Feedback on Windows 11 so far

Whilst some users are taking their first look at Windows 11 on consumer devices, the Utilize team has been busy testing and hardening Microsoft’s latest operating system for our business customers. After listening to the thoughts of some early adopters and the feedback from our own support team, here are the most useful observations we have to report so far.

What’s included

Windows 11 is available on Windows 365 and Power Automate for desktop is included with the OS Windows, as well as working with Intune/Endpoint Manager.

Fast upgrade process

When it comes to running the upgrade from Windows 10, users may need to navigate a few bumps in the road, but overall it is a fast and efficient process. Colleagues have reported that somewhere between 60 and 90 minutes are required from the initial download through to the final system restart.

User interface

The Windows 11 taskbar looks like an amalgamation of the Windows 10 taskbar and the macOS dock minus the animations. Icons are centred rather than left hand aligned. Opening the start menu is similar but is closer to what you would see on a smartphone, with the apps you use most often presented in a grid rather than a list. This change makes it simpler to find the specific programs and applications you are looking for.

Switching to the complete app list is quick and easy but requires an extra step from the default app list of Windows 10. Just like the default app list, the overall look and feel has a smartphone influence and, once you get used to the new layout, it does seem easier to use.

Settings

Settings do not immediately pop up when you hit the Windows icon, which is still on the left but now centred with the other app icons in the taskbar. Whilst the icons on your home screen and the background will probably remain unchanged post-upgrade, the layout of your settings looks significantly different, and it may take a while at first to locate the setting you are looking for.

Nevertheless, users have reported that the settings they use most frequently, such as software updates, were clearly in view rather than hidden in a submenu. As with the app lists, once you get used to the new Settings layout, you’ll probably find it more intuitive to use.

Make it snappy

Windows has always been about helping users work flexibly with the ability to resize, maximise and minimise applications as they work. But now in Windows 11, a feature called Snap Layouts offers an even more powerful way to multi-task.

This new feature allows you to organise windows and optimise your screen layout for the task in hand and you can even create separate desktops for each area of your life, such as work, gaming or school etc.

To access Snap Layouts, hover your cursor over the maximize icon in the upper right corner of an app or press Win-Z. You should see 4 (or maybe 6 if you are working on an ultra-wide monitor) different grid layouts to choose from. Each layout presents a different configuration of zones. Simply choose a layout and hover over the zone that you want your active app to be in. When the zone turns blue, click on it and your app will snap into that position. If you’re the kind of user who is permanently toggling between several core applications, this feature is definitely worth exploring.

Smartphone integration

Microsoft’s smartphone integration app, Your Phone, is working on this latest release, and it does a respectable job of presenting an onscreen view of some of your phone’s core features such as texts and phone calls. There is a music feature too, although that appears to be disabled currently. There are some nifty features such as the ability to drag a photo from the visible representation of your phone and into an email on your desktop interface.

3rd party apps

A number of 3rd party apps will work but are not supported on Windows 11, Sage for example is not currently supported. SonicWall’s latest version of NetExtender does work on Windows 11 but it’s currently in testing and we are awaiting confirmation from SonicWall that it is fully supported on Windows 11.

Performance

During this phase of the rollout, the platform typically isn’t optimized yet for performance. Still, we didn’t notice any individual wait states or performance degradation on the Dell PC. This lack of noticeable performance penalty suggests there may be a slight performance boost as updates are deployed over the coming months. Microsoft has already been proactive in releasing updates to address specific performance scenarios with AMD hardware, more details of these updates can be found here

Security

The TPM 2.0 and Secure Boot requirements for Windows 11 should result in far more PCs that are secure, as many PCs support those technologies but don’t have them turned on. Other systems will need to be replaced, although not necessarily right away: Windows 10 support will continue until at least 2025. Windows 11 is only currently supported on specific hardware platforms, you can find a full list here

With the significant increase in ransomware attacks, putting off anything that increases the security of PCs comes with inherent risk, and it may be wiser to go early rather than late on this latest Windows version. Best practice, however, is to wait at least two months after general release before deploying to make sure new problems are identified and corrected before your installation. Often a good time for an update like this is during the holiday break, where any problems will have a minimal impact on productivity.

Coming soon

Tighter integration of Teams directly in the OS will be coming to businesses in future as well as adding access to Android applications.

Contact Utilize

Microsoft Unveils Windows 365

Microsoft’s annual partner event, Inspire, is typically light on major product releases and it came as a surprise to most partners to see the imminent release of Windows 365 announced.

Think of Windows 365 (W365) as being your traditional physical work computer that is now located in the cloud and accessible from a web browser, app, tablet, or phone. It runs the same Windows 10 (soon 11) operating system as your physical device and will be fully compatible with all your line of business apps. As with most current Microsoft cloud products, W365 follows the same monthly fee subscription model.

It may not be immediately obvious why you would want to spend your hard-earned cash on an expensive laptop or desktop and then be expected to put your hand in your pocket again for a monthly subscription to W365, but consider these scenarios:

You’re on the way to the office and realise you’ve accidentally left your laptop at home. No problem as W365 is fully cloud based and accessible from almost any computer with an internet connection.

Your company has just taken on a new intern, and you don’t want to purchase an expensive laptop until their trial period is finished. In just a few minutes, your intern can be up and running with a dedicated W365 cloud computer.

You’ve just made an acquisition and need to quickly provision new computers configured to your infrastructure for the new staff. W365 gives you the flexibility to quickly deploy (and subsequently decommission) cloud-based computers configured to your corporate infrastructure.

Your CEO loves Apple Macs but needs to run the corporate line of business applications. Using W365, a full Windows 10 experience is available via the Safari browser or the Mac desktop client app.

Your company has concerns about data leakage of confidential information. Deploying W365 to each staff member helps to ring-fence your data and enforce corporate governance.

W365 follows hot on the heels of Azure Virtual Desktop (AVD) which at first glance, appears to offer a similar end user experience but there are significant differences for your IT department to manage:

If you deploy AVD, your (or your IT partner) manages the underlying servers and infrastructure. With W365, this is fully managed by Microsoft.

AVD runs multiple Windows 10 sessions on a pool of host servers. If a host server crashes or needs a reboot, all connected users are inconvenienced. With W365, each user session is autonomous and can be rebooted without affecting any other users.

Each AVD session shares the host’s RAM, vCPUs, and storage. A single user with a heavy workload therefore has the potential to slow down all the other sessions on the host whereas W365 is autonomous, and each user session is siloed.

In an AVD environment, apps are shared amongst users. New apps or app updates are deployed to a single image simplifying the management for your IT department or technology partner. As each W365 computer is autonomous, app deployment and maintenance is carried out using management software such as Microsoft Endpoint Manager.

Costs associated with AVD come under your Azure subscription whereas W365 is billed separately as a fixed cost subscription like Office 365. Bandwidth is included with some W365 subscriptions not connected to an existing Azure infrastructure (see below).

W365 is available in either a Business or Enterprise tier. Business computers can be used as standalone or joined to an Azure AD but can’t be made part of an existing Azure infrastructure. If you have a traditional AD, then you’ll need the Enterprise version. Enterprise computers can connect to an existing vNet in Azure but only the network interface of the W365 computer is exposed to Azure, all other resources are managed by Microsoft.

You can save money if you are an existing Windows 10 Pro user and interested in a W365 Business computer by taking advantage of ‘hybrid benefit’. Microsoft kindly deducts the cost of your Windows 10 license from the W365 Business computer.

W365 Enterprise requires that each user be licensed with a Windows 10 Pro subscription, Microsoft Endpoint Manager, and Azure Active Directory P1, which is included in Microsoft 365 F3, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 A3, Microsoft 365 A5, Microsoft 365 Business Premium, and Microsoft 365 Education Student Use Benefit subscriptions.

In terms of sizing, the table below gives some indications of the correct specifications based on your users’ anticipated workloads. Note that whilst you can upgrade an existing W365 computer to a higher specification, you can’t currently downgrade.

CPU, RAM, and storage	Example scenarios	Recommended apps
1vCPU/2GB/64GB	Frontline workers, Call centres, Education/training/CRM access.	Office light (web-based), Microsoft Edge, OneDrive, lightweight line-of-business app (e.g., call centre application – web-apps), Defender support.
2vCPU/4GB/256GB 2vCPU/4GB/128GB 2vCPU/4GB/64GB	Mergers and acquisition, Short-term and seasonal, Customer Services, Bring-Your-Own-PC, Work from home	Microsoft 365 Apps, Microsoft Teams (audio-only), Outlook, Excel, PowerPoint, OneDrive, Adobe Reader, Edge, Line-of-business app s), Defender support.
2vCPU/8GB/256GB 2vCPU/8GB/128GB	Bring-Your-Own-PC, Work from home, Market Researchers, Government, consultants	Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, OneDrive, Adobe Reader, Edge, Line-of-business apps), Defender support.
4vCPU/16GB/512GB 4vCPU/16GB/256GB 4vCPU/16GB/128GB	Finance, Government, consultants, Healthcare services, Bring-Your-Own-PC, Work from home	Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, PowerBi, Dynamics 365, OneDrive, Adobe Reader, Edge, Line-of-business apps), Defender support.
8vCPU/32GB/512GB 8vCPU/32GB/256GB 8vCPU/32GB/128GB	Software developers, engineers, Content Creators, Design and Engineering workstations	Microsoft 365 Apps, Microsoft Teams, Outlook, Access, OneDrive, Adobe Reader, Edge, PowerBi, Visual Studio Code, Line-of-business app s), Defender support.

Following the launch of W365 on the 2nd August, demand has exceeded Microsoft’s expectations. The free 2 months trial was so popular in the first few days of launch that they have now had to temporarily suspend this offer until they can deploy some additional resources.

Prices start from £17 + VAT per month for the most basic specification. Please contact your Utilize representative if you would like prices and further details click here

Contact Utilize

The coronavirus pandemic has driven a huge shift in how businesses operate and how their employees go about their daily working lives. Much of this digital transformation has been positive, with a rise in remote working and widespread adoption of productivity tools. However, digital transformation brings with it huge risks – not least from a cybersecurity standpoint.

Over the past year, it’s been all too easy for employees to click on a bad link, open an infected attachment or visit a malicious website from a work device whilst at home. They may have downloaded or installed an unauthorised application on work systems, or even taken advantage of more powerful work hardware to play games in their leisure time.

Enterprising cybercriminals know that the adoption of new technologies or working practices brings with it blind spots; chinks in the armour of businesses both large and small, that could quite easily be exploited.

It’s for this reason that cybercrime attacks within the UK are thought to have increased 31% during the pandemic – costing businesses some £6.2 million in the year to September 2020.

Businesses cite cybersecurity as their second biggest concern for the year ahead. PwC’s latest CEO Survey found that 91% of business owners put cyber threats among their top concerns – behind only pandemics and other health crises. Cyber worries were even named above uncertain economic growth, itself mentioned by just 86%.

Elsewhere, the PwC report found that 77% of businesses expect to invest further in digital transformation throughout 2021 – meaning their cybercrime defences need to not just be robust but ever-evolving, to ensure they don’t allow hackers to exploit any brand-new weaknesses.

The imminent return of workers to their offices provides an opportune moment to check your own cyber security credentials, and to ensure nothing dangerous is being brought back into the work environment.

Receive a free dark web scan when you register for a Utilize Cyber Security webinar

Double down on security by attending our free webinar, which explains the threat that returning workers or new technologies could place on your business. Topics covered include: Cyber Essentials, the Dark Web and Phishing Attacks.

Registered attendees will also qualify for a free dark web scan, so you will be able to see whether your data have been compromised. If information is at risk, our experts can advise you on the next steps you should take.

Contact Utilize

This year’s coronavirus pandemic has seen many traditional workplaces close causing millions more workers to operate remotely – many for the first time. So as we enter this new phase of ‘Working from Home’, it would be a good idea to pause and consider what (if any) the increased risks to our cybersecurity may be, and what we can do to hunker down and stay safe.

Certainly, those workers who are using a personal device for business purposes should ensure they take some extra precautions to help keep both personal and business data secure.

Vishing

If you’re anything like me, you’ll have rediscovered you have a landline, which may be subjecting you to a threat vector otherwise missed when you’re in the office. The primary threat is known as ‘vishing’, which takes everything we love about a Phishing email and transforms it into a phone call. Scammers will claim to be from your cable provider (Virgin, Sky etc.) and ask if you have experienced issues with your connection. They claim to be from the technical team and “can definitely help you with your speed issues if you are near a computer”. I followed their instructions on my last call (for investigative purposes) and discovered they will ask you to log-in to your device and follow commands to allow them to gain remote access to your device. At this point, they will proceed to install all manner of malware, keystroke loggers (to steal passwords), Ransomware etc. Remain vigilant in the face of vishers – Sky have been targeted with a number of vishing campaigns recently, so always call your suppliers directly!

Malicious texts

Alternatively, your telecoms providers (EE, O2, Vodafone etc.) may send you a text message to advise there has been an issue with your payment – with a link. Just because it is a text message does not mean it is safe and of course these messages do not always originate from the companies they purport to be. Be sure to connect to your account via a homepage or call customer support directly. Beware of these malicious texts – messages claiming to be from EE & Vodafone have been doing the rounds recently.

PayPal phishing emails

The good, old-fashioned phishing email has been evolving recently to become even slicker. I have seen an increase in PayPal emails with variants on the theme of “fraudulent activity… your account with be closed forever”. Clearly these messages are designed to panic you into action. I have included below an example of what to look out for. Note that if you use a Password manager you may find that every so often you get stuck in a ‘captcha loop’. You will need to copy your password manually and this should fix the issue. Most importantly, do not be tempted to click on a well-timed email that is more than likely not from PayPal.

Things you can do to keep yourself secure – a handy to-do list!

1. Awareness & user training. Social engineering remains the main way into a network (large and small) with humans proving the weakest link. Talk to us about how to create a plan, how to test employees in a safe environment and how to support them in understanding threats and implications.

2. Password managers. Social engineering remains the main way into a network (large and small) with humans proving the weakest link. Talk to us about how to create a plan, how to test employees in a safe environment and how to support them in understanding threats and implications.

3. Secure solutions. Products like SOPHOS InterceptX, O365, DarkWeb Scanning and SonicWALL can ensure you are well protected against a variety of threats whether you are in the office or WFH.

4. Mobile security. This becomes ever more important as threats continue for both business and personal users.

5. Patch, patch, patch! Check your home and work devices regularly for any new patches (Microsoft Patch Tuesday is a good day to check). Ensure you have up-to-date antivirus software on your PC, laptop and mobile device and, if in doubt, run a scan. If you use SOPHOS, ask us about their free Home Premium Licences available to all your users.

6. 2FA and Multifactor Authentication. This remains a highly recommended measure that everyone should be applying any application wherever possible.

7. Secure connections. Ensure your users are connecting to the office via a Virtual Private Network and that they know how to secure their home routers – these should be password protected and WPS disabled!

8. Sharing is caring. Create an open environment for users to share any worrisome emails, texts, or generally dubious activity without fear of repercussions. When someone inevitably clicks on a link, the sooner it is flagged the more chance you have of isolating it from other parts of your network.

9. Create an internal Playbook. What would you do if you suffered a breach? Who in your team needs to be involved and what are your processes? We can help with specific courses for GDPR and Cybersecurity.

10. Scan, scan, scan! Talk to us about regular vulnerability scanning and possibly penetration testing. We can help you understand which holes the bad guys can leverage and what you need to do to become more secure!

There is one final thing we can all do in the fight against malicious emails. NCSC have introduced a pioneering suspicious email reporting service, which allows you to forward any email you suspect may be harmful to report@phishing.gov.uk

Stay safe out there and, if you have any concerns, do reach out. We are always happy to offer you our expert advice and best practice security knowledge.

Contact Utilize

The benefits of Sage 200cloud Professional

The start of 2020 saw the enforced period of lockdown and remote working. This caught many businesses off-guard and many employees weren’t equipped to work from home. A lack of suitable technology meant that remote workers did not have access to applications, data or the communication tools in place to facilitate business continuity.

Throughout this difficult period, many valuable lessons were learned regarding technology and, specifically the need for Cloud-based accounting and business applications. The way companies do business has changed and our flexible cloud services will allow businesses to flourish in the new cloud computing era.

There are many benefits of doing business in the cloud.

1. Mobile access at any time.
Wherever you are, you can always check on the status of your business.

With Sage 200 Cloud Professional, accounts and key financial figures can be accessed anytime, anywhere. Data and records are all safely encrypted and stored on a cloud server. Simply log in and work from your web browser, wherever you have Wi-Fi and an Internet connection.

2. A cost and time-effective solution

Working online reduces your IT costs and saves you time by keeping you constantly connected to the business.

Cloud accounting is entirely online. There is no costly IT infrastructure to maintain. You can access the software from anywhere and rather than having to wait to get back to the office, you can immediately approve payments, or send out invoices to customers, saving you time and making your financial processes far more efficient.

3. Robust security and back-ups

All your data is held on a platform such as a private cloud or Amazon, however we suggest the Microsoft Azure platform as Microsoft has taken major steps toward ensuring high levels of security within their cloud environment. Your work is also saved automatically as you go, saving both time and money on tedious back-up procedures.

4. Share and collaborate with ease

With a system like Sage 200 Cloud Professional, multiple stakeholders can access the same documents and files – instantly, from any geographical location. Collaboration is as easy as picking up the phone and logging in to Sage 200 Cloud.

5. Reduce paper and become more environmentally friendly

Significantly reduce your reliance on paperwork. Documents can be emailed out and to remove the costs of printing and postage – this also helps speed up payments through integration with payment gateways. Incoming bills and receipts can be scanned and saved directly with the associated transactions. And because your documents are all digitised and stored in the cloud, there is no need to keep the paper originals – saving on filing space and storage costs.

6. Better control of your financial processes and reporting

Gain efficiencies with greatly improved control over your core financial processes, a better view of expected income, an overview of outstanding debts, and an instant breakdown of profitability.

Our partnerships with Microsoft, Sage and Sicon allow us to provide our clients with Cloud and software solutions that have helped their businesses become more efficient and more productive.

To find out how we can help your business contact us today, click below

Contact Utilize

Sage 200cloud - Driving Efficiencies in the Construction sector

As numerous reports from the likes of McKinsey & Company in recent years have made clear, construction is behind the curve when it comes to digitisation. Many companies in the industry, they point out, continue to use disjointed technology that makes the free flow of accurate information difficult on an internal basis, let alone when it comes to communicating with the supply chain.

We’ve been able to help many of our customers in the lockdown period to review their technology. They’ve moved to cloud-based platforms, giving their staff the flexibility to work from home. As lockdown eases, and staff return to work they’re now able to use this technology to help improve productivity and access key information from remote sites.

Our partnership with Sage and Sicon allows us to provide you with software solutions that will help your business become more efficient and more productive. Download our free webinar on the link below, we’ll share our valuable knowledge and expertise on how you can fully utilise Sage 200 Cloud to manage data as efficiently as possible and give you information to make timely management decisions. Our Cyber Security team will also demonstrate how you can ensure you adopt effective security controls, to protect sensitive data from cyber-attacks.

Find out how we can help your business.

Click here to learn more about Finance management

Sage 200C & Cash Flow Enquiry

For most businesses in the current climate keeping control of cash flow is a major priority.

Sage 200c has a user-friendly Cash Flow Enquiry as part of its Cashbook Module, which can help you maintain visibility and manage cash flow easily.

The cash flow structure pulls information from bank accounts, sales ledger, purchase ledger, sales, and purchase orders, nominal budgets and manual ad-hoc income and expenditure entries, VAT due/to claim, Contracts from Sicon Contracts and Applications and Retentions from Sicon Construction.

You can use the simple drag and drop feature to adjust the transactions in the cash flow interface to reflect the expected cash impact without changing the due dates and promised dates manually.

Features include:

• Select the period you wish to view

• Select the Bank accounts to be included

• Transactions types to include: Regular Receipts/ Payments (Standing Orders & Direct Debits set up in Sage)

• Forecast Receipts/ Payments (Sales Ledger & Purchase Ledger items based on Due Date)

• Manually remove transactions you know you will not be paying or receiving in the current period

• Manually add additional Receipts/Payments

This link to the ‘Sage 200c help files’ provides more detail:

In addition to this, you may also be interested in a new add-on module for Credit Control. The Roundhouse Credit Manager module links directly to the Sales Ledger and has the look and feel of the standard Sage List View screens.

