Why USBs should spook your business this Halloween…

In light of the recent security breaches at Heathrow Airport involving misplaced USB drives, we’re continuing our theme of highlighting the chilling perils of USBs for business data.

Malware delivered via removable media

The top malware spread via removable media has stayed relatively consistent since at least 2016. For example, the family of Windows LNK malware, Trojans containing links for downloading malicious files or paths for launching a malicious executable, has remained among the top three threats spread by removable media. This malware is used by attackers to destroy, block, modify or copy data, or to disrupt the operation of a device or its network. The WinLNK Runner Trojan, which was the top detected USB threat in 2017, is used in worms for launching executable files.

In 2017, 22.7 million attempted WinLNK.Agent infections were detected, affecting nearly 900,000 users. The estimate for 2018 is around 23 million attacks, hitting just over 700,000 users. This represents a 2% rise in detections and a 20% drop in the number of users targeted year-on-year.

For the WinLNK Runner Trojan the numbers are expected to fall more sharply – with a 61% drop in detections from 2.75 million in 2017 to an estimated 1 million in 2018; and a decline of 51% in the number of users targeted (from around 920,000 in 2017 to just over 450,000 in 2018).

Other top malware spread through USB devices includes the Sality virus, first detected in 2003 but heavily modified since; and the Dinihou worm that automatically copies itself onto a USB drive, creating malicious shortcuts (LNKs) that launch the worm as soon as the new victim opens them.

Miners – rare but persistent

USB devices are also being used to spread cryptocurrency mining software. This is relatively uncommon, but successful enough for attackers to continue using this method of distribution. According to KSN data, a popular crypto-miner detected in drive roots is Trojan.Win32.Miner.ays/Trojan.Win64.Miner.all, known since 2014.

Malware in this family secretly uses the processor capacity of the infected computer to generate the cryptocurrency. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the parameters that enable it to send the results to an external server controlled by the attacker.

Kaspersky Lab’s data shows that some of the infections detected in 2018 date back years, indicating a lengthy infection likely to have had a significant negative impact on the processing power of the victim device.

In short, the threats are varied and sophisticated.

What can your business do to safeguard itself?

USB drives offer many advantages: they are compact and handy, and a great brand asset, but the devices themselves, the data stored on them and the computers they are plugged into are all potentially vulnerable to cyberthreats if left unprotected.

Fortunately, there are some effective steps businesses can take to secure the use of USB devices.

Advice for all USB users:

  • Be careful about the devices you connect to your computer – do you know where it came from?
  • Invest in encrypted USB devices from trusted brands – this way you know your data is safe even if you lose the device
  • Make sure all data stored on the USB is also encrypted
  • Have a security solution in place that checks all removable media for malware before they are connected to the network – even trusted brands can be compromised through their supply chain
  • Manage the use of USB devices: define which USB devices can be used, by whom and for what
  • Educate employees on safe USB practices – particularly if they are moving the device between a home computer and a work device
  • Don’t leave USBs lying around or on display

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Poll: Company USB use

Do you know if your users are using USB sticks to share files and company information? Let us know your company experience with them and see what your counterparts are saying…

<<< Take part in our poll >>>

You can read more about some of the potential pitfalls associated with USBs in our blog.

Are your users using USBs to share company information?

USB sticks

The USB stick is one of those seemingly harmless plug-in accessories that we’ve all used for sharing files and for those last-minute meeting room nightmares when your colleague that was supposed to be presenting your team’s update can’t get online or connect to the projector!

USB sticks

Various incarnations, shapes and sizes of USB devices have been around for almost 20 years now, offering an easy and convenient way to store and transfer digital files between computers that are not directly connected to each other or to the internet.

Even though there’s cool new ways to share things online and via cloud apps, there’s no harm in your users keeping USB sticks ‘just in case’, right? Nowadays, cloud services such as Dropbox have taken on much of USB stick’s traditional workload in terms of file storage and transfer, and there is greater awareness of the security risks associated with USB devices. Because of this, USBs use as an essential business tool is declining – yet millions of USB devices are still produced and distributed annually, with many destined for use in homes, businesses and as marketing promotional items for trade show giveaways.

Is this scaremongering or is the risk of company data loss from USBs real?

99 times out of 100 probably not. But there’s always that risk as Heathrow Airport among many others have found out with its recent £120,000 fine from the ICO. While Heathrow largely ‘got away with that one’ from a hacking perspective at least, USBs have been exploited by cyberthreat actors, most famously by the Stuxnet worm in 2010, which used USB devices to inject malware into the network of an Iranian nuclear facility. And as well as the actual risk of company data loss, there’s also the reputational risk and financial damage of fines from regulations such as the GDPR.

We also understand that laptops, tablets, phones and other such portable endpoint devices with access to sensitive data will always be areas of potential data breach (we can help with those too…), but for the purposes of this article we’re singling out the poor USB!

What do the figures tell us?

In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.

USB devices remain a target for cyberthreats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident. These are attacks detected directly on a user’s computer and include infections caused by removable media like USB devices.

This short report reviews the current cyberthreat landscape for removable media, particularly USBs, and provides advice and recommendations on protecting these little devices and the data they carry.

The overview is based on detections by Kaspersky Lab’s file protection technologies in the drive root of user computers, with a specific scan filter and other measures applied. It covers malware-class attacks only and does not include detections of potentially dangerous or unwanted programs such as adware or risk tools (programs that are not inherently malicious, but are used to hide files or terminate applications, etc. that could be used with malicious intent). The detection data is shared voluntarily by users via Kaspersky Security Network (KSN).

Key findings

  • USB devices and other removable media are being used to spread cryptocurrency mining software – and have been since at least 2015. Some victims were found to have been carrying the infection for years.
  • The rate of detection for the most popular bitcoin miner, Trojan.Win64.Miner.all, is growing by around one-sixth year-on-year.
  • One in 10 of all users hit by removable media infections in 2018 was targeted with this crypto-miner (around 9.22%, up from 6.7% in 2017 and 4.2% in 2016).
  • Other malware spread through removable media/USBs includes the Windows LNK family of Trojans, which has been among the top three USB threats detected since at least 2016.
  • The 2010 Stuxnet exploit, CVE-2010-2568, remains one of the top 10 malicious exploits spread via removable media.
  • Emerging markets are the most vulnerable to malicious infection spread by removable media – with Asia, Africa and South America among the most affected – but isolated hits were also detected in countries in Europe and North America.
  • Dark Tequila, a complex banking malware reported on August 21, 2018 has been claiming consumer and corporate victims in Mexico since at least 2013, with the infection spreading mainly through USB devices.

In our next article we’ll examine how the threat carried by USBs isn’t static, and hacks are unfortunately becoming more and more sophisticated.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Could your company survive a six-figure fine for data breach?

Heathrow Airport received a £120,000 fine this week for allowing a data breach by way of an un-encrypted USB stick being misplaced and falling into the hands of a national newspaper.

The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

“The stick held a training video containing names, dates of birth, vehicle registrations, nationality, passport numbers and expiry, roles, and mobile numbers of 10 individuals involved in a particular greeting party, and also details of between 12 and 50 (exact number unconfirmed) Heathrow aviation security personnel, ” the Information Commissioners Office (ICO) said in its penalty notice.

What did Heathrow get so wrong?

While it’s easy to say that it’s easy to lose a USB stick and that there’s little a company’s directors can do to mitigate such a data breach scenario, in issuing the fine, the ICO also pointed out that less than 2% of Heathrow’s 6,500 staff had even received data protection training.

Other concerns noted during the investigation included the widespread use of removable media in contravention of Heathrow’s own policies and guidance and ineffective controls preventing personal data from being downloaded onto unauthorised or unencrypted media.

This is despite the fact that most businesses now rely more and more on IT to support their activities, and this makes them increasingly vulnerable to threats from hackers, viruses and even from malicious or careless actions their own staff as in the Heathrow case.

How can you ensure your company does not fall victim to data breach?

Having the correct solutions, policies and training in place can make the difference between success and failure for your company – strong IT security has never been so crucial.

Information also needs to be protected if you share it with other organisations. For many businesses, the internet has replaced traditional paper-based methods of exchanging information. It can be sent and received faster, more frequently and in greater volume – but the internet in itself brings its own security issues which businesses must consider.

Having an effective IT security polity in place can help you control and secure information from malicious changes, deletions, data breach, or from unauthorised disclosure.

How we can help

Complete IT Systems has the experience, accreditations and skills to provide your business with the security solutions you need. For more information on how Complete IT Systems can help your business, call us on 0845 873 9631 or contact us and we can call you back.

References

https://www.silicon.co.uk/workspace/heathrow-fined-120000-usb-stick-237689

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/heathrow-airport-limited-fined-120-000-for-serious-failings-in-its-data-protection-practices/

How Oxfordshire County Council increases security & saves on IT costs

Oxfordshire County Council increases security and cost savings with Microsoft Windows 10 and Enterprise Cloud Suite.

With a need to make sure their IT services could deliver the best service possible to residents, the Council required a service that was future minded with security embedded into it; that’s where Windows 10 and the Microsoft Enterprise Cloud Suite fitted into their strategy.

Find out more in this short video introduction

Want to find out more?

As Microsoft Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Cut through business complexity with Microsoft Dynamics 365 Business Edition

Find out how your organisation can benefit with this short video – you’ll see how a small business owner uses Dynamics 365 Business Edition to take control of multiple business processes within one powerful seamless solution, resulting in a swift and efficient customer experience.

Want to find out more?

As Microsoft Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Up to 12,000 prints and no ink cartridges. Too good to be true?

Canon have launched the new PIXMA G-Series range offering incredible page yields and borderless printing. The new portfolio provides high quality, low cost print solutions perfect for all office environments whether your organisation is in education, retail or any other sector.

Best of all, integrated ink tanks make it easy to monitor ink levels, and make it easy to quickly carry out refills in one simple step.

There’s a few days left of the special September pricing offers, so call us today to take advantage of them!

If not having to fiddle around with expensive ink cartridges isn’t enough of a benefit, the G-Series has also been built to be versatile – in any environment. With up to 8.8 ipm Mono Print Speed and borderless printing capabilities the PIXMA range provides your organisation with a high-quality versatile print solution.

Features:

  • High yield – Canon assures quality with its genuine pigment Black and Colour dye inks, developed to work with the PIXMA G Series to deliver outstanding high yield with up to 12,000 prints*
  • Compact design – Space saving, compact design that sits neatly within your home or office without compromising outstanding quality results, every time
  • Integrated ink tanks – Front-facing integrated ink tanks make it easy to keep track of ink levels. Ink is refilled smoothly and quickly using the optimised refill system and easy one-step ink/bottle handling.
  • Pigment black ink – Crisp sharp text and smooth vibrant images every time using high quality pigment black ink and dye based colours
  • Borderless printing – Our high quality dye based colour inks guarantee smooth and natural photos which allows you to enjoy printing borderless 4×6” photos in approximately 60 seconds

Find out more

As Canon Authorised Partners, Complete IT Systems are able to offer you leading guidance on your organisation’s print environment to achieve best value for money, results and reliability. Give us a call today on 01274 396 213 or email  to talk to one of our print specialist team.

Somerset County Council Improves Productivity With Windows 10

A single system outage in a local government agency can have dire consequences for citizens. To ensure operational continuity and meet its budget, Somerset County Council replaced its backup and recovery technologies with a hybrid cloud solution from Microsoft.

Tangible results

As a result, Somerset has optimised operations, boosted agility, and empowered employees. It can restore files and systems in less time, and IT staff can provision infrastructure that supports backups at least three weeks faster. The new solution also costs significantly less to run than previous technologies. Behind the scenes, Somerset backs up 2,790 system streams including VMware virtual machines and Microsoft SQL Server databases with Microsoft Azure Backup Server. IT staff are now adding more workloads and agentless VMware backups. To store and back up employee data, Somerset uses a multi-tiered Azure StorSimple solution.

Continuity of service

Regardless of the day and time, people look to their local governments for leadership and community services, from highway maintenance to programs that support at-risk children and adults. “Our day-to-day operations depend on a lot of mission-critical systems, and we must always be ready to respond to unforeseen events,” says Dean Cridland, Senior IT Officer at Somerset County Council. “For example, we had some serious flooding a few years ago, and our guys had to instantly coordinate efforts with many other agencies. We can’t spring into action like that if our systems are down.”

Check out this short video to learn more about the value Microsoft has provided to Somerset Council.

Want to find out more?

As Microsoft Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Money for old rope with the £200 Lenovo trade-in!

For a limited time your business can claim a £200 reward per device for trading in old laptops or desktop PCs for qualifying Lenovo ThinkPads.

