Customer Portal Remote Support Contact us

FAQs

Cyber Crime

Cyber Security

Key IT Terms

Malware

Malicious + software = malware. An umbrella term used to refer to the wide variety of hostile software available today.

There is ransomware, which steals or encrypts all your data, and ransoms it back to you.

Then there is spyware, which infiltrates your PC and steals sensitive information such as account credentials.

But these are just two of the most dangerous and virulent malware – there are many, many more out there.

You must have a comprehensive defence against malware. Network security and endpoint security solutions form the basis of this protection.

You should strongly consider a Managed Security Service Provider. This ensures that you’ll have qualified professionals on your side in the fight against cyber crime.

Encrypting ransomware, a form of malware, is seen as the biggest threat to businesses today.

It infiltrates PCs and locks the user out from their own data, making it impossible to access. Hackers then demand a ransom (often a 3 or 4-figure sum) for the return of the victim’s files, with the threat of a deadline – after which the files will be deleted forever.

Neuways can help you get the best solutions for your business, including state-of-the-art business continuity technology and industry-leading IT awareness training.

Ransomware

Ransomware is a generic term for a type of malware which infects victims PCs and encrypts their files, offering to decrypt them for a ransom.

Ransomware typically makes its way onto machines via a Trojan – a type of malware disguised as a legitimate file that may arrive via an email or a malicious website. Security experts consider ransomware to be the most virulent cyber threat.

Keep antivirus software up to date. However, because cybercriminals are constantly looking to circumvent security measures, sometimes this isn’t enough. Keep backups of data stored in an offline or segmented location in case of the need to recover everything in the event of an attack. Finally, adhere to best practice, such as being cautious when opening email attachments or clicking on hyperlinks, and staying educated on the evolving threat.

Ransomware payloads can be delivered through a variety of vectors, meaning comprehensive cyber security set up is critical to minimising your business’ risk. The best insurance policy you can get to protect to you is a Datto backup solution to immediately restore your systems in the event of falling victim to ransomware.

Spyware

A type of malware that is designed to spy on users and steal sensitive information to send to an attacker. It can also assume control over the infected device without the victims’ knowledge, making it particularly dangerous.

Spyware extends beyond monitoring, and can collect almost any type of data from infected PCs. This includes web browsing habits and account credentials. It can even interfere with device usage, altering software on devices.

As with all malware, prevention is the best defence, and good anti-spyware is essential. If a device is infected with spyware, it is likely that it will need to be completely wiped and rebuilt.

Spyware rarely operates alone on a PC, so it will often bring other associated malware with it. Computers running slowly for unusual or suspicious reasons ought to be examined by a professional.

Trojan Horse

A trojan horse is a type of malware that impersonates a trusted file type (Microsoft Word, for example) but actually contains a malware payload.

A trojan horse is typically delivered by email. Hackers rely on your curiosity – after all, if there’s an attachment, you probably want to open it…right?

Stop.

Only open an attachment if it’s from a trusted source, and if you’re expecting it. And as with phishing, always check the email address domain to ensure it’s a legitimate contact.

If you’re in any doubt, don’t open the attachment and verify the contact by giving them a call.

Phishing

The most common tactic employed by cyber criminals, phishing refers to the tactic of disguising something malicious as a legitimate link or attachment, tricking users into revealing sensitive information or downloading malicious software.

The most common phishing tactic is phishing emails. These are emails disguised as coming from banks or other trusted service providers, encouraging users to follow a hyperlink.

These take users to fake sites that criminals use to steal passwords or install malware onto PCs.

Email and web filtering, as well as knowledge of how to spot a suspecting phishing attack, is essential.

Neuways can recommend solutions that best fit your business.

Whaling

Whaling is a phishing attack targeted at senior executives (typically C-level) and accounting teams.

An attacker will typically try to imitate a director, or another senior member of staff, to pressure the victim into revealing confidential information – or even sending payments to a rogue account.

Yes, kind of.

Whaling is a type of phishing, but highly targeted. Hackers who employ whaling tactics often spend time researching their victim, using information in the public domain (social media, company ‘about us’ website page etc.)

The average phishing attack is usually indiscriminate and conducted on a large scale.

Social Engineering

Social engineering is the use of deception to manipulate individuals into giving away sensitive or personal information (such as usernames and passwords) to be used for fraudulent purposes.

Learn about the various different techniques attackers use, and be aware: if you get an out-of-the-ordinary request for your sensitive information, ignore it. Email filtering can help prevent perhaps the most prevalent form of social engineering, phishing emails, from ever reaching your inbox.

17% of employees fall for social engineering attacks – nearly one in five. Make sure employees and are aware of the threat.

Password

A password is a security mechanism used to secure sensitive information and accounts.

Passwords are absolutely critical because they are often the least secure aspect of any overall security setup. Hackers will often attack down “the path of least resistance” – meaning before they try any technical skulduggery, they’ll generally just try out a series of common passwords.

Let’s say your email address is publically available on your LinkedIn account. Hackers could take that, and then try to log in using it with a series of guessed passwords. Even if your email address wasn’t publicly available, smart hackers would take your name, your business, and combine them.

Joebloggs@mybusiness.com for example, and if Joe Bloggs has a password of “qwerty123” then it will take a hacker all of a few seconds to gain access to Joe’s account.

Absolutely. Passwords like “qwerty123” and “password01” will present hackers and their tools with as little as a few seconds work to crack, at which point they can chuckle, and help themselves to your data.

A password policy is a great way of ensuring that your business follows a set of rules for the creation and maintenance of good passwords and good password practice. It can be centrally administered from your servers, managed by third-party software, or stipulated in employee contracts.

Password Manager

A password manager is a secure account that stores all of your passwords in a single place. They integrate with your internet browser, ensuring you’re always signed into your key accounts.

With so many accounts and subscriptions, people tend to create passwords that are simple to remember. This means that they’re much easier to crack.

A password manager means that you can create robust, highly secure passwords for your individual accounts, but you only need to remember your Password Manager login details.

Yes, as long as you choose a well-respected provider that puts security first.

We can help you with this, so contact us if you’re interested in deploying a password manager.

If you struggle to remember your passwords, and use multiple accounts on a daily basis, a password manager is a great solution.

It makes you far more secure than if you re-use the same password for multiple devices.

Backups

Should you lose access to your company’s data for any reason, a backup can provide you with a copy of your data that can be restored at any point. We strongly recommend all businesses have a reliable, secure way of backing up. Data loss can be very serious, especially in with cyber criminals looking to make money out of any company data they can get there hands on the large fines that can now be enforced following the introduction of GDPR.

An example of data loss could be your server failing. Any data created or modified since your last back up will be lost. Backing up regularly should be a key part of every business’ day-to-day planning.

It depends on your business.

To find this out, ask yourself how much data your business could afford to lose, without affecting your financials or business relationships.

One month’s worth?
A week?
One day?
An hour?

So, if your company suffers a catastrophic data loss and you need to restore from your latest backup, how much work could you afford to lose?

Neuways can help you implement a backup solution that allows you to restore your data in as little as an hour!

Working with industry leaders in backup and business continuity, we can help you improve your company’s backup policies, or help you establish new ones.

Business Continuity & Disaster Recovery

Business continuity & disaster recovery is your business’s resilience to a disaster situation that results in loss of access to systems and data.

For example, should your office flood or suffer an electricity outage, business continuity & disaster recovery is your contingency planning that minimises downtime.

Backup is the process of saving a copy of your data. It is one aspect of an overall business continuity & disaster recovery plan.

Older methods of backing up (such as to a tape or a USB drive) are no longer viable. For true business continuity and disaster recovery, your business needs three layers of backup.

Download our brochure here – it covers the type of disasters you should be planning for, and what your business continuity & disaster recovery strategy should include.

Information Security

Information security is the protection of information across your business, whether physical or digital.

There is overlap between information security and cyber security, however cyber security is more concerned with the protection of data in a digital format.

Your cyber security solutions will typically form part of your wider information security strategy.

