Ban ransomware payments

Should ransomware payments be banned?

The Government have been recently lobbied to ban ransomware payments. They have been asked to prohibit companies and individuals being able to pay ransom demands. Cyber criminals try to scam organisation with cyber-attacks using ransomware malware. The prohibition of ransom payments would cut the flow of income to attackers. As well as shutting down the desire to hit U.K. citizens and companies with ransomware.

Prohibition of ransom payments for ransomware could mean there is no point in cyber attackers going after U.K. Alexander Culafi a news writer from Search Security explores the ban ransomware payments story in more detail.

Ransomware payments

A security firm involved in the business of combating ransomware has called for a government ban on the
payment of ransoms by companies. There was no other practical solution other than to ban ransomware payments.

Paying ransomware demands could be illegal

Companies paying ransom when attacked by ransomware in an effort to retrieve their data has always been controversial because it encourages future attacks. Now, doing so may also be illegal.

The U.S. Department of Treasury today warned that paying ransomware demands may be illegal and that companies that do so could be prosecuted.

The warning came in advisories from the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network. Both warned that any company that paid a ransomware payment, or a third party that facilitated a payment, could be prosecuted in the case that the hackers demanding the ransom were subject to U.S. sanctions.

There is an exception: Companies that are considering making a ransomware payment can do so but only with government approval.

Specific attention was given to third-party companies that facilitate ransomware payments. “Companies that facilitate ransomware payments to cyber criminals, encourage future ransomware payment demands. They also may risk violating OFAC regulations,” the Office of Foreign Asset Control said in its advisory.

Ransomware payments are controversial

Paying ransoms in ransomware attacks has always been controversial. Firstly, a serious ransomware attack could and has seriously crippled companies and cost them. Secondlay, hundreds of millions of dollars in lost business and costs. Finally, sometimes paying the ransom to obtain access to core business files is arguably worth it.

The counter-argument is that every single time a company pays a ransomware demand, it encourages future ransomware attacks. Hacking groups know this, which is why they keep deploying attacks.

An expert’s opinion

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. compares ransomware to the Italian Mafia.

“Many years ago, in Italy, there were many kidnappings by organized crime groups of the wealthy and affluent families,” McQuiggan told SiliconANGLE. “They would request large sums of money in exchange to return the victim’s loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organized crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay.”

He went on, “At first, the crime groups called the bluff of the families who couldn’t pay and killed the family member. However, after a short while, the organized crime groups realized they couldn’t pay, and quickly, the kidnapping and ransoms came to an end.”

Returning to today’s advisories, McQuiggan said that even if an organization wishes to pay the ransom, it would have to collaborate with the U.S. Treasury, FBI and other government agencies to send the funds. “The U.S. government’s recommendation of not paying comes with a similar notion of not negotiating with terrorists. Never pay the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks,” he said.

Stay protected with LIS

Unfortunately, we are unable to stop cybercrime. However, we try and help prevent it. Our clients benefit from our Anti-Spam, Anti-Virus and Office 365 Security Package solutions. Can you afford to take the risk?

Practice safe IT. STAY PRODUCTED! Contact the LIS HELP DESK to discuss your options.

LIS – Securing your digital world

#Ransomware #Cybercrime #Security #ITSupport

 

 

Upgrade your software

How Excel may have caused loss of 16,000 Covid tests in England? Microsoft’s Excel spreadsheet software may have led to Public Health England misplacing nearly 16,000 Covid test results. Due to the fact that the software has a million-row limit.

The story published yesterday by the BBC written by Leo Kelion (Technology Desk Editor) investigates what went wrong. This highlights that if you upgrade your software and talk to your IT provider, you will avoid nasty surpises. Are you using out of date operating system and software? Upgrade your software to make sure your business operates more efficiently and stays secure.

The data error led to 15,841 positive tests being left off the official daily figures. In addition, 50,000 potentially infectious people may have been missed by contact tracers and were not told to self-isolate. PHE was responsible for collating the test results from public and private labs.

Rapid development of the testing programme has meant that much of the work is still done manually. Individual labs send PHE spreadsheets containing their results. However, the system has improved from the early days of the pandemic and it is still far from automated.

Upgrade your software

More than 50,000 potentially infectious people may have been missed by contact tracers after
15,841 positive tests were left off the daily figures. Photograph: Simon Leigh/Alamy

Excel spreadsheet error caused a huge spike in Covid cases

The weekly rate of new Covid-19 cases has soared in dozens of areas of England. Nearly 16,000 cases were left unreported because of a technical error with an Excel spreadsheet.

