will store these passwords for you. And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).

Share this article with your whole team right now. And if anyone ever clicks a link they’re not sure about, ask us how to keep your business safe.