Limbtec Limited > Blog > Windows

This blog category contains information about Windows, of all flavours both desktops and servers.

Are Your Business Tools Ticking Time Bombs For A Cyber-Attack?

30th August 2023
Are Your Business Tools Ticking Time Bombs For A Cyber-Attack?

In June a popular file-sharing software amongst big-name companies likes Shell, Siemens Energy, Sony, several large law firms, a number of US federal agencies such as the Department of Health and more was hacked by Russia-linked cybercrime group Cl0p. Security Magazine reported that, to date, there are 138 known companies impacted by the breach, resulting in the personal information of more than 15 million people being compromised. More are expected to emerge as the investigation continues.

If you’re reading that list of company names thinking, “I’m just a small business compared to these big guys – that won’t happen to me,” we’ve got news for you. Many of these companies have cyber security budgets in the millions, and it still happened to them, not because they were ignoring the importance of cyber security, but because of a piece of software they use to run their business.

Progress Software’s MOVEit, ironically advertised as a tool you can use to “securely share files across the enterprise and globally,” “reduce the risk of data loss” and “assure regulatory compliance,” was exploited by a tactic called a zero-day attack. This occurs when there is a flaw in the application that creates a gap in security and has no available patch or defense because the software maker doesn’t know it exists. Cybercriminals quickly release malware to exploit the vulnerability before the software maker can patch it, essentially giving them “zero days” to respond.

These attacks are dangerous because they are difficult to prevent and can quickly and easily ruin smaller businesses.

Depending on the organization’s motives, the stolen data can be deleted, held for ransom or sold on the dark web. Or, if you are lucky enough to recover your data, you might still end up paying out thousands or more in fines and lawsuits, losing money from downtime and coming out on the other end with a damaged reputation that causes clients to leave anyway. In MOVEit’s case, the cybercrime agency Cl0p has claimed on their website that their motivation is purely financial and has allegedly deleted data obtained from government agencies as they were not the intended targets.

What does this mean for small businesses?

For starters, it underlines the harsh reality that cyber security isn’t just the concern of big businesses and government agencies. In fact, small businesses can be more vulnerable to cyber-attacks, as they often dedicate fewer resources to protection.

It also means that even if your organization is secure, the third-party vendors you work with and the tools you choose to use in your business still pose potential risks. Most of MOVEit’s customers that were affected likely had strong cyber security measures in place. Even though it was no direct fault of their own, at the end of the day, those companies still must go back to their clients, disclose what happened and take the verbal, legal and financial beating that comes with a data breach.

The MOVEit hack serves as a grim reminder of the critical importance of cyber security for businesses of all sizes.In the face of an increasingly sophisticated and fast-moving cyberthreat landscape, businesses cannot afford to ignore these risks. Cyber security must be an ongoing effort, involving regular assessments, updates, monitoring, training and more. As this terrible incident shows, a single vulnerability can lead to a catastrophic breach with severe implications for the business and its customers.

In the digital age, cyber security isn’t just a technical issue – it’s a business imperative.

If you have ANY concerns about your own business or simply want to have a second set of eyes examine your network for vulnerabilities, we offer a FREE Cyber Security Risk Assessment. Click here to schedule a quick consultation to discuss your current situation and get an assessment on the schedule.

Read more

Risk of NOT updating your hardware

25th August 2023
When is the time to upgrade?

I will start this post, by knowing we all want to have our cake and eat it, including the cherry on the top! And whilst this might make us sick, if we do the same with the computer hardware in our business, it may even cost us our businesses.

All hardware has a lifespan, this is measured by something called ‘Mean Time Between Failures (MTBF)’ This is the time that any given hardware component may fail at. And this has improved over the years, but even so if you have your business running on a server do you want to risk losing this?

So how long is sensible

When we scope a server, we suggest this is replaced every 5 years, this is based on the MTBF above, but also we scope the growth of the data your business will generate in the 5 years. This will also make sure that your server operating system remains within the support phase by the vendor. We recommend this is never pushed out, because if the server does die, you will be facing a bigger bill to get it back up and working properly and that is if you have a full back up. It is likely that you won’t have access to this for several days!

So just how much would you lose over those couple of days, £5,000, £10,000 more? Is it worth the risk?

Desktops & Laptops

You might have more lee-way with these, if a single computer goes down at least others can work, so the loss might not be as bad. Here at Limbtec the tec’s laptops are looked as disposalable, they are used on site, and you never know when something weird may happen, that was something we decided on many years ago, this may not be for you, but it does suit how we use them.

And that is the important part, is looking at how you will use them, and how long you expect them to last

The business part of this

Your accountant will want to write all this down over 3 years, as mentioned above our laptops issued to tec’s are treated a disposable, so they aren’t written down over any period of time, they are just an expense. our desktops, and other network equipment will be over 3 years, our server are also over 3 years, but potentionally you could say 5 years, specially if you purchase them on a lease!

Then you have compliance

Then you have complaince, and by this in the UK this is mainly GDPR, which states all software needs to be supported this isn’t just the operating system, but also the firmware and any software running on the server.

Read more

What is Zero-Click Malware?

16th August 2023

How Do You Fight It?  

Zero Click Malware

In today’s digital landscape, cybersecurity threats continue to evolve. They pose significant risks to individuals and organizations alike. One such threat gaining prominence is zero-click malware. This insidious form of malware requires no user interaction. It can silently compromise devices and networks.

One example of this type of attack happened due to a missed call. That’s right, the victim didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a zero-day exploit enabled it. The missed call triggered a spyware injection into a resource in the device’s software.

A more recent threat is a new zero-click hack targeting iOS users. This attack initiates when the user receives a message via iMessage. They don’t even need to interact with the message of the malicious code to execute. That code allows a total device takeover.

Below, we will delve into what zero-click malware is. We’ll also explore effective strategies to combat this growing menace.

Understanding Zero-Click Malware

Zero-click malware refers to malicious software that can do a specific thing. It can exploit vulnerabilities in an app or system with no interaction from the user. It is unlike traditional malware that requires users to click on a link or download a file.

Zero-click malware operates in the background, often unbeknownst to the victim. It can infiltrate devices through various attack vectors. These include malicious websites, compromised networks, or even legitimate applications with security loopholes.

The Dangers of Zero-Click Malware

Zero-click malware presents a significant threat. This is due to its stealthy nature and ability to bypass security measures. Once it infects a device, it can execute a range of malicious activities.

These include:

  • Data theft
  • Remote control
  • Cryptocurrency mining
  • Spyware
  • Ransomware
  • Turning devices into botnets for launching attacks

This type of malware can affect individuals, businesses, and even critical infrastructure. Attacks can lead to financial losses, data breaches, and reputational damage.

Fighting Zero-Click Malware

To protect against zero-click malware, it is crucial to adopt two things. A proactive and multi-layered approach to cybersecurity. Here are some essential strategies to consider:

Keep Software Up to Date

Regularly update software, including operating systems, applications, and security patches. This is vital in preventing zero-click malware attacks. Software updates often contain bug fixes and security enhancements. These things address vulnerabilities targeted by malware developers. Enabling automatic updates can streamline this process and ensure devices remain protected.

Put in Place Robust Endpoint Protection

Deploying comprehensive endpoint protection solutions can help detect and block zero-click malware. Use advanced antivirus software, firewalls, and intrusion detection systems. They establish many layers of defense. These solutions should be regularly updated. This ensures the latest threat intelligence to stay ahead of emerging malware variants.

Use Network Segmentation

Segment networks into distinct zones. Base these on user roles, device types, or sensitivity levels. This adds an extra layer of protection against zero-click malware. Isolate critical systems and install strict access controls to limit the damage. These help to mitigate lateral movement of malware and its potential harm.

Educate Users

Human error remains a significant factor in successful malware attacks. A full 88% of data breaches are the result of human error.

Educate users about the risks of zero-click malware and promote good cybersecurity practices. This is crucial. Encourage strong password management. As well as caution when opening email attachments or clicking on unfamiliar links. Support regular training on identifying phishing attempts.

Use Behavioral Analytics and AI

Leverage advanced technologies like behavioral analytics and artificial intelligence. These can help identify anomalous activities that may indicate zero-click malware. These solutions detect patterns, anomalies, and suspicious behavior. This allows for early detection and proactive mitigation.

Conduct Regular Vulnerability Assessments

Perform routine vulnerability assessments and penetration testing. This can help identify weaknesses in systems and applications. Weaknesses that enable an exploit by zero-click malware. Address these vulnerabilities promptly through patching or other remediation measures. These actions can significantly reduce the attack surface.

Uninstall Unneeded Applications

The more applications on a device, the more vulnerabilities it has. Many users download apps then rarely use them. Yet they remain on their device, vulnerable to an attack. They are also more likely to lack updates.

Have employees or your IT team remove unneeded apps on all company devices. This will reduce the potential vulnerabilities to your network.

Only Download Apps from Official App Stores

Be careful where you download apps. You should only download from official app stores. Even when you do, check the reviews and comments. Malicious apps can sometimes slip through the security controls before they’re discovered.

Get the Technology Facts from a Trusted Pro

Zero-click malware continues to evolve and pose severe threats to individuals and organizations. It is crucial to remain vigilant and take proactive steps to combat this menace. Need help with a layered security solution?

Give us a call today to schedule a cybersecurity risk assessment.

Article used with permission from The Technology Press.

Read more

Privacy alert: Change this setting in Edge, now

10th July 2023
A setting to change in edge

Don’t be mistaken, we love Microsoft Edge (and think you will too), but lately, something has come to our attention that we wanted to share.

It’s always a good idea to be aware of what your browser is doing behind the scenes. And there’s an Edge setting that you might be interested to learn about. It’s one that sends the images you view online to Microsoft.

While this might not seem like a big deal on the surface – it’s done to enhance the images – some business owners might be concerned about the privacy implications. After all, you never know who might be looking at your browsing history.

The good news is that it’s easy to disable this setting if you’re concerned about it. Here’s how:

  1. Open Microsoft Edge and click on the three dots (“More actions”) in the upper-right corner of the screen
  2. Select “Settings” from the drop-down menu
  3. Scroll down and click on “Privacy, search, and services”
  4. Under the “Services” section, turn off the toggle switch next to “Improve your web experience by allowing Microsoft to use information about websites you browse to improve search suggestions, or to show you more relevant advertising”

That’s it! With just a few clicks, you’ve disabled the feature that sends images to Microsoft.

Of course, there are other settings in Edge that you might want to explore as well. Like the ones that control your data collection preferences, or the ones that limit pop-ups and redirects.

Why should you take a few minutes to check out your browser settings? Well, for one thing, it can help protect your privacy and security online. By being aware of what your browser is doing, you can make informed decisions about what data to share (and what to keep private).

Plus, exploring your browser settings can be a fun and educational experience in its own right. You might discover new features or hidden gems you never knew existed.

And don’t worry, you don’t have to be a tech expert to understand these settings. In fact, Microsoft has done a great job of making them simple and straightforward, with clear explanations and helpful tips along the way.

If you ever get stuck, our team is happy to help. Get in touch.

Read more

Here’s how cyber criminals try to hack your accounts while you sleep

5th June 2023
How cyber criminals may hack your MFA

Have you ever felt frustrated by the flood of notifications from your multi-factor authentication (MFA) app?

Well, cyber criminals have too. And they’re taking advantage of “MFA fatigue” to try to gain access to your sensitive business data.

MFA is essential for keeping your data secure. It adds an extra layer of security to your apps and accounts by asking you to verify your identity in two or more ways, such as a password and a code sent to your phone.

The constant alerts can be overwhelming though.

Attackers know this and will bombard employees – sometimes in the middle of the night – with a constant stream of MFA notifications. Which makes it more likely someone will authenticate a login attempt through frustration, tiredness, or just to get the notifications to stop.

But now there’s a new weapon in the fight against MFA fatigue.

Microsoft Authenticator has introduced number matching as a way of making sure your MFA notification is from the correct login attempt, preventing cyber criminals from taking advantage of notification fatigue.

How does number matching work?

When you receive an MFA notification, the app will display a randomly generated number. You then need to input this number to authenticate the login attempt and prove you’re not a cyber criminal trying to access your business data.

That’s not all. Microsoft Authenticator also allows for biometric authentication, which means you can use your face, fingerprint, or other unique physical features to prove your identity and combat the threat of MFA fatigue attacks.

With these security measures in place, your business can stay ahead of cyber criminals and keep your sensitive data better protected.

If you already use Microsoft Authenticator, number matching is ready to use. Simply make sure your app is up-to-date, and you’ll be protected.

If you use another MFA system and want to look at how to make your security better or easier, we can help. Get in touch.

Published with permission from Your Tech Updates.

Read more

Microsoft hints at some exciting Windows 12 developments

31st May 2023
Windows 12 is in development

We’re fickle creatures.

Windows 11 still feels like a new toy, yet we’ve already heard (reliable) speculation about Windows 12 arriving as soon as next year. And now it’s all we can think about!

What will it look like?

What improvements will we see?

Will there be new features?

We can’t answer these questions with certainty just yet, but there are whispers of new features that could be big news for businesses.

Three in particular have got us excited.

First (and probably most obvious) is the inclusion of more AI functionality. From automation to chatbots, AI has exploded in recent months. It just makes sense that Microsoft will harness this power to bring us a more impressive operating system.

We’re likely to see better AI analysis of our content, and prompts to help us begin projects or choose apps to help get things done. It will also help us speed up what we’re doing with improved intuition for what we’ll do next.

We do know that Microsoft wants to bring us faster updates and better security.

It’s likely things will be split into different sections rather than having the entire OS as a single entity as it stands today. That means updates to different elements will be able to run in the background while you continue to work, and different people may be granted access to each partition for improved security.

Microsoft also intends to make the Windows 12 experience more modular. The benefit of creating different components in this way is that higher-powered devices will get the maximum Windows experience, while lower-powered devices will still be able to do everything they need, running the Edge browser, Office tools, or web apps, for instance.

Some of these features may be reliant on dedicated hardware and upgraded equipment and we’re waiting for more announcements on that. As soon as we hear, you’ll be the first to know!

If you haven’t yet made the move to Windows 11, now’s a good time. Get in touch if you need any help or advice.

Published with permission from Your Tech Updates.

Read more

The final curtain call for Windows 10: What you need to know

30th May 2023
Windows 10, the final curtain call

Microsoft has announced that the current version of Windows 10, released in 2022, will be its final release.

If you’re currently using Windows 10, you might wonder what this means for your day-to-day operations.

The good news is that your computers won’t suddenly stop working. Nor will the current updates and security patches for Windows 10 disappear anytime soon.

However, you may want to consider upgrading to Windows 11 sooner rather than later. Microsoft has made it clear that it will be devoting all its attention to the new operating system from now on, so future developments and innovation will be focused on Windows 11.

Upgrading can be a daunting task, but moving to Windows 11 has so many benefits:

Enhanced performance

Windows 11 has been designed to maximise efficiency and performance across all types of devices, making it a no-brainer for businesses looking for faster and more efficient technology.

Improved user experience

The interface has been updated with a more modern look, making it easier to navigate and customise.

Increased security

Windows 11 comes with Microsoft’s most advanced security features, making it harder for cyber criminals to breach your system.

Better integration with cloud services

Windows 11 gives you access to a range of cloud-based services, making it easier to collaborate with other team members and enhance your business’ productivity.

If you’re still hesitant about upgrading, keep in mind that Microsoft will eventually stop releasing security updates for Windows 10. We’re expecting it to be in late 2025. This means staying with Windows 10 for too long could put your business at risk of security threats.

The sooner you upgrade, the better your protection against these threats, and the more significant the benefits you’ll be able to reap from Windows 11.

Like any big project, making the move to Windows 11 needs to be planned and implemented properly. Your hardware needs to meet certain requirements and, of course, you’ll need to make sure it’s done without affecting day to day operations.

If you’d like help making the transition with as little disruption as possible, get in touch.

Published with permission from Your Tech Updates.

Read more

Windows 11 optional update: Why it’s better to wait

22nd May 2023

Microsoft has just announced an option for people to trial new features before their general release in Windows 11.

This isn’t about fixes to security flaws – everyone gets those at the same time.

This is an opportunity for businesses to jump the queue to receive new features and updates first.

Sound exciting?

Yes!

Worth the risk?

Not quite.

Our advice?

Patience is a virtue!

Sure, it may be tempting to give in to the tantalising prospect of new features… nobody ever wants to wait. But jumping aboard any trial phase comes with risks.

Bugs, errors, and other stumbling blocks could have a significant impact on your operations, potentially causing chaos in your daily workflow.

Waiting until features have completed a thorough trial process gives you the advantage of other people’s experience. They’ve already dealt with the complexities so, by the time you get the new features, they’ll be polished and dependable. And isn’t that more important for the smooth running of your business?

Trust us, the safe road is the smart road, especially when your business systems are involved. The benefits of being an early adopter may seem enticing, but you don’t want to end up being the guinea pig.

Remember the old adage… good things come to those who wait!

We’re all for keeping up with the latest technology and software updates, but there is a time to exercise caution, and this is one of those times. Don’t be tempted by the shiny new features.

  • Be patient
  • Stay safe
  • And ensure that when the time comes, you’re getting something that’s proven to work

Microsoft already has a lot of (tested and approved) features that can boost productivity and make your work processes smoother. We spend a lot of time helping businesses find the right ones for them. If we can do the same for you, get in touch.

Read more

10 Common Tech Problems Plymouth Businesses Are Eliminating From Their Business Forever

9th May 2023

They say, “You get what you tolerate” and now more than ever, we’ve been conditioned to tolerate worse service at higher prices. Companies get a ‘free pass’ simply by saying phrases like “the labour shortage,” “because COVID,” or “inflation.”

But it doesn’t have to be that way.

While you may be able to still do business even with some less-than-stellar vendors in some areas, if all your computers were to suddenly stop working, your network go down, your files gone, chances are you’d be dead in the water.

Your business depends on technology, and you need to make sure everything is up and running RIGHT and you’re protected ALL the time.

Here’s a list of ten common problems, complaints and just downright failures in service we hear of all the time…and I’ll show you how to eliminate them in your business.

  1. When you call your IT company, your message goes to voicemail and you’re stuck waiting hours (or even days) for a call back so your problem gets resolved.
  2. You often must reach out multiple times to get a problem resolved and you need to check back to see what the status is and get a timeframe.
  3. Your IT company doesn’t proactively monitor, patch and update your computer network’s critical security settings daily (or at least weekly) leaving your entire business vulnerable to attacks.  
  4. Your IT company doesn’t offer proof that they are backing up ALL your data, laptops and devices.
  5. Your IT company doesn’t meet with you regularly (at least once a quarter) to report what they’ve been doing, review projects and offer new ways to improve your network’s performance instead of waiting until you have a problem to make recommendations.
  6. Your IT company doesn’t provide detailed invoices that clearly explain what you are paying for.
  7. Your IT company doesn’t explain what they are doing and answer your questions in terms that you can understand, NOT in “geek speak” and they don’t routinely ask if there’s anything else they can help with, no matter how small.
  8. Your IT company doesn’t proactively discuss cybersecurity with you or make recommendations for protecting your network from ransomware and offer employee training videos, so they don’t fall victim to a scam.
  9. Your IT company hasn’t provided you complete network documentation, and they hold the “keys to the kingdom” refusing to give you admin passwords so you’re totally helpless if something goes wrong and you can’t get a hold of them.
  10. Techs arrive late and dressed like they just got out of bed, and you cringe every time you need to make that call because they’ll make you feel dumb or like they are ‘doing you a favor’ even though you’re paying them!

If you’re tolerating any of these common problems, know that you don’t have to! You could be paying for substandard support and worse, not be keeping your company protected.

This could jeopardize your data and your network’s security and cost you thousands in lost productivity because you and your employees are spending time dealing with problems that shouldn’t exist.

If that’s the case, then it’s time you see what else is out there and make sure you’re getting what you pay for.

To schedule a free 10-minute discovery call to see how we can get rid of your tech issues, go to https://limbtec.com/book-a-call

Read more

What is AI?

16th March 2023
Let's start talking about AI

The whole world is suddenly talking about Artificial Intelligence.

From Alexa in your kitchen, to Siri on your phone, AI is already all around us, but new names like ChatGPT, Dall-E, Jasper and more feel like they’ve blown up the internet.

These new concepts take things WAY further, helping us to write articles, search the web with natural conversation, generate images, create code, and introduce new ways to make our daily lives even easier.

But emerging technology nearly always launches in a blizzard of geek-speak before it settles into everyday life. Early PC users might remember the ‘DOS prompt’. And when did you ever have to ‘defrag’ your phone?

Experts believe that these new AI tools will become the building blocks of a whole new world of tech, redefining the way we interact with computers and machines.

So let’s help you decode some of the terms you’ll hear this year.

Chatbot Starting with the basics, a chatbot is an app that mimics human-to-human contact. Just type or speak normally, and the chatbot will respond the same way. ChatGPT is a chatbot. If you haven’t tried it out yet, give it a go.

Deep learning This is the technique that’s used to imitate the human brain, by learning from data. Current search tools and systems use pre-programmed algorithms to respond to requests. AI tools are trained on concepts and conversations in the real-world, and learn as they go to provide human-like responses.

Machine intelligence The umbrella term for machine learning, deep learning, and conventional algorithms. “Will machine intelligence surpass human ingenuity?”

Natural Language Understanding (NLU) helps machines understand the meaning of what we say, even if we make grammatical errors or speak with different regional accents.

Weak AI is the most common form of AI in use right now. Weak AI is non-sentient and typically focuses on a single or small range of activities – for instance writing, or repurposing video content. Strong AI, on the other hand has the goal of producing systems that are as intelligent and skilled as the human mind. Just not yet.

This is just the tip of the iceberg, but trust us – you’re going to be hearing a lot more about AI in the months and years to come.

If you’d like more help to understand how AI might form part of your business, just get in touch.

Published with permission from Your Tech Updates.

Read more
Recent Comments