Features include:

Filter lists of customers based on:

• The Age of the Debt

• Whether they have orders to be processed

• Where orders have been placed on hold

• Keep notes on chases that have been made

• Produce letters to selected accounts

• Place accounts on Hold from the Credit Manager screen

The following link – Roundhouse Credit Manager provides a bit more information.

If you are a Sage 50 Accounts user, there is a Cash Flow module, as well as other options for Credit Control. If you would like more information about these modules, Cash Flow Enquiry or The Roundhouse Credit Manager please contact service@utilize.co.uk today.

Learn more about Finance management

Reports of cyber attacks originating from the Dark Web are growing at an alarming rate. The attacks are becoming more frequent and increasingly harder to detect.

Hackers who initially compromise a network can be in the network for months, and sometimes even years, before their activity is spotted. It is more rewarding for them to compromise further systems and identify additional criminal opportunities to sell these vulnerabilities, passwords and hacks on to other criminals to exploit.

Alongside selling hacking tools, there are hackers for hire who are paid specifically to compromise a specific company’s networks. Data gained illicitly from your company may already be available in Dark Web data dumps, or from criminals selling data such as your employees personal records, compromised passwords, or system access exploits.

“48% of UK Businesses identified at least one breach or attack a month”

Although many businesses believe they are relatively ‘secure’ from cyber attacks and cyber security in larger businesses is generally improving, cyber attacks on medium and small business are increasing in number and frequency.

These attacks can start with the compromise of a single employee’s login details through a basic phishing attack. With one in every 3,722 emails in the UK being a phishing attempt, and a 350% surge in attacks amid the COVID-19 epidemic, your company cannot afford to ignore the threat of a potential data breach.

You must begin to mitigate your risks and take proactive steps to identify whether your businesses data has already been compromised and protect against the possibility of a future attack.

Read our Free Guide and discover the necessary steps your business should be taking.

Learn about Managed Security

Email attacks, phishing, insider threats, and spoofing have all spiked recently, and these increasingly sophisticated attempts to access your data and personal information are leaving widespread disruption in their wake.

Last year, 32% of businesses and 22% of charities in the UK reported having experienced cybersecurity breaches or attacks within the previous 12 months. The most common types were phishing attacks (identified by 80% of these businesses and 81% of these charities). Many also reported cases of others impersonating an organisation in emails or online (28% of these businesses and 20% of these charities) as well as viruses, spyware and malware attacks.

The nature of these threats

Cyber-attack victims are not necessarily selected at random; many are systematically targeted in order to infiltrate systems. Pen testing tools such as MimiKatz are used to search for the individual credentials of users with domain admin privileges, so that these accounts can proceed to spread malware more effectively. This method is typically behind the largest and most advanced ransomware attacks and breaches, with SOPHOS recently publishing that 54% of businesses have experienced a rise in this method of attack.

Email-based spoofing has also increased, as attackers employ ever more sophisticated methods in their attempts to gain access to money, intellectual property and other credentials. The most common attacks are initially aimed at C-level personnel, before spreading to other members of staff within the organisation. Mimecast’s 2019 report found that this sort of malicious activity from one employee to another could account for as much as 73% of individuals experiencing direct loss of data, finance or brand.

Smartphones today are minicomputers containing a large amount of sensitive information about our lives, including banking details, maps, our health, where we live and where we run. So, it may come as no surprise that 2019 also saw a growth in mobile attacks. Google Play and Apple are getting better at scanning applications, but cybercriminals excel at tweaking their plagiarised applications to avoid detection. When installing little-known applications, always remain vigilant for any small print in ‘free’ trials that require laborious steps to uninstall or unsubscribe. Failure to do so on some apps can result in hundreds of pounds in ongoing monthly payments.

Apps designed to steal credentials for online banking have plagued Android users for some time with malicious code not downloaded until after a user downloads the app – making it more difficult for Google to scan and detect. The malicious code then monitors your actions and keystrokes on virtual keyboards when logging into your banking app.

With the advent of GDPR, protecting our business and personal data has never been more important. So, as phishing, spoofing and spear-phishing increase, businesses must also urgently tackle the biggest risk to their organisation – their users. Yes, human error is a major contributing factor in breaches, which is why many companies undertake internal phishing simulation exercises with employees to evaluate their vulnerabilities. The results are often alarming.

But fear not, there is good news too. Educating employees and nurturing a culture of vigilance and awareness, through the consistent delivery of fresh and engaging training, can make a real difference and arm businesses with an additional line of defence.

Where to focus your resources

In the face of these every-changing threats, some of the old preventative measures can still provide the most effective protection. But there are some new recommendations and technologies to add into the mix too…

Patching

Many of us will have heard of Patch Tuesday, but not everyone places the same value on patch management. It can be a lengthy and laborious task but having a process in place for this is vital – either internally or via your IT support company.

Multi Factor Identification

MFA – or Multi Factor Authentication means having a separate token or device to confirm your user identity. MFA can take the form of an authentication app (such as Microsoft Authenticator) or Authy, which once paired with an individual’s account, provides a sequence of numbers every 30 seconds. The important part is that this is on a separate device to the one you are using – such as your phone. You should set up MFA on any application that supports it but particularly those with access to sensitive information.

Passwords

It is important to use strong passwords and for users to understand their importance. Passwords should not be reused, and this is particularly important for business passwords (or email/password combinations). Wherever possible, consider using an accredited password manager such as Last Pass, 1 Password or Dashlane. Click here to find out more

Awareness

If your users understand the importance of data privacy and the value of their personal information, they are more likely to look after the keys to your network. Fostering an open environment, where employees feel able to discuss possible phishing attempts and questionable emails or calls without the fear of reprimands, is an excellent start. Utilising a continual education platform is even better.

Accreditations and scanning

Cyber Essentials Plus, ISO27001, PCI DSS are great accreditations for your business to acquire and they show your suppliers and customers that you are serious about security. These accreditations align with GDPR and other requirements such as internal and external scanning. If accreditation is not feasible then a vulnerability scan should be considered as a regular addition as many exploits or breaches lie undetected for up to 6 months. Know the vulnerabilities within your business so you can work to bolster them. Understanding your systems, how they are connected, and the associated risk management, all play a vital role. Depending on your size, you may even want to consider walking through your ‘playbook’ – does everyone in your business know what to do if a breach/hack/disaster happens? This includes understanding how to approach the ICO in the worst-case scenario.

During these challenging times, we are experiencing a spike in cyber-attacks with many themed around coronavirus and the associated government/HMRC advice. As our workforces continue to adapt to remote working and a ‘new normal’, it has never been more important to be vigilant and ensure some of the simple precautions and best practices outlined above are implemented across your organisation.

Learn about Managed Security

Undoubtably you’ve heard mention of the Dark Web – a network of website and servers that
use encryption to obscure traffic and hide exactly who is accessing their content. Because the
tools you need to access the Dark Web are designed to give you anonymity, it has become a
hotbed of criminal activity, used to sell drugs, pornography, weapons and more recently stolen
data.

But why should your business care about the Dark Web, what appears there and how could it
effect your organisations security?

Cyber criminals and cyber attacks are not only becoming more prevalent, with 88% of UK
Business suffering a breach in the last 12 months, but more sophisticated and therefore more
harmful. Hackers who initially compromise a network can be in the network for months, and
sometimes even years, before their activity is spotted.

In fact, Data gained illicitly from your company may already be available in Dark Web data
dumps, or from criminals selling data such as your employees personal records, compromised
passwords, or system access exploits.

Digital credentials, such as usernames and passwords, connect you and your employees to
critical business applications, as well as online services. Unfortunately, criminals know this,
thats why digital credentials are among the most valuable assets found on the Dark Web.

Microsoft sees over 10 million username/password pair attacks every day.
You can’t afford to ignore the Dark Web. Your business needs to take proactive steps to monitor
the Dark Web for employee credentials, insider threats, customer accounts for sale,
compromised banking information, and criminal discussions requesting targeted resource
development focused on compromising your business.

Discover the necessary steps your business should be taking, Read our FREE essential guide.

Learn about Managed Security