telanova Blog

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

Would you trust a HTTPs verified site?

Details
Created: Friday, 23 March 2018

Oh, you think you're so safe with your little green padlocks, huh?

Think again. PhishLabs have recently published research where they have found a staggering 24% of phishing sites use HTTPS, an otherwise well known protocol that used to establish trust and privacy of using a site.

Over the years, we have seen a massive push towards encryption of everyday services. Browsers now display a warning for sites that aren't encrypted and half the web now uses standard encryption for their websites. So why fight the competition when you can just join them?

How many times have you visited a website and trusted inputting your sensitive financial data just because your browser says its safe? It's time for that behaviour to change!

How to stay safe online

Create complex passwords. Yes, I know, you've heard it all before. But the reason you've heard this before because it is the forefront of security, and arguably the most important part. Having a strong password (e.g. complex, numbers, capitals, special characters) can save you from a world of trouble.

Be overly cautious. If its too good to be true, it probably is. Don't enter or give any information to anyone unless you can authenticate who they are. And, for whatever reason, don't click random links on the internet.

Look into active web protection. In a day and age of increasing number of cyber attacks, we also fortunately have an increasing number of methods to protect ourselves. Look into installing some form of active web protection that blocks possible malicious websites e.g. McAfee

 

Stealthy Trojans need the 'door bouncer' treatment on your network.

Details
Created: Friday, 23 March 2018

No, this isn't a blog post on Brad Pitt. 

I'm hopeful you've heard of the mythical story of the Trojan Horse? Where, in 1194 BC, the Trojans built a gigantic wooden horse that was disguised as a gift and left it outside the City of Troy's gates. The people of Troy celebrated the peace offering and took the horse inside its impregnable walls. Little did they know, the horse was full of Trojan's best warriors - and at night, they jumped out; opening the gates to the Trojan army where they plundered and razed the city.

The same ruse is now being used to enter our networks and steal our sensitive data. All it takes is a user to open or download a link sent from a malicious email that is disguised as secure and safe. A study in 2011 showed that a 69.9% of all malware attacks are Trojans.

Once downloaded or opened, the malware infects your network or local computer. Attackers can then steal data such as credit cards, financial information, email accounts, passwords and emails, and even send thousands of emails to clients from your own email with the same link or file, creating a snowball effect that is hard to stop. Whatever is saved or used on your network is at risk.

It's a network's Achilles heel.

Thankfully, whilst Trojans are getting sneakier and craftier as technology gets more complex and advanced, so do the deterrents and prevention we can put in place. These prevention's act the same way as a bouncer at a club; checking ID's and making sure no unwanted visitors get in.

That's what Telanova is; a bouncer. We monitor remotely and seamlessly in the background, allowing you to get on with the important work at hand without having to worry and lose sleep over network security issues. Contact us to find out how we can protect your network's city walls from attacks.

Spectre and Meltdown - Criminals take advantage in Germany

Details
Created: Tuesday, 16 January 2018
Written by Tim Nicholls
Keep secure do not download unknown patches from email links
Using the latest wide news coverage of the Spectre and Meltdown vulnerability, criminals have seized on the chance to distribute their own trojans to the unsuspecting users.

Recent news from Malwarebytes is advising that a German email has been circulating purporting to be from the German Federal Office for Information Security , with a valid SSL certificate for the website that is linked in the email, all look legitimate.However, once you visit the site, and download the zip file, inside is a file named intel, which adds to its credibility, but once the intel.exe file is run, it installs a trojan (Smoke Loader) and starts downloading and uploading encrypted data to external servers.

While this website has now been taken down by the hosting providers, there will undoubtably be further emails circulating that will try to take advantage of people wanting to download patches. So whether you are an Accountant in Andover, a Barrister in Basingstoke, or a Loan Officer in London, ensure you download the patches from the microsoft.com domain, or the apple.com domains.

For a list of the updates that are currently available, visit the tnova.uk/sandmpatches page and you’ll see the hotfix numbers that you can search the MS website from.

Flash Player - New Vulnerability

Details
Created: Friday, 02 February 2018
Written by Tim Nicholls
South Korea's Computer Emergency Response Team

News broke on Wednesday 31st January 2018 from KRCert that a new Zero Day vulnerability is circulating and users of Flash need to take action

Quick Points

  • Products affected are : Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11.
  • Affected versions are 28.0.0.137 and earlier.
  • Adobe will be releasing a security update on 5th February 2018, it is recommended that you uninstall / disable Flash Player until its release.
  • Using the exploit hackers can take control of the infected device
  • The exploit can be used via malicious MS Office files.
  • Web browsing through any browser is at risk until the patch is released.

Reduce the Risk

Uninstall Flash, or do not visit untrusted/unknown websites, avoid viewing email attachments with unknown origin, update your anti-virus to the latest version and enable real-time monitoring

GDPR Countdown Clock

Details
Created: Monday, 15 January 2018
Written by Tim Nicholls

How much time is left before the General Data Protection Regulations come into force ?

Companies worldwide that are working with European Individual's data should now be aware of the impact GDPR will have on the way they work with that data.

When do the new regulations come into force ?

25th May 2018

Here are some more questions to ask your leadership ( Download a printable version here )

  • Have you made everyone, and we mean everyone, in your organisation aware of the regulations ? Yes / No
  • Is your company aware of all the different repositories of personal data ? Yes / No
  • Has your company's privacy notice been updated? Yes / No
  • Are the processes for deleting personal data easily accessible and documented ? Yes / No
  • Have you done a trial run on how long it takes to complete a subject access request to complete it within the allowed time frame (normally 40 days) ? Yes / No
  • Does the privacy notice clearly state why the information is held ? Yes / No
  • Is all data, held under consent, clearly recorded on how that consent was attained ? Yes / No
  • If any data, is, or may belong to children, do you have a method of recording parental / guardian consent with this data, and for any data that could belong to under 18s have you got that consent ? Yes / No
  • Where are the documented procedures for detecting, reporting and investigating a data breach ? Location : _____________________________
  • Where are the documented procedures for carrying out DPIA's for new developments / technologies, or new processes ? Location : _____________________________
  • Who is/are the Data Protection Officers Name(s) : _____________________________
  • If you have overseas branches, which state is the lead supervisory authority ? State : _____________________________ / N/A
For more information visit the ICO website

More Articles ...

  1. Protect your business from ransomware and other nasties
  2. Now's the time to upgrade your wireless infrastructure
  3. Meet Jon Hobson
  4. Tales from our helpdesk: Encrypted files
Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand