An IT Support Blog from London

A new IT security threat is infecting computers across the globe, and it could be wreaking havoc on your organisation’s devices as you read this post. This malware threat uses a computer’s processing power to mine cryptocurrency, without the knowledge or consent of the owner.

Unauthorised cryptocurrency mining–or cryptojacking, as it is commonly called, is spreading like wildfire. This is not surprising, given how simple it is for cryptojacking scripts to infiltrate a computer. Hackers can initiate it using one of two methods:

The year 2017 was a dismal year for IT security, particularly in the arena of ransomware.

Less than 12 months ago, the ransomware worm WannaCry wreaked havoc across the globe, placing large organisations – including NHS trusts in England and Scotland, at the forefront of one of the most prolific cyber attacks in history. Then followed NotPetya (initially believed to be the Petya malware of 2016) in June, which also spread quickly and, even without the aid of human intervention, managed to harm multinational companies.

Yet more ransomware attacks compromised the data of individuals and organisations, but they were not nearly as high profile as the aforementioned attacks, and this prompted many people to believe that ransomware is no longer the threat that it was twelve months ago. But is this really the case?

It is easy to follow the mistaken belief that beefing up security at your business involves buying expensive hardware and software or hiring a top-rated security consultant to step in and make major changes. In fact, it is possible to make solid security progress by simply following good practice, and by tightening protection where needed.

Making these essential improvements is important for businesses of all sizes. In 2016, the Federation of Small Businesses found that the UK’s small businesses are collectively attacked over 7 million times a year, costing up to £5.26 billion. In this article, we cover some of the most effective ways to improve resilience against these attacks without spending an arm and a leg.

DDoS attacks are typically designed to inundate servers and entire networks by consuming computing resources through large volumes of traffic, connections, or requests. And so, because cloud infrastructures are assumed to be backed by a large assemblage of such resources, many people believe their servers are less susceptible to these types of attacks if they’re hosted in the cloud. But that’s not entirely true.

If your servers are hosted in a multitenant environment along with a bunch of other servers belonging to other organisations (which is usually the case in a public cloud), your servers could be at risk of collateral damage. If those other servers (note: not yours) are bombarded by a DDoS attack and your cloud service provider (CSP) attempts to absorb the attack, your own servers, which share the same underlying infrastructure with those other servers, could also suffer.

Web content filtering is typically supplied as part of broader cybersecurity measures, with most internet security appliances offering the option to enable filtering, and many default configurations enabling it from the outset. Yet as with many topics in information security IT personnel should never assume that content filtering features are active or optimised. In this article, we outline key reasons why content filtering is still so important, and briefly describe how to enable content filtering for your organisation.

HTL Support's Business Briefing event on 23 February was a resounding success and offered delegates real insight into the EU General Data Protection Regulation legislation and its likely effects on the IT sector. Demand for the event was far in excess of available places and is an indication of just how relevant the impact of GDPR is to anyone working in IT.

Love it or hate it, IT departments cannot prevent users from engaging with Wi-Fi networks; the convenience factor is simply too high. The IT security risks are real, however, whether your users are roaming – or using Wi-Fi where you have some control over internet security, such as the office space. It is also an evolving threat, with the gold standard of Wi-Fi security, WPA2, losing its shine. In this article, we discuss the next generation of Wi-Fi security, WPA3, and the measures you should currently be taking to boost your company’s Wi-Fi security.

With the losses associated to cybercrime expected to hit around $6 trillion by 2021, security has become a top priority of many businesses. These companies diligently implement compliance initiatives in hopes that they can ensure security within their organisations. But here’s the thing: achieving compliance doesn’t necessarily mean that your business is fundamentally secure.

Last year, Verizon published a report that revealed a major eye-opener regarding compliance. According to that report, 45% of PCI DSS certified customers needed remediation. Meaning that these businesses still needed to improve their security controls in order to be considered secure as per PCI DSS.

It’s important to note that these businesses actually already passed a previous compliance audit. In fact, they were certified to be fully PCI DSS compliant. In other words, they had already spent a considerable amount of time, attention, and money establishing IT security controls that met PCI DSS requirements.

The cyber threat landscape continues to evolve and in order to maximise your cyber security budgets and position resources where they are most needed, you need to know what threats are most likely to make an impact in the near future. To help you, we’ve put together a list of what we believe are going to be the top 4 cyber threats in the UK. 

Let’s say you’ve already invested a fortune on network security. How do you determine that investment’s effectiveness in preventing a data leak or withstanding a deliberate cyber attack? Your best option would be to conduct a penetration test or pen test.