Skip to content

Tag: kaspersky

  1. Home
  2. Tag Archives: kaspersky

Business IT security – the challenges & solutions

Small and medium sized businesses are exposed to the same cyberthreats as everyone else is, and they need protection. But we get it – it’s not easy striking the right balance with your cyber defences; consumer cybersecurity products are insufficient, and yet enterprise solutions are too costly and complicated.

Small business IT security

At best, an small and medium sized businesses might have an IT team including someone who is responsible for cybersecurity. But IT is a lot more than cybersecurity, and one person doing it all cannot devote much time to managing a heavy security solution. However, even that is a best-case scenario for small business IT security. According to our research, some businesses dedicate the role of security management to non-specialist internal staff — and some companies have no cyber security function at all.

In the age of cyber attacks ranging from everything from networks to USB sticks, it’s not an option to leave your business unprotected.

I’ve seen the news, but why is cyber security so important to my small business?

Businesses of all sizes can fall prey to a variety of malware and social engineering attacks such as phishing. Here are some of the business assets that it’s wise to protect when thinking about your small business IT security strategy.

Your money

Financial fraud is still one of the most damaging types of attacks. Our solutions have a Safe Money subsystem that can protect your finances from scammers. It ensures that you access only genuine, secure financial sites, and it protects your financial data from unauthorised applications and unsafe browser extensions.

Your data

Your business information is another primary target for cybercriminals. That is why our solutions allow encryption of files and folders, and also includes an automated backup and restore feature to protect your data from cryptomalware.

Your software

Our solution can help keep your business applications up to date. By running a scheduled search for application updates, it decreases the risk of cybercriminals exploiting unpatched application vulnerabilities.

Your passwords

Part of our small business solutions is a module called Password Manager, which can store passwords, bank account details, document scans, and text notes in a secure vault.

Your server

In case you need it, the Small Office Security feature can be installed on the server and protect it as well as a workstation.

So what’s the solution? Is there one?

The good news is that SMB IT security is made easier with the right solution.

Based on the above, Kaspersky’s small business solutions are tailored to provide the following benefits:

  • Efficiency
  • Simple deployment
  • Easy management
  • Intuitive interface
  • Nothing in excess

As a result, you do not need to be a security specialist or even an IT professional to install or manage Kaspersky Small Office Security. The small business IT security solution provides out-of-the-box protection from most relevant cyberthreats and can be managed by almost any office employee (or ourselves at Complete IT Systems if you prefer). The Web console provides all information necessary for managing cybersecurity: information about licenses, users, devices, product versions, and so on. The main protective subsystems do not need much attention, so your employees can concentrate on their day jobs instead.

Find out more in this short video

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Driving Ferrari’s true cybersecurity

Connect, detect, protect.

When you’re one of the world’s most iconic brands, driven by the most successful team in Formula 1 history and people’s safety depends on the accuracy and availability of your data, you can’t afford to take risks. That’s why Ferrari trusts Kaspersky Lab to take care of its cybersecurity.

From its world-famous Maranello factory to the Formula 1 circuit, more than 5,000 Ferrari endpoints and systems globally are secured by the world’s IT Security specialists, Kaspersky Lab.

And as both companies’ technological vision and innovation extend to connected cars, Internet of Things and a constantly evolving web presence, Kaspersky Lab is deepening its technology partnership with Ferrari, delivering protection that extends beyond devices to the data itself, 24 hours a day, seven days a week.

“Though we work in very different industries, we’re united by the same core business values: technological leadership and a passion for innovation and getting forever better at what we do,” says Kaspersky Lab founder and CEO, Eugene Kaspersky. Speed, security, cutting-edge innovation…great ingredients for deepening a great partnership.

Always-on cybersecurity – everywhere.

In addition to the more than 300,000 unique pieces of malware Kaspersky Lab experts uncover every day, new threats are evolving all the time. As cyber criminals develop tools individually tailored to each victim, indicators of compromise are no longer enough on their own to help organisations detect attacks. The continuing march of ransomware and distributed denial of service (DDoS) attacks have joined with device integrity in an Internet of Things landscape to introduce new areas of vulnerability, particularly in manufacturing environments where new-found connectivity isn’t always accompanied by cybersecurity awareness.

In this environment, knowing where you’re vulnerable is as important as your ability to detect and prevent cyber-attacks. Rounding this self-awareness out with the latest threat intelligence to help anticipate what’s around the next chicane is vital for an organisation with Ferrari’s profile and reputation.

They need a security partner that doesn’t just keep pace with the latest threats, but stays ahead of them – while anticipating the vulnerability profile of the most innovative digital technologies. That’s why Ferrari chose to deepen its partnership with Kaspersky Lab. In addition to protecting traditional areas of company technology such as endpoints, ERP and PLM, Kaspersky Lab now works with Ferrari to protect its digital world through penetration testing, vulnerability assessment and threat intelligence.

Protecting the brand, ensuring availability

With a global web presence and a valuable brand to protect, it was critical that the company trusted to do this was not only global in reach, but global in its threat intelligence and analysis capabilities and expertise. Kaspersky Lab, already a trusted partner in protecting Ferrari’s endpoint ecosystem, was put through its paces and, once again, was the perfect fit to protect the company’s digital presence.

Defence against known web exploits, paired with threat intelligence and vulnerability assessment to anticipate and mitigate threats before they become a problem, is now another layer of Kaspersky Lab’s cybersecurity helping to protect one of the world’s biggest brands. On-demand scanning with minimal performance impact, protection from DDoS attacks, the capacity to provide actionable threat intelligence within strict platform specifications and complete confidentiality in reporting…just a few of the reasons Kaspersky Lab made it to Pole Position in Ferrari’s rigorous tests.

True security without compromise

But it doesn’t stop at the web: overall availability of systems, infrastructure and the applications running on them is of vital importance, but so is performance: “Performance, as you can understand, at Ferrari is very important, so we need to ensure security without compromise,” says Chief Technical Officer, Francesca Duri.

Tasked with ensuring the availability of the IT infrastructure for Ferrari’s manufacturing plants, Duri says Kaspersky Lab’s industrial cybersecurity solutions set it apart in a market where few mainstream vendors can offer this kind of expertise: “I was surprised in a very positive way when, working with Kaspersky, I learned that they already have solutions for security in this area. That’s the reason we’re working together and why we will keep working together to make sure the same level of cyber security applies to all the business areas.”

High performance under pressure gives you an edge

Ferrari operates one of the most sophisticated production lines in the world, where high levels of automation combine with precision techniques, test data and more than 2,000 employees to form a complex, high-value infrastructure with unique security requirements.

And that’s before you factor in the demands of a race weekend: with over 60Gb of data per car accumulating over the course of a race and multiple, real-time simulations using that data at the track, there’s a lot at stake.

“One of the advantages we’ve found in the collaboration with Kaspersky is their availability to follow our needs,” says CIO Vittorio Boero. “Kaspersky is a company I selected to work with in 2012 when I arrived here in Ferrari.” Like all the best relationships, this is one that continues to grow and evolve around shared vision, understanding and expertise.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Cybersecurity in the workplace – educate & protect your users

Employees are of course your company’s most valuable asset, and grow revenue, build relationships with clients, and, make the business function. They also have an invaluable role to play in the firm’s security perimeter.

Cybercriminals, however, are more likely to view your employees as the path of least resistance into an organisation. Indeed, two of the top causes of security breaches are careless or uninformed employee actions and phishing or other social engineering. Cybercriminals know that, and they use it to their advantage.

With a robust security education programme in place, your company can protect its most sensitive information by ensuring cybercriminals cannot break through your employee firewall.

With a lot of customers and prospects asking about cybersecurity best practices for their workplaces, here’s a summary of some of the main ones.

What type of cybersecurity awareness programme would be best for our business?

Cybersecurity awareness programmes are not one-size-fits-all. Every organisation will have different needs depending on their business strategic goals, objectives, risk analysis, and even risk appetite. So, it’s useful to ask how cybersecurity helps the primary business of the organisation, and if it meets your particular requirements.

From a cybersecurity perspective, what should we think about when securing our workplace?

Organisations often overlook three areas when thinking about cybersecurity:

  1. The role of IoT: The well-being of employees should be at the forefront of every organisation’s plans for cybersecurity. This may not seem intuitive when thinking about cybersecurity, or very cyber to most. But the increasing prevalence of Internet of Things (IoT) devices has blurred the line between physical security and cybersecurity. Wireless security cameras that are managed through a Web interface or a smart lock that is opened by an employee’s smart phone — when do things stop being physical and start being cyber? Many companies have traditional physical security and environmental controls in place, but these groups are disconnected from the real problem solvers. In an IoT age, cybersecurity and IT teams are responsible for remediation efforts. In the workplace, these systems often share the same network resources as the rest of the business. Connecting IoT devices to the main network is risky because it provides an entry point for potential attackers to access corporate network resources. Vulnerable systems can also be used to access poorly secured industrial control systems (ICS). For organisations that run critical infrastructure or manufacturing on ICS, an in-depth search of all systems involved should be performed. These networks should also be included in any cybersecurity efforts going forward.
  2. Situational awareness of assets and data. Most cybersecurity frameworks rest on knowing what assets (including data) an organisation has: the systems and applications that process the data, who has access, and where it resides. A cybersecurity risk assessment based on known assets will allow for a more thorough way to determine viable threats. This enables an organisation to focus its cybersecurity resources where they matter most.
  3. Cybersecurity awareness and training: Awareness extends beyond discovering and cataloging assets. Awareness should be a continual effort to educate employees on policies, current threats, and how to deal with those threats. Special focus should be paid to social engineering, which is still the most common and successful attack vector. Organisations should offer training geared toward certain roles, not just generic awareness training. Make the training personal and fun. Tell stories and play educational games that will support awareness concepts. An awareness program should be anything but a test. A good cyber programme features a mixture of in-person/instructor-led, online/self-paced modules, scenario-based, and surveys. Always gather metrics to show successes and weaknesses in security awareness programs.

Our IT team is already well informed about cybersecurity. Why should they undergo more training?

Regular education on cybersecurity hygiene should be common practice across the organisation. Employees are often referred to as the “weakest link,” but in actuality, they are the most common attack vector and should be treated like any other attack vector in the organisation.

We have run a few training programmes already, but none seem to be effective. What should we be doing?

It’s no secret that traditional training programs typically fail to achieve the desired behavioural changes or motivation. To build an effective educational programme, there has to be an understanding of what lies behind any learning and teaching process. For a successful cybersecurity awareness program, the key is to create a culture of cybersecurity — one that motivates employees to continue secure practices in their daily lives beyond the perimeters of the office. After all, the goal of awareness training is not only to deliver knowledge but to change habits and form new behaviour patterns.

The  Kaspersky Security Awareness products are a good place to start or to fill in gaps in an existing programme. The computer-based training products draw on modern learning techniques: Gamification, learning-by-doing, and repeated reinforcement help to build strong skills retention and prevent obliteration; and emulating the employee’s workplace and behaviour draws users’ attention to their practical interests. These motivating factors guarantee that the skills will be applied.

How often should employees be reporting suspicious activity?

Cybersecurity teams would rather have employees report a false positive than wait until something “suspicious” manifests into a large threat. But before employees can report suspicious activity, they need to be able to identify what is considered suspicious.

A robust cybersecurity awareness training programme and its reinforcement materials should define suspicious incidents through examples, and how and when to make a report. Employees should then be encouraged to report any activity that may seem suspicious. Different procedures exist for incident reporting. Some organisations use the IT service desk, others have an email that generates a ticket for the security teams, and some may require employees to report the incident to their managers.

Once employees are knowledgeable in identifying and reporting suspicious activity, the next step is to establish incident response policies. Incident response policies should outline procedures and employee responsibility when dealing with an incident.

The message to emphasise is that it’s easier to nip something in the bud even if you’re not sure if it’s a cyber threat than to manage a crisis in full bloom.

How does BYOD impact cyber security policies?

Bring your own device (BYOD) has become an increasingly popular approach in UK business. Employees get to enjoy the flexibility of choosing when to work and what device to work on, and employers benefit from reduced support costs for IT assets.

However, a poorly managed BYOD policy can put company data at great risk. Allowing employees to use their own devices for work means their devices are “out of view” of traditional security controls.

And while not all businesses need end-to-end BYOD policies, it is crucial that they establish safety policies and procedures. For example, they need to segregate work and play. Company data should be processed only by applications that are vetted and secured by the organisation. This may seem challenging when users are on their own devices. Thankfully, mobile device management (MDM) tools exist. MDMs can segregate and secure company data, vet and approve applications, and track and remotely wipe devices of all company-related information.

Where can I find more resources for continued education on cyber security?

Kaspersky Lab offers various resources for maintaining ongoing awareness of threats and incidents in the world of cybersecurity. You can read about some of these, or contact Complete IT Systems using the details below to discuss your requirements and for more advice about the solutions on offer.

  • Threatpost is a leading source of information for news about IT, business security, and cybersecurity analysis.
  • Securelist provides news, reports, and fascinating research in the cybersecurity industry.
  • The Kaspersky Lab threats site is constantly updated with the ever-changing landscape of threats and vulnerabilities in cybersecurity.
  • The Cyberthreat real-time map is an interactive tool that visualizes real-time cyberthreats around the world.
  • And, of course, Kaspersky Daily, our main blog, has posts relevant for businesses and consumers.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Why are mobile devices like a needle in a haystack for IT?

When your business depends on response speed and access to data and email, ‘on the go’ availability is a must. However, more access brings more mobile data security threats. That is why it is rational to assess risks and have a well-thought-out protection strategy before adopting mobile device usage across your business.

As part of our series of blogs highlighting the pitfalls of cyber security for business, this week we’re looking at why mobile devices with access to business data can prove to be a needle in a haystack for IT to keep track of.

Mobile devices – a needle in a haystack for IT

An employee’s mobile device is an interesting target to a broad array of cybercriminals. Some are looking for corporate intellectual property (and according to Kaspersky’s “IT Security Risks Survey 2018,” employees in 1 in 5 enterprises access corporate intellectual property using their personal mobile devices and tablets). Others think that your contact list is good loot — it can be used for spear-phishing attacks on your colleagues.

While those are rather exotic threats, don’t forget about more widely distributed malware that doesn’t target a specific business. Last year, our systems registered 42 million attempted attacks on mobile devices. They included a variety of Trojans that tried to hijack social media and bank accounts, ransomware, and more. They may not sound as scary as targeted attacks, but they can cause plenty of harm, especially if the accounts in question are corporate ones, and the situation is especially common in small and medium businesses.

Mobile specifics

The main problem with mobile devices is that they do not stay inside a company’s security perimeter, which makes pinpointing the threats akin to searching for the proverbial needle in a haystack for IT. They can be exposed to unsecured public Wi-Fi or just be lost or stolen. When employees use the same device for both work and personal activities, more problems pop up. An employee might accidentally download a compromised application preloaded with a spying module or ransomware, for example. They might try to root or jailbreak their device and expose it to even more threats.

Some of the problems with mobile data security — unfortunately, not all of them — can be solved with mobile device management and enterprise mobility management solutions. To resist sophisticated malware, companies need an additional level of protection.

How to prevent business mobile security breaches

Kaspersky’s ‘Security for Mobile’ solution was recently updated to include machine-learning-assisted technologies with cloud-based threat intelligence mechanisms to bring threat prevention, detection, and remediation to mobile platforms and thus keep your business information safe.

For example, Kaspersky Security for Mobile can detect if an employee’s smartphone or tablet is jailbroken or rooted (bad enough if the employee did it, but worse if done without their knowledge). Our solution also provides application control, Web traffic control, antiphishing, and antispam subsystems to corporate devices.

Kaspersky Security for Mobile integrates with Microsoft Exchange ActiveSync, iOS MDM, and Samsung KNOX platforms; and Kaspersky Security for Android (a part of this solution) is also compatible with VMware AirWatch and MobileIron. That compatibility allows your IT staff to configure and control security management for most widely used mobile devices.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Are your users using USBs to share company information?

USB sticks

The USB stick is one of those seemingly harmless plug-in accessories that we’ve all used for sharing files and for those last-minute meeting room nightmares when your colleague that was supposed to be presenting your team’s update can’t get online or connect to the projector!

USB sticks

Various incarnations, shapes and sizes of USB devices have been around for almost 20 years now, offering an easy and convenient way to store and transfer digital files between computers that are not directly connected to each other or to the internet.

Even though there’s cool new ways to share things online and via cloud apps, there’s no harm in your users keeping USB sticks ‘just in case’, right? Nowadays, cloud services such as Dropbox have taken on much of USB stick’s traditional workload in terms of file storage and transfer, and there is greater awareness of the security risks associated with USB devices. Because of this, USBs use as an essential business tool is declining – yet millions of USB devices are still produced and distributed annually, with many destined for use in homes, businesses and as marketing promotional items for trade show giveaways.

Is this scaremongering or is the risk of company data loss from USBs real?

99 times out of 100 probably not. But there’s always that risk as Heathrow Airport among many others have found out with its recent £120,000 fine from the ICO. While Heathrow largely ‘got away with that one’ from a hacking perspective at least, USBs have been exploited by cyberthreat actors, most famously by the Stuxnet worm in 2010, which used USB devices to inject malware into the network of an Iranian nuclear facility. And as well as the actual risk of company data loss, there’s also the reputational risk and financial damage of fines from regulations such as the GDPR.

We also understand that laptops, tablets, phones and other such portable endpoint devices with access to sensitive data will always be areas of potential data breach (we can help with those too…), but for the purposes of this article we’re singling out the poor USB!

What do the figures tell us?

In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.

USB devices remain a target for cyberthreats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident. These are attacks detected directly on a user’s computer and include infections caused by removable media like USB devices.

This short report reviews the current cyberthreat landscape for removable media, particularly USBs, and provides advice and recommendations on protecting these little devices and the data they carry.

The overview is based on detections by Kaspersky Lab’s file protection technologies in the drive root of user computers, with a specific scan filter and other measures applied. It covers malware-class attacks only and does not include detections of potentially dangerous or unwanted programs such as adware or risk tools (programs that are not inherently malicious, but are used to hide files or terminate applications, etc. that could be used with malicious intent). The detection data is shared voluntarily by users via Kaspersky Security Network (KSN).

Key findings

  • USB devices and other removable media are being used to spread cryptocurrency mining software – and have been since at least 2015. Some victims were found to have been carrying the infection for years.
  • The rate of detection for the most popular bitcoin miner, Trojan.Win64.Miner.all, is growing by around one-sixth year-on-year.
  • One in 10 of all users hit by removable media infections in 2018 was targeted with this crypto-miner (around 9.22%, up from 6.7% in 2017 and 4.2% in 2016).
  • Other malware spread through removable media/USBs includes the Windows LNK family of Trojans, which has been among the top three USB threats detected since at least 2016.
  • The 2010 Stuxnet exploit, CVE-2010-2568, remains one of the top 10 malicious exploits spread via removable media.
  • Emerging markets are the most vulnerable to malicious infection spread by removable media – with Asia, Africa and South America among the most affected – but isolated hits were also detected in countries in Europe and North America.
  • Dark Tequila, a complex banking malware reported on August 21, 2018 has been claiming consumer and corporate victims in Mexico since at least 2013, with the infection spreading mainly through USB devices.

