How a Microsoft Phone Scam nearly destroyed a business

How a Microsoft Phone Scam nearly destroyed a business

It was a normal day in Fresh Mango’s BVI office on Tortola when the telephone rang.

It was one of our clients based on the island of Virgin Gorda, and judging by the shouting they were not happy. 

It took a while for our technician to calm him down. Having eventually done so he was able to ask what the problem was. It turned out that the client had received a telephone call from Microsoft. The caller had advised that our client’s computer systems were not secure. They had not been kept up to date and they were in need of urgent security updates, or else our client was at risk of a cyber hack.

‘I mean, for goodness sake, I pay you a monthly retainer to manage my IT systems! What do I pay you for if you can’t do something as basic as updates!!!’

The Fresh Mango technician immediately recognised this for what it was (a Microsoft Phone Scam) but needed more information. 

‘When did they call you?’ He asked.

 

‘About half an hour ago’.

 

‘I see, and how did you leave it with them?’

 

‘I haven’t left it’ said the client. They are on the other line. They needed to access my computer to implement all of the necessary updates.

 

Now very worried, the Fresh Mango Technician asked ‘You mean you have given them access to your computer and they are on it now?’

 

‘Yes, of course’.

At this point our technician had no choice but to tell the client what was going on. ‘You need to disconnect your computer from the internet RIGHT NOW. You are being scammed and hacked.’

 

 

Silence on the other end of the line. Our technician imagined a penny dropping.

 

 

‘You, you mean it isn’t Microsoft?’

 

 

‘No, it’s a scam. Disconnect your device now and hang up the other line to the caller. 

Then confirm to me when you have done so.

A few moments later the client confirmed all had been disconnected.

Our technician then advised he would catch the next ferry to Virgin Gorda and would need to conduct a complete security sweep of the client’s systems.

Epilogue

The ‘Microsoft’ caller had installed key logging software and monitoring software on the client’s systems. Fortunately the hadn’t been able to access financial data or client data since we had that locked down.

A couple of months later I bumped into the client in a local bar. He was most grateful for what we had done, he realised that his business could have been severely compromised financially.

 

‘No problem’ I said. ‘That’s what you pay us for.’

Postscript

Never act on a call from someone claiming to be from Microsoft (or any other company for that matter). Ask them for a reference number and tell them you will call them back. Do not call any number the caller provides (!) – use the number on the website for the company. Or call Fresh Mango.

 

And, for the record, we conduct monthly security patching (as well as emergency patches) for all our retainer clients, diligently.

Why Cyber Essentials has a positive impact for SMEs

Fresh Mango Technologies has been assisting companies in achieving Cyber Essentials accreditation for several years now.

We were recently asked if we could provide examples of how CE accreditation has benefitted clients who we have assisted. Great question! A simple way to find out – we asked them! We’re pleased to share some of their answers below.

Why Cyber Essentials? Client 1 - Move to a Better Solution

A customer prior to achieving CE accreditation had 3 on-premises servers and separate MDM software for mobile devices.

 

Undertaking CE allowed a better solution to be proposed, Intune. This removed the requirement for 3 servers and a separate MDM software, bringing it all into one place.

 

KISS, “Keep It Simple Security”. The importance of simplicity in security measures to make them more effective and easier to manage was achieved by implementing Cyber Essentials.

Client 2 - Upgrading Hardware

Prior to implementing CE, this customer was using basic and unsupported networking equipment.

 

This was upgraded to meet the CE specification and provide constant resilience to provide daily protection from threats before and within the network.

Why Cyber Essentials? Client 3 - Implementing Secure Configuration

Before implementing Cyber Essentials, this customer was using shared accounts and no multi-factor authentication.

 

Subsequently, as part of the CE accreditation, all accounts and permissions were separated out, and multi-factor authentication was enabled.

 

This ensures constant resilience by reducing the threat landscape as no shared accounts, and correct file permissions will always be in place and reduce the risk of unauthorised access.

Client 4 - Compliance with Contracts

Cyber Essentials helps businesses see the importance of cybersecurity and how It affects all their stakeholders, not just themselves.

 

It demonstrates how important it is to have secure systems to protect other people’s data and systems.

 

Increasingly procurement departments are requiring CE accreditation from suppliers. This is because they know that CE helps identify companies who understand how resilience with cyber security is key to successful operations, not just a small add-on.

So there you have it – straight from the horse’s mouth! So, now that you’ve seen how Cyber Essentials has benefitted some of our clients, isn’t it time to get your business CE accredited?

 

Contact Fresh Mango today to commence your CE journey. 

How professional IT Support improves your cyber security

A couple of years ago we were contacted by a local business that we had never dealt with before. They wanted us to take a look at their IT systems because they had been the victims of a cyber attack. 

 

Sure, no problem.

So we visited their site and the story was simple – someone had changed the bank account details in their accounting package for their largest suppliers. So when automatic scheduled monthly payments were made, they did not go to the suppliers, but to a single account that was clearly controlled by whoever had made the changes.

The company did not have anybody managing their IT professionally, and the evidence and consequences of this quickly became apparent.

The most immediately obvious (and concerning) issue was the use of a USB drive. They ran their business using third party software. They suspected that one of the PCs in their accounts department had been hacked, so they had isolated it from the network (good). Unfortunately, on advice from their third-party software supplier, they had copied essential data from that PC, via a USB stick, to other PCs that were on their network. It simply did not occur to them that they could be spreading malware by doing this (and shame on the third-party supplier for their ‘advice’!)

What happened?

We conducted a forensic investigation and we found that there had indeed been a hack. However, it could have been stopped in its tracks had the most basic IT precautions been in place. This is what happened:

An email with an ‘invoice’ attachment was sent to the client’s generic email address, with the message ‘please forward to the accounts department’. The recipient forwarded it. First opportunity to avoid the hack missed.

4 people had access to the accounts@ email address. By chance only 1 person was in that day. She opened the email and attempted to download the attachment. Nothing happened, the attachment would not download. She thought no more about it and left the office at the normal time. Second opportunity to avoid the hack missed.

