telanova Blog

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

Check your website if you use Symantec SSL Certificates

Reported last year, the decision was taken by Google to stop trusting some Symantec SSL Certificates on servers. This decision was taken after a number of failings in the authorisation chain of Symantec Certificates. Back in 2017 there was a public posting questioning the authentication of a number of Symantec Corporation PKI certificates. It appeared that a number of certificates issued did not conform to correct baseline requirements, and Symantec had authorised other organisations to issue certificates on their behalf without appropriate oversight.

The Google Chrome browser which is used by the majority of users when surfing the web will stop trusting these certificates when the update is released on April 17, 2018.

What do I need to do

If you run a website you need to follow the simple steps below to check that your website will not be affected

If you do not run a website, you can continue to browse the web as normal, when you come across an affected website, Chrome it will prevent you accessing it until they resolve the issue.

How do I check my website

To confirm if your website will be affected on 17th April follow these steps :

  • Open the Google Chrome Browser (You'll need Version 63.0.3239.132 - or newer)
  • Go to your website
  • While you are on the main page of your website, open the Console Log, this can be done by one of the following:-
  • Pressing the F12 key
  • Pressing CTRL+SHIFT+I
  • Click the 3 dots, choose "More Tools" > "Developer Tools"
  • Click on the Console option along the top of the area that opens next to the web page
  • If you see the following message your website will need to obtain and install a new certificate
  • The message :

I'm affected and I need help

If you are affected and don't have an appropriate web hosting contract / support contract that covers the issue, our Timebank Service can be used to purchase time for a Consultant to investigate for you, please email This email address is being protected from spambots. You need JavaScript enabled to view it. with the subject "Please assist with my Website SSL"

Flash Player - New Vulnerability

South Korea's Computer Emergency Response Team

News broke on Wednesday 31st January 2018 from KRCert that a new Zero Day vulnerability is circulating and users of Flash need to take action

Quick Points

  • Products affected are : Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11.
  • Affected versions are 28.0.0.137 and earlier.
  • Adobe will be releasing a security update on 5th February 2018, it is recommended that you uninstall / disable Flash Player until its release.
  • Using the exploit hackers can take control of the infected device
  • The exploit can be used via malicious MS Office files.
  • Web browsing through any browser is at risk until the patch is released.

Reduce the Risk

Uninstall Flash, or do not visit untrusted/unknown websites, avoid viewing email attachments with unknown origin, update your anti-virus to the latest version and enable real-time monitoring

GDPR Countdown Clock

How much time is left before the General Data Protection Regulations come into force ?

Companies worldwide that are working with European Individual's data should now be aware of the impact GDPR will have on the way they work with that data.

When do the new regulations come into force ?

25th May 2018

Here are some more questions to ask your leadership ( Download a printable version here )

  • Have you made everyone, and we mean everyone, in your organisation aware of the regulations ? Yes / No
  • Is your company aware of all the different repositories of personal data ? Yes / No
  • Has your company's privacy notice been updated? Yes / No
  • Are the processes for deleting personal data easily accessible and documented ? Yes / No
  • Have you done a trial run on how long it takes to complete a subject access request to complete it within the allowed time frame (normally 40 days) ? Yes / No
  • Does the privacy notice clearly state why the information is held ? Yes / No
  • Is all data, held under consent, clearly recorded on how that consent was attained ? Yes / No
  • If any data, is, or may belong to children, do you have a method of recording parental / guardian consent with this data, and for any data that could belong to under 18s have you got that consent ? Yes / No
  • Where are the documented procedures for detecting, reporting and investigating a data breach ? Location : _____________________________
  • Where are the documented procedures for carrying out DPIA's for new developments / technologies, or new processes ? Location : _____________________________
  • Who is/are the Data Protection Officers Name(s) : _____________________________
  • If you have overseas branches, which state is the lead supervisory authority ? State : _____________________________ / N/A
For more information visit the ICO website

Spectre and Meltdown - Criminals take advantage in Germany

Keep secure do not download unknown patches from email links
Using the latest wide news coverage of the Spectre and Meltdown vulnerability, criminals have seized on the chance to distribute their own trojans to the unsuspecting users.

Recent news from Malwarebytes is advising that a German email has been circulating purporting to be from the German Federal Office for Information Security , with a valid SSL certificate for the website that is linked in the email, all look legitimate.However, once you visit the site, and download the zip file, inside is a file named intel, which adds to its credibility, but once the intel.exe file is run, it installs a trojan (Smoke Loader) and starts downloading and uploading encrypted data to external servers.

While this website has now been taken down by the hosting providers, there will undoubtably be further emails circulating that will try to take advantage of people wanting to download patches. So whether you are an Accountant in Andover, a Barrister in Basingstoke, or a Loan Officer in London, ensure you download the patches from the microsoft.com domain, or the apple.com domains.

For a list of the updates that are currently available, visit the tnova.uk/sandmpatches page and you’ll see the hotfix numbers that you can search the MS website from.

Protect your business from ransomware and other nasties

Ransomware is a type of malware that encrypts every file it can find on your network. When you try to access one of the files you can’t: a popup demands payment of hundreds or thousands of pounds to unlock them for you. Some notable examples of ransomware that you may have seen reported in the news are Cryptolocker, Locky, and CryptoWall.

 

Telanova has a multilayered approach to protecting your business from ransomware and other nasties:

  • Prevention - The first line of defence, to stop malware from getting in

  • People - Some malware may penetrate you defences, your staff need to be on the lookout

  • Limit damage - If malware manages to penetrate your defences and get past your staff, make sure it can do as little damage as possible

  • Fast recovery - The last line of defence for your business is to make sure you can get back up and running again as fast as possible following an infection

 

Prevention - You need a belt and braces approach. telanova will check you system and advise. At a minimum you should deploy all of these:

  • Email server security - to scan incoming emails before they reach you

  • Web security - to scan web pages before you open them

  • Antivirus/antimalware - to protect each individual device

 

People - There is a constant arms race between the people who create the ransomware and the people who write the software to protect you. When new ransomware comes along for the first time, your security software may not protect you from it. So you need your staff to be vigilant. telanova will train your staff:

  • To identify the different types of fraudulent emails (phishing, spear phishing, whaling etc)

  • To spot bad links in emails

  • Don’t visit suspicious websites

  • To report anything suspicious on their devices asap

  • To know what to do immediately following an infection

 

Limit damage - In the event something manages to get through all your defences, it is important to limit the damage. You don’t want your business grinding to a halt from a single infected device. telanova will:

  • Lower each staff member's privileges to the minimum needed for their job

  • Make sure each staff member can only access the shared folders they need

  • Separate personal and guest devices from your business network

 

Fast recovery - Downtime is costly to your business, we can make sure your recovery is as quick and painless as possible. Telanova will:

  • Ensure your backup system is sufficient for your recovery requirements

  • Perform regular disaster recovery tests

  • Consider a deployment solution to quickly wipe / reinstall PCs

 

Contact telanova on 01344 989 530 or This email address is being protected from spambots. You need JavaScript enabled to view it. to protect your business from ransomware and other types of malware

Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand