An IT Support Blog from London

An organisation’s primary and immediate line of defense against malware is typically the antivirus software installed in each of their users’ endpoint devices. It works in the background, checks data being received for known malware signatures, and warns users of possible threats. Antivirus software does contribute greatly to an organisation’s online security, but it is not enough to mitigate all malware threats when you consider how advanced these threats have become.

Social media is the new black and everybody wants to be part of it. Posting one’s activities, sharing one’s thoughts, and reacting to other people’s posts have simply become part of our daily lives.

But to those who know what they’re looking for, this social media content can lead to a goldmine of information. It is through this goldmine—terabytes upon terabytes of data, that cyber criminals flourish, using such data to attack individuals and even companies.

How exactly can cyber criminals use social media to compromise online security and attack business organisations? Let’s discuss their methods.

VPN use is widespread and for good reason: it brings large security and privacy benefits to end-users as it shields internet usage from prying eyes. But what if the VPN provider you’re using is susceptible to foreign government interference?

What if your VPN provider’s host country provides little in the way of data protection legislation? Have you considered whether the owner of your VPN service takes data security seriously at all? VPN users don’t always ask these questions – but they certainly should.

The World Wide Web has always been a valuable source of information and a reliable means of communication to masses of users across the globe. With more than 5 billion Google searches made every day and a projected $3.5 trillion online retail sales for 2019, you’d think that the internet as we know it is already as vast as it can be.

Unknown to most people, however, is that the surface or visible web—the part of the internet which the average user can access through search engines—comprises only about 4% of the entire web. The rest is composed of the deep web, a small part of which is the oh-so-mysterious (for the curious) but essentially shady, dark web.

VoIP eavesdropping is not a new cybersecurity risk. The protocol that drives most of today’s VoIP applications, Session Initiation Protocol (SIP), has been in common use since the 2000s. However, according to IBM SecurityIntelligence, attacks that exploit the SIP protocols are on the rise. Thankfully, businesses have plenty of ways to reduce the opportunities for VoIP eavesdropping. Let’s take a look.

Password security is a major issue that no business or enterprise can ignore. Countless hacking attempts succeed due to inadequate password security. However, remembering all those strong and (hopefully) unique passwords can be tedious, to say the least. Are password managers an alternative? Let’s take a look.

The year 2017 was a dismal year for IT security, particularly in the arena of ransomware.

Less than 12 months ago, the ransomware worm WannaCry wreaked havoc across the globe, placing large organisations – including NHS trusts in England and Scotland, at the forefront of one of the most prolific cyber attacks in history. Then followed NotPetya (initially believed to be the Petya malware of 2016) in June, which also spread quickly and, even without the aid of human intervention, managed to harm multinational companies.

Yet more ransomware attacks compromised the data of individuals and organisations, but they were not nearly as high profile as the aforementioned attacks, and this prompted many people to believe that ransomware is no longer the threat that it was twelve months ago. But is this really the case?

It is easy to follow the mistaken belief that beefing up security at your business involves buying expensive hardware and software or hiring a top-rated security consultant to step in and make major changes. In fact, it is possible to make solid security progress by simply following good practice, and by tightening protection where needed.

Making these essential improvements is important for businesses of all sizes. In 2016, the Federation of Small Businesses found that the UK’s small businesses are collectively attacked over 7 million times a year, costing up to £5.26 billion. In this article, we cover some of the most effective ways to improve resilience against these attacks without spending an arm and a leg.

DDoS attacks are typically designed to inundate servers and entire networks by consuming computing resources through large volumes of traffic, connections, or requests. And so, because cloud infrastructures are assumed to be backed by a large assemblage of such resources, many people believe their servers are less susceptible to these types of attacks if they’re hosted in the cloud. But that’s not entirely true.

If your servers are hosted in a multitenant environment along with a bunch of other servers belonging to other organisations (which is usually the case in a public cloud), your servers could be at risk of collateral damage. If those other servers (note: not yours) are bombarded by a DDoS attack and your cloud service provider (CSP) attempts to absorb the attack, your own servers, which share the same underlying infrastructure with those other servers, could also suffer.

With the losses associated to cybercrime expected to hit around $6 trillion by 2021, security has become a top priority of many businesses. These companies diligently implement compliance initiatives in hopes that they can ensure security within their organisations. But here’s the thing: achieving compliance doesn’t necessarily mean that your business is fundamentally secure.

Last year, Verizon published a report that revealed a major eye-opener regarding compliance. According to that report, 45% of PCI DSS certified customers needed remediation. Meaning that these businesses still needed to improve their security controls in order to be considered secure as per PCI DSS.

It’s important to note that these businesses actually already passed a previous compliance audit. In fact, they were certified to be fully PCI DSS compliant. In other words, they had already spent a considerable amount of time, attention, and money establishing IT security controls that met PCI DSS requirements.