There was a time where our phones were just big, chunky bricks only capable of calling other people. Now they’re our digital Swiss Army knife, with cloud storage, emails, messaging, a calculator, and hundreds of apps that help us with work and so much more. But phones are only going to continue to improve and we’re going to rely on them more and more.

And with the lines between work and home life blurring, our phones have become essential tools in our jobs. Over three-quarters of the UK use their personal device for work. With this in mind, it’s critical we make sure it’s secure. With so much important information on these devices we take everywhere with us, we can easily open ourselves up to hackers and cyber attacks. So what simple ways can you look after your mobile phone security?

Lock your apps

We all know you can add a password to your phone to stop people from browsing through it, but you can also lock individual apps. This is particularly useful for those who use their phone for work and simply can’t delete sensitive files. 

This way, you can protect sensitive information with not one password (the one you use to unlock your phone) but two. Or, if you don’t want to lock your apps, you can simply log out each time to protect your information.

Install an antivirus app

We all have antivirus for our computers and laptops, so why not for our phones too? It may seem redundant as most phones already have protection against malware, but these measures sometimes just aren’t enough. 

For example, Google removes malware it finds in the Play Store. But this just tells us that malware can find a way onto the Play Store. You may download an app infected with malware before Google can remove it. Not all built-in protection is strong enough, and it’s better to be safe than sorry.

Keep Bluetooth and Wi-Fi off when you aren’t using it

Keeping either of these on essentially just opens you up to hackers. Hackers can intercept and change the data sent over Bluetooth. And, sadly, public Wi-Fi – though convenient and free – can be dangerous too. Instead of connecting to the Wi-Fi, you could be sending your data directly to a hacker. Hackers can also use unsecure public Wi-Fi to distribute malware. 

Don’t use public chargers

I’m sure this one is hard for many to hear, but it just isn’t safe. When you plug in your phone at the train station, airport, Starbucks, or wherever you are, the port doesn’t just charge your phone; it transmits data. 

A compromised charging station could give a hacker access to just about anything in your phone, including texts, emails, and photos. If you regularly find yourself low on battery when out and about, it might be time to invest in a power bank.

As we use our mobile phones more often, it’s essential that we protect the sensitive information on them. Following these tips won’t make your phone immune from cybercriminals, but they will make the chances of you falling victim to an attack much less likely.

Nisyst Cyber Security has been leading the UK tech scene for over 30 years. We can help you look after your mobile phone security. Ready to protect your business? Call us now on 01204 706 000.

By now, we’re all well aware of how dangerous the online world can be. We know not to send our card details to some Nigerian prince who turns up in our spam folder. And we know we shouldn’t leave our password written on a post-it note stuck to our laptop screen. These are obvious ways to leave yourself vulnerable online.

But some of the biggest mistakes people make are simple ones that you might not realise are important as they are. You and your staff have to be constantly on the ball. Thankfully, these easy mistakes are also very easy to fix. Let’s look at five of the most common errors and how you can change for the better.

Putting off software updates

We get it – it’s annoying when you’re busy working and that little pop-up interrupts you just to tell you it’s time to update your software or OS. You might put it off, telling yourself you’ll get to it later, but later doesn’t come until it’s too late. These software updates are crucial as they often patch up holes in the security, keeping you from being vulnerable online. Not to mention the fact it should give you new features and fix bugs.

It might feel like a pain to constantly update your software – especially if different ones are updating at different times – but it’s essential. To make it easier for you, turn on auto-updates if possible. Or make a habit of checking for updates at the end of your working day and let it do it while you go about the rest of your day.

Posting everything on social media

Social media is a fun place to share updates, talk to friends, or simply tell people what you’re eating. But over sharing can be risky. By sharing too much about your personal life, hackers can piece together your details to figure out passwords.

There are two ways to fix this. First, ensure all your passwords are secure. Don’t make it just one word; combine letters, numbers, and symbols to make it harder to crack. Second, watch what you put online. Be careful about any “fun” Facebook posts that ask you to complete a quiz about yourself or post about your life story. These details are often used in people’s passwords, so you’re just giving away free information. It seems obvious right now, but when you’re bored and scrolling through Facebook, it looks innocent enough.

Using weak passwords that you never change

When it comes to passwords, many people use obvious choices. It might be their child’s name, an anniversary, a pet, or even just a simple “password123”. 

Then they use that same password for months. It’s essential to create strong passwords that you change often. And you should never use the same password twice. If you find it impossible to remember every password, try using a password manager to keep them all in one secure place. 

Using sites that aren’t SSL certified

Have you ever noticed the little padlock at the far left of the search bar? Or maybe a URL that started with “https://”? That “s” and padlock signifies the site is SSL certified. SSL certified means you’re at a much lower risk of having your information stolen, as it’s encrypted. If you plan on making a purchase from a site, ensure that it’s SSL certified as it’s much harder to hack.

Using free public Wi-Fi

Everyone does it so it must be safe right? Not quite. Public Wi-Fi isn’t entirely secure. Any hacker could easily intercept everything your device sends or receives. Not only that, but it isn’t uncommon for cyber criminals to impersonate Wi-Fi services, tricking you into connecting to them where they can then steal your information.

The best course of action is to simply ignore it. It’s easier and safer to use your own data. Even public Wi-Fi that’s password-protected is a risk as you still don’t know who’ll be lurking on the same network.

There are so many ways we can accidentally leave ourselves vulnerable online. Without realising, it’s all too easy to give your private information away. Being aware of dangers and learning how to stay safe will help us develop better online practices and reduce risk.

Nisyst Cyber Security has been at the forefront of the UK tech scene for 30 years. We can conduct a vulnerability assessment to identify any security loopholes. Ready to protect your business? Call us now on 01204 706 000.

Since April 2020, almost half of all British citizens have worked from home in some capacity. It’s no surprise then that, during that time, there was an 800% surge in cyber attacks. That link is no coincidence – our home set-ups aren’t as secure as what we have in our offices. But with 98% of people preferring remote working at least part time from now on, we’re going to have a long-term issue.

With a potentially permanent cultural shift in how we work on the horizon, we have to start thinking about our home set-ups. There are many cyber risks out there – are you sure you’re ready to keep yourself safe? We’ve whipped up this quiz to test your knowledge. Write down your answers as you go along and check them against the key at the end. Good luck!

Q1. Which of the following is the definition of “phishing”?

A) A type of scam email or message with a fake link to steal your data or download malicious software.

B) A type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

Q2. How often should you change your password? 

A) Every week

B) Every month

C) Every two to three months 

D) Every six months 

Q3. Which encryption language should your home Wi-Fi use?

A) WEP 

B) WPA 

C) WPA2

D) WPA3

Answers

Question 1 answer – The answer is A. Phishing is the single most popular form of cyber attack. In fact, around half of all UK cyber attacks are phishing attacks. Being able to identify them is key if you’re working from home as your personal devices may not be as protected as the tech in the office.

Question 2 answer – The answer is C, every 60-90 days. Any less than that and you become much more susceptible to hacking. But you shouldn’t just change passwords regularly. They need to be strong too. Simple passwords are incredibly easy to hack and, if used across different platforms, mean you’re essentially handing your information over.

Question 3 answer – This one’s a bit of a trick question as there are two acceptable choices. The answers are in order of how secure they are. WEP is the least secure and WPA3 is the most. In an ideal world, you’d have WPA3. But WPA2 is good too. The lower the strength, the easier it is for someone to access your network. 

For many, remote working is here to stay. So it’s absolutely essential that cyber security becomes a top priority to ensure no data leakage and to protect your business from vicious malware.

Nisyst Cyber Security offers a managed endpoint security solution. This solution helps to protect you from ransomware, viruses, spyware, worms, and more. Protect your business today – call us on 01204 706000.

It’s no surprise that cybersecurity has rocketed up many companies’ list of priorities. The number of UK businesses who fell victim to a cyberattack has majorly increased, especially in the last year. And it’s not as if the bigger the business, the safer you are; phishing attacks worked 38% of the time in large businesses compared to 29% in SMEs.

The reason for the high number of cyberattacks? Our technology makes it too easy. If cybersecurity is at the top of your agenda, so should patch management. Every piece of current software and technology is constantly releasing new patches that add new features and bolster security. But if you aren’t staying on top of them, you are just leaving yourself open to exploitation. So how can patch management ensure you and your tech stay as safe as possible?

