Phishing- Are you ready to be caught out?

By Anthony Mortimer, Account Manager, Netutils

AnthonyMortimerViews expressed in this post are original thoughts posted by Anthony Mortimer. These views are his own and in no way do they represent the views of the company.

In the age of commercialised hacking, organisations are experiencing greater frequency and sophistication of attacks than ever before, this is driven simply by the commercial value corporate data represents to criminals. According to Trend Micro 90% of all known successful data breaches in 2012/2013 were attributed to Phishing attacks.

At Netutils we see and talk to a broad range of organisations all with very different views to the risk these threats pose. For many smaller organisations the presence of a firewall and basic security is seen as sufficient; but here’s why these smaller businesses should be concerned.

For a start criminals are now regularly targeting suppliers or customers of big organisations as the staging point to attack the bigger network. More importantly we are seeing a trend for large businesses to dictate security policy to their suppliers for them to continue to trade with them or to win new contracts.

A significant growth area is in the use of targeted Phishing emails and more focussed spear phishing attacks tailored to specific individuals based on pharmed data. These types of attacks are becoming more difficult to mitigate against putting significant stresses on IT department’s budgets.

We have witnessed organisations handling these threats with 2 broad methodologies:

  • Deployment of technology to counteract attacks
  • End user training

It is generally accepted that by far the greatest risk to the security of your corporate data are your employees themselves who may unwittingly fall victim to phishing attacks. According to industry figures 60% of UK office workers receive a Phishing email at least once a day. In addition the greatest issue with regards to end user training is that for most organisations it is difficult to deliver such a course in a way that will make a real difference. Businesses will often run a single awareness session and hope that will mitigate the risk. Unfortunately Phishing attacks are dynamic, although they follow a similar pattern the content and mechanisms change, unless staff are made aware of these on a regular basis the training deployed may only have value for a few weeks after delivery until a new form of attack is devised.

The second method of combating these threats is via the deployment of technology, this poses real issues to businesses and it can be argued many traditional signature based solutions offer little real protection. This is essentially because they rely on a known database of attack signatures to spot and block an attack. However with the rise in commercial hacking activities self-service malware portals can provide the enterprising hacker with a unique piece of malware for as little as $100 that can sit undetected on corporate machines, up until it is discovered and the signature published.

At Netutils we believe that effective mitigation requires a layered approach to handling these issues. At the heart of our solution set are 2 key elements: ongoing security training via our interactive training platform (PhishAware) and cutting edge signature less technology.

If you have any concerns about the impact of Phishing in your business then do please contact a solutions expert from our team on:

t: 020 8783 3800
e: info@netutils.com

PhishAwareTrial

 

 

Exinda: The Business Case for WAN Orchestration

Do you need improved visibility & control of your WAN traffic to maximise user experience & network performance? Watch our short video blog on the key features of Exinda’s WAN Orchestration. The webinar referenced in this video will be available on this blog shortly.

Busting The Top Four Myths About Hacking

Vanessa Cardwell:

This blog from our partners at SMS Passcode on ‘Busting The Top Four Myths About Hacking’ is well worth a read. Knowing what’s myth and what’s fact is essential to avoid running unnecessary risks to your business. Myths can lead to false assumptions and thinking that your business is not at risk of being breached by hackers.

Originally posted on The SMS PASSCODE Blog - technology leader in multi-factor authentication:

By Torben Andersen, CCO, SMS PASSCODE

Knowing what’s myth and what’s fact is essential to avoid running unnecessary risks to your business. Myths can lead to false assumptions and thinking that your business is not at risk of being breached by hackers. So let’s take a closer look at some of the most common myths out there.


1# Myth – Hackers only target the big brandsMyth one - hackers only target the big brands

When big brands like Target, eBay, Adobe, and Sony are hacked, it’s big news for business and mainstream publications. Don’t be fooled: big companies aren’t the only ones being targeted. In fact, research shows that 31 percent of all hacking attacks were aimed at businesses with fewer than 250 employees.


2# Myth – You have nothing valuable for hackers to steal

Fair enough. Not everyone is fortunate enough to be storing breakthrough research with the potential to revolutionize your industrythe world if only you can keep…

View original 385 more words

Bye-Bye BYOD … hello Secure Guest Access

By Toby Makepeace, Technical Director, Netutils

Views expressed in this post are original thoughts posted by Toby Makepeace. These views are his own and in no way do they represent the views of the company.

Ok, so we all know the term BYOD has been in the news for a good while now. And I’m still challenging my customers and contacts interested in deploying a BYOD strategy by asking them why? Why are you interested in a BYOD strategy for your organisation?

Personally, I think the concept of a secure network access control (NAC) policy is essential for any network, but when it is solely being linked to BYOD I have to ask the question ‘why?’

In my view the reasons behind a BYOD policy within organisations is normally driven by one of 3 things:

  • The staff are asking for it
  • The senior management team want to use their iPads (happens a lot, believe me!)
  • The organisation sees a business benefit to allowing users to access their own devices at work

If it is the latter, great and I’ll address that further on in this blog.

If the reasons for BYOD are driven by either of the first 2, my suggestion is that you consider (instead of a full-on BYOD strategy) simply deploying a guest network with internet access and ensure all the relevant monitoring and filtering is in place.

In addition make sure you use something to control the traffic usage, and don’t ever just put up an open network for staff to use; you do not want to actively monitor staff, but you do want to deter people from just using a company connection to the internet for personal use. You also need to ensure the company has relevant protection in place to comply with the legal obligations no business should ignore (such as data retention and the Digital Economy Act) to reduce the responsibilities of your IT team in terms of managing and reporting on the data used and accessed by guests using your network.

You’ll probably find that the primary applications your staff wish to access will be (surprise, surprise) Facebook and Twitter and to be honest in most cases my advice would be to allow that. Happy staff work better. What you don’t want to find is a load of BitTorrent data being downloaded, or uploaded over the network, so hence the need for a solid guest access solution. So in this case you are not deploying BYOD you are just being nice to staff by helping them reduce their mobile data costs! And, let’s face it, most of them will be accessing these applications during the day with or without a guest network.

So back to full blown BYOD, I suggest you ask yourself and your organisation the following questions.

  • Which applications do you need to support?
  • What types of devices are you happy to support?
  • Which employees are you happy granting access to?

Once you’ve answered these questions, I suggest you follow this simple process:

  1. Start with the resources
  2. Involve your staff
  3. Deploy a layered approach

Consider which resources you want staff to be able to access. Are you going to do things via Terminal server/Citrix sessions? Or are you going to allow users to actually use their devices to connect? Take each application and think of simple rules, for examples Outlook Web Access / Email are you happy with these being accessible on a personal device? Will the staff be more productive if they are? Ok, then consider do you require full Mobile Device Management or just a simple ActiveSync policy? (This will always come down to the volume of the data in peoples email).

Next, involve your staff. Let them know you are rolling out BYOD, but you are going to do it slowly and ask them to submit their suggestions as to what applications they seek to use and why. This way you can set priorities and assess the level of control you are going to need to be in place. You might find the Remote Access policy you have in place just needs to be tweaked, and a new wireless network that is very similar to the guest network gets created, that has a link through to certain resources like Lync/Citrix and other applications.

Deploy a layered approach. Allow staff to login to the BYOD network using their Active Directory credentials, this way they will be logged onto a secure network but separate from the corporate network. Then to get access to a resource like your CRM for example, you might consider using 2 factor authentication via an SSL portal, which is only available in the office, so you know who is accessing the network, the fact they are present in the building, and they know their 2 factor password.

I hope these tips give you food for thought and help you in your BYOD strategy planning. If you have any question then do feel free drop them to me via Twitter @tmakepeace. Thanks for reading and good luck!

Exinda Video : Troubleshooting Network Problems

When users complain that their apps aren’t performing properly, you need to take action to solve the problem quickly.

ExindaBlogWatch this demo from our partners at Exinda and find out how to:

  • Diagnose and solve the most common network problems
  • Pinpoint which applications and users are causing network performance issues
  • Apply policies that control traffic at a user and application level
  • Monitor apps, users, and conversations on the network in real time

Learn how to troubleshoot #network problems faster with @exinda join our webinar 11am 10th September.

Setting the stage for 20 years …. The challenge is finding the star performers

By Michele Lewington, MD at Netutils

All the world’s a stage,
And all the men and women merely players;
They have their exits and their entrances,
And one man in his time plays many parts…

20yearsPictureDuring 20+ years in the industry I can recall a time when my company felt more like a stage with a revolving door than a business. You’d bring in new employees – nurture, mentor and train them and no sooner they’d become a useful member of society, they’d be headed through the revolving door and looking for a starring role on a West End stage. It’s the way of the world and over the years you get better at finding ways to mitigate the fall-out.

On the flip side, I can’t help but be touched by the loyalty and commitment of others. It’s not always easy to win trust, to secure that much needed longevity and to walk the road of fair but firm. When you manage to do so and get it right, you can find yourself surrounded by the most remarkable, talented people.

I am gratified to have several such team members today; they have the capacity to make me forget about those that came and went via the revolving door and I am staggered to be celebrating 20 years in September with one of the first of our employees who acts as a constant reminder of how important it is to get the balance right.

Can she be accused of lacking ambition? Absolutely… mostly by uninformed individuals who know little about the dance of responsibility that we have performed and perfected over the years. Does she feel as if she has been held back or had her potential stifled? I don’t believe so, but just to be sure, I asked her to write a blog. It’s her first (and quite possibly her last) but read Claire’s story here and judge for yourself.

