Posted on Leave a comment

How to Secure Microsoft 365 for Remote Working

secure Microsoft 365 graphic

It seems that remote working won’t go away after the pandemic passes. In fact, organisations in most industries are working towards making it a permanent and viable option. 

Large enterprises and corporations like Facebook and Google plan to keep the model for a while. While others like Twitter, Slack, and Zillow decided to allow (most or all of) their employees to work from home permanently. Their decision-making points towards the likeliness of remote work becoming a permanent option in most companies.  

SMBs looking to secure work from home 

According to Intermedia’s survey, small to medium business owners believe the remote work model will stay permanently. The survey indicates there is an overwhelming preference in keeping remote work as a long-term option. With 57% of SMB owners stating that employee availability and life and job satisfaction have increased, and citing a drop in overhead costs as a benefit that enabled them to stay afloat during lockdowns. 

Those SMBs deciding to embrace the model are in the midst of preparations to make remote work permanent. 

The Microsoft 365 suite is heavily used among SMBs, as their subscription model offers industry-leading functionality at a reasonable price. With access to security and operational features previously available only to enterprises, Microsoft 365 also includes cloud-based services that can be used from anywhere. Making the suite a perfect choice for work-from-home teams. 

Compliance remains a core concern for work-from-home protection

Remote work comes with a new set of risks, especially for cybersecurity. Compliance acts and regulations don’t differentiate between in-office and remote work. 

They require that you have secure working-from-home policies for sensitive information and data, and that you secure staff when working from home. 

The most common regulations to comply with include: 

  • Health Insurance Portability and Accountability Act (HIPAA) for businesses offering health services 
  • EU’s General Data Protection Regulation (GDPR) for all businesses processing and handling personal data from EU citizens
  • California Consumer Privacy Act (CCPA) for all California-based businesses and those doing business in California
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) for everyone handling personal data from Canadian citizens

These acts require you to comply with Information Security Management Systems (ISMS) standards, most notably the ISO/IEC 27000 series, as well as the Payment Card Industry (PCI) Data Security Standard (DSS) for those who take card payments online. 

SMBs often struggle with acquiring the right security solutions because the budgets are low. 

Remote work and software spending

The graph below shows how expectations on software spending have changed from March to May 2020. 

As the impact of the pandemic stopped being an unknown variable, respondents have revised their expectations on spending, which is indicated by less spending than initially expected. 

Statistic: COVID-19 impact on software spending worldwide 2020 (Survey results comparison: March, April & May) | Statista
Find more statistics at Statista

While the highest percentage of respondents (40%) initially stated they will increase their spending on software, in May, 44% reported there were no changes compared to spending during the previous year. 

And while the overall spending seems to stay the same, there are big shifts on what type of software the funds are allocated to. 

Statistic: Where are businesses increasing software spending? | Statista
Find more statistics at Statista

With working from home being the new norm, conferencing takes the lead, followed by collaboration, remote desktop tools, and security software. 

Work-from-home protection is an important concern for SMBs, and as the newest data from Microsoft shows, everyone is trying to speed up their cybersecurity digital transformation. 

So how can you protect all the Microsoft 365 documents and communication that you work with daily when everyone is using different networks and devices to access it?

How to protect Microsoft 365 when working from home

In our experience, the most efficient option to cover both of these is to use Advanced Microsoft Information Protection (MIP), as it has the best cost-benefit ratio. 

Microsoft Information Protection uses built-in capabilities from Microsoft Office 365 and Windows 10, as well as additional solutions provided by Microsoft, to secure Microsoft 365 and all the digital information and data you work with in your business across the whole playing field: in the cloud by using Cloud App Security, as well as on devices and on premises. 

It allows you to detect sensitive information and locate where it’s currently stored, secure documents as soon as they are created, and even ensure that you dispose of them in a secure manner. 

What Microsoft Information Protection can do for SMBs: 

  • It will secure Microsoft 365 apps and services you use and all your business information from leakage.
  • It blocks malicious actors from access, and doesn’t allow access to untrusted actors.
  • The automatic classification protects all documents based on the criteria, trigger words, and phrases you set up. 
  • It actively tracks data through its lifecycle and gives you insight into who has access to data and a log of who accesses it and what they are doing with it.
  • It helps your employees stay productive and learn about working from home best practices. The system will suggest labels and teach them how to use and apply them correctly. 
  • It gives you overview over information flow, with valuable insight on patterns of data usage inside of your organisation. 
  • This allows to spot anomalies in data usage and access, enabling quick detection of potentially harmful actions by actors or malicious software.
  • It keeps all data secure even when sharing with vendors and third parties by not allowing forwarding, downloading, or copying information shared with them.

Such capabilities extend beyond securing your data – it also keeps your staff secure from making errors while handling data, and all the vendors you work with by not allowing them to forward any information you share with them further. 

Once set up, you’ll have a system that performs well in the cloud, covering the need to secure remote working, but on premises too, once you decide to go back into the office. 

See MIP in action with our email demo video here:

Why you need to secure Microsoft 365 for remote working

When you secure Office 365, you and your team can do remote work securely and are saving time and money. But that’s only one benefit of using such an extensive system: 

  • No changes in workload: The automatic classification and encryption of all documents you work on and share with remote staff, contractors, and other third parties means there is no need to increase workload for your staff and spending time on complex manual security checks that they need to learn to apply. 
  • You will secure Microsoft Office through compliance: Classification and encryption executes on the cloud level too and protects against human error, one of the most common reasons behind data leaks. Securing Microsoft 365 for remote working also helps you be compliant with all regulations. 
  • Security travels: The cloud-based protection extends beyond business devices – the protection remains with documents and data and travels with them, ensuring they are secure even if they end up in the wrong hands. 

Secure external consultant documents for Microsoft 365

Working with external consultants increases risk of data leakage and breach, since you are relying on them to practice good cybersecurity. 

Instead of hoping they are doing a good job, you can secure Microsoft 365 documents sent to and used by external consultants through MIP. With auto classification, the options for downloads and further sharing will be disabled, ensuring the data can never be accessed by anyone but your external consultants. 

Secure internal sensitive and confidential information when working from home

Secure Microsoft 365 data with MIP’s extensive labeling and trigger system based on labels. You can classify all information into specific categories, and set up sensitivity labels for each of those categories. 

