9 steps to protect against Ransomware

Security Best Practices

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers. To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.

Nine best security practices to apply now

Good IT security practices including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:

Patch early, patch often

The sooner you patch the fewer holes there are for ransomware to exploit.

Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent back-ups, data loss can be minimised.

Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

Be cautious about unsolicited attachments

If you aren’t sure – don’t open it. Check with the sender if possible.

Don’t have more login power than you need

Admin rights could mean a local infection becomes a network disaster. Stay up-to-date with new security features in your business

Stay up-to-date with new security features in your business applications

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.

Patch early, patch often!

Staying on top of patching is so important that we’ve called it out twice. Don’t let ransomware exploit a patched vulnerability.


If you’d like to learn more about how to protect your business against ransomware or any other malware, phishing or cyber-threat, get in touch with us today.

Want to know why 100 million people have moved to Office 365?

Did you know that there are now more than 100 million active Office 365 users? It’s a big number and it’s growing by an estimated 2.5 million every month.

As the world’s most popular business productivity suite, Microsoft Office has finally transitioned from a clunky set of online pseudo applications launched in 2011, to the seriously dynamic cloud-based application it is today that we know as Office 365.

And while Office 365 revenue has now overtaken conventional licence sales of Office, there are still many who have not yet gotten past the poor press that the earlier versions received to see what transformative value this latest incarnation offers.

So here are 10 reasons why Office 365 will be right for you – and why your legacy software may no longer be the best option going forward.

Work on the move

No matter where you are, whether you’re on a train, at home or even dipping in and out of your email while on holiday, you can work anywhere at any time with Office 365. Long gone are the days of being glued to an office workspace – you can now put your smartphones and tablets to better use and work on the move, increasing the productivity of your business.

Predictable costs

As a subscriber service, there are no upfront purchases required. You get a flexible contract with fixed, clear monthly ‘per user’ charges where you can mix and match plans to suit your business and user needs. Budget planning is a lot simpler because of it too.

No more licensing headaches

Previously, knowing what licences you needed could be a real challenge, particularly if different applications and releases were in use. Office 365 includes all the licensing required, and everyone has access to the same software at the same time.


Cloud-based storage services invariably make people think about security. Office 365 makes use of 128-bit SSL/TSL encryption which ensures that even if data is intercepted, it cannot be read. Microsoft enacts a policy known as the Security Development Lifecycle, which ensures that data is secure and safe when developing, deploying and maintaining data.


Office 365 will always include the latest edition of Office technology, which means you won’t have to buy another copy of Office to upgrade, as all changes will be brought to the current software. This saves businesses from having to reinvest in new versions of Office to access the latest developments in the software.

No more patches and maintenance

Office 365 also means Microsoft is taking care of keeping everything up to date and ship shape. The Service includes all of the traditional behind-the-scenes IT support within the licence, so you can free up time and resources for other projects and needs.

Always be unified

Regardless of device you happen to be using, because your email, calendar, contacts and other Office 365 apps are synchronised in the cloud, updating information on one device is automatically updated across the rest.

Reduce your hardware and energy needs

Because it’s a cloud based service, there’s no need for in-house servers. Less equipment means fewer energy requirements and ultimately less space.

Use O365 on up to 5 devices

The days of one licence for every device are well and truly behind us. Now, as you move about you can bring your Office 365 access with you, switching between desktop, mobile, tablet and so on up to 5 devices. All automatically in sync in the cloud.

Disaster Prevention

With old versions of Office, data is stored locally, which means you have to rely on your own backup procedures to ensure the safety of data. With Office 365, Microsoft provides data protection and backup in the cloud, which you can access whenever you want, wherever you are.

As with most things in life, the process of moving to Office 365 can be a mixed bag. For very small organisations it can be a simple DIY job. For slightly larger businesses, the process can be straightforward, but there may be some degree of complexity depending on your legacy set up and arrangements. However, with the right tools, approach and support, Office 365 will quickly make its place at home within your business and will help your users collaborate and operate far more effectively.

If you’re still sitting on the fence, or if you’ve decided to move forward with Office 365, we’re here to help. To learn more about us and what we do, check out our Office 365 page, or get in touch at info@bcn.co.uk.

Beyond The Four Walls: Essential Mobile Security for Businesses

The internet has revolutionised the way we do business. Securing your company used to be all about keeping things within the four walls of your office. A firewall and antivirus software could keep threats at bay and this was widely accepted as sufficient for IT security. Then the mobile device came along and turned this four-walls theory on its head. With devices coming in and out all the time, accessing sensitive emails over coffee shop WiFi networks and falling between the cracks of internet security, the issue of mobile security doesn’t come up nearly as often as it should. Every company should have a mobile security policy in place to protect sensitive data from falling into the wrong hands.

Update your company mobile security policy

Every business should have a mobile policy that includes security provisions. This should outline what is and what isn’t acceptable on a company mobile device. This includes phones, tablets and laptops as they can all be taken away from the office and are therefore at higher risk. Your policy should also specify if users can access company data from their own devices.

Designate responsibility for mobile security

Things like keeping software and antivirus software up-to-date can often fall between the cracks, particularly for personal and mobile devices. Deciding who is responsible and making sure they are aware of this responsibility is essential. This can become part of the mobile security policy and should be checked frequently to ensure employees are compliant.

Switch to the cloud

The cloud provides unrivalled security for users on the go. If you want to keep your data secure, then storing all of your sensitive data on a cloud account is far safer than saving it on a mobile device. If your phone, laptop or tablet is ever stolen and you are using a cloud account you can simply revoke access and your data will remain secure.

Use data encryption

In 2012, a NASA employee’s laptop containing the details of 10,000 employees was stolen from their car. While the laptop did have password protection, it wasn’t encrypted, which meant the data was at risk. If it can happen to NASA, it can happen to you. Encrypting all devices is an essential step for mobile security but it is often overlooked as password protection is seen as sufficient.

Mobile security is an essential component of any company security plan if you want to keep your business your business. With more and more employees switching to mobile devices and working outside of the four walls of the business, it makes sense to put a mobile security plan in place to keep your data secure.

VMware Announces General Availability of Latest VMware Cloud Management Solutions

Purpose-Built Cloud Management Solutions Help Customers to Enable IT-as-a-Service

BlueCoffee Networks’ virtualization and cloud infrastructure partner, VMware, have announced the general availability of new and updated offerings to the industry’s leading portfolio of management solutions purpose-built for the cloud era – VMware vCloud Automation Center 6.0, VMware vCenter Operations Management Suite 5.8 and VMware IT Business Management Suite. In addition, VMware also announced that it has updated the automation and management capabilities of VMware vCloud Suite 5.5.

“Providing cloud management solutions that simplify and automate how IT is managed is key to helping our customers on their journey to deliver IT-as-a-Service,” said Ramin Sayar, senior vice president and general manager, Cloud Management, VMware. “With the availability of new products and enhancements across our management portfolio, customers can take advantage of the business opportunities that exist whether it’s increasing business agility, enabling cost transparency of IT services or expanding to the hybrid cloud.” read more

To find out how Vmware products can benefit your business, contact us on 0845 095 7000 or sales@bcn.co.uk.

5 Ways Cloud Computing Is Transforming IT Services For Education

The benefits of cloud computing for the public sector are well documented in terms of increased efficiency and decreased costs. From providing distance learning to adults to keeping primary school learning materials up-to-date, there’s no denying the benefits of cloud computing for the public sector.

The Challenges Providing IT Services for Education

One of the biggest challenges faced by education facilities when investing in IT services for education is cost, followed by flexibility. The cloud solves both of these problems by offering a cost-effective and customisable experience, allowing each institution to only take on as much as they need. Here are just some of the ways cloud computing is transforming IT services for education for all ages.

Cutting Costs For Textbooks

Textbooks are often one of the biggest expenses for university students, and frequent updates mean that second-hand books aren’t always an option for thrifty-minded students. Cloud-based textbooks solve this problem by offering a cheaper alternative to the doorstop tomes freshers are expected to buy every year. Students can purchase the ebook version of the textbook for a fraction of the cost, or universities can purchase a license for core texts and make them available to all students via a centralised cloud account. Secondary and high school teachers no longer need to worry about children ripping pages or drawing in their textbooks, meaning they don’t have to budget to replace dog-eared texts every few years.

Providing Custom Experiences

One of the problems with many IT services for education is that institutions will use 10% of the functionality while paying for 100% of the product. With cloud-based services, schools can take a pick n mix approach to their software and subscriptions. This allows for greater flexibility and money saving opportunities. Different teachers might have different needs and preferences, which means each one can customise their IT provisions to their unique teaching style.

Eliminating Out-Of-Date Content

When resources are digitised, updates are often included as standard, which means no more trying to teach something from an outdated textbook. This can be critical when it comes to curriculum updates, as students won’t be left catching up before exams, or learning from hastily photocopied sheets from the sample textbook.

Increased Collaboration

We’ve all seen the images on Facebook: a teacher holds a sign asking people to share the picture and comment with their location in order to teach their class just how far an image can spread in a short space of time. While greater connectivity can be a bad thing for safety, there are also countless benefits for cloud collaboration. Students in different classrooms can have access to the exact same materials and work on projects together, without the need for costly infrastructure. A budget £100 tablet can access the same materials as a deluxe £1000 laptop. Collaborative learning can happen between countries or with the classroom across the hall.

Levelling the Playing Field

For students from poorer backgrounds, accessing quality learning resources can be a struggle. The cloud effectively levels the playing field by making learning accessible to anyone with an internet connection. Socio-economic factors are eliminated from the classroom and teachers can focus on teaching, while students can focus on learning. Cloud technology


Why Ransomware loves your secret shame

The very high profile exposure of the WannaCry ransomware exploit has once again shone a light on this ever-expanding business problem. And whilst such an event is nothing to smile about, in some respects, it’s important that it has happened in such a public way. According to IBM Security, Ransomeware-infected emails expanded 6000% in 2016 compared to the year before, with no sign of slowing this year. To make matters worse, 70% of the victims interviewed paid up.

As an organisation that advises businesses on a wide range of IT security matters, we know that only a small proportion of customers are proactively doing something to mitigate this terrible phenomenon. It’s a common theme to find that those freely wanting to do something about it, have very recently fallen victim themselves!

And therein lies one of the biggest challenges … real-world awareness.  Too many organisations prefer to remain in denial that ransomware is as widespread as it is until it’s too late. It is no exaggeration to state that not one client who has been through this issue is comfortable with their name being associated with it to help prompt or educate others to take preventative action.

We couldn’t agree more with all the helpful advice that is freely available regarding updating software, hardware and security appliances. However, as sensible as this is, it is no substitute for getting professional and impartial advice from a security expert.

Advice, although often free, can result in an unplanned but necessary business purchase. But is that such a bad thing? Surely keeping your business secure and productive is more important?  If only our clients could tell you their stories… But we respect that they won’t, as the brand is everything.

So, what will it take before you seek professional security advice?


Heading Stateside for Business? Store Your Data In The Cloud Before Takeoff

Anyone who regularly travels to the United States will be familiar with the stringent border control. Unfortunately for regular travellers, this is only set to get worse thanks to new vetting processes that came into play in the wake of Trump’s controversial travel ban. In addition to banning passengers from keeping any electronic device bigger than a Kindle in the cabin, new digital checks are taking place at border control. In some instances, passengers are being asked to hand over passwords for their phones, laptops, email and social media accounts. For business travellers, this presents a problematic situation.

If you regularly travel with a work laptop or phone, chances are your company has a fairly strict policy about keeping the data you carry with you safe. Anyone familiar with Computer Security 101 knows that handing over your password to anyone in any situation is a big no-no. Even if there is nothing incriminating on your devices, by handing over your passwords, you are also giving border control access to the people you communicate with. This can lead to a breakdown of trust between companies and clients.

From a legal perspective, there isn’t much you can do in terms of standing your ground if you aren’t a US citizen. While US citizens have a right to enter the country, visitors are required to prove to border control that they should be let in. This means complying with their requests, which can include handing over passwords. If you refuse, it could be seen as an attempt to conceal something, and the border agent has the right to refuse entry.

So, what’s a person to do to protect their privacy? The most obvious choice is to travel light and leave your devices at home, but this isn’t going to be an option for most business travellers. The best way for business travellers to protect their privacy is to transfer any and all data to a secure cloud storage account and then clean up the devices before travel. There’s a legal grey area around what is and isn’t on your person while you travel. If your files are safe on the cloud, there’s no obvious way for border control to know where to look.

If you do have to hand over passwords, this information can be saved for up to 75 years, so the first thing you do when you clear airport security is to change your passwords. Alternatively, you could change your passwords to something highly secure and unmemorable before leaving. If you don’t have a password manager on your phone, it will be an extra barrier to preventing border control from accessing your data. However, this can be seen as a subversive measure that could raise further suspicion.

For the foreseeable future, anyone travelling to the United States should be prepared for enhanced checks, so a little more preparation might be needed before takeoff to protect sensitive information.

Why Humans Are Still The Weakest Link In IT Security

Another week, another data leak threatening businesses. This time, Mexican fast food eatery Chipotle were the ones under the spotlight for “unauthorised activity” on their payment processing system. Although not much is known about the breach at this point, Chipotle has assured customers that they will be in touch in due course if there is cause for concern.

The risk of hacks is one that plagues any large company, and while IT security companies encourage companies to always stay one step ahead of the latest scam, the threat never seems to subside. In reality, the biggest threat to a company’s security comes from inside their own ranks. We’re not suggesting that all of your employees are trying to leak sensitive data, rather than human error is more likely to blame for your security breach.

While companies can do everything possible to keep on top of the latest security threats, more should be done to train staff to identify potentially problematic scenarios. Humans are all too often the weakest link in the security chain, opening attachments containing malware, or accessing sensitive information over an unsecured public network, for example.

One of the fundamentals of successful IT security systems is that it is user-friendly. Unfortunately, users can more often than not accidentally or intentionally circumvent the very systems put in place to protect them. When the simple act of opening an email attachment can lead to a £150,000 fine for stolen customer files, it’s not difficult to imagine how anyone within a company could be at risk, whether they are trained in IT security or not.

The advent of the mobile worker has only compounded this problem further. While companies could once treat their physical office like a fortress and protect all of the computers on their internal network, we’re now seeing more workers taking their tech outside the four walls of their workplace.

In an always-on, always-connected world, it’s easy to forget that accessing your work email from your phone in a coffee shop could allow sensitive data to get into the hands of the wrong people. In 2012, an unencrypted laptop containing the personal data of at least 10,000 employees and contractors was stolen from a car. And the victim of this theft was none other than NASA, which might offer some relief to any worker who has accidentally infected their workstation with ransomware.

Hackers are always working tirelessly to gain access to sensitive information such as credit card information or personally identifiable information (PII). While criminals might not always manage to do much damage with the information they obtain, the news of a security breach is often enough to do damage to the company that suffered the hack. It’s a PR manager’s nightmare to have to draft a statement apologising to customers for accidentally handing over sensitive information to those with nefarious intentions.

In order to mitigate the risks of human error, companies should regularly review their security provisions. Attention should be paid to any mobile devices that are used by employees, and companies should also consider secure cloud storage solutions to prevent sensitive information from being stored directly on a mobile device.

If you’d like to discuss your company’s cloud computing requirements, get in touch with our friendly team today!

Come and see us at the Northern Business Exhibition for your chance to win an Apple watch

BCN Group are excited to be exhibiting at stand B64 at the Northern Business Exhibition at Event City in Manchester on the 6th – 7th April.

The aim of the exhibition is to introduce new business owners or owners trying to expand their business to providers who can offer services to both benefit and support growth. It gives you a chance to speak to the experts in various industries and forge valuable relationships.

We are using the exhibition as a platform to promote our ‘Office in a Box’ service – a fast and flexible ready-to-go IT package comprising secure internet, robust communication and computer systems, all wrapped with friendly 24×7 technical support. And all at competitive and easy to understand pricing.

We will be taking our arcade game machine with us and highest score wins an Apple watch… So why not come and visit us at stand B64? To get your free ticket click here.





What Next For Avaya?

Avaya’s filing for Chapter 11 has come with little surprise. And because of it, speculation about its break-up and future is rife.

Exactly 8 years and 5 days earlier Nortel Networks did the very same thing. And although that may be where the comparisons end, a great brand, great people, and even great products doesn’t remove the nightmare that is Chapter 11.

It might also be the ghost of Nortel Networks that finally does for Avaya too. Owners Silver Lake and TPG Capital paid close to $1Bn for some significant scraps from the Nortel break-up, further increasing their debt after the 2007 acquisition of Avaya for $8Bn. The current debt load 10 years on is just north of $6Bn.

There’s going to be no fire sale either. Avaya’s CEO Kevin Kennedy has stated that they’re keeping their contact centre jewel as part of their core business, leaving a more modest number of assets available for trimming.

Another big challenge is whether Avaya has the ability to adapt from traditional hardware vendor to a modern software and services outfit. On-premise and hardware sales have been drifting south for some time now, as more and more businesses have shifted to cloud and hosted alternatives. It’s this disruptive space where the current future of communications and collaboration lies, and it is an already crowded space with some serious players staking out their claims.

Like most modern corporations, Avaya is a Frankenstein company, made up of many parts acquired over the years from other organisations over the years. It remains to be seen whether the sum of the future parts will become greater than the whole.

One thing’s for sure, Avaya is going to be in the news for some time to come.