Fresh from the Press

cyber security

Who needs hackers when you have Human Error?

If you ask your staff, they will immediately tell you that they are extremely careful online and take care in protecting both their personal information and the company’s data. Unfortunately in reality, many employees are taking unnecessary risks online that could seriously compromise your business.

To remain safe, staff members must be trained in the best cyber security practices available. The good news is that many of these practices are very simple and not particularly time-consuming. However these practices could be the difference between a Cyber security breach and the safe handling of your data.

When staff members follow a comprehensive training plan, the company’s cyber security becomes much stronger. Here are some of the items that need to be covered in that plan:


Protecting your passwords is probably the easiest and most basic precaution to take, which is why I wanted to mention this first, people often take shortcuts in this area to save time and to avoid memorising different passwords. Staff should be trained to create passwords that are at least 8 characters long and contain letters, numbers and symbols.

Most employees stick to simple passwords that hackers can easily figure out. The most common passwords that people use can be cracked in just a few seconds.

Unauthorised software

Staff members must be trained to never download unauthorised software and then keep reinforcing that message whenever possible. Even seemingly harmless programs can cause catastrophic company-wide problems if they are infected with malware or viruses.

Because employees may download free software at home, they may think twice before doing so at work. This simple mistake can compromise your company’s productivity for hours, if not days, and cost your business huge amounts of money.

“Live Fire” training exercises

One of the most effective staff training methods is a series of simulated exercises set up by an outside company such as our group company Cyboar. Employees are expected to react to these attacks in real-time, and then afterwards, they’ll receive advice on how to avoid any mistakes they might have made during the exercise.

We have found this to be extremely successful as most people learn better from experience than from lectures or handouts.

Cyber security advisers

Your company can benefit from appointing cyber security advisers. Choose a tech-savvy person to monitor cyber security practices and offer friendly advice to other staff members who need help in this area. A friendly word from a colleague is much more effective than guidance from management.

These advisers can also offer suggestions to management about new methods to keep data secure based on their observations. Plus, involving employees in cyber security makes it a team effort and not just a concern for management.

Think about outsourcing expert Cyber security firms like Cyboar to help protect your sensitive data and suggest ongoing security improvements.

Protecting your company from your staff members ‘bad habits’ could save your business.


6 Cyber Security threats your business could face in 2019

Cyber security is (or should be) a major concern for businesses, as poor security can lead to costly downtime and data loss. Despite this, research has found the 73 percent of businesses rate their Cyber threat detection capabilities as inadequate.

1. Ransomware

This is where cyber attackers install and run software on a target computer, lock access to files and demand a ransom to return access. Cyber security firms claim that over 4,000 ransomware attacks on business networks and home computers are carried out every day. Ransomware is a severe threat for data-conscious businesses, which is why it’s vitally important to only run secure software and open trusted emails.

2. Smartphone Access

It doesn’t take a genius to see that the modern world is becoming increasingly mobile, and obviously this poses new threats for corporate security. Research from Dell has found that 22 percent of employees at small to mid-size businesses have lost a company-issued device such as a phone or tablet. The same study found that just 35 percent said they used a password or PIN code to secure their device. A company-issued device in the wrong hands will spell trouble without a pass code lock.

3. Software Flaws

Having out-of-date software will leave open security holes for cyber attackers to gain access. While this has always been a concern with desktop machines, the rise of smartphones and IoT (Internet of Things) connected devices means more devices than ever need to be kept up-to-date. It is important to ensure smart connected devices stay secure.

4. Phishing

Phishing is where a cyber attacker copies a legitimate website or email to try and trick the victim into handing over credentials and sensitive information. Confirmed reports have found that 76 percent of businesses were the victim of a phishing attack in 2018. Employees need to understand how to spot phishing scams when they reach the inbox, making sure they never give data to unverified sources.