Why you need patch management

The most obvious reason for patch management is to keep your security up to date. Bad-faith actors will use whatever holes they can find to work their way into your system. It’s also why we would never recommend you use unsupported services or operating systems. Any breach will likely cost you a lot of money and a lot more reputation.

Beyond that, staying on top of your patches keeps your whole team more productive. As well as fixing any existing security issues, updates can make software more efficient, meaning it runs faster and crashes less. Your staff won’t have to worry about any of that slowing them down. How often has your computer frozen and sent you into a mad rage? We know it’s happened more than enough to us!

Due to the significant threat, it’s also often a requirement to stay safe. Depending on your industry, staying up to date means staying compliant. Noncompliance is a rocky road to penalties and lost business. If you have personal details for clients and they end up being compromised, you put them in danger and your business in hot water.

How to implement

We make it sound like a long process, but it doesn’t have to be. It might require more work at the start as you lay out a patch management policy, but then you can simply carry out regular scans to check for any vulnerabilities and new patches. Done right, you can push updates out to multiple devices at once, saving any need to go to individual devices.

If you want to be more thorough – which we always recommend for something as important as cybersecurity – you need to check the updates in a testing environment before pushing out. This ensures it won’t negatively affect you in any way. And when it’s all done, a final report detailing the process would help for any auditing in the future.

What’s important is you understand why you’re doing it. Make sure all the management and staff understand how it’s of benefit – potentially include it in any cybersecurity training you put your team through. Patch management can be a big undertaking for a team that’s already stretched thin, but there are companies and software available that can handle this vital task for you.

We offer a patch management service so you can be safe in the knowledge that your devices are as safe and secure as possible. This way, your IT team can focus on doing what they do best, and you don’t have to worry about vulnerabilities in your software. Protect your business today with Nisyst Cyber Security. For more information, get in touch on 01204 706000.

Many businesses will have shifted to remote working throughout the pandemic. Parts of the charity sector were no exception, with 95% saying they were working from home. But this can bring with it many risks and potential vulnerabilities to an organisation. Yet, 45% of charities said they had taken no extra precautions to protect staff from cyber attacks while working from home. 

These can be devastating. They can cost you thousands, result in data being permanently lost, and seriously damage revenue and reputation. 

Many charities don’t realise that they too can fall victim to cyber attacks, believing criminals only target larger corporations. Yet a third of charities experienced a cyber attack in the last 12 months. So with no one safe from cybercriminals, here are the top three reasons to keep your charity cyber secure.

Revenue

Cyber attacks vary massively. You could fall victim to a phishing scam or you could be the victim of ransomware. Ransomware is malware that steals your data and refuses to return it unless you pay a sum. Paying the ransom itself can be costly, but attacks can also put your charity on hold. With data lost and systems at a standstill, your shop may have to shut until it’s taken care of. And this can weigh heavily on a charity’s revenue and profits.

Cyber attacks can also lead to the loss of customers. Some customers will not trust organisations that can’t protect their data, and may decide to support other causes instead.

Productivity 

Following an attack, you may have to restore data, fix systems, improve security for the future, inform supporters and customers if their personal data has been compromised, and clean up the PR mess. It’s a killer of productivity. This is time that could be better spent bringing in money for your charity.

It may also affect morale amongst your staff and volunteers. They want the best for the charity and it’s never easy to suffer a huge setback, especially if it undoes their hard work. And if their data is caught up in the attack too, that’s one more factor to worry about.

Reputation 

No one wants their personal information leaked. Cyber criminals can steal your customers’ and donors’ sensitive information like addresses and card details. If this happened, they would be understandably upset and unlikely to trust your charity again.

Bad PR can damage the charity’s reputation further if it becomes apparent that security measures were perhaps overlooked. The word might spread that your charity does not do enough to protect its supporters, which can be a difficult accusation to overcome.

It may seem that cyber attacks only happen to the big corporations, but that is simply not the case. And during the pandemic, with working from home and increased anxiety for criminals to exploit, attacks have only become more common. Are you ready to protect your charity?

Nisyst Cyber Security has been at the forefront of the UK tech scene for almost 30 years. Protect your charity from cyber attacks today. Call us on 01204 706 000.

Cyber attacks come in many forms. You have ransomware, viruses, worms, and many more you should be aware of. Some attacks are more common than others, like those “Nigerian prince” scams that you might have in your spam folder, but all can be used to specifically target vulnerable businesses.

