Category: Cyber Security

Useful content and advice on cyber security and cyber essentials

Navigating remote work: The crucial role of reliable IT Support and Cybersecurity

Posted on by Loredana Emmerson

In an era where remote and hybrid working models have become the norm, businesses are rapidly adapting to new digital landscapes. The shift has brought forth unprecedented opportunities, but it has also exposed companies to unique challenges, making reliable IT support and robust cybersecurity more critical than ever. Enter expert firms like Codus IT, who not only offer a lifeline for technical issues but also pave the way for streamlined operations, innovation, and fortified defenses against cyber threats.

The Changing Landscape

The remote and hybrid working trend has reshaped the traditional office setup. Employees now collaborate from various locations, relying heavily on digital tools and connectivity. While this transformation has enhanced flexibility and productivity, it has also ushered in a host of technical complexities. From network vulnerabilities to software compatibility issues, companies face a daunting array of potential pitfalls.

The Role of Reliable IT Support

Seamless Operations: Imagine a scenario where your team is on the brink of an important virtual presentation, and suddenly, the network crashes. Reliable IT support acts as a safety net, ensuring that your operations run smoothly without disruptive technical glitches.

Enhanced Security: With remote work, the need for robust cybersecurity measures is paramount. IT support experts like Codus IT can implement cutting-edge security protocols to safeguard sensitive data.

Efficient Problem Solving: When faced with technical issues, every moment counts. Professional IT support offers swift troubleshooting, minimising downtime and maximising productivity.

Resource Optimisation: Outsourcing IT needs to experts allows your in-house team to focus on strategic initiatives rather than getting bogged down by routine technical challenges.

Scalability and Innovation: As your company evolves, so do your IT requirements. A proficient IT support partner can align your digital solutions with your growth trajectory, ensuring scalability and fostering innovation.

The Vital Importance of Cybersecurity

Data Protection: In the digital age, data is a valuable asset. Robust cybersecurity measures protect your business data from unauthorised access and breaches.

Phishing and Social Engineering: Cybercriminals are adept at exploiting human vulnerabilities. Comprehensive cybersecurity includes education and training to empower employees to recognise and respond to phishing attempts.

Secure Communication: Remote collaboration relies heavily on digital communication tools. Cybersecurity ensures that sensitive information shared through these channels remains encrypted and protected from interception.

Endpoint Security: With devices scattered across different locations, endpoint security becomes critical. Effective cybersecurity measures ensure that every device connected to the network is fortified against potential threats.

Compliance and Regulations: Depending on your industry, remote work might bring forth specific compliance challenges. Adequate cybersecurity measures ensure that your operations adhere to relevant regulations.

Codus IT: Your Trusted IT and Cybersecurity Partner

With a proven track record and a team of seasoned professionals, here at Codus IT we specialise in delivering bespoke solutions tailored to the unique needs of each client. Our comprehensive approach encompasses network management, cloud integration, and cutting-edge cybersecurity.

Embrace the Future with Codus IT

In a landscape that’s rapidly evolving, businesses must stay ahead of the curve. If your company is grappling with the challenges of remote and hybrid work, it’s time to consider the invaluable support of experts like Codus IT. By entrusting your IT needs and cybersecurity to a reliable partner, you’re not only ensuring seamless operations but also safeguarding your digital assets against threats.

Safeguarding your growing business: The crucial role of cybersecurity and outsourced IT support

Posted on by Loredana Emmerson

In today’s digital landscape, where technology plays a pivotal role in every aspect of business operations, ensuring the security of your organisation’s data and systems is of paramount importance. As your business grows and expands, so does the risk of cyber threats and vulnerabilities. This is where a robust cybersecurity strategy and outsourced IT support come into play, offering comprehensive protection and expert guidance. In this article, we will delve into the significance of cybersecurity for a growing business and how outsourcing IT support can be a game-changer in safeguarding your valuable assets.

The Expanding Cyber Threat Landscape

With each passing day, cyber threats are becoming more sophisticated and pervasive. Hackers, malicious actors, and cybercriminals are constantly evolving their tactics to exploit vulnerabilities in digital systems. Small to medium-sized businesses, in particular, have become prime targets due to their limited resources and often inadequate cybersecurity measures. According to recent reports, more than 43% of cyberattacks are aimed at small businesses.