The trigger system activates based on the rules you set up. For each rule, there is a condition that must be met in order to trigger the second part, the action, something that will happen automatically when the condition is matched. 

For example, when a user without permission tries to access a sensitive document, the rule sends an email to the user and administrator of your system about the incident. 

Whenever someone creates a new document, no matter where within your organisation, it will automatically be protected based on the category and labels applied to that type of document. 

These labels are document-based, meaning they persist with it and are transferred anywhere the document ends up. If the document ends up being in an insecure environment, your security policies will continue being enforced, and won’t allow usage by anyone who isn’t a trusted source. 

The system allows you to track all data and documents as it moves through and outside of your organisation. In case you ever suspect foul play, you will be able to revoke access to the document, rendering it useless to anyone who is trying to get it. 

In such cases, the MIP can, based on your setup, respond with a real-time email alert, or a report on the dashboard.

Microsoft Information Protection includes Data Loss Prevention (DLP) capabilities, with policies against accidental sharing. With it, you can also label documents for information retention, set an expiry time and apply deletion policies that will execute automatically when requirements are met. 

Secure email communication when working remotely

The labeling system goes beyond Office apps, and you can secure Microsoft Outlook in the form of Office 365 Message Encryption. 

It allows you to classify and secure email messages as well. When labeled, the policies for that specific label will be applied to the email. This includes policies such as: 

  • Encryption
  • Watermarks
  • Access restriction
  • Disabling forwarding

The label that is applied will persist with the email and keep security policies on the email even when it leaves your organisation. It helps employees work from home securely by preventing phishing attacks and disclosing information accidentally. 

Secure BYOD for remote working

By having online-only work, your employees will use a number of devices to access business data, like Windows and Mac OS machines and mobile devices. A comprehensive security suite such as Microsoft Information Protection has encrypting standards that will work on all of them. 

If you’re unsure on the right way to secure BYOD for remote working and set up policies, we can discuss other ways of working with BYOD. For example, we offer Windows Information Protection setup services that secure employee-owned devices from data leakage and other security incidents. 

The MIP setup takes time and IT knowledge

Microsoft Information Protection is definitely an all-encompassing solution that addresses the risks of remote work well. It secures access to sensitive data and documents, grants permissions to the right stakeholders, and ensures all your business data is safe even if it’s somehow accessed without authorisation. 

But there is a downside to it: It takes a lot of time to set up such an extensive system for someone who never had to deal with it. Even if you have an IT professional on your team, chances are, they will need to ask for help. Only those with knowledge in Active Directory, a good comprehension of Microsoft licensing, and previous experience with Microsoft or Azure Information Protection itself can set it up. 

One error in permissions and labeling, and you can lock yourself out from your own documents, even if you are the admin. Or if you miss it during setup, the system might not flag important documents correctly, making them easily accessible by someone without permission.

Learn more about how we can help here:

Advanced Office 365 Security for Remote Working

Professional setup saves time and money

Towerwatch has many years of real-world experience with encryption. We have been working with Microsoft Information Protection and setting up automatic encryption protocols for global brands even back when MIP was still known as Azure Information Protection. 

Now you can rest easy knowing it’s set up properly and that all documents and communications are secure. You will efficiently eliminate the risk of costly mistakes that could result in regulation breach fines or loss of customers. 

To find out more about how we can secure your business operations with a future-proof cloud-based solution that will continue working even if you decide to go back into office, book a consultation with Microsoft Global Professionals for MIP, and our initial session HERE

Our initial session is priced at £250, and for this investment, you will not just cover the session cost, but also get a comprehensive overview of the current state of your cybersecurity solution and work-from-home compliance status. When you decide to move forward to the next stage, this investment will also be deducted from the project fee. 

Book your initial session HERE.

Posted on Leave a comment

The Importance of IT and Cybersecurity in Hospitality

cybersecurity in hospitality

Hospitality businesses are at a higher risk of suffering a data breach because of the nature of the industry. 

The most recent case that made rounds is the massive data breach Marriott International suffered, especially because the breach has remained undetected for over 3 years. In that time, data such as credit card numbers, home addresses, loyalty points, birth dates, passport numbers, and other valuable information were stolen. 

Imagine something like that happening to your cafe, restaurant, or hotel. 

Could you handle the aftermath of a breach? 

It’s not just about the massive damage payouts. The real aftermath is dealing with the trust that will be damaged beyond repair. 

How safe are your current systems? Are you sure you could deter or detect a breach?  

The high risk of the hospitality industry

Hospitality businesses are a high-value target of malicious intent. The first part of the issue revolves around the characteristics of the industry: 

  • You work in a people-centred industry where competition is fierce. 
  • To succeed, your hospitality business has to stand out from the crowd by providing your customers with the very best service.
  • You also have to deal with a lot of stored sensitive information about your clients. 
  • This data can help you provide a streamlined and personalised experience. Unfortunately, such data is highly valued on the black market, which makes you a prime target to hackers. 

The other part of the problem is your back office: 

  • It’s a highly dynamic industry that requires a centralised system with lots of connection and access points. 
  • Any of these can become a potential point of access.  
  • The turnover rate of hospitality businesses is higher than in other industries. 
  • Any old, forgotten, and inactive accounts from former staff are security threats.

How can IT and cybersecurity solutions help hospitality? 

Hospitality businesses are highly vulnerable to cybersecurity threats. Even large enterprises will succumb to a data breach without advanced cybersecurity solutions. 

Instead of sticking to incident response and passively reporting on a security breach, hospitality businesses have to implement proactive measures that will make a breach unlikely and data unreadable. 

The right IT solution keeps your business efficient and your customer and employee data safe. Our IT and cybersecurity solutions and services will: 

  • Standardise your whole network infrastructure – We can take care of everything – from network hardware installation and setup, to VPN and token solutions.
  • Streamline your operations – This will reduce errors and data mismanagement, and will speed up your whole system. 
  • Encrypt data and documents – While you should aim to avoid a data breach, encryption helps you remain compliant and make data unreadable and unusable in case it does happen. 
  • Report any red flags – Advanced monitoring solutions help detect any irregularities in your database, payment system, or loyalty programs immediately. Your data stays secure, and your services stable.
  • Create and maintain backups – Your whole systems and operations backed up, ready to weather any storm.  
  • Train your staff – Even the best systems remain vulnerable if your staff isn’t up to date on how to use it, or isn’t informed about the latest security threats and policies.
  • Provide ongoing support – From helpdesk and remote support to onsite interventions, we got you covered. 

Responsive IT Support 

We go well beyond simple network setup, optimisation, and one-time security protocol setup.

Cybersecurity is an ongoing task, and TowerWatch Solutions offers ongoing IT support for your hospitality business. 

Our IT support range includes 1st, 2nd, and 3rd line support. No matter what type of IT-related issues you are dealing with, we can help you resolve it quickly and have you up and running in no time. 

  • Your employee lost their password? Our helpdesk will help them retrieve it. 
  • Your POS can’t connect to the network? We can get it up and running remotely. 
  • Your customers can’t order ahead through your app? Our engineers will find the reason as soon as possible. 

Our IT support is available around the clock, and you can choose between: 

  • Helpdesk support – A solution for any minor issues that keep disrupting your daily operations is just a phone call away. Our helpdesk support will quickly resolve POS connection issues, account lockouts, or network drops. 
  • Remote assistance – When you can’t take care of the problem on your own, our IT support agents can quickly resolve minor inconveniences with remote access. 
  • Onsite IT expert and engineer teams – Have issues with hardware or software setup? Your Wi-Fi system is down and routers aren’t responding? No worries. We’ll deploy our onsite IT experts to take care of all your IT worries in no time. 

Already have an in-house IT team? 

Nothing to worry about. Besides 1st to 3rd IT support, we also offer full IT management support. 

We will take care of in-house team hiring, management, and training to keep your team up to date on the latest security practices and threats, and work alongside them and offer a helping hand. 

Let us deal with technicalities so you can stay focused on your customer and the experience you provide. 

Project Implementation 

The IT projects and solutions we implement are all based on the latest technology and security standards. 

The hospitality industry works with high volumes of sensitive data, and our solutions warrant it stays safe – we will make sure all your operations are GDPR-compliant too.

Project implementation preparations

Our experts and engineers have over 10 years of experience in IT management and project implementation. Before we draft a project for your hospitality business, we will take a look at your current setup. 

TowerWatch Solutions will ensure your IT systems can handle your business demands, follow the latest hospitality trends, and battle security threats. 

We can make the project as simple or complex as you need it to be. We can implement a simple backup solution for your current operations, or reinvent your whole IT infrastructure and offer a streamlined digital dining journey. 

Your IT needs should never take the back seat. Today, IT solutions are the driving force of successful hospitality businesses. We can help you with:

  • Implementing full server systems, communications, and platforms. 
  • Physically relocating your sites and helping you open new sites.
  • Moving your physical servers to safer virtual environments.
  • Converting your local data and operations to the cloud.
  • Installing and implementing encryption solutions for your customer data and loyalty programs. 
  • Taking care of GDPR and PCI compliance.
  • Implementing access control measures. 
  • Setting up Backup and Data Loss Prevention (DLP) measures.  

Fully custom solutions, tailored just for you 

Because no two hospitality businesses are alike, we focus on getting to know you first. Your long-term goals become our long-term goals.

When we are familiar with your strengths and weaknesses, we will know how to design an IT system that will emphasise the former and eliminate the latter. 

  • A custom-designed IT system will cover all your needs and provide a streamlined experience to your customers and patrons. 
  • We will implement new hardware, software, and full IT solutions with minimal disruptions to your operations. 

With our IT services, you’ll be ready for rapid expansion and franchising: We will future-proof your IT infrastructure so you can easily open new locations locally, regionally, and globally, and deploy your whole system instantly.

Streamlined Setup 

Do not worry about business disruptions while we implement our IT and security solutions. 

We have streamlined our setup routine so you can continue working without losses in uptime, efficiency, or staff and guest satisfaction. We’ll start with upgrades that are easiest to implement and work our way to the more complex solutions. 

Continue impressing your guests and customers while we update, improve, and optimise your whole IT system with:  

  • Equipment standardisation – Differences in hardware, procedures, and policies across franchises are a common reason for disjointed operations. We will standardise all your equipment. 
  • The best guest Wi-Fi solutions – Your systems are not the only thing that benefits from being connected. Your customers will keep coming back to enjoy not just your services, but also an amazing, lightning-fast, and most importantly, secure Wi-Fi in any of your establishments. 
  • Cloud solutions that sync across your whole franchise – No matter how many locations you have, relocating your operations to the cloud will allow your staff to work efficiently from any branch and sync data across all your locations.
  • Active network monitoring – Proactive approach to possible issues is the only way to deal with them before they become serious. Our IT solutions can monitor your whole infrastructure and network, and alert our IT support in case of irregularities. 
  • GDPR compliance implementation – Unsure about GDPR compliance and worried about possible legal risks? We got you covered here too. 

TowerWatch Solutions is your one-stop shop for implementing cybersecurity and IT systems that will make you fully compliant with the GDPR. 

Our compliance strategy includes data mapping and auditing. We will uncover where your data is stored and review all your software for possible security gaps. 

We will implement security measures such as system monitoring and advanced data encryption to keep data safe.  

  • PCI compliance implementation – PCI compliance helps you protect your customer’s credit card data and reduce fraud attempts. By making sure your new IT setup is compliant with PCI DSS standards, your customers and guests will know you place the highest emphasis on their security. 
  • Future-proofing – Our IT solutions ensure your systems are future-proof and you won’t have to worry about substantial investments down the line. When you migrate your operations to virtual environments and the cloud, all the updates are handled by the provider, guaranteeing your systems are always up to date and safe.  

Your IT security is only as good as its weakest link. Unintended data disclosure can easily be prevented with the right staff training. Leave it to us to teach them how to use the newly implemented systems and foster a culture of security. 

Consultancy & Research 

Are you opening a new restaurant and want a good IT infrastructure right away?  Or are you an established franchise that could use some updating in the IT department, but you’re not sure where to start? 

Start by consulting with our experts 

TowerWatch Solutions offers consulting services on hospitality IT systems and cybersecurity. We’ll help you plan out every detail of IT system implementation and assist your in-house IT teams on every step of the way. 

No in-house teams? No problem. We can manage your IT projects on our own too. 

If you are more comfortable with having in-house IT experts, we also provide consulting on IT Training and Recruitment. We can help you set up, recruit, and train an in-house IT team for you. We can set up, manage, and recruit new members to your team. 

Our dedicated IT experts and engineers will help you with a boost of specialised knowledge right where you need it:  

  • IT project management – From implementing ePOS systems to handling guest Wi-Fi options, we’ll help you manage the whole project.  We consult you on the best ways to implement it, and what the needed security measures and best practices are.
  • IT security requirements – We can help you and your team set up staff authentication, BYOD policies, GDPR, and PCI compliance, and consult you on the latest industry standards. 
  • Data safety and recovery options – Our experts will be happy to explain all the solutions you can implement to prevent data leaks and losses and help you pick the best mix of options. Learn about:
    • Differences between backup solutions
    • The importance of business continuity strategies
    • How data loss prevention (DLP) works 
    • What disaster recovery options would be best for you
  • Cloud computing solutions – We’ll guide you through possible cloud computing options and advise you on the one best suited to your particular needs, be it private, public, or hybrid. 
  • Migration services – We can help you move your data and operations from one location to another, or to a virtual environment. We will also ensure that any risks – privacy, security, and data access – are eliminated in the process.  

Overall…

Hospitality is an industry that handles huge amounts of sensitive data on customers, guests, and patrons. Hospitality cybersecurity is more important than ever before. As a restaurant, cafe, or hotel owner, it’s your responsibility to keep their data safe. 

How up to date is your current IT setup? Have you taken care of your GDPR compliance? Do you know who has access to sensitive data? 

Here are some of the latest facts and figures on hospitality data breaches, and just how much damage they can do: 

  • Restaurant group Earl Enterprises data breach from May 2018 to March 2019
    • Data affected: Over 2 million credit card numbers were stolen
    • Attack vector: Malware on their POS system
    • Brands affected: Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria
    • Damages paid: Unknown
    • The company launched a website so guests can check whether their details were stolen.
  • RMH franchise security breach in 2018
    • Data affected: Guests’ names, credit or debit card numbers, expiration dates, and card verifications codes
    • Attack vector: Unauthorised software placed on the POS system
    • Brands affected: 167 Applebee’s restaurants
    • Damages paid: Unknown
  • Wendy’s data breach of 2015 and 2016
    • Data affected: Name, card number, expiration date, security, and service codes, and other payment card-related information.
    • Attack vector: Malware on POS system
    • Brands affected: Wendy’s restaurants
    • Damages paid: $50 million
  • Dunkin’ Donuts data breach
    • Data affected: Usernames and passwords for loyalty programs
    • Attack vector: Third-party breach
    • Brands affected: Dunkin’ Donuts
    • Damages paid: Unknown
  • Hilton Hotels data breach of 2014 and 2015
    • Data affected: Credit card numbers, names, addresses
    • Attack vector: Cash register computers
    • Brands affected: Hilton Hotels
    • Damages paid: $700,000
  • Marriott data breach: The biggest breach up to date
    • Data affected: 500 million customers’ information, including names, addresses, phone numbers, email addresses, passport numbers, account info, birth dates, gender, and arrival/departure information
    • Attack vector: Unauthorised access to the hotel database
    • Brands affected: Ritz-Carlton, St. Regis, JW Marriott, W Hotels, Sheraton, Delta Hotels, Le MERIDIEN, Westin, Renaissance Hotels, Four Points, SpringHill Suites, Fairfield Inn, Residence Inn.  
    • Damages to pay: $915 million GDPR 

Digital technology and data safety have become an integral part of the hospitality and dining experience. 

How IT Solutions Influence the Dining Journey

Technology is affecting the hospitality industry, and those who don’t embrace IT solutions are bound to fall behind fast. 

According to the Windstream Enterprise-BRP Consulting digital restaurant study that focused on preferences of Millennials and Gen Z, shows that digital technology affects the hospitality sector, particularly restaurants, quite a lot. 

Here are some of their most interesting finds: 

  • 74% find that ease of ordering and payment is extremely important.
    • only 45% of restaurants have excellent execution for this preference
  • 60% place importance into Wi-Fi availability 
    • only 44% of restaurants have a good solution in place 
  • 42% actively look for contactless and mobile payment availability
    • only 33% of restaurants have it 
  • 41% look for mobile and web order ahead options
    • only 26% of restaurants offer a good solution

The following infographic by Deloitte from 2016 shows just how important technology has become in hospitality:

Source

Some key findings include the fact that 40% of people prefer to order online, and when technology is used to place orders, customers will spend an extra 20% on an average per visit.   

The findings clearly show that the customer journey and experiences are heavily influenced by the convenience of new tech solutions. The only way forward for your business is to implement IT solutions that will be convenient but also safe. 

Do you have the right IT solutions in place? Get in touch to see how we can help you streamline, boost customers with technology projects, and improve your security.

Posted on

Five Ways to Avoid Hotel Phishing Scams

Seeing headlines about yet another hotel hacked have become commonplace and statistics are looking grim. A staggering 64% of US citizens have already had to deal with stolen data. Hotel phishing has become way too common.

Hotels are the perfect targets due to the amount of sensitive data they are processing each day and the tech they are using. Lots of high profile breaches that have happened lately signal that many of them do not have the right cybersecurity solutions in place. 

Hotel phishing scams are a common attack, and Verizon’s 2019 data breach report shows that out of all the data breaches detected, 32% involved phishing. 

What’s even more worrisome, 56% of those breaches weren’t discovered for months

Avoiding attempts of such scams is impossible, but lowering the risk of becoming a victim is. Here are five ways to detect and avoid phishing scams.  

#1 Staff Training 

Hotels often skip cybersecurity training because they wish to invest in other areas, yet a single successful phishing scam can lead to a breach that will tank their reputation and customer trust, which results in high fines.

Because emails are the primary trajectory attackers are using for their hotel phishing scams, it’s important that your employees are able to recognise such scam attempts right away. 

A single click is enough to infect the system. The same report from Verizon gives insight that internal actors were responsible for 34% of breaches. Every misclick will result in having your hotel hacked again and again.  

Cybersecurity training for the hotel staff must be a top priority. 

When staff members know how to detect a suspicious email, check the sender and double-check all domain names, the risk of them clicking on it becomes considerably lower. 

#2 Have an External Mail Warning System 

Creating a hotel phishing email is easier than ever, as people are more than willing to share their personal information online.

A well-constructed phishing email can look like a genuine company email from a well-known staff member.

An external email warning system helps identify suspicious emails by displaying a warning when the email originates from an external source. 

This will prompt the staff to double-check the sender and the actual address before opening the mail or clicking the link and report the suspicious email to the IT office. 

#3 Implement a Sandbox

Sandbox in IT is basically a completely isolated environment that fools malicious code into thinking it got access to actual systems. 

Sandboxes are used to test links and attachments and execute them without risking the security of your network. 

If the system detects malicious code or link, it will show a warning and remove the attachment/link so the user and systems stay safe. 

#4 Keep Your Network Secure 

Have antivirus, antispyware, and malware software on your network and all devices, as well as commercial firewalls. 

Keeping your main network inaccessible to outside devices will reduce the vectors of attack.

Have a different network for your guests, and keep all personal IT devices from your staff on a separate network too. 

#5 Stay Informed About Phishing Techniques & Have Procedures In Place

New phishing scams appear all the time, so make sure your IT department follows all new developments closely.  Ask them to regularly send internal newsletters on threats and distribute them to everyone.

Plus, make sure you have strict procedures in place when it comes to payments and authorising new transactions. For example, change of details must be confirmed by a vendor over the phone (rather than email), requests for money are escalated to a higher management level, and links aren’t clicked on unless they are expected.

Hotels Must Be Hypervigilant

The reason why so many hotels fall victim to hotel phishing attacks is the lack of updates to their systems, operations, and standards. 

When coupled with lack of staff training and monitoring solutions, a data breach might already be in progress without them having the slightest clue about it.

Posted on

Steps To Respond To a Ransomware Attack

steps after a ransomware attack

Cybersecurity is an important topic for any business now. In the last 12 months, 32% of businesses experienced some sort of cyber attack or data breach. That means that every third business had to deal with a cyber-attack, according to the Cyber Security Breaches Survey 2019 by the UK Department for Digital, Culture, Media, and Sport. It goes without saying that every business should prepare for a ransomware attack and other types of cyber-attacks.

Keeping your assets secure against cyberthreats needs much more than installing firewalls and anti-virus software. Today’s cyber threats are sophisticated and use every possible loophole in your security settings to get access.While there are different types of attacks, ransomware is one of the most malicious attacks businesses have to deal with. 

What’s a Ransomware Attack? 

Ransomware is a type of attack where malicious software (malware) takes over a computer or whole systems and denies any type of access until you pay a ransom. The ransom demand usually requires payment in cryptocurrency like Bitcoin, as it’s impossible to trace it. 

It is one of the most dangerous types of attacks, as it can stop a business dead in its tracks. In case the ransom is not paid, all data will be deleted from the system. 

This is bad enough if it happens to an individual. Imagine this happening to your company – you will lose all business and operational data, and you’ll have to start all over again. Some businesses never recover.

Preparing for a Ransomware Attack

The bad news with ransomware attacks? It can happen to anyone, and once it does, there’s not much you can do. 

But you can prepare for it. Here’s how: 

Data backup should be your number one priority.

It can save you thousands and millions, but it has to be done right by protecting your data storage properly. Ransomware attacks are carefully executed and attackers will often have access to your systems for months before they attack. 

Why? Because they want to make sure they hijack everything, including any possible backups you might have. 

This is why you should keep backups on another location. It would be best to have backups in the cloud but also have at least one backup offline – completely disconnected from any network – as even cloud backups can sometimes be affected.  

Make sure IT keeps all systems and software up to date.

Although updates are often a hassle, they exist for a reason. Most updates are released to take care of security vulnerabilities. When software and operating systems are not updated, you are basically inviting hackers to access your systems. Your IT department should ensure every device is up to date. 

Start implementing user restrictions.

Not all of your employees need access to all your data. Ask your IT provider to implement user restrictions so that your employees have access only to data they need. In case they need more, they can request special and temporary access that is revoked as soon as they don’t need it anymore. This way, in case their accounts are compromised, the breach will be limited. 

Invest in monitoring software. 

You can get powerful software solutions that can monitor your whole systems for suspicious activity. This goes beyond the regular antivirus monitoring – it can monitor what users are doing, what data they are accessing, and alert you in case something is out of the ordinary. 

Don’t forget about employee training.

No matter what type of security software and solutions you utilise, if your employees are not aware of best practices on cybersecurity, you’re always just one bad click away from a ransomware attack. Make sure your employees know how to spot suspicious email, and know that they should never click on the links in such emails or download attachments.  

Work on your BYOD policies.

Many businesses, especially small- and medium-sized ones, often allow employees to bring their own devices (BYOD) to work. Without a good policy in place, however, this becomes a security issue. 

If an employee brings an infected device and connects it to the same network, you’re looking at a possible spread of infection – and ransomware – to all other devices and the whole system. Because of this, any device connecting to your system should be up to date, have antivirus software, and be cleared by the IT department regularly. This goes for smartphones too.

First Steps After a Ransomware Attack 

1. Take a photo of the note

This will help the IT determine what type of ransomware you’re dealing with. 

2. Determine the extent of the attack 

Your IT provider should be able to determine whether the ransomware has infected a single device, or if the infection is spreading through your network.

3. Isolate infected devices and disable sharing

All infected devices should be removed from the network to stop the spread. Any type of sharing that’s active should be shut off immediately. 

4. Notify employees

Send an email to all employees so that they can report whether their devices are working. Those who can work can continue, but those affected can help in other areas while IT deals with the issue. 

5. Let IT remove ransomware from infected devices 

IT should scrub the devices that were infected completely. Sometimes, a local backup on the device can solve the issue, but oftentimes, even that will be unavailable. 

6. Restore data from backups

Once you reinstall the operating systems, your IT can restore data on affected devices from a cloud or offline backup.

To Pay or Not to Pay? 

If you’re not prepared and have no backups, you might be tempted to pay. Take this year’s ransomware attack on the City of Baltimore’s government. Their systems were infected by ransomware that stopped numerous important systems: ATMs, airports, even hospitals. 

The attackers demanded the city pays about $76,000 in Bitcoin. The city refused to pay, only to realise many of their systems weren’t backed up. They lost huge amounts of data, and the attack ended up costing them $18 million

It seems that in the case of Baltimore, it would have been much better if they simply paid the ransom. Well, not really. 

Why? 

You’re dealing with criminals. Even if the city paid the ransom, there’s no guarantee that they would have gotten the access back. If they did, they would have become a prime target for future attacks too, since they paid the ransom already. This is why it’s so important to prepare – it will minimise damages.

