More and more businesses are making the smart decision to be proactive and invest in their cyber security defences. This is fantastic news, especially since stats show that about half of small and medium-sized businesses still have no cyber security measures at all.

If your business falls into that category, it’s time to change.

Cyber security might sound complex, but it starts with a few simple steps. Let’s talk about some basics you can put in place right away.

First, think about encryption and multi-factor authentication (MFA). Encryption is like putting your data in a secure vault. It ensures that even if someone intercepts your information, they can’t read it without the encryption key.

MFA adds an extra layer of security by requiring you to verify your identity using a second device, like your phone, whenever you log in. It’s a bit like needing two keys to open a lock instead of just one.

Another easy step is using a password manager. These generate long, random passwords for every account and remember them for you. Password managers make life easier and your business more secure in one package. Amazing.

Advanced monitoring tools are another great way to protect your business. They’re a little like security cameras for your digital space, always on the lookout for anything suspicious. These tools help detect unusual activity in your systems, giving you a heads-up if something’s not right.

And let’s not forget about protecting your business from phishing scams. These are attempts by criminals to trick you into giving away personal information by pretending to be someone you trust, like a supplier or a bank. Educating your team on how to spot these scams is crucial. If something feels off, it probably is.

Why is investing in cyber security so important?

• It protects your data
• Avoids financial loss
• And builds trust with your customers and partners

Your business data is valuable, and protecting it means safeguarding your business’s operations and reputation.

Cyber attacks can be costly, not just in terms of money but also time and resources. Prevention is ALWAYS cheaper than dealing with the aftermath of a breach. Plus, showing that you take security seriously helps build trust with your customers and partners. They need to know that their information is safe with you.

Investing in cyber security doesn’t have to be daunting. We’re the experts in this field and would love to help you secure your business. Whether you need advice on getting started or want a comprehensive security plan, get in touch.

Are you tired of juggling a multitude of passwords like a circus act? You’re not alone. According to a recent report, around 1 in 4 of us feel the same. But it’s not just the sheer number of passwords that’s causing headaches – it’s the security risks they pose.

Let’s face it, when it comes to setting passwords, most people aren’t cyber security experts. From weak and easily guessable passwords to the cardinal sin of reusing passwords across multiple accounts, human error is everywhere.

Another study revealed that, on average, people use the same password for five different accounts. And don’t get us started on classics like ‘123456’… used on a mind-boggling 23 million breached accounts.

But here’s the thing: Cyber criminals don’t need any extra help. They’re already pros at cracking passwords, and our lax habits are like an open invitation to wreak havoc. And let’s not forget the staggering stats – a projected $434 billion (£347 billion) loss to online payment fraud globally between 2024 and 2027, with 90% of data leaks attributed to stolen login details.

So, what’s the solution?

Password managers.

These are essential software tools that take the hassle out of password management by generating and storing complex, unique passwords for each account. No more ‘123456’ disasters. Just robust security.

And the best part? Password managers not only beef up your security defences but they also streamline your digital life. With one-click logins and autofill features, you’ll wonder how you ever lived without one. And with the right password manager, you can rest easy knowing your sensitive data is under lock and key.

A password manager makes your life easier and business safer at the same time. Want to know which one we recommend? Get in touch.

Cyber security training once a year isn’t working

We all know how important it is to keep our people up-to-date on the latest cyber threats. After all, with cyber attacks on the rise, staying one step ahead is crucial to protect your business from potential breaches.

But here’s the thing – annual cyber security training just isn’t cutting it anymore.

Sure, it’s become a routine part of the calendar for many organisations. And it’s great that it’s happening at all. But ask any security leader, and they’ll tell you… employees find it time-consuming and uninspiring. From clicking through slides to skimming through videos at double-speed, it’s usually seen as just another box to tick.

And let’s be honest, even for those who do engage with the training, there’s little evidence it leads to real behaviour change.

That’s because the traditional approach lacks interactivity and doesn’t connect with employees on a personal level. It’s more about ticking boxes than building a culture of cyber security vigilance.