You can find out more on our dedicated information security page, including tips, information on compliance, and more.

Network Security

Network security is the protection and monitoring of access to your business network. This includes prevention of access to resources stored on your network, and the interception of internet traffic containing confidential data.

No.

Not if you’re a business or individual working with confidential data. Router firewalls are not suitable for commercial use, and should always be accompanied with an enterprise solution.

Absolutely.

With multilayered protection, the ability to recognise malicious traffic, and advanced malware protection, a next-generation firewall is the best network security option for your business.

With data compliance fines being dished out left, right, and centre – it’s in your interest to secure access to your network!

Endpoint Security

Endpoint security, sometimes called ‘anti-virus security’, is the protection of all devices that connect to the internet. This includes mobile phones, desktop computers, laptops, tablets, and more.

Each of your devices is an ‘endpoint’ that has access to your network, and if each endpoint is not properly secured, it’s a gateway into your business network.

Therefore, endpoint security is a cyber security essential!

95% of malware is unique to a single device. Endpoint Security uses real-time protection, consulting a database of billions of files, to cross reference threats to your business.

It’s a round-the-clock shield for your devices.

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a process where a user is prompted during the sign-in process for an additional form of identification, such as entering a code sent to their mobile, a fingerprint scan, or simply a YES/NO push notification sent to the device.

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, how can you guarantee that the person signing in is actually the user?

When you require a second form of authentication, security is significantly increased because this additional factor is much harder for an attacker to obtain or duplicate.

MFA frequency varies, usually it isn’t required daily, nor even weekly – as long you are logging in on the same machine. The power of MFA comes from the validation of the user/machine.

So, User A logs onto Computer 1 and authenticates with MFA, they won’t get prompted on that system again for at least 30 days (unless something significant happens).

But if User A logs onto another computer or device, then they will be prompted for MFA. We can complement MFA with a setting called Conditional Access to make its behaviour even more granular/specific. For example, if certain users only need access from the office, we can enforce this.

MFA follows the user, so even if a machine is used by multiple users, MFA will be prompted for each individual user.

MFA should not be trusted as the final line of defence for authentication. The immediate challenge is fortifying the MFA infrastructure so that fewer loopholes exist, and educating people using MFA on these loopholes.

MFA is another form of perimeter security. People often think that because they have MFA, they’re immune to phishing attacks. To be clear, MFA is not designed to stop attacks not related to logins. It only secures online accounts at the perimeter (i.e. when the user logs in to gain access to an account/device).

If an account has been logged into with simply a username and password, without authority of the account holder, MFA would prevent this.

MFA should not be trusted as the final line of defence for authentication. The immediate challenge is fortifying the MFA infrastructure so that fewer loopholes exist, and educating people using MFA on these loopholes.

MFA is another form of perimeter security. People often think that because they have MFA, they’re immune to phishing attacks. To be clear, MFA is not designed to stop attacks not related to logins. It only secures online accounts at the perimeter (i.e. when the user logs in to gain access to an account/device).

If an account has been logged into with simply a username and password, without the authority of the account holder, MFA would prevent this.

Routers

A router connects attached devices, such as PCs, to the Internet.

Yes, if you intend to connect to the Internet and use email, the World Wide Web and other Internet-based services.

Many routers come with in-built firewalls, which is a security feature to restrict access in and out of the router’s network. A router is essentially a gateway to and from the Internet – not only can it connect your network to the outside world, if it isn’t secured correctly, it can let the outside world into your network.

Unfortunately, no. A firewall, whether it is built-in or separate to the router, must be properly configured by professionals to ensure your router is secure. Even after this is done there are still other attack vectors open to criminals that firewalls may not stop.

Cloud

The cloud is the instant provisioning of data and resources via the internet, usually by a 3rd party provider.

This means your data is stored in a secure network, allowing access anywhere and at any time.

Both, technically.

Your cloud service provider is responsible for the integrity of the infrastructure itself (including maintenance and perimeter security of the cloud network itself).

On the other hand, your endpoints and the data that your business processes is your responsibility. Essentially, your data is as secure as the solutions you use – which is no different to an on-premise setup.

