As you may be aware there have been two processor vulnerabilities published. These vulnerabilities affect various vendor CPUs including Intel processors. These latest vulnerabilities are named Meltdown and Spectre.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Luckily this currently has patches available.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
BCN Group is working to secure our environments from these vulnerabilities as the providers are rolling out patches, these vendors include VMware, Microsoft, Red Hat, CentOS, FreeBSD and others. For more information on what is available from our primary vendors please visit the links below.
BCN Group will be arranging maintenance windows where applicable to reboot the servers to enable the patching of Microsoft and Linux operating systems. The underlying infrastructure is currently being patched and will not affect any customers.
Managed Service Customers
BCN Group will be patching your servers and will contact you to arrange a maintenance window if required.
Windows computers will be patched via windows updates if it is enabled.
Unfortunately, this patching may have an adverse effect on the CPU usage depending on applications. This increase in usage has been reported between 5% and 30%, but this is not predictable at the moment. For desktop users, this is likely not noticeable, but for server users we recommend monitoring your workloads.
If you have any worries or questions and would like assistance please contact you account manager on 0345 095 7000.
Mobile connectivity has grown exponentially over the past few years, so much so that today, 71% of all mobile communications now flow over wireless (source: Wi-Fi Alliance). Whether you are working at home, or using a device at the office, mobility has become a necessary part of modern businesses.
Not surprisingly, managing such a widespread multi-site, multi-mobile entity can be daunting for even the hardiest of administrators. Enter cloud networking. Cisco Meraki have developed a cloud networking, switching, security and wireless management solution that seeks to accommodate and enhance this step change. Here we take a look at key aspects of their platform and how it can help you, your users and your organisation.
So what is it?
In short, Cisco Meraki is a powerful multi-site wireless management tool which removes the need for complex traditional onsite wireless controllers, using just a single cloud-based control interface using real-time communication protocols that enable network administrators to manage their networks from the cloud, without sacrificing control and responsiveness. Whilst this explanation may not sound very compelling, the benefits can be significant.
Always at the ready
Cisco Meraki comes with a robust management dashboard which is accessible at any time, from anywhere. Requiring only an internet connection on your preferred device, accessibility is what the Cloud Meraki Dashboard does best – even in the event of a power outage or poor weather. Using a combination of traffic rerouting and geographical data priority, the dashboard will always remain readily available to anyone who needs to use it, no matter the circumstances.
Safe and sound
Where there’s mention of wireless or the cloud, there quickly follows security concerns. And rightly so. Almost daily we hear or read about major network intrusions, compromises and computer misuse. To combat this, Cisco Meraki puts its security stance front and centre, using an out of band location and an encrypted layer to communicate to and from the management interface. Unlike most traditional wireless and switch arrangements, management traffic is also segregated from the normal network, making unsolicited and malicious intrusion all but impossible.
On a more general footing, it incorporates a variety of advanced features within its firewall solution to stop unauthorised access to your user network. Of these, the firewall allows for:
- content filtering
- geographical firewall rules
- anti-virus and anti-phishing
- intrusion prevention and intrusion detection services.
The Meraki Cloud Dashboard can be accessed from a wide range of popular web browsers and is also accessible on Apple and Android devices. Through this dashboard, users can identify bandwidth usage from devices or specific applications, as well as the ability to troubleshoot networking issues and test features within the system. The dashboard is simple and easy to navigate – and no other application or program is needed.
Any device accessible through the Meraki Cloud Dashboard can be automatically updated to ensure optimal performance and security from the network. Additionally, updates can be scheduled for any time to avoid disruption during periods of heavy internet usage. Should there be a failed update, any incompatible hardware is automatically rolled back to keep your network running without hassle.
Reach for the sky
There’s nothing worse than finding a quiet spot to work from your laptop or tablet, only to discover that internet access is unavailable or appallingly slow. Cisco Meraki solves this by providing enterprise-class 802.11ac access points which deliver the strongest signal strength possible, letting you work happily wherever you want. Furthermore, outdoors access points can also be added throughout the workplace, extending Wi-Fi coverage of your site/campus.
Setting an impression
We expect access to the internet – it’s a staple for much of our everyday lives – and it’s clear we’re getting more fastidious about its absence. According to Hotel Chatter, 38% of people will no longer book a hotel solely on the basis that it does not offer Wi-Fi.
With so much data moving across wireless infrastructure, businesses have few options but to utilise it. How you control, secure and manage it is the new challenge.
Network managers can gain some big advantages from cloud networking over the traditional solutions. Of these are:
- Faster implementation and easier management
- Unified view of the entire network regardless of the location of end devices
- Rapid detection of troubled devices and easy replacement
- Reduced costs on IT staff and training
- Reduced costs of upgrades to network operating systems and devices
- Anytime, anywhere network access
- Stronger security posture and network control
To summarise, no Wi-Fi is becoming a business showstopper. It’s little surprise that 75% of people recently said that they would be grumpier without internet for a week than without coffee.
