Limbtec Limited > Blog > 2024 > March

Patch management

27th March 2024
Patch Management

A lot of the time when systems are compromised in a Cyber Security Attack, it is because something that should have been updated hadn’t been! Patch Management.

So, this week we have a look at the various updates that need to be considered. Is your IT support company doing all of this!

Firstly, we will start with the Operating System.

No matter what flavour of system you are using they all need updating, this should include everything from your server, through to your mobile phone. Although manufacturers will rave about the improvements in updates, the biggest reason we think you should install these updates as soon as you can is that they patch critical security holes.

It is also worth bearing in mind that some of these may not be selected to be installed by default. Or your IT support provider may not automatically install them. On operating system updates one of the biggest things, we see is people not restarting their computer.  These updates if they require a restart, are not fully installed until the restart has happened.

Applications

Almost all applications have updates, and a good practice is to make sure these are up to date as well. Especially your web browser, a lot of attacks happen through web browsers this includes a method that bypasses MFA (2FA) So make sure you are updating all of your applications.

If you no longer need an application, then the best thing to do is to uninstall it

Lastly, something you probably have never considered is a piece of software that you won’t normally ever see.

FIRMWARE.

Firmware is software on many devices that control how the hardware operates, these should also be updated. You will find these not only on computers, and servers but switches wifi access points, telephones, printers – The list goes on, and on. You or your IT supplier should make sure these are kept up to date. They are available from the manufacturer, and the systems to keep these up to date have improved over the years. But some are still difficult to know when updates are available.

Whilst looking at the Firmware please remember that when a manufacturer stops updating the firmware this is normally because the device has reached end of life. And even if it is working properly, you should consider changing it,

If you want to make sure you are covered, please get in touch.

Read more

Cyber attacks: Stronger, faster and more sophisticated

25th March 2024
A new security report has revealed some alarming trends. First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We're talking an average of just 62 minutes compared to 84 minutes last year. This is not good news. Not only are these attacks faster, but they're also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company. And guess what? These cyber criminals aren't sitting around twiddling their thumbs. They're getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That's barely enough time to grab a coffee, let alone mount a defence. But here's the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks. They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over. Or they pretend to be someone your team trusts. This is called social engineering. So, what can you do to protect your business from these cyber threats? • Educate your employees Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes. • Implement strong password policies Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in). • Keep your systems updated Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key. • Invest in cyber security software Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this). • Back-up your data Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss. When it comes to cyber security, it's better to be safe than sorry. If we can help you to stay better prepared, get in touch.

A new security report has revealed some alarming trends.

First off, cyber attacks are becoming faster than ever. Breakout times (that’s the time it takes for a criminal to move within your network after first getting in) have dropped significantly. We’re talking an average of just 62 minutes compared to 84 minutes last year.

This is not good news.

Not only are these attacks faster, but they’re also becoming more common. The report has identified a whopping 34 new cyber criminal groups, bringing the total to over 230 groups tracked by the company.

And guess what? These cyber criminals aren’t sitting around twiddling their thumbs. They’re getting smarter and more sophisticated. The report highlights a new record breakout time of just two minutes and seven seconds. That’s barely enough time to grab a coffee, let alone mount a defence.

But here’s the real kicker: The human factor is increasingly becoming the main entry point for these cyber attacks.

They will try to get your people to click a link in a phishing email, which will take them to a fake login page. Once your employee enters their real login details, they have inadvertently handed them over.

Or they pretend to be someone your team trusts. This is called social engineering.

So, what can you do to protect your business from these cyber threats?

  • Educate your employees

Make sure your team is aware of the latest cyber threats and how to spot them. Regular training sessions can go a long way in preventing costly mistakes.

  • Implement strong password policies

Encourage the use of complex random passwords generated and remembered by password managers. Use multi-factor authentication for an added layer of security (this is where you use a second device to confirm it’s really you logging in).

  • Keep your systems updated

Make sure all software and systems are up to date with the latest security patches. Cyber criminals often exploit known vulnerabilities, so staying current is key.

  • Invest in cyber security software

Consider investing in reputable cyber security software that can help detect and mitigate threats in real-time (we can help with this).

  • Back-up your data

Regularly back-up your data and store it in a secure location. In the event of a cyber attack, having backups can help minimise downtime and data loss.

When it comes to cyber security, it’s better to be safe than sorry. If we can help you to stay better prepared, get in touch.

Read more

Why IT needs to be monitored and managed

20th March 2024
Why IT needs to be monitored and managed

Why does IT need to be Monitored?

To put it simply what isn’t measured (monitored), can’t be improved!

So we monitor a whole range of things. Some are basic physical items, such as storage space used.  We do this so if the drive is full we can run a script and try and free up some space to keep it working at it’s best. Other items may just raise an alert so we can track the history, like high temperature alert.

Other items we measure, is looking for cyber Security issues. This is just basic items, this supplements the security measures we also recommend (coming in a future post)

We monitor the software, as well, this is partly to make sure nothing is installed that shouldn’t be, but also what is installed is fully up to date.  Similar to our process for updating Windows itself.

If it is monitored it can be managed.

As mentioned above the items we can monitor can then also  be managed. The whole idea around this isn’t to monitor what the user is doing! But to ensure that the computer is always running as well as it can, and to make sure the computer is also cyber secure.

But it doesn’t stop with computers. We can also monitor and manage Network equipment to ensure that this is also running well, and securely.

What does this mean for your Business

Aside from knowing your employees are working on devices running as they should and securely. It also means they are able to work efficiently. And it also means that you can make decisions on when to update/upgrade equipment based on facts and not on a feeling.

You might want to look at our IT Support or IT Services Pages

In summary, IT monitoring and management are not optional; they are critical for business continuity, security, and growth. Organisations that prioritise these practices can harness the full potential of their IT infrastructure, drive innovation, and stay ahead in a rapidly evolving digital landscape.

Read more

The little things that make a big difference

18th March 2024
The little things that make a big difference

Microsoft’s latest Windows 11 update has dropped, and it’s got a small change that could make a big difference to you and your team.

Microsoft has given Copilot, its handy AI assistant, a new place on the taskbar. No more hunting around for the button. Now it sits on the far right of the taskbar, in what we tech folks call the ‘system tray area’.

If Copilot isn’t your thing, no worries. You can easily remove it from the taskbar altogether. But having an AI assistant at your fingertips can be a real boost for productivity, so we’d recommend you give it a chance before giving it the boot.

Before you rush to check if your Copilot button has relocated, let’s talk details.

First off, this update has been rolling out over the last few weeks.

It’s known as Patch KB5034765 (catchy name) and isn’t just about moving buttons around. It’s also packed with important security and bug fixes, including a crucial one for Explorer.exe. This was causing some PCs to freeze up when restarting with a game controller attached.

Probably not an issue in your business, but you never know…

There was also a problem with slow announcements from Narrator, the screen reading tool. That’s been fixed.

While this Windows 11 update may seem like small fry, it’s these little tweaks that can really streamline your workflow and stop your team from being interrupted by problems while they work.

Has your business switched over to Windows 11 yet? Our team can look at your set-up and advise whether you’d benefit from upgrading, or you should stay on Windows 10.

Get in touch and ask us for a tech audit.

Read more

Why we do Security packages and not support

13th March 2024
Why we do Security packages and not support

For the last 2 years, we have been working on moving from providing support to providing security. We no long just sale support!

Why!

Since I started Limbtec way back in 2002, what we did and how we did it was far different to today. About 50% of our work was support including installing, and configuring, and about 50% from sales of hardware and software.

Our business model has changed over time, most recently to providing support mainly via remote means. And this being around 80% of our business model, with the remaining being cloud services.

Security

A little over 2 years ago, I sat down and looked at whats next! And the continual biggest issue facing our customer base was Cyber Security, and Cyber Hygene. There is a saying, that if you haven’t had a cyber security breech, then you either don’t know about it, or you are about to!

What needed to change.

The biggest problem is up to this point we were looking at what could be done to help businesses grow. And use technology to achieve that. What the whole of the IT industry seemed to have done is forgotten about making sure this was done in a secure manner! A security first approach.

Methodology

I am not a great fan of reinventing the wheel! And in the UK, there is a certifcation scheme called Cyber Essentials. So we used this framework to build out 3 tiers to achieve Cyber Essentials Standards. Even if Cyber Essentials Certification is not taken up! Our clients should be secure, due to massively improved Cyber Hygene.

Monitoring

So the biggest issue with Cyber Essentials is that it is done on a snap shot. At that point you have a good cyber hygene, but there is no requirement to monitor this. This is where our packages come in, we will monitor the items required, and we budle extra measures in to the mix (depending on package) to strengthen your security.

We haven’t forgotten Support

We started as a support company! And as the biggest growing support requests are around Cyber Security, we are facing these head on, but haven’t forgotten about other support issues, we bundle support into all packages at various levels.

