It has happened to M&S and Co-op, how secure is your business IT environment?

Keep reading and find out below how to get a free* security scan of your Microsoft 365 environment, only if you are quick enough!

There have been a lot of high profile IT security incidents lately, it has been difficult not to notice these stories in the news.  M&S losing their ability to process online orders and the Co-op having their membership data stolen shows that even the largest businesses, with their large IT budgets and dedicated IT teams, are still falling victim to cyber criminals.

One of our newsletter articles this week is about Google's smart tools tacking the rise in online scams, available to read here, if you haven't already, which shows that there are more bad actors out there attempting to compromise business security.

What I want you to do is to imagine a van full of burglars heading off to attempt to break into a large mansion somewhere, they get there, they try to break in, they are unsuccessful.  So on their way back, they stop off and try all of the smaller houses along the way, hoping to find at least one unlocked place just so they don't go home empty handed.   

Now swap out the mansion and the burglars for a large business and hackers, and the smaller houses, for smaller businesses and you can start to get an idea or what is going on out there, only on an industrial scale. 

A lot of hackers attempt to gain access to the larger, better known businesses as there is more chance of a richer reward, however if they fail, they will try smaller businesses, like yours.  It is a numbers game, a game of attrition, they want to be able to exploit any business, and don't care if you can afford their ransom or not, they are only interested in gaining a reward by doing the damage.

Now amplify this with various state regimes with evil intent backing these hackers because they want to cause disruption to businesses in Europe and the USA and you can see why we have incidents on the rise.

So just how secure is your business?  Do you know?  Have you had your security tested?  Are there any vulnerabilities inside, lurking on computers that you are unaware of?  

Will they be able to exploit any issues or will they attempt to gain access and just move on.  And if they can exploit your business, how much damage will it cause, how much will it cost (both financially and in terms of reputation) and will your business survive?

There are many attack surfaces they can exploit, we focus on the primary technology ones.

Operating System and Software:

One of the fundamental mistakes made by businesses is they think they are safe because they "patch their computers", using the updates for the operating system from the manufacturer, like Microsoft or Apple updates. 

BUT....

That is just the tip of the iceberg.  There is also all of the software running on the computers, which is often overlooked when updates are applied, and this could be for a multitude of reasons but it doesn't detract from these applications being potential security holes.  Are computers in your business all up to date?  Are they all running the latest version of software and do you know how it is managed?

Cloud Services and Collaboration:

More and more businesses are also using online services, moving away from on-premise servers and collaboration to cloud based services and collaboration, but again, this can bring its own issues if it is not configured correctly or if someone has shared something you are unaware of.

• Do you know who is sharing what, with whom and to where and how? 
• Do you know if any of your email users are automatically forwarding emails elsewhere?
• Is your email being scanned for threats to prevent them from entering the business?
• Is your email setup correctly so that your email is not seen as a threat to other businesses, is it setup to support email security that is currently being ramped up like DMARC and DKIM?

Something that is often overlooked by a lot of businesses is data leaking from inside to out, without the business knowing, it could be something totally innocent such as a user wanting to keep on top of things by copying data onto their own devices by automatically forwarding their company email to their own private account, or staff may be sharing data from Teams or SharePoint to 3rd parties for a project and overlooking who can access it, wouldn't it be good to know?

Endpoint Security:

Then there is endpoint security, are your computers running up to date security products and what sort of protection does it provide?  A lot of computers are running an antivirus product, but there is so much more happening these days than just viruses, what about malware or ransomware and what would happen if your business were hit?  Would your security product prevent ransomware, would it undo the damage from an attack automatically or is your data at risk?

What can you do?

It is a sad state, where we have to say it is not a matter of if, but a matter of when a business will suffer some sort of security incident, either a malicious incident or something as simple as an accidental breach, but do you have any idea of the state of you company's IT security and the health and state of your services?

Find out what state your environment is in

If you don't know, you can't do anything about it.  But having your head in the sand is no way to run a business and this is where we can help.  We can provide you with a security assessment that can comprise of the following:

• Microsoft 365 security assessment
• Endpoint security assessment, including full software scan
• Network penetration test and network equipment vulnerability assessment

This is a great place to start, because it will let you know the state of the environment and will allow you to plan what to do to fix any issues that are found.  Again, The Silver Cloud Business can help with remediation and resolution of any issues found.

Again though, there is a BUT....  This is just a snapshot in time, it is great to know where to start with sorting out your environment, but what happens when software goes out of date again?

This is why we have an on-going, monitoring and maintenance service that not only provides you with comprehensive information about the on-going state of your environment, but also apply updates to applications as well as the operating system, closing off those vulnerabilities that might be lurking under the surface, going unknown.

Our service brings real-time Microsoft 365 and endpoints under management, ensuring they are as secure as they can be and then scheduled network vulnerability scanning to make sure that no vulnerabilities have been introduced to the network, as the network environment is often the most static in terms of change, however network equipment also needs to run the latest version of firmware and ensure the configs are secure which is why we also manage this aspect of the environment as well.

Our service helps businesses either achieve or retain Cyber Essentials (CE) and Cyber Essentials Plus (CE+), but the difference with our service is that it is ongoing, rather than the snapshot in time of the assessment!  Meaning far less time needed to prep for renewal of CE or CE+

Even if you don't want to subscribe to our ongoing security service, wouldn't you like to know the state of your environment?

We are offering a FREE* Microsoft 365 tenant assessment for the first 10 businesses to request it, something that usually costs £495.00 + VAT**

What are you waiting for, if you don't know about it, you can't fix it and ignorance is no excuse in the eyes of the Information Commissioners Office and the law!  Give us a call on 01722 411 999 and grab one of those free security scans for your Microsoft 365 tenant.

* We would need to have temporary access to the Microsoft 365 environment with an account that has elevated permissions in order to run the security assessment.   This offer is only open to MS365 tenants with 5 or more licensed users.  The output is a security assessment report, detailing the health of the Microsoft 365 tenant at that moment in time.  This is a one off free scan, not an ongoing service or free remediation.   The full priced scan also only provides the report, not remediation work.  The Silver Cloud Business contract clients are offered this service for a reduced fee.  

** The assessment fee is for a one time report and does not include remediation of any issues identified in the report.