Category Archives:
Uncategorized Archives

Here’s a question to make you pause: Do you know exactly who in your business can access your critical data right now?

And more importantly, do they need that access to do their job?

If you’re like most business owners, you probably assume that access is sorted out during setup and that’s the end of it. But new research says otherwise.

It turns out that around half of staff in businesses have access to far more data than they should.

Which is a big problem.

Not just because of the risk of someone doing something malicious, but because mistakes happen. When people can see things they don’t need, it opens the door to accidents, breaches, and headaches with compliance and audits.

This is what’s known as insider risk.

It simply means the risk that comes from people inside your business, whether they’re employees, contractors, or anyone else who has access to your systems.

Sometimes insider risk is deliberate, like when someone steals data.

But far more often it’s unintentional. Someone clicks on the wrong thing, sends information to the wrong person, or keeps hold of access when they leave the business. And that’s when trouble starts.

One of the biggest issues is what’s called “privilege creep”.

That’s where people gradually build up more access than they really need, often because they move roles, get added to new systems, or no one takes a close look at what they can see.

The research shows that only a tiny percentage of businesses are actively managing this properly. And that means huge amounts of data are being left exposed.

Even scarier, nearly half of businesses admit that some of their ex-staff still have access to systems months after leaving. That’s like leaving the keys to your office in the hands of someone who no longer works for you.

The solution is to make sure your people can only access what they need, and nothing more. This is often called “least privilege”.

It means setting up systems so that permissions are limited to what’s necessary. And access is only given temporarily when required. That’s sometimes referred to as “just in time” access.

And just as important, when someone leaves your business, all their access should be removed straight away.

Today’s world of cloud apps, AI tools, and “invisible IT” (where software is used without IT even knowing about it) makes this trickier. But it’s not impossible. It just means being proactive.

Regularly reviewing who has access to what, tightening permissions, and using tools that help automate this can make a huge difference.

The aim isn’t to slow people down. It’s to protect your data, your customers, and your business’s reputation.

If you need help checking how secure your access controls are, get in touch. It’s better to know now than after a breach.   

When was the last time you thought about how you log in to your accounts?

Or how secure those logins really are?

For years, we’ve relied on passwords. But let’s be honest, passwords are a pain. They’re easy to forget, often reused, and a prime target for cybercriminals.

That’s where passkeys come in. And, at last, Windows is making it much easier to use them.

So… what is a passkey?

Think of it as a modern replacement for your password. Instead of typing in a string of characters that could be stolen or guessed, a passkey lets you sign in using something far safer. Your face, fingerprint, or a secure PIN tied to your device.

Behind the scenes, passkeys work using advanced cryptography. There’s no password for hackers to steal, because the passkey is made up of two parts: One stays on your device, and one stays with the service you’re logging into.

They work together like a lock and key. But the key never leaves your pocket, so to speak. And because you can’t accidentally hand it over, it’s much harder for phishing scams to trick you.

Until now, using passkeys in Windows has felt clunky. You often had to rely on third-party apps or websites, and it wasn’t always clear how to set things up or manage them.

But Microsoft is changing that.

It’s started rolling out new features in Windows 11 that make passkeys far easier to use and manage.

One big improvement is a new partnership with 1Password, a password manager. This means you’ll be able to sync your passkeys smoothly in Windows 11.

And if you don’t use 1Password, don’t worry. Microsoft has also released a new tool for other password managers to integrate with Windows more easily.

In simple terms, your passkeys will work better with the tools you already use to keep your business secure.

Right now, these improvements are being tested in the latest Windows 11 preview build, so they’re not available to everyone yet. But this is a clear sign of where things are headed.

Microsoft is serious about moving away from passwords. In fact, the Microsoft Authenticator app is phasing out its password management capability. Instead, passkeys will be the default way to sign in to your Microsoft accounts going forward.

Passkeys are much more secure and far less hassle than managing endless passwords. And with Windows making it easier to adopt them, now’s a good time to start thinking about how your business can make the switch.

If you’d like help understanding passkeys or getting your business ready for a password-free future, get in touch.   

When you hire someone new, do you think about how secure your business really is?

Most business owners focus on making sure their new starter has what they need. You know, a laptop, email account, access to the right systems… maybe a quick intro to the team.

But those first few months of a new employee’s journey are one of the most dangerous times for your business’s cybersecurity.

And it often flies completely under the radar.

New research has revealed a worrying truth. Nearly three-quarters of new hires (71% to be precise) fall for phishing or social engineering attacks within their first 90 days on the job.

That means cybercriminals are actively targeting your newest team members. And too often, they succeed.

Why is this happening?

Well, think about how it feels to start a new job. You’re trying to make a good impression. You don’t know all the processes yet. You’re keen to follow instructions and do the right thing.

Cybercriminals know this. They take advantage of that uncertainty with cleverly written emails or messages that look like they come from the boss, HR, or even tech support.

These scams might ask your new hire to update their details on a fake HR portal. Or they might send a bogus invoice that looks urgent. Sometimes it’s as simple as an email pretending to be from a senior manager, asking for sensitive information or for a quick favor.

Because that new employee hasn’t yet learned who’s who and what’s normal, they’re much more likely to fall for it. In fact, new employees are 44% more likely to click on these traps than colleagues who’ve been around a while.

It’s not just theory. The stats back it up. When attackers pose as company executives, new starters are 45% more likely to be fooled than experienced staff.

That’s a big gap, and it shows just how vulnerable your business can be during the onboarding period.

So… what can you do about it?

The key is to recognize that cybersecurity training shouldn’t wait until your new hire has “settled in”. Those early days are exactly when they need clear guidance on spotting phishing emails, understanding how cybercriminals operate, and knowing what to do if something seems off.

Businesses that take this seriously see real results. The same report found that companies offering tailored security awareness training and running realistic simulations for new staff saw their phishing risk drop by 30% after onboarding. That’s a massive difference. It shows that a bit of extra effort at the start pays off.

Of course, tools like good security software and firewalls are still essential. But on their own, they’re not enough. People are your first line of defense.

And right now, your newest people might just be your weakest link. Unless you give them the tools and knowledge to help protect your business from day one.

If you’d like help setting up simple, effective cybersecurity training for new starters, or want to talk about making your business more secure overall, we can help. Get in touch.  

What would it take for your business to come to a standstill?

It might not be a flood, a fire, or a power cut. It could be something as simple as sticking with an old operating system.

In just over two weeks, Microsoft will officially stop providing free support for Windows 10.

It’s reaching end of life. That means no more security updates, no bug fixes, and no help from Microsoft if something breaks.

For businesses still running Windows 10, this isn’t just an inconvenience. It’s a serious risk.

Without security updates, every Windows 10 machine becomes a potential entry point for cybercriminals.

And with cyberattacks on the rise, this isn’t a “maybe someday” kind of problem. It’s a right-now threat. You wouldn’t leave the front door to your office wide open – so why leave your systems vulnerable?

Some businesses are hoping they can buy themselves a little time with Microsoft’s Extended Security Updates (ESUs). Yes, they’ll be available. But they aren’t free. And they’re just a temporary sticking plaster, not a long-term solution. They also get more expensive each year, and don’t give you access to any new features or improvements. Just basic protection.

The better choice is to upgrade to Windows 11. It’s faster, more secure, and better equipped to support the way businesses work today.

But here’s the thing: Upgrading isn’t always as simple as pressing a button. Some older devices won’t meet the system requirements for Windows 11. That means you might need to plan for new hardware too. Which is why waiting until the last minute isn’t a good idea.

Right now, time is short. If you’re still on Windows 10, you need to act immediately.

Your first step is to find out which devices can be upgraded, and which ones can’t. From there, you’ll need a clear plan to make the switch quickly, with as little disruption as possible.