5. Bad Passwords

Some cyber attackers can simply gain access to systems through poor password practice. It’s vitally important to use a strong password, minimum of 8 characters with a combination of letters, numbers and symbols to avoid it being cracked. Password cracking machines exist and most passwords can be cracked in under two seconds.

6. Lack of Staff Training

In many cases, the weakest link is the human link. Research has found that a staggering 45 percent of employees across businesses admit to engaging in unsafe behavior, most employees unfortunately believe that their employer’s IT systems offered enough protection against attacks. Attackers can take advantage of employees that don’t remain vigilant.

Cyboar can help you.

We don’t blind our partners with jargon – we give clear advice and demonstrate the effectiveness of our solutions to reassure and provide confidence that everything will be managed expertly.

How would your business stand up against a Cyber attack?

Talk to us about a security review for your business.

Cyber Security
cyber security

3 advantages of outsourcing your Cyber security

The cyber security platform is evolving at a faster pace than many Companies are prepared for. Cyber Hackers continue to create ingenious ways to gain access to a company’s network and steal sensitive information such as client data, financial information, intellectual property, and employee records.

Cyber-attacks have increased from 55 percent to 61 percent in the past 12 months.

As soon as a business identifies or detects a potential security incident, another one pops up. Unfortunately, identifying and detecting security incidents and vulnerabilities throughout an entire company can mean a lot of time and money spent on employing tactics and hiring security personnel to protect assets.

This option might work well for some companies, but does this make sense for ones with a tight budget?

Here are 3 advantages of outsourcing your cyber security to Cyboar.

1. Cost & Time Savings

The cost of hiring seasoned professionals to tackle the complexity of the threat landscape has become expensive, some companies lack the time and capability for training. Outsourcing cyber security is a proven cost-effective way to manage cyber risks in your business. Cyboar offers state-of-the-art technologies, experienced security professionals, and strategic consulting that thoroughly assesses your company’s current situation and manages your security needs, from spam filtering in email to monitoring and threat protection.

2. Specialised Security Expertise

Cyboar has security experts that are constantly trained in the cyber risks that businesses experience, we know the latest trends in hacking and emerging threats. Our professionals have in-depth expertise and experience in securing businesses through bespoke services and solutions

3. Managed Cyber Risk

At Cyboar, we believe that ‘Cyber risk is a business risk’ and therefore cyber security should be managed as a business problem. Outsourcing your cyber security to Cyboar allows for a complete view of every area that could be a potential risk for cyber-attacks. Cyboar can offer benefits such as qualitative and quantitative scanning of vulnerabilities, end-point threats, and configurations in your businesses systems, networks, and apps to manage the cyber risk.

Our ongoing services ensure your resilience measures keep pace with the ever-changing methods of cyber criminals.

How would your business stand up against a Cyber attack?

Talk to us about a FREE security review for your business.

03333 22 11 00

cyber security

Everything you wanted to know about Cyber Security (but were afraid to ask!)

So here we are – almost at the end of 2018, almost every tweet, news report or email recently seems to be mentioning Cyber security.

We’re probably largely responsible for this in our activity, but it’s only to make you think – to put it in your mind to be careful, to open this and ask, “is your company geared up for a cyber-attack”

….but what does it all truly mean? So here it is, a top-ten list of ‘Everything you wanted to know about Cyber Security but were afraid to ask’

10. Most cyber threats can in fact, be prevented.

A quick google search will reveal numerous reports on businesses, which have been targeted by hackers and subsequently lost revenue. While these threats look sophisticated and complex to the inexperienced eye, a large percentage of them can be prevented by establishing the right security measures.

9. Poor email security poses serious threats.

In my opinion the main cause of poor company cyber security is email. Often, hackers will send phishing emails, which attempt to obtain confidential company information by installing malware into the network or redirecting to compromised domains.

8. Tablets and mobile phones can cause security breaches.

When I speak to people regarding cyber security this one always surprises people, they didn’t realise this. Naturally more companies are using mobile devices such as smartphones and tablets to work out of the office. While this is convenient, a device without the right protective measures can be easily compromised through hacking, loss or theft.

7. IoT will bring with it new security challenges.

The future of the business world is in the Internet of Things (IoT – it means taking all the things in the world and connecting them to the internet) this integration will improve efficiency, but great expertise will be required to handle these new threats.


Cyber Security

“How would your business stand up against an attack?”

6. Most companies know of but avoid using encryption.

Encryption is well-known, it is designed to prevent outsiders from viewing confidential data if they manage to access it. Unfortunately, most companies have not implemented it into their businesses due to lack of proper understanding.
“How would your business stand up against an attack?”

5. Cyber Attacks cause loss of customer trust.

When hackers attack a company, the customers of that company tend to lose trust in them. This is particularly true for businesses in the financial sector. In some noted cases, even if the company recovers their information, recovering the trust of the customer can be more difficult.

4. Downtime can cripple a businesses.

Cyber-attacks cause downtime in business. Your average company will take time to regroup and restore the systems. This downtime could be crippling as the time down would allow customers to shift their attention to your competitors.

3. Employee negligence can compromise network security.

The most noticeable and publicised cyber threats come from hackers and malicious software. However, employee negligence could contribute to the loss of data and security breaches. Staff knowledge and training should be taken in to account when setting up cyber security measures.

2. IT cyber security intelligence is underutilised.

Information on current cyber security threats is available on numerous platforms to IT professionals. However, this information is not utilised in most businesses because technicians are not checking

1. There is a skills shortage in the Cyber Security industry.

Obviously, all businesses are using IT for daily tasks, however a large percentage of companies lack true professionals to handle their security needs. This can be attributed to a shortage of Cyber Security Professionals, also the cost to a company for employing such a person.

Needing more information or looking to outsource your Cyber Security needs?

How your business would stand up against a hack? Contact us, we are here to help.


GDPR in your organisation – A 12 step guide to achieving compliance

From 25th May 2018, GDPR (General Data Protection Regulation) will place a greater emphasis on data controllers to be accountable for personal identifiable information that they hold. Organisations that suffer data breaches and fail to comply with the Regulation could face fines of up to 20 million euros or 4% of global turnover – whichever is greater. GDPR gives new rights to the individual to enquire and ascertain what information is held about them and how their data is used; shifting the balance of power from the company in favour to the individual. This simple 12-step checklist will provide you with a framework to review information and systems from collecting, processing, retaining personal information and how this is communicated and controlled within your business.

Simply fill in the form below to download our 12 step guide.


cyber security

Understanding ransomware and the impact of repeated attacks

We know ransomware is one of the greatest threats in Cyber Security currently, and we know that once your organisation has been hit, you’re likely to be targeted again. But how much do we understand its impact?

To gain greater insight into the risks of repeated ransomware attacks, we took a look at The State of Endpoint Security Today. This report details the findings of a survey polling more than 2,700 IT decision-makers from mid-sized businesses across ten countries.

Despite the splash ransomware made in 2017, the survey found that organisations are still not fully prepared to face today’s rapidly-evolving threats.

What was the impact of ransomware in 2017? For starters, more than half of organisations surveyed were hit with a ransomware attack last year, most more than once. Traditional antivirus alone appears to be insufficient, as 75% of the organizations surveyed were running up-to-date endpoint protection when the ransomware attack occurred.

Perhaps unsurprisingly, the survey also found that ransomware attacks are expensive. The median total cost of an attack was £100,000 – not just the cost of the ransom, but lost hours, downtime, device and network costs, and lost opportunities. And when a business was hit hard, it got costly fast: 5% of respondents reported ransomware attacks that cost £1.1 to £6.4 million.

Arguably more telling than the ransomware statistics revealed by this report are the findings uncovered about exploits and anti-exploit technology. Nearly 70% of IT professionals weren’t able to correctly define anti-exploit technology, even while understanding that it is critical to prevent modern, evolving attacks.

