I had forgotten about the infamous blue screen of death until last week. Years ago when we were using Win XP or Win 7 we would overload our computers and cause them to crash. At least that is what we would like to tell ourselves, the reality was there was a memory leak or the machine had overheated or something totally unrelated to what we were doing that caused the computer to crash.
So everyone tells you that two factor authentication (2FA) or multi factor authentication (mfa) is essential these days to protect you from people hacking your systems, mainly your email. Absolutely correct, without a shadow of a doubt it is the single most important way to protect yourself. If you want FunctionEight to provide your IT Support then it is a requirement that you have 2FA on your email.
However there are associated risks with this and it come down to the way people usually interact with their computers. This is something that the software manufacturers have not really worked out yet. It is a user experience / user interface (UX/UI) issue.
Many people have multiple devices, often a desktop a laptop and a phone. Some have multiple of each. So with 2FA enabled all of these devices when switched on are connecting to your email system like Microsoft Office 365 and authenticating. There are settings in the system that allows you to request “don’t ask me again for 14 days” and we all select that don’t we.
However if you are like me then you will leave your email open on your desktop even when you are not using it. Even if you lock the screen the email application will still be connecting to your email system to authenticate.
And this is where the issue comes. You are on a bus or in a boring meeting and you get an authentication request on your phone. If you are used to this you realise that this is probably your desktop and you authenticate. For most of the time this is ok, although it is bad practice.
However imagine the situation where you get a request on your phone and you think it is your home desktop, but in reality it is someone in a foreign country hacking your email and they have your username and password (you use a simple password because you have 2FA right?). All of a sudden you approve the request and you give the hacker access to your email. And that is where your issues come.
Rules to avoid this:-
- Do not leave your email application running on your computer when you are not using it. This will stop authentication requests coming in when you are away from your computer.
- Never accept an authentication unless you know which of your devices is requesting it.
Don’t say you have not been warned. 2FA or MFA is great when used the way it is supposed to be used. Abuse it and it will bite back.
Been hacked and need help, please contact me at email@example.com
As a small business owner this is not a question you have probably considered. The correct answer is not too much and not too little. If you are a more established SME or a larger company then you are probably preparing annual budgets and you will have line items for information technology, and you can see how much you will be spending
In this day and age we keep hearing the terms User Experience and User Interface (UX/UI). These are terms given to different aspects of how we interact as humans with a product whether it be physical or digital. For a detailed definition have a look at this easy to understand blog
As many of the platforms users will know Zoom has a limit of 40 minutes on its free license. Most business users will have realised this for the first time during an important call with a customer or an investor when suddenly the call ends. Panicking you try to get a new call setup and spend the first few minutes of the call explaining to the other party how IT are going to get a right royal telling off for that happening.
During the Covid-19 Pandemic about 88% of all companies implemented mandatory work from home for all employees and many of these will offer WFH as an ongoing option for employees. Many of these organisations prior to the pandemic did not even know what WFH was let alone permitted employees to do it. This means that with the rapid change caused by the Pandemic many companies simply told staff to work from home with no real consideration to whether this was a secure thing to do or whether the employees would actually be able to perform their job by getting access to the necessary applications. Many IT departments were making changes on the fly.
This new WFH culture meant that people were engaged less with in person communications and therefore email usage increased. With this came an increase in Phishing attacks from those who were keen to alleviate you of your savings or company funds. In fact 30% of all Phishing attacks are targeting work from home employees and combined with the statistic that 90% of all employees find it difficult to identify a phishing email it is easy to understand how this is a significant risk to any company whose employees are, forced through legislation or otherwise, working from home.
The solution to this is a three prong approach:-
- Ensure all staff have received comprehensive training on how to identify and handle phishing and other malicious emails. In fact employee cybersecurity training of any form will benefit the company.
- Ensure all staff have suitable secure equipment to work from home with. If they are using their own equipment then get your IT to audit their machines to ensure they are fit for purpose. Consider providing company secured equipment to those “intense users” for work from home use.
- Ensure your company email is secure and that it protects from most kinds of malicious email. This may cost a bit more each month but the long terms benefits outweigh these costs.
At FunctionEight we often win new clients because the old IT provider failed to secure the email properly or advise the client what should or should not be done. Don’t become a victim and ensure you heed the words of advise above.
If you are unsure how to proceed please feel free to contact Henrik on his email firstname.lastname@example.org to see how FunctionEight can help you.
For a more comprehensive look at WFH policies please review our previous blog https://www.functioneight.com/blogs/wtf-wfh-work-home
There are many governments grants available in Hong Kong an SME. In fact, the government has over 40 grant schemes available. I am not sure exactly how much money has been put into these grants but it runs into the 10’s billions Hong Kong dollars and there is a large percentage of the grant still available. This means that the average SME should be applying for 3 or 4 of these grants to maximise what is available to them.
Soon after the horrific explosion that occurred in Beirut the dark side of our world kicked in and specifically two things occurred that seem to be an ever increasing trend in times of crisis:-
Actual photos and videos of the event are edited and manipulated to accommodate a different and often more sinister story line. Regular media and social media are excellent avenues for the distribution of material…