At BCN Group, we work closely with customers to ensure that their networks are managed efficiently and safely. Cisco Meraki is just one solution we apply to ensure your business can grow further and exceed expectations. If something has caught your eye, get in touch with us at firstname.lastname@example.org, or visit us at www.bcn.co.uk.
Millennials are a generation defined by technology. After all, this is the first generation to grow up surrounded by technology. Despite this, it’s the older generations who are savvier when it comes to internet security. According to research by FirstData, millennials are less concerned with cybersecurity than older generations. The biggest problems faced are with reusing the same password and with over sharing sensitive information on social media and over email.
Older generations might be more concerned with their individual computers and devices being infected, which is why they are cautious about internet usage and sharing information. However, younger generations don’t share these concerns. Although device-level security might be sufficient, there is always the worry that third-party sites could be compromised. If a user has the same password for every platform, then this could present a serious problem.
According to the research, 82% of millennials reuse the same password across websites and apps and 42% will only change their password if they are forced to. The main reason cited for this reluctance to change passwords is that they are simply too difficult to remember. For company owners, this presents a unique challenge when it comes to policing their company password policy.
When it comes to oversharing on social networks, millennials are less concerned about the risks associated with this. Only 43% of millennials are concerned about transmitting private information over social media sites, compared to 63% of boomers. Even something as small as sharing your date of birth on social media can allow fraudsters to piece together your identity and open credit cards in your name.
For companies, this presents a unique challenge, as millennial workers might use the same password for their work email as they would for their social media accounts. Although there is a lot of attention to cybersecurity threats such as ransomware, millennials aren’t as concerned about the risks associated with identity theft. While social networks might be secure, many people allow third-party apps to access their information without a second thought, and this is where more education is needed. Although millennials may be very savvy when it comes to technology, there are clearly gaps in awareness where security is concerned.
The image of the modern tech entrepreneur is someone who can miraculously manage everything at once. Although startups might feel that they have to pull themselves up by their bootstraps and manage everything in-house, there are a lot of benefits to be enjoyed when it comes to outsourcing critical tasks. IT support is one area where tech startups, in particular, can benefit from outsourcing their needs. Here are 5 reasons tech startups should consider outsourcing their IT support…
Running a successful startup is all about making sound financial decisions. While many startups may subscribe to the agile mindset, they are often guilty of making bulky and costly mistakes. Hiring an in-house IT department is one such costly mistake. Managing your IT in-house means hiring an entire team, not to mention the added costs of servers, software and hardware. By outsourcing this to a third party company, the startup is able to take an agile approach to growth as the IT support they need can grow with them.
It can be tempting to try to operate as a jack of all trades, but there comes a time when it pays to refer to the experts. Although there is a lot of satisfaction to be gained from managing everything in-house, leveraging the expertise of an IT support company can help to keep the focus on the task at hand: building your startup.
Improve Customer Retention
In the early days of managing a customer-facing startup, public perception is everything. If you’re out of action for half a day because you decided to manage your IT in-house and can’t access your CRM database for a few hours, this will likely leave your customers with a bad impression. By outsourcing your IT, you can rest assured that someone else will be keeping an eye on things, so you can move your attention to more important matters.
Small businesses and startups are particularly vulnerable to hacks and ransomware. By outsourcing your IT services, you can rest assured that someone in the know is monitoring your IT systems for anything out of the ordinary. This could range from unusual attachments in emails to brute force attacks on your network.
The best IT support companies will provide scalable services that grow with your business. If you have to tighten your belt one month, you should be able to reduce costs, whereas if you are going through a period of rapid expansion, your IT provider should be able to keep up. Leveraging the scalability of outsourcing your IT is one of the best reasons to consider hosted cloud services for your tech startup.
For the companies in the midst of high-profile data security breaches, revenge hacking is likely low on their list of priorities. As an activity, hacking isn’t inherently illegal, but there are limits on what is and what isn’t permissible. If you forget the password to your own laptop and exploit security vulnerabilities to gain access to it, this is fine. However, if you do the same to your boss’s laptop and steal information from it, this is illegal. While large companies might hire white hat hackers to test their network vulnerabilities and monitor for unusual activity, these hackers have been largely limited in what they can get away with. Until now.
Under the proposed legislation, the victims of hacking would be legally allowed to take revenge against those who breached their security systems. Revenge could involve anything from hacking their systems back, finding out who they are and even destroying any stolen data and information. The rules would also allow victim companies to deploy beaconing technology that would allow them to find the geographical location of the hacker. This would aid law enforcement in bringing these individuals to justice.
There are some limitations to the bill, and companies that choose to carry out revenge hacks wouldn’t be without liability. Most importantly, revenge hacks would only be allowed to be carried out on US computers, which already limits the reach. Many cybercriminals will route their attacks through systems around the world, which would protect them from revenge hacks. Companies would also have to fill out paperwork and submit this to the FBI’s National Cyber Investigative Joint Task Force. This will help to ensure national boundaries are respected and that any activity wouldn’t infringe on a known investigation. The legislation has also been proposed with a time limit attached. The bill would expire after two years and the United States Department of Justice would have to report to Congress to keep them up to date how the legislation has been utilised.