That evening, the hackers accessed the accounts dept PC remotely. The ‘invoice’ was in fact remote access software that had been installed when the lady in accounts attempted to download it. NB – had the principle of least privilege been applied to all PCs on the network, the software would likely not have been downloaded. Third opportunity to avoid the hack missed. Furthermore, the company did not have a commercial anti-virus software installed, again this would likely have detected the malware. Fourth opportunity to avoid the hack missed.

Since the PC had Administrative rights, the hackers then discovered they could access the server and the accountancy software package, neither of which were password protected. Fifth and sixth opportunities to avoid the hack missed.

The hackers spent just under an hour on the client’s systems, during which time they changed the bank account details for the largest suppliers. They then logged off and waited for the money to roll in, which it duly did at the end of the month.

So, the story shows how just the most basic of professional IT support can help to avoid cyber attacks. The above scenario would be avoided with a professional IT support company implementing the following:

  • Basic user awareness training
  • Principle of least privilege
  • No administrative access for any staff
  • Strong passwords implemented for all systems and software
  • Two-factor authentication on critical systems eg Accounting software
  • A professional anti-virus solution in place

So, the moral of the story is simple – ensure you have professional IT Support in place for your business and you will go a long way to improving your cyber security. 

What happened in the end

If you’ve read this far you’re probably keen to know what happened. Well, we conducted a forensic cyber analysis and handed it to the police. With our evidence, they found and successfully prosecuted the hackers, and all but £9k of the funds stolen (which were in excess of £100k) was recovered. A happy ending in the circumstances, but I’m sure you would agree best to avoid it in the first place!

My first home computer

The Atari 800

This is my latest blog piece delving into nostalgia of how IT was an integral part of my youth and upbringing.

This time I’m writing about my first ever home PC. With the advent of home computers such as the Commodore 64, Apple II and Spectrum ZX-81, the home PC market was created and began to gain traction in the late 1970s and early 1980s.

Atari recognised, rightly, that while these gadgets in the home could be useful for balancing chequebooks, keeping recipes or perhaps writing letters, one of the big uses was going to be computer games. As they were then masters of the computer game business with their 2600 console (which I wrote about here), they decided to build two computers? One could take on the Apple II, but also plug and play cool cartridge games (the Atari 800). The other, a cheaper model, could be marketed as a games machine but could also be used as a real computer (the Atari 400).

Atari 800

So I asked for – and was kindly given – a birthday present of an Atari 800 home computer. It had a ground-breaking 48k of memory (yes that is a k, not an M or a G!). It had a standard QWERTY keyboard with 62 full-travel keys and 4 special keys to the right of the keyboard.

It was easily one of the best-looking models available. It also stood out amongst the other computer offerings of the day with its graphics and sound capabilities. It was capable of producing up to 256 colours. It’s fair to say that in the Atari 800 was in another league compared with any of the competitor models available at the time. Like all home computers of that time, it could be attached to a TV, but uniquely it could also be attached to a high-resolution monitor.

So what did I do with the Atari 800? Well I didn’t play games on it (I had the Atari 2600 for that!). I actually learned to program on it, in the BASIC computing language. This stood me in good stead when I subsequently studied computing studies and took an ‘O’ level in the subject (to younger readers that’s like a GCSE).

Unfortunately for Atari, they got themselves caught in a strategic dilemma in the 1980s, trying to be both game company and home PC company. Ultimately this was to be their downfall, but that’s another story. So there weren’t many Atari home PCs after the 800.

As I sit here writing this blog on a Dell laptop with 64GB of RAM, it’s almost unfathomable that I could ever have written programs on a home PC with 48k of memory. But I did, and one of them carried me through my ‘O’ levels as well as school tests.

 

So there you have it, my favourite computer of all time, the Atari 800.

Atari Game Console

The 'Game changing' Atari Game Console

I’m continuing my theme from last month of influences on me which resulted in a career in Information Technology and computing. This month – the Atari Game Console.

I still remember the feeling of awe when I first heard about the Atari Game Console as a child. It was simply unbelievable!

 

I was playing the state-of-the-art tennis game on my TV – people of a certain age may remember it as ‘Pong’. You plugged the console into your TV and it allowed one or two players to move a ‘bat’ up and down, to ‘hit’ a ball that was bouncing horizontally across the screen.

 

For anyone who doesn’t remember, there is a Youtube link below that demonstrates it.

This was as good as home video games got in the early 1980’s!

 

Then a friend of my parents visited us, saw me playing ‘Pong’ and told me all about the new games that were coming out. He described being able to control a small biplane and shoot at another biplane on screen.

 

For a nascent teenager who was into ‘gaming’ it was mind-blowing!

Before too long I got to hear all about it – it was called Atari and it wasn’t limited to just one game – there were hundreds! You simply plugged in the relevant game cartridge and away you went.

 

The true genius of the Atari game console was that it recreated arcade games in your own home. I was fortunate to receive one for Christmas, and of course, all my friends, and friends of my parents in the older generation, were all completely hooked.

 

There is an interesting Youtube video below on the evolution of the Atari Game console.

I don’t recall all of the games I had, but I think it’s safe to say my favourites were the ones I still remember today:

 

  • Space Invaders (of course!)
  • Defender

 

Clearly some love of science fiction was already built in (I was in the Star Wars generation after all!)

So there you have it. The Atari Game Console was an early indicator of where my eventual career would lie. By modern standards of course the games look  remarkably primitive. Yet I think there is an innocent purity to them. The game designers achieved amazing results with very limited computing power, and they deserve great credit for that.

 

I hope you’ve enjoyed this trip down memory lane. Next month, another Atari….

 

Guy Phoenix

How long have you been in IT?

I’m often asked if I’ve been in IT all my life. In terms of career roles, the answer is ‘no’ since I’ve been fortunate to hold a variety of positions in the companies I’ve worked for and owned.

 

But I thought about the question a bit more recently and realised that I’ve had an interest in electronics/IT/computers for as long as I can remember. I can still remember the surprise (or was it exasperation?!) on my parent’s faces when they asked me what I would like for my birthday, and I told them I would like one of the new electronic calculators that had just come out.

 

I was 7 years old!

 

I’ve turned the house upside down but can’t find that original calculator. I was able to unearth a picture of one like it and attach it here. It’s interesting to see that calculators haven’t actually changed that much, so it was amazingly ahead of its time.

