The National Cyber Security Centre (NCSC) has released its annual ‘Cyber Security Breaches Survey’.

The survey is used to inform government policy on digital security, educate British businesses, and ensure UK cyber space remains safe.

Data collected across over 2,400 business and 850 charities produced some startling statistics concerning the ever-looming threat of cyber-attacks infiltrating UK businesses’ digital footprint.

The report discovered that 39% of UK businesses detected an incoming cyber-attack during 2021. Phishing attacks made up a fifth of all threats identified – the most frequent type of malicious attack.

Organisations also revealed that ransomware was being recognised as a serious digital threat with 56% of businesses stating they have installed or will be introducing a company policy to not pay ransoms to cyber criminals.

Whilst 58% of small and medium businesses disclosed to outsourcing their IT Support service, only 23% of surveyed businesses had a cybersecurity incident management strategy in place that is more advanced than a basic endpoint antivirus.

NCSC promote a blend of regular cyber security learning and training processes within your business to better inform the deployment of traditional cybersecurity software measures across all the organisation’s IT systems.

This multi-layered approach aims to counteract the report’s discovery that a lack of cyber technical expertise amongst UK businesses is to blame for threats going undetected.

Similarly, a company-wide policy of digital hygiene erodes the false assumption that managed cybersecurity strategies are a cost to the business rather than a strategic, protective investment.

31% of business admitted being attacked at least once a week showing that any weak link in an organisation’s cyber defence can have grievous financial implications.

To mitigate this, we recommend organisations follow the NCSC’s guidance and adopt Cyber Essentials and Cyber Essentials +. The scheme requires businesses to meet or exceed an assured set of security requirements each year to protect against common forms of online crime, technology dangers and digital threats.

It is estimated that a Cyber Essentials certification can reduce your organisation’s risk of a cyberattack by 98.5% – contact Lineal to assist with your organisation’s application and to help you meet the requirements for a successful certification or re-certification today.

UK’s National Crime Agency (NCA) has urged the public to check the security of their email addresses and passwords after they uploaded 225 million unique passwords to hack-checking service Have I Been Pwned (HIBP).

With this addition of 225 million passwords obtained from cyber criminals, the NCA are urgently encouraging people to search for their own passwords on the website to check if their details are in the hands of hackers.

The 225 million passwords that were found in a compromised cloud storage facility were an accumulation of datasets both known and unknown.

HIBP is a free online service allowing users to search the now updated 853 million strong Pwned Password service database to see if their email or password has been compromised and in which specific historic or current data breaches their data was listed in.

Troy Hunt, owner of Have I Been Pwned, received a statement from the NCA reporting:

“During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility”

Hunt further revealed that Have I Been Pwned’s new data ingestion pipeline is now live. The service allows law enforcement agencies across the globe to upload compromised email addresses and passwords directly to the Pwned database and has already seen collaboration with the FBI. Hunt goes on to explain:

“During the course of their investigations, they come across a lot of compromised passwords, and if they were able to continuously feed those into HIBP, all the other services out there using Pwned passwords would be able to better protect their customers from account takeover attacks”

Compromised passwords present significant security vulnerabilities for UK businesses as identified in a National Cyber Security Centre study which revealed that UK businesses experienced 777 cyber incidents in 2021, up from 723 in 2020.

Protection of network login credentials and identification of breached passwords is essential to ensure companies’ data remains secure and to avoid ransomware attacks as exemplified in July’s devastating ransomware attack on Kaseya and the 500 million affected by data breaches on Facebook and LinkedIn In April.

Being Cyber Essentials Plus Certified, Lineal has identified the growing need for a managed cybersecurity solution for businesses of all sizes. Our cybersecurity package aims to safeguard your business’ data against a host of cyber threats across multiple platforms including password encryption keys.

For more information of how we can help secure your business, visit our Cybersecurity page

Lineal’s IT Support Teams are rolling out an important security change to the way we secure your Microsoft 365 accounts – enabling Multi-Factor Authentication (MFA) for all users.

We’re taking this step in response to a marked increase in account-theft attempts that we’ve seen in recent months; where previously MFA was an optional extra for added security, we’re now strongly recommending this be enabled across the board.

We feel this is an appropriate measure – in addition to having become a standard security measure across many web-based services in recent years, the advantages of MFA are increasingly recognised as vastly outweighing the downsides.

Who is affected by this change?

Every person with a Microsoft 365, Exchange Online or Azure user account licensed with Lineal.

What are the advantages?

An extra ‘factor’ at login drastically helps improve the security of your user account – making it difficult for any attacker who manages to obtain your username & password from logging into Microsoft 365 using your identity.

If your credentials are stolen from another website, or tricked from you via phishing email, this is no longer enough information for a hacker to be able to access your account from another location. Multi-factor authentication is estimated to stop over 99% of this kind of automated (harvested credential-stuffing) attacks.

Why are Lineal enforcing this?

We’ve encountered a noticeable increase in account-takeover attempts in recent months, with individuals’ work emails then being used for the onward spread of supply-chain attacks and phishing emails to others.

Multi-factor authentication is already standard practice across online-banking in the UK, and we believe it should be standardised for all identity-based online services.

How does it work?

In addition to your username and password, each user registers a third factor – typically either a mobile phone number (for SMS), smartphone authenticator app, USB security key or password manager – any of which generates a temporary code for login. This extra ‘factor’ verifies your identity – making it hard for a third party to log into your accounts, since they won’t have access to the temporary passcode.

There’s a short video introduction to MFA here, and you can learn more via our Client Portal guide here.

Which MFA method should I be using?

For preference, we recommend free Authenticator-app based MFA via Microsoft Authenticator, Google Authenticator or similar apps for iOS/Android. These are generally considered to be a more secure method than single-use SMS (text-message) codes, which have their weaknesses, with Microsoft and others announcing this method will be phased out.

However, even SMS-based MFA will be more secure than a standalone password, so we’ll still implement this where necessary.

Does my organisation need to budget for this?

No – although paid options are available if you need your MFA backed by Conditional Access or other security settings.

What’s the timetable for this change?

We’re aiming to have this change fully deployed by 2022.

What do I need to do?

Nothing for now – a member of your Lineal IT Support team will be in touch to discuss implementing the change.

What if I experience issues getting started with MFA?

Please contact our IT Support Teams via [email protected], 01271375999 or via our Client Portal, and one of our team will be happy to assist.

Microsoft have delivered emergency out-of-band patches for the PrintNightmare zero day print spooler vulnerability with more on the horizon.

The bug, CVE-2021-34527, is existent in all versions of Windows and exploits a remote code execution vulnerability where the Windows Print Spooler service improperly performs privileged file operations.

This vulnerability means that a cyber attacker could run arbitrary code leading to instilling programs; view, change or delete data and even go so far as to create new accounts with full user system rights for exploitative purposes on the system.

A cautionary Microsoft statement released outlined the situation with “the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”

Patches released are available for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10 and the no longer supported Windows 7.

However, Microsoft announced that security updates are not currently available for Windows 10 version 1607, Windows Server 2012 or 2016 and urges prompt installation of its patches to deter any attacks via the domain controller when made available in due course. Microsoft also offer workarounds to those unable to download the July patches including the shutting down of the Print Spooler Service and the disabling of inbound remote printing through group policy.

The proof of concept (PoC) was accidentally released by Chinese technology group Sangfor on GitHub, but was cloned and cached before the researchers realised their mistake and took down the PoC. The group were under the impression that the exploit had already been patched as part of Microsoft’s CVE-2021-1675 patch – a patch that Microsoft confirmed was distinct about a different attack vector and vulnerability issue associated with RpcAddPrinterEx.

The situation is continually updating and the latest news on Windows patch releases can be found here.

A new set of fragmentation vulnerabilities have been discovered which have the capacity to affect all WiFi enabled devices dating back to 1997.

There have been 12 identified separate vulnerabilities discovered by New York University Abu Dhabi researcher Mathy Vanhoef, named FragAttacks (fragmentation and aggression attacks) which have a dangerous data exfiltration potential to gather information about the owner of a WiFi enabled device and export it to a within-range attacker or to run malicious code to compromise the device; bypassing WEP and WPA security protocols.

Vanhoef announced that more than 75 tested Wi-Fi devices are affected by at least one of the FragAttacks vulnerabilities, but a majority of the devices are impacted by multiple CVEs. These tested devices included Huawei, Google, Samsung and Apple for mobile devices; computers from Dell, Apple and MSI; Xiaomi and Canon IoT devices; Asus, Linksys and D-Link routers; and Aruba, Lancom and Cisco access points.

Furthermore, the identified CVEs had the capacity to erroneously reassemble fragments encrypted under different keys, process fragmented as full frames and not clear fragments from memory when (re)connecting to a network. These vulnerabilities are named ‘FragAttacks’ due to the issues on how the WiFi network dissipates and then reorders data for easier transmission before reassembly at the receiving endpoint device.

Despite the existence of these unearthed vulnerabilities, WiFi Alliance released a statement saying that “There is no evidence of these vulnerabilities being used against WiFi users maliciously” and suggests protection methods to users through downloading “routine device updates that enable the detection of suspect transmissions or improve adherence to security implementations”

The video below demonstrates how the 12 discovered vulnerabilities can be used as a stepping stone to launch advanced malware attacks:

Adobe is warning customers of a critical zero-day bug that is active in the wild affecting its Adobe Acrobat PDF reader software.

The bug, tracked as CVE-2021-28550, affects eight versions of Adobe software (full list below) and exploits vulnerabilities in the software including arbitrary code execution, memory leaks and exposure of private information.

10 critical and four important vulnerabilities were addressed in Adobe Reader and Acrobat in addition to five critical flaws in Adobe Illustrator that were resolved by Tuesday’s security patch release. The technical specific details of the bug were not available to Adobe software users until after the 43 patch fixes were downloaded which meant that before manual user installation, the zero-day bug allowed for hackers to execute virtually any command on targeted systems.

Users can download these new security fixes by initiating the auto update feature of Acrobat and Reader by going to Help –> Check for Updates and installing via the Adobe Download Centre. This will remove the user intervention necessity to manually install security updates and allows Adobe products to update automatically upon detection of patch releases.

List of affected Adobe software versions:

– Acrobat DC, 2021.001.20150  and earlier versions - Windows

– Acrobat Reader DC, 2021.001.20150  and earlier versions – Windows

– Acrobat DC, 2021.001.20149  and earlier versions - macOS

– Acrobat Reader DC, 2021.001.20149  and earlier versions – macOS

– Acrobat 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat Reader 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat 2017, 2017.011.30194  and earlier versions – Windows & macOS

– Acrobat Reader 2017, 2017.011.30194  and earlier versions – Windows & macOS

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

For IT expertise and support, please contact our team today.

Cybersecurity experts are warning against a prevalent new strain of macOS ransomware for Apple devices dubbed ‘EvilQuest’ – packaged alongside pirated versions of popular apps.

Like most ransomware, EvilQuest encrypts all the Apple user’s files and demands a $50 ransom for decryption within 72 hours.

While many Mac users believe malware for Apple devices does not exist – this is simply untrue. The newest strain comes after similar infections spreading between Mac users in recent years, including KeRanger and Patcher.

EvilQuest is also a more sophisticated effort than most attempts by cybercriminals: the app is correctly code signed, with a very convincing installer, and even overpowers the Mac versions of common antivirus softwares such as Norton, Kaspersky, Avast, McAffee and Bullguard.

The trojanised software known to be used to deliver EvilQuest to unsuspecting victims are torrent download versions of popular Apple macOS apps, examples of which include Little Snitch, Ableton Live and Mixed in Key 8 – a popular DJ software.

Among the important steps Mac users should take to reduce the risk of macOS ransomware are:

• Keep a regular, organised regime of backups, offline and air-gapped from the device itself.
• Only download Apps from reputable sources.
• Consider whether utilities like Malwarebytes and RansomWhere are needed as extra precautions.

For IT Support and cybersecurity expertise, please contact our team today.

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

For cybersecurity expertise and assistance, please contact Lineal today.

Email remains a, if not the, key threat vector for protecting organisations from cyber crime – with around 90% of cyber attacks beginning by compromising an unsuspecting user via email.

Today we take a closer look at some of the clever tricks of Barracuda’s email filtering & security service, and why the small investment to protect your inbox  is worth it:

Attachment Scanning

In addition to profiling every email which passes through its live email filtering service in seconds, Barracuda scans each email attachment for signs that the contents might be malicious.

As cyber criminals begin to use more sophisticated means, it’s worth implementing this to prevent macro-enabled office documents, infected PDFs and similar file download tricks from catching out users who might be curious to open a dangerous attachment.

Outbound

Barracuda email filtering scans not just incoming, but outgoing emails from your hosted mail service or mail server, ensuring not only that your clients are protected from suspect emails, but that staff cannot circulate threats further within your organisation.

Anybody familiar with being caught in a reply-all ’email storm’ knows how quickly bad email can spread internally – be part of the solution yourself, not the problem.

Email Spooling

In the event that your email service falters, clients quickly begin receiving bounce-backs, which leave a poor impression of customer service.

This is avoidable – routing via Barracuda’s email servers, emails will temporarily ‘spool’ like planes stacking over an airport, ensuring onward delivery later when the service comes back online. This ensures any unfortunate interruption to communications is not immediately visible to your clients.

Long Term Recovery

Hosting your email in the cloud with Microsoft Office 365? Everything is backed up in the cloud, correct? Not quite – even Office 365 has a 30-day recovery period on deleted email, and emails can ultimately only be restored individually.

This retention period can be longer, or even unlimited, with Barracuda email backups, making sure that emails can be recovered long after staff have deleted them, accidentally or otherwise.

This extra silo of automated email backup protects not just against employee negligence or malpractice, but also common digital breaches such as compromised accounts.

For cyber-security and IT expertise – please contact our team today.

Reports of the death of the password may have been greatly exaggerated in the media: from the suggestion that passwords are the ‘weakest link’ in the cybersecurity chain, to the notion that humans are so bad at using them, that it’s time the technology industry saved us from ourselves.

But is it true; are passwords doomed? Enter the FIDO2 Project – a fascinating effort to ‘Move the World Beyond Passwords’ led by the FIDO Alliance industry association and World Wide Web Consortium.

Headlines aside, FIDO2’s aims are ambitious: to replace passwords with a flexible device-based authentication standard that allows users to log in via biometrics or temporary security keys.

Unique to each website, not stored centrally and not transmitted, FIDO2 argue this standard naturally scuppers phishing, password theft and replay attacks – and introduces some privacy advantages sure to woo even ardent digital rights activists: such as the inability to track users between sites.

While still technically possible, cheating biometrics requires the kind of preparation not common to everyday opportunistic cyber-criminals.

The big players are taking note: Google plans to ‘begin’ retiring passwords for Google services accessed via biometric enabled smartphones (such as those with fingerprint scanners) and Microsoft is planning similar changes to apps in Windows 10; even talking of a ‘passwordless world‘ via Windows Hello that extends facial recognition. Apple have been publicly heading down this road for a while now – with ‘FaceID’ facial recognition introduced for recent generations of iPhone and iPad, as well as Apple Watch device-led unlocking for your Mac.

Apple’s efforts to prove that the iPhone stores only a ‘mathematical representation’ of the user’s face also suggests that they’re preparing to defend a policy of extending FaceID further at the expense of passwords, even in an increasingly privacy-conscious World.

Users may of course find the a world without passwords a little disorientating to begin with – although not forever, if the replacement technology proves more convenient.

Password keeper apps (such as the excellent 1Password) have become an interesting half-way house to a more secure password future – where the password manager retains a set of passwords behind a strong keycode, in an encrypted form. The password manager may also perform other useful functions, such as warning the user where passwords overlap, allocating different password access permissions to different people within a business or organisation, or auto-filling in common web browsers.

The adoption of password managers may reflect a coming time where users continue to ‘use’ passwords, but without engaging in the process of recalling or typing the password. It may not be passwords that are doomed, but the user’s traditional interaction with passwords.

Are passwords doomed? A few potential futures emerge: one where passwords exist but are used less directly by users, where passwords are relegated to a secondary security measure of questionable usefulness, or most radically, where passwords are replaced entirely.

For cybersecurity and IT expertise, please contact our team today.

WhatsApp users have been asked to update their app version urgently following a major Whatsapp security breach.

The exploit is believed to be possible via a missed WhatsApp voice call, made possible by a software loophole recently introduced to limit message forwarding. Affected users would be unaware that their device might be compromised.

The Financial Times’ exclusive report links the breach to NSO Group, an Israeli private cybersecurity company whose private customer list is likely to include military, security and law enforcement clients.

Analysts believe the technique has probably so far only been used to ‘eavesdrop’ on high-profile targets with especially security-sensitive information, although today’s announcement raises the possibility that criminal third-parties may attempt to exploit the same vulnerability against ‘ordinary’ WhatsApp users such as civilians.

WhatsApp has utilised end-to-end encryption since 2016 across both Apple and Android smartphone devices, making it a common communication medium for personal use, but also for organised crime. There are more than 1.5 billion users worldwide, making WhatsApp security a truly global concern.

Smartphone users are being advised to update their copy of the App to the latest version – 2.19.134 on Android and 2.19.51 on iOS or newer.

For Mobile technology assistance and expertise – contact Lineal today.

Adobe have released an urgent update for Adobe Reader DC, patching newly discovered security vulnerabilities.

The highly popular PDF app, often pre-installed on Windows PCs, has been shown to contain a loophole that allows an attacker to remotely run Javascript code within an opened PDF to cause memory corruption.

Currently rated ‘Critical’ by Adobe’s Severity Rating System, the bug is believed to have originated from entirely legitimate functionality: Adobe Reader allows PDFs to contain embedded JavaScript to support interactions with the web.

Adobe have responded quickly – publishing the fix to Adobe Security Bulletin alongside patching for 42 other vulnerabilities as of Wednesday 12th February, including one which allowed PDF documents to access hashed passwords.

Adobe Reader is officially 25 years old this year, and although official figures are hard to source, is popularly believed to dominate more than 75% of the PDF software market.

Users can either auto-update their installation or prompt this manually by clicking ‘Help’ > ‘Check for Updates’ within the software itself.

For software and security expertise, contact Lineal today.

Lineal’s Ian Meredith has been awarded DrayTek Certified Network Admin Certificate, adding an additional qualification to Lineal’s networking experience.

DrayTek’s ‘Dray School’ requires network engineers to pass a series of advanced network and security configuration tests using DrayTek devices, routers and access points, including best practice for firewall settings, fault-finding and other detailed network tasks.

DrayTek’s business-grade Router range have won praise from across the IT Support sector recent years, with the provider winning a PC PRO Technology Excellence Award for five successive years (2014-18). DrayTek router models have proved highly popular with businesses, with intelligent features such as 4G fail-over increasingly in demand for business continuity requirements.

As a part of the 2-day examination procedure, each engineer’s router is attached to a testing network which judges whether the engineer has managed the device correctly, and automatically passes or fails based on a series of security checks.

Well done Ian!

For Networking and Security Expertise, contact Lineal today.

If you have a DrayTek Vigor router not covered by a Lineal Support Agreement with us, please get in touch for guidance.

Be honest, you’ve read some truly useless things online about GDPR. We all have.

The problem isn’t one of enthusiasm: more and more companies are recognising the impending deadline of the new data protection regulations and acting to implement best practice.

There is, of course, a growing industry of consulting firms and data protection advisers trading on businesses’ lack of expertise and frequently, fear of being left behind. Most organisations begin preparing with a spot of Googling, some light reading, and a bit of browsing online GDPR help articles written by experts.

However, the real experts can’t divulge too much free advice (otherwise why contract their services?) thus much of the available articles and blog posts are deliberately vague. The conundrum has already spawned some unfortunate attempts at humour, but doesn’t really help companies attempting to put in place GDPR compliant policy.

All is not lost: there really is some genuinely useful  guidance out there – here are our pick for some of the best GDPR resources:

ICO: Eight Practical Steps

The Information Commissioner’s Office original ‘eight practical steps’ presentation is a series of slides that are exceptionally clear, and can be worked through in stages. A more recent, formal ’12-step’ version also exists, for a more conceptual understanding of the new regulations.

GDPR Readiness Assessment from Microsoft

A little technical at times, this quick quiz is a useful way of thinking further about protection policy, particularly around access control. For further information on how Microsoft can assist with GDPR in the cloud, look for the blue button in the top right hand corner.

ICO Helpline

The ICO has a little known helpline via which small businesses and charities can consult a member of ICO staff for extra advice – details of which can be found above.

IT Governance Compliance Gap Assessment Tool

Always a strong source of IT expertise and policy, IT Governance have developed a range of ‘Toolkits’ to assist data protection officers and those implementing GDPR within their organisations. These range from the simple £60 compliance gap assessment tool (a handy Excel Spreadsheet you can work through) to more expensive implementation packs and data flow mapping tools.

Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.

The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.

Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.

Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.

Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.

Security update 2017-001 is now available via the App Store, and Apple have even taken the almost unprecedented step of forcing 10.13.1 devices to update automatically.

The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.

Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”

For Apple assistance and support, contact Lineal’s IT team today.

In a surprise move, Eugene Kaspersky has publicly offered to give the US Government access to the source code of its security software in a bid for transparency.

The offer is the latest development in an ongoing dance between the Russian IT security company and the US Government, after the Senate Armed Services Committee threatened to ‘blacklist’ the software company from applying for US defence contracts over the risk of influence from the Russian Government.

In a sensationalist piece released by Bloomberg, journalists claim the Moscow-based firm hold regular meetings with Russian Ministry of Defence and FSB agents, and that Eugene Kaspersky has even personally met with Russian intelligence officials in a ‘banya’ sauna.

Modern business anti-virus software typically collect invaluable background data to reinforce a real-time intelligence war against the latest security threats on the internet – with many users not being aware of whether their antivirus understands the latest threats.

Kaspersky argues the headlines are part of a ‘witch-hunt’ by Washington; industry analysts have acknowledged the heightened scrutiny of Kaspersky by US authorities has closely followed their recent uncovering of NSA ‘Equation’ hacking tools as a part of work against recent ransomware outbreaks, but may also represent the beginnings of a smear campaign by domestic US security providers.

Speaking to the Associated Press, the security provider implied it had already rejected government requests to undertake offensive cyberattacks rather than defensive software development – not necessarily requested by the Russian government.

Against the background of press-interest in alleged Russian hacking stories, it appears the dramatic feud has some distance left to run.

For IT security advice and expertise – contact Lineal’s team today.

Around 6% of PCs are estimated to still be running out of date, unsupported operating systems like Microsoft Windows XP. Here at Lineal we’ve long advocated keeping operating systems up-to-date and secure against the latest threats.

But in certain circumstances that’s not always so easy: legacy XP machines are often connected to third party equipment (e.g.: manufacturing hardware) using cable connections or drivers that are now difficult to obtain. The external hardware can’t be replaced as readily as the connected PC for both cost and practical reasons, so the ageing PC (with a lack of XP antivirus) creates an in-built security vulnerability for a businesses’ whole network.

Users caught by this conundrum can find a solution in Bitdefender’s Security for XP and Vista – a version of Bitdefender’s award-winning security built to be backwards compatible to older PCs, and providing ongoing security against the latest threats for legacy hardware.

Security for XP and Vista is available for Windows XP Service Pack 3 and Vista Service Pack 2 operating systems, and also integrates with older software likely to be found on such machines, such as Outlook 2007, Yahoo Messenger 9, Internet Explorer 8 and other common web browsers of the same generation.

For those concerned that a trusty old machine and lack of XP antivirus could be the very weakest point in their security, Bitdefender could be a shrewd choice indeed.

For IT Security advice and support, contact Lineal today.

DCMS has published this year’s 2017 UK Government Cyber Security Report, suggesting a staggering 46% of businesses have been hit by a cyber security breach in the past year.

The average cost of a cyber security breach is reported to be £1,570, although larger businesses (of which 68% reported falling victim) show figures of £20,000 or higher.

The polling, conducted by research institute Ipsos Mori, suggests businesses are increasingly seeking external IT or security advice as insurance against potential losses – particularly basic training for non-specialist staff and information on specific threats to their industry.

Certain positives jump out: basic technical standards laid out in the Government’s ‘Cyber Essentials’ scheme have been rolled out by half of all firms (although this was always a low bar, and the report admits that fewer than one in twenty firms have referred to public sector sources for security advice)

More encouragingly, the most common cyber breaches all involve an element of preventable human error: those reporting a breach in cyber security cited the most common cause as staff clicking links in fraudulent emails (72%) with other typical risks including viruses, spyware & ransomware (33%) and impersonation (27%.)

Specific dangers identified included:

• Less than 40% of businesses have segregated WiFi networks, or any rules for encrypting personal data.

• Only 33% have a formal policy for cyber security, or documented plans for business continuity.

• More than 70% do not have any input from someone responsible for IT security at a senior level.

• Only 20% have run any kind of cyber security training in the last 12 months.

With the planned changes next year brought about by the introduction of the General Data Protection Regulations (GDPR), the potential costs associated with a data breach could be set to rise. Having measures in place to mitigate this risk well in advance is sound advice.

For IT Security support and advice, contact Lineal today: 01271 375999

Lineal Software have been certified as a Bitdefender Partner for Bitdefender security software.

Bitdefender’s range of security products are used on millions of devices worldwide and the provider ranks highly in independent Virus Bulleton’s VB100 tests, as well as winning numerous quality awards for software innovation.

A wide variety of both Bitdefender Home and Business security products are available, across platforms including Windows, Mac and Android and more.

Lineal’s Head of Technical Services Matt Norris explained: ‘We’re very pleased to qualify as Bronze Bitdefender partners – this qualification only expands the range of IT security options which Lineal can offer to our customers and we look forward to delivering a high quality service for those interested in using Bitdefender.’

‘There are only a handful of Bitdefender partners in the South West, and Lineal are delighted to be one of them.’

For IT security advice and support, contact Lineal today.

Here at Lineal we check a lot of suspicious emails – containing everything from fake invoices, dodgy downloads and even new ‘Zero-day’ ransomware threats not yet seen elsewhere on the internet. Cyber-security is a rapidly developing battlefield.

Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.

‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.

The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.

The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.

Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.

Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.

A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)

Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.

Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.

As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.

For IT Security advice and support – contact Lineal today.

Facebook have announced the testing of a new news filter in France, designed to stop fake news or deeply misleading stories from being shared online via social media.

The announcement comes only two months from the first round of voting in the French Presidential Election.

Under the new filter, dubious news stories flagged by Facebook users will be double checked against eight leading French media outlets, including Le Monde, Agency France-Presse and Liberation. Should any two of the eight provide evidence of ‘fake news,’ the story will be flagged as ‘disputed’ in Facebook’s News feed.

Users will receive a warning before sharing ‘disputed’ stories and will be blocked from using paid advertising to promote ‘disputed’ stories.

In addition, Le Monde and Liberation are believed to have begun compiling their own databases of unreliable fake news websites – which may eventually be used in a similar way to more advanced antivirus companies’ watchlists already used to isolate suspicious phishing websites.

The move comes just months after social media giants Facebook and Twitter faced widespread criticism for the proliferation of fake news websites using false stories or invented facts to promote political agenda during the 2016 US Presidential Elections.

For IT Security support or assistance, contact Lineal today: 01271 375999

2017

With data security making national news headlines, 2017 is only likely to put increasing pressure on businesses of all sizes to take sensible precautions.

But with IT moving so fast, what innovations are likely to lead the way through 2017? Exactly what sensible precautions will most tech-savvy companies be taking?

Cloud is good…

The worldwide push for ever more cloud-based systems appears to be unstoppable. A recent report from Synergy Research Group has suggested the global market for cloud computing grew by 25% to September 2016, reaching a staggering $148 billion in value.

It’s hard to see this not continuing, with companies relying on the convenience and automation of stashing growing quantities off-site backups in the cloud – using services like Office 365 as their private vault. As we’ve covered before: holding assets like email in the cloud actually gives you better protection than most people’s private server.

…..But Hybrid Cloud is better still.

But 2017’s smartest will be looking further ahead to Hybrid Cloud systems. As IT Pro recently noted, many companies report using more than 5 backup systems, but have no planning for speed of recovery should that data actually be needed urgently during 2017.

Getting all that data back may present a problem if your organisation is large, meaning hybrid on-site/cloud services like Lineal’s Disaster Recovery Service are likely to become the most flexible middle option. Keeping both a synchronised backup on-site, and a copy with a relatively local cloud service, leaves even the most vulnerable business with the maximum number of options.

Change your passwords

If you don’t already change passwords regularly, the security benefits cannot be overstated. Stolen data can often be circulated on the internet many times, so changing passwords regularly keeps not only your business secure, but helps prevent repeat data theft from being profitable. 

Whilst everyone still has a ‘New Year’ mindset and are prepared to accept a little change, it’s worth updating those passwords company wide. Remember to use a variety of different characters and choose something only you would ever guess.

Have a 2017 Plan A…. and a Plan B

Ransomware increasingly appears to be the organised criminal world’s cyber-weapon of choice and shows no sign of abating; expect to see more big UK high-street names get compromised this year by malicious emails. 

Antivirus companies may include ever more sophisticated heuristics to intercept malicious downloads before they begin encrypting your files, but ultimately only safe backups will ensure you can always restore to a clean set of data. Every firm should have a ‘Plan B’ for how to carry this out.

It’s all about Recovery Time

Expect to see Disaster Recovery (not just back-up and contingency) become a by-word for preparedness, with companies and organisations in every sector being judged not just by their number of backups, but by their costly hours of down-time. 

So if nothing else, start 2017 with an old piece of technology: a pen and paper. Work out what your business’ data recovery plan actually is, and how long it will take –  should the very worst happen.

Lineal can provide a range of IT security and business continuity solutions: contact our team today.

Outlook Stops Spam Emails

At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?

On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.

Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.

But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.

Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.

Office 365 business packages (which can be trialled for free via Lineal) have been made increasingly secure over the past year – with Microsoft opening new UK based data centres and introducing new admin centre for power users to manage system usage in large organisations more effectively. 97% of people can’t identify a phishing email, so it’s important to know that Office 365 will remain vigilant.

Lineal are a Gold Microsoft Partner: for Cloud help and support contact our team today.

UK data centres –

Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.

The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.

Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.

Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.

In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.

For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.

The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.

Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.

smartphone security

We increasingly live in a mobile dominated world in which Smartphone sales have skyrocketed whilst traditional PC sales have stalled. With portable devices likely to be the future of many people’s IT use – we’ve put together a few of the main smartphone security threats you need to be aware of.

• Mobile Phishing & Fake Apps

Phishing websites which pretend to be your bank in order to get your personal or financial details have been around for many years, but for few people imagine that this is also a big risk on their smartphone.

Fake apps are the most obvious modern incarnation of this scam. IT security specialist ESET recently showed that a popular app like Prisma spawns multiple fakes online, downloaded unwittingly over 1.5 million times before being pulled from Google Play, with many containing harmful malware which attempt to steal personal information.

Don’t attempt to download an anticipated app before it’s official release date, as it’s likely you’ll be downloading a fake. Avoid downloading apps from unknown third-party websites, check the comments for warnings from other users, and invest in mobile antivirus to intercept downloaded threats to your smartphone security.

• Old-fashioned Theft

In addition to fitting in your pocket, your phone contains a staggering amount of personal information about you which makes theft a real danger – everything including your personal details and those of friends/family, your emails, GPS coordinates of places you regularly visit and more: all stored on the device.

Home Office research suggests iPhones are the device most likely to be stolen – perhaps reflecting the Apple smartphone’s high value, quality and distinctive branding.

In addition to setting numeric pin codes on every device to prevent the danger of theft, tracking and lifesaving wiping tools like are strongly advised.

• Public Wi-Fi Networks

With the proliferation of portable devices, many businesses, particularly in retail, offer public Wi-Fi hotspots to customers.

The problem with this is that you’re sharing a network with… whom? Terrifying free tools like [Redacted – obviously] and [Redacted] allow anyone on a shared public network to view insecure websites you visit, and snoop on any keystroke you type.

Not every public Wi-Fi network is a security nightmare, but it’s sensible to avoid using public Wi-Fi to do anything sensitive, such as online banking. A 4G data connection or simple telephone banking is the easiest alternative if you’re on a mobile phone, and likely to be more secure than a public Wi-Fi Network.

It should probably go without saying that you shouldn’t connect to entirely unrecognised, unsecured or unknown Wi-Fi networks either. For obvious reasons.

• Being Personally Targeted

The problem with the wider shift to portable devices is that we carry our workplace into the outside world. Many of us expect complete access to our business data on our smartphone (as we would on our PC) wherever we are.

But carrying your work phone outside work means you’re also outside the protection of in-house IT security software and firewalls.

A simple phishing email can easily be targeted to you outside working hours when you’re ‘off-guard’, and the potential loss of confidential company data could be devastating.

Of course, many of the best IT security software providers now offer Android & iOS smartphone versions of their antivirus software – so why not extend your business’ IT security to your smartphone?

For IT support and security guidance – contact Lineal today.

fake invoices

This week’s IT security alert from Lineal – fake invoices which ask users to run a dangerous piece of code.

The example above comes from a fake Word document emailed with a typical text line, such as ‘Please check this invoice’ or ‘Double check my numbers for me’, to an unsuspecting user.

Upon opening, the document appears to load a popup from Office 2016 prompting the user to ‘Enable Content’ for compatibility purposes, before they can view the detail of the ‘invoice.’

In fact, the display is just an image within the word file, and the ‘Enable Content’ content button instead runs a piece of Visual Basic code downloading unknown malware from the internet.

The scam relies on users’ curiosity at the unusual $1999.00 charge, and upon reaching a user still running an outdated version of Microsoft Office.

Several measures can be taken to prevent this kind of attack:

• Don’t click any popup that doesn’t visibly pop ‘open’ in Microsoft and don’t ‘Enable Content’ you can’t see in a document.

• Consider an email filtering service like Barracuda – in the above example, Barracuda had recognised this email as malicious and stripped the code from the document before placing it in the correct email inbox for the intended recipient.

• Invest in a high-quality antivirus and IT security software like ESET – using sophisticated heuristics and live scanning ESET can block this kind of threat, and advanced versions operate a comprehensive watchlist of fake ‘phishing’ scams which might try to imitate legitimate companies online.

• Move to Microsoft Office 365 – Microsoft’s cloud subscription model now ensures that you’ll always have the most up-to-date version of Microsoft Office, and therefore that if a document gives you this kind of message, it may be a scam.

For IT Security advice and guidance – speak to Lineal today.

Internet Explorer

New research by security company Duo has suggested that as many as 25% of Windows PC users are running out of date versions of Microsoft Internet Explorer.

Among Windows XP legacy users the problem is particularly acute, with more than half still running Internet Explorer 7 or 8, rather than upgrading to version 11.

Duo suggest this is putting thousands of PC users at risk of exposure to over 700 security risks caused by known viruses, malware or other online threats via their now outdated and unsupported web browser. In particular, un-patched exploits via popular third-party plugins such as video player codecs pose a likely danger.

Microsoft are currently offering Internet Explorer’s latest replacement, the superior Microsoft Edge, free to every user with a Windows 7 license who chooses to upgrade to their PC to Windows 10 before the 30th of July deadline.

Alternatively, users should consider the pushier update-reminding Mozilla Firefox, or Google’s automatically updating Google Chrome offering, along side a tried and trusted security software (such as the excellent ESET NOD32 Antivirus,) to ensure that the technology they use for private data transfers such as email and online banking, remain private.

Contact Lineal today for IT advice and support: 01271 375999 or email [email protected]

Hundreds of people have received new types of phishing emails which knows the individual’s home address.

Clicking the link in the dangerous email, which as a appears very authentic request to pay an overdue invoice, installs devastating cryptolocker ‘ransomware’ on the user’s computer.

The virus then begins encrypting files, demanding a ransom be paid to unlock the user’s data.

According to the BBC the unconnected company cited in the email, cotton fabric manufacturer British Millerain Co Ltd, have received more than 150 phone calls from individuals concerned that they owe money.

Phishing emails and websites, which typically mimic official bank or company communications to trick vulnerable users into making payments to criminals, are becoming increasingly sophisticated.

The use of an individual’s personal address, and higher quality written English, suggests the original creator of the email has gone to greater lengths to make the email look convincing and to avoid detection.

It is also likely that the matching address originates from stolen, legitimate customer data, accounting for users’ recognition of the way they write their own home contact details.

New threats are constantly developing, and Lineal recommend installing an antivirus software with a strong record of catching emerging online threats – such as ESET.

Always follow some simple rules:

• Never click a link or open an attachment from any suspicious email whose origins you do not recognise.

• Banks and similar will NEVER request your private passwords, pin numbers or other confidential information. Do not disclose these to anyone.

• If hit by cryptolocker style ransomware, every second counts – seek professional technical support immediately.

• Always keep a regular, separate backup of your files.

• Invest in reliable Antivirus software like ESET to protect your device(s).

Photo Credit: BBC News

Cryptolocker Warning: in the past fortnight we’ve seen an increasing number of companies hit by sophisticated cryptolocker viruses.

These dangerous programs, often installed by accident, lock your files over time, encrypting data and eventually demanding victims pay a ransom to retrieve their irreplaceable data.

In all of these cases, security products were installed but they did not protect against the threat. In our experience the only product that is reliably detecting these new threats and offering sufficient protection at this time is ESET. Older, less effective or out of date security products are offering little or no protection against these new cryptolocker variants.

Once affected by a cryptolocker, there is no way to de-encrypt scrambled files without paying the ransom, and users must remove the trojan before recovering recent versions of a file from their backups – highlighting the importance of a regular backup plan for data.

Please don’t be the next one to get caught out – talk to Lineal today about IT security options to ensure your valuable data is protected.

Smartphone banking app malware hacks SMS codes

A dangerous new banking app malware has successfully bypassed smartphone security used by some of the world’s biggest banks.

Customers of Australia’s four biggest banks, and numerous New Zealand Banks, have all been declared at risk from the malware which activates when using a banking app, copying details from login screens.

Most worryingly, the malware can also divert two-factor authentication codes sent to a given smartphone by SMS – and pass the code to criminals, breaking a tried and trusted system used by many online financial apps around the world.

ESET security systems (commonly deployed by commercial clients for server and endpoint security) recently detected the extremely sophisticated malware, which downloads via fake Adobe Flash windows on video streaming websites.

On Android, personal users can uninstall the malware manually via Settings > Apps > Flayer > Uninstall, and are advised to only accept approved downloads from trusted public sources such as Google Play.

Commercial clients should take similar precautions against banking app malware and similar, protecting company devices behind specialist security systems.

For IT security advice and support, contact Lineal today by clicking here.

Google and Apple’s respective CEOs have joined forces over the issue of customer privacy, with Apple CEO Tim Cook publicly refusing the Federal Bureau of Investigation (FBI) ‘backdoor’ access to iPhone software.

Google CEO Sundar Pichai backed Apple’s decision on Twitter, arguing that assisting the FBI to gain such access to a private individual’s smartphone would be a ’troubling precedent.’

The mobile phone privacy dispute with the FBI over encryption comes 2 months after Farook and Tashfeen Malik killed 14 people in a mass shooting in San Bernadino, California, with investigators demanding that Apple now assist the authorities in accessing Farook Malik’s iPhone 5C.

Both Apple and Google argue that ‘backdoor’ decryption would put the privacy of millions of ordinary smartphone users at risk from Government intrusion, with Tim Cook famously arguing that ‘You can’t have a back door that’s only for the good guys’. In theory, each iPhone’s encryption method is unique, and Apple argue that there should be no possible method for accessing a given user’s data.

On Tuesday however a Federal Judge ordered Apple to disable Farook Malik’s suspected phone setting which enforces usage delays or wipes the iPhone in the event of multiple incorrect password attempts, giving the FBI the opportunity to automatically test millions of possible passwords without penalty.

Both companies’ actions are being driven by the issue of reputation: giving law enforcement authorities the ability to access an individual’s data would utterly undermine smartphone manufacturers’ advertisement of user security.

With neither side willing to back down, expect the dispute to go to the courts, with the key issue being whether Apple can control permitted access to this iPhone, and this iPhone only.

For specialist IT Support, contact Lineal today: 01271 375999 or email: [email protected]

Windows 10.1 updates security

With ‘Windows 10.1’ now barely a month old, and the Microsoft operating system already running on over 12 million business PCs, how fares Microsoft’s free updates strategy?

Windows 10.1 update was released with relatively little fanfare (be honest, you didn’t notice) adds features that, understandably with hindsight, might have been a distraction at the main Windows 10 release back in July.

Packaged within were mainly performance and security upgrades – Windows 10.1 will now boot almost 30% faster than an old Windows 7 system on the same device, the Cortana virtual assistant has some new handwriting recognition skills and there are new enterprise tools for mobile devices. Microsoft Edge runs smoother too, offering previews of tabs before viewing and syncing favourites across devices.

Most importantly, after recent corporate data breaches in the news, Microsoft have added a range of new security safeguards. These including ‘Windows Hello’, supporting enterprise grade biometrics including fingerprint and facial recognition – sadly currently only available for US users.

Aside from controversy surrounding user privacy then (if you didn’t notice your Windows 10.1 update, that’s maybe because Microsoft installed it automatically on your device without asking you) the first free update went ahead with relevant additions and limited fuss.

Starting free updates officially moves Microsoft into line with Apple’s OS X business model that has become the industry standard. Yet limited promotion of Windows 10’s ongoing development risks downplaying Microsoft’s progress.

Which would be unfair, because Microsoft is plainly taking extra care to develop the business security of their product range, including the excellent Office365, Microsoft Azure and now Windows 10.1. Microsoft is clearly listening to business’ fears, and businesses should welcome it.

For help and support with Microsoft enterprise IT, contact Lineal today.

Cyber crime is finally set to become the UK’s most common crime type, following inclusion in the latest crime figures from the Office for National Statistics (ONS).

This re-classification comes only days after news headlines emerged that an Eastern European crime group successfully used ‘Dridex’ malware to steal over £20m from UK bank accounts via thousands of infected PCs in the UK.

Cyber criminals are increasingly mounting more organised attacks on businesses, small and large – last year even U.S banking giant J.P Morgan suffered unfortunate press and a sudden plunge in its share price when digital thieves stole the personal information and contact details of more than 76 million customers.

The 2015 National Strategic Assessment from the National Crime Agency estimates that losses due to cyber crime in the UK now amount to a staggering £16 billion annually. The NCA also asserted that the theft of large amounts of private companies’ data still faces ‘considerable under reporting.’

Nowhere is this more threatening than for those in the financial services industry, where both reputations for reliability and access to funds make IT security of paramount importance, requiring compliance with the strictest procedures for identity validation, network safety and fraud detection.

All businesses need to be prepared for the future, where cyber crime is likely to become more sophisticated and UK companies may be expected to demonstrate greater data protection measures. This week Microsoft promoted it’s Financial Services Compliance program in connection with Office 365 – making assurances (aimed squarely at businesses in the financial sector) of direct access to staff and resources to ensure that Microsoft Office cloud services comply with financial security regulations.

Greater awareness of cyber crime amongst Government figures, the media and the public can only be a good thing, but ultimately it still remains very much up to the individual to ensure their IT systems are secure – before the worst happens.

More than 70% of businesses fail after significant data loss. Lineal can install a range of security measures to safeguard your business IT systems and data – enquire today via: http://www.lineal.co.uk/contact/

More from Lineal News

Flickr: GotCredit