The Importance of Cybersecurity for Growing Businesses

1. Protecting Sensitive Data: Growing businesses accumulate a vast amount of sensitive data, including customer information, proprietary research, and financial records. A single data breach can result in severe reputational damage, financial losses, and even legal consequences. Implementing robust cybersecurity measures helps protect this critical data from unauthorised access, ensuring the trust of your customers and business partners.

2. Maintaining Business Continuity: Downtime caused by a cyber incident can be devastating for any growing business. Cyberattacks can disrupt operations, paralyse networks, and lead to significant revenue losses. A well-designed cybersecurity strategy, coupled with outsourced IT support, helps minimise the risk of such disruptions and ensures smooth business continuity.

3. Complying with Regulations: With the introduction of data protection regulations, businesses are now legally bound to protect customer data. Failure to comply with these regulations can result in hefty fines and legal penalties. Outsourced IT support can help ensure your business meets the necessary compliance requirements and avoids potential legal pitfalls.

The Role of Outsourced IT Support

Expertise and Experience: Cybersecurity is a complex field that demands specialised knowledge and continuous learning. Outsourced IT support brings a team of skilled professionals who possess the expertise and experience required to safeguard your business against evolving cyber threats. These experts stay updated with the latest trends, tools, and techniques, providing you with a competitive advantage in the realm of cybersecurity.

Cost-Effective Solutions: Building an in-house IT team solely dedicated to cybersecurity can be expensive for growing businesses. Outsourcing IT support allows you to access a range of services tailored to your needs without the significant overhead costs. Whether it’s 24/7 monitoring, vulnerability assessments, or incident response, outsourced IT support offers flexible and cost-effective solutions.

Scalability and Adaptability: As your business grows, so do your IT needs. Outsourced IT support offers scalability, allowing you to easily adjust services based on your requirements. Whether you’re expanding your workforce, opening new branches, or integrating new technologies, a reliable IT partner ensures that your cybersecurity framework remains robust and adaptive.

In an era dominated by digital connectivity and persistent cyber threats, prioritising cybersecurity is no longer optional for growing businesses. By investing in a robust cybersecurity strategy and leveraging the expertise of outsourced IT support, you can safeguard your valuable assets, protect sensitive data, and ensure uninterrupted business operations.

At Codus IT, our team of IT professionals understands the unique challenges faced by growing businesses and is dedicated to providing tailored cybersecurity solutions. Don’t leave your business vulnerable to cyber risks. Take the proactive step of speaking to our expert team at Codus IT today. Let us help you fortify your defenses and navigate the complex world of cybersecurity, so you can focus on growing your business with confidence. Contact us now and let’s start securing your digital future together.

Cyber Security Tips for Small Businesses

Posted on by Loredana Emmerson

It is very important for small businesses to protect themselves from the most common cyber attacks. If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach.

Here are a few tips cyber security tips for small businesses to get you started.

Backing up your data

Think about how much you rely on your business-critical data. Customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them. All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored.

– Identify what data you need to back up

– Keep your backup separate from your computer

– Consider cloud storage

– Make backing up part of your everyday business

Protecting your organisation from malware

Malware is software or web content that can harm your organisation. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.

– Install, and turn on, antivirus software

– Prevent staff from downloading dodgy apps

– Keep all your IT equipment up to date

– Control how USB drives (and memory cards) can be used

– Switch on your firewall

Keeping your smartphones and tablets safe

Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than ‘desktop’ equipment.

– Switch on password protection

– Make sure lost or stolen devices can be tracked, locked, or wiped

– Keep your device up to date

– Keep your apps up to date

– Don’t connect to unknown Wi-Fi Hotspots

Using passwords to protect your data

Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.

– Make sure you switch on password protection

– Use two factor authentication for ‘important’ accounts

– Avoid using predictable passwords

– Help your staff cope with ‘password overload’

– Change all default passwords

Avoid phishing attacks

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information or containing links to bad websites. They might try to trick you into sending money or steal your details to sell on. Phishing emails are getting harder to spot, and some will still get past even the most observant users.

– Configure accounts to reduce the impact of successful attacks

– Think about how you operate

– Check for the obvious signs of phishing

– Report all attacks

Don’t leave the responsibility for cyber security with a single person. Every member of the team needs enough knowledge to understand how cyber security impacts on their area of focus. Contact us to see how we can help develop these cyber security tips for small businesses.

The National Cyber Security Centre latest Threat Report

Posted on by Loredana Emmerson

The National Cyber Security Centre has recently published their latest Threat Report. In this blog we have summarised some of the key information and urge you to speak with us about your cyber security to protect your business and your customers.

A key takeaway from the report is to be careful what you’re sharing online because cybercriminals often conduct research on individuals through social media platforms and other public information sources in an attempt to gain access to their network.

Patches released for Apple and Google Chrome vulnerabilities

Users should be aware that Google and Apple have released security updates to fix vulnerabilities affecting their respective products.
Apple’s two vulnerabilities include a remote code execution vulnerability (CVE-2022-32893) in its WebKit software, as well as a kernel vulnerability (CVE-2022-32894).

Google has released a standard update for its Chrome browser with eleven updates, but which includes a fix for the vulnerability CVE-2022-2856 which exists in the wild. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities.

Microsoft report on a sustained phishing campaign by the SEABORGIUM threat actor

The Microsoft Threat Intelligence Center has published a new information on the sustained campaign of phishing and credential theft by the threat actor SEABORGIUM – you can read it here.

Cyber criminals often conduct research on individuals in an organisation to attempt to gain access and is known to identify legitimate contacts in the target organisation’s corporate network. The opening exchange with the target is often a benign email referencing an attachment that doesn’t exist. Once a target opens the email, they are directed to an actor-controlled server hosting a phishing framework. The final page is a prompt for authentication, mirroring the sign-in page for a legitimate provider and intercepting any credentials.

Warning as cyber criminals use HMRC branding in phishing scams

Cyber criminals continue to impersonate HMRC branding to trick the public into sharing personal or financial details.
Recipients of this phishing attempt are encouraged to ‘submit their tax refund request’ via a link, which would send them to a fraudulent website designed to harvest their personal details.

A cyber criminal’s main goal is to trick you into giving them your sensitive information, which could include bank details, often claiming to be from UK government or other official organisations.

As of July 2022, the NCSC has received over 13million reported scams, which has resulted in 91,000 scams being removed across 167,000 urls. You can reduce the likelihood of being phished by thinking about what personal information you (and others) post about you, and by reviewing your privacy settings within your social media accounts.

Speak to our team to see how we can help educate your team towards safer online activity.

Multi-Factor Authentication in 2022

Posted on by Loredana Emmerson

Multi-Factor Authentication is becoming part of daily digital activity. Traditionally, you would access online accounts with a username and a password. However, with the changing digital environment, usernames are often easy to discover and, since passwords can be hard to remember, people tend to pick simple ones, or use the same password across all accounts.

Almost all online services – banks, social media, shopping and Microsoft 365 – have added a way for your accounts to be more secure. This is sometimes referred to as “Two-Step Verification” or “Multi-factor Authentication”. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second “factor” – to prove who you are.

In today’s current climate, everyone and every organisation is a target, so we need to make strides to enhance security measures. Multi-factor authentication is a simple way to add a layer of protection to the sign-in process.

Why should I use MFA?

If you only use one password to login or authenticate a user, it can leave you vulnerable to a cyber attack. If that password is weak or has been exposed elsewhere, it is an easy entry point to your network by an attacker. When you are required to use a second form of authentication, security is significantly increased as this additional step isn’t something an attacker can easily obtain or duplicate.
With MFA, even if a compromised password is used, the attacker would be unable to gain access without either a code or fingerprint confirmation, and the legitimate user would be notified of the attempted login.

MFA and Microsoft

Microsoft is taking the first steps towards mandating MFA by switching off basic authentication methods in Exchange Online. Modern authentication will become the standard for Microsoft’s online services, allowing Microsoft to begin to mandate MFA for all cloud services.
If you are considering obtaining a Cyber Essentials certification, under the new criteria, MFA is a requirement for all cloud accessed apps, therefore, you must have this in place beforehand.

Ready to implement MFA?

How MFA can be implemented to your business will depend on the complexity of your infrastructure. Get in touch with our experts today to learn how we can help!

Updates to Cyber Essentials Certification

Posted on by Loredana Emmerson

Using five security controls, Cyber Essentials aims to help businesses to reduce the impact of online threats, such as:

Phishing attacks

Malware

Ransomware

Password attacks

Network attacks

Earlier this year, some of the technical control requirements for Cyber Essentials changed in line with recommended security updates. Let’s take a closer look at the updates.

Home working is in now part of the scope. However, most home routers are not. Following the increase in ‘working-from-home’, it has become the norm for staff members to access their work through a home/personal device. Even though home routers are out of scope, any end-user devices used to access a business infrastructure must have the Cyber Essentials controls applied. Anyone who works from home for any amount of time is classed as a ‘home worker’ and this rule will apply.

All cloud services are now part of the accreditation process. In the last two years it has become increasingly common to access work through cloud solutions with businesses opting for a cloud-based infrastructure. Any cloud services must now be fully integrated into the accreditation. If your business data or services are hosted in the cloud, then Cyber Essentials controls need to be implemented.

Multi-factor authentication (MFA) is now required to access cloud services. Most of us use some form of MFA every day, for example to access our banking app. MFA uses a minimum of 2 factors to grant access, something you know and something you have: usually a password and a face, voice or print recognition. For Cyber Essentials, the password element of the MFA approach must be at least eight characters long, with no maximum length restrictions.

Smart phones and tablets are now part of the certification. These are any device that you use to connect to your corporate network and access organisational data and services via mobile internet. However, if mobile devices are only used for voice calls, text messages or MFA, then these devices will not be considered.

Two additional tests have been added to the Cyber Essentials Plus audit. These are: test to confirm MFA is required for access to cloud services and test to confirm account separation between user and administration accounts.

If you would like to learn more about the updates to Cyber Essentials then please do get in touch with our team on 0161 763 4529. We are fully trained and experienced in keeping your business safe online.

Risk-based approach to securing your data and systems

Posted on by Loredana Emmerson

Taking a risk management approach to business allows you to make informed decisions, with the right balance of threats and opportunities being considered. When dealing with cyber security, risk management helps to ensure that the technology, systems, and data in your business is protected, with the right resources aimed at the right assets.

Cyber Security Risk Management

Benefits of risk management

Improves decision making based on real information

Helps delegate decision making to the right people and departments

Allows you to answer effectively to new threats and opportunities

Cyber security risk management

When deciding to take a risk management approach to your cyber security, think about what your business does, your priorities and objectives. This will set the scene for your cyber risk management. Thinking about the risks you would, or would not, be willing to take with your technology will help make decisions on the steps you need to manage cyber security risk.

You should ensure that your board collectively has a good understanding of cyber security and how it supports the overall business objectives. They should get the information they need, in a format that they understand, at the time they need it to enable decision-making.

Where you need to apply cyber risk management

It is important to think about the range of technology, systems, services, and information that your business uses and relies upon daily. Talking to those who use, manage, or are affected by the systems or services will give you useful insights into what you want to protect, and why.

Consider those elements outside of your direct control, such as your supply chain, use of third-party services and cloud services. Your management of the cyber security risks will need to include how your staff are supported to use all the different elements securely. Systems involve people, processes, and technology – your approach to cyber risk management should take account of these elements and how they interact with each other.

A cyber security risk management approach that is right for you

With a variety of tools, methods, frameworks, and standards to choose from, it is important that you establish an approach that is right for your business and one that will bring good risk information about your systems and services.

You could use a baseline such as Cyber Essentials to provide information on the basic controls needed to protect your organisation against most common cyber-attacks. However, in this instance, only the risks generally considered by the Cyber Essentials scheme will be covered. To manage all cyber security related risks that your organisation may face, it is important to gain a more tailored perspective, conducting risk analysis and assessment to address specific needs.

Your chosen approach should help you identify and prioritise risks, making decisions on how to manage them. Always ensure you are taking into consideration a wide variety in risk information and seek out information from experts or trusted sources.

Communicate effectively cyber risk management

Make sure that you communicate your risk management approach to staff and decision makers, so that they understand how cyber security risks should be managed and help them make the right decisions.

It is also important to understand what risks remain after you have applied the controls. Whether you are taking an approach bespoke to your business or a baseline such as Cyber Essentials, it is not possible to eliminate risk entirely. The remaining risk (known as residual risk) should be understood by those responsible and accountable for the risk within your business. Seek confidence that the package of mitigation measures you put in place have effectively managed the risk you identified and consider how you will maintain that confidence as your systems are used into the future.

Remember that technology is constantly changing, as does the business environment and their associated threats and opportunities. Regularly review your risks to ensure that the ways you have decided to manage them remain effective and appropriate.
You will also need to review the methods, frameworks, and tools you use for risk management to ensure they continue to be effective in your business context and in the face of a continuously evolving cyber security and threat landscape.