That’s exactly where we come in. My team and I can help you move to Windows 11 smoothly, safely, and quickly. Whether it’s reviewing your current setup, helping you choose the right new devices, or handling the upgrade for you from start to finish, we’ve got you covered.

Please don’t leave this until the clock runs out. Get in touch today, and let’s make sure your business stays protected.

When you’re trying to protect your business, what could possibly go wrong by downloading antivirus software?

More than you might think.

If you’re not careful, that “antivirus” might be the threat.

Cybercriminals are getting better and better at creating fake websites that look just like the real thing. One recent example involved a convincing copy of the website of one of the most trusted names in cybersecurity.

The fake site looked nearly identical to the real one, complete with the download button in all the right places. But behind that button was a nasty surprise: Malware disguised as a helpful tool.

Clicking “Download” on the fake site didn’t install antivirus protection.

It triggered a download called StoreInstaller.exe, which installed something called VenomRAT. That’s short for Remote Access Trojan. A type of malware that gives attackers complete control of your computer without you knowing. It can steal passwords, record keystrokes, access webcams, and even open the door for more malicious software.

In this case, the goal wasn’t only spying. It was stealing.

Researchers say the cybercriminals behind this fake antivirus site were trying to grab login credentials and cryptocurrency wallet information. Once they had access, they could sell it to others or use it to steal money directly.

And it’s not just antivirus software they’re faking.

These criminals have also impersonated banks and IT service companies to trick people into letting their guard down. It’s easy to fall for. Especially when the fake sites are hosted on platforms like Amazon, making them look even more legitimate at a glance.

If your business falls victim to this kind of scam, the consequences can be severe. You could lose sensitive company data, have customer details exposed, or suffer financial losses.

The clean-up is expensive and stressful, not to mention the damage to your reputation if client information is involved.

The best defense is to be cautious.

Always check website addresses carefully. Never click on a link in an email or message unless you’re sure it’s genuine. And only download software – especially security tools – directly from a provider’s official website.

It’s also worth having a trusted IT partner (like us) who can double-check things if you’re not sure.

This is a reminder that cybercriminals don’t just rely on technical tricks. They rely on people being busy, distracted, or just trying to do the right thing. A little extra vigilance now can save you a huge headache later.

If you’re ever in doubt, we’re here to help you stay safe. Get in touch.  

When was the last time you opened Notepad and thought, “I wish I could make this text bold or add a heading”?

Probably never, right?

But Microsoft is quietly giving Notepad a little upgrade that could make a surprising difference. Especially for those of us who use it to jot down quick notes, meeting minutes, or even team checklists.

Notepad has always been the simplest of simple tools. It opens instantly, saves fast, and doesn’t get in your way. That’s exactly why so many people love it.

Now, Microsoft is testing a light touch of formatting features. Things like bold and italic text, hyperlinks, headings, and even basic bullet points.

The idea is to give us just enough control to make our notes clearer, without turning Notepad into a full-blown word processor.

The formatting is based on something called markdown. That’s a widely used, no-fuss way to add structure to plain text using simple symbols. For example, putting a couple of asterisks around a word makes it bold.

It’s neat, clean, and doesn’t add any of the heaviness you’d associate with Word or other big editing tools. And if formatting isn’t your thing? No problem. It can be turned off completely.

Some people worry that adding features like this risks bloating the app and making it slower. But in this case, the changes are minimal and optional. It’s more like giving your notebook a nicer pen. Not turning it into a printing press.

And with WordPad now officially retired, there’s definitely a gap for a tool that sits somewhere between “plain text” and “full document.”

For businesses, especially smaller ones without complex systems for documentation, this could be a handy middle ground. Being able to better structure your notes can save time and make your messages clearer.

It’s not flashy, but it’s thoughtful.

And it’s another small sign that Microsoft is modernizing even the most basic tools in Windows 11 without losing what made them useful in the first place.

Keep an eye out for the update if you’re using Windows 11. And maybe give those bold headings a try next time you’re scribbling a to-do list.  

Google has unleashed a powerful new tool to make your Gmail inbox a safer and spam-free haven, and it’s called RETVec.

But what exactly is RETVec?

Well, let’s break it down in simple terms. RETVec stands for Resilient and Efficient Text Vectorizer. Fancy. In plain English, it’s a tool that makes Gmail even better at spotting annoying spam emails that try to sneak into your inbox.

Did you know that the people behind spam emails can be very smart to try to avoid detection? Some use invisible characters, something called LEET substitution (like “3xpl4in3d” instead of “explained”), and intentional typos to get past our defenses. But RETVec is trained to be resilient against all these tricks.

Google explains it as mapping words or phrases to real numbers and then using these numbers for further analysis, predictions, and figuring out word similarities. In short, it’s like giving Gmail a supercharged spam radar.

How does this benefit you? Gmail’s spam detection rate shot up by an impressive 38% with RETVec on the scene. Plus, Gmail’s false positive rate dropped by nearly a fifth (that’s 19.4% fewer false alarms).

I know that some of you might be wondering if there’s a catch. Well, there’s a tiny caveat you should be aware of, especially if your business sends promotional emails.

With RETVec’s increased vigilance, some legitimate emails might get caught in the crossfire. It’s a good idea to keep an eye on your email analytics to ensure your messages reach their intended recipients.

RETVec isn’t just about better security. It’s more efficient too. Google reports that the Tensor Processing Unit (TPU) usage of the model dropped by a whopping 83%. Smaller models mean reduced computational costs and faster delivery, which is a game-changer for large-scale applications and on-device models. So, it’s a win-win situation.

Spam is a go-to weapon for cyber criminals and now RETVec can help keep us better protected. It blocks malicious emails, keeping our data safe and our inboxes clutter-free.

If you don’t use Gmail, don’t feel too left out. It’s likely we’ll see other email providers including Microsoft bringing similar protection in the future.

In the meantime, if you’d like us to review your business’s email security, get in touch.

You might think that cyber criminals are only interested in large companies or those with huge financial assets. After all, that’s where the big bucks are, right?

Think again.

Recent reports have shown that cyber criminals are casting their nets wide, targeting businesses of all sizes, from mom-and-pop stores to global enterprises. And they’re doing it with the help of something called “botnets.”

You may have heard about the rise of malicious botnets, and you’re probably wondering, “what on earth is a botnet, and why should I care?” Botnets are the secret weapons of cyber criminals. They’re armies of compromised devices, all under the control of a single, malicious puppeteer. These can be anything from your computer to your smart refrigerator. Yes, even your refrigerator can be turned into a cyber weapon.

A new report observed “massive spikes” in the activity of these botnets, with over a million devices involved in malicious activities at one point. To put it into perspective, that’s a hundred times the usual levels of botnet activity.

Usually, there are around 10,000 devices doing naughty stuff each day, with 20,000 being the highest number researchers had seen. But in December 2023, things got crazy. The number shot up to 35,144, and two weeks later, it rose even further to 43,194. That’s a lot of compromised devices.

And it didn’t stop there; the researchers saw the biggest spike yet, hitting a whopping 143,957 distinct devices being used at the same time. In fact, on January 5 and 6 there were spikes of more than a million devices!

Why are they doing this? These botnets are being used to scan the internet, searching for weaknesses in websites, servers, and even email systems.

Think of the internet as a fortress with many doors and windows. These cyber criminals are looking for unlocked doors and open windows to sneak in. They focus on specific “ports” that serve as entry points.

What can you do to protect yourself from these cyber threats?

It’s all about strengthening those doors and windows. Here are a few simple steps:

• Keep your software, operating systems, and applications up-to-date. Regular updates often fix vulnerabilities.

• Install a good firewall and reliable antivirus software to protect your devices.

