The copper switch-off explained for London businesses and building operators | Book your free copper audit

Imagine waking up one morning, turning on your computer, and finding that all your important files – everything from customer data to financial records – are locked. Tight.

And then a scary message pops up demanding a ransom fee to unlock them.

That’s ransomware in a nutshell. It’s a type of malicious software that hijacks your data and holds it for ransom.

It usually starts with an innocent-looking email or link. You might get an email that seems legitimate, asking you to click on a link or open an attachment.

This is known as a phishing email, where the sender appears to be genuine but isn’t. Once you click, malicious software is silently installed on your system. From there, the cyber criminals quickly go to work.

They’ll be encrypting your files so you can’t access them. Then, you get that dreaded ransom note, demanding payment in exchange for a decryption key to unlock your files. Paying the ransom is a risky move because there’s no guarantee you’ll get your data back, and it just encourages the attackers to target more victims.

2023 was a particularly bad year for ransomware, with attacks surging after a two-year decline. According to a report, there was a huge increase in ransomware incidents, breaking a six-year record.

One reason for this spike is the rise of something called Ransomware-as-a-Service (RaaS). This model lets cyber criminals "rent" ransomware tools, making it easier than ever for them to launch attacks.

As a result, more businesses are finding themselves posted on data leak sites, with a 75% increase in the number of victims between 2022 and 2023.

Ouch.

And it gets worse. Attackers are getting smarter. They’re developing new variants of old ransomware, sharing resources, and using legitimate tools for malicious purposes.

They’re also working faster, often deploying ransomware within 48 hours of gaining access to a network. And they tend to strike outside of work hours, such as when you’re tucked up in your bed, so they’re less likely to be noticed.

If your business falls victim to a ransomware attack, the consequences can be devastating. You might face significant financial losses, not just from the ransom itself but also from the cost of downtime and recovery.

There’s also the risk of losing critical data if you can’t decrypt your files.

Your reputation could take a hit if customers find out their information was compromised. Oh, and your business operations could be severely disrupted, affecting your ability to serve your clients.

The most important question then: How can you protect your business from this growing threat?

• Start by educating your team. Make sure everyone knows how to spot phishing emails and avoid suspicious links and attachments
• Regularly back up your critical data and securely store those backups offline
• Keep your software and systems up to date with the latest security patches, and invest in strong security tools
• It’s also important to limit access to your data. Only give employees access to the information they need for their jobs
• Monitor your network for unusual activity and have a plan in place to respond to incidents quickly

If you do get hit by a ransomware attack, don’t panic. Work with cyber security experts (like us) to resolve the issue.

Remember, it’s best not to pay the ransom, as it only fuels the cyber criminals’ activities.

My team and I help businesses take proactive action to protect their data. If we can help you, get in touch.

If you use Google Chrome in your business, you’re probably familiar with extensions. These useful tools can enhance your browsing experience in countless ways, from blocking annoying ads to reducing distractions.

Extensions are incredibly popular because they can add so much functionality to your browser. But just as you need to be careful when installing new apps on your phone, you must also be cautious when adding new extensions to your browser. That’s because they come with a risk of malware.

It’s short for malicious software – that’s any software intentionally designed to cause damage to a computer, server, or network. Cyber criminals use malware to steal data, hijack systems, and even empty your bank accounts.

Google Chrome holds about 65% of the browser market share worldwide, making it the most popular browser by far. This popularity makes Chrome a prime target for cyber criminals. While cyber attacks sometimes exploit vulnerabilities in the browser itself, there’s an easier way to target Chrome users: Through malicious extensions containing malware.

Although Google keeps a tight watch on its Chrome Web Store, the risk is still there. A recent report claims 280 million people installed a malware-infected Chrome extension between July 2020 and February 2023. That’s a huge number and highlights the importance of being vigilant.

Surprisingly, many malicious extensions remained available for download on the Chrome Web Store for a long time. On average, malware-filled extensions stayed up for 380 days, while those with vulnerable code were available for about 1,248 days. One particularly notorious extension was downloadable for 8 and a half years before being removed.

So, how can you protect yourself and your business from these malicious extensions? Here are five steps we recommend.

1. External reviews: Since checking ratings and reviews on the Chrome Web Store isn’t always reliable (many malicious extensions don’t have reviews), look for external reviews from trusted tech sites to judge whether an extension is safe.
2. Permissions: Be cautious if an extension asks for more permissions than it should. If a new extension requests extensive access to your data or system, this could be a red flag.
3. Security software: Use robust software to catch malware before it can do any harm. This is your last line of defence if you accidentally install a malicious extension.
4. Necessity: Before installing any new software or browser extensions, consider whether you really need it. Often, you can achieve the same functionality visiting a website.
5. Trusted sources: Only install extensions from trusted sources or well-known software providers. This significantly reduces the risk of downloading a harmful extension.

Chrome is the most popular browser, which means it will always be a target for cyber criminals. Google’s security team works hard to review every Chrome extension to ensure they are safe, but it’s still crucial to be vigilant.

If you’re unsure whether your extensions are safe or not, or you’d like more advice around keeping your business secure, our team can help. Get in touch.

Microsoft recently announced that all Azure sign-ins will soon require multi-factor authentication (MFA) to boost security. Even if you don’t use Azure, a cloud computing platform, this is something you should pay attention to. Because MFA is one of the simplest and most effective ways to protect your digital assets.

What is multi-factor authentication? Think of it like adding an extra security measure to the door of your business.

Normally, you log into your accounts with just a password. But passwords aren’t as safe as they used to be; cyber criminals are good at cracking them. MFA adds another layer of security. It’s like saying, “OK, you have the key, but I’m going to need to see some ID too.”

After entering your password, you’re asked to verify your identity a second time. This could be a code sent to your phone, a fingerprint scan, or a quick tap on an app like Microsoft Authenticator. It’s an extra step, but an important one. Even if someone manages to steal your password, they’d still need this second form of verification to get into your account. That’s a massive roadblock.

Yes, adding another step to your sign-in process might sound like a hassle. But the reality is, it’s a small inconvenience that can save you a lot of trouble down the road. Imagine the fallout if someone gained access to your sensitive business information. The cost of a breach, in terms of both money and reputation, is much higher than the few extra seconds it takes to use MFA.

There are a few different ways to set up MFA. Some people prefer getting a one-time passcode via text message, while others like the convenience of a push notification on their phone. Biometric options, like fingerprints or facial recognition, are also becoming more common. And for those who want something extra secure, there are physical security keys that plug into your computer.

Microsoft’s push for MFA with Azure is just the tip of the iceberg. The truth is this kind of security measure is a business security basic.

Need help setting this up and making it easy for your business? It’s what we do. Get in touch.

If you’re like most people, you probably find system updates a hassle. They take ages and those big downloads eat up precious bandwidth and storage.

Good news then: Microsoft is about to make your life a whole lot easier with the upcoming Windows 11 24H2 update.

It’s introducing something called ‘checkpoint cumulative updates.’ That might sound a bit technical, but don’t worry – it’s simple and very beneficial.

Normally, Windows gets its updates every month. These are known as cumulative updates, which bundle all the latest fixes and enhancements together. These bundles can be large and take a while to download and install.

The new checkpoint cumulative updates change this process. Instead of downloading a big update every time, your system will now receive smaller updates more frequently. These are tweaks to the last major update or checkpoint.

So, what does this mean for your business? It’s great news… you’ll spend less time waiting for updates to finish so you can get back to work.

And, if you have a limited internet connection, smaller updates are a blessing. They use less bandwidth, so less chance of interrupting someone else’s video call.

The best part? All of this happens automatically through Windows Update. You don’t need to do anything differently. Your system will keep running smoothly, with most updates happening in the background. This seamless experience ensures that your work is not interrupted.

This isn’t the first time Microsoft has streamlined updates. When Windows 11 was first launched, Microsoft used new compression technology to reduce the size of updates by 40%. With the 24H2 update, they’re taking it a step further to ensure that your experience is even more efficient.

It’s also worth noting that while this new update system will be standard for Windows 11 and the upcoming Windows Server 2025, it’s less likely to be implemented for Windows 10, as that version is nearing its end of life. This means there’s even more incentive to upgrade your business to Windows 11 if you haven’t already.

Want to migrate to Windows 11 with zero hassle? We’re the people to talk to.

Staying on top of how your technology is set up is crucial for maintaining a reliable network. And one often-overlooked aspect is managing which applications start up when your business’s PCs start up.

With lots of software wanting to auto-start, it can slow down your system and potentially introduce security risks. But did you know that Windows 11 offers a useful feature that alerts you whenever new apps are added to the startup list?

Every time you hit the power button on your PC, it loads a set of apps automatically. While some of these are essential, others might not be, and can slow down your system’s performance. Over time, as you install more software, your startup list can grow, leading to longer startup times and a slow experience.

Not only that but keeping an eye on startup apps is good security practice. Unwanted or unknown apps starting automatically can be a red flag for malicious software (malware) or other security threats. By receiving alerts about new startup apps, you can quickly identify and investigate any suspicious additions, making sure that your systems stay secure.

How do you enable these alerts in Windows 11? It’s a simple process:

• Start by opening the Windows 11 system settings. You can do this by clicking the Start menu and selecting the gear icon or by pressing ‘Windows + I’ on your keyboard.
• In the settings window, click on ‘System’ in the left sidebar, then select ‘Notifications’ on the right.
• Scroll down to the bottom of the notifications page. Just above Additional settings, you’ll find ‘Startup App Notification’, which is switched off by default. Move the slider to ‘On’.

From then on, you’ll receive a notification whenever a new application is added to the startup process. You can even customise what this notification looks like by clicking on the arrow next to the slider button, allowing you to adjust its appearance and sound to suit your preferences.

Turning on these alerts brings several benefits to your business. First, it helps keep your PCs running efficiently. By staying informed about new startup apps, you can quickly disable any unnecessary software that might be slowing down your system. This means faster start times and better overall performance, allowing your team to get to work without delays.

Secondly, it enhances security. Receiving alerts for new startup apps means you can immediately investigate any unknown or suspicious additions. This proactive approach helps prevent potential security threats from taking hold, safeguarding your business data and systems.

Lastly, it’s a great way to keep track of what’s installed on your machines. With various team members possibly installing different software, these alerts give you a clear overview of what’s being added to the startup list, making sure that only approved applications are running.

To further manage startup apps, you can use Task Manager. Press ‘Ctrl + Shift + Esc’ to open Task Manager, then select the ‘Startup’ tab. Here, you’ll see a list of all the apps that start with Windows, along with their impact on boot time. You can enable or disable apps by selecting them and clicking the appropriate button at the top right.

By regularly checking this list and using the new alert feature, you can keep your startup process streamlined and your system secure.

A better answer is getting someone to set all of this up and manage it for you. We specialise in making technology easy for businesses. If we can help, get in touch.

Here’s a topic that’s been making headlines and causing sleepless nights for many: Cyber extortion.

Is it something that’s on your radar? It should be, because it might affect your business one day.

What is cyber extortion?

It’s a type of cyber crime where criminals threaten to harm your business by compromising its data and digital assets unless a ransom is paid. These threats often involve ransomware, a malicious software that encrypts your data, making it inaccessible until you pay the ransom.

Sometimes, cyber criminals go a step further by stealing data and threatening to release it publicly on dark web leak sites if their demands aren't met. This dual threat is known as double extortion.

According to a 2024 report, the number of victims of cyber extortion scams has skyrocketed by 77% over the past year. What’s more, small businesses are four times more likely to be targeted compared to their larger counterparts. This is a worrying trend, especially considering that smaller businesses often have fewer resources to defend against these attacks.

In the first quarter of this year alone, 1,046 businesses fell victim to double extortion. That may not seem huge, but bear in mind the actual number is likely much higher since many cases go unreported, hiding in the shadows of what experts call the "dark number."

The truth is, all businesses, regardless of size or industry, are potential targets. However, certain sectors are more frequently attacked. Manufacturing, professional, scientific, and technical services, as well as wholesale trade, top the list. Alarmingly, the healthcare and social assistance sectors are also seeing a significant rise in attacks, despite the potential societal and political repercussions.

Cyber criminals are opportunistic and strategic. They target regions with strong economic growth and shared languages. For instance, cyber extortion attacks in the UK have increased by 96%.

While the rise in cyber extortion is a big worry, there are steps you can take to protect your business. Here are some key strategies:

Back up your data: Make sure you have a robust backup plan. Keep your critical data in an offline or offsite location and regularly test your backup restoration process.

Keep software updated: Make sure all your devices use the latest software, especially those connected to the internet.

Implement Multi-Factor Authentication (MFA): Strengthen your access controls with MFA. This adds an extra layer of security by requiring multiple forms of verification before access is granted (such as a code on a separate device). Also, limit user access to only the systems they need for their job.

Patch and vulnerability management: Regularly update your systems to fix any security vulnerabilities. Cyber criminals often exploit known weaknesses, so staying on top of patches can prevent many attacks.

By understanding what cyber extortion is and how it works, you can better prepare your business to defend against it. Remember, the key is to be proactive.

If we can help prepare your business and keep it safe, get in touch.