Guess what? There’s a better way. It’s all about small, regular, human-centric interventions. Think of it like the speed signs you see when you’re driving. They remind people to stop and think before they engage in risky behaviour. Just as the signs work for driving, this kind of training makes your employees more aware of what they’re clicking.

By nudging employees toward safer decisions in real-time, we can help them develop better cyber hygiene habits without overwhelming them with information overload. It’s about empowering them to make smarter choices every day.

And with the amount of Generative AI and third-party tools we’re surrounded with right now, it’s more important than ever to give employees the guidance they need to navigate potential risks. Whether it’s through real-time coaching or policy reminders, we can help employees understand the importance of safeguarding sensitive data.

So, while there may be a place for annual training, it’s time to think about using a more proactive approach to cyber security education.

This is something we can help you with. If you want to learn more, get in touch.

Uh oh! You’re at greater risk of malware than ever before

Here’s something not-so-fun but incredibly important to talk about: Malware attacks.

And it’s bad news. These scary cyber threats are hitting small and medium-sized businesses (SMBs) harder than ever before. That means you need to know how you can defend your business.

First things first, what exactly is malware?

Think of it as the digital equivalent of the germs that make you sick. Malware, short for malicious software, is like the flu virus of the cyber world. It’s designed to sneak into your computer systems or network and wreak havoc in all sorts of ways.

So, what kinds of malware are we talking about here?

Well, according to a recent report, there are a few major troublemakers: Information-stealing malware, ransomware, and business email compromise (BEC).

You might be wondering why you should care about malware. Let me set the scene. You’re running your business smoothly, minding your own business, when BAM! A malware attack hits.

Suddenly, your files are encrypted, your systems are locked down, and you’re being held hostage for ransom.

Sounds like a nightmare, right?

That’s the reality for many SMBs facing malware attacks. It’s not just about losing money – it’s about the potential damage to your reputation, your operations, and your customers’ trust.

But there are plenty of ways to fight back against malware and keep your business safe and sound:

Educate your team

Teach your employees to spot phishing emails (an email pretending to be from someone you trust), suspicious links, and other sneaky tactics used by cyber criminals. A little awareness goes a long way.

Armour up your devices

Make sure all your computers and devices are equipped with the best software to prevent attacks.

Back up, back up, back up

Regularly back up your data to secure offsite locations. That way, if you are attacked, you’ll have a backup plan (literally) to restore your files.

Fortify your network

Improve your network security with firewalls, encryption, and other powerful weapons. We can help with all of that.

Stay sceptical

Be cautious of suspicious emails or requests for sensitive information. When in doubt, double-check the sender’s identity and never click on risky links or attachments.

Have a plan

Prepare an incident response plan for dealing with malware attacks. Think of it as your emergency playbook, complete with steps for containing the threat, recovering your data, and reporting the incident. That’s a lot to take in, but remember, knowledge is power. These are all things we help our clients with, so they don’t have to worry about it. If we can help you too, ge

Picture this: You’re going about your day, checking your emails, when suddenly you see a message from a company you trust.

You think, “Great! That’s safe to read”. But hold on just one minute… this email is not what it seems.

It’s part of yet another scam created by cyber criminals to trick you into clicking malicious links or giving up sensitive info. It’s called “SubdoMailing,” and it’s as dangerous as it sounds.

What’s the deal?

Just like regular phishing attacks, cyber criminals pretend to be trusted brands.

But here’s how it works: These cyber criminals scour the internet for subdomains of reputable companies. You know those extra bits in a web address that come before the main domain? Such as experience.trustedbrand.com. That ‘experience’ bit is the subdomain.

They find a subdomain that the brand is no longer using and is still pointing to an external domain that’s no longer registered.

Then they buy the domain and set up the scam website.

So, you believe you’re clicking on experience.trustedbrand.com… but you have no idea it automatically redirects to scamwebsite.com.

The criminals are sending out five million emails a day targeting people in businesses just like yours.

And because these emails are coming from what seems like a legit source, they often sail right past usual security checks and land in your inbox.

Here’s our advice to keep you and your data safe and sound:

• Be wary of any emails that seem even remotely suspicious. If something looks fishy, it probably is.

• Before clicking on any links or downloading any attachments, take a moment to verify the sender. Look for red flags like spelling mistakes or unusual email addresses.

• Make sure your employees understand the latest phishing tactics and know how to spot a scam. A little knowledge goes a long way in keeping your company safe.

• Consider investing in top-notch security software to keep the cyber criminals at bay. It might seem like an extra expense, but trust us, it’s worth it.

As always, if you need help with this or any other aspect of your email security, get in touch.

A new security report has revealed some alarming trends.

First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year.

This is not good news.

Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company.

And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence.

But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks.

They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.

Or they pretend to be someone your team trusts. This is called social engineering.

So, what can you do to protect your business from these cyber threats?

• Educate your employees

Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes.

• Implement strong password policies

Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in).

• Keep your systems updated

Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.

• Invest in cyber security software

Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).

• Back-up your data

Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss.

When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch.

If there’s one thing that’s 100% certain when it comes to protecting your business data, it’s that you need to be aware of phishing emails.

First things first, what exactly is a phishing email? Picture it as a wolf in sheep’s clothing, posing as a legitimate communication to deceive unsuspecting recipients. These emails often contain malicious links, attachments, or requests for sensitive data, all disguised as a business or person you already know and trust.

And you know what they say: Knowledge is power. One of the best ways to stay safe is to stay informed. We can do that by looking at the most common phishing emails of last year.

There are three main categories of phishing themes: Major, moderate, and minor.

Major themes

The biggest category is finance-related phishing emails, making up a huge 54% of attacks. These emails often contain pretend invoices or payment requests, aiming to lure recipients into giving away financial information.

Following closely are notification phishing emails, making up 35% of attacks. These emails prey on urgency, claiming your password is about to expire or you must take some urgent action.

Moderate themes

Document and voicemail scams take centre stage here, accounting for 38% and 25% of attacks respectively. These tactics involve deceptive files or messages designed to trick you into compromising your security.

Minor themes

While less common, minor phishing themes still pose a risk to people who don’t know what to look out for. These include emails related to benefits, taxes, job applications, and property.

Why should you be concerned about phishing emails? Falling victim to these scams can have serious consequences, including financial loss, data breaches, and damage to your company’s reputation. It’s essential to educate your employees about the dangers of phishing and put in place robust cyber security measures to protect your business.

Awareness and vigilance are your best defences against phishing attacks. By staying informed, training your employees, and using strong security protocols, you can safeguard your company’s valuable assets from cyber threats.

We help businesses like yours stay safe. If you’re not 100% sure you’re fully protected… let’s talk.

Picture this: Your business gets hit by a ransomware attack, and your valuable data is locked away by cyber criminals demanding a huge ransom fee.

You can’t afford to pay it. But there’s a twist – just like those “buy now, pay later” schemes, some ransomware gangs are offering victims payment extension options.

Recent research reveals that ransomware groups are getting creative with their extortion strategies. One group is even offering victims various choices when it comes to their ransom demands. These “choices” include:

Paying to delay the publication of their stolen data, with a standard fee of $10,000… or paying to have their stolen data deleted before it’s made public.

The exact amounts charged are often negotiated with victims, adding a chilling dimension to the whole ordeal.

To increase the pressure on victims, these ransomware groups have added some terrifying features to their web sites. These include countdown timers displaying how much time businesses have before their data is released, view counters, and even tags revealing the victim’s identity and description.

It’s all designed to make victims feel cornered and more likely to give in to the demands.

You might be tempted to pay that ransom to protect your business data. Not so fast. Paying is always a bad idea and here’s why…

Paying doesn’t guarantee that you’ll get your data back or that the cyber criminals won’t demand more money later.

By paying, you’re essentially funding criminal activities, encouraging them to continue their attacks on others.