Arguably the most important type of attack you need to be wary of is a “social engineering” attack. The term describes psychological manipulation that tricks people into offering sensitive information or making security mistakes. 

Social engineering is particularly dangerous because there is no software that can stop it. It preys off human error and anyone can make mistakes. Here are the four social engineering security attacks all businesses should know.

Phishing

Have you ever had a poorly written email about an Amazon order, but you hadn’t bought anything? This is an example of phishing. This attack steals sensitive information like card details and logins. 

Phishing scams can also download malware onto your device. They are the most likely attack to hit a business, with the number of businesses falling victim growing from 6% in 2015 to 9% in 2019

Whaling attacks

Whaling attacks are like phishing, only these emails target specific people. Targets are usually board members or employees with higher clearance and access to important, sensitive information, such as CEOs, CFOs, and other executives. These attacks are hard to spot. Attackers will use personal information to be as convincing as possible. A common whaling attack is an email from a ‘supplier’ of your company requesting payment.

Pretexting 

Pretexting is often seen as the offline or human equivalent of phishing. This is where an attacker will coax information out of a victim with carefully constructed lies. They may imitate police, co-workers, bank workers, or tax officials – people who have authority and who most people would trust with sensitive information. 

They can gather extremely sensitive information through this attack, from personal addresses and phone numbers to staff holidays, bank records, and security information. Pretexting can be hard to recognise as the attacker gradually knocks down your defences and gains your trust.

Baiting

Baiting attacks use false promises that offer something enticing to the victim in exchange for sensitive information. These attacks are used to steal the victim’s personal information or download malware onto their system. 

A popular baiting technique is to leave an authentic-looking USB infected with malware in a place where they know the victim will see it. The hope is that the victim will plug in the USB so it can infect the system.

Almost half of UK businesses fell victim to a cyber breach or attack in the past 12 months. For what’s at stake – damaged reputation, loss of profits, disruption – sidestepping proper protection and security measures is just not worth it. By investing in the right security measures and taking the time to educate your staff on the malicious attacks out there, you can regain some control and secure a stronger, more stable future for your business.

Nisyst Cyber Security’s a team of engineers pride themselves on offering expert advice and tailored solutions for all your security and compliance needs. Give your business the best protection by calling us today on 01204 706000.

Cyber security should be at the top of the agenda for any business, right behind making a profit. In this technology-driven world, cyber attacks are all too common, so you can never be too careful.

How do you think your cybersecurity measures stack up? Why not take our quick quiz to see how your business is doing and if you have any vulnerabilities waiting to be exploited? Let’s dive right in…

Q1: Some businesses are too small for cyber criminals to care about.

  1. True
  2. False

This is false. The attacks on big corporations are the most publicised, but that doesn’t mean cyber criminals don’t target smaller businesses too. In fact, research suggests SMEs are actually just as likely to be attacked

Q2: How often should a business conduct cybersecurity training? 

  1. Once when first operational
  2. Once a year
  3. Every 4-6 months

Industry best practice suggests you conduct cyber security training roughly every 4-6 months. After 4 months, employees still seem to remember what they learned, but begin to forget around the 6-month mark. This study focused specifically on the employee’s memory for phishing attacks, which account for around half of all cyber attacks and are recognised as the top cause of data breaches.

Q3: Offsite backups are essential.

  1. True
  2. False

That’s true. Offsite backups are incredibly important. Yet 10% of organisations aren’t backing up their data at all. Offsite backups offer a solution if you’re ever the victim of ransomware, a data breach, or even in the event of a disaster that could destroy systems, such as an earthquake, fire, or flood. Offsite backups can’t prevent attacks, but they mean you still have your data if someone tries to steal or delete it. You never know what might happen.

Q4: Working from home reduces cyber security threats.

  1. True
  2. False

Unfortunately, this isn’t true. Working from home poses different risks than working in the office. 20% of businesses have suffered a breach because of the actions of a remote worker since the lockdown began. Employees might have weak setups, they might share their work device with others, or they might simply just be unaware of how to spot risks. This is why it’s so important to keep employees up-to-date with cyber security training.

A cyber attack can compromise a business, ruining its reputation and costing thousands. But all this can easily be avoided by simply taking the time to ensure your business has the strongest line of defence against attackers. 