This is a big job to perform and maintain in-house and we deal with many businesses on a daily basis who have opted for industry experts to manage their cyber security. If you would like more information on how we can help, simply contact us on 0161 763 4529 or via email at hello@codus.co.uk

What is Cyber Essentials and why it is important

Posted on by Loredana Emmerson

As explained by the National Cyber Security Centre (NCSC), Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.

what is cyber essentials

What is the National Cyber Security Centre

Launched in October 2016 with headquarters in London, the NCSC is an organisation of the UK Government that provides advice and support for the public and private sector in how to avoid computer security threats. They provide a single point of contact for SMEs, larger organisations, government agencies, the general public and departments, nurturing the UK’s cyber security capability.

Why is Cyber Security important?

Cyber security’s main responsibility is to protect the devices we all use (smartphones, laptops, tablets and computers), and the many online services we all access. It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.

Online banking and shopping, email and social media. We all need to take steps that can prevent cyber criminals getting hold of our accounts, data, and devices – both at home and at work.

Cyber Security for businesses

It is true that as a business, you can never be totally safe. Most online attacks can be prevented or detected with basic security practices for your people, processes and IT systems. These steps are as important as locking your doors at home. It is possible to manage your online security in the same way you would protect any other aspect of your business.

With more customers demanding that their suppliers are secure, this is becoming a business necessity. You can save money through adopting an efficient risk management approach of planning, implementing and reviewing. This will help your business gain a competitive advantage by being seen to take security seriously.

cyber essentials codus it

Planning:

What information assets are critical to your business?

What kind of risk could they be exposed to?

You are being attacked, can you continue to do business?

How can you manage these risks on an ongoing basis?

Implementing:

Have you put in place the right security controls to protect your equipment, information, IT system and outsourced IT services?

Do your staff know what their responsibilities are? Do they know what good practice looks like?

You have suffered an attack, how will you deal with it and get back to business? Who will you turn to for help?

Reviewing:

Are you reviewing and testing the effectiveness of your controls?

Do you monitor and act on the information?

Are you aware of the latest threats are?

The biggest vulnerability in cyber security is human error. Organisations who do not have a staff awareness training programme in place, face an increased possibility of someone making an avoidable mistake. Examples: reusing a password on multiple accounts, falling for a phishing scam, or failing to properly dispose of sensitive information when it is no longer needed.

Most businesses know that they should be doing more to protect themselves. It can be difficult knowing where to begin. If this is the case for you reading this blog and want to learn more about what is cyber essentials, then keep following us as we dive deeper into each risk management stage in our next piece.

Feel free to contact our team on all aspects related to cyber security and they will be happy to help. You can reach us by phone on 0161 763 4529 or via email at hello@codus.co.uk

Successful Cyber Essentials Accreditation for AFL Architects

Posted on by Loredana Emmerson

Here at Codus we are proud to share that we have recently supported our client AFL Architects in successfully gaining their Cyber Essentials accreditation.

What Is Cyber Essentials?

AFL Architects Cyber Essentials

A Cyber Essentials accreditation is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats and demonstrate their commitment to their cyber security.

AFL Architects, an international architectural, masterplanning and interior design practice based in Manchester, are a long-standing Codus customer. We fully understand their vision, ways of working and systems in place, making us the perfect partner to assist with the certification.

As a leading architectural practice, AFL Architects will now enjoy some key benefits from having a Cyber Essential accreditation:

  • They will be able to reassure customers on their commitment to IT security and protection against cyber attack
  • They will attract new business who care about a supplier’s cyber security measures
  • They have a clear picture of their organisation’s cyber security level

We would like to thank you the team at AFL Architects for their continued business, it is a pleasure to support you on your mission to create lasting places for our communities.

IT Security At Codus

IT and Online Security Codus

The way we work at Codus is very precise. When we are first contacted by a customer we carry out a full system audit, giving us details on what is already in place. Follwing the audit we make detailed recoomendations on how we can make the IT more efficient for the business. We take great care of your systems, data and online security, with a proactive approach by our team in always recommenting new ways of working that would bring efficinecy to your business. In turn this would make us a great partner for future projects such as a Cyber Essentials accreditation.

To find out more on our range of service sumply contact our team on 0161 763 4529. Also follow us on Twitter @Codus_IT for all our latest updates and useful IT tips.