Are you aware that the rise in global VPN usage has skyrocketed? The reasons are clear as day: Virtual Private Networks offer increased security, anonymity, and allow access to geo-restricted content online.

But here’s the million-dollar question: Are all VPNs created equal?

The answer is a resounding no. And that has potential implications for your business.

Free VPNs, although tempting with their zero-cost allure, aren’t always what they promise to be. Why, you ask? Let’s take a closer look at free VPN services.

For starters, it’s important to understand that running a VPN service comes with substantial costs. Servers, infrastructure, maintenance, staff – these aren’t free.

So how do free VPN providers keep the lights on? Some employ tactics that could compromise your privacy and security.

Imagine this: You’re sipping your morning coffee, browsing the net through a free VPN, believing your online activities are private. In reality, your sensitive information might be collected and sold to the highest bidder.

Cyber criminals, advertisers, even government agencies could potentially get their hands on your data.

Shocking, isn’t it?

Moreover, free VPNs are notorious for injecting unwanted ads and tracking cookies into your browsing sessions. Ever wondered why you’re suddenly bombarded with eerily accurate ads? It’s probably your free VPN service cashing in on your browsing habits.

Now, consider the potential danger if an employee downloads a free VPN on a company device, or on their personal device that they use for work. Company data could be exposed, representing a significant business risk. Picture a scenario where your company’s sensitive data falls into the wrong hands – a chilling thought, isn’t it?

So, what’s the solution?

It’s crucial to educate your employees about the risks associated with free VPNs. Encourage the use of reliable, paid VPN services that guarantee no logging of data, robust encryption, and superior user privacy.

In fact, you may choose to provide one to them. If we can help you find the safest, most suitable VPN for your business, get in touch.

Remember, when it comes to online security, free often comes at a higher cost. Isn’t it worth investing a few ££ a month to protect your company’s valuable information?

You may think that cyber attacks only happen to large corporations. But unfortunately, that’s not the case.

According to a recent report, almost two-thirds of small and medium-sized businesses (SMBs) suffered at least one cyber attack over the past year. That’s a staggering number, and it should serve as a wake-up call for businesses everywhere.

But it gets worse.

More and more businesses are also experiencing repeat attacks, with 87% reporting at least two successful attacks over the past year. And on average, a company suffers almost five successful cyber incidents.

Terrifying.

The question is, why are these attacks happening, and what can you do to prevent them?

The most common types of cyber attack that businesses face are malware and ransomware.

Malware is malicious software. It invades your system and can cause all sorts of problems, from slowing down your operations to stealing your data.

Ransomware is even more dangerous as it encrypts your data, making it impossible for you to access it unless you pay a ransom fee. This can be devastating for any business and can lead to significant losses and downtime.

What factors are contributing to more successful attacks?

One reason is the rise in BYOD (Bring Your Own Device). This means employees using their personal devices to access company information, which can be risky.

Another factor is the explosion of productivity apps, which can create security vulnerabilities if not properly secured.

Finally, the number of devices we’re using now means there are more entry points for cyber criminals to exploit.

The good news is that there are steps you can take to protect your business. Here are five solid security steps you can take.

1. Use strong passwords: Passwords are your first line of defence, so make sure they’re strong and unique. Better yet, use a password manager that can create and remember randomly generated passwords
2. Keep software up to date: Software updates often contain security fixes, so make sure you’re always running the latest version. This applies to both your operating system and all applications you use
3. Train your staff: Educate your employees on how to identify phishing emails and other scams. You can also run regular security awareness training sessions to keep everyone up to date
4. Backup your data: Doing this means if you do suffer a cyber attack, you can restore your systems quickly and with less disruption
5. Use antivirus software: This can help protect your systems from malware and other threats. Make sure you’re running a reputable and up-to-date solution

Remember, prevention is always better than cure. Take action today to help you stay protected.

And if that seems like a lot of extra work, let us help. Get in touch today.

Have you heard the saying, “A picture is worth a thousand words”? It seems cyber criminals have too, and they’re using it to their advantage.

In a new twist on phishing campaigns, cyber criminals are luring victims to click on images rather than downloading malicious files or clicking suspicious links.

Let’s dive into the warning signs, so you can keep your business safe from these sneaky attacks.