Two Decades, One Company

By Claire Hillman, Senior Administrator & Contracts Manager at Netutils

Views expressed in this post are original thoughts posted by Claire Hillman. These views are her own and in no way do they represent the views of the company.

claire_colourHi, I’m Claire Hillman, Senior Administrator & Contracts Manager here at Netutils. Most of our customers know me as I deal directly with them on a daily basis and have done so for the last 20 years. I’m proud to say I share my 20th work anniversary with the company itself. I’ve been here practically from the start; I’ve watched my role and the company grow together. It’s fair to say we’ve been through a lot and when our MD asked me to write a blog about our 20 year journey together I jumped at the chance.
I’ve got a lot to say! Here’s my story:

In 1994 I had just left 6th form college and, like many others, wasn’t sure exactly what I wanted to do with my life. Through a mutual contact Michele Lewington, Netutils, MD asked me if I would be interested in a couple of week’s temporary work to cover the existing Administrator who was leaving.

At the time, the role involved general office administration, processing purchase orders for computer software including Proxy remote control (which we still supply to the UK market today.) The software back then came as a fully boxed product and supplied with a hard copy manual, so I quickly got used to shipping loads and loads of boxes. However, my very first task was learning how to make proper tea. My employers were none too impressed with my first attempts and I was quickly taught the difference between dishwater and builders brew!

I soon realised that I really enjoyed the office environment at Netutils. Naturally, at this age the full time work environment can be a bit daunting. Everyone was very patient with me every step of the way to ensure I fully understood each task that was required of me, and they always taught me to never be afraid to ask if you are unsure. That’s something that we all really love about working at Netutils – great team spirit and you really feel supported!

As the 2 weeks were coming to an end, I was invited to join as a full-time permanent employee… that was a no brainer for me and my official start date was the following Monday, 5th September 1994!

Over the next 5 years, Netutils continued to grow and eventually moved to larger offices in Surbiton. Our portfolio of products continued to grow and soon after we were joined by our first university graduate – Toby Makepeace. Today, he is Netutils Technical Director and predominately works directly with our Service Provider customers; and is one of the most respected and experienced in his field.

As Netutils client base grew, so did my family. When I had been at Netutils around 7 years, my partner & I discovered we were expecting a baby. Such is our relationship, my MD was the first person I shared my pregnancy news with! The Netutils team welcomed the news and were extremely supportive throughout my pregnancy. My colleague Lesley Griffith was to cover my role for me whilst I was on maternity leave. Poor thing, she had been on the receiving end of so many jokes about the baby arriving early I don’t think she actually believed it when I did go into labour 6 weeks early!

Weighing just 4lb 10oz my son was taken straight to the special care baby unit. Luckily he was absolutely fine, and unsurprisingly some of his first visitors were my colleagues from work laden with gifts, and they still spoil him 13 years later each birthday and Christmas.

A few years after the birth of my son in 2006 our most popular vendor, Funk Software was acquired by Juniper Networks. This was probably the most difficult of times for me – change is not always welcomed and working with this large, faceless organisation presented a real challenge and a massive change in processes. If there was ever going to be a time to move on, this was probably it! So what stopped me? I realised we were all part of this massive, new learning curve; it was obviously different for everyone but only by working together were we able to iron out the creases. Today, Netutils continues to operate as an Elite Partner to Juniper.

Throughout the years, as the company has continued to grow and change, so has my job and my roles. We are now based near the beautiful landmark of Hampton Court and I am still referred to as the Senior Administrator but in all honesty, that’s because we couldn’t really fit all my responsibilities on a business card! My job is varied and far reaching involving everything from providing support and assistance to our sales team to processing customer and supplier orders. I am also responsible for maintenance renewal revenues. Reporting directly to the Financial Director and MD I oversee accounts receivable & payable and manage all staff expenses. I’m also involved with customer service and managing the CRM.

I fully share the company ethos and believe that whether a customer has dealt with us over many years or has only recently started working with us they expect and should receive excellent customer service with a personal touch. Feedback tells us that our customers really appreciate the fact that we understand their requirements and deal with them in a fair and honest manner. I’m really proud that my depth of experience and knowledge of Netutils’ customers means that I can provide a truly great service to our customers.

Claire Celebrating 20 Years!

Claire Celebrating 20 Years!

So that’s my journey in a nutshell. At times I can’t believe that 20 years has passed. Thesedays it’s unusual to be in a positon for so long, when companies change people move on. Someone recently asked me if I lack ambition. Why would I stay in the same organisation for so long? My answer is simple, the company has continually allowed me to grow and gather new experiences. The variety in my role keeps me on my toes but above all what’s kept me firmly rooted at Netutils are the relationships I have built with the people here, both new and old . We care about the success of Netutils, that’s a shared goal and not just one felt by management.
Happy Birthday Netutils!