Not only can you recover some value from your existing business laptops and desktop PCs, but you can also take the opportunity to upgrade your users to Lenovo’s fantastic ThinkPads. Here’s our 6 reasons to choose Lenovo to help you consider your choice.

Lenovo trade in

4 simple steps to claim

It’s a simple 4-step process, and here at Complete IT Systems we can guide you through your trade-in from your initial claim through to the delivery of your shiny new Lenovo ThinkPads. In short, you:

  1. Purchase the qualifying products (click here for the list)
  2. Make your claim with Lenovo within 21 days of your product purchase date
  3. Send back your old devices
  4. Get paid within 21 days of validation, checking the progress of your trade-in at any time with us or on the Lenovo website

Terms and conditions apply. For more details on qualifying products and qualifying trade in devices please visit Lenovo’s Promotions Website.

Want to find out more?

As Lenovo Platinum Solution Partners, Complete IT Systems can offer you expert advice on the Lenovo range and how it could be effectively deployed in your business. To find out more give us a call on 01274 396 213 or email info@cit-sys.co.uk.

 

Frank Sinatra and the VPN

With Bring-Your-Own-Device (BYOD) becoming firmly entrenched in many workplaces in the UK (IDC estimate 90% have some degree of official or unofficial policy for it), we examine the future of the VPN and how it impacts IT departments. As Sinatra famously sang, “and now, the end is near” – well it may be for the good old VPN…

Do you even allow BYOD in your organisation?

On some levels, the rise in personal laptop use in particular should set off alarm bells for any IT manager, particularly those who manage endpoint security. And not all use is official – a report in the Harvard Business Review online reported that the dramatic increase of Bring-Your-Own-Laptop (BYOL) has been in large part unsanctioned by IT. But even if you’ve given BYOD the green light, do you have the right solutions in place in case anyone does ‘Somethin’ Stupid’.

What does this mean for IT?

As you well know, many of the systems in place designed to protect the corporate network and corporate data are rendered obsolete when individual employees work on a personal laptop, and mishaps can lead to financial, reputational, competitive, compliance and legal difficulties for the business.

When employees connect to cloud services on non-corporate devices outside the view of IT, it significantly increases the risk of a data breach. Ask an IT manager why that is, and you’ll probably say that the problem “sits between the keyboard and the chair”. That is, users themselves make unsafe or uninformed mistakes on which links they click on, which apps they allow to access their data, and which sites follow their moves around the web using cookies.

And now the VPN faces the final curtain

All this is to say that when it comes to allowing employees to bring their own laptop, IT must make it as easy as possible to follow security protocols. Traditionally, this has meant requiring a connection to the secure corporate network using a VPN. It’s likely that you have used a VPN at some point in the course of your career, and it’s even more likely the last thing that comes to mind when you think of that experience is “seamless”.

Some have gone so far as to disparage their corporate VPNs as “the worst thing about working remotely” or “the reason I missed that meeting”, as well as harsher comments not fit for print.

It’s safe to say that the days of the VPN are numbered. The elegant solution to the problem of the clunky VPN brings together comfortable user experience and security: a secure browser to access corporate data. For unmanaged laptops, this allows IT to set the parameters of acceptable use and access directly within the browser. Users only need to open a secure browser to get to work.

You can become that the “Ol Blue Eyes” of your users

Your users win….

This intersection between employee productivity and enterprise-grade security is BlackBerry’s sweet spot. With BlackBerry Access, users can simply open the secure browser and reach corporate servers, corporate content, and web-based applications such as Salesforce, from the comfort of their own laptop. Users can also edit Office 365 documents, and work from their tried-and-true productivity apps, such as BlackBerry Work and BlackBerry Workspaces. They can even get work done offline – supporting the dream of working from anywhere – it will be Love and Marriage.

IT win….

From IT’s perspective, this offers a win-win-win situation: users are more productive because their tools are intuitive, corporate data stays secure, and the cost of enabling BYOL goes down because there’s no need for VPN or VDI licenses. This frees up IT time and budget to work on automating and mobilising more complex workflows than the standard email-calendar-contacts trifecta (typical to PIM enterprise apps). We’re not suggesting you go around the office singing “I did it my way”, but it’s one last Sinatra reference at least!

Want to find out more?

As Blackberry Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.