Manchester now has the highest rate in England, with 2,740 cases recorded in the seven days to 1st October. The equivalent of 495.6 cases per 100,000 people, up from 223.2 in the previous week.

The problem has led to a delay in efforts by NHS Test and Trace to find the contacts of those who tested positive for the virus, in some cases by around a week.

Prime Minister Boris Johnson was unable to say on Monday morning how many contacts of positive coronavirus cases had been missed.

IT experts ‘surprised’ at PHE use of Excel for Covid-19 data

IT experts have questioned why Public Health England used Excel for a scheme as large as NHS Test and Trace. Once the technical error led to nearly 16,000 cases going unreported. Computing experts and academics said it is “very surprising” that Excel was used for something of this scale and not adequately tested” they said.

“It is very surprising to hear that an enterprise scale system, presumably developed by professional technologists, is expected to run on Excel,” said Adam Leon Smith, fellow of BCS, The Chartered Institute for IT, and chair of BCS’s special interest group in software testing.

“Many large organisations refer disparagingly to Excel-based applications as ‘end-user driven architectures’. They spend lots of time trying to decommission them for reasons relating to security, control and stability”.

“This is mostly because Excel is designed for end-users not complex systems. It has well-known scalability limits. Excel can’t handle unexpected situations in a way that interacting systems will be able to recognise”.

“It sounds like these limitations have manifested in real problems in this case. This is exactly why databases are normally used in enterprise applications”.

“Even if presented with a system that did rely on Excel, one of the first things that should have been identified through a testing process was a limit to the data volume it could process.”

Covid Testing

A sign in Bolton, UK reminds people of the need for testing Credit: Adam Vaughan/Shutterstock

Excel has limitations

Dr Peter Bannister, executive chair for the Institution of Engineering and Technology Healthcare Sector, said limitations of commercial off-the-shelf products such as Excel for medical uses are well-known.

“It’s disappointing to read that a lack of awareness around the limitations of a consumer software product has led to such a negative impact for all those who are relying on the Covid testing programme,” he said.

“It’s widely known within medical device development that the use of commercial off-the-shelf products, such as Excel, requires additional testing to ensure that they are able to meet the stringent requirements of use in a healthcare setting.”

The Excel spreadsheet reached its maximum file size. New names could not be added in an automated process, he advised. The files have now been split into smaller multiple files to prevent the issue happening again.

Consider file size

Jon Crowcroft, Marconi Professor of communications systems from the University of Cambridge, said file size is a “basic consideration”.

“One would think that a software engineer would have considered a worst-case test scenario for any system design – on paper before you even get to writing code – just to make sure it wouldn’t blow up in any way like this,” he explained.

“The limitations of Excel in terms of big data, which is generally a very decent piece of software, are well-known – if you look at how many people are expressing astonishment at this online, you can see that.”

He continued: “There are many big systems in Government (e.g. DVLA’s or HMRC’s) that work at this scale so there’s no excuse.

“Also, a simple sanity check on the data or error checks in the system might have told them when they hit this limit instead of discovering it after the event.

“This sort of thing is standard in sixth form or undergraduate computer science training too.”

Upgrade your software for efficient business

Has your organization been considering an upgrade to Microsoft Office 365 from on premises Office/Exchange? Perhaps you’re holding back because the word, “upgrade” is enough to scare anyone away. Most companies upgrade software when they are forced to. But in the case of Office 365, the benefits you’ll get from upgrading are delightfully easy and without doubt worth the commitment.

Contact the LIS Help Desk about how we can upgrade your software to Office 365. Take advantage of tools like Intelligent Edge, PowerApps and Flow. These tools ensure  your data is tied to the same cloud system. This enables you to access your email addresses without additional setup and configuration, as well as other benefits.

Office 365 Security Package
Our Office 365 Security Package is a bundle of software tools. The package works continuously on Microsoft Office 365 accounts. They provide genuine protection benefits that EVERY business ought to have. We manage EVERYTHING for you. It’s all in our hands, which is exactly how it should be. However, once we upgrade your software, you will have peace of mind to allow you to focus on your business.

Download our Office 365. A Risky Business? booklet to find our more.

LIS – SECURING YOUR DIGITAL WORLD

#Excel #Covid #Office 365 #ITSupportEssex

Online Covid scams

The Online Covid scams that steal your data

There have been some shocking online Covid scams in the last 6 months. As cyber-criminals have taken advantage of businesses during the global pandemic. It is important to make sure your business is not caught out. Our new video shows you the scams you should watch out for.

Business owners targeted in Covid-19 VAT deferral scam

HMRC have uncovered a new email scam produced by hackers. The latest of many recent scamming attempts by criminals is using the topic of coronavirus alongside the subject of VAT deferrals to trick you into giving away sensitive data.

A recent article published on the TechRader website, explains how hackers continue to exploit business vulnerabilities.

Aimed at small business owners, the fake HMRC email attempts to purloin confidential information from ventures struggling to cope with the ongoing effects of the pandemic. Between March and June 2020 HMRC allowed VAT payments to be deferred. The email scam pretending to be from the Revenue tries to dupe companies affected into revealing private information including account names, passwords and payment details.

Helpful tips to avoid online Covid scams

Know how scammers may reach you. Scammers are taking advantage of the increase in COVID‑19 communications by disguising their scams as legitimate messages about the virus. Alongside emails, scammers may also use text messages, automated calls and malicious websites to reach you.

Be cautious of requests for personal or financial information. If you receive an unsolicited request for information, take extra time to evaluate the message. Scammers will often ask you to input login information, or share bank details and addresses with them. They may also request payment via bank transfer or virtual currency.

Double check links and email addresses before clicking. Fake links often imitate established websites by adding extra words or letters. If it says something like “click here,” hover over the link or long press the text to check the URL for mistakes ─ being careful not to click it. Misspelled words or random letters and numbers in the URL or email address may also indicate a scam.

Search to see if it’s been reported. If somebody has sent you a fraudulent message, it’s likely they’ve sent it to other people as well. Copy and paste the email address or phone number. Alternatively, copy the most suspicious portion of the message into a search engine to check if it’s been reported.

Not Sure What IT Security You Need?

Security is one of the most important considerations when building any network. It doesn’t matter whether you are a small business or a multi national corporation, security should be your top priority. Recently office, home and mobile networks have been targeted more by cyber criminals across the globe. As with all forms of crime, the first victims are the low hanging fruit. But the criminals are getting more sophisticated. So businesses need to keep one step ahead.

At LIS, we can conduct an IT security audit to help you identify the right level of protection for your network. Contact the LIS Help Desk for your free consultation and find out how to protect your IT network against data breaches, viruses and more.

LIS – SECURING YOUR DIGITAL WORLD

#Covid19Scams #Top10Scams #DontFallForIt

Which printer should you buy?

Which printer should you buy for the office?

Inkjet or laser? Black and white or colour? To find the best printer that will deliver high-quality prints at a pleasingly low cost, read our expert guide about which printer should you buy?

The most important question to consider when buying a new printer is: inkjet or laser? Other key questions include whether you want to scan and copy as well as print? Are happy with just black and white or do you want to print in colour? And do you want wireless printing features, such as Apple AirPrint?

“Computers I can live with, but printers I hate from the bottom of my heart” says Adrian Chiles in his opinion computing column of The Guardian.

Which printer should you buy

Looking for the best printer to suit your needs? The abundance of choice is good – it means no matter what type of printer you need, you’ll be able to find one that’s perfect for you.

Which printer should you buy?

Do you need printouts fast, or is quality more important? What sort of documents will you print the most? Will you print from one computer, or lots of devices? How much do printing costs matter to you?

Printers can generally be split into two main categories, based on the ink technology they use: inkjet or laser.

They’re also referred to in terms of their features – such as wireless printers, or the tasks their best suited to – such as home office printers. Below you can find out the characteristics of the different types of printers to decide which will suit you best.

How much should I spend?

You can buy a new inkjet printer for less than £50 and you don’t need to spend much more to get a good one. For around £150, you’ll get a high-quality all-in-one, colour laser printer.

The more you spend, the more features you’ll get from your printer. But, these days, even an all-in-one printer/scanner with wi-fi and Apple AirPrint could only cost you £40. For more than £100, you’ll get home-office features such as an automatic document feeder, or automatic double-sided printing.

What is an inkjet printer?

Inkjet printers are great all-rounders. They can handle text-heavy documents such as a student’s coursework or minutes from a meeting, but they can also print photos – and do a better job of it than a laser printer. They’re quiet and unobtrusive, and they also take up less desk space than a laser.

However, inkjets are usually more expensive to run than laser printers, costing you more in ink per printed page than you would pay for laser toner. That’s not necessarily the case with a few business-focused inkjet printers, but as a rule of thumb, inkjets cost you less up front, but more in the long term.

  • Pros: Smaller and cheaper than laser printers, can produce good-quality colour prints
  • Cons: More expensive running costs, slower to print black text pages than a laser

What is a laser printer?

Laser printers shine when it comes to printing a lot of black text, and while colour models are more expensive than colour inkjets, they also produce professional-looking business graphics. They’re normally faster than inkjets when it comes to this kind of job and can handle a heavier workload if you’re planning to print a lot of pages every month.

What’s more, while the toner cartridges are expensive, each one prints a lot more pages than an inkjet cartridge, so the actual cost per black-and-white or colour page is usually much less. However, laser printers are usually bulkier and noisier than the equivalent inkjet printer and will take up more space on your desk.

While they can produce good graphs and charts, colour laser printers aren’t much good at printing photos. Stick to an inkjet if you’re likely to print off your holiday snaps.

  • Pros: Fast prints and good-value printing for black-and-white pages
  • Cons: More expensive to buy, bulkier and often noisier than inkjets.

What is an all-in-one printer?

You can buy straightforward inkjet or laser printers, but a device that scans and copies as well won’t cost you a whole lot more. Most have wi-fi connectivity so that you can print from several PCs or laptops, not to mention tablets or smartphones. Some include a fax function, too.

Some all-in-one printers have an automatic document feeder (ADF) on top, which is handy for scanning and copying multi-page reports.

  • Pros: Can scan, photocopy and fax as well as print
  • Cons: Tend to be larger models that take up more space

What is a photo printer?

The term ‘photo printer’ covers a wide range of devices. To some, it’s an A4 all-in-one that’s really good at printing photos. To others, it’s a dedicated compact photo printer that only prints small photos. Or perhaps you want an A3 specialist model with dedicated photo cartridges and high-resolution print heads for lab quality photo prints.

Photo printers usually have memory card slots and a USB connection on the front, so you can plug in your camera’s memory card or connect the camera itself and print away, with or without a PC.

  • Pros: Optimised for photo-sized prints
  • Cons: Can’t guarantee better print quality than a more flexible regular printer

What is an A3 printer?

If you want to print large office documents, posters or photos to hang on your wall, then an A3 printer is the one for you. They cost more money and take up more desk space, but they can print on larger sheets of paper than a standard A4 printer. Some have a strong photographic or design focus.

  • Pros: Ideal if you need to print at poster-size
  • Cons: Take up significant space compared to regular printers

Black-and-white or colour: Which printer should you buy?

Black-and-white inkjets are now pretty much extinct, but you can still save a little money by opting for a ‘mono’ (black-and-white) laser printer. These are cheaper to buy than colour models, and if you’re mostly printing black text on white pages, you’ll also find them nice and cheap to run.

Colour makes your printer much more versatile, however. On the off chance you ever need to print a photo or colour document, a colour printer is worth having.

Should I consider a wireless printer?

Wireless internet, or wi-fi, is an excellent feature to look for in your new printer. It enables you to connect it to the internet without needing a cable. This means you can place your printer where you like in your home.

Once you have connected your wireless printer to the internet, you can access a range of online services, such as the free mobile printing apps offered by the big printer brands – HP, Epson, Canon and Brother.

Other online features to look out for include Apple AirPrint, enabling you to print from Mac, iPhone and iPad devices more easily, and Cloud Print, enabling simpler printing from Google programs and services.

Still undecided?

Technology can be a mine field. Do you buy on price, make and model or recommendation? Which printer should you buy? Let us take the stress away from you. Contact the LIS Help Desk and speak to one of our friendly advisors. We spend time finding out about your business and requirements. We will then recommend the best option to suit your needs. When you speak to a LIS technician, you can be sure to receive, honest impartial advice.

LIS – SECURING YOUR DIGITAL WORLD

#technology #printers #hometech #officetech #ITSupport

Successful security audit

Successful security audit for business

How can your business manage a successful security audit? IT audits—no one enjoys them, but they are a critical part of today’s IT security solutions. Audits are necessary to keep your company’s network and assets safe and secure.

