Common Cybersecurity Pitfalls and Preventative Measures

Five Common Employee Cybersecurity Blunders   Allowing Unauthorised Device Access Many people allow their friends and family to use their work devices at home. This seemingly harmless act can expose sensitive company data and introduce malware. Implementing strict security controls, such as password protection and two-factor authentication, alongside continuous security training, can mitigate this risk.…

Read More

Why Relying Solely on Microsoft 365 Backups is Not Enough: The Importance of Cloud Backups

Without supplementing Microsoft 365’s built-in backup options with cloud backups, your business is at risk of losing crucial data. Despite Microsoft’s backup capabilities, relying solely on them leaves your data vulnerable to hardware failures, human error, natural disasters, cyber-attacks, and other unexpected events. In the event of data loss, traditional recovery methods through Microsoft’s backup…

Read More

Stop using email allowlists!

While doing do so achieves this goal, it also creates a cybersecurity risk when the sender’s account is compromised. It exposes the receiver to malicious emails that would have been blocked had they not been added to an allowlist. Doing so, simply moves the onus of cybersecurity from the receiver to the sender. If genuine…

Read More

Managed Detection and Response (MDR)

Systems such as antivirus, firewalls, and multi-factor authentication (MFA) are critical layers in protection, but unfortunately these are not bulletproof solutions. This is why one needs a layered approach to build a comprehensive security solution.   The latest tool in the cybersecurity arsenal is Managed Detection and Response (MDR), which utilises advanced threat detection techniques…

Read More

RYUK Ransomware – A First Hand Account

I’ve previously blogged about cryptoware and what you can do to protect your IT assets. Today I blog about a first hand account with the nastiest cryptoware of them all called RYUK. The perpetrators behind RYUK are active adversaries who combine advanced attack techniques with interactive, hands-on hacking to increase their rate of success. To…

Read More

Microsoft ditching periodic password change policy

Better late than never! Microsoft has finally removed enforced periodic password changes from their security baselines. My first blog post on this website back in 2017 was about exactly this. Time to Rethink Mandatory Password Changes Periodic password expiration is an obsolete idea that offers almost nothing in today’s security landscape. It’s great to see…

Read More

Tales of IT Security

My business is too small to be hacked Many people believe that because they are small they won’t be targeted by hackers or malware. The media headlines are dominated by major corporate data breaches and ransomware attacks. While you can argue that being small makes it unlikely you’ll be specifically targeted, that’s actually not the…

Read More