How secure are your suppliers? New Microsoft Edge features, ethical hackers and West Ham FC data leak... here are the IT and cyber headlines that caught my eye this week:
Have you updated your on-premise Microsoft Exchange Server?
Are your suppliers cyber safe?
Ransomware most common cybersecurity threat to SMEs
Microsoft Edge new features
Rise of the ethical hacker
Premier League club leaks supporter details
Last week, I reported that a vulnerability had been found with on-premise Microsoft Exchange Servers. If you are not sure what this means to your business or if you have been affected, then take a look at Mark’s blog where he details everything you need to know:
What the on-premise Microsoft Exchange Server vulnerability means to businesses
When we work with suppliers, vendors and clients, we often provide them with a significant amount of sensitive data. Do you know or trust what they do with your data?
Biz Journal pose the question, how do you manage the associated security risks? It is an interesting question and you should interrogate all of your suppliers.
There will be some suppliers that need more focus than others. Information that you share with external companies/parties, including your IT admin details, personal data, accounting and banking details, should have some kind of security 'check-in' process.
Get in touch with me if you want to discuss if you need a process to secure your supply chain.
Source: Biz Journal
Ransomware still remains the most common cyber security threat to SMEs according to IT Pro.
Basic security gaps leave small business’ network wide open to attackers. According to the report, the main causes of a ransomware attack are:
54% Phishing scam caused by employees e.g. clicking on scam link in email– 27% Poor practice
26% Lack of cybersecurity training
21% Weak password and access management
Source: IT Pro
Check out our Enhanced cyber security package to understand the security level I would recommend.
Who uses Microsoft Edge? I’m not sure many people do to be honest, in fact, I have checked Superfast's Google Analytics this morning and just 7% of our visitors Edge. However, Microsoft wants this to change. They are putting a significant amount of effort into making their browser the best on the market. This mean making regular updates to enhance user experience and secure your passwords and data.
Recently, Microsoft unveiled a password monitor feature. The feature warns when your password has been compromised (so it’s time to change your password). It will also let you know if you have reused a password across multiple websites or services – which is bad practice and should be avoided!
Microsoft Edge also has a new kids' mode aimed at children aged 5-12. The internet can be a great place to find out information and develop your digital skills. It can also be an utter nightmare for parents! The new tool allows parent to adapt the browsers setting to their child’s age. You can create an 'allow list' - websites they can visit, as well as monitor what webpages have been visited.
Source: PC Mag
Have you ever heard of an ethical hacker? There are some people that hack for good! They look for faults and report them to organisations. Many businesses also hire ethical hackers to actively find vulnerabilities (before hackers). There has been a rise in ethical hackers reporting vulnerabilities over the past 12 months, according to a report by HackerOne.
The report highlights a 63% increase in the number of vulnerabilities being submitted in the last 12 months.
Vulnerability reporting is a way for ethical hackers, or finders, to report issues to an organisation and have them resolved before a cyber-criminal can take advantage.
Some businesses are now implementing a vulnerability disclosure programme which can help finders use an actual reporting channel rather than releasing it publicly. In fact, 50% of finders don’t report bugs because there is no clear reporting process.
The average small and medium sized businesses don’t warrant needing one. But if you develop certain technology or have an app, then it maybe worth considering.
Any hammers fans out there? ⚒️
Your personal details may have been leaked if you have an online account.
Visitors to West Ham United FC ticketing portal were able to view the details of fellow supporters, including full names, dates of birth, telephone numbers, addresses, and email addresses, when they attempted to log in to their accounts.
The issue is now resolved, but supporters are at risk of phishing scams. A cyber criminal could pretend to be from West Ham, contacting victims to gain personal details such as credit card numbers, so be careful.
Sign up to relieve news and learning materials for IT and cybersecurity: