How a Microsoft Phone Scam nearly destroyed a business

How a Microsoft Phone Scam nearly destroyed a business

It was a normal day in Fresh Mango’s BVI office on Tortola when the telephone rang.

It was one of our clients based on the island of Virgin Gorda, and judging by the shouting they were not happy. 

It took a while for our technician to calm him down. Having eventually done so he was able to ask what the problem was. It turned out that the client had received a telephone call from Microsoft. The caller had advised that our client’s computer systems were not secure. They had not been kept up to date and they were in need of urgent security updates, or else our client was at risk of a cyber hack.

‘I mean, for goodness sake, I pay you a monthly retainer to manage my IT systems! What do I pay you for if you can’t do something as basic as updates!!!’

The Fresh Mango technician immediately recognised this for what it was (a Microsoft Phone Scam) but needed more information. 

‘When did they call you?’ He asked.

 

‘About half an hour ago’.

 

‘I see, and how did you leave it with them?’

 

‘I haven’t left it’ said the client. They are on the other line. They needed to access my computer to implement all of the necessary updates.

 

Now very worried, the Fresh Mango Technician asked ‘You mean you have given them access to your computer and they are on it now?’

 

‘Yes, of course’.

At this point our technician had no choice but to tell the client what was going on. ‘You need to disconnect your computer from the internet RIGHT NOW. You are being scammed and hacked.’

 

 

Silence on the other end of the line. Our technician imagined a penny dropping.

 

 

‘You, you mean it isn’t Microsoft?’

 

 

‘No, it’s a scam. Disconnect your device now and hang up the other line to the caller. 

Then confirm to me when you have done so.

A few moments later the client confirmed all had been disconnected.

Our technician then advised he would catch the next ferry to Virgin Gorda and would need to conduct a complete security sweep of the client’s systems.

Epilogue

The ‘Microsoft’ caller had installed key logging software and monitoring software on the client’s systems. Fortunately the hadn’t been able to access financial data or client data since we had that locked down.

A couple of months later I bumped into the client in a local bar. He was most grateful for what we had done, he realised that his business could have been severely compromised financially.

 

‘No problem’ I said. ‘That’s what you pay us for.’

Postscript

Never act on a call from someone claiming to be from Microsoft (or any other company for that matter). Ask them for a reference number and tell them you will call them back. Do not call any number the caller provides (!) – use the number on the website for the company. Or call Fresh Mango.

 

And, for the record, we conduct monthly security patching (as well as emergency patches) for all our retainer clients, diligently.

Why Cyber Essentials has a positive impact for SMEs

Fresh Mango Technologies has been assisting companies in achieving Cyber Essentials accreditation for several years now.

We were recently asked if we could provide examples of how CE accreditation has benefitted clients who we have assisted. Great question! A simple way to find out – we asked them! We’re pleased to share some of their answers below.

Why Cyber Essentials? Client 1 - Move to a Better Solution

A customer prior to achieving CE accreditation had 3 on-premises servers and separate MDM software for mobile devices.

 

Undertaking CE allowed a better solution to be proposed, Intune. This removed the requirement for 3 servers and a separate MDM software, bringing it all into one place.

 

KISS, “Keep It Simple Security”. The importance of simplicity in security measures to make them more effective and easier to manage was achieved by implementing Cyber Essentials.

Client 2 - Upgrading Hardware

Prior to implementing CE, this customer was using basic and unsupported networking equipment.

 

This was upgraded to meet the CE specification and provide constant resilience to provide daily protection from threats before and within the network.

Why Cyber Essentials? Client 3 - Implementing Secure Configuration

Before implementing Cyber Essentials, this customer was using shared accounts and no multi-factor authentication.

 

Subsequently, as part of the CE accreditation, all accounts and permissions were separated out, and multi-factor authentication was enabled.

 

This ensures constant resilience by reducing the threat landscape as no shared accounts, and correct file permissions will always be in place and reduce the risk of unauthorised access.

Client 4 - Compliance with Contracts

Cyber Essentials helps businesses see the importance of cybersecurity and how It affects all their stakeholders, not just themselves.

 

It demonstrates how important it is to have secure systems to protect other people’s data and systems.

 

Increasingly procurement departments are requiring CE accreditation from suppliers. This is because they know that CE helps identify companies who understand how resilience with cyber security is key to successful operations, not just a small add-on.

So there you have it – straight from the horse’s mouth! So, now that you’ve seen how Cyber Essentials has benefitted some of our clients, isn’t it time to get your business CE accredited?

 

Contact Fresh Mango today to commence your CE journey. 

How professional IT Support improves your cyber security

A couple of years ago we were contacted by a local business that we had never dealt with before. They wanted us to take a look at their IT systems because they had been the victims of a cyber attack. 

 

Sure, no problem.

So we visited their site and the story was simple – someone had changed the bank account details in their accounting package for their largest suppliers. So when automatic scheduled monthly payments were made, they did not go to the suppliers, but to a single account that was clearly controlled by whoever had made the changes.

The company did not have anybody managing their IT professionally, and the evidence and consequences of this quickly became apparent.

The most immediately obvious (and concerning) issue was the use of a USB drive. They ran their business using third party software. They suspected that one of the PCs in their accounts department had been hacked, so they had isolated it from the network (good). Unfortunately, on advice from their third-party software supplier, they had copied essential data from that PC, via a USB stick, to other PCs that were on their network. It simply did not occur to them that they could be spreading malware by doing this (and shame on the third-party supplier for their ‘advice’!)

What happened?

We conducted a forensic investigation and we found that there had indeed been a hack. However, it could have been stopped in its tracks had the most basic IT precautions been in place. This is what happened:

An email with an ‘invoice’ attachment was sent to the client’s generic email address, with the message ‘please forward to the accounts department’. The recipient forwarded it. First opportunity to avoid the hack missed.

4 people had access to the accounts@ email address. By chance only 1 person was in that day. She opened the email and attempted to download the attachment. Nothing happened, the attachment would not download. She thought no more about it and left the office at the normal time. Second opportunity to avoid the hack missed.

That evening, the hackers accessed the accounts dept PC remotely. The ‘invoice’ was in fact remote access software that had been installed when the lady in accounts attempted to download it. NB – had the principle of least privilege been applied to all PCs on the network, the software would likely not have been downloaded. Third opportunity to avoid the hack missed. Furthermore, the company did not have a commercial anti-virus software installed, again this would likely have detected the malware. Fourth opportunity to avoid the hack missed.

Since the PC had Administrative rights, the hackers then discovered they could access the server and the accountancy software package, neither of which were password protected. Fifth and sixth opportunities to avoid the hack missed.

The hackers spent just under an hour on the client’s systems, during which time they changed the bank account details for the largest suppliers. They then logged off and waited for the money to roll in, which it duly did at the end of the month.

So, the story shows how just the most basic of professional IT support can help to avoid cyber attacks. The above scenario would be avoided with a professional IT support company implementing the following:

  • Basic user awareness training
  • Principle of least privilege
  • No administrative access for any staff
  • Strong passwords implemented for all systems and software
  • Two-factor authentication on critical systems eg Accounting software
  • A professional anti-virus solution in place

So, the moral of the story is simple – ensure you have professional IT Support in place for your business and you will go a long way to improving your cyber security. 

What happened in the end

If you’ve read this far you’re probably keen to know what happened. Well, we conducted a forensic cyber analysis and handed it to the police. With our evidence, they found and successfully prosecuted the hackers, and all but £9k of the funds stolen (which were in excess of £100k) was recovered. A happy ending in the circumstances, but I’m sure you would agree best to avoid it in the first place!

My first home computer

The Atari 800

This is my latest blog piece delving into nostalgia of how IT was an integral part of my youth and upbringing.

This time I’m writing about my first ever home PC. With the advent of home computers such as the Commodore 64, Apple II and Spectrum ZX-81, the home PC market was created and began to gain traction in the late 1970s and early 1980s.

Atari recognised, rightly, that while these gadgets in the home could be useful for balancing chequebooks, keeping recipes or perhaps writing letters, one of the big uses was going to be computer games. As they were then masters of the computer game business with their 2600 console (which I wrote about here), they decided to build two computers? One could take on the Apple II, but also plug and play cool cartridge games (the Atari 800). The other, a cheaper model, could be marketed as a games machine but could also be used as a real computer (the Atari 400).

Atari 800

So I asked for – and was kindly given – a birthday present of an Atari 800 home computer. It had a ground-breaking 48k of memory (yes that is a k, not an M or a G!). It had a standard QWERTY keyboard with 62 full-travel keys and 4 special keys to the right of the keyboard.

It was easily one of the best-looking models available. It also stood out amongst the other computer offerings of the day with its graphics and sound capabilities. It was capable of producing up to 256 colours. It’s fair to say that in the Atari 800 was in another league compared with any of the competitor models available at the time. Like all home computers of that time, it could be attached to a TV, but uniquely it could also be attached to a high-resolution monitor.

So what did I do with the Atari 800? Well I didn’t play games on it (I had the Atari 2600 for that!). I actually learned to program on it, in the BASIC computing language. This stood me in good stead when I subsequently studied computing studies and took an ‘O’ level in the subject (to younger readers that’s like a GCSE).

Unfortunately for Atari, they got themselves caught in a strategic dilemma in the 1980s, trying to be both game company and home PC company. Ultimately this was to be their downfall, but that’s another story. So there weren’t many Atari home PCs after the 800.

As I sit here writing this blog on a Dell laptop with 64GB of RAM, it’s almost unfathomable that I could ever have written programs on a home PC with 48k of memory. But I did, and one of them carried me through my ‘O’ levels as well as school tests.

 

So there you have it, my favourite computer of all time, the Atari 800.

Atari Game Console

The 'Game changing' Atari Game Console

I’m continuing my theme from last month of influences on me which resulted in a career in Information Technology and computing. This month – the Atari Game Console.

I still remember the feeling of awe when I first heard about the Atari Game Console as a child. It was simply unbelievable!

 

I was playing the state-of-the-art tennis game on my TV – people of a certain age may remember it as ‘Pong’. You plugged the console into your TV and it allowed one or two players to move a ‘bat’ up and down, to ‘hit’ a ball that was bouncing horizontally across the screen.

 

For anyone who doesn’t remember, there is a Youtube link below that demonstrates it.

This was as good as home video games got in the early 1980’s!

 

Then a friend of my parents visited us, saw me playing ‘Pong’ and told me all about the new games that were coming out. He described being able to control a small biplane and shoot at another biplane on screen.

 

For a nascent teenager who was into ‘gaming’ it was mind-blowing!

Before too long I got to hear all about it – it was called Atari and it wasn’t limited to just one game – there were hundreds! You simply plugged in the relevant game cartridge and away you went.

 

The true genius of the Atari game console was that it recreated arcade games in your own home. I was fortunate to receive one for Christmas, and of course, all my friends, and friends of my parents in the older generation, were all completely hooked.

 

There is an interesting Youtube video below on the evolution of the Atari Game console.

I don’t recall all of the games I had, but I think it’s safe to say my favourites were the ones I still remember today:

 

  • Space Invaders (of course!)
  • Defender

 

Clearly some love of science fiction was already built in (I was in the Star Wars generation after all!)

So there you have it. The Atari Game Console was an early indicator of where my eventual career would lie. By modern standards of course the games look  remarkably primitive. Yet I think there is an innocent purity to them. The game designers achieved amazing results with very limited computing power, and they deserve great credit for that.

 

I hope you’ve enjoyed this trip down memory lane. Next month, another Atari….

 

Guy Phoenix

How long have you been in IT?

I’m often asked if I’ve been in IT all my life. In terms of career roles, the answer is ‘no’ since I’ve been fortunate to hold a variety of positions in the companies I’ve worked for and owned.

 

But I thought about the question a bit more recently and realised that I’ve had an interest in electronics/IT/computers for as long as I can remember. I can still remember the surprise (or was it exasperation?!) on my parent’s faces when they asked me what I would like for my birthday, and I told them I would like one of the new electronic calculators that had just come out.

 

I was 7 years old!

 

I’ve turned the house upside down but can’t find that original calculator. I was able to unearth a picture of one like it and attach it here. It’s interesting to see that calculators haven’t actually changed that much, so it was amazingly ahead of its time.

 

So there you have it, my new answer to the question of ‘how long have you been in IT’ will be ‘as long as I can remember’!

 

IT all my life

 

Guy Phoenix is the Managing Director of Fresh Mango Technologies and Their sister company in the British Virgin Islands.

Going to the Dentist

Your IT Team - like your Dentist only without the pain

What on earth is he on about in this blog? What has dentistry got to do with IT or computers? He’s obviously still in the ‘Christmas Spirit’…

 

Well maybe (although in my defence I first thought about writing this in early December, just didn’t get the chance. That’s my story and I’m sticking to it…)

 

OK bear with me here. Try to remember the last time you had to go to the dentist – not for a check-up and clean – but because you were in pain. If you’re anything like me you would have put up with it for a while, in the delusional belief that it will somehow go away all on its own. But it doesn’t, it gets worse and at some point, the pain reaches a tipping point and you finally make an appointment to see the dentist.

 

You get there, explain the problem and they take a look. They identify the offending tooth/teeth and take appropriate action to resolve it.

 

The relief! Suddenly this constant pain that you have been living with has instantly gone!You leave the dentist walking on air, feeling like you’re ten years younger.

 

Drive home, an hour later you’ve pretty much forgotten all about it and are back to dealing with whatever matters you have to deal with in your everyday life or job. Certainly, within a couple of days, the whole thing is a distant memory.

 

Now remember the last time you’re email didn’t work. Or your printer. Sod’s law guarantees that they stopped working at the worst possible time. You need to get an email to your client within the next hour. You’re trying to print a document that you need before heading out of the door to a meeting. Arrgh!

 

Believe me, even though I work in IT I still experience these same frustrations. The simple fact is that computers and their systems sometimes go wrong. And just like your toothache, it’s painful and incredibly inconvenient.

 

So you ring one of the Tech guys at Fresh Mango. They fix your email or printer, and you’re back in business (literally). The only difference with the dentist is that you have almost certainly forgotten the issue within a matter of minutes. After all, we’re all incredibly busy.

 

What’s the point of this blog? Well, there isn’t one really, other than to spare a thought for the IT Technician who just fixed your email or printer.

 

Remember he or she is doing this all day long for people just like you. And just like your dentist, they’re helping you get on with your life as efficiently as possible. Yes, it’s their job, but believe me a simple ‘thank you’ goes a long way to making their day that little bit better as well.

 

Wishing you a Happy New Year and a prosperous 2024!

The importance of cyber awareness aka cyber hygiene

From the outset I want to be very clear. ‘Cyber awareness’ doesn’t mean being aware that there are cyber risks, or that there are hackers ‘out there’.

 

It means being aware of what those actual risks entail. It means being aware of the methods (or vectors) that attackers use to gain access to IT systems. It means knowing how to avoid successful hacks. It means knowing what to do in the event of a breach.

 

But most of all, the absolute number one thing to understand, is that there is no technical solution that can guarantee 100% IT/cyber security. That’s because hackers don’t always look for technical weaknesses. They look for – in fact rely upon – human fallibility.

 

The cyber media conducts annual surveys of cyber threats and attacks and consistently finds that 4 out of 5 successful cyber attacks can be traced back to poor cyber hygiene from internal staff.

 

Believe it or not, your staff can inadvertently allow or help hackers to gain access to your systems.

 

 

That’s why Cyber Awareness (or Cyber Hygiene) for all computer users in an organisation is of paramount importance. It needs to be deployed alongside technical measures. This combination represents the most powerful cyber security defence.

 

Fresh Mango Technologies provides cyber-awareness training to staff in companies across the UK, USA and Caribbean.

 

What to expect from Cyber Awareness Training

Fresh Mango’s Cyber Awareness Training covers all of the areas described above. These include:

 

  • Phishing
  • Passwords and Authentication
  • Responding to a Cyber Attack
  • Staying safe online
  • Reporting cybercrime
  • Malware Attack
  • Protecting your business from cyber attacks
  • Safe Device use
  • Whaling Attack
  • Handling data

 

Cyber hygiene training opens eyes to the threats that are out there; not just in emails, but on Facebook, websites, LinkedIn, pretty much anywhere online! Cyber hygiene refers to how you and your staff conduct yourselves from an online perspective.

 

So, it’s not just about IT usage within your business, but also an individual’s overall approach to internet usage and your internal policies and processes.

 

 

 

The Training event

 

The training can be conducted over Teams video or in person. It typically lasts 2 hours.

 

Provided by qualified and experienced instructors, our cyber awareness training is designed to provide more depth and detail than standard e-learning packages.

 

Our instructors share real-life experiences and examples of the latest cyber-attacks and threats. Current best practices and the best techniques for avoidance of cyber issues are discussed in detail. We’ll advise how to stay cyber-safe within the workplace and at home.

 

There is a test at the end and participants will be issued with certificates on completion of the training.

 

In Conclusion

 

Every organisation should take appropriate technical and procedural measures to ensure that you are as robust as possible against the cyber threat. Achieving Cyber Essentials accreditation is an excellent means of achieving this.

 

In tandem with these measures, regular (at least annual) cyber hygiene training will ensure everyone in your organisation understands what to look for and how to deal with it.

 

Top Three Cyber Security Tips

Cyber Security Tips

 

Cybersecurity is never out of the news these days. A day doesn’t go by without news of a company having a data breach or a threat from a new cyber Actor. With so much in the news, it can be quite overwhelming and difficult to know what to do.

 

So, herewith are our main Cyber Security Tips for maintaining the security of your IT systems:

 

  1. Ensure your server, network equipment and computers are updated with the latest versions of their operating software regularly. The best way of ensuring this is to engage professional IT support.
  2. Implement Two-factor authentication (TFA). Fresh Mango uses Duo TFA on all of our systems, and many of our customers have implemented TFA. The increases in security and peace of mind far outweigh any minor annoyances of having to go through an extra security step when accessing systems.
  3. Don’t fall for scams. It’s so easy to do so, especially when busy. The key issue to look out for is urgency. If you receive a phone call and it relates to anything financial or IT, and the caller is saying it’s an urgent issue, hang up. Call the actual business they claimed to be from (e.g. your bank) to verify. The same applies to emails. If in any doubt call your supplier on the number you have on your records to verify an invoice.

Please contact us to find out more about our cyber security services and to get more cyber security tips!

Cyber Security Tips

Did you forget your Microsoft 365 password?

Did you forget your Microsoft 365 password?

 

In these days of multiple logins, it’s all too easy to forget your password!

 

Here’s how to reset your Microsoft 365 password if you forget it.

Reset your password


If the password you typed is incorrect, you’ll see a message that says:

Your account or password is incorrect. If you don’t remember your password, reset it now.

 

Tip: We recommend following the steps below to resolve your password issues. If you already tried this but it didn’t work, use the Microsoft Sign In Helper tool.

 

1. Select Forgot password


If the Enter password window is still open select Forgot password?

(Or go directly to Reset password and enter the username name again for the account you’re trying to reset and select Next).

 

2. Verify your identity


For your protection, Microsoft must verify your identity before you can proceed with resetting your password.

 

How to verify your identity depends if you previously added security info to your account and if you can still access them. Select from the two options below.

 

Option 1: You received and can select a verification option

Select which option to send the verification code to.

Select Next.

 

Option 2: No verification options are given or you can no longer access any of the options

If you don’t see an option for where to send a code or you no longer have access to any of the verification options shown, you won’t be able to reset your password this way.

Tip: If these steps didn’t work, or you have other account sign-in issues, use the Microsoft Sign In Helper tool.

 

3. Get a verification code

Depending on the contact method you chose, retype the first part of the email address or the last four digits of the phone number hinted at in the previous window.

 

Select Get code.

 

Microsoft will send a verification code to the email or phone number you selected.

Go to the recovery phone or email where you expect to receive the code.

 

Tip: If you didn’t receive a message, check your junk folder or if you selected the phone option, make sure your phone has service and can receive texts, and verify your phone isn’t set up to block texts from unknown numbers.



4. Enter code and reset password


Paste or type the code you received and select Next.

 

Type your new password and select Next.

How Professional IT Support saves money

We’re often asked how professional IT Support saves money for businesses. Clearly, we believe it does (we would, wouldn’t we?!) and in this blog, we set out the reasons why.

 

If you’re reading this then it’s likely that you fall into one of two kinds of business. It could be that you don’t have any professional IT Support in your company, or it could be that you do and for whatever reason, you’re dissatisfied with it. Either way, the savings rationale that follows will apply to you.

 

Firstly, let’s think about your car (Stick with us!). Most modern-day cars have sophisticated engine management systems that pretty much make maintaining the car yourself impractical. So you take it to a garage to do the maintenance work, whenever the next service interval comes along.

 

Even if you have (say) a classic car that allows you to do the servicing yourself, you accept the need for servicing the car, right? Of course, you do. If you don’t maintain the car, its performance will degrade and eventually, it will let you down. You depend on your car. It cant let you down. It’s a no-brainer.

 

So, back to the point. Your business depends on your computer systems, however simple or sophisticated they may be. So why wouldn’t you maintain them? Why would you allow them to gradually degrade in performance, and inevitably let you down? Surely that’s a no-brainer too?

 

If you agree, you’ve understood the first reason why professional IT Support saves money for businesses. 

 

Efficiency

 

So now you’re getting your IT systems maintained professionally, how is it saving you money? Well, one word – efficiency. 

 

Professionally-maintained systems don’t go wrong very often. So that means all your employees can get on with their jobs. We have gotten IT out of the way, as it should be. It should be there to facilitate, not frustrate your business.

 

The other efficiency gains come from having IT Technicians readily available for any issues that may come up. Instead of potentially wasting hours trying to fix them yourself. A huge efficiency gain.

 

We put it like this: there are two aspects to how professional IT Support saves money for businesses.

 

  • The proactive maintenance that we conduct (patching, health checks and so on) to ensure everything is running smoothly

 

  • The reactive support that we provide, when you do need help with something.

 

So there you have it! Professional IT Support, thanks to efficiency savings in your business, more than pays for itself. 

 

If you would like to get in contact for a no-obligation consultancy on how Fresh Mango will help your business save money, please do so here.

 

I’m CEO, I should have Admin credentials!

“I’m in charge of the company, surely I should have Admin credentials for our IT systems?”

 

It’s fair to say we hear this comment/complaint a lot.  We take time to explain why it’s a really bad idea for the most senior person in the company to have ‘access to all areas’ of their IT systems, but often times we can tell they are unconvinced.

 

We will set out the reasons for this policy below, but firstly here are a couple of things that happened to two clients in the last fortnight.

 

Client 1 – Hit by Ransomware.

Client 1 came back to work on Monday to find their entire system locked out by ransomware. We were tasked with trying to recover their systems without resorting to them paying the Bitcoin demands in the ransomware.

 

Long story short, after a week and a half we were able to get them up and running again, although they had lost a lot of data.

 

Moreover, they had not been able to operate during the interim period.

 

Despite this they were delighted that we had been able to recover anything at all.

 

The frustration for us was that it was entirely avoidable and we had been warning them for years – no exaggeration – that this may happen. Why were we warning them? Simple – they disregarded all of our upgrade proposals including:

 

  • Server upgrade – current OS out of support from Microsoft making it a cyber risk
  • Anti-virus software (!)
  • Cyber hygiene training for staff
  • Implementing non-Admin privileges for all staff

 

These last two points were the kickers – one of their staff, with full Admin privileges on their PC – clicked a phishing email that led to the Ransomware locking out the entire company.

Client 2 – Ransomware near miss

 

Client 2 contacted us last week advising one of their major customers had been hit by ransomware. We ran some checks on our client’s systems and confirmed all was OK. 

 

The reasons they went unscathed were simple:

  • Good cyber awareness amongst their staff
  • Commercial anti-virus and anti-spam in place
  • No Admin credentials for any of their staff.

 

Simply put, Client 1 had repeatedly ignored our advice, and Client 2 had embraced it.

 

Admin Credentials – principle of least privilege

 

These stories lead us to the opening topic of this blog piece – Admin credentials. There is simply no need for anyone in a company to log into the system on a regular basis with Administrative credentials. The only time it’s needed is for maintenance and software upgrades.

 

If a user has Admin credentials, the software can be installed on their computer. This is how ransomware and other malware gets in. If a user is a ‘Standard user’ it’s much harder for malware to be installed on their system.

 

This is why the “principle of least privilege” is an essential element of any professional IT setup. And it’s why the CEO or head of the company, or anyone else in the company, should have standard access privileges only.

 

Indeed, the CEO, as the most visible person in the company, can often be targeted by hackers. All the more reason to have the least access possible!

 

We hope you have found this Blog piece helpful and please do contact us if you would like to find out more about the principle of least access.

 

 

Why engage an IT company rather than a ‘one-man-band’?

We sometimes find that businesses rely on sole contractors (“IT one-man bands”) for their IT Support. Whilst they may find this works for them from a cost perspective, it does pose some challenges.

 

What happens if the contractor is on holiday?

 

What if they’re off sick?

 

Availability issues aside, what assurances do you have that they are maintaining their standards and capabilities in line with the latest technologies? Information Technology is the fastest-moving industry on the planet, and it’s no exaggeration to say that last year’s latest technology is already outdated today.

 

Furthermore, how proactive are they? Are they monitoring your systems continuously? Are they conducting regular patching (particularly important from a cyber security perspective)? Or do they just work on issues on an ad hoc basis?

 

Given the importance of IT to your business (ask yourself honestly- how long could you operate without your IT systems?) is it really something that should be left to an IT one-man-band to take care of?

 

That’s why when you engage a professional IT support company – such as Fresh Mango Technologies – it is so important for your IT Support. In one fell swoop all of the above concerns go away:

  • We have a team of IT Support technicians so there will always be someone available to assist you
  • We train our staff on a continuous basis – weekly internal training and all technicians are required to continue their education with external qualifications every year
  • We monitor client systems continuously and conduct regular server health checks as well as backup checks, and conduct regular patching.

 

If any of this sounds familiar and resonates with you, maybe it’s time to contact Fresh Mango for a no-obligation IT audit – we’ll be pleased to assist and provide our recommendations for smooth and secure management of your IT systems.

 

It’s time to make IT Mango!

Do I have to upgrade to Windows 11 yet?

Short answer – no you don’t have to upgrade to Microsoft Windows 11 yet! Windows 10 will remain in support by Microsoft until 2025.

For the longer answer, read on!

WINDOWS 10 VS 11

Less noise, clutter, and chaos. Microsoft reimagined the way a PC should work for you and with you. Take a look at some of the new features and where they’ve made some improvements.

The newest edition of Windows, Microsoft Windows 11, was released by Microsoft on 5th October 2021. You can find out more about the latest Microsoft operating system below, there are a few key points to note:

  1. There is no rush to upgrade your operating system from Windows 10 to 11. Windows 10 remains in support until 2025.
  2. Windows 11 does have some minimum system requirements. Therefore it may not be possible to upgrade without upgrading the hardware on your PC or laptop or completely replacing it.
  3. Windows 11 is still in the early stages of its release, like any new software it is possible there will be bugs or issues that will be ironed out in time.

For these reasons, our recommendation is to stick with Windows 10 for the time being. However, if you are considering purchasing a new PC or laptop in the near future, please do check to ensure the specification allows it to be upgraded. Fresh Mango will be pleased to advise you.

The latest Windows OS has easy-to-use tools that can help you optimise your screen space and maximise your productivity. Combine that with a Microsoft 365 subscription and nothing will stop you from getting tasks done.

Upgrading

Find out more about upgrading to Microsoft Windows 11 by contacting Fresh Mango. We’ll be pleased to advise on the best approach depending on your business or personal requirements. We can also advise on whether your existing PC/laptop can accept the new operating system.