 

So there you have it, my new answer to the question of ‘how long have you been in IT’ will be ‘as long as I can remember’!

 

IT all my life

 

Guy Phoenix is the Managing Director of Fresh Mango Technologies and Their sister company in the British Virgin Islands.

Going to the Dentist

Your IT Team - like your Dentist only without the pain

What on earth is he on about in this blog? What has dentistry got to do with IT or computers? He’s obviously still in the ‘Christmas Spirit’…

 

Well maybe (although in my defence I first thought about writing this in early December, just didn’t get the chance. That’s my story and I’m sticking to it…)

 

OK bear with me here. Try to remember the last time you had to go to the dentist – not for a check-up and clean – but because you were in pain. If you’re anything like me you would have put up with it for a while, in the delusional belief that it will somehow go away all on its own. But it doesn’t, it gets worse and at some point, the pain reaches a tipping point and you finally make an appointment to see the dentist.

 

You get there, explain the problem and they take a look. They identify the offending tooth/teeth and take appropriate action to resolve it.

 

The relief! Suddenly this constant pain that you have been living with has instantly gone!You leave the dentist walking on air, feeling like you’re ten years younger.

 

Drive home, an hour later you’ve pretty much forgotten all about it and are back to dealing with whatever matters you have to deal with in your everyday life or job. Certainly, within a couple of days, the whole thing is a distant memory.

 

Now remember the last time you’re email didn’t work. Or your printer. Sod’s law guarantees that they stopped working at the worst possible time. You need to get an email to your client within the next hour. You’re trying to print a document that you need before heading out of the door to a meeting. Arrgh!

 

Believe me, even though I work in IT I still experience these same frustrations. The simple fact is that computers and their systems sometimes go wrong. And just like your toothache, it’s painful and incredibly inconvenient.

 

So you ring one of the Tech guys at Fresh Mango. They fix your email or printer, and you’re back in business (literally). The only difference with the dentist is that you have almost certainly forgotten the issue within a matter of minutes. After all, we’re all incredibly busy.

 

What’s the point of this blog? Well, there isn’t one really, other than to spare a thought for the IT Technician who just fixed your email or printer.

 

Remember he or she is doing this all day long for people just like you. And just like your dentist, they’re helping you get on with your life as efficiently as possible. Yes, it’s their job, but believe me a simple ‘thank you’ goes a long way to making their day that little bit better as well.

 

Wishing you a Happy New Year and a prosperous 2024!

The importance of cyber awareness aka cyber hygiene

From the outset I want to be very clear. ‘Cyber awareness’ doesn’t mean being aware that there are cyber risks, or that there are hackers ‘out there’.

 

It means being aware of what those actual risks entail. It means being aware of the methods (or vectors) that attackers use to gain access to IT systems. It means knowing how to avoid successful hacks. It means knowing what to do in the event of a breach.

 

But most of all, the absolute number one thing to understand, is that there is no technical solution that can guarantee 100% IT/cyber security. That’s because hackers don’t always look for technical weaknesses. They look for – in fact rely upon – human fallibility.

 

The cyber media conducts annual surveys of cyber threats and attacks and consistently finds that 4 out of 5 successful cyber attacks can be traced back to poor cyber hygiene from internal staff.

 

Believe it or not, your staff can inadvertently allow or help hackers to gain access to your systems.

 

 

That’s why Cyber Awareness (or Cyber Hygiene) for all computer users in an organisation is of paramount importance. It needs to be deployed alongside technical measures. This combination represents the most powerful cyber security defence.

 

Fresh Mango Technologies provides cyber-awareness training to staff in companies across the UK, USA and Caribbean.

 

What to expect from Cyber Awareness Training

Fresh Mango’s Cyber Awareness Training covers all of the areas described above. These include:

 

  • Phishing
  • Passwords and Authentication
  • Responding to a Cyber Attack
  • Staying safe online
  • Reporting cybercrime
  • Malware Attack
  • Protecting your business from cyber attacks
  • Safe Device use
  • Whaling Attack
  • Handling data

 

Cyber hygiene training opens eyes to the threats that are out there; not just in emails, but on Facebook, websites, LinkedIn, pretty much anywhere online! Cyber hygiene refers to how you and your staff conduct yourselves from an online perspective.

 

So, it’s not just about IT usage within your business, but also an individual’s overall approach to internet usage and your internal policies and processes.

 

 

 

The Training event

 

The training can be conducted over Teams video or in person. It typically lasts 2 hours.

 

Provided by qualified and experienced instructors, our cyber awareness training is designed to provide more depth and detail than standard e-learning packages.

 

Our instructors share real-life experiences and examples of the latest cyber-attacks and threats. Current best practices and the best techniques for avoidance of cyber issues are discussed in detail. We’ll advise how to stay cyber-safe within the workplace and at home.

 

There is a test at the end and participants will be issued with certificates on completion of the training.

 

In Conclusion

 

Every organisation should take appropriate technical and procedural measures to ensure that you are as robust as possible against the cyber threat. Achieving Cyber Essentials accreditation is an excellent means of achieving this.

 

In tandem with these measures, regular (at least annual) cyber hygiene training will ensure everyone in your organisation understands what to look for and how to deal with it.

 

Top Three Cyber Security Tips

Cyber Security Tips

 

Cybersecurity is never out of the news these days. A day doesn’t go by without news of a company having a data breach or a threat from a new cyber Actor. With so much in the news, it can be quite overwhelming and difficult to know what to do.

 

So, herewith are our main Cyber Security Tips for maintaining the security of your IT systems:

 

  1. Ensure your server, network equipment and computers are updated with the latest versions of their operating software regularly. The best way of ensuring this is to engage professional IT support.
  2. Implement Two-factor authentication (TFA). Fresh Mango uses Duo TFA on all of our systems, and many of our customers have implemented TFA. The increases in security and peace of mind far outweigh any minor annoyances of having to go through an extra security step when accessing systems.
  3. Don’t fall for scams. It’s so easy to do so, especially when busy. The key issue to look out for is urgency. If you receive a phone call and it relates to anything financial or IT, and the caller is saying it’s an urgent issue, hang up. Call the actual business they claimed to be from (e.g. your bank) to verify. The same applies to emails. If in any doubt call your supplier on the number you have on your records to verify an invoice.

