telanova Blog

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

Email attachments are too dangerous!

Email attachments are too dangerous! Email filters, Antivirus, UTM (Unified Threat Management) appliances etc, all attempt to mitigate that risk, but they won’t catch the very latest attacks. Allowing everyone on the internet to send you attachments is like leaving your door unlocked and only tackling the bad guys when they’re halfway up the stairs!

Email attachments were invented in the early days of the internet when the internet was a far safer place, and they haven’t been improved since. It’s time to replace them with something better.

Most cloud storage products (Microsoft OneDrive, Dropbox etc) have two features that replace the role of emailed attachments with something far safer.

  • When you want a file from someone, send a “File request”. The recipient will receive a link they can use to upload the files to you.
  • When you want to send someone a file, “Share” the file/folder with them.

There are other advantages too

  • Guaranteed encryption in transit
  • Set a time limit for access, e.g. 30 days
  • Made a mistake? Revoke access at any time
  • Track when files are accessed

Once your colleagues and business contacts have become familiar with the new way of working you can block email attachments outright, allowing file sharing only via your approved platforms (eg Office 365, G suite, Citrix Sharefile, or the specific platform relevant to your industry)

We have successfully implemented this for several of our customers with compliance requirements in the fields of Finance, Accounting etc.

Contact us to manage the whole process for you, training, implementation, and blocking.

How is next-generation AV different?

There is a lot of buzz in the IT world about Next-Generation Antivirus (NGAV), but what’s the difference compared to traditional antivirus?

Traditional antivirus relies on signatures. A signature is like a fingerprint, a way to uniquely identify each malware item. The antivirus vendors attempt to obtain every single malware in existence to take their fingerprints. When your antivirus updates it is receiving the latest set of fingerprints. If you encounter a new strain of malware before your antivirus vendor does, your antivirus won’t detect it. Unfortunately the malware writers can just make a trivial change to their code and the fingerprint changes too.

NGAV analyses the behaviour of each program running on your device. If a program is opening multiple files, encrypting them, then deleting the original then that’s behaving like ransomware. It will stop the program and move it to the quarantine. It does not rely on the vendor having seen that exact malware before.

Other NGAV features vary between vendors, but some useful ones are:

  • Attack forensics - View the chain of events of a particular attack, which files were touched, etc
  • Sandboxing - Run a suspicious application in a safe sandbox before allowing it to run in your environment
  • Risk analytics - Get notified of risks within your organization such as misconfigurations, vulnerabilities etc
  • Device roll back - Roll a device back to the state it was in before the attack
  • Ransomware warranty - The vendor will pay compensation if due to ransomware the device roll back feature was not able to restore the device to the state it was in before the attack
  • Self Isolation - When a threat is detected, isolate the device from the network until the threat has been resolved

Contact us to improve your organisation’s security

Top tips for a virtual social!

At telanova we’ve had some really good fun at virtual socials. We want to share with you some of our top tips to make the most of the current situation. Your colleagues will be raving about what a great time they had.

Activities

Have multiple activities prepared in case the main one gets boring or isn’t a crowd-pleaser. So here are some ideas that have worked well for us.

Games

Quiz night

Get everyone to write 5 questions (theme related) and send them to you in advance of the event. You could even use powerpoint!

Or buy a pub quiz book: Here

Visit a museum (virtually)

Many museums have virtual tours. Just visit and browse through together.

British museum
Natural history museum

Irreverent comments obligatory.

Talent show

Host a virtual talent show. Let everyone show off their talents and vote for a winner!

Food and drink

Tell everyone in advance to get themselves drinks and snacks just like they would in the real world. Maybe order pizza for everyone with the same arrival time and see whose arrives first!

Theme

Pick a theme for the social: maybe a specific country, or Disney, musicians, film characters etc. Have a competition with points for:

  • Best fancy dress
  • Best custom virtual background
  • Best snack / drink

Structure

Have a timetable and allocate time to different ideas and activities. You don’t need to stick to it but it helps keep things rolling. For example:
  1. 18:30 - 18:45 Chatting and catching up
  2. 18:45 - 19:15 Game 1
  3. 19:15 - 19:30 Food / Drinks / Chatting
  4. 19:30 - 20:15 Quiz
  5. 20:15 - 20:30 Food / Drinks / Chatting
  6. 20:30 - 21:00 Museum tour

Proper Prior Preparation Prevents Poor Performance!

Make sure you get everyone to test their webcam and microphone before the big night so everyone can enjoy the party without any hassles. Get them to set themselves up with their device in a stable position. No one wants to hold a phone up for hours!

Get the party night right and your street cred in the company will be assured for years to come!

Buying the right cloud solution

A few of our clients have been sold cloud solutions, only to find they weren't quite what they were expecting.

They expected something that ran in a web browser. This approach is called SaaS or Software as a Service. The application itself runs in the cloud and you interact with it via a web browser. Things like webmail or internet banking are examples of SaaS. All computers have web-browsers and all users know how to use them. No special software is needed and you can access it from anywhere you have a web browser and internet . A disadvantage to this approach is that the software may look and feel different to the application you are used to. So some user training may be needed.

However, the solutions they purchased required logging on to a remote desktop and running the application from there. This may have the advantage that the software is very similar to the on-premise application they are used to. But it comes with extra baggage: you need a piece of software to log on to the remote system, you might need training in using this remote desktop, accessing other resources (printers, emails, files) not on the remote system is possible, but difficult. It’s impractical to access this type of service from a mobile. This type of cloud solution is known as IaaS or Infrastructure as a service - the server and desktop infrastructure are running in the cloud.

There is a third type of cloud solution called PaaS, Platform as a Service. This allows you to develop your own program to run on the cloud. It is typically for software developers or for in-house software.

They’re all cloud solutions - but offer a very different experience. We help our clients explore the pros and cons of different solutions to help them understand which one will work best for them. To understand which cloud solutions would work best for you:

Phishing attempts are getting more dangerous

A teacher at a school we support, forwarded to us a suspicious email from a student’s parent. It was a phishing email with a link to a website that looked identical to the school’s. But it was fake and requested the teacher’s username and password.

Ultimately the hackers would be trying to get control of the school’s servers, get fake invoices paid, divert salary payments, install ransomware etc.

We advised the teacher to delete the email, to advise the parent that their email had been hacked and to warn the other teachers.

This was a school, but it could just as easily be a business, a charity etc.

We offer security awareness training coupled with regular testing to improve your staff’s skills at recognising phishing attempts, and protecting your organisation from damage.

Contact us to protect your business from phishing.

Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand