Over the last couple of years and fuelled by the pandemic the use of Teams has exploded. It is now used by 270 million people every month. Whilst the growth in usage has slowed recently it is still the go to collaboration tool for a lot of organisations. And here are three new teams features to look forward to.
As you read this, you may be thinking how did we work before Teams!
It gives us all the ability to stay connected regardless of where we are working. And gives us those collaboration tools we need to work the way we work today.
Because it is part of Microsoft 35 packages, it is the logical solution to keep the team working on projects with no fuss.
Microsoft is constantly making improvements and adding features. Over the past few months, they have added new features like the virtual whiteboard, which you can use to throw around ideas during your video meetings. Also the ability to pin chat to the top.
There are 3 new features coming soon they are
Coming later this month (hopefully) when you rename a Teams channel, it will automatically change the name of the SharePoint Folder.
Chat with self feature. This feature will allow you to send yourself notes and messages, putting the I into team!
Teams Calls will give you the same experience when using the Teams app and the web browser version.
That is the Three new Teams features to look forward to. If you need help to get the most out of Teams, contact us, if you just want to watch this on video visit our tech update page.
So you do what you believe is right and install those windows updates as soon as they become available. Congratulations, but it might not be enough!
Microsoft has just released a piece of information which is crucial to ensuring your computer remains up to date, and you will need to take action to achieve this.
Windows Updates are crucial for all of our devices.
Updates are released regularly to help protect us from the security flaws and vulnerabilities that cyber criminals will exploit. Also, these updates help us by making software and applications more usable and adding new features.
It’s best practice to run updates as soon as possible on every machine across your business. If you do this already well done, if you don’t perhaps you should talk to us to help you?
There’s a but
According to Microsoft, an enormous number of Windows PCs aren’t up to date.
Why?
So what’s happening?
Some of it maybe staff clicking the ‘later’ button when they get the update notifications. As updates can be time consuming and sometimes people need to get on with their work. Though we certainly don’t condone this behaviour we do understand it.
Technical problems with updates may account for some of these out-of-date PCs, too.
But the majority of update issues are coming from something else entirely…
Microsoft Windows needs to be connected to the internet for a very long time for updates to work properly. Recently Microsoft stated that devices need to remain on and connected to the internet for a minimum of two consecutive hours, and six hours in total. That gives your device time to successfully download the update and install it.
Here is what to do to make sure Windows Update Succeed.
It is simple you need to make sure your devices are all left on and powered up overnight.
This may also mean that you have to check your Power Management settings, to stop your devices from going into hibernation mode or deep sleep too quickly.
To offset any environmental impact you should also ensure you’re following the recommended power settings on each device. If you’d like any help checking these settings, and that all of your devices are running the latest security updates, just get in touch.
In the last 2 years working from home has come of age.
Whilst Many have loved it, others realised they preferred an office environment.
But would you hazard a guess at how many people would like to make remote working a permanent option?
According to a new report, a whopping 96% of employees want to solely work from home, even when the pandemic is over.
They’d be willing to take a pay cut to make that happen.
But wait – it gets even more shocking.
Of these people, a third said they’d be willing to sacrifice HALF of their monthly wage to do so.
Not only that, but they’d give up their health benefits and even paid time off.
Are you as shocked at those figures as we are?
In terms of work/life balance, some people have never had it better. And now that things are slowly recovering, they’re not going to give it up without a fight.
Many of your people might not want to go back to the stress, the distraction, the commuting…
And it’s likely some of them don’t want to leave their beloved pets on their own!
As an employer, giving the option to make remote or hybrid work permanent seems like an ideal solution. You’ve already seen that your people can be trusted to do a great job wherever they work. You may even have seen an increase in motivation and productivity.
Your business could even cut down on some of its fixed costs – office space is the big saving.
Of course, there’s more to consider than how much you trust your team to continue doing a great job. Or how much you could be saving on office space.
If you haven’t already done so, you’ll need to make sure that everyone’s home working set-ups are suitable.
If you’ve only had temporary work from home measures in place for the last 2 years, it’s time to make them official.
The first priority for work from home is to look at data security.
How do your people access your network? Do they have the right security measures installed on their devices? Are their home networks protected from unauthorised access? Can you stop their children using company devices?
But it’s not just security that you need to consider.
Look at the collaboration tools you’re using. If your team is unlikely to be in the same place at the same time, should you invest in a better solution to make sure communication doesn’t suffer?