Whilst it is true a successful security audit is necessary, dealing with outside auditors can be a less than pleasant experience. What happens if they make a mistake? What if they don’t do their work properly? Then as the leader of the IT department, you’ll bear the responsibility, especially if an intruder subsequently makes their way into your systems.

Is there a way to have a successful security audit, even when bringing in outside auditors? The answer is yes, when the audit is done in the right way and with the right auditor.  In a recent article by Mark Weir from from Techrader, he asks how much security is enough?

Successful security audit

Cybersecurity is a major concern for businesses, especially since hackers are getting smarter and bolder. To protect your company, a robust cybersecurity strategy is vital.

Establish security through annual audits

While security audits are important, many companies fail to conduct annual audits on their networks. The reasons for this are many. Some view this as unnecessary—if they’ve not suffered an incident, then they must have strong enough security. Another reason could be the expense of having an audit each year.

While these reasons may seem understandable, the fact is that businesses are facing more security breeches than ever before. This is true for businesses of all sizes—from corporations down to small businesses. Now is the right time to ensure your network is secure, rather than waiting to be hacked.

If your company has never conducted a security audit, then it’s time to implement annual audits. You might think of an annual security audit as being similar to having a physical each year. The doctor does a first physical exam and uses this as a comparison for future physicals. When something is different in a subsequent physical exam, then it must be investigated.

Spell Out Your Objectives

When it comes to finding the right auditor, it’s a good idea to develop your audit objectives in advance. These may include:

  1. Writing down a list of all company assets (including data, computer equipment, and more)
  2. Define the security perimeter: things that will be included and those that will not be included in the audit.
  3. Define threats
  4. Prioritise Risks
  5. Make a list of security improvements and best practices to eliminate threats

Now you have a list of objectives for the audit, meaning these are the areas that the auditor needs to focus on.

Choose auditors with experience

What you’re looking for is an auditor (or a team) that has real-world experience with security technology. This way they’ll have the ability to even the most elusive and serious security issues. You might also ask to see any published works they’ve written. This is another way to see if the auditor has the experience and the knowledge to conduct a proper security audit.

Instead, contact business connections and see if they can recommend some experienced security audit firms. In addition, ask each audit firm for a list of references to past clients, and then contact these firms and ask about their own experience with the audit firm. Once you’ve created a list of auditing firms, ask them for details on how they conduct an audit.

Prepare for a successful security audit

Now that you’ve found the right auditing firm, you’ll need to make sure they’re onboard with your objectives and the type of data they’ll have access to. This is where many companies and auditors have their first problem. Everyone assumes the other side knows what data will be accessed during the audit. The auditor may have their own ideas on the subject, and your company may have its own view on the matter. Never make the assumption that you and your auditor are on the same page about access to data. This is something that should be agreed to by you and your auditor before the audit begins.

In addition, it’s necessary to keep those people and departments involved in the process. You’ll want to involve the department managers who will be affected by the audit. This way, they won’t face sudden, unpleasant surprises in the course of the audit.

Successful security audit rules

  1. Managers will need to determine any specifics to limit impact on their systems. They may specify the day and time when testing will be optimal for their processes.
  2. Auditors will need an “indemnification statement” that gives them authorisation to conduct the audit. This should also be sent over to your ISP, so they aren’t alarmed by the large volume of port scans on their address space.
  3. Auditors generally expect access to certain data and documentation to analyse your network. These may include:
    • Copies of all policies and procedures (may include passwords, virus scanning, acceptable use info for employees), privacy guaranteed (to keep company users and client data secure), privileged access and incident handling.
    • Information about your network, and specification of target IP ranges
    • List of security devices (firewall, IDS)
    • List of software used on the network
  4. Ensure the auditor has a plan, and that they provide you with the details.
  5. When the audit’s completed, you can review the results to plan your future strategy. The audit report should cover:
    • Threat sources (internal and/or external)
    • Probability of an attack on the network
    • Impact of the attack (should outline how much money the company could use, would this affect the company’s reputation, and more)
    • Recommend actions to fix any problems

In conclusion

Whilst a successful security audit is not fun, they are essential. Especially when you see trends that change overtime. The audit provides essential information on the health of your network. As well as vulnerabilities that could put your company in danger.

Contact the LIS Help Desk to conduct a security audit with confidence, knowing your network will be more secure as a result. Our experienced team are always on hand to answer your questions and keep your business secure.

LIS – SECURING YOUR DIGITAL WORLD

#Security #Audit #ITSupport