Liability is also a key issue. If damage was done to a third party system as the result of a revenge hack, the company behind it would be liable, provided there is a trail pointing to the company behind the hack. It is not yet clear how transparent the hacking departments will need to be about their activities.
In the UK, there are currently no plans to work revenge hacking into law, but with ransomware and security breaches on the rise, MPs are under pressure to find a satisfactory solution that will protect businesses, infrastructure and public services from cybercriminals.
Security Best Practices
Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers. To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.
Nine best security practices to apply now
Good IT security practices including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:
Patch early, patch often
The sooner you patch the fewer holes there are for ransomware to exploit.
Backup regularly and keep a recent backup copy off-line and off-site
Offline and off-site means ransomware can’t get to it. With recent back-ups, data loss can be minimised.
Enable file extensions
Don’t enable macros in document attachments received via email
A lot of infections rely on persuading you to turn macros on, so don’t do it!
Be cautious about unsolicited attachments
If you aren’t sure – don’t open it. Check with the sender if possible.
Don’t have more login power than you need
Admin rights could mean a local infection becomes a network disaster. Stay up-to-date with new security features in your business
Stay up-to-date with new security features in your business applications
For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.
Patch early, patch often!
Staying on top of patching is so important that we’ve called it out twice. Don’t let ransomware exploit a patched vulnerability.
If you’d like to learn more about how to protect your business against ransomware or any other malware, phishing or cyber-threat, get in touch with us today.
Almost every office environment will have a connected printer. While this might bring increased productivity and efficiency to the workplace, it also presents a serious security risk. Hackers are increasingly exploiting the vulnerabilities of the humble office printer in order to launch attacks on businesses. Printers handle so much sensitive data on a daily basis. Think about the things that your company will print day-to-day. From sensitive customer information to financial statements – most of us will hit print without a second thought.
For the past year, security experts have been warning about the dangers posed by the Internet of Things. Letting our devices quietly chatter away to each other in the background might seem like a great idea if you want to automate things like heating and lighting, but left unchecked, these devices can provide a backdoor into your sensitive information. This is something that hackers and security experts are all too aware of.
While many businesses take steps to ensure their network is secure, according to one survey, only 25% of businesses surveyed confirmed that printer network security was a priority. Fortunately, printer manufacturers are stepping in to help raise awareness and stop the problem at the root. HP’s latest generation of enterprise printers, for example, is embedded with plenty of smart security options to help improve security. These printers can detect and self-heal issues meaning that the printers can continue to run in the background without the need for downtime to deal with hacks and attacks.
The threats facing business are continually evolving, which is why it’s important to stay one step ahead of those who would seek to damage your business. Regular and comprehensive security assessments should be a key priority in any business. Small businesses are often guilty of assuming they are too small to become a target, but it’s often weaker security systems that pose a target, rather than the size of an organisation. In the UK, the average cost of a security breach is £3,000, which can be crippling for a small company.
If your company is in need of some IT security advice, why not get in touch with the team here at BCN. We can talk you through our services in plain English and help you make a decision that is right for you and your business.
No matter how complex and thorough your company IT security is, human users will always find a way to work around protections. If you don’t have a password policy in place, it’s difficult to ensure that your employees are making smart choices. One of the biggest problems is in password strength, with the majority of employees choosing easy to guess passwords and using the same password for everything. Equifax recently hit the headlines when it was revealed a database could be accessed using the username and password ‘admin’. Although it’s easy to joke about these instances, this is no different to a company employee using their first name followed by the year and assuming this is sufficient for security. If you want to keep your company secure, creating a password policy and enforcing it is essential.
Creating and Enforcing Password Policy
Decide what is secure
Although the conventional wisdom seems to be that passwords need to above 8 characters, and include a mixture of lowercase, uppercase, numbers and special characters, this often leads users into the trap of thinking ‘Pa$$word123’ is a strong password. Before creating a company-wide password policy, it’s a good idea to make sure you know what a secure password looks like. You can try this quiz to test your knowledge of password strength.
Update passwords frequently
In addition to guidelines on password length, you should also set a time limit on how long employees can keep the same password as part of your password policy. Changing passwords too frequently can be just as problematic as never changing them, as employees might be tempted to switch back-and-forth between two passwords just to satisfy your password policy.
Decide if password managers are allowed
Some companies swear by password managers as the best way to enforce password policy. While there are many benefits, there’s also the risk that systems could be compromised if one employee’s password manager is breached. If you do decide to use a password manager, it’s important that employees update their access passwords frequently to prevent unauthorised access.
Don’t write passwords down
If your password policy is leading employees to write down long and complicated passwords, it’s time to re-think. Employees need to understand that writing down their passwords is in breach of password policy. Passwords should be long, but they should also be memorable. For example, using a sentence like ‘y3sterd4yicl!mb3dATr33’ is a very secure password, but will be a lot more memorable than a random selection of letters, numbers and punctuation.
BCN Group Ltd.
T: 0345 095 7000
T: 01625 538585 (Alternate)
Trident 3, Trident Business Park, Styal Road, Manchester Airport, M22 5XB
T: 0345 095 7000
88 Wood Street, London, Greater London, EC2V 7RS