Over the coming weeks, On a wednesday I will be blogging details of what we thing is important to consider, with your business and cyber security. If you want to have a free review please contact us

Read more

And the award for most common phishing scam goes to…

11th March 2024
And the award for most common phishing scam goes to…

If there’s one thing that’s 100% certain when it comes to protecting your business data, it’s that you need to be aware of phishing emails.

First things first, what exactly is a phishing email? Picture it as a wolf in sheep’s clothing, posing as a legitimate communication to deceive unsuspecting recipients. These emails often contain malicious links, attachments, or requests for sensitive data, all disguised as a business or person you already know and trust.

And you know what they say: Knowledge is power. One of the best ways to stay safe is to stay informed. We can do that by looking at the most common phishing emails of last year.

There are three main categories of phishing themes: Major, moderate, and minor.

Major themes

The biggest category is finance-related phishing emails, making up a huge 54% of attacks. These emails often contain pretend invoices or payment requests, aiming to lure recipients into giving away financial information.

Following closely are notification phishing emails, making up 35% of attacks. These emails prey on urgency, claiming your password is about to expire or you must take some urgent action.

Moderate themes

Document and voicemail scams take centre stage here, accounting for 38% and 25% of attacks respectively. These tactics involve deceptive files or messages designed to trick you into compromising your security.

Minor themes

While less common, minor phishing themes still pose a risk to people who don’t know what to look out for. These include emails related to benefits, taxes, job applications, and property.

Why should you be concerned about phishing emails? Falling victim to these scams can have serious consequences, including financial loss, data breaches, and damage to your company’s reputation. It’s essential to educate your employees about the dangers of phishing and put in place robust cyber security measures to protect your business.

Awareness and vigilance are your best defences against phishing attacks. By staying informed, training your employees, and using strong security protocols, you can safeguard your company’s valuable assets from cyber threats. We help businesses like yours stay safe. If you’re not 100% sure you’re fully protected… let’s talk.

Read more

Before you replace your slow PCs…

4th March 2024
Before you replace your slow PCs…

You rely on your team to be efficient and productive. But slow and sluggish computers can make it difficult for them to do their work – and could affect you personally too. Which impacts your business’s overall performance.

Before you jump to the (expensive) conclusion that you need to replace your PCs, there are several ways you can increase computer performance on Windows 10 and 11.

Here are just a few…

Restart your computer

Yes, it might be our favourite advice as IT support professionals, but a basic shutdown and restart can work wonders. Restarting your computer clears background processes, applications, and memory data. This often resolves common performance issues, especially if your computer has been running for a while.

Manage start-up apps

Many apps register themselves to start automatically with Windows 11, and this can slow down your computer’s start-up process. To regain some speed, consider disabling unnecessary start-up apps:

  • Open Settings
  • Click on Apps
  • Select the Start-up page
  • Sort apps by their “Start-up impact”
  • Turn off the toggle switch for any unnecessary apps
  • Restart your computer

This will prevent these apps from launching automatically during start-up and save valuable system resources.

Disable restartable apps

Windows 11 has a feature that saves and restarts certain applications when you reboot your computer. While it can be convenient, it may not be ideal for performance. To turn off this feature:

  • Open Settings
  • Click on Accounts
  • Go to the Sign-in options page
  • Turn off the “Automatically save my restartable apps and restart them when I sign back in” toggle switch

Disabling this feature can help improve your computer’s speed, especially if you have many applications that you don’t use regularly.

Uninstall unnecessary apps

Unused or unnecessary apps can clutter your system and slow it down. To remove them:

  • Open Settings
  • Click on Apps
  • Select the Installed apps page
  • Choose the app you want to uninstall and click the Uninstall option
  • Follow the on-screen directions if necessary

By removing apps you don’t need, you’ll free up space and resources for better performance.

Always be cautious about what software you install on your computer. Poorly designed or outdated applications can have a negative impact on performance. Stick to reputable apps (preferably those available in the Microsoft Store) because they have thorough reviews for both security and performance.

Before installing any software, do some online research to check for user experiences and potential issues. Trustworthy sources and well-known companies are your best bet.

Take the time to optimise your existing Windows computers before you consider upgrading your devices. Of course, rather than doing all of this yourself, why not get our team to do it for you. They can check every aspect of your computers and network to look for other hidden problems. Get in touch.

Read more

Addressing the Dangers of Browser Extensions

1st March 2024
Addressing the Dangers of Browser Extensions

How many browser extensions have you downloaded? Do you know the Dangers of these Browser Extensions?

People download browser extensions as common as they us mobile apps. Once downloaded they tend to not use them? There are over 176,000 browser extensions available on Google Chrome alone. These extensions offer users extra functionalities and customisation options.

Today we look at this and the risks to online security and privacy.

The Allure and Perils of Browser Extensions

Browser extensions are often hailed for their convenience and versatility. They can be a wonderful addition to the browser, and we use them to help use the systems we use every day. But the ease with which users can install these extensions is a weakness. Because it also introduces inherent security risks.
Next, we’ll delve into the hazards associated with browser extensions. It is imperative to strike a balance between the benefits and dangers.

What are the Key Risks Posed by Browser Extensions

Phishing and Social Engineering

Some malicious extensions engage in phishing attacks. As well as social engineering tactics. These attacks can trick users into divulging sensitive information.
This can include creating fake login pages or mimicking popular websites. These tactics lead unsuspecting users to unknowingly provide data. Sensitive data, like usernames, passwords, or other confidential details.

Malicious Intent

There are many extensions developed with genuine intentions. But some extensions harbor malicious code. This code can exploit users for financial gain or other malicious purposes. These rogue extensions may inject unwanted ads. As well as track user activities or even deliver malware.
These extensions often use deceptive practices. They make it challenging for users to distinguish between legitimate and malicious software.

Privacy Intrusions

Many browser extensions request broad permissions. If abused, they can compromise user privacy. Some of these include accessing browsing history and monitoring keystrokes. Certain extensions may overstep their intended functionality. This can lead to the unauthorized collection of sensitive information.
Users often grant permissions without thoroughly reviewing them. This causes them to unintentionally expose personal data to potential misuse.

Outdated or Abandoned Extensions

Extensions that are no longer maintained or updated pose a significant security risk. Outdated extensions may have unresolved vulnerabilities. Hackers can exploit them to gain access to a user’s browser. As well as potentially compromising their entire system. Without regular updates and security patches, these extensions become a liability.

Browser Performance Impact

Certain extensions can significantly impact browser performance. This can happen due to being poorly coded or laden with unnecessary features. This results in a subpar user experience. It can also lead to system slowdowns, crashes, or freezing. An extension’s perceived benefits may attract users. But they end up unwittingly sacrificing performance.

Mitigating the Risks: Best Practices for Browser Extension Security

1. Stick to Official Marketplaces

Download extensions only from official browser marketplaces. Such as those connected with the browser developer (Google, Microsoft, etc.). These platforms have stringent security measures in place. This reduces the likelihood of encountering malicious software.

2. Review Permissions Carefully

Before installing any extension, carefully review the permissions it requests. Be cautious if an extension seeks access to unusual data. Such as data that seems unrelated to its core functionality. Limit permissions to only what is essential for the extension’s intended purpose.

3. Keep Extensions Updated

Regularly update your browser extensions. This ensures you have the latest security patches. Developers release updates to address vulnerabilities and enhance security. If an extension is no longer receiving updates, consider finding an alternative.

4. Limit the Number of Extensions

It’s tempting to install several extensions for various functionalities. But each added extension increases the potential attack surface. Only install extensions that are genuinely needed. Regularly review and uninstall those that are no longer in use.

5. Use Security Software

Use reputable antivirus and anti-malware software. This adds an extra layer of protection against malicious extensions. These tools can detect and remove threats that may bypass browser security.

6. Educate Yourself

Stay informed about the potential risks associated with browser extensions. Understand the permissions you grant. Be aware of the types of threats that can arise from malicious software. Education is a powerful tool in mitigating security risks.

7. Report Suspicious Extensions

If you encounter a suspicious extension, report it. You should report it to the official browser extension marketplace and your IT team. This proactive step helps browser developers take prompt action. That action protects users from potential threats.

8. Regularly Audit Your Extensions

Conduct regular audits of the extensions installed on your browser. Remove any that are unnecessary or pose potential security risks. Maintain a lean and secure browsing environment. This is a key aspect of online security.

Contact Us for Help with Online Cybersecurity

Browser extensions are just one way you or your employees can put a network at risk. Online security is multi-layered. It includes protections from phishing, endpoint threats, and more.
Don’t stay in the dark about your defenses. We can assess your cybersecurity measures and provide proactive steps for better protection.
Give us a call today to schedule a chat.

Read more
Recent Comments