Paying a ransom might even get you into legal trouble, as some governments have made it illegal to pay cyber criminals.

So, what can you do to safeguard your business from falling victim to ransomware?

• Ensure you have regular, secure backups of your data. This way, you won’t be at the mercy of cyber criminals.

• Educate your staff about the risks of ransomware and train them to recognise phishing emails and suspicious links.

• Invest in robust cyber security software and keep it up to date.

• Keep your systems and software updated with the latest security patches.

• Segment your network to limit the spread of ransomware if one device gets infected.

• Develop a clear incident response plan, so you know exactly what to do if you’re ever hit by a ransomware attack.

Paying cyber criminals rarely makes things better, and we’re seeing businesses that do pay become targets time and time again. Instead, invest in the proactive measures above to help you stay secure. And if we can help you with that, get in touch.

Don’t think your business is a target? Think again

You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that’s where the big bucks are, right?

Think again.

Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from independent shops to global enterprises. And they’re doing it with the help of something called “botnets.”

You may have heard about the rise of malicious botnets, and you’re probably wondering, “what on earth is a botnet, and why should I care?” Botnets are the secret weapons of cyber criminals. They’re armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart fridge. Yes, even your fridge can be turned into a cyber weapon.

A new report observed “massive spikes” in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that’s a hundred times the usual levels of botnet activity.

Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That’s a lot of compromised devices.

And it didn’t stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on the 5^th and 6^th of January there were spikes of more than a million devices!

Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems.

Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific “ports” that serve as entry points.

What can you do to protect yourself from these cyber threats?

It’s all about strengthening those doors and windows. Here are a few simple steps:

• Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities.

• Install a good firewall and reliable antivirus software to protect your devices.

• Educate your employees about cyber security best practices, such as avoiding suspicious links and emails.

• Enforce strong, unique passwords for all your accounts and devices.

• Regularly back up your data to prevent loss in case of a cyber attack.

• Keep an eye on your network for any unusual activity.

• Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures.

If we can help you keep your business better protected, get in touch.

Google has unleashed a powerful new tool to make your Gmail inbox a safer and spam-free haven, and it’s called RETVec.

But what exactly is RETVec?

Well, let’s break it down in simple terms. RETVec stands for Resilient and Efficient Text Vectorizer. Fancy. In plain English, it’s a tool that makes Gmail even better at spotting annoying spam emails that try to sneak into your inbox.

Did you know that the people behind spam emails can be very smart to try to avoid detection? Some use invisible characters, something called LEET substitution (like “3xpl4in3d” instead of “explained”), and intentional typos to get past our defences. But RETVec is trained to be resilient against all these tricks.

Google explains it as mapping words or phrases to real numbers and then using these numbers for further analysis, predictions, and figuring out word similarities. In short, it’s like giving Gmail a supercharged spam radar.

How does this benefit you? Gmail’s spam detection rate shot up by an impressive 38% with RETVec on the scene. Plus, Gmail’s false positive rate dropped by nearly a fifth (that’s 19.4% fewer false alarms).

I know that some of you might be wondering if there’s a catch. Well, there’s a tiny caveat you should be aware of, especially if your business sends promotional emails.

With RETVec’s increased vigilance, some legitimate emails might get caught in the crossfire. It’s a good idea to keep an eye on your email analytics to ensure your messages reach their intended recipients.

RETVec isn’t just about better security. It’s more efficient too. Google reports that the Tensor Processing Unit (TPU) usage of the model dropped by a whopping 83%. Smaller models mean reduced computational costs and faster delivery, which is a game-changer for large-scale applications and on-device models. So, it’s a win-win situation.

Spam is a go-to weapon for cyber criminals and now RETVec can help keep us better protected. It blocks malicious emails, keeping our data safe and our inboxes clutter-free.

If you don’t use Gmail, don’t feel too left out. It’s likely we’ll see other email providers including Microsoft bringing similar protection in the future.

In the meantime, if you’d like us to review your business’s email security, get in touch.