So this week (5th October) Microsoft launched Windows 11.

As with previous Microsoft Operating System releases, Microsoft has stated that some Users will be able to upgrade for FREE. This is for a limited period (believed to be 12 months), if they are already running Windows 10. You are probably asking yourself the question should you upgrade to Windows 11?

It sounds good doesn’t it? Upgrade for FREE to the latest Operating System. Thank you Microsoft! Queue the CTO Switchboard lighting up!

But as the saying goes – There ain’t no such thing as a free lunch – or rather things that appear to be free will always have some hidden or implicit cost to someone, even if it is not the individual receiving the benefit.

What do I mean?

Well there are several factors I would urge Users to consider before taking the plunge:-

  • Windows 10 Pro, which is a nice solid and stable Operating System does not go End of Life until October 2025. With this mind, do you really want to migrate to Windows 11 which has only just been released and that, no doubt, will have various foibles that are yet to be discovered? Let’s draw an analogy with the release of a new model of motor vehicle. It’s a well-known fact (or urban myth) that motorists tend to buy a new model of car once the first version has been thoroughly vetted. If there are any issues then these have been fully ironed out by the manufacture. I would take the same approach to Windows 11 and particularly bearing in mind Microsoft’s track record with the disastrous Windows Vista and Windows 8 releases, which were not ready for market.
  • Whilst the hardware requirements are not too challenging to run Windows 11, Microsoft has specifically stipulated that computers must have an additional security feature called Trusted Platform Module (TPM). Basically, TPM supplies a unique code called a cryptographic key when you turn on your computer. If everything is normal, the drive encryption is unlocked and your computer starts up. If there’s a problem with the key—perhaps a hacker stole your laptop and tried to tamper with the encrypted drive inside—your PC won’t boot up. Finding out whether your PC uses TPM isn’t straightforward, plus in all likelihood, if your computer is over five years old, it probably doesn’t have TPM. With that in mind, your free Windows 11 upgrade may turn into the need to purchase a new machine at additional cost to get the latest OS.
  • Is Windows 11 compatible with Line of Business software you use everyday for example, Sage, AutoCAD, Solidworks and Adobe? For example, the latest Sage 50 Accounts v27 system requirements (updated on 7 October 2021 at time of writing) makes no reference as to whether their software is supported in Windows 11. Most Users spend the majority of their time in the key application related to their job. In this respect the Operating System is pretty irrelevant. I spend most of my day in M365 and AutoTask, and the Operating System has very little, if no, bearing on whether I can write a Word document, analyse an Excel spreadsheet, design slides in PowerPoint or log a service ticket in AutoTask.
  • Look before you leap as going back to Windows 10 could be time-consuming. Okay, so you’ve decided to upgrade to Windows 11. But after using it for a few days you’ve decided you don’t want to continue. Microsoft have basically put in place a ‘grace period’ of 10 days. After this time, you’ll have to back up your files and programs and do a completely fresh Windows 10 installation. This is if you want to go back. 10 days can pass in a flash and then the way to back Windows 10 will be inconvenient and time consuming.Windows 11

Don’t get me wrong, I am not anti-Windows 11. The new Operating System has some excellent features including a New Start Menu, better Widgets, improved Snap and enhanced App store. But what I am saying is you need to consider all the implications before making a move, and CTO can help you in assessing this.

If fact, don’t upgrade immediately unless you really fancy trying it out and have a spare laptop lying around. It’s true Microsoft’s updates to Windows have become a lot better over the past few years. But we wouldn’t be surprised if there were some teething problems initially, especially with older computers. Also those with specialist hardware and software that might not yet work properly with the latest OS.

Many thanks

Richard

Inside the mind of a hacker

I recently reviewed some information from our backup and replication partner – Veeam – in their document 5 Ransomware Protection Best Practices,  which I thought provided a very useful to really get inside the mind of a hacker. The below passage should leave no-one in doubt as to the skillset and seriousness of the threat actors out there.

As a threat actor, I lurk in the shadows and patiently observe you to identify which systems are in use, if multiple environments are used, who’s using them and where potential access points are. The easiest way for me to enter your organization is if I can get help from the inside, by gaining unmarked, legitimate and active access credentials. To do this, I identify potential human targets that can supply me with a door to those access credentials, without actually needing to know the credentials themselves.

After I identify potential entry points, I start off with a (spear) phishing attack, because I just need one person in the organization to click that link and let my malware in. As soon as the malware feels comfortable and settled, I’m notified on my cloud-based webserver that remote access was successfully established.

Then, it’s time to use my fingerprinting tools to uncover hidden vulnerabilities, unpatched systems and open ports. Before I move forward, I’ll protect my access by setting up a redundant and highly available base of operations.

At this point, it’s too early in the process to make myself known, so I have to remain in stealth mode for now. I use my administrative console to quietly observe your online activity and plan my next course of action. After a few weeks or months of incubation (i.e., dwell time), it’s now safe to continue my journey. Now I’ll go for highvalue targets, like highly privileged accounts, organizational data caches and backup repositories.

Before you detect me, I will make sure to use orchestration and automation techniques to deploy the necessary tools, ransomware and management  agents to all the machines at my disposal. This way I can respond quickly and at the right moment to fulfil my plan. Then, I will remove or disable your AV measures, routines will be altered, important documents will be deleted or blanked and backups will be purged or encrypted.

Now I’ll wait for an opportunity where I’m least likely to be discovered, often a Friday evening or a long weekend. I’ll need the encryption process to execute this thoroughly and without interruption.

I now hold the encryption key that controls whether or not you can recover from this ransomware attack. If I did my job successfully, I’ve removed any timely recovery possibilities to restore your operations to normal. But don’t be sad! Your data isn’t lost! I’ll make sure the payment process and speedy recovery of your data is as smooth as possible. I’ll even give you samples of your files on request as proof. It’s not personal, it’s just business (Including Ransomware as a Service)!

Systematic, sustained and patient – if you are not concerned about the ability of these people, then you should be!

And you should be talking to CTO about how to protect yourself from a ransomware attack through solutions and processes we can recommend.

Thanks

Richard

Source: 5 Ransomware Protection Best Practices – Veeam’s definitive guide to data protection – 2021.

Too Small to Target? Nope!

Obviously, I tend to post a lot of content focusing on research from vendors with whom we partner and trust like FortinetTrend Micro,, Datto, Inc.Veeam Software and Microsoft.

But that does not mean I am blind to research from a whole host of sources. In fact, in the most recent Comms Dealer trade press, they reference findings from two separate vendors, which is worth knowing.

Focus on SMBs

Firstly, Acronis report CYBER criminals are narrowing their focus on SMBs according to their Cyber Report mid-year update. Despite the perception they are too small to target, SMBs are increasingly vulnerable due to supply chain attacks and greater use of automation by ransomware groups.

The report says that during the first half of 2021, 4-out-of-5 organisations experienced a cybersecurity breach originating from a vulnerability in their third party vendor ecosystem.

TargetMonthly risk ratio

Secondly, Avast report UK BUSINESSES are facing a monthly risk ratio of 11% of getting attacked by any type of PC malware. Avast’s latest Global Risk Report shows the overall chance of business users encountering a cyber threat has increased worldwide year over year by 24%, from 11.25% to 13.9%. The catalyst for this is clearly the pandemic as businesses moved on-mass to working from home at short notice in 2020.

So, if you are an SMB with a workforce/key workers operating from home, it is worth reviewing your security posture to make sure you are protected from the negative effects of the ‘too small to target’ misconception.

Don’t leave your cybersecurity to chance!

Best regards

Richard

The Ultimate Disaster Recovery Checklist

Just this week a business near to us (but not a client) suffered an intense fire, which effectively burnt their premises to the ground. They are now in the perilous position of having to recover data, but the location of that data is uncertain and access to what’s left of the building is prevented for safety reasons.  As a result, I thought it would be worth publishing the below content including Disaster Recovery and Business Continuity for the benefit of our clients (and prospective clients) to avoid the crippling effects of a disaster.

STAY ONE STEP AHEAD OF POTENTIAL DISASTERS

Prepare yourself before disaster strikes. When it comes to data backup and disaster recovery (BDR), being prepared for potential disasters is key to keep your business running. It’s not only important to have a disaster recovery solution you trust, but to make sure you test it as well.

Prior to a disaster ever occurring (and unfortunately it’s a matter of when and not if) ask yourself the following:
  • Do you have a disaster recovery solution in place?
  • Do you trust it?
  • When was the last time your backup was tested?
  • How long does it take to recover from your current backup solution?
  • How long can you realistically be down? 1 hour? 1 day?
  • What is the financial cost of downtime to your business?
  • When a disaster occurs, is there an offsite copy?
The disaster moment has occurred—time to walk through the following steps:

1. Assess the problem and its impact on your business

Every disaster is different. Before doing anything, understand the underlying issue and how it may affect you.

  • Is the issue local to one machine, or does it affect your entire system?
  • Have files been deleted or are servers/workstations down?

2. Establish recovery goals

Recovery is what makes a BDR solution different from a simple backup product. Plan out your road to recovery.

  • Restore the system, the data, or both? Should time be spent recovering files and folders before system recovery?
  • Identify critical systems and prioritise recovery tasks.
  • What date/time should you recover from?
  • How long can your recovery take?

3. Select the appropriate recovery type(s)

To get to your “road to recovery”, the appropriate recovery procedure must be followed. Think about which approach will best get you to your end goal.

  • File restore. OR
  • Local virtualisation. OR
  • Off-site virtualisation.

4. Verify the recovery and confirm functionality with users

Once a recovery is verified, confirm that it interacts positively with users.

  • Test network connectivity.
  • Ensure all users can access resources and applications in the virtual
    environment.

5. Restore the original system(s), if needed

If the original system(s) needs to be restored, decide which restoration process will work best.

  • Bare metal restore. OR
  • Virtual machine restore.

6. Self-assess afterwards

After it’s all said and done, take a step back and think about it: How well did your team do? What could you have done differently?

  • What precipitated the failure?
  • What ongoing issues need to addressed?
  • What can be done better in future DR scenarios?

It sounds a bit technical doesn’t it? In that case, get in touch with CTO, Managed IT Services and allow us to scope a Disaster Recovery and, more importantly, a Business Continuity solution for your business. We are only a phone call away from providing reassurance for your business.

Thanks

Richard

Cyber Insurance. Are you covered?

In a recent post by Shaun Freeman here, the author references the critical elements required to protect your business from Ransomware using a very useful checklist.

Here at CTO, the managed it specialists, we have these technical aspects covered and can provide the perfect solution to our clients. But I wanted to drill into more detail surrounding point 11 – Cyber Insurance.

Through my Sam Networking activity, I have formed an alliance with Paul Turner at Konsileo who provided some really interesting and ‘share-worthy’ material on the nature of Cyber Insurance and the number of important benefits it delivers namely: –

Business interruption loss – If your organisation experiences an IT failure or cyber-attack that disrupts your business operations, your insurer may cover your loss of income during the interruption. Increased costs to your business operations in the aftermath of a cyber-attack may also be covered.

Privacy breach costs – Policies will either have a single clause or be split into two separate clauses: breach costs and privacy liability. A breach costs clause provides cover for costs that arise from dealing with a security breach, such as notifying customers. A privacy liability clause provides cover for privacy infringement claims and associated legal costs in the event of a breach, which is critical for all organisations that handle or store personal information.

Cyber-extortion – Your policy may cover you in the event that your organisation is infected by ransomware or any other malicious software that attempts to seize control of, and withhold access to, your operational or personal data until a fee in paid.

Digital asset replacement expenses – In the event that your organisation’s digital assets are lost, corrupted or altered in any way by a cyber-criminal, your policy may cover the costs.

Media liability – In the event that a libel, slander, defamation or infringement or intellectual property rights claim is brought against your organisation as a result of your digital media presence, your policy may cover you.

Forensic support – This provides your organisation with near-immediate 24/7 support for cyber-specialists following a hack of data breach.

Reputational damage – Your policy may recoup lost profits directly attributable to cyber-attacks.

Management liability – In this era of increased executive accountability and transparency, your policy may cover costs associated with defending senior management from cyber-attack fallout.

If you would like more information on how to protect yourself against cyberattacks, from both a technical and financial perspective, please feel free to get in touch.

All the best

Richard

 ow nkthisDo you use a DrayTek router?

Do you think it is protecting your perimeter as much as you need it to? 

In the last few days’, I have come across posts on LinkedIn describing DrayTek routers as a ‘decent router’.  This is true, and it has a great price point for some basic networking needs. 

But we’ve heard many people also describing the DrayTek router as a ‘good Firewall’.  This might not be accurate. 

Indeed, DrayTek products are our device-of-choice for connectivity and routing if a customer lackthe budget for a proper firewall, and YES:  DrayTek routers do have some basic built-in Firewall capability. 

BUT the reality is the threat landscape has changed markedly in the last 5 years rendering DrayTek’s firewall capability lack-lustre for most environments. 

Cyberattacks have increased in both volume and complexity with some bad-actors (hackers) being commercially driven and even state sponsored, especially from China and Russia, devising new and sophisticated ways to commit cybercrime. Plus, the attack surface has increased substantially providing the opportunity for attacks on all types of equipment (Smartphones, Tablets, Wireless Access Points), the targeting of remote workers (working from home due to COVID-19) and the proliferation of IoT (Internet of Things) devices, which are generally deployed with low-levels of security and are typically wide open to hacking.

What can be done?

Well, you still need a Firewall. But it needs to be a Next Generation Firewall (NGFW)  – like those by Fortinet.

Like traditional firewalls, NGFWs use static and dynamic packet filtering and VPN support.  This is to ensure that all connections between the network, internet and firewall are valid and secure.

But NGFWs also have the ability to filter based on applications.

For instance, a NGFW has extensive control and visibility of applications so it is able to identify threats using analysis and signature matching. As a result, a NGFW can distinguish between safe applications and threat-carriers. Plus, NGFWs typically include a regular plan of upgrades through which future updates are deployed to keep pace with the ever-changing cyber threat landscape.

So, what are the Benefits of Next Generation Firewalls (NGFW)?

  • An NGFW is able to negate malware from entering a network; traditional firewalls are unable to do this.
  • NGFWs are better placed to combat Advanced Persistent Threats (APTs).
  • They can be a cost-effective option for companies wanting to enhance their basic security. This is because they can incorporate the work of antivirus, firewalls and other security applications into one solution (often called a security fabric)
  • Next Generation Firewalls possess insightful reporting tools, so the origin of a threat i.e. the Device and User, can be identified. Additional training can then be provided to protect the User/Device from engaging in risky activity in future.
  • Threats to personal devices and larger networks are changing every day. NGFWs have the flexibility to protect devices and companies from a much broader spectrum of intrusions than ever before.
  • A NGFW can provide what we call compensating controls in light of GDPR. In the event you have a breach and the ICO ask “what are you doing to protect your data and systems?” you can let them know you have invested in a security system that does A, B, C, X, Y, Z.  This shows you have taken sensible steps to protect your data within the reasonable limitations of your business.
  • Next Generation Firewalls give you the ability to extend your security ring-fence to external endpoints (e.g. home workers using other networks) and give you daily reporting on web usage stats and external access. It also gives you the ability to operate online with confidence knowing you are protected by industry leading security.

Next time your IT Service Provider says you have a Firewall in place, ask them questions based on the bullet points above.

Or, even better, ask CTO to take a look at your network security from an Endpoint, Perimeter and Standards point of view.

Cybercrime is a growing sector and a wealth of research shows it isn’t going away. It is very important to protect yourself from attacks and a Next Generation Firewall is an essential element in combating  the activity of bad-actors.

Finally, once you have the right equipment and security measures in place, you should then consider gaining Cyber Essentials accreditation which will reassure existing and potential customers you take security seriously, so they can deal with your business with confidence.

Thanks

Richard

Core Team One  Managed IT Services

11 New Features in Microsoft Teams for 2021

New features in Teams – The Magnificent 11 !

As we enter 2021, Microsoft has announced 11 ‘magnificent’ features to enhance the MS Teams experience as follows  (okay, I’m stretching the Magnificent 7 theme a bit ):-

5 Minute Warning until your meeting ends notification Microsoft Teams Tips
New Together mode backgrounds
Pop out Teams apps into their own Window
Video & in calling Chat & Sharing improvements
Create a Team directly from a SharePoint site
Improved SharePoint tab app
Improved SharePoint Pages tab app
Start Meet Now on mobile for Chat or Channels
Improved mobile video layout and content sharing
The new Power BI app for Teams
Teams for family and friends

Please check out the video below for more details and a simple explanation how to make your Microsoft Teams usage even more ‘magnificent’.

#MicrosoftTeams #Microsoft365 #ManagedServicesProvider

Core Team One  Managed IT Services