There are three kinds of organisations in the world;

• Those who have been hacked,
• Those that are next in line or, worst of all,
• Those that don’t know they’ve already been hacked.

“Why would someone want to hack my business ?” is probably the most common mistake most businesses make. But hackers don’t discriminate – ALL businesses are targets and subject to ransomware and other cyber attacks.

When your staff navigate through the digital world they leave digital breadcrumbs. Every time they register at a website or sign up for an event, they use a username and password.

Cybercriminals are constantly, and successfully, attacking these websites and other user input points to harvest this login information which becomes the first piece in a larger, more elaborate digital jigsaw, which they piece together to create a profile and your business becomes the target.

RECOMMENDED BEST PRACTICE
The National Institute of Standards and Technology (NIST) produced its Cybersecurity framework (CSF), that sets out 5 best practice functions.

IDENTIFY: Know what you have, where you have it and the value of every single resource individually plus the value all resources combined.

PROTECT: Develop and implement appropriate safeguards to ensure critical infrastructure service delivery and proactively support your ability to limit or contain the impact of a potential cybersecurity event.

DETECT: The faster a cyber event is detected, the faster the repercussions can be mitigated. The early discovery of cybersecurity events is a critical step to a robust cyber program.

RESPOND: Develop appropriate techniques and actions to take when a cybersecurity incident has been detected. The faster and more effectively you respond to a possible detection of a cyber incident, the faster you can stop the threat in its tracks or mitigate its damage and reduce any potential financial impact.

RECOVER: Maintain appropriate plans that can be implemented to restore any impaired capabilities or disrupted services due to a cybersecurity event. Timely recovery to normal operations reduces the impact of a cybersecurity event.

Outsource and OSG Cloud both partner with the word’s leading backup and recovery technology solution providers and as NI’s only Veeam Gold Partner, Cloud and Service Provider, are best placed to support your business in ensuring you are best placed to deal with an attack and to recover after one.

We can help review your current security posture and build and implement comprehensive and robust cybersecurity program that guarantees the security and protection of your digital estate.

Don’t wait until after an event, take some pro-active steps today and make CYBER-SECURITY a priority for your business.

Get in touch for more information: info@osgroup.co.uk

#cybersecurity #security #informationsecurity #cloudsecurity

Fishing, already one of the world’s top participation sports, has again grown in popularity since the onset of Covid but unfortunately pales into insignificance compared to the unprecedented rise of Phishing Attacks on businesses during the same period.

Recent UK Government statistics tell us 65% of businesses have experienced a cyber security breach or attack in the last 12 months, with Phishing Attacks the stand out weapon of choice for criminals to steal data/information or extort money.

What is Phishing ?
Phishing is where attackers use multiple attack routes (email, mobile, social media, telephones, text message etc) to trick users into taking an action eg click a link for example, which provides them with the opportunity to steal, corrupt or hold a company to randsom.

Steps to Mitigate and Minimise  ?
Following some basic steps will give your business some greater protection, including;

1.    TRAINING – Implement staff training and security awareness programmes. In-House or trusted IT partners can provide staff ongoing training included regular unannounced simulated phishing exercises.
2.    ANTI-VIRUS SOFTWARE – Use reputable and up to date Anti-Virus software
3.    FIREWALLS – Use Desktop and Network Firewalls – have professionally configured and managed.
4.    BROWSER – Keep it up to date with all new security patches to ensure newly identified loopholes are closed.
5.    POP UPS – Remain vigilant of ALL pop-ups, even if they look legitimate.
6.    SITE SECURITY – verify the security of a site before you use it.
7.    PERSONAL INFORMATION – where possible share as little personal information on the internet you can.
8.    PASSWORDS – implement and follow password security guidelines (complex / three random words)
9.    MFA – a basic security requirement (no caveats)
10.  THINK BEFORE YOU CLICK – “act in haste repent at leisure” – any time you feel under pressure to act or respond quickly should be considered a red flag to take a breath.

Finally, where people are involved we will always be subject to human error and so when all else fails and in anticipation of a successful breach – HAVE A PLAN, PREPARED IN ADVANCE, so you can take the right actions, in a timely manner, to minimise losses and disruption.

To find out more about ways you can assess your vulnerabilities and improve your cyber security readiness get in touch. 

Multifactor Authentication (MFA) is a BASELINE security requirement for your Business. It is no longer considered an option if you value the security of your business.