More than half of organisations don’t yet have anti-exploit technology, leaving them open to falling prey to these effective tactics by hackers.

There is a lack of understanding around predictive, next-generation technologies like machine or deep learning, with more than half (56%) admitting they don’t fully understand the differences between machine and deep learning. Though the understanding of the need for predictive, next generation technology is trending in the right direction – 60% of respondents are planning to implement such technology within a year – currently only 25% have such technology in place.

The state of endpoint protection and how current attacks are impacting users and administrators may be worrying, but we’ve got good news…

There is a solution to stop ransomware in its tracks, employs deep learning to identify malicious or potentially unwanted files without having ever seen them before and uses anti-exploit technology to block the techniques attackers use to control vulnerable software.

To discuss further how this could work for your organisation email sales@localhost

cyber security

Action Fraud launch a 24/7 live cyber-attack helpline

In the event of a live cyber-attack, Action Fraud’s helpline gives access to specialist advisors who can offer advice and support to businesses, charities or other organisations reporting the attack. These reports are immediately sent to the National Fraud Intelligence Bureau (NFIB) who review the report and conduct a range of enquiries in order to see if there are any other connected reports or links to known criminals. Live cyber reports are sent to the relevant law enforcement agency for investigation within the UK for the appropriate response; this could be from a local police force or the National Cyber Crime Unit, (NCCU) which forms part of the National Crime Agency (NCA).

A live attack is defined as one that is ongoing and is still affecting an organisation’s systems and ability to function. Business/charities/organisations in Cambridgeshire are advised to call Action Fraud as soon as possible when they discover a live attack. Once reported and if the attack is still ongoing Cambridgeshire Constabulary’s Fraud and Cybercrime Investigation Unit (FCIU) can also be contacted using the 101 police non-emergency number (To facilitate the process a reporting organisation/charity/business should quote their Action Fraud report number to the unit).

To reach the 24/7 cyber helpline a business, charity or other organisation is suffering a live cyber-attack, call Action Fraud on 0300 123 2040 immediately and follow the instructions.

The National Cyber Security Centre (NCSC) provides information and advice about cyber security.

Further information can be found at the link below:

According to a survey undertaken by the International Data Corporation (IDC) Western Europe, 56% of organisations have not started preparations for GDPR. With GDPR less than 6 months away it is important that SMEs understand what this new legislation means for them and their processes.

Please feel free to use any of this information and cascade among your wider networks.

Social Engineering Education
Ethical Hacking, Social Engineering

How To Educate Your Employees About Social Engineering

A common saying is “Amateurs Hack Systems, Professionals Hack People”. Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone.

Consultants list end-user training as a top prevention to defend against social engineering. How should you provide training for your user community? Here are some tips for educating your staff about common social engineering attacks:

Explain Policies

It is common to see organisations send out policy reminders without explaining why they exist. The average user will delete a policy email once they realise its standard legal language.

Try explaining why users should care. For example, start off with a scenario about an email account being violated and or company data compromised. Include details about what social engineer tactic was used, investment by IT to clean up the issue and ways to avoid the threat. Close with the policy being enforced.

Provide Examples

Organisations typically send warning emails to employees when they discover threats to internal sources. It is rare to see companies extend warnings about phishing or other external attacks. Try periodically sending out examples of different social engineering attacks highlighting what to look for and where they are common. Examples should include social networks, fake URLs, amazon scams and threats using shareware. Your end-users can be targeted anywhere so educate on all forms of social engineering attacks.

Make Security Fun

One common problem is people leaving their computers unlocked while away from their desk. In a previous job, my team use to send out silly emails from systems found unlocked while unintended. People would laugh and start locking their systems so they don’t become the next victim. Same tactic can be done for mobile devices.

Password Policy

Many people use weak passwords. Try providing education around best practices for developing passwords. My favorite trick is coming up with a long sentence and using the first letter of each word. This way you can remember it and it’s random. Hopefully users will extend tricks like this with password for their personal systems as well.

Human Firewalls

Try calling and obtaining information over the phone or through social media. Test physical security by having a non-employee put on a suit and attempt to walk around the building without authorised access. Send out a periodic update of social engineering attempts (without people’s names) and what company information was provided over untrusted channels. Close with explaining why social engineering attacks are a high risk and lessons learned from the social engineering penetration test.

Ethical Hacking
cyber security, Ethical Hacking

Cyboar demonstrates ‘Live Hack’ at Business Resilience Forum event

Cyboar, the newest member of DSM Group, delivered a highly successful Cyber Security workshop at the recent Business Resilience Forum event on 4 October.

Delegates were astonished by how much information can be harvested in order to specifically target certain companies and individuals, and the ingenious methods that cyber criminals use to trick their way into capturing highly sensitive data such as user names and passwords for online transaction sites.

The workshop included several demonstrations of live hacks on systems to explain how cyber criminals exploit vulnerabilities within the infrastructure of an organisation.  Cyboar used a number of tools to analyse the security of some selected organisations and generate reports recommending appropriate action to improve both system security and staff awareness of the importance of things such as use of strong passwords, two factor authentication, application of software patches and configuration of firewalls.

Anyone who missed the event but would like to learn more about how they can improve defence against this growing threat should contact Cyboar on 03333 221100 or email sales@localhost.

Compliance, cyber security, GDPR

What is… GDPR?

Whether you’re a family bakery in Birmingham that keeps a list of local delivery addresses, or a multinational giant headquartered outside Europe that sells globally online, the EU’s General Data Protection Regulation almost certainly applies to you.

GDPR is short for General Data Protection Regulation, and it’s the name of a law in the European Union (EU) that sets out to protect the rights of individuals in respect of their data.

Loosely speaking, any organisation that holds data about any resident of the EU is expected to comply.

Whether you’re a family bakery in Estonia that keeps a list of local delivery addresses, or a multinational giant headquartered outside Europe that sells globally online, GDPR applies to you.

GDPR was adopted as an EU law in April 2016, but the regulators decided to give us all plenty of time to become compliant, so the law only takes effect in May 2018.

That’s just as well, because although it’s officially just “a regulation”, GDPR runs to 11 Chapters, 99 Articles and several hundred pages of legislation.

Indeed, GDPR covers a lot more issues than many people realise.

You’ll often hear GDPR mentioned as though it were concerned mainly with mistakes – in other words, that it’s mostly about data breaches and data breach notifications.

In fact, only three of the 99 Articles actually deal with breaches, because GDPR is more of a digital privacy lifestyle guide, covering all aspects of personal data and how you use it.

Amongst other things, GDPR deals with the data you collect in the first place, how you tell people what you are going to do with it, what you actually do with it, how you store it securely, whom you allow to access it, and – the part that seems to attract the most interest and attention – what happens if you fail to comply.

Falling foul of GDPR means the possibility of a fine, and GDPR fines can go significantly higher than most laws that existed around Europe before GDPR came in.

At the very worst, GDPR penalties can go up to €20,000,000 or 4% of your global annual turnover, whichever is bigger.

Of course, the regulators aren’t compelled to impose penalties that large, and it is reasonable to assume that they won’t blindly plump for the maximum every time, so we shan’t know how big the fines are likely to be until the first few have been handed out.

In short: GDPR will standardise data protection across the EU; if you do business in Europe you almost certainly need to comply; the law may seem onerous, but in a world with as many breaches as we have had in recent years, GDPR seems like just the sort of regulation we need; and you can expect to end up in hot water if you don’t comply.

Oh, to be clear: GDPR applies in the UK, which is currently part of the EU, and will effectively apply even after the UK leaves the EU, because the government plans to pass a local law that will mirror GDPR.

For more information regarding GDPR or how to become compliant contact sales@localhost.

Source: Sophos