• Educate your employees about cyber security best practices, such as avoiding suspicious links and emails.

• Enforce strong, unique passwords for all your accounts and devices.

• Regularly back up your data to prevent loss in case of a cyber attack.

• Keep an eye on your network for any unusual activity.

• Consider hiring a cyber security expert (that’s us) to assess and enhance your security measures.

If we can help you keep your business better protected, get in touch.

Microsoft’s at it again, presenting us with new features week after week. This time it’s all about making our online searches smarter and more efficient in the Edge browser. If you’ve been on the fence about switching to it, this might just be the push you need.

Edge has a cool new feature, as revealed by Mikhail Parakhin, CEO of Advertising and Web Services at Microsoft. Imagine this: you’re searching for something important for your business – maybe it’s market research or the latest trends in your industry. You type in your query, and you get results from not one but two search engines at the same time.

How does it work?

Let’s break it down. Say Bing is your default search engine. Now, when you hit the search icon, you won’t just see Bing’s results, you’ll also get a peek at what Google (or your alternative search engine of choice) has to offer. This dual view works both ways, ensuring you’re not missing out on any valuable information.

In business, information is gold. Having access to comprehensive search results means you’re more likely to find the most relevant, diverse, and valuable information. No more switching between browsers or tabs to compare search results – Edge now does that for you in a single view.

Some people have raised concerns about potential visual clutter from combining two engines’ results. It’s a valid point, and thankfully, Microsoft is listening. Parakhin hinted at the possibility of customizing your ‘backup’ search engine to streamline the experience. While the sidebar’s width is currently fixed, there’s an openness to explore deeper customization options soon.

This feature in Edge is quite a lure. It simplifies the task of searching, making research quicker and more effective. You get the best of both worlds without the hassle of juggling multiple windows.

And it’s more than just a convenience; it’s a step towards smarter, more efficient browsing, especially for us in the business community. It demonstrates Microsoft’s commitment to improving user experience and staying competitive in the browser game.

For current Edge fans, this is an exciting upgrade. For everyone else, it’s a compelling reason to consider making the switch.

Need a hand finding time-saving tools for your business? Get in touch.

You’ve probably been considering how to harness the potential of AI to boost your company’s efficiency and productivity.

But there’s a small problem. A recent study revealed something fascinating but not entirely surprising: A trust gap when it comes to AI in the workplace.

While you see AI as a fantastic opportunity for business transformation, your employees might be skeptical and even worried about their job security.

Here’s a snapshot of the findings:

• 62% of C-suite executives welcome AI, but only 52% of employees share the same enthusiasm.
• 23% of employees doubt their company’s commitment to employee interests when implementing AI.
• However, 70% of business leaders believe that AI should include human review and intervention, showing they view AI as an assistant rather than a replacement.

Now that we understand the situation, how can you introduce AI gently and reassure your employees that their roles are safe?

Start by having open and honest conversations with your employees. Explain why you’re introducing AI and how it will benefit both the company and individual roles. Show them that AI is meant to be a helping hand, not a jobs terminator.

Invest in training that helps your people acquire the skills they need to work alongside AI. Make them feel empowered by showing that it can make their jobs more interesting and valuable.

Emphasize that your AI initiatives are designed to enhance human capabilities, not replace them. Let your team know that it will handle repetitive tasks, allowing them to focus on more creative and strategic aspects of their work.

Develop clear guidelines for responsible AI use in your business. Highlight your commitment to ethical practices and ensure that employees are aware of these policies.

Involve your employees in the implementation process. Seek their input, listen to their concerns, and make them part of the solution. This shows that you value their contributions.

Encourage a culture of continuous learning. Let your employees know that they’ll have opportunities for ongoing education and development, ensuring they stay relevant and valuable in the AI-driven workplace.

Introducing AI into your workplace doesn’t have to be a cause for concern among your employees. AI is a tool for growth and innovation, not a threat to job security.

If we can help you introduce the right AI tools in the right way, get in touch.