In our next article we’ll examine how the threat carried by USBs isn’t static, and hacks are unfortunately becoming more and more sophisticated.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

The Kaspersky Cloud and how it benefits your business

The Kaspersky Endpoint Security Cloud couldn’t be easier to manage. It’s the most effortless – and powerful – way for busy IT pioneers to guarantee exceptional future-ready protection without sacrificing IT resources, time or budget. It delivers exceptional future-ready protection that couldn’t be easier to manage.

Bursting with next generation technologies, it’s perfect for the era of cloud, remote working and BYOD – eliminating risks and safeguarding your cloud investments for a secure, profitable, and exciting future.

In our next article, we look more in-depth at the features of the Kaspersky Endpoint Security Cloud, but for now we focus on the cloud and what it can do for your business.

The power of the cloud

The cloud is a powerful tool, so long as you know how to control it. With NEW Cloud Discovery technology, you can uncover and block unauthorised cloud use automatically.

Instantly stop the spread of malicious software, phishing, ransomware, spam and business email compromise (BEC), and enjoy automatically updated protection from Kaspersky Security for Microsoft Office 365 – included as standard.

Advance, discover, explore, with Kaspersky Endpoint Security Cloud – the easiest way to protect your business, without sacrificing your IT resources, time or budget.

How to get started – 2 FREE licenses and try it FREE for 6 months!

With two free mobile licenses per user, you’ll get a solid umbrella cyber defence for your organisation that follows your employees everywhere, and you can even enforce security policies remotely. Meanwhile, NEW Cloud Discovery takes the headache out of controlling their cloud use, uncovering and blocking unauthorized cloud use automatically.

To support remote working in this challenging time, we’re also offering 6 months’ FREE protection with the very latest version of Kaspersky Security for Microsoft Office 365.

This extends protection for SharePoint Online and Microsoft Teams, securing all collaboration and messaging channels within Microsoft Office 365.

Sign up NOW for a FREE 6-month license and take protecting remote workers and business data off your to-do list.

Want to find out more?

As Kaspersky Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

 

Building security awareness with your employees

We’ve all seen the news about cyber attacks costing businesses of all sizes millions of £, not to mention the reputational damage that comes with losing customers’ data. Even taking into account that some of this may be “hype”, the fact remains that the number and sophistication of cyber attacks on UK companies continues to increase.

Shortages of cybersecurity skills

Yet 82% of UK employers have reported shortages of cybersecurity skills in their companies. This can be for a number of reasons, such as adjustments to remote working, a lack of time or budget, or simply due to a lack of recognition of the importance or need. Furthermore, choosing the right security solutions can be time-consuming, and in a crowded marketplace it is not always easy to evaluate the best solution for your business.

How Caledonian Consumer Finance addressed the problem

During a recent webinar, Darryl Wiffen, IT Support Technician from Caledonian Consumer Finance, described his journey with Complete IT Systems and Kaspersky, and what they were looking for from their solution provider and security platform.·

The solution

With NEW Cloud Discovery (part of Kaspersky Endpoint Security Cloud), Caledonian Consumer Finance can:

• Know which cloud services their employees are using on their work devices
• Block prohibited cloud use automatically
• Uncover new potentially malicious cloud services

Cloud Discovery isn’t the only life-changing tool in the Kaspersky Endpoint Security Cloud arsenal. With SharePoint and Teams now in common usage, the need for a dedicated cybersecurity solution for Microsoft Office 365 has never been greater. That’s why we’ve added Kaspersky Security for Microsoft Office 365.

Watch the webinar

Watch the webinar here and see for yourself how much easier life can be with the right cybersecurity technologies in place for your users.

Want to find out more?

As Kaspersky Gold Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more or request a free trial, please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Linkedin Facebook Twitter Youtube