Do you trust your employees with confidential information?

If you do, you’ll be surprised by this stat…

For a third of small and medium-sized business leaders, the answer is a resounding “no”!

Maybe it’s because Jim from accounting still has his password on a Post-it note under his keyboard? Or perhaps it’s because they’ve been burnt in the past?

Either way, it’s clear that trust isn’t enough when it comes to data security.

We believe the problem isn’t your employees; it’s the lack of good training and security measures.

So, what can you do about it?

Booking training for everyone is an easy first step. It empowers employees with the tools, techniques, and best practices they need to spot potential threats and take appropriate actions.

Think of it this way: well-trained staff pose less of a risk to the overall security of your business’s digital network. They become your first line of defence, helping to improve your company’s security, and significantly reducing the risk of a breach.

Next, there are your security measures. Many companies admit they don’t have sufficient technology or checks to protect confidential information.

This is where we come in. We can help set up your company’s system so that people can only access the data they’re supposed to.

But our job wouldn’t stop there. We can also ensure that your company has adequate policies relating to information sharing, gaining access to confidential data, and what happens when an employee leaves. By doing this we help you create a more secure working environment for everyone.

Here’s the truth: trust isn’t enough in data security. But with the right training and security measures in place, you can transform your employees from potential security risks into your greatest assets.

Are you ready to move from a place of fear and mistrust to one of empowerment and confidence? Get in touch.

Did you ever imagine a world where the lengthy, complicated passwords people often forget would become a thing of the past?

It seems that day might be arriving sooner than we anticipated.

Google has officially made Passkeys the default sign-in method for all personal accounts on its network, signalling the beginning of a new era in online security.

What’s a Passkey, you ask?

It’s the next big thing in internet safety. And as a business owner with staff, you should pay attention to this game-changing innovation.

Here’s everything you need to know.

What are Passkeys?

Imagine logging into your account using just a four-digit PIN or your biometric data like fingerprints or facial recognition. That’s precisely what a Passkey is.

Simple, isn’t it?

But don’t let the simplicity fool you. This new technology significantly reduces the likelihood of having your credentials stolen or your account taken over by cyber criminals.

How do Passkeys work?

Creating a Passkey is easy. Head over to Google’s official Passkeys website, create a PIN or connect your biometrics (fingerprint or face), link your smartphone, and you’re done.

Just remember, your PC needs to run at least Windows 10, or your Mac should have macOS Ventura or above. And on your phone, you need Android 9 or iOS 16.

As of now, this tech works only on Microsoft Edge, Safari, and Google Chrome browsers.

What are the benefits of Passkeys?

According to Google, 64% of people find Passkeys easier to use than traditional login methods.

Not only are they simpler and more secure, they’re also faster. Logging in with a Passkey is 40% quicker than using a regular password.

What’s next?

Google’s decision to make Passkeys the default sign-in method is just the beginning. The tech giant is already working with select partners to make this new login usable across Chrome and Android. It’s already available on Uber and eBay, with plans to expand to WhatsApp soon.

So, it might be wise to start thinking about how Passkeys can benefit your business. After all, Google could soon roll out this feature for business accounts too.

Meantime, if you’re not quite ready to embrace Passkeys, you can still opt-out. Just head to the Sign-in options page, find “Skip Password When Possible”, and toggle off the switch.

We’d recommend you give it a try and see how much easier – and more secure – it can make things. And of course, if you need any help, get in touch.

How secure do you think your passwords are? Do you believe that longer is always better? Well, we have some news for you. It’s time for a serious talk about password security.

New research has revealed a sobering truth – even passwords that are 15 characters long can be compromised. Yes, you read that right. It’s time to face the stark reality… length doesn’t always mean strength.

The eight-character password reigns supreme as the most compromised length of password. But don’t breathe a sigh of relief if yours is a longer one. The 15-character password also makes an appearance in the top ten most compromised lengths.

You might ask, “How could this be?” The answer lies not only in the password length but also in the content of the password and whether you use the same password on multiple sites.

The most compromised eight-character password is none other than “password” itself, while the most compromised 15-character password is “Sym_newhireOEIE”.

Doesn’t exactly feel secure, does it?

It’s not just about individual people. Businesses like yours are at high risk too. An alarming 86% of all cyber attacks start with stolen credentials. That’s nearly nine out of ten attacks. Can you afford to be complacent?

Sure, longer passwords do offer more resistance to brute force cracking. An eight-character password can be cracked in five minutes, while a good 15-character one could take up to 37 million years if it’s not following any obvious pattern (i.e., it’s random and uses many types of character). Impressive, isn’t it?

But remember, this is just one piece of the puzzle. Length alone won’t save you from stolen credentials via phishing attacks.

Use a robust business password manager. Not only will it randomly generate long passwords for you, but it will also remember them and fill in the login box for you.

You should also use two factor authentication, where you generate a code on a separate device to prove it’s you. Even if cyber criminals crack your password, they still won’t be able to access your data.

If you need help keeping your business better protected, get in touch.

Did you know that a staggering 60% of phishing websites are only online for a fleeting 10 minutes?

Yes, you read that right. Just ten minutes.

This surprising fact underlines just how rapidly cyber threats are evolving and how vital it is for us to stay ahead of the game.

Phishing sites are fake sites that try to trick you into entering your login details. Or to get you to download malware.

The idea is that cyber criminals drive huge amounts of traffic to them… scam people… then take down the site before it can be detected.

Wouldn’t it be great if we could spot these threats before they vanish into thin air and pop-up elsewhere? Well, Google Chrome has a trick up its sleeve to help us do just that.

Imagine this: You’re running your business, constantly on the move, making split-second decisions. You absent-mindedly visit a website which looks a little… odd. But you don’t panic. You’re using Google Chrome and it scans websites you visit against its list of malicious URLs.

But uh oh. Google’s list of bad websites is only updated every 30 to 60 minutes. That 60% of phishing domains that are active for just 10 minutes may slip through the net.

Enter Google Chrome’s new security tool, Enhanced Safe Browsing.

As part of a recent update, Chrome has switched it on for everyone. It will now check URLs against a list of domains in real time. Think of it as a cyber bodyguard who can spot and neutralise threats at lightning speed.

Google has confirmed that Enhanced Safe Browsing will continue to offer features like deep scans for files and protection from malicious extensions.

So, does this mean Google will know every URL you visit?

Well, yes. But whilst this new feature does share all visited URLs with Google, the information won’t be used to power other features, including advertising. It’s a trade-off between security and privacy. Given the increasing sophistication of cyber threats, isn’t it worth having an extra layer of protection?

We say embrace these new tools and stay one step ahead of the cyber criminals. After all, the safety of all our businesses depends on it.

If you need additional support protecting your business from phishing scams – or anything else – get in touch.

You’re no stranger to the endless threats lurking in your email inbox. But have you ever considered that an email which seems to be from Microsoft could end up being your worst nightmare?

Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. That’s where cyber criminals send you an email which contains a malicious link or file. They’re trying to steal your data.

And whilst Microsoft isn’t to blame for this, you and your employees need to be on high alert for anything that seems suspicious.

During the second quarter of 2023, Microsoft soared to the top spot of brands imitated  by criminals, accounting for a whopping 29% of brand phishing attempts.

This places it well ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, these three tech titans account for more than half of the observed brand imitator attacks.

But what does this mean for your business?

Despite a clear surge in fake emails targeting millions of Windows and Microsoft 365 customers worldwide, careful observation can help protect you from identity theft and fraud attacks.

Whilst the most imitated brands change from quarter to quarter, usually cyber criminals are less likely to change their tactics.

They use legitimate-looking logos, colours, and fonts. Phishing scams frequently use domains or URLs that are similar to the real deal. But a careful scan of these, along with the content of any messages, will often expose typos and errors – the tell-tale signs of a phishing attack.

One of the latest attacks claims there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.

And whilst tech firms continue to be popular scam subjects, many cyber criminals have turned to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.

What can you do to protect your business?

The answer is simpler than you might think. The best course of action when it comes to phishing is to slow down, observe, and analyse. Check for discrepancies in URLs, domains, and message text.

If we can help you keep your team aware of the risks, get in touch.

Are you aware that the rise in global VPN usage has skyrocketed? The reasons are clear as day: Virtual Private Networks offer increased security, anonymity, and allow access to geo-restricted content online.

But here’s the million-dollar question: Are all VPNs created equal?

The answer is a resounding no. And that has potential implications for your business.

Free VPNs, although tempting with their zero-cost allure, aren’t always what they promise to be. Why, you ask? Let’s take a closer look at free VPN services.

For starters, it’s important to understand that running a VPN service comes with substantial costs. Servers, infrastructure, maintenance, staff – these aren’t free.

So how do free VPN providers keep the lights on? Some employ tactics that could compromise your privacy and security.

Imagine this: You’re sipping your morning coffee, browsing the net through a free VPN, believing your online activities are private. In reality, your sensitive information might be collected and sold to the highest bidder.

Cyber criminals, advertisers, even government agencies could potentially get their hands on your data.

Shocking, isn’t it?

Moreover, free VPNs are notorious for injecting unwanted ads and tracking cookies into your browsing sessions. Ever wondered why you’re suddenly bombarded with eerily accurate ads? It’s probably your free VPN service cashing in on your browsing habits.

Now, consider the potential danger if an employee downloads a free VPN on a company device, or on their personal device that they use for work. Company data could be exposed, representing a significant business risk. Picture a scenario where your company’s sensitive data falls into the wrong hands – a chilling thought, isn’t it?

So, what’s the solution?

It’s crucial to educate your employees about the risks associated with free VPNs. Encourage the use of reliable, paid VPN services that guarantee no logging of data, robust encryption, and superior user privacy.

In fact, you may choose to provide one to them. If we can help you find the safest, most suitable VPN for your business, get in touch.

Remember, when it comes to online security, free often comes at a higher cost. Isn’t it worth investing a few ££ a month to protect your company’s valuable information?

You may think that cyber attacks only happen to large corporations. But unfortunately, that’s not the case.

According to a recent report, almost two-thirds of small and medium-sized businesses (SMBs) suffered at least one cyber attack over the past year. That’s a staggering number, and it should serve as a wake-up call for businesses everywhere.

But it gets worse.

More and more businesses are also experiencing repeat attacks, with 87% reporting at least two successful attacks over the past year. And on average, a company suffers almost five successful cyber incidents.

Terrifying.

The question is, why are these attacks happening, and what can you do to prevent them?

The most common types of cyber attack that businesses face are malware and ransomware.

Malware is malicious software. It invades your system and can cause all sorts of problems, from slowing down your operations to stealing your data.

Ransomware is even more dangerous as it encrypts your data, making it impossible for you to access it unless you pay a ransom fee. This can be devastating for any business and can lead to significant losses and downtime.

What factors are contributing to more successful attacks?

One reason is the rise in BYOD (Bring Your Own Device). This means employees using their personal devices to access company information, which can be risky.

Another factor is the explosion of productivity apps, which can create security vulnerabilities if not properly secured.

Finally, the number of devices we’re using now means there are more entry points for cyber criminals to exploit.

The good news is that there are steps you can take to protect your business. Here are five solid security steps you can take.

1. Use strong passwords: Passwords are your first line of defence, so make sure they’re strong and unique. Better yet, use a password manager that can create and remember randomly generated passwords
2. Keep software up to date: Software updates often contain security fixes, so make sure you’re always running the latest version. This applies to both your operating system and all applications you use
3. Train your staff: Educate your employees on how to identify phishing emails and other scams. You can also run regular security awareness training sessions to keep everyone up to date
4. Backup your data: Doing this means if you do suffer a cyber attack, you can restore your systems quickly and with less disruption
5. Use antivirus software: This can help protect your systems from malware and other threats. Make sure you’re running a reputable and up-to-date solution

Remember, prevention is always better than cure. Take action today to help you stay protected.

And if that seems like a lot of extra work, let us help. Get in touch today.

Have you heard the saying, “A picture is worth a thousand words”? It seems cyber criminals have too, and they’re using it to their advantage.

In a new twist on phishing campaigns, cyber criminals are luring victims to click on images rather than downloading malicious files or clicking suspicious links.

Let’s dive into the warning signs, so you can keep your business safe from these sneaky attacks.

First things first, what’s the big deal about clicking on an image? It might be promoting a killer deal or one time offer.

But when you click on the image, you don’t go to the real website. Instead it’s a fake site designed to steal your personal information.

Imagine being lured in by a cute cat photo only to find out that Mr. Whiskers was actually a wolf in sheep’s clothing! Not so cute anymore, right?

So, how can you tell if an image is part of a phishing campaign? Here are some warning signs to look out for:

• Unexpected emails: Did you receive an email from someone you don’t know or weren’t expecting? Be cautious! It’s like accepting sweets from a stranger – you never know what you’re getting yourself into.

• Too good to be true: If an email promises you a free holiday or a million pounds just for clicking on an image, remember the golden rule: if it sounds too good to be true, it probably is.

• Spelling and grammar mistakes: We all make typos, but if an email is riddled with errors, it could be a sign that something is going on.

• Mismatched logos or branding: If an email claims to be from a reputable company but the logo or branding doesn’t match up, assume it’s a scam

Now that you know what to look for, let’s talk about how to protect your business from these image-based phishing attacks:

1. Educate your employees: Knowledge is power! Make sure your team is aware of the latest phishing tactics and knows how to spot the warning signs.

• Keep software up-to-date: Just like you wouldn’t drive a car with bald tyres, don’t let your software become outdated. Regular updates help patch security vulnerabilities that cyber criminals might exploit.

• Use strong passwords: It might be tempting to use “password123” for all your accounts, but resist the urge! A strong, unique password for each account can help prevent unauthorised access. Using a password manager is even better.

• Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring people to verify their identity through another method, such as a text message or fingerprint scan.

• Backup your data: In case disaster strikes, make sure you have a backup of all your files. That way, you won’t be left high and dry if your data is compromised.

Whilst cyber criminals are getting smarter and smarter with their tactics, there’s no need to panic. By being aware of the warning signs and taking proactive steps to protect your business, you can stay one step ahead of these digital tricksters.

Remember, not all that glitters is gold – or in this case, not every cute cat picture is just a cute cat picture. Stay vigilant, and don’t let the scammers win!

Don’t be mistaken, we love Microsoft Edge (and think you will too), but lately, something has come to our attention that we wanted to share.

It’s always a good idea to be aware of what your browser is doing behind the scenes. And there’s an Edge setting that you might be interested to learn about. It’s one that sends the images you view online to Microsoft.

While this might not seem like a big deal on the surface – it’s done to enhance the images – some business owners might be concerned about the privacy implications. After all, you never know who might be looking at your browsing history.

The good news is that it’s easy to disable this setting if you’re concerned about it. Here’s how:

1. Open Microsoft Edge and click on the three dots (“More actions”) in the upper-right corner of the screen

• Select “Settings” from the drop-down menu

• Scroll down and click on “Privacy, search, and services”

• Under the “Services” section, turn off the toggle switch next to “Improve your web experience by allowing Microsoft to use information about websites you browse to improve search suggestions, or to show you more relevant advertising”

That’s it! With just a few clicks, you’ve disabled the feature that sends images to Microsoft.

Of course, there are other settings in Edge that you might want to explore as well. Like the ones that control your data collection preferences, or the ones that limit pop-ups and redirects.

Why should you take a few minutes to check out your browser settings? Well, for one thing, it can help protect your privacy and security online. By being aware of what your browser is doing, you can make informed decisions about what data to share (and what to keep private).

Plus, exploring your browser settings can be a fun and educational experience in its own right. You might discover new features or hidden gems you never knew existed.

And don’t worry, you don’t have to be a tech expert to understand these settings. In fact, Microsoft has done a great job of making them simple and straightforward, with clear explanations and helpful tips along the way.

If you ever get stuck, our team is happy to help. Get in touch.

How many times a day do you respond to an email without really thinking about its contents?

Maybe it’s a request for some information. Perhaps it’s asking you to pay an invoice. All mundane stuff. But no sooner than you’ve hit send, you’ve fallen victim to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust.

It might sound like something that only happens to big corporations, but that’s not the case.

According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than $26 billion over the past few years.

And Microsoft brings more bad news, with its recent findings showing that they’re getting both more destructive and harder to detect.

So, what can you do to protect your business from BEC attacks? Here’s our advice:

1. Educate your employees: They are the first line of defense against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice, like strong passwords, multi-factor authentication, and secure file sharing.

• Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).

• Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference, or face-to-face meeting. Don’t rely on email alone to confirm these types of requests.

• Monitor your email traffic: Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changes to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.

• Keep your software up to date: Ensure that you’re always running the latest version of your operating system, email software, and other software applications. These updates often include vital security patches that address known vulnerabilities.

BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.

Don’t wait until it’s too late – take action today to keep your business safe.

If you want to know more about how to protect your business from cyber threats, our team is always ready to help you. Give us a call on 01204 221101 or email hello@bluebox-i.co.uk