You can find out more here.

It isn’t quite that simple. Both cloud and on-premise technology have their place. However, the flexibility and scalability offered by cloud technology is far superior to an on-premise setup.

Cloud technology means that you benefit from the power of a dedicated server, without the hassle of on-site maintenance.

And because the infrastructure is run by a cloud provider, you also benefit from the latest software and security updates, which are automatically installed.

This means that you’re always using the latest version of the software, instead of having to pay for incremental upgrades.

Digital Operation Security

Digital Operation Security, or OPSEC for short, is the digital side of the organisational risk management process. It helps reduce the risk of system compromisation from an internal perspective – for example: locking screens and device management.

Always lock your computer when you are not in front of it. Also, If you work with lots of company confidential data, invest in a privacy screen to prevent people looking over your shoulder (this limits the viewable angle of the screen).
Never leave your computer unattended in public areas, even if the screen is locked. 30 seconds and a open USB port are all that an attacker needs to try and compromise your computer.
Be suspicious when connecting to unfamiliar WiFi networks. It’s very easy to spoof and intercept your traffic once you are connected. Consider using a VPN to ensure all communications are encrypted.
Only use trusted USB devices; never use unencrypted USB drives or untrusted USB leads, peripherals and sockets. Be wary of using freebies and never connect devices you have “found”!
Disable Bluetooth on devices that you don’t actively need it running on. A would-be attacker can attempt to compromise your device “wirelessly” and you would never know.

Leased Lines

Leased lines are private symmetric telecommunications units between two or more locations, in exchange for monthly rent. Used for telephone, internet and other data services.

Advantages:

Great for inter-network connectivity
Generally faster and stable
Less likely to be affected by cyber threats
Dedicated download and upload speeds

Disadvantages:

Can be costly if any construction work is required
To install a leased line could potentially take weeks, if not months
Each leased line requires a physical installation, which could disrupt the workplace

Neuhelp Expertise:
With the internet being the pinnacle of business life, it is important that a stable internet connection is maintained, to avoid issues such as failed backup, loss of communication, downtime for critical business systems across your network – amongst a plethora of other uncomfortable issues. With a leased line, the aforementioned risks are mitigated to an almost negligible problem.

Dark Web

The dark web is a layer of the internet that is only accessible via the TOR web browser.

This is not to be confused with the deep web, which is simply the section of the internet that is not accessible via search engines (such as Google or Bing).

No, however the dark web is typically where illegal activities such as terrorism, money laundering, drug dealing, and human trafficking are conducted. A study found that 60% of content on the dark web is considered harmful.

If even one of your staff’s credentials are compromised, their details will probably end up for sale on the dark web. This could lead to a breach in the future. This is why IT awareness training and dark web monitoring are so important for businesses.

Enterprise Resource Planning

ERP, or Enterprise Resource Planning, is a business system that enables the end-to-end management of business processes.

This means that your key processes including accounts, CRM, and logistics (amongst others) are all unified into a single centralised system.

You may currently use dedicated accounting software with a separate CRM system that works well enough.

However siloed solutions limit the potential of your business. The integration offered by ERP means that your business solutions can ‘talk’ to one another, sharing data and offering insights that would be impossible without ERP.

We recommend diversifying your backup and business continuity methods – this is to ensure that you’re able to recover your data in the event of a disaster.

However, this is not the same as live business data. Unifying your business data opens up opportunities to increase productivity, deliver better customer service, and make intelligence-based business decisions.

Download Our Business Continuity and Disaster Recovery Brochure

Fill in the fields below and our brochure will be emailed to you.


 


Download Our Brochure

Fill in the fields below and our brochure will be emailed to you.

Download Our Microsoft Dynamics 365 Business Central Brochure

Fill in the fields below and our brochure will be emailed to you.

Download Our MSP Brochure

Fill in the fields below and our MSP brochure will be emailed to you.

Download our NeuVue360 Brochure

Download Our NeuVue360 Brochure

Fill in the fields below and our brochure will be emailed to you.

Request a callback

Request a call back
close slider