FREE Supply Chain Check

FREE Supply Chain Check

Supply Chain Fraud can happen in a number of ways but we see far too many where the easiest & simplest of things haven’t been done, especially with e-mail & CRM systems. Companies in the supply chain that haven’t enabled Multi Factor Authentication (and often also haven’t enabled Sender Policy Framework or DMARC, so anyone, anywhere can send email as if from them).

A fake internal email from a colleague with a link to ‘an important document’, a fake login page to the shared on-line drive that then gives away the users logon, then use that genuine account to send just one more email in an existing thread, topped & tailed like all those before. This will not be picked up by filtering services … because it is a genuine email, from a genuine mailbox of a genuine supplier and the end user has no reason to believe it isn’t a continuation of a genuine thread.

It is time for companies to test, educate and secure their supply chain as ultimately it is looking after their own interests too. Collaboration to keep all secure and in business.

You would be surprised by what we are able to deduce from a domain name or better still a header from a genuine email – use our FREE Supply Chain Check to test yours.

Microsoft Exchange Critical Vulnerability

Microsoft Exchange Critical Vulnerability

350,000 Microsoft Exchange Servers remain unpatched against a critical vulnerability fixed by Microsoft in February!

If you run an in-house Microsoft Exchange Server simply e-mail us on helpdesk@1stcs.it and from the hidden e-mail header we can tell what version and update of Exchange you are running and advise accordingly.

This is a FREE service to ensure companies are secure against compromise (this bug allows a standard user account to take complete control of the server as an administrative user and from there likely other resources/servers on the network).

Working From Home

Working From Home

We have been busy setting up our clients to enable their staff to work securely and efficiently from home (WFH).

For some that has been implementing firewall changes to prioritise WFH internet traffic over normal traffic. For others who have redundant connections it has been dedicating one purely to WFH traffic.

One design customer, who operate from a beautiful barn but with limited connectivity speeds found they could get 20mb:20mb via 4G. A 4G router has been added to their firewall and dedicated to WFH traffic. As it is only WFH traffic going over 4G the data costs are capped within their SIM contract – “Thanks guys, it’s now just like being in the office!”

If you are struggling to get your staff working securely & efficiently from home with IT or Telephony drop our support team an email. We can then arrange a FREE chat with one of our skilled engineers who will help & advise. helpdesk@1stcs.it

VPN and Working From Home

VPN and Working From Home

If you use VPN (Virtual Private Network) to access your business IT, is it patched, secure and most importantly using Multi Factor Authentication (MFA/2FA)?

In the race to give staff access to corporate systems from home we are hearing of VPN clients being hastily installed on untrusted home computers.

If these machines are compromised by malware the VPN profile can be extracted and the username & password logged – without MFA they can be re-used giving ultra easy access to a hacker.

There are other ways of securely giving ‘air gapped’ access from home computers, but be careful there are many rogue services & software out there just waiting for you to effectively breach your own network!

We would leave VPN connectivity for corporate owned & trusted devices (and still secure with MFA!) and set very tight firewall rules around what servers & services can be connected to over VPN. This also goes for those who expose Remote Desktop Services (aka Terminal Services) directly to the internet, not behind a secure gateway and likely again without MFA – Don’t Do It!

IT Super Heroes

IT Super Heroes

Last week I was put on the spot by a friend of a friend and asked ‘So what’s your company’s USP then Steve?’

I failed at the first hurdle with ‘Err, i guess we’re much the same as many others really’. ‘You’re not very good at this Steve’ came the reply, with a chuckle and a grin, ‘Try Again’.

My 2nd attempt was a little better – ‘Well, err, we care! We genuinely care and want our customers to have the most resilient, secure, scalable infrastructure and staff that are cyber risk aware’.

The next day on the short walk to school I asked my 8 year old Son what our USP is and without hesitation, he nailed it, first time – ‘That’s easy – You’re IT Super Heroes!’ So there you have it 1stCS #ITSuperHeroes

Windows 7 End-Of-Life

Windows 7 End-Of-Life

Windows 7, End of Life January 14th 2020 – Act Now!

If you haven’t yet replaced or upgraded your machines to Windows 10, especially if you are a business, it is essential that you do so now!

The team at 1stCS are here to help. If you need any help or advice please do get in touch on 01329 630018 or helpdesk@1stcs.it

After January 14th 2020, no security updates will be released for the Windows 7 platform, making it increasingly vulnerable over time (many vulnerabilities fixed in Windows 8 & 10 are likely to also exist in Windows 7. Reverse engineering of a fix exposes the flaw and it is then actively targeted, especially on machines that will never receive a fix!).

If you rely on the built in Microsoft Security Essentials (MSE) in Windows 7 as your anti-virus, it has now been announced that that will continue to receive signature updates (but no updates to the software itself). Microsoft originally intended to stop signature updates on January 14th too but have wisely decided to continue providing them as not doing so would have left many even more highly exposed.

The following Microsoft document explains more – https://lnkd.in/dJ5EfvV

Windows Server 2008

Windows Server 2008

Windows Server 2008/2008R2 – End of Life 14th January 2020!

If you haven’t yet upgraded/replaced Windows Server 2008 (Microsoft Small Business Server is built on Server 2008 & Exchange 2010!) you will become more and more vulnerable over time.

There will be no security updates to Server 2008 after 14th January 2020.

This is especially important if your server is exposed on the public internet for services such as Outlook Web Access (OWA), Direct Push Email to mobile devices, Sharepoint or the server itself is used to provide Virtual Private Network (VPN) access to your internal network.

Microsoft Exchange 2010 was due to go out of support on this date too but that has been given a reprieve until October 13th 2020 to give people time to migrate to a newer version or into the cloud. If you are worried, contact our team on 01329 630018 or helpdesk@1stcs.it and we will advise on options suitable for your particular business size, environment & situation.

Security Awareness Training

Security Awareness Training

Security Awareness Training – How well protected are you?

If you are looking for peace of mind then come to our Security Awareness Training event at Lysses Hotel, a few doors along from our main office in Fareham, Hampshire on Monday 16th of December.

Many businesses believe that they are secure but often there are holes left open!. In this training event we will discuss Email Security, Anti Virus, Firewall, Software Patching, Third Party Hardware, Encryption and Education of end users as well as a time for Q&A.

Choose morning or afternoon and come and meet some of the 1stcs.it team.

Leave better informed about very real threats, securing (and testing!) systems and the importance of educating all users, especially those at the top. £20 (inclusive of VAT) per person To book, call us on 01392 630018

Black Friday

Black Friday

Everyone loves a bargain and with Black Friday / Cyber Monday madness taking over we need to make sure everyone stays Cyber Safe!. Recent trends have changed from long queues and crowded shops to the comfort and convenience of ordering anywhere, any time.

In 2018 criminals set up many fraudulent websites simply to capitalise on the craziness of Black Friday weekend where prices that seem too good to be true are the norm. Really though they are just looking for access to credit card and personal information. On this weekend in particular there are many lined up to willingly give those details away in return for a perceived bargain.

For our 5 top tips to stay safe online, click here