Don’t know where to start? Leave it to the experts. Nisyst Cyber Security is dedicated to providing innovative and up-to-date security solutions. For more information, call us on 01204 706000.

For almost a year now, many of us have been working from home. With the lockdown still ongoing – though potentially with the end in sight – many are still working remotely. While it might be protecting our health, we can’t forget to protect ourselves from cyber threats, too.

Right now is a great opportunity for cybercriminals. The anxiety around the virus makes people more vulnerable to phishing attacks, while work from home setups tend to have weaker security measures in place than the office. But it is not just cybercriminals causing disruption: 20% of businesses have suffered a breach due to the actions of a remote worker since lockdown began.

It is essential to stay on top of any potential threats or vulnerabilities and ensure employees understand how to stay safe. Here are three security risks you and your staff should look out for when working from home…

Insecure home setups

In an office environment, you probably have an IT manager or someone in control of the security of your network. At home, however, people typically have weaker setups. For example, their Wi-Fi connection might be WEP instead of WPA-2. This may seem unimportant, but weaker setups make it a lot easier to hack into. 

This shift could also mean people are using programs they aren’t familiar with, which can lead to further vulnerabilities. Personal devices like laptops and mobile phones may have fewer security controls, so it is best, if possible, to use work-issued devices. 

Phishing attacks

Phishing attacks are widely recognised as the top cause of data breaches. These attacks can ruin a business. On the surface, they look like normal emails. But they often link to fake websites and downloads that infect your computer. 

Over the course of the pandemic, they’ve become more sophisticated and targeted. But more than that, they’ve become more frequent; HMRC reported a 73% rise in phishing emails. The best way to protect against phishing attacks is training. Make sure all staff know the warning signs of an attempt and to check with IT managers if they aren’t sure.

Weak passwords

If something’s online, there’s a good chance someone else can get into it. It helps to make it as difficult as possible for them. Many companies work online to make work more collaborative. But too often, people reuse login details. 

Using the same login for Zoom, email, and any other online apps or websites you use to stay in contact with your team is dangerous and can result in an attacker gaining access to your accounts. Password managers can help keep track of multiple passwords and help you create stronger ones that are harder to guess.

Cyber threats are a danger to all businesses, especially while we’re working from home. It’s important to back up data, make employees aware of the various attacks and best online practices, and ensure they have the strongest setup possible while they’re working remotely. 

Put your mind at ease by protecting your business today. We pride ourselves on creating the most efficient and effective cyber security solution. For more information, get in touch with us on 01204 706000.

Malware, viruses, spyware, and phishing – if you aren’t in the know, it can sound like a completely different language. It can feel overwhelming trying to understand cyber security and all the various threats. And all too often, these terms are explained using technical jargon without thinking about the average person.

So we put together this simple guide that tells you clearly, in simple English, what each is and why it is important for you to protect your systems from these types of cyber security threats.

Malware

Malware is a blanket term used to describe malicious software. It is any software designed to intentionally cause harm to a device, server, client, or computer network. This includes spyware, viruses, and ransomware (which we will cover below). 

When a user clicks a dangerous link, it downloads and installs the malware onto the system. Depending on what kind of software it is, it can go on to inflict damage, steal your data, or spy on your activity.

Virus

Viruses spread when people make innocent mistakes, such as using USBs with viruses on them and downloading infected files. Opening attachments in suspicious-looking emails can also download a virus onto your device. It is important to protect your system from viruses because they can slow down your computer, cause crashes, damage programs, and in worse cases, cause you to lose data.

Ransomware

The UK was the second most attacked country in 2019 for ransomware attacks, costing businesses £365 million. But what is ransomware? Simply put, ransomware infects your computer and holds your data hostage. If you pay a sum of money, you might get your data back, but you also might not. 

It is always a good idea to keep off-site backups. Ransomware is dangerous because while your data may eventually be returned, that doesn’t mean the attackers haven’t kept a copy for themselves. These attacks can cost businesses thousands and quickly destroy their reputation. A famous example is the WannaCry ransomware that attacked the NHS’s IT systems.