To underpin the point, President Biden has recently signed an Executive Order making MFA a non-negotiable requirement for all US government agencies, with immediate effect

Outsource recommend businesses continue to maintain a robust security stance using group policies to ensure staff avoid the use of simple, non-complex passwords. The National Cyber Security Centre’s current recommendation for a strong password is to use three random memorable words, “ RedPantsTrees4! ”.Longer and complex alpha numeric passwords also remain acceptable.

However even complex passwords remain vulnerable to exploit. The IT security community believe the incorporation of the additional layer of MFA security is a must to help maintain the integrity and safety of your business networks. It simply provides an additional layer of security, a safety net, when for whatever reason a password has been compromised. It just requires a user to present two pieces of evidence as verification before they can gain access.

MFA is not new and you will already use it in your own personal life. From the moment you swipe your bank card at the ATM and need to verify by a PIN number to your online purchase where you are then required to enter a numeric code sent to your phone/e-mail address.

In order to verify users MFA offers a range of options falling into one of the following three primary categories:

– Something you know (like a password or PIN)
– Something you have (like a smart card/one-off code/clicking – – Approve on an authenticator)
– Something you are (like your fingerprint/face ID).

As technology evolves and security threats continue to increase expect to see the increasing use of more specific security measures such as Adaptive MFA. This will further increase your security stance by tailoring verification to user roles, security levels, approved permissions, location, log in behaviour etc. These variables when chosen will all feed into each individual users specific log in requirements. However for today the minimum requirement as confirmed by all reputable Security experts must be the deployment of MFA.

If the importance of MFA has not been stressed enough by your existing IT provider or your internal IT team you need to ask why and if required seek advice from another reputable Security adviser.

For the effective protection of your Network and your Users it is time to ask yourself “why do we not already have MFA in our business ?”

Get in touch to discuss how the Outsource Group can support your Cyber Security and IT needs, for today and tomorrow.

There are three kinds of organisations in the world — those who have been hacked, those that are next in line or, worst of all, those that don’t know they’ve already been hacked.

Thinking that you and your business won’t be a target, or that you don’t have any valuable or interesting data, is a false sense of security and the most common mistake most people make.

As you navigate through the digital world, you leave digital traces behind like digital breadcrumbs. Every time you register at a website, or even simply sign up for an event, you use a username and password.  The username is usually your email address and the password is, for 60 % of people, a re-used password.

Cybercriminals are constantly, and successfully, attacking these websites to harvest login information like email addresses, login names, domain names and any other information they can retrieve. This is just the first piece in a larger, more elaborate digital jigsaw. The data they retrieve will be placed in cloud caches, analysed and enriched with other data sources like a social media post, LinkedIn profiles and multiple other telling pieces of information that is readily available.

As soon as cybercriminals establish relationships between these digital jigsaw pieces, they create a profile and you become a target.   Armed with this digital profile, they have the keys and further opportunities to gain access to newer, larger and more sensitive data sources.  Every piece of additional information they gather, brings them many strides closer to successfully hacking you personally, and worse still, your extremely valuable corporate IT systems.

The National Institute of Standards and Technology (NIST)  produced its Cybersecurity framework (CSF), that sets out 5 best practice functions that are widely considered to be the default standard for building a robust cybersecurity program.  They are applicable to organisations of all sizes, and all industries, whether you’re just getting started in establishing a cybersecurity program, or if you’re already running a mature program.

1. Identify: Know what you have, where you have it and the value is of every single resource individually plus the value all resources combined.
2. Protect: Develop and implement appropriate safeguards to ensure critical infrastructure service delivery and proactively support your ability to limit or contain the impact of a potential cybersecurity event.
3. Detect: The faster a cyber event is detected, the faster the repercussions can be mitigated.  The early discovery of cybersecurity events is a critical step to a robust cyber program
4. Respond: Develop appropriate techniques and actions to take when a cybersecurity incident has been detected.  The faster and more effectively you respond to a possible detection of a cyber incident, the faster you can stop the threat in its tracks or mitigate its damage and reduce any potential financial impact.
5. Recover: Maintain appropriate plans that can be implemented to restore any impaired capabilities or disrupted services due to a cybersecurity event. Timely recovery to normal operations reduces the impact of a cybersecurity event.

OSG partners with industry leading backup and recovery technology solution providers.  We can help review your current security posture and build and implement comprehensive and robust cybersecurity program that guarantees the security and protection of your digital estate.

Importantly, we provide you with the absolute confidence, backed by contractual commitments and SLAs, that your business can recover from any incident within an acceptable, defined and predictable timeframe.

Don’t wait until after an event, take some pro-active steps today and make security a priority for your business.