IT Whack-a-mole

DO YOU FEEL LIKE YOU’RE PLAYING IT WHACK-A-MOLE? ONE PROBLEM GOES AWAY, AND ANOTHER ONE APPEARS? WORSE, THE SAME ONE COMES BACK?

 
 

 

  • This field is for validation purposes and should be left unchanged.

 

 


 
 

 

  • This field is for validation purposes and should be left unchanged.


 
 

 

  • This field is for validation purposes and should be left unchanged.


Do you feel like you’re playing IT whack-a-mole? One problem goes away, and another one appears? Worse, the same one comes back?

Proactive IT support from Fresh Mango Technologies is designed to stop the problem from occurring in the first place! And when you do get a problem, we fix it AND the cause. So you won’t have to ‘whack’ it again!

Stop playing whack-a-mole with your IT support with proactive IT support from Fresh Mango Technologies UK.


You’re not alone. ‘IT Whack-A-Mole’ issues affect the entire IT world. Many modern professionals in IT use the term ‘IT Whack-a-mole’ to refer to processes or pervasive problems that just keep occurring, even after you think you’ve fixed them.

These types of problems are common in a lot of businesses, with hardware & software that fails routinely such as printers, monitors or email. These sorts of issues have become so commonplace in many places they’re the expected norm. We want to change that.

We understand that these are critical tools you need to get your job done and losing them, again and again, sets your business back exponentially. Failure in even one of these areas can bring work to a halt for many businesses, costing you time, resources and money.

We believe the route of these issues lies in poor IT support from companies or individuals who lack the expertise and knowledge to offer truly proactive IT support. Support from Fresh Mango Technologies UK, however, is different. Our team is reliable, dependable, experienced and professional, offering a unique approach to support.

Our approach to IT support means our technicians not only resolve the issues at hand but go above and beyond to ensure the stability of your system even after we’ve stopped working on it. We answer why and how a problem occurred and better yet, provide you with professional experienced advice on how your systems can be improved and adapted to never experience this issue again.

With over 30 years of successfully providing computer, website and IT support across the UK and Caribbean, you know you’re in safe hands. We pride ourselves on rapid response and our friendly, professional, highly qualified engineers who are trained to understand your needs and deliver sound advice and the right solution the first time.

You may also be interested to read our blog piece on the ideal IT System setup.

If you enjoyed this article you may also be interested in Children & Technology: Cookies, Webs & Touchscreen.

Microsoft Out of support dates

When you hear ‘Microsoft Out of Support’ mentioned it may not be clear what that actually means. We’ll explain it below, as well as advise on some of the key dates relevant to Microsoft Products.

Microsoft Out of Support products

When you hear ‘Microsoft Out of Support’ mentioned it may not be clear what that actually means. We’ll explain it below, as well as advise on some of the key dates relevant to Microsoft Products.

What does Microsoft Out of Support mean?

Very simply it means that an item of Microsoft software or a Microsoft operating system will no longer be updated by Microsoft. The software or operating system will continue to operate, but will no longer receive updates.

Microsoft usually reduces support in a step called Extended Support before finally ending all support.

Extended Support means that the products won’t receive any new features or changes anymore, and updates will focus on fixing security issues and major stability issues only.

End-of-Support means there are no further updates of any kind. The lack of ongoing security updates means that the relevant software and operating system will become increasingly vulnerable to cyber-attacks. You should note that no amount of security software (Anti-virus, anti-spam, cyber protection) can prevent this. Therefore at end-of-support (before preferably!), you should plan to upgrade accordingly.

You will find the Microsoft Out-of-support dates for Office, PC operating systems and server operating systems below. If you are operating with any items that are out-of-date, please contact us for advice on upgrading.

 

Microsoft Office Out-of-Support dates

If you are using Microsoft Office  the out-of-support dates are as follows:

Client operating systemsEnd of mainstream supportEnd of extended support
Office 2010no longer supportedOctober 13, 2020 – Ended
Office 2013no longer supportedApril 11, 2023
Office 2016no longer supportedOctober 14, 2025
Office 2019October 10, 2023October 14, 2025
Office 2021October 13, 2026October 13, 2026

Pre-Windows-10

Client operating systemsEnd of mainstream supportEnd of extended support
Windows 8.1January 9, 2018January 10, 2023
Windows 7, service pack 1*January 13, 2015January 14, 2020 – Ended

Windows-10

Windows 10 version historyDate of availabilityEnd of service for Home, Pro, Pro Education, and Pro for Workstations editionsEnd of service for Enterprise and Education editions

Client operating systemsEnd of mainstream supportEnd of extended support 
Windows 10, version 21H2Nov 16, 2021June 11, 2024 
Windows 10, version 21H1May 18, 2021December 13, 2022 
Windows 10, version 20H2October 20, 2020May 9, 2023 
Windows 10, version 2004May 27, 2020December 14, 2021 
Windows 10, version 1909November 12, 2019May 11, 2021 
Windows 10, version 1903May 21, 2019December 8, 2020 
Windows 10, version 1809November 13, 2018November 10, 2020*** 
Windows 10, version 1803April 30, 2018November 12, 2019 
Windows 10, version 1709October 17, 2017April 9, 2019 
Windows 10, version 1703April 5, 2017*October 9, 2018 
Windows 10, version 1607August 2, 2016April 10, 2018 
Windows 10, version 1511November 10, 2015October 10, 2017 
Windows 10, released July 2015 (version 1507)July 29, 2015May 9, 2017 

Server Operating Systems

Client operating systems End of extended support
Windows Server 2022 (Datacenter, Datacenter Azure Edition, Standard) October 14, 2031
Windows Server, version 20H2 (Datacenter, Standard) May 10, 2022
Windows Server, version 2004 (Datacenter, Standard) December 14, 2021
Windows Server, version 1909 (Datacenter, Standard) November 12, 2019
Windows Server, version 1809 (Datacenter, Standard) November 13, 2018
Windows Server 2019 (Datacenter, Essentials, Standard) November 13, 2018
Windows Server, version 1803 (Datacenter, Standard) April 30, 2018
Windows Server, version 1709 (Datacenter, Standard) October 17, 2017
Windows Server 2016
Datacenter, Essentials, Standard)
 October 15, 2016
Windows Storage Server 2016 October 15, 2016
Windows Server 2012 R2 October 10 2023
Windows Server 2012 October 10 2023
Windows Server 2008 R2 February 22, 2011
Windows Server 2008 SP1 April 20, 2009

Microsoft Upgrade Advice

Contact Fresh Mango Technologies today to ensure you have the latest Microsoft packages in place for your business.

A Day in the Life of an IT Support Technician

I thought it may be interesting to write up what a typical day as an IT Support Technician at Fresh Mango Technologies is like.

 
 

 

  • This field is for validation purposes and should be left unchanged.

 

 


 
 

 

  • This field is for validation purposes and should be left unchanged.


 
 

 

  • This field is for validation purposes and should be left unchanged.


I thought it may be interesting to write up what a typical day in my life as an IT Support Technician at Fresh Mango Technologies is like. So I worked with one of our team members on a random day (a Tuesday last month) and kept a diary of everything he did that day.

It turned out to be a lot of fun and I hope you enjoy reading it as much as I did writing it!

IT Support Technician – a ‘typical’ day

Well let’s put something to rest immediately – there’s no such thing as a typical day for an IT Support Technician! We certainly plan the weekly work for the team, and so on a day-to-day basis, they always have a clear schedule in place. However, we never know when a customer may have an urgent IT matter that requires a ‘DER’ (Drop-everything request) and so all plans are fixed in stone until they aren’t!

Fortunately, we don’t get many DERs – with continuous monitoring of customer systems and regular ‘patching’ and other health checks – we keep problems to a minimum. That doesn’t mean they don’t occur though, as we were to see on this particular Tuesday… Here’s how it played out. It’s written in the first person from our technician’s perspective.

Leaving Home

I left home at 730AM to ensure I could beat the traffic and be at our customer premises near Leeds for an 8 AM scheduled onsite visit. The relatively early start was to ensure minimal disruption to the customer (their staff mostly start at 9 AM). This particular customer has quarterly visits and their systems are relatively new, so I anticipated a pretty smooth visit.

After checking in I went to the server room to conduct physical checks and updates of systems. This took around an hour, and then I did a ‘touch check’ of every PC and laptop available. This entails simply talking to every member of staff and asking if they have any IT issues. We find that sometimes people will suffer an annoying issue and they don’t raise it as a support request. By ‘touch checking’ everyone we can iron out any niggles whilst on-site and it’s always appreciated.

At the same time, I handed out special offer cards, ensuring each PC is labelled and had ‘How to contact us’ stickers on them. I found a couple missing and added them.

10 O’Clock

Back to the Leeds office and to my desk to conduct scheduled work and to help deal with any tickets (support requests). It was a busy day. Microsoft had issued an ‘Emergency patch’ update overnight. This means that Microsoft has found a security issue with their operating software, and so the software needed to be updated on all customer computers as soon as possible. So I set about scheduling overnight updates for the customers that had been assigned to me.

Lunchtime (1230)

Having gotten through all my updates, I headed for some lunch. I usually bring something into the office, but I had another scheduled on-site visit with a customer south of Leeds so decided to eat ‘on the hoof’. This was for a straightforward installation of 2 new PCs.

I arrived at the customer premises at around 1 PM and installed the computers. I asked the users to ensure they were set up to their liking (they were) and also did a quick check of their server (not scheduled but I think it’s good practice). Just as I was getting ready to head back to the office, I received a call from Bruno (our Technical Manager). He wanted me to head straight to another customer just a couple of miles away. They had just called to say they thought they may have been hacked. OK, foot-down time!

245 PM

Arrived at the customer’s premises. Bruno had briefed me en route and one of our senior technicians was also accessing their systems remotely to run security checks. Strictly speaking, we didn’t necessarily need someone on-site, but when a customer thinks they have been hacked we always establish an on-site presence as quickly as possible. This is in case we need to isolate a device, or the entire network if a sustained cyber attack is underway.

Fortunately, that was not the case with this particular event. We quickly found the source of the hack – a single PC – and so I immediately quarantined it. This is of course disruptive for the individual using it, but we can’t risk a hacker gaining access to other systems, nor do we wish to see ransomware spread across their network. Having confirmed with Bruno that all scans were negative, I headed back to the office with the quarantined computer so we could diagnose what happened and clean it of any malware.

4 PM

Arrived back at the office, and with assistance from Bruno, we began the diagnosis. As is so often the case, we found that the user had clicked on a ‘phishing’ email. This particular link took the user to a convincing, but fake, Microsoft login screen. This in turn asked for credentials that they had entered. So, the first thing to do was to reset their password, which I did. We then ran a full security sweep of the PC and confirmed no other ‘nasties’ were on it.

That was a close shave for the customer – fortunately the individual who had clicked on the link had the presence of mind to realise something may have been untoward and had notified us accordingly.

545 PM

Time to head home. I arranged for another member of the team to return the quarantined PC to the customer first thing tomorrow since my schedule was taking me to see three clients in North Yorkshire.

So there you have it – a typical day for an IT Support Technician. And it’s still only Tuesday…!

 

 

Computer tax relief

The Chancellor recently announced an extension to the super-deduction corporation tax relief measure, effectively providing computer tax relief.

Computer tax relief – New temporary tax reliefs on qualifying capital asset investments from 1 April 2021

The Chancellor recently announced an extension to the super-deduction corporation tax relief measure, effectively providing computer tax relief.

This means when you purchase (not lease) qualifying investments you can claim 130% tax relief on them until 1st April 2023. This means you should be able to obtain computer tax relief on any computer systems you purchase until that date.

Of course, you should check the position with your accountant before claiming computer tax relief.

So, don’t delay, now’s a great time to commence your computer system upgrades!

You can read the full report from HMRC here.

What you should consider for your IT systems

First and foremost you should review your computer server and determine if it is time to upgrade. If you are still operating on Windows server 2012 then you really have no choice, since this will soon be out of support by Microsoft. Notwithstanding that, if your server is (or will be) 5 or more years old, it’s really time to consider a new one.

Associated with servers is network equipment. Lead times for this equipment, notably switches, are hugely problematic. You should plan on a 6-month lead-time. That means you should start planning now if you wish to have your new IT system in place before the April 2023 deadline.

Finally, you should consider upgrading all your PCs and Laptops. If they are still operating on Windows 10, keep in mind that Microsoft will end support for Windows 10 in 2025. At that point you will need to upgrade to Windows 11. Note that in order to run Windows 11, PCs require a minimum hardware specification. So it is worth considering making the change to Windows 11 now.

Excerpts from the report

General description of the measure

This measure will temporarily introduce increased relief for expenditure on plant and machinery. For qualifying expenditures incurred from 1 April 2021 up to and including 31 March 2023, companies can claim in the period of investment:

  • a super-deduction providing allowances of 130% on most new plant and machinery investments that ordinarily qualify for 18% primary rate writing down allowances
  • a first-year allowance of 50% on most new plant and machinery investments that ordinarily qualify for 6% special rate writing down allowances

Policy objective

This measure is designed to stimulate business investment. It does so by increasing the incentive to invest in plant and machinery by offering higher rates of relief than were previously available.

 

Add extra security to your systems with TFA

In this blog piece, I’ll discuss how to add extra security to your systems with two-factor authentication (TFA). It’s actually very straightforward and provides a step-change improvement to your security.

In this blog piece, I’ll discuss how to add extra security to your systems with two-factor authentication (TFA). It’s actually very straightforward and provides a step-change improvement to your security.

What is Two-factor Authentication?

Two-factor authentication protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. It is engineered to provide a simple, streamlined login experience for every user and application, and as a cloud-based solution, it integrates easily with your existing technology.

Add extra security to your systems – Our recommended TFA solution

We have tested several solutions for TFA/MFA and have chosen ‘Duo’ as our preferred offering. Duo is fast and easy for users to set up, and with several available authentication methods, they can choose the one that best fits their workflow. No headaches, no interruptions — it just works.
Because Duo functions like a gateway for your existing and future IT infrastructure, it’s the perfect solution for growing businesses of any size. Set up new users and support new devices at any time, and protect new applications almost instantly — without impacting legacy technology.
Duo natively integrates to secure any application or platform, so whether you’re adding 2FA to meet compliance goals or building a full zero trust framework, Duo is the perfect addition to your security portfolio.

  • Multi-cloud, hybrid, or on-premises environments
  • SAAS tools, critical infrastructure, custom applications, and even SSH
  • Secure remote access

Add extra security to your systems – An example deployment

We use a bespoke management system called JIM. We continuously maintain and improve the security of the system. We implemented Duo so that, even in the unlikely event that a hacker cracks one of our encrypted passwords, they would still not gain access. The account owner would receive a TFA push request on their smartphone, and be immediately alerted to the attempted unauthorised access. So a double-win! Hacker prevented from access, user alerted to attempted hack.

Get Started with TFA!

So why not get started and add extra security to your systems with TFA? It’s straightforward to set up and for your team to use. What’s more, you’ll sleep that little bit easier knowing you have significantly improved your online security.

Current Supply Chain and Cyber challenges

Wow, nearly May already! Another month chalked off 2022, the year is whizzing by again… This month we have two updates from the world of IT that are impacting everyone.

Network switch availability is a major concern

Wow, nearly May already! Another month chalked off 2022, the year is whizzing by again… This month we have two updates from the world of IT that are impacting everyone.


Firstly, the supply chain. With all that is going on in the world, notably in China, current IT hardware prices and lead times are hugely problematic. In particular, network switch availability is the biggest concern. Switch lead times are now at four months. As with any material scarcity, the laws of economics apply and so prices are increasing significantly at the same time.


We are increasing our own stock holding of switches three-fold, but this will take time given the lead times stated above. Therefore we are asking all clients to work with us to forward-plan as much as possible. Any office moves planned in the next 6 months, any planned upgrades etc, we need to order suitable equipment soonest. Please do get in touch if we aren’t already in discussion with you on this.


Secondly, cyber-attacks have reached a never-before-seen height (due in part to the Russia-Ukraine conflict). Cyber software and other IT measures help, but the number one threat to a business remains the internal threat. Over 80% of successful cyber-attacks are a result of poor cyber hygiene by staff. We recommend at-least annual refresher training on cyber hygiene for all staff. Again, please get in touch if you would like to arrange Cyber hygiene training.


That’s it for this month, a bit of a doom-mongering message I’m afraid, but with all the other challenges businesses are facing hopefully the above will assist you with your business planning.

FRESH MANGO TECHNOLOGIES TESTIMONIAL

Allott and Associates Ltd’s relationship with Fresh Mango (originally CCS 2000) has flourished since they came to our rescue when we had server issues caused by a hard disc problem…

Allott and Associates Ltd’s relationship with Fresh Mango (originally CCS 2000) has flourished since they came to our rescue when we had server issues caused by a hard disc problem. This involved working to a critical deadline – which our original supplier based in Wales was unable to meet.

At short notice Fresh Mango was able to resolve the issue, installing new mirror drives. Since then, the companies’ relationship has gone from strength to strength. Fresh Mango now supplies Allotts with computers, supports our entire network and successfully deals with any technical challenges ranging from system failures to resolving encryption issues to ensure our UK GDPR compliance.

Overall, we are delighted with the service provided by Fresh Mango and recently renewed our contract for a further 12 months. Keep up the good work!

Testimonial – Philip Allott – Allott and Associates Ltd 

The Ideal setup for your IT Systems (Part 1)

In this blog, I will set out the ideal setup for your business IT systems. It represents current best practices for small and medium-sized businesses, with an…

The ideal setup for your IT Systems

In this blog, I will set out the ideal setup for your business IT systems. It represents current best practices for small and medium-sized businesses, with an ever-increasing eye on cyber security.

Initially, I thought it would be a single blog, but it turns out there is a lot to write about! I’m therefore going to publish it in a series of blog pieces. This is Part 1.

Part 1 – Server and Network Equipment

Server (On-premises) with UPS

Whether or not you need a server depends on the size of your business, typically if you have 6 or more staff a server becomes something of a necessity for productivity. An on-premises server, as the name suggests, is a physical server located in your offices.

Servers provide numerous benefits:

  • At a most basic level, sharing documents across your company
  • Business servers assist in handling communications, database functions or hosting business applications for multiple users
  • Protecting your data – once all your business data and software is on a server (instead of dispersed across desktop computers and laptops) you can deploy a backup system to protect your business from data loss.
  • Running security suites to secure your network through firewalls, intrusion detection, user access management, and software updates.
  • Servers tend to be used to centralise data management and file sharing, as well as managing shared resources such as printers and storage devices. They can also be used to manage things like user identities, logins to the network, access priorities and many aspects of your new system.

More information on servers is available on our website.

Server (Cloud)

There is a lot of misinformation surrounding cloud servers, I will attempt to bring some clarity to it here. A cloud-based server is still a physical server, it simply happens to be located somewhere else (ie not on your premises). Ordinarily, this would be in a data centre.

In order to access your server files etc, you need to do so over the internet (an on-premises server is accessed via your local, internal network).

Aside from that, there is very little difference to an on-premises server. So your server and network still need to be professionally maintained and managed, having a cloud server does not change that.

Hybrid Cloud (Ideal setup for your IT Systems)

Increasingly companies are adopting a hybrid server solution – both an on-premises server and a cloud server. This provides the ‘best of both worlds’ eg:

  • Sensitive data can be retained on your physical server, with the added security that provides
  • Data that you wish to make available to third parties or even staff working off-site can be stored in the Cloud and made available accordingly
  • Software and applications that can only operate in an on-premises environment can still be used (sometimes these may be lost if the software is not cloud-compatible)

Next, I’ll review network equipment for the ideal setup for your IT Systems.

Professional grade router and modem

To complement your server, it’s important to ensure you have professional-grade networking equipment. This means your Router, switches and modem. Professional-grade equipment, as well as being better quality (and therefore longer lasting) has regular ‘firmware’ updates from the manufacturers.

These updates often bring improvements and upgrades to the network kit. Increasingly they also bring security updates as manufacturers try to keep pace with vulnerabilities to cyber-attacks.

Networked Printer(s)

Networked printers allow everyone on the network to print, copy and scan (depending on the printer features). This allows companies to reduce capital expenditure on printers. It also allows your IT Administrators to deploy firmware upgrades to the networked printers.

Centralised IT management is a key feature of professional IT management since it is more efficient and reduces downtime on IT systems.

UPS (Ideal setup for your IT Systems)

Your server should have an Uninterruptible Power Supply (UPS). As the name suggests this is a battery backup of the server. Why is it important? Well, there is nothing that servers (and computer equipment in general) like less than instant power loss. It degrades the life of the equipment, causes data loss and can cause configuration problems. A UPS allows a server to be shut-down in an orderly manner in the event of a power loss.

Modern UPS also have additional levels of sophistication, notably the ability to ‘clean’ power before it reaches your server (and any other equipment connected to the UPS). Again, computer equipment does not respond well to ‘dirty’ power. As well as compromising the ability of the equipment to operate correctly, it degrades the equipment over time.

Next Time – Ideal setup for your IT Systems

In Part 2 I will discuss the ideal PC setup.

You may also be interested in this article.

Why Hackers Hack

Victims of hacks and attempted hacks often take it personally. Why did they come after me? I’m not famous or rich. Why did they come after my company? We’re just a small business…

Why do Hackers Hack?

Victims of hacks and attempted hacks often take it personally. Why did they come after me? I’m not famous or rich. Why did they come after my company? We’re just a small business.

That’s a perfectly natural human reaction. The fact is that cyber-attacks are rarely personal or business-specific.

Hackers are ready to exploit any security crack without taking into consideration who you are or what you do. Here are some of the things that motivate them:

Money

Cyber-attacks do not often result in immediate monetary gain. Hacks allow cybercriminals to extract information that can be exploited for financial gain. For example:

  1. Credit card information
  2. Contact information to be sold to unethical marketing lists.
  3. Username and password logins, to access and take over server resources, and to attempt dictionary attacks.
  4. Sensitive or proprietary information to sell or extort.
  5. High-security information to compromise the premises of a facility

Resources

You might think that your business is not big enough for someone to be interested in tapping into your traffic or your authority. However, cybercriminals will often attack an entire web server.  As a result, your small website might just end up being a part of a big hack.

Cudos

Some hackers break into targets just to prove they can. They also show off their craft by forcing access and stealing valuable information.

Social Justice

Hackers may pursue a religious or political agenda and use their skills to deface targets.

 

So if (when…) it happens to you, try not to take it too personally…

Why don’t I have Administrator Credentials on my PC or Laptop?

Why don’t I have Administrator Credentials?! We’re asked this question from time-to-time, and the short answer is it is standard IT policy for any professionally managed IT network…

Why don’t I have Administrator Credentials?! We’re asked this question from time-to-time, and the short answer is it is standard IT policy for any professionally managed IT network. If you’re keen to understand why this is the case then read on!

IT History – Standardisation

In any business or organisation, standardisation in your IT systems is an essential factor in ensuring smooth and efficient operation. Imagine a situation where every single device was set up in a bespoke manner. No standardisation, differing password policies, differing software, differing access rights to directories and so on. Every user of any device able to make amendments to their PC/laptop as they see fit.

Now try to imagine administering and managing such an IT system from an IT Management perspective. Any time a staff member had a problem, the IT technician would have to run a huge amount of diagnostics in order to figure out what may be going wrong. This is because each PC/laptop has a non-standard setup and settings may have been changed by the user since the last time the computer had an issue.

It shouldn’t be too difficult to realise that managing such a chaotic approach would make the IT management nigh-on impossible. This would lead to significant knock-on effects, not the least of which would be dramatically reduced inefficiencies in the workforce.

So, in keeping with any operation, standardisation is the watchword for efficiency. IT is no different.

That’s the backdrop for why standard IT policies are so important. To the specific issue raised in the blog-title, standard users don’t have the ability to change settings on their system or download software. The former is part of IT standardisation, the latter relates to cybersecurity, which I will come onto next.

Why do you need Administrator credentials?

If a user is insisting on Administrator credentials, the question you need to ask is ‘why do they need them?’ Most people leave car maintenance to the experts. In these days of electronic engine management, it takes an expert to conduct a full car service or repair.

In other words, just because you can drive the car, you don’t mess with what’s under the bonnet (the hood for our US readers). Just because you know how to use your PC/laptop – why do you want or need the ability to mess with ‘what’s under the bonnet’?

Administrator credentials are best left in the hands of professionals who, to be blunt, know what they are doing.

The Cybersecurity problem

Let’s say you, the user of your computer, have Administrator credentials. Let’s also say you don’t go near the operating system or settings. What you do, however, is download software. It may be perfectly legitimate software. So what’s the problem?

Imagine you click on a link in an email. The email looked legitimate. Nothing happened when you clicked the link. No foul no harm, right?

Wrong. The link has opened up a channel to a hacker, and because you are an Administrator, they too can download software to your computer. Be assured that the software they put on your device is not there to help you – it’s there to get your data and to steal funds.

I can provide numerous references of businesses who have fallen victim to cyberattacks that could have been avoided by the simple measure of removal of Administrative rights for all staff – including directors.

Still think you want Admin rights for your computer? Then don’t take my word for it – take a look at the National Cyber Security Centre website. It’s a standard recommendation. It’s worth noting your organisation will receive an immediate-fail on any Cyber Essentials assessment as well.

 

As we say to all our customers – please listen to our advice. We’re offering it in your own best interests!

 

PS – in case you’re wondering – I’m a standard user at Fresh Mango Technologies. Just because I’m the MD I neither want nor need ‘Admin rights’. If I need software to be installed on my computer, I do the same as we ask of our customers – I log a support request ????

Why you should leave your computer switched on

We’re often asked if its best to switch your computer off every day. Our answer is ‘no’, and in this article, we set out why we recommend leaving PCs switched on is the good practice today…

We’re often asked if it’s best to switch your computer off every day. Our answer is ‘no’, and in this article, we set out why we recommend leaving PCs switched on is the good practice today.

Switching a computer off is something of a hangover from the early days of PCs. When desktop computers were first introduced they were power-hungry. Their monitors – which were usually integrated – were huge and consumed a lot of electricity. Similarly, the computers generated a lot of heat and needed power-hungry internal fans to keep them cool.

All of this added up to a big electricity bill, especially for larger companies with lots of staff and computers. So the message was drummed into all computer users – switch off before you go home.

Fast forward to the present day and we have a very different scenario. Monitors are now separate devices to computers, with their own power supplies. Monitor technology is LCD, which means they consume far less power than monitors of old.

The PCs themselves still require fans (unless you have a Mac or tablet) but the miniaturisation of components means the power-demand of cooling fans has also decreased.

So all this means that concerns over power-consumption have been largely alleviated. Of course, there is still some power consumption, so why do we recommend leaving PCs switched on? Isn’t there a cybersecurity issue to consider as well?

These are all good points, here is the rationale for leaving your PC switched on when you leave the office (or kitchen table if working from home) for the day:

  1. It ensures your IT team can conduct updates, health-checks, anti-virus scans and other remote work out-of-hours. This minimises disruption to your business during working hours
  2. It allows your IT team to conduct emergency security patching out-of-hours in the event of a cyber-attack – an increasingly regular occurrence
  3. It prolongs the life of your equipment. Turning your PC on and off every day shortens its life.
  4. As for your electricity bill, your IT team should ensure all displays (the biggest drain on electricity) automatically go to sleep after a few minutes.

So far as cybersecurity is concerned, your IT team should ensure that your login credentials are ‘standard user’ only – ie non-Administrative. So, anyone who successfully hacks your login account remotely won’t get very far – a Standard User has very limited rights for this very reason.

So there you have it – the rationale for leaving your PC switched on! By the way, if your current IT team don’t have your PCs set up as described above, it may be worth getting in touch with the IT professionals at Fresh Mango Technologies!