Spyware 

Just like it sounds, this is a software that enables a user to obtain information about your activity. They can watch what you do on your computer without you even knowing. Spyware is dangerous as it can steal sensitive information such as card details, login details, and monitor your activity. Not only that, but spyware is difficult to detect. Using an antivirus with anti-spyware features can help protect your system.

Cybercriminals are becoming increasingly sophisticated with their methods to steal information and infect devices with malicious software. It can be difficult to keep up with all the various terms and phrases, but as criminals find newer, more sophisticated ways to infiltrate businesses and steal their information, it is important to stay on top of it all. 

Knowing their methods is half the battle. The other half is protecting your business with effective cyber security solutions, giving your business the best chance against cybercriminals. 

Are you ready to protect your business? Put your mind at ease with Nisyst Cyber Security. For more information, contact us on 01204 706000.

Nearly 50% of the UK worked from home at the height of lockdown the Office for National Statistics reported.

That is why it is more important than ever to protect yourself from the work of cybercriminals.

As it is Cybersecurity Awareness Month, we thought we would share with you our top tips for protecting yourself from those pesky cyberattacks.

 

In this article, we will briefly cover:

  • Setting strong passwords.
  • Malware Protection.
  • Backing up your data.
  • Two-step verification.
  • Encrypt your data.
  • Secure your VPN.
  • Home security measures.

 

1.Setting up strong passwords

If you have a separate account when working from home, then you need to set up a strong password.

The best kind of password is a mixture of letters (lowercase and uppercase), numbers, and symbols that will make it harder for cybercriminals to guess. It should be ideally no shorter than 15 characters, and you should consider using a reputable password manger that will create random strong passwords and securely store them.

 

2.Malware protection

To protect your device from malicious emails and malware, you need to install Antivirus software as this is your first line of defense against threats such as computer viruses, worms and ransomware. As soon as they become available, install the latest operating system and updates.

 

3.Backup your data

Worst case scenario: the work you spent hours on that is due in just two hours suddenly disappears. What do you do? Create a backup using external hard drives, USBs, or the Cloud so that you never have to worry if it happens again. To make your data extra secure, consider encrypting the backup so it cannot be accessed if the device is lost or stolen.

 

4.Two-step verification

Adding that extra layer of security can make sure your data is even more secure. There are several ways to do this, but here are just a few:

  • Add a security question – This should be something only you know about yourself and be personal to you.
  • Limit access to work devices only so only you have access to your data.
  • Use a trusted app. Instead of simply logging in from a web browser, have an app that you know is secure that can be another layer of protection that will need to sign into first before signing into your official account.

 

5.Encrypt your data

A vital form of protection just in case your device is stolen or misplaced. If your data is already encrypted, check the software is working. There are two types of encryption: individual file and folder encryption, and full-disk or whole disk encryption. The former “encrypts only the specific items that you tell it to,” and “is acceptable if relatively few business documents are stored on a computer”.

Whereas, the latter ensures “all files, folders and volumes are encrypted”. The GDPR “makes organisations responsible for protecting the personal data it holds on individuals,” so it is better to be encrypted as your data will be more secure.

 

6.Secure your VPN

Securing your VPN (Virtual Private Network) can be simple by:

  • Use the strongest authentication method possible.
  • Use the strongest encryption method possible.
  • Restrict VPN access to those who require it.
  • Only allow access to what the users requires.
  • Implement and enforce strong password polices.

 

7.Home security measures

Finally, here are some simple ways you can protect your data every day:

  • Do not respond to phishing emails, but learn how to recognise them by being wary of emails that ask you to download attachments or click on links.
  • Follow your company security practices as your home is now an extension of your office.
  • Be aware of Covid 19 scams.
  • Secure your router by changing the default name and password and turn off remote management.
  • Use at least WPA2 Encryption when connecting via Wi-fi.
  • If possible, only use a device supplied by work to access work related tasks.
  • Let your manager know if you believe your data could be at risk.
  • Log off or shut down each day and secure your device in a safe place.

We hope you keep cybersafe this winter and if you found this post helpful please feel free to share.

Resources:

https://www.businessnewsdaily.com/9391-computer-encryption-guide.html

https://www.gdpr365.com/do-i-new-to-encrypt-my-data-what-does-the-gdpr-require/#:~:text=What%20the%20GDPR%20does%20is,an%20extra%20level%20of%20security.

https://www.ncsc.gov.uk/