As well as reporting on salary sacrifices, the report also found that nearly 2 in 5 people feel ignored in video meetings.
Upgrading their equipment and devices might be the answer. Professional quality webcams and microphones can help by making sure video quality is high and that voices are heard.
Don’t forget that older laptops or desktops will need to be upgraded every few years to make sure they’re performing well and costing you less to maintain. If you’d like any help making sure your home working setups are right for permanent remote workers, just give us a call.
Microsoft Teams has a new feature – Walkie Talkie!
It has been available on Android Devices for a little while now. It is now coming to iOS devices, so it could be a very useful feature for your teams. We think this will become a powerful communication tool, and will be using when on site.
Let’s look at what it is before we explore how you’d use it.
If you were alive back in the 1980s, you’ll remember real walkie talkies. They were the coolest way to talk to your friends on the move – long before we had mobiles.
If you’re too young to remember the 80s, then go watch a few episodes of Stranger Things and you’ll get the idea.
With a walkie talkie you press a button to talk, and everyone who has a device on the same frequency as yours can hear you speak.
They can only reply when you let go of the button. And only one person can speak at a time.
What that gives you is ordered real time voice conversation between a group of people.
This new Teams feature works in exactly the same way.
There’s no need to call anyone. Like a real walkie talkie you just push a button on your phone to speak, and everyone in your team channel can hear you.
It works on both Android and iOS devices, so long as they’re connected to the internet. It even works if your phone is locked.
Walkie talkie was originally created with front-line workers in mind.
The idea is that when you are on a client site, you can quickly and securely communicate with the office. And those on site with you, withe less hassle.
We can see this being useful for remote workers too. Doesn’t matter whether your team are in the office or working from home – they can have a voice conversation in real time, instantly.
Just like the old days when everyone worked in the same space.
Can you see how that would help your business?
Before you can use walkie talkie in Teams, you’ll need to make sure it’s enabled. Your administrator will need to do this in the Teams admin centre – it’s really easy.
If you’d like us to help you set up walkie talkie for your business, just give us a call.
As I settle down to write this, I am aware that last there were stories in the media that a password manager called LastPass, may have had some of its customers master passwords compromised.
LastPass deny this.
Do you use a password manager in your business?
We do and we highly recommend our clients use one as well. The purpose of this blog article is to help explain the benefits of using one.
But first……
What is a password manager and how does it work?
Almost everyone has hundreds of passwords to allow access to a variety of online services. Most business owners will have even more.
For most of these services your username will be your email address, you then have a password. And then possibly the use of something called multi-factor authentication (where you enter a code, or confirm it is you by clicking allow on another app).
It is very easy to get hold of the email address, and with the use of automated software relatively easy to crack most passwords being used (check the strength of your password)
The software is equipped with a dictionary of popular passwords and words used, for example 12345678, Fluffy, Ben etc.
This is why using your name, child name, sports team etc. is not a good idea for your password.
One method used by hackers is once they have a password for one service, is to try this on multiple other services. This means as soon as one service is breeched then they could gain access to countless other services you use.
One thing to remember is that if a service provider is compromised, and a hacker has accessed the ‘back end’ and managed to pull off 100’s or 1000’s of details they will most likely post these on the Dark Web for anyone to purchase.
Best Practice for using passwords
Never write them down or record them anywhere (this includes the book that says Password on it or even worse the file on your computer called password)
Never use a password for more than 1 service or site at a time.
Use a randomly generated password. I like using nursery rhythms for this. If you take the first line of Jack and Jill, you could have a password like J&Jwuah2fapow. (Note I don’t use this one)
So that is best practice but for most of use even remembering which rhythm we used for which site would mean we would probably end up hitting the reset password every time we logged in.
So, we all ignore the best practice advice above and
Write them down
Use the same password for multiple (or even all) log on.
Use our pets name and a number and special case character (Probably an exclamation Mark) Fluffy2022!
Some of your team will be using weak passwords, or their passwords will be on a post it notes on their monitor! Look around when no one is in and see who the weak link may be in your IT Security!
What is the answer you ask?
As you can guess implementing a password manager is the answer. Almost all password managers work across all the major platforms (Windows, Macs, iOS and Android).
With this clever piece of software, you will be able to produce truly random passwords. Which can be as long as you want them to be and use number, lower-case and upper-case letters, along with special characters #~$^
The software can also be set up to automatically fill in the details when it comes to the site or service you are trying to connect to.
What is the downside of using this?
You still need a master password to access this, and of course humans being humans the temptation of using a weak (relatively weak) password is still too tempting.
A good password manager will also utilise Multi Factor authentication.
Even with the downside taken into account using a password manager is much better than not using one.
They make live a lot easier for us, whilst keeping us much safer. If you want to know which password manager we use, please contact us.
We’ve been really busy recently with our Education customers. So I thought I would jot down some ramblings of why we’ve been successfully winning contracts.
We don’t treat these Academies, or schools any differently to any of our business clients, we provide the same reliable speedy service regardless of our clients being a school, or any business.
We love working within schools to help teachers use technology to improve the learning outcomes of the pupils.
Multi Academy Trusts like our services we can help in cost reductions.
We can help design a strategy, as well as providing first class support.
We help the Trust to stay on track, by designing a long term plan. Helping them budget for the future.
With this in mind we have been on a bit of a crusade recently, and have grown from 1 school to pushing to 20 schools (at time of writing).
What to do next?
How does this help you, well we are currently looking for even more Schools and Multi academy trusts in Devon and Cornwall who’s currently ICT Support agreement expires in the summer, or before.
A school in Hangzhou, capital of the eastern province of Zhejiang, is reportedly using facial recognition software to monitor pupils and teachers.
Intelligent Classroom Behaviour Management System
The facial recognition software is part of what has been dubbed The “intelligent classroom behaviour management system”. The reason for the use of the system is reported to be to supervise both the students’ learning, and the teachers’ teaching.
How?
The system uses cameras to scan classrooms at Hangzhou No. 11 High School every 30 seconds. These cameras are part of a facial recognition system that is reported to be able to record students’ facial expressions. And categorize them into happy, angry, fearful, confused, or upset.
The system, which acts as a kind of ‘virtual teaching assistant’, is also believed to be able to record students’ actions such as writing, reading, raising a hand, and even sleeping at a desk.
The system also measures levels of attendance by using a database of pupils’ faces and names to check who is in the classroom.
As well as providing the school with added value monitoring of pupils. It may also prove to be a motivator for pupils to modify their behaviour to suit the rules of the school and the expectations of staff.
Teachers Watched Too
In addition to monitoring pupils, the system has also been designed to monitor the performance of teachers in order to provide pointers on how they could improve their classroom technique.
Safety, Security and Privacy
One other reason why these systems are reported to be increasing in popularity in China is to provide greater safety for pupils by recording and deterring violence and questionable practices at Chinese kindergartens.
In terms of privacy and security, the vice principal of the Hangzhou No.11 High School is reported to have said that the privacy of students is protected because the technology doesn’t save images from the classroom, and stores data on a local server rather than on the cloud. Some critics have, however, said that storing images on a local server does not necessarily make them more secure.
Inaccurate?
If the experiences of the facial recognition software that has been used by UK police forces is anything to go by. There may be questions about the accuracy of what the Chinese system records. For example, an investigation by campaign group Big Brother Watch, the UK’s Information Commissioner, Elizabeth Denham, has recently said that the Police could face legal action if concerns over accuracy and privacy with facial recognition systems are not addressed.
What Does This Mean For Your Business?
There are several important aspects to this story. Many UK businesses already use their own internal CCTV systems as a softer way of monitoring and recording staff behaviour. And as a way to modify their behaviour i.e. simply by knowing their being watched. Employees could argue that this is intrusive to an extent, and that a more positive way of getting the right kind of behaviour should (also) have a system that rewards positive / good behaviour and good results.
Using intelligent facial recognition software could clearly have a place in many businesses for monitoring customers / service. It could be used to enhance security. It could also, as in the school example, be used to monitor staff in any number of situations, particularly those where concentration is required and where positive signals need to be displayed to customers. These systems could arguably increase productivity, improve behaviour and reduce hostility / violence in the workplace, and provide a whole new level of information to management that could be used to add value.
However, it could be argued that using these kinds of systems in the workplace could make people feel as though ‘big brother’ is watching them. And could lead to underlying stress, and could have big implications where privacy and security rights are concerned. It remains to be seen how these systems are justified, regulated and deployed in future. And how concerns over accuracy, cost-effectiveness, and personal privacy and security are dealt with.
A new report published by manufacturers’ organisation EEF in partnership with insurance firm AIG and the Royal United Services Institute (RUSI) shows that 48% of UK manufacturers have been subject to a cyber-security incident at some time.
Loss and Disruption
Half of those manufacturing companies who admit to being hit by cyber-criminals have said that the incident(s) caused financial loss or disruption to business.
Challenges
The report highlighted several key challenges that the manufacturing industry faces in making itself less vulnerable to cyber-criminals. These challenges include:
The age of equipment and the networked nature of production facilities. Many industrial systems are up to 20 years old and were developed before cyber threats became a big issue. As a result, poorly protected office systems, often the first implemented historically within manufacturing businesses, are particularly vulnerable. Also, a networked building, such as many manufacturing sites, can be hacked and exploited.
Many manufacturing companies hold a large amount of classified information e.g. intellectual property (IP) and trade secrets, which makes them targets for (for example) financially motivated, state-sponsored hackers.
Having no idea of the nature and size of the risks. 41% of manufacturing companies don’t believe they have access to enough information to assess their true cyber risk, and 12% of manufacturers admit they have no technical or managerial processes in place to even start assessing the real risk.
A lack of basic detection that a cyber attack is taking place / has taken place, and a lack of investment in training i.e. 34% do not offer cyber-security training.
Feeling that they are not equipped to tackle the risk anyway. For example, 45% are not confident they are prepared with the right tools for the job.
A lack of confidence. Although 91% of the 170 UK manufacturing businesses polled are investing in digital technologies, 35% think that cyber vulnerability is inhibiting them from doing so fully.
What Does This Mean For Your Business?
For manufacturing businesses facing the very real threat of sophisticated, multi-level attacks, now is not the time to be left with a vulnerable outdated system. Advice from the report includes following the advice of the Government backed ‘Cyber Essentials’ scheme. This includes the 5 security essentials of using a firewall to secure your Internet connection, choosing the most secure settings for your devices and software, controlling who has access to your data and services, protecting yourself from viruses and other malware by using antivirus software, only downloading apps from manufacturer-approved stores, or running apps and programs in an isolated environment, and continually ensuring that operating systems and software are up-to-date and running the latest security patches.
Clearly, manufacturing companies with old systems may need to bite the bullet and invest in more modern, digitised, and well-protected systems. The report also indicates that greater investment in staff training is needed to help them spot and deal with risks, and to avoid the kind of human error that is needed in many modern cyber-attacks e.g. malware / viruses sent by email, phishing, and other social engineering attacks.
Another opportunity for manufacturing companies to boost cyber-security could also come from cyber-insurance. For example, many cyber insurers offer a comprehensive package of pre-loss services to businesses to carry out a cyber health check which could help to highlight gaps in cyber risk management and help identify what security measures should be prioritised.
The latest attacker behaviour industry report by automated threat management firm Vectra shows that UK higher education institutions are now prime targets for illicit cryptocurrency mining, also known as ‘cryptojacking’.
Cryptocurrency Mining
‘Cryptocurrency mining’ involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the web page visitor or often the website owner. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency – hence mining for crypto-currency.
Taking Coin Hive as an example, this crypto-currency mining software is written in Javascript, and sends any coins mined by the browser to the owner of the web site. If you visit a website where it is being used (embedded in the web page), you may notice that power consumption and CPU usage on your browser will increase, and your computer will start to lag and become unresponsive. These slowing, lagging symptoms will end when you leave the web page.
Why Target Universities?
According to Vectra report, the UK’s universities are being targeted by cryptojackers because they have high bandwidth capacity networks, and they host many students on their networks who are not protected. This makes them ideal cyber-crime campaign command and control operations centres.
This means that students who are using the bandwidth e.g. to watch movies online could unwittingly be giving cyber criminals access to computing resources in the background by using websites that host cryptojacking malware.
It is also believed to be possible that the relative anonymity and power of the computing resources at universities are enabling a small number of students to tap into them, and carry out illicit cryptocurrency mining activities of their own.
Other Targets
Higher education institutions are, of course, not the only main targets. The report highlights the entertainment and leisure sector (6%), financial services (3%), technology (3%) and healthcare (2%) as also being targets for cryptojackers. The effects of being targeted by cryptojackers can be increased power consumption and a reduction in hardware lifespans.