First things first, what’s the big deal about clicking on an image? It might be promoting a killer deal or one time offer.

But when you click on the image, you don’t go to the real website. Instead it’s a fake site designed to steal your personal information.

Imagine being lured in by a cute cat photo only to find out that Mr. Whiskers was actually a wolf in sheep’s clothing! Not so cute anymore, right?

So, how can you tell if an image is part of a phishing campaign? Here are some warning signs to look out for:

• Unexpected emails: Did you receive an email from someone you don’t know or weren’t expecting? Be cautious! It’s like accepting sweets from a stranger – you never know what you’re getting yourself into.

• Too good to be true: If an email promises you a free holiday or a million pounds just for clicking on an image, remember the golden rule: if it sounds too good to be true, it probably is.

• Spelling and grammar mistakes: We all make typos, but if an email is riddled with errors, it could be a sign that something is going on.

• Mismatched logos or branding: If an email claims to be from a reputable company but the logo or branding doesn’t match up, assume it’s a scam

Now that you know what to look for, let’s talk about how to protect your business from these image-based phishing attacks:

1. Educate your employees: Knowledge is power! Make sure your team is aware of the latest phishing tactics and knows how to spot the warning signs.

• Keep software up-to-date: Just like you wouldn’t drive a car with bald tyres, don’t let your software become outdated. Regular updates help patch security vulnerabilities that cyber criminals might exploit.

• Use strong passwords: It might be tempting to use “password123” for all your accounts, but resist the urge! A strong, unique password for each account can help prevent unauthorised access. Using a password manager is even better.

• Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring people to verify their identity through another method, such as a text message or fingerprint scan.

• Backup your data: In case disaster strikes, make sure you have a backup of all your files. That way, you won’t be left high and dry if your data is compromised.

Whilst cyber criminals are getting smarter and smarter with their tactics, there’s no need to panic. By being aware of the warning signs and taking proactive steps to protect your business, you can stay one step ahead of these digital tricksters.

Remember, not all that glitters is gold – or in this case, not every cute cat picture is just a cute cat picture. Stay vigilant, and don’t let the scammers win!

Don’t be mistaken, we love Microsoft Edge (and think you will too), but lately, something has come to our attention that we wanted to share.

It’s always a good idea to be aware of what your browser is doing behind the scenes. And there’s an Edge setting that you might be interested to learn about. It’s one that sends the images you view online to Microsoft.

While this might not seem like a big deal on the surface – it’s done to enhance the images – some business owners might be concerned about the privacy implications. After all, you never know who might be looking at your browsing history.

The good news is that it’s easy to disable this setting if you’re concerned about it. Here’s how:

1. Open Microsoft Edge and click on the three dots (“More actions”) in the upper-right corner of the screen

• Select “Settings” from the drop-down menu

• Scroll down and click on “Privacy, search, and services”

• Under the “Services” section, turn off the toggle switch next to “Improve your web experience by allowing Microsoft to use information about websites you browse to improve search suggestions, or to show you more relevant advertising”

That’s it! With just a few clicks, you’ve disabled the feature that sends images to Microsoft.

Of course, there are other settings in Edge that you might want to explore as well. Like the ones that control your data collection preferences, or the ones that limit pop-ups and redirects.

Why should you take a few minutes to check out your browser settings? Well, for one thing, it can help protect your privacy and security online. By being aware of what your browser is doing, you can make informed decisions about what data to share (and what to keep private).

Plus, exploring your browser settings can be a fun and educational experience in its own right. You might discover new features or hidden gems you never knew existed.

And don’t worry, you don’t have to be a tech expert to understand these settings. In fact, Microsoft has done a great job of making them simple and straightforward, with clear explanations and helpful tips along the way.

If you ever get stuck, our team is happy to help. Get in touch.

How many times a day do you respond to an email without really thinking about its contents?

Maybe it’s a request for some information. Perhaps it’s asking you to pay an invoice. All mundane stuff. But no sooner than you’ve hit send, you’ve fallen victim to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust.

It might sound like something that only happens to big corporations, but that’s not the case.

According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than $26 billion over the past few years.

And Microsoft brings more bad news, with its recent findings showing that they’re getting both more destructive and harder to detect.

So, what can you do to protect your business from BEC attacks? Here’s our advice:

1. Educate your employees: They are the first line of defense against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice, like strong passwords, multi-factor authentication, and secure file sharing.

• Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).

• Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference, or face-to-face meeting. Don’t rely on email alone to confirm these types of requests.

• Monitor your email traffic: Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changes to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.

• Keep your software up to date: Ensure that you’re always running the latest version of your operating system, email software, and other software applications. These updates often include vital security patches that address known vulnerabilities.

BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.

Don’t wait until it’s too late – take action today to keep your business safe.

If you want to know more about how to protect your business from cyber threats, our team is always ready to help you. Give us a call on 01204 221101 or email hello@bluebox-i.co.uk

When you replace old computers or external drives, do you delete data and then just… get rid of them?

You could be putting your sensitive data at risk.

A new study by a data recovery specialist shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online.

It’s not just buyers who can access your old files. Cyber criminals often buy used hard drives and attempt to recover data from them. This could include anything from confidential business information to client details.

It’s easy to forget about old data when you’re excited about shiny new technology. However, it’s important to consider what’s on that old drive before selling it or disposing of it.

Even if the drive is encrypted, it’s still possible for data to be recovered. And if the drive is damaged, there’s a chance that some of the data is still salvageable. It’s better to be safe than sorry when it comes to sensitive information.

Think about it this way: Would you leave important documents lying around for anyone to see? Of course not! Your digital information deserves the same level of protection.

So what can you do to protect yourself?

Don’t let your old hard drives become a liability. Take the time to have them properly wiped or destroyed before disposal. If you’re upgrading hardware, consider hiring a professional to handle the data transfer and ensure that your old devices are wiped clean.

This isn’t just about protecting yourself. It’s about protecting your employees, clients, and anyone else whose personal information you may have stored on that old drive.

It’s a small investment to make for the peace of mind that comes with knowing your data is safe from prying eyes.

Don’t take chances with your data – take action to protect it:

• Properly wipe or destroy old hard drives
• Bring in a professional for your hardware upgrades
• Upgrade your overall security practices

For help & advice call our team on 01204 221101

Have you ever felt frustrated by the flood of notifications from your multi-factor authentication (MFA) app?

Well, cyber criminals have too. And they’re taking advantage of “MFA fatigue” to try to gain access to your sensitive business data.

MFA is essential for keeping your data secure. It adds an extra layer of security to your apps and accounts by asking you to verify your identity in two or more ways, such as a password and a code sent to your phone.

The constant alerts can be overwhelming though.

Attackers know this and will bombard employees – sometimes in the middle of the night – with a constant stream of MFA notifications. Which makes it more likely someone will authenticate a login attempt through frustration, tiredness, or just to get the notifications to stop.

But now there’s a new weapon in the fight against MFA fatigue.

Microsoft Authenticator has introduced number matching as a way of making sure your MFA notification is from the correct login attempt, preventing cyber criminals from taking advantage of notification fatigue.

How does number matching work?

When you receive an MFA notification, the app will display a randomly generated number. You then need to input this number to authenticate the login attempt and prove you’re not a cyber criminal trying to access your business data.

That’s not all. Microsoft Authenticator also allows for biometric authentication, which means you can use your face, fingerprint, or other unique physical features to prove your identity and combat the threat of MFA fatigue attacks.

With these security measures in place, your business can stay ahead of cyber criminals and keep your sensitive data better protected.

If you already use Microsoft Authenticator, number matching is ready to use. Simply make sure your app is up-to-date, and you’ll be protected.

If you use another MFA system and want to look at how to make your security better or easier, we can help. Get in touch.

 

LinkedIn is introducing new verification features over the coming months to help tackle fake accounts.

The business-focused social platform is a fantastic place to connect with like-minded businesspeople, and to find new employees, jobs and opportunities.

But thanks to this popularity, we’re seeing an increase in fake profiles, created by scammers for more sinister purposes.

Bot-like accounts have been cropping up all over the platform. They’ve been spamming people, tricking genuine profiles into downloading malware, and scamming them into giving away personal data.

LinkedIn holds a huge amount of information on each of its members, including their job history, contact details, professional interests and places of work – all valuable data that a determined criminal could put to use.

These fake accounts can be hard to spot. They look like real people (sometimes they’re AI-generated deepfake images), they seem to work for legitimate businesses, and the profiles have been carefully curated to look like the real deal.

LinkedIn is making changes over the coming months to help tackle these fake accounts, by way of an improved account authentication process.

Microsoft, which owns LinkedIn, is partnering with secure identity platform Clear to help verify accounts using work email addresses, government-issued ID, and a phone number.

It’s initially only being tested in the US, but if it’s a success, we expect we’ll see a wider rollout over the coming months.

Once the relevant information has been provided, accounts will receive a verification mark, like the ones introduced by Twitter. However, unlike Twitter, LinkedIn will be offering verification free of charge.

We’ll keep you updated when we know more, but in the meantime, if you need help keeping all your accounts secure, get in touch.

 

One of the many cool things about the new wave of Artificial Intelligence tools is their ability to sound convincingly human.

AI chatbots can be prompted to generate text that you’d never know was written by a robot. And they can keep producing it – quickly, and with minimal human intervention.

So it’s no surprise that cyber criminals have been using AI chatbots to try to make their own lives easier.

Police have identified the three main ways crooks have found to use the chatbot for malicious reasons.

1. Better phishing emails

Until now, terrible spelling and grammar have made it easy to spot many phishing emails. These are intended to trick you into clicking a link to download malware or steal information. AI-written text is way harder to spot, simply because it isn’t riddled with mistakes.

Worse, criminals can make every phishing email they send unique, making it harder for spam filters to spot potentially dangerous content.

2. Spreading misinformation

“Write me ten social media posts that accuse the CEO of the Acme Corporation of having an affair. Mention the following news outlets”.  Spreading misinformation and disinformation may not seem like an immediate threat to you, but it could lead to your employees falling for scams, clicking malware links, or even damage the reputation of your business or members of your team.

3. Creating malicious code

AI can already write pretty good computer code and is getting better all the time. Criminals could use it to create malware.

It’s not the software’s fault – it’s just doing what it’s told – but until there’s a reliable way for the AI creators to safeguard against this, it remains a potential threat.

The creators of AI tools are not the ones responsible for criminals taking advantage of their powerful software. ChatGPT creator OpenAI, for example, is working to prevent its tools from being used maliciously.

What this does show is the need to stay one step ahead of the cyber crooks in everything we do. That’s why we work so hard with our clients to keep them protected from criminal threats, and informed about what’s coming next.

If you’re concerned about your people falling for increasingly sophisticated scams, be sure to keep them updated about how the scams work and what to look out for.

If you need help with that, get in touch.

 

Your data is one of your most valuable business assets. Keeping it safe should be one of your main priorities. So if you don’t have much security in place, there’s a minimum standard you should be implementing, right now.

There are dozens of security solutions available that all perform different tasks – from preventing criminals gaining access, to recognising attacks in progress, and then limiting the damage that can be done. There’s no one-size-fits-all as every business has different priorities and different types of data to protect.

Here are three essentials that every business should put in place as a basic level of protection.

1. A firewall

A firewall monitors the internet traffic coming into and leaving your IT network. It acts as a wall between your network and the outside world. It’s your first line of defence against an intruder breaking in to your network.

2. A password manager for everyone in the business.

A password manager stores all your credentials securely, and can also generate nearly impossible-to-guess passwords for all your accounts and applications.

That’s useful against brute force attacks, where cyber criminals essentially try to force their way into your system by guessing the password. It also stops you writing down your passwords somewhere ‘safe’!

3. A VPN (Virtual Private Network)

A VPN is important for any remote or hybrid workers in your business.

It means your employees can access your network from wherever they’re working, without worrying that their online activity is being watched by a criminal.

VPNs make your browsing completely private, hiding your device and location details, and anything you download. If you or your employees regularly use public Wi-Fi – especially to access your network – a VPN is essential.

These are our absolute minimum recommendations.

The strongest security uses additional tools like Multi-Factor Authentication to prove the identity of all users, and antivirus software to deal with any intrusions.

These work together to create a multi-layered security shield to defend against threats on many fronts.

But it’s important you create a security plan that’s right for your specific business. It’s a good idea to seek some professional help.

Not everyone’s as excited about IT security as we are! But we definitely have a passion for it.

If we can help you, get in touch.