Posts

Just how important is Email Security?

/in , , /by

Cyberattacks are rapidly increasing every day with hackers becoming more and more sophisticated and the scams more elaborate than ever before.  It is reported that in 2019, around a third of businesses in the UK identified at least one breach or attack each month. The most common types are phishing attacks comprising 80% along with impersonating emails, viruses, spyware or malware including ransomware.

Let’s look at the jargon being used surrounding these attacks so we can really understand this threat.  Malware is a word used to describe any type of malicious software which usually piggybacks on an email or document containing links, Ransomware is typically spread through phishing emails and Phishing is the use of technology to lure victims into providing sensitive and personal information.

5 ways to identify a phishing email:

  1. If the email asks you to confirm personal information, such as banking details or login credentials, information that you would not usually provide.
  2. The web and email addresses do not look genuine – at a quick glance these might look correct but on closer inspection, they will be slightly varied but intended to look genuine. Hover over any links in the body of the email as these might be malicious.
  3. It is poorly written – if the email is full of spelling and grammatical errors, there is a strong possibility it is a phishing email. Legitimate emails from companies will be written professionally and checked for spelling and grammatical errors.
  4. There is a suspicious attachment – it is always good practice to scan attachments using antivirus software particularly if you receive an email out of the blue with an attachment that you weren’t expecting.
  5. The email is designed to make you panic – it is common that phishing emails will incite panic in the recipient as it will ask for immediate action to be taken on personal items such as bank accounts.

Office 365 has a solution to help protect your emails, files and online storage.  Office 365 Advanced Threat Protection (ATP) protects your mailboxes, files, online storage, and applications against new, sophisticated attacks. It offers protection for all the major Microsoft apps such as Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business.

Office 365 Advanced Threat Protection (ATP) offers the following benefits:

  1. Safe Attachments: ATP protects you against unsafe attachments and provides you with a malware-free, cleaner inbox.
  2. Safe Links: ATP blocks users from clicking on malicious links.  If a link they click on is unsafe, the user will either be informed that the site’s been blocked or warned not to visit it.
  3. Spoof Intelligence: This detects when a sender appears to be sending an email on behalf of one or more user accounts within one of your organisation’s domains.  It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender.
  4. Quarantine: Messages identified by the Office 365 service as spam, phishing mail or potentially containing malware can be sent to quarantine.

The impact of a cyberattack is not only time consuming but costly. One accidental or careless click by an employee has the potential to compromise your entire network.  Office 365 Advance Threat Protection offers industry-leading, comprehensive protection, can your business really afford to be without it?

No one is safe from these attacks, all businesses are a potential target and need to remain vigilant, don’t wait until you have been the victim of a cybercrime to take action.    Ilkley IT Services can help you to get the protection you need so that you can have peace of mind and get on with running your business.  Contact us today to find out more.

Why you should be using Two-Factor Authentication (2FA) for everything

/in , , /by

In this digital age we live in, it seems that there is no end to the attacks that hackers are coming up with and using to target businesses and innocent people.  The malicious attacks and data breaches continue to be more sophisticated and elaborate than ever before and cybercrime shows no signs of slowing down!  Thankfully, there is action that businesses can take to protect themselves and add an additional level of security to protect their online accounts and systems and this is where Two-Factor Authentication (2FA) comes in.  

 What is 2FA? 

 2FA is a second layer of security to protect an account or system.  When you log on to an account or system, you will need to go through two layers of security before being granted access. This might be in the form of code generated via an app or sent as a text message.  

 Why should I use 2FA? 

In general, people tend to use passwords that are very easy to remember or use the same password for multiple accounts.   If a security question is requested during an account set up, usually this is also information that can easily be found out through all your interactions on social networks and other activities online.  This makes life very easy for hackers and leaves your accounts and systems very exposed to cyber-attacks.   Cyber attackers can also use software on their systems to try and crack your password.  The weaker the password, the easier it is for them to crack it.  

The first important thing to do is to use stronger passwords and this is where a password manager is very useful.  2FA then provides you with an extra layer of protection.  It might be easy for cyber criminals to try and guess your password, but it will be very hard for them to guess the second authentication factor as the code changes every 30 seconds.  This drastically reduces the chances of you being hacked.  In an article written by Microsoft, they report that users who enable 2FA for their accounts will end up blocking 99.9% of automated attacks.  

 How to get 2FA working 

There are a few different 2FA methods that can be used, it might be a code issued by your bank when you are using internet banking or a one-time password (OTP) which is sent to your mobile phone.  Authentication apps are a more secure option to use than text message codes as it is easier for a hacker to gain access to text messages than it is for them to gain physical access to your phone and generate a code without you knowing it.  

 Ilkley IT recommend using the Microsoft authenticator app for your Microsoft accounts and Authy for all your other accounts.  One of the advantages of using Authy is that you can use the app on your phone and your other devices such as desktops or laptops. 

 Which sites allow 2FA 

More and more sites are adding the additional level of protection and supporting 2FA when you log on to your accounts on their sites.  You can check which websites offer 2FA by visiting this site https://twofactorauth.org/. 

You can see if 2FA is enabled on your Office 365 account by logging in here: https://aka.ms/mfasetup. If it’s enabled you will be given options to setup 2FA.  

Don’t wait until you have been a victim of a hack or data breach, to introduce 2FA into your businesstake action today.  The team at Ilkley IT can help and can talk you through the steps to enable 2FA on all your Microsoft 365 accounts.  Contact us today to get this essential second layer of security setup, you will be so relieved you did