Please contact us to find out more about our cyber security services and to get more cyber security tips!

Cyber Security Tips

Did you forget your Microsoft 365 password?

Did you forget your Microsoft 365 password?

 

In these days of multiple logins, it’s all too easy to forget your password!

 

Here’s how to reset your Microsoft 365 password if you forget it.

Reset your password


If the password you typed is incorrect, you’ll see a message that says:

Your account or password is incorrect. If you don’t remember your password, reset it now.

 

Tip: We recommend following the steps below to resolve your password issues. If you already tried this but it didn’t work, use the Microsoft Sign In Helper tool.

 

1. Select Forgot password


If the Enter password window is still open select Forgot password?

(Or go directly to Reset password and enter the username name again for the account you’re trying to reset and select Next).

 

2. Verify your identity


For your protection, Microsoft must verify your identity before you can proceed with resetting your password.

 

How to verify your identity depends if you previously added security info to your account and if you can still access them. Select from the two options below.

 

Option 1: You received and can select a verification option

Select which option to send the verification code to.

Select Next.

 

Option 2: No verification options are given or you can no longer access any of the options

If you don’t see an option for where to send a code or you no longer have access to any of the verification options shown, you won’t be able to reset your password this way.

Tip: If these steps didn’t work, or you have other account sign-in issues, use the Microsoft Sign In Helper tool.

 

3. Get a verification code

Depending on the contact method you chose, retype the first part of the email address or the last four digits of the phone number hinted at in the previous window.

 

Select Get code.

 

Microsoft will send a verification code to the email or phone number you selected.

Go to the recovery phone or email where you expect to receive the code.

 

Tip: If you didn’t receive a message, check your junk folder or if you selected the phone option, make sure your phone has service and can receive texts, and verify your phone isn’t set up to block texts from unknown numbers.



4. Enter code and reset password


Paste or type the code you received and select Next.

 

Type your new password and select Next.

How Professional IT Support saves money

We’re often asked how professional IT Support saves money for businesses. Clearly, we believe it does (we would, wouldn’t we?!) and in this blog, we set out the reasons why.

 

If you’re reading this then it’s likely that you fall into one of two kinds of business. It could be that you don’t have any professional IT Support in your company, or it could be that you do and for whatever reason, you’re dissatisfied with it. Either way, the savings rationale that follows will apply to you.

 

Firstly, let’s think about your car (Stick with us!). Most modern-day cars have sophisticated engine management systems that pretty much make maintaining the car yourself impractical. So you take it to a garage to do the maintenance work, whenever the next service interval comes along.

 

Even if you have (say) a classic car that allows you to do the servicing yourself, you accept the need for servicing the car, right? Of course, you do. If you don’t maintain the car, its performance will degrade and eventually, it will let you down. You depend on your car. It cant let you down. It’s a no-brainer.

 

So, back to the point. Your business depends on your computer systems, however simple or sophisticated they may be. So why wouldn’t you maintain them? Why would you allow them to gradually degrade in performance, and inevitably let you down? Surely that’s a no-brainer too?

 

If you agree, you’ve understood the first reason why professional IT Support saves money for businesses. 

 

Efficiency

 

So now you’re getting your IT systems maintained professionally, how is it saving you money? Well, one word – efficiency. 

 

Professionally-maintained systems don’t go wrong very often. So that means all your employees can get on with their jobs. We have gotten IT out of the way, as it should be. It should be there to facilitate, not frustrate your business.

 

The other efficiency gains come from having IT Technicians readily available for any issues that may come up. Instead of potentially wasting hours trying to fix them yourself. A huge efficiency gain.

 

We put it like this: there are two aspects to how professional IT Support saves money for businesses.

 

  • The proactive maintenance that we conduct (patching, health checks and so on) to ensure everything is running smoothly

 

  • The reactive support that we provide, when you do need help with something.

 

So there you have it! Professional IT Support, thanks to efficiency savings in your business, more than pays for itself. 

 

If you would like to get in contact for a no-obligation consultancy on how Fresh Mango will help your business save money, please do so here.

 

FRESH MANGO TECHNOLOGIES TESTIMONIAL

Allott and Associates Ltd’s relationship with Fresh Mango (originally CCS 2000) has flourished since they came to our rescue when we had server issues caused by a hard disc problem…

Allott and Associates Ltd’s relationship with Fresh Mango (originally CCS 2000) has flourished since they came to our rescue when we had server issues caused by a hard disc problem. This involved working to a critical deadline – which our original supplier based in Wales was unable to meet.

At short notice Fresh Mango was able to resolve the issue, installing new mirror drives. Since then, the companies’ relationship has gone from strength to strength. Fresh Mango now supplies Allotts with computers, supports our entire network and successfully deals with any technical challenges ranging from system failures to resolving encryption issues to ensure our UK GDPR compliance.

Overall, we are delighted with the service provided by Fresh Mango and recently renewed our contract for a further 12 months. Keep up the good work!

Testimonial – Philip Allott – Allott and Associates Ltd 

How to reduce your reliance on your IT company

What am I on about? Well, I’m evangelical about ensuring my businesses educate our customers on all matters IT, so you can actually REDUCE your reliance on your IT company…

Am I crazy? Possibly. Probably! Maybe… Who knows? Who gets to decide anyway?

What am I on about? Well, I’m evangelical about ensuring my businesses educate our customers on all matters IT, so you can actually REDUCE your reliance on your IT company. Logically that means in time they won’t have to spend as much money with my businesses, or they may even be able to drop us completely and do it (IT – geddit?) themselves. Would you like to know how to reduce your reliance on your IT company? Well, keep on reading…..

So let’s consider:

  • We’re providing FREE education on all matters IT to our clients (and everyone if you follow us on social media or this blog)
  • That FREE education reduces client dependence on us
  • Reduced client dependence means reduced fees for my companies
  • In the extreme you may feel that you don’t need us at all!

Simply put, we’re providing free education which may result in reduced income for us.

Yeah, that’s crazy.

Do you think?

Or maybe there’s something else going on? If so, what?

Confidence and trust, that’s what.

We’re confident that by educating our customers and their staff in computing and IT matters we will increase trust. And if we increase trust, they’ll continue their partnership with us.

Let’s face it, there are too many companies in IT who give the industry a bad name. We conducted a market survey last year, and the number one issue that came out was ‘Trust’. People rely on their IT provider to provide them with IT solutions appropriate to their business. Too often those people don’t understand what is being offered and can be left with an uneasy feeling of paying for something they don’t need.

That is absolutely not what any of my businesses are about. The last thing I want is for our customers to feel that way. We want – we need – you to feel assured with your IT solutions. The only way we can do that is through education and trust.

That’s why if you follow us on social media (Facebook, Twitter, LinkedIn) you will see, at least weekly, tips on all matters IT.

That’s why this year we implemented our ‘IT Roadshows’ – we visit all our contracted customers and present to every member of their staff. What we do, why we do it, computer usage tips,  cyber security tips. Free.

That’s why all our staff are instructed to communicate in plain English – to explain any matter IT in a way that the recipient understands. No bamboozlement.

And that’s why all our staff sign-up to our cultural values. You can read them all here.

 

Crazy? If doing what is right for our customers is crazy, then fine, guilty as charged!

Thanks for reading, until next time…

Truth Legal – CCS Featured Business

Victoria Notman of Truth Legal in Harrogate is proud to be a CCS Featured Business partner! Guy Phoenix, the Managing Director at CCS, comments: ‘We’ve been delighted with the attention to detail and thoroughness of the support provided by Victoria, and highly recommend her services’.

As an employment lawyer and HR adviser at Truth Legal, Victoria works alongside us on employment matters. With over 15 years’ experience under her belt, she is an expert in navigating her clients safely through the minefield of employment rights, duties, procedures and best practice.

Victoria Notman
Victoria Notman at Truth Legal

Originally from Cumbria, Victoria studied law at university and went on to train as a solicitor with a leading commercial law firm. Her legal life has been solely dedicated to practicing employment law. Whilst she may come from a commercial background, she prides herself in being first and foremost a “people person”. She worked at Pinsent Mason and Mills & Reeve before moving to Harrogate to join Andrew Gray and the legal team at Truth Legal.

Victoria says she has three goals as an employment practitioner:

  • To know the law;
  • To understand the issues;
  • To find the solution.

Whilst she advocates ‘prevention’ by thorough training and effective implementation of employment rights, policies and procedures, she is also “a safe pair of hands” when it comes to ‘curing’ a problem thorough effective Tribunal representation, negotiation and economic settlement.

Victoria offers a 360-degree approach in her legal and HR services. As your business partner her three goals are:

  • To understand your aims and ethos as an employer;
  • To help you face your problems, deal with them effectively and avoid them in future;
  • To simplify the legal landscape into straight-talking solutions that fit with your business aims and ethos.

She understands that one size doesn’t fit all businesses when it comes to legal and HR services.

She understands that your business is unique and tailors her approach to find your best fit for business.

Find out more about Truth Legal via their website. 

Backing up and protecting your data – the basics

I was asked at a networking meeting recently for recommendations on best practices for backing up a laptop and protecting data. It was in the context of an individual who has sensitive data on their laptop, and what follows were my recommendations. It’s worth noting that these recommendations apply as much to SMEs as they do to an individual.

  1. We recommend a belt and brace approach. A local backup server and a cloud backup system. This applies to single-PC/laptop users and companies with servers and networks alike. Local backups protect you from internet accessibility failures (they do happen!) and cloud backup protects you from local failures, and is also an invaluable defence against Ransomware.
  2. Cloud storage is NOT a secure Cloud backup system. A professional cloud backup system has end-to-end encryption and provides for a complete system restore. Files in Cloud storage are fully susceptible to ransomware. Find out more here: https://neovault.net/
  3. Anyone who has access to company systems -whether an employee or not, whether local or remote – should be subject to the same IT and security policies as locally-based employees. If you don’t have any IT policies in place, strongly recommend that you do so.
  4. Anti-virus and anti-spam software should be professional, ie paid, versions
  5. Mobile devices carrying personal data – client, employee, supplier etc – are a GDPR risk and need to fall under the company IT policy umbrella
  6. Encrypt the hard drives on your laptops

Hoping this provides some useful guidance!

Interview with Guy Phoenix, Group Managing Director, on the Harrogate Podcast.

A recent interview conducted by Andrew Gray of Truth Legal, with our Group Managing Director Guy Phoenix. Guy talks about his business background and provided recommendations…

A recent interview on the Harrogate podcast was conducted by Andrew Gray of Truth Legal, with our Group Managing Director Guy Phoenix. Guy talks about his business background and provided recommendations to anyone looking to start their own business.

Podcast – Social Media Cyber Perils

Check out our MD Guy Phoenix on Great Yorkshire Radio discussing social media cyber perils and what SMEs can do to protect themselves…

Check out our MD Guy Phoenix on Great Yorkshire Radio discussing social media cyber perils and what SMEs can do to protect themselves.

Podcast – Cyber Security on the Harrogate Business Hour

Check out our MD Guy Phoenix on the Harrogate Business Hour discussing cybersecurity for SMEs with Andrew Gray of Truth Legal Solicitors.

Check out our MD Guy Phoenix on the Harrogate Business Hour discussing cybersecurity for SMEs with Andrew Gray of Truth Legal Solicitors.

What if I told you the biggest risk to your business succumbing to online crime is you and your staff?

Yes, you and your staff are the biggest risk to your business. This is an actual case study of a cyber-crime that we dealt with in 2018.

Yes, you and your staff are the biggest risk to your business. This is an actual case study of a cyber-crime that we dealt with in 2018.

The Start

A local company in Yorkshire (previously unknown to us) approached us, asking us to come and take a look at one of their computers, they had been hacked.

On investigating it was apparent that they hadn’t just been hacked; in-fact they had lost a six-figure sum. It was an existential threat to their business.

We have standard protocols for dealing with cyber attacks, and in this case we immediately:

  • Quarantined the computer in question
  • Conducted a full security sweep of their systems followed by password changes

Day One actions

During this first contact, we observed signs of bad practice. A USB stick was lying next to the infected computer.

‘What’s that doing there?’ I asked.

It turned out that they had been advised to take a copy of software and data they needed from the infected PC and transfer it to another PC on their network so they could continue working on the data in question. (Astonishingly, they had been advised to do this by their principal software provider!). This meant there was a risk that malware had also been transferred.

We quarantined another PC and then the whole network, followed by a full security sweep.

Follow-on actions

Having plugged the immediate gap, we were asked to conduct a complete examination to confirm what happened, how it happened and to report on the same.

We were also asked for recommendations on their wider cyber security arrangements.

Our findings were quite illuminating.

What the hackers did

A Phishing email was sent to one of the client’s generic email accounts. One person monitors these and this one, marked for the attention of accounts, was forwarded on to the accounts team.

Only one person was in the accounts department that day. They opened the email and downloaded the attachment. Nothing happened, so they disregarded it and moved on.

That night the hackers were in and out in under an hour. The attachment had opened a direct link from the hackers to the individual PC. They accessed the client’s accounting system and changed the bank account details of their eight largest suppliers. They then logged out and did nothing else, so there was no sign that anything untoward had happened.

Until 6 weeks later when suppliers started to ring up and ask where their monthly payments were. That’s when we were called in.

What we did

We produced a police-actionable report on our findings and this was submitted to local police and cybercrime units in London. The hackers appeared to be in Hungary, but in fact, were traced to South-East England.

The perpetrators were found and successfully prosecuted in September 2018. All but £9k of the stolen funds were recovered. Obviously, the client was relieved and delighted with this given the circumstances.

However, it could, and should have been zero, and here are the reasons why.

How it could have been prevented – the biggest risk to your business

The client did not have professional IT management in place – they thought (incorrectly) that their software provider took care of it. Had professional IT support been in place, the software that infected the original PC would not have done so – no download would have been allowed through automated procedures. Even if the software had somehow got through, the hackers would not have been able to gain access to the accounting systems, again due to procedures and policies that professional IT management would establish.

None of the staff had cyber hygiene training. With that training, either (or both) of the email recipients could have spotted the potential issue.

Protective monitoring software would have spotted the incoming email and also the late-night access. No such software was in place.

So, there was any number of ways that the attack could have been foiled. As the title states, you and your staff represent the biggest risk to your business succumbing to online crime.

Cybercriminals depend on two things:

  • Trust – or to put it another way, a lack of cyber hygiene knowledge. The human factor is responsible for 80% of successful cyber crimes
  • Poor IT setup and systems– it’s a false economy to set up and manage your own IT systems if you aren’t a trained IT professional

Summary

Since this event, the client has implemented professional IT support (through us), cyber security software (from us) and IT policies in accordance with our recommendations.

A fascinating story right?! Before you close this webpage, let me ask you -are you going to act right now on your cyber security arrangements?

Yes? Good. You should. You can start by requesting our free cyber assessment questionnaire, or arranging an online call with us to conduct it with you face-to-face. We’ll assess your cyber risk and send you our recommendations, free of charge, no catch.

Later? When? Why the delay? Cybercrime is the fastest growing criminal enterprise in the world, it is the biggest risk to your business.

No? OK, well thanks for reading and best of luck! Remember – the biggest risk to your business succumbing to online crime is you and your staff.

We don’t ever want to say ‘told you so’…

Free Public WIFI advice

A recent v-log from Guy Phoenix on use of public free wifi networks – some best practice advice from Fresh Mango in a short 2-min video!

Here’s a recent v-log from Guy Phoenix on use of public free wifi networks – some best practice advice from Fresh Mango in a short 2-min video!

If you enjoyed this VLog, you may like this blog piece!

Why Companies like yours are seeking Cyber Hygiene Training for their staff

Why Companies like yours are seeking Cyber Hygiene Training for their staff. We all see the headlines on the news – ‘millions of records breached’, ‘company loses £££ hundreds of thousands in hack’ etc…

Why Companies like yours are seeking Cyber Hygiene Training for their staff.

We all see the headlines on the news – ‘millions of records breached’, ‘company loses £££ hundreds of thousands in hack’ etc. And let’s be honest, after a while it’s just white noise in our busy lives.

Besides, it won’t happen to me, will it? We’re just a sole trader/small/medium sized business.

Sorry, but no. It will. Without exaggeration, we’re receiving reports of breaches on a daily basis now. And we can say from our own experience that the often quoted statistic – that 80% of breaches are a result of staff inadvertently causing them – is spot on.

That’s where cyber hygiene training comes in. Here are some of the many reasons why companies like yours are now investing in cyber hygiene training.

  1. Firstly, they know that around 80% of successful cyber breaches are due to a lack of staff knowledge.
  2. Secondly, they know that a cyber breach could cost them tens, if not hundreds, of thousands of pounds; possibly it could cost them their business altogether
  3. Also, they’re worried about falling foul of data protection laws and getting huge fines
  4. Fourthly, they know that investing in cyber hygiene training is the most cost-effective way to protect their businesses, even if they already have firewalls and anti-virus software
  5. Lastly, I guess very simply, they just want peace-of-mind.

Poor education and user awareness of the cyber threat can often be the easiest way for an attacker to gain access to your business systems.

By providing cyber hygiene training on operating safely within a cyber context to your staff, you will reduce the potential of attack through social media, internet browsing and routine emails.

Plus, it isn’t expensive! CCS have online courses from just £35. That’s right – £35! Compare that to the existential threat and costs of a cyber breach to your business. It’s a no-brainer isn’t it?

You can get in touch and request a free cyber assessment by contacting us – here are the details.

 

The impact on a Brand of a cybersecurity breach

This is the Transcript of my recent video log (The impact on a Brand of a cybersecurity breach) – my voice is difficult to hear since I was asked to keep it down by the BA Cabin staff for disturbing other…

This is the Transcript of my recent video log (The impact on a Brand of a cybersecurity breach) – my voice is difficult to hear since I was asked to keep it down by the BA Cabin staff for disturbing other passengers. {Sorry!}

I’m actually making this Vlog on board a British Airways flight from London to Austin in the United States, where I’m looking forward to a much needed holiday, taking in the Austin City Limits Music Festival and the Formula 1 Grand Prix – GO LEWIS!

I’ve been incredibly fortunate to be upgraded to First Class by BA, and I’m going to make a separate Vlog for my marketing business to highlight what it’s like. In this Vlog I’m actually focusing on cyber security.

A couple of weeks ago I was invited to present at the Brand Yorkshire conference in Harrogate in the UK. The topic was the impact on a Brand of a cybersecurity breach. I highlighted a few companies to exemplify best and worst practice, and one of the companies I talked about was BA, since they were victims of a cyber breach this Summer. I thought I would take the opportunity on board a long BA flight to reiterate what happened to BA and what they did about it.

What happened?: For more than two weeks this summer (August 21 to September 5), hackers were inside the systems of British Airways.

They took the personal and financial details of customers who made, or changed, bookings on ba.com or its app during that time.

Names, email addresses and credit card information were stolen – including card numbers, expiration dates and the three digit CVC code required to authorise payments.

Around 380,000 transactions were affected. BA blamed a “sophisticated” group of cyber criminals but didn’t give any more details. A post on its website says people should contact their banks, people will be reimbursed and it will pay for a credit checking service.

In summary, BA gave Full disclosure. Recommendations on their website. Contacted the customers.

Now I asked the conference where I presented, what could BA have done better about this cybersecurity breach? Well, it was a bit of a trick question, because I actually think BA did an excellent job – and I’m not saying that because they just upgraded me! They got out in front of it, were open and transparent, contacted their customers and told them what to do, and assured them that they would cover any costs. The additional credit check service was a nice touch too.

The conclusion of my talk highlighted how businesses can prepare for something like this. The first aspect of course is prevention – stop the cybersecurity breach from happening. The BA breach was sophisticated, nonetheless there are means of ensuring your website is protected and monitored. Similarly there are methods for protecting IT systems in general, notably:

  • Cyber Hygiene Training for all staff – 80% of successful attacks are a result of poor cyber hygiene training
  • Software Measures – know when you’re under attack. Continuous Performance Monitoring can alert you to potential attacks and breaches – externally and internally
  • Vulnerability and Cyber Assessment Audits – getting a third party to conduct a thorough and holistic review of your cyber security is the best way to get started on the road to a robust and secure business.

It won’t surprise you to hear that my IT companies – Fresh Mango Technologies (based in the Caribbean) and CCS (based in the UK) provide these services to clients. It’s also worth me pointing out that they aren’t hugely expensive. We have a starter package for SMEs which costs just £195 or $295 a month. When you consider the cost of a breach – frankly it can be an existential threat to most SME’s – it’s well worth the investment.

Finally, from prevention we go to the post-breach action plan. You need a crisis management plan in place. There are plenty of recommended PR plans available online, my favourite is the Adweek plan, because it’s straightforward:

  • Get your plans in order
  • Triage the problem
  • Respond quickly on social
  • Be honest, transparent and direct

I don’t think you’ll be too surprised to hear that my marketing agency can assist with this as well!

Anyway, I think it’s clear that British Airways had options for a  robust crisis management plan in place, and their execution of the same was very good indeed. We had a show of hands at the conference, asking the question who would book on BA.com again. There was an overwhelming majority saying they would without hesitation. Clearly a job well done!

OK, that’s the end of this Vlog, hope you enjoyed it and if you’d like to find out more about how my businesses can help your business, please get in touch. Just drop a message on the social media channel or blog where you saw this video and we’ll get back to you.

Your Dream Car

Maybe sports cars aren’t your thing? How about a luxury brand Grand Tourer like a Bentley or Aston Martin?

What’s your dream car?

A Ferrari? Maybe a Lamborghini or Porsche?

Maybe sports cars aren’t your thing? How about a luxury brand Grand Tourer like a Bentley or Aston Martin?

Maybe you have a young family and so your ideal car is something that can fit the whole family and also rates high in the Safety ratings?

Or perhaps you aren’t really a ‘car person’ and just want something reliable or practical? A Toyota, or a Ford or similar?

Whether your car is a dream, something ideal for your needs, or just a practical run-a-round, I bet there’s one thing they will all have in common.

You service them. Regularly.

Whether you service the car yourself or the local garage/main dealer services the car, you get it serviced.

Why?

Well, it’s kind of a no-brainer really. Servicing the car regularly ensures it runs smoothly and efficiently. It keeps the fuel-consumption optimal. It allows parts and tyres to be replaced before they fail or become dangerous.

It minimises your chances of a break-down, which as we all know creates huge inconvenience.

In short, proactive maintenance of your car ensures it runs smoothly and safely.

Given the context of this blog, no doubt you’ve figured out the analogy by now.

Proactive IT maintenance of your IT systems ensures your computer systems, and therefore your company, run smoothly and securely.

Servers, network equipment, desktops, laptops and Macs (yes Macs – see our earlier blog piece on the need to keep Apple Macintosh equipment updated) all need regular maintenance.

What’s more, they need to be serviced more regularly than your car. The major software providers, notably Microsoft, issue updates and patches regularly. These updates typically include bug fixes, improvements and upgrades. Most notably they include measures to combat recently-identified cyber threats.

Without professional, proactive IT maintenance and management of your IT systems, they will quickly degrade. Worse, without many of the ongoing updates, you may be leaving your company open to a successful cyber attack.

That’s why Managed Service Provision from Fresh Mango incorporates monthly maintenance of your server and networks as standard. That’s not all; to be truly proactive, an IT service needs to do much more than this. That’s the subject for another blog piece another time though.

So, next time you take your car in for maintenance, take a moment to think about your corporate IT. Is it helping your business run smoothly and securely?

If you can’t answer that question with an honest ‘yes’, make Fresh Mango your next call.

If you enjoyed this article you may also be interested in Children & Technology: Cookies, Webs & Touchscreen.

VIPRE Nailed Every Major Independent Test

The industry’s three leading independent testing agencies ranked VIPRE with the best of the best…again.

VIPRE simply nailed every major independent test. AV-Comparatives, AV-Test, and Virus Bulletin are like the Consumer Reports of the antivirus software world. In fact, their reviews are so rigorous that some companies flat out refuse to test. But VIPRE went all in, and we scored big across the board—from perfect scores and zero false positives to being named a Top Rated Product for 2017.

This latest round of unbiased testing proves VIPRE’s unwavering commitment to advanced protection and usability. See the complete performance summary for yourself here.

 

Take a look at this great blog piece!

Convenience and cyber security

I’ve been thinking a lot about convenience and cyber security lately. Many of the most successful products and services make our lives more convenient. So much so that we take many of them for…

I’ve been thinking a lot about convenience and cyber security lately. Many of the most successful products and services make our lives more convenient. So much so that we take many of them for granted, probably to the point that they’re considered ‘Staples’ rather than modern conveniences.

Modern Conveniences

Washing machines, microwaves, mobile phones… and now we have voice-activated systems such as Google Home and Amazon Echo. Step-by-step new products make modern life a little bit simpler and easier. They are convenient; they allow us to get on with doing other things, whether for work or leisure.

Unsurprisingly we’re not keen to give up these hard-won conveniences. Would you give up your washing machine? Probably not, I know I wouldn’t. Yet my Grandparents never owned one! That’s just two generations ago.

What about your TV remote control? Probably a bit more easier to live without, but in these days of thousands of channels being available it would make choosing channels a pain. Yet I grew up as a boy with a TV that didn’t have remote control – it hadn’t been invented. We were considered privileged for having a colour TV! That’s less than 40 years ago.

The internet and mod-cons

Fast forward to 2018. The internet has become integral to our lives – business, personal, leisure, everywhere. Many governments have passed legislation to instate internet as a ‘Utility’, giving it the same precedence as electricity, natural gas and water supply.

Boiled down, the internet represents convenience. I can buy pretty much anything I need on the same laptop I’m writing this blog piece on. Pay my bills? Online. Book my next flights and holiday? Sure. I can manage my bank account. Less than 20 years ago all of these would have required a journey to buy goods, services or take care of my bills. The shopping centre, the bank, the travel agent, and so forth.

Would I want to go back to that? Absolutely not! Would you? I doubt it. The internet makes our lives easier and more convenient.

But (you knew there was a “but” coming). By making our lives more convenient, the internet has opened us up to a concept that never existed until late in the 20th century – cybercrime. Protecting ourselves against it does, regrettably, entail giving up some of the convenience of the internet we’ve all become so accustomed to.

Convenience and cyber security don’t immediately feel as if they are symbiotic.

Making life easier for our customers

In the past week, I visited the dentist and also a client with leisure facilities. Both had their wifi network and passwords on public display. Why? Well, it’s convenient for their customers. It’s nice if they have to wait a while to be able to get online. It’s also convenient for them. They don’t have to field requests for the wifi password. Everyone saves time and is more productive right?

Wrong. There is an assumption that everyone with access to the facilities has good motives. What if they don’t? By providing access to your wifi network you potentially provide access to your:

  • IT network
  • Systems, files and folders
  • Client and supplier databases

Do you want absolutely anybody to access these? Of course not, yet that’s what these businesses had done, either inadvertently or with the best motives, or both.

Putting aside the implications of a data breach and fine under GDPR (and you shouldn’t – they’re serious), you’re putting your business at risk. For the sake of a wifi password! As I said, convenience and cyber security don’t appear to align.

Aligning Convenience and Cyber Security

This is just one of the almost countless examples where I see businesses putting convenience ahead of IT security. There are actually relatively straightforward measures that can be taken to improve your online and IT security, without giving up too much convenience. They cost a modest amount of money but compared to the consequences of a cyber breach they really aren’t costly at all.

With SMEs now officially the most targeted businesses for cybercriminals, isn’t it time to give up a small amount of convenience for the well-being of your business?

Convenience and cyber security can go hand-in-hand, you just need to take the appropriate measures, thanks for reading CCS’s latest blog.

Foundations of IT Security

I’ve been thinking a lot about triangles lately. Not the musical kind, but rather how they are such a useful (and simple) means of conveying building blocks and foundations. Notably the Foundations of…

I’ve been thinking a lot about triangles lately. Not the musical kind, but rather how they are such a useful (and simple) means of conveying building blocks and foundations. Notably the Foundations of IT Security:

Foundations of IT Security

With this (very) basic illustration I’d like to convey the main message of this blog piece. Namely that it’s essential to have a professionally established and managed IT infrastructure in your business before you embark on cyber security assessments, hardening, plugging gaps and so forth. In other words, get your foundations of IT security in place.

Cyber security is all the rage presently but, let’s face it, the requirement will never go away as long as we have the internet. Regrettably there are talented IT people who direct their energies towards obtaining information about individuals and companies for their own financial gain. We can’t change that, we can do our best to protect ourselves against it.

So what strategies can be employed to counter the cyber threat? Well, the cyber services offered by CCS are aligned to provide all the necessary counter measures, including:

  • Cyber Awareness Training
  • Continuous Protective Monitoring
  • Cyber Intelligence Assessment
  • Cyber Assessment Services
  • Cyber Essentials Scheme
  • Cyber Security Support Packages
  • ISO27001 compliance

All of these are outlined in detail on the CCS website. However, before embarking on any of these services, you should consider the following basic questions relating to your current IT infrastructure.

  1. Do you have a password policy and enforced password-change policy?
  2. Do you have a server? If so, do you insist that all staff store their data on the server, not their desktop PCs?
  3. What operating systems are you running on your server and PCs? Are they still supported? (Take a look at Microsoft out-of-support systems here)
  4. Do you know if you have conducted health-checks on your server and PCs in the last 6 months?
  5. Do you have backup solutions in place for your data?
  6. Do you have a paid antivirus solution in place? (Sorry – as with all things in life you get what you pay for. Free anti-virus does not provide anything close to sufficient protection)
  7. Do you have a Firewall in-place?

If you can’t honestly answer yes to these questions (and many others not touched upon here), then you need to obtain professional advice and management for your IT systems. Ignoring the security aspects for a moment, if you take care of the above matters your internal systems will run more efficiently. However, you really can’t ignore the security aspects. SMEs are just as likely to be targeted as big corporations.

So whether you’re a small, medium or huge business, professional IT system setup and management form the basis of your foundations of IT security. They’re a pre-requisite for cyber security.

Please, get it done, if for no other reason than you’ll sleep easier at night.