Conclusion

Everyone’s at risk of a ransomware attack. Preventing it is next to impossible, but preparing for it is more than possible. Your IT provider should back up your data regularly, and you should make sure your employees know how to spot suspicious phishing attacks. When you prepare for a ransomware attack properly, you can minimise the impact of such an attack and save you from monetary and reputation damage. 

Posted on

The Link Between Unpatched Machines, Ransomware, and Data Breach Threats Increase Threat Severity for Businesses

cyber landscape report

Boardish has released a cyber landscape report that summarises the latest changes in the threat landscape. As a tool created for CISOs and cyber professionals who work on quantifying the impact of cyber threats and solutions into financial figures, Boardish has recently moved from beta to production. 

The ultimate goal that Boardish wishes to achieve is to simplify the quantification process for CISOs and other cyber professionals, helping them get faster insight into the cybersecurity landscape and impact of new threats and solutions. 

With that goal in mind, Boardish has also released a new monthly cyber report.

Their new cyber landscape report shows that the threat landscape has experienced quite a number of changes at the beginning of the year. One thing that they picked up is that there is a link between the three main threat increases that were registered: unpatched machines, ransomware, and data breaches. 

The Boardish cyber report places unpatched machines to the very top of cybersecurity issues.  This threat experienced the highest increase of 18% after NSA has discovered there is a vulnerability in the Windows 10 systems. The number of machines affected by this vulnerability goes over 900 million, which is more than enough to raise the risk assessment for unpatched machines from medium to high, as it has the potential to be the next nation-state type of attack.

Eternal Blue, the exploit used for the WannaCry ransomware is still affecting machines around the globe. When combined with the number of machines that could potentially be affected and the impact of previous nation-state attacks, any organisation with unpatched machines should treat the risk as a priority. 

This leads us to the next threat highlighted by the cyber report: ransomware. It has increased by 11% across all company size categories. 

It’s connected to the number of unpatched machines and also the fact that there are numerous other attack vectors for ransomware infections, with phishing being the most popular attack vector. 

Ransomware is so popular because it’s the easiest way to get money quickly, but there has been an increase of instances of the ransom NOT being paid, in which case attackers released the data and caused a data breach

This brings the impact level to maximum. Another interesting finding is that the level of turnover days increased by 15%, and the reason for this is twofold: business systems are more complex, and ransomware attacks are more sophisticated. Ransomware should, therefore, be treated as a top priority threat.

Data breach threat has also increased by 7%, but unpaid ransomware isn’t the main reason. Instead, increased amounts of data were the primary factor in companies with more than 500 employees, as per our cyber landscape report. The data breach risk factor is serious enough to lose market positioning, and coupled with the high-regulation impact, the risk is raised to high. 

User error is becoming a more common reason for data breaches, so companies should make sure they are protected not just from external but also internal threats. 

The best way to deal with each of these threats can be thoroughly tested in Boardish so that CISOs and other cybersecurity professionals immediately see the effectiveness of solutions and present these in front of the board in financial terms. 

For a more detailed insight into the threat landscape, you can download the full cyber report for free here: Boardish Analytical Cyber Reports

Posted on

Microsoft Azure Information Protection (AIP) Scanner Tool Course

Microsoft Azure Information Protection (AIP) Scanner Tool Course

Our new course on data discovery and encryption with the Microsoft Azure Information Protection (AIP) Scanner Tool is out. Those who enroll in the course will learn all about setting up the AIP scanner and the requirements. They will also learn how to discover and protect your on-prem data.

The Azure Information Protection (AIP) scanner tool provides businesses with a complete data encryption solution. Not only will it help businesses encrypt their on-premise data, but also help them discover, control, and organise their data. 

Why You Need to Learn How to Install and Set up The Azure Information Protection (AIP) Scanner Tool 

With more cyber threats looming about than ever before, cybersecurity has become a pressing issue for any business dealing with sensitive data. Last year’s adoption of the General Data Protection Regulation (GDPR) by the EU also places heavy emphasis on data safety and export of personal data outside of EU and EEA borders. 

Most business owners have security solutions in place to protect the data from unauthorized access by external attackers. However, they seem to forget that many cybersecurity issues start on the inside. The most pressing issues that lead to a data breach are the following: 

  • No clear data organization – Unstructured data is hard to track and even harder to keep safe. 
  • Unrestricted access to every file and document – Not all of your employees need to have access to all your documentation. Data should always be shared on a “need to know” basis. 
  • No tracking on data access and usage – Without a system that tracks how data is being used and accessed, it’s very hard to avoid or detect malicious intent and possible data breaches. 

Why You Should Invest in Data Encryption

Cybersecurity has become a strategy that covers more than just having a firewall and spam protection in place. 

Today, cybersecurity covers everything from encryption to employee education and access control. The AIP scanner tool helps you achieve just that – you will know exactly where your data is, and you’ll be able to label it accordingly. You will also control who has access to it (both inside and outside of your organisation).  

Protect Your On-Premise Data Yourself

Our AIP Scanner Tool course will teach you everything you need to know about the AIP scanner. With 38 lectures divided into eight lessons, you’ll learn how to discover all data locations you keep on-prem (even archived data!). You will also learn how to classify and encrypt it. You’ll learn all about prerequisites to install the AIP scanner and how to set up the virtual environment needed to run it. 

You will become familiar with all AIP scanner modes so you can choose which is the best for your business. You will also learn how to install the scanner and test its settings. This way, you can ensure it’s working correctly before running it on your server, and how to deal with false positives. 

Enroll Today for Lifetime Access

Are you a business in dire need of a good data security solution? Do you wish to broaden your knowledge and install the AIP scanner for others? Enroll today and gain lifetime access to lessons, videos, articles, and downloadable resources that will teach you to successfully protect your data.

Sign Up Here >>> https://www.udemy.com/course/data-discovery-encryption-with-microsofts-aip-scanner/?couponCode=ARTICLE50OFF

Posted on

How to Protect Data Storage from Hacking

How to Protect Data Storage from Hacking

Data protection is more important than ever, but also much harder to achieve. It was fairly simple to previously protect data storage from hacking when it was only saved on-prem and there was limited access. 

Today, data storage and access are more dispersed. Remote employees, cloud storage solutions, BYOD policies, and access via multiple devices from anywhere make data protection seem like an impossible goal.

It’s important to understand that a data breach is a business issue, not just an IT issue. 

To make sure your company and customer data are safe, you will have to protect data storage from hacking attempts. The following data storage safety practices will help you achieve a high level of data security and compliance. 

1. Use strong passwords 

The most common way data storage is hacked are weak or shared passwords. You would ever store thousands of dollars behind a simple “0000” or “12345” password? No.

The data you are trying to protect is worth even more than that, so make sure that anyone with access to it has a strong, complex, and unique password. 

Weak passwords are present in almost every organisation and can cost corporations millions in damages because of data breaches. 

  • To avoid hacking attempts, have a proper password protocol in place. All passwords that provide access to data should have a minimum of 12 characters and shouldn’t be complete words. 
  • Use a combination of upper- and lowercase letters, numbers, and symbols. The password should not have personal meaning – no names, addresses, dates, or anything that can be unearthed on social media.
  • Passwords should also be changed every 6 months.

2. Add Two-Factor Authentication 

Additional authentication protocols should be a standard practice to protect data storage from hacking

In case your first authentication layer – the usernames and passwords – end up in the wrong hands due to a successful phishing attack, the second layer of protection in the form of two-factor authentication (or multi-factor) will keep data safe from outside access. 

The authentication server will prompt the user to input another security code after authenticating their credentials. The code is usually delivered via SMS, or via a phone authenticator app. Some services will also offer the code via phone call if supported. 

3. Include Session Timeouts / Auto Disconnects 

To battle forgotten login sessions that could potentially lead to a data breach because somebody else used the device, incorporate session timeout routines onto your data storage servers. 

These routines will automatically disconnect the user from all inactive sessions. 

For example, if the user accessed your data storage but has been idle for the last 15 minutes, they will be logged out. When they come back, they will be prompted to log back in again. 

This security measure is especially valuable if your staff has access to data storage from shared, remote (and potentially unsafe) locations.   

4. Use encryption for all documents and emails 

Encryption helps protect data storage from hacking because in the event it ever falls into the wrong hands, they won’t be able to read it. 

When you encrypt data, the data is translated into ciphertext that is just a string of random characters. The only way to make it readable again is to turn it back to its original form with the right encryption key. 

The larger the key size, the more computational power is needed to crack it. The rule of thumb is to use encryption services that offer at least 256-bit encryption protocols.  

In order to ensure you have encrypted all sensitive documents, you should use a data protection solution that covers data discovery and sharing. Microsoft’s Azure Information Protection is such a system, and can be used to discover all your data, apply labels that determine how sensitive data is, and then apply rules on data access. The system will find all locations where data is stored and help you migrate it to a safer, centralised location. 

Because such systems also include email encryption, it also helps you keep data safe in case of mishaps. For example, if somebody accidentally sends an email with sensitive data to the wrong recipient, the recipient won’t be able to read the data without first having proper authorisation. 

5. Limit Access to Data Storage

In order to protect data storage from hacking, you have to limit access to data to inside actors too. 

The more people have access to sensitive and classified data, the higher the risk of data falling into the wrong hands. 

Your employees should have access only to data that’s essential to their role in the company. 

In case employees would need to access data occasionally, it’s better to have procedures in place that would authorise access to them temporarily rather than giving them unlimited access. 

6. Use Safe Cloud Storage Solutions 

Cloud storage solutions help you keep your data accessible at all times and is becoming the standard today. With so many employees working from remote locations and accessing data from multiple devices, it’s safe to say that there are many more vectors of attack.  

To protect data storage from hacking but keep it accessible and online, try using a decentralised cloud

It uses blockchain technology to keep data safe and such cloud storage is not controlled by a single entity and data is not stored on a centralised location. Instead, data is spread in tiny fragments across a large global network. When you need to access it, it will be assembled and decrypted as soon as you are authorised (either with an encryption key or password). 

7. Educate Employees

You can invest in the best firewall, anti-spam, and antivirus software, but if your employees don’t know how to spot a potential threat, your attempt to protect data storage from hacking will ultimately fail.  

Everyone in your company, be it the newest members of the team or senior executives, should go through regular education training. Ideally, they should learn about: 

  • The latest threats and risks, and vectors of attack – Suspicious email attachments, phishing attempts, how to stop a spoofed email address, and more. 
  • Best practices when it comes to data security – Teach them about BYOD policies, unsafe public networks, being safe while accessing data from remote locations, etc.
  • How to use new security software you implement – Get them on board with new software solutions and teach them how to use them to avoid slowdowns and disruptions.   

Your data security is only as strong as the weakest link. What’s your weakest link? 

Posted on

5 London Hotels That Are Above the Curve on Technology

5 London Hotels That Are Above the Curve on Technology

The hotel industry is only just starting to embrace the latest tech. London hotels areis working hard to make guests feel like they are right at home during their stay. But when does a hotel stay feel like home?

The latest technology has made it possible to set up the room just the way you like it. From choosing the right room, lighting, temperature, music – everything can be controlled and set up in advance.  London hotels have started picking up on the need to personalise every guests’ stay and invest in new technology to make this possible.

Here are five of the London hotels innovating technology in their offering to guests: 

1. Eccleston Square Hotel

Named London’s most high-tech hotel, Eccleston Square Hotel is a unique blend of historical elegance and exciting new technology. 

The hotel’s very own app that guests can download to their device acts as a digital concierge and lets you set up everything just the way you want for your arrival. 

Each room has access to free and fast Wi-Fi, and comes equipped with free smartphones that guests can use for international calls and free data while roaming the city or conducting business.  

The in-room pads let guests control every single aspect of their room – light, sound, and temperature – and they can also browse the menu, order room service from the restaurant, and select the time of delivery. 

The bathroom glass walls can be toggled between see-through and frosted with a simple touch of a button. The best part is that the “Do not disturb” sign can be activated from the touchpad, too! 

2.  Radisson Blu Edwardian, Berkshire

Radisson Blu on oxford Street never stops innovating to offer the very best guest experience. While staying at the Edwardian on the Bloomberry St, guests will be able to use their very own virtual assistant called Edward. 

Edward will help throughout the whole stay and help them with check-ins, checkouts, and requesting anything guests might need. Each room has fast Wi-Fi for an unlimited number of devices, and guests can even stay up to date thanks to their digital news app. 

3. South Place Hotel, London

The South Place Hotel also realised that guests want full control of their room setup, so every guest can control lighting and electronic blackout blinds, and enjoy crystal clear sound thanks to the Bang & Olufsen media centre and a library full of free on-demand movies and shows. 

The bathrooms are equipped with a TV and speakers too, and those who get tired of movies can head to the hotel’s games room.

4. Amba Hotel Marble Arch, London 

Also located on Oxford Street, Amba Hotel Marble Arch lets guests have full control over every aspect of their stay. They can choose rooms themselves during booking, and the Mobile Valet app lets guests explore the hotel and all amenities, order room service, and set up express checkout easily. 

Every room is equipped with USB sockets next to beds and super-fast unlimited Wi-Fi. There’s also a tablet in each room that guests can use as they like, and Smart TVs they can link their own devices with and connect to their favourite services.  Plus, you can keep your tech secure thanks to the in-room laptop safe which is a great addition for business trips.

5. CitizenM London Bankside

The CitizenM London Bankside offers their guests compact rooms filled to the brim with technological gadgets that make the stay comfortable and futuristic. Starting with ‘one-minute’ check-in kiosks, the guests are guided to a room that they can adjust as they want. 

Guests will have their own tablet “mood pad” that gives them control over all the aspects of the room. Coupled with lightning-fast Wi-Fi, it’s really like being portalled to the future. 

Today, a personal touch and focus on guest preferences is what it’s all about. The very best hotels focus on the guest experience by making it easy to check in and out, order, and connect to personal and business accounts and services right in the room.

Posted on

How To Create A Secure Password in 2019

You’d be amazed at how easy it is to create a secure password in 2019 and yet so many people don’t! 

Despite the increasing efforts that many websites put into security precautions, it’s a two-way street and users need to catch up and take responsibility too. Weak passwords are still a common way to hack someone, even in 2019.

The National Cyber Security Centre released a list of the most common weak passwords found by analyzing data from 100 million passwords leaked in data breaches. 

The top ten weakest passwords are the following: 

  • 123456
  • 123456789
  • qwerty
  • password
  • 1111111
  • 12345678
  • abc123
  • 1234567
  • password1
  • 12345

Other noteworthy entries near the very top include things like “000000” and “Iloveyou.” The primary spot has been held by “123456” for years now, however. 

A Secure Password in 2019 Should Be Complex, Unique, and Random

The above-mentioned passwords don’t even meet the minimum requirements of what’s considered a safe password nowadays. Today, truly secure passwords will have: 

  • A mix of upper and lowercase letters
  • Numbers
  • Special characters

Don’t think for a second that such passwords are bulletproof. They can also be cracked if you aren’t careful with how you create them. 

Creating a Secure Password in 2019

The following ten tips will help you create a truly secure password in 2019 and avoid the most common mistakes that lead to breaches. 

Avoid simple passwords like the ones on the list above

The fastest way your account will be compromised is by setting a weak password. While it’s bothersome to use all these safety measures like mixing cases and special characters, it’s more irritating to try to cancel credit card payments you never made. 

Don’t use simple to guess data

Avoid putting your name, the names of family members, or even the names of your pets because this is a sure fire way to become compromised in record time. Also, never use your username as a password too. That’s another easy guess. 

Use patterns 

An easy way to recycle a password safely is to switch for a designated number of spaces on the keyboard. For example, if your password was “ThiSisS3cuRe” (This is secure), you can instead use the keys that are one space to the left. Instead of “T” you would use “R” and so on. This will get you what seems like a completely random sequence: “RguSuaA2xzEw.” And yet, you will know how you got it. 

Change passwords regularly

Many people experience a breach because they never change their passwords. Passwords get outdated quickly, and as time goes by, what was once considered complex can now easily be cracked and guessed. 

Some services prompt you to change your password regularly, which is not a bad idea, but many users then choose a simple password to get it over with. That’s a bad practice, and however annoying you might find it, every password change should have a complex password. 

Top Tip: Change your passwords every 6 months and set a reminder on your phone to do it so you don’t forget! 

Use a different password for each account

Never use a master password for all your accounts. That increases risk in case of a breach. Imagine your business email or banking information is suddenly jeopardised because you used the same password as on some random and less secure site. Each account should have its own password. 

Use randomly generated passwords

Google Lock has a password suggestion mode that offers you to create a randomly generated password instead of thinking of one yourself. This is a convenient service, but it can be hard to remember all such passwords without a system behind them.

Don’t write down passwords 

You might find it convenient to write all your passwords on a piece of paper, or in a notepad. Be aware that any type of data that’s not encrypted is not safe. Usually, it’s considered okay for home users to write down passwords on a piece of paper so long as they are kept out of sight (and not taped to the computer!), but never do that at work, or you risk someone using your workstation for malicious intent. 

Find a password manager that suits your needs

If you find it hard to remember all passwords, use a password manager. These are pieces of software that remembers all your passwords so you don’t have to. There are free and paid options available, and some are online, others are offline. Go through reviews to find the best deal for you. 

The point to note here is that you’re storing all of your passwords in one place, so make sure you pick an encrypted system that is extra secure! if you don’t have enough passwords to use a system like this, it’s best to avoid!. 

Use cryptography 

Develop your very own system to encrypt your passwords. One good way to do this is to have a sentence that will remind you of a password. For example, you have a pet cat and wish to base your password off of it. Instead of using your cat’s name mixed with a few numbers, use a sentence such as: 

  • “My cat Garfield loves lasagna.” and then encrypt each part: 
    • My cat Garfield = McG
    • Loves = <3
    • Lasagna = LsgnA
  • So your password will be “McG<3LsgnA”

Use two-factor authentication

Reduce the risk even more and use two-factor authentication in addition to having a strong password. On the off chance that somebody manages to crack your super complex password, two-factor authentication will keep them from doing anything else. 

Such authentication is bound to a token or a phone app that generates a random string of (usually) six numbers that rotate every 60 seconds, which are unique to your account. Without this second step to prove it’s really you, hackers won’t be able to access your account at all. 

Cybersecurity Rests on You Choosing a Secure Password in 2019 

Hackers are finding new ways to get to your data every day. Don’t let your password be the weak link that will give them access to everything else. Want to learn other ways to protect your computer? Check out our latest course here >>> PROTECT YOUR COMPUTER FROM GETTING HACKED COURSE <<<