What Does This Mean For Your Business?
For higher education institutions, they can only issue notices to students they detect cryptomining, and / or issue a cease and desist order. They can also provide assistance in cleaning computers, and try to advise students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads. These measures, however, don’t go far enough to address the challenge of better detection, and / or stopping cryptomining from happening in the first place.
Businesses are also struggling to keep up with the increasingly sophisticated activities of cryptojackers and other cyber-criminals, particularly with a global shortage of skilled cyber-security professionals to handle detection and response. In the meantime, the answer for many enterprise organisations has been the deployment of artificial intelligence-based security analytics. Where cryptojacking is concerned, AI is proving to be essential to augmenting existing cyber-security teams to enable fast detection and a response to threats.
The increased CPU usage and slowing down of computers caused by mining scripts waste time and money for businesses. If using AI security techniques are beyond your current budget and level of technical expertise, you may be pleased to know that there are some more simple measures that your business can take to avoid being exploited as part of a cryptojacking scam.
If, for example, you are using an ad blocker on your computer, you can set it to block one specific JavaScript URL which is https://coinhive.com/lib/miner.min.js . This will stop the miner from running without stopping you from using any of the websites that you normally visit.
Also, a dedicated browser extension called ‘No Coin’ is available for Chrome, Firefox and Opera. This will stop the Coin Hive mining code being used through your browser. This extension comes with a white-list and an option to pause the extension should you wish to do so.
Coin Hive’s developers have also said that they would like people to report any malicious use of Coin Hive to them.
Maintaining vigilance for unusual computer symptoms, keeping security patches updated, and raising awareness within your company of current scams and what to do to prevent them, are just some of the ways that you could maintain a basic level of protection for your business.
The latest McAfee Labs threat report shows that in the last quarter of 2017, organisations faced 8 new cyber threats a second as there was an 18% increase in the number of reported security incidents across Europe.
478 New Cyber Threats Every Minute
The report makes worrying reading as businesses and organisations try to secure their online and data security systems in preparation for the introduction of GDPR.
The McAfee Labs report shows an 18% increase in the number of reported security incidents across Europe with a specific focus the on adoption of newer tools and schemes, such as fileless malware, cryptocurrency mining and steganography.
Cytptocurrency Mining
The rocketing value of the cryptocurrency Bitcoin led to a big increase in cryptocurrency mining / cryptojacking in the last quarter of 2017. For example, cryptojacking involves installing ‘mining script’ code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.
Also, at the end of 2017, ransomware operators were found to be hijacking Bitcoin and Monero wallets using Android apps developed exclusively for the purpose of cryptocurrency mining. Many criminals appear to have favoured Litecoin over Bitcoin because there was a lesser chance of exposure.
Fileless Malware Attacks
Another trend uncovered by the McAfee Labs threat report was the adoption of fileless malware and abusing Microsoft PowerShell, which showed a 432% surge over the course of 2017.
Fileless malware involves hijacking tools that are already built-in to Windows rather than installing software on a victim’s computer. It is designed to work in-memory (in the computer’s RAM) and is, therefore, very resistant to existing anti-computer forensic strategies, and is difficult to detect.
The MacAfee report showed a huge 267% growth in the use of the new PowerShell malware. Powershell is a legitimate tool (scripting language) that is built-in to Windows, and provides access to a machine’s inner core, including Windows APIs. This is why it has become a favoured route for fileless malware attacks.
Increase In Attacks On Healthcare
One other disappointing trend uncovered in the McAfee Labs threat report is the dramatic 210% overall increase in incidents against healthcare organisations in 2017. It is believed that these attacks were facilitated by organisational failures to comply with security best practices, or to address many known vulnerabilities in medical software.
What Does This Mean For Your Business?
The report highlights how businesses now face risks on an unprecedented scale, and how, particularly with GDPR on the way, businesses need to prioritise cyber and data security. A collaborative and liberalised information-sharing approach should be taken to improve attack defences and combat escalating asymmetrical cyber warfare.
Cyber-criminals always try to combine the highest returns in the shortest time with the least risk. This is why tactics like cryptojacking, stealthy fileless PowerShell attacks, and attacks on soft targets such as hospitals have become so popular over the last year.
New threats for this year, such as cyber-criminals developing botnets exploiting the Internet of Things (IoT) will pose more challenges to businesses and the security industry.
Recent Comments