Security Considerations

MFA (Multi-Factor Authentication) - Why should I use it?

Security is always at the forefront of any digital operations.

One of the best ways to protect your information and accounts is through the use of Multi-Factor Authentication (MFA). What this does in the most basic sense is add a second (or more) step to the login process which undoubtedly provides an extra layer of security.

When a user logs in from a device for the first time, they will need to generate a random unique code in order to proceed. This helps to prevent bad actors from trying to obtain unauthorised access to your system.

Please see our blog here for further details and how to add this to your system.

Latest Phishing Scams – Stay Alert

Following Covid and the acceleration of digital operations, we have seen an ever-growing number of new attempts by scammers to try and compromise systems and/or obtain information.

One of the most common ways of trying to compromise a system is by the use of Phishing emails. Phishing emails are a type of online attack whereby hackers will try to trick you into providing sensitive information or installing malware.

Emails will often be disguised to “appear” genuine and it is now more important that every user within the organisation is aware of this so they can be on the lookout for such things.

Some of the most current and frequent Phishing types:

• Email Spoofing - Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender address, which most users take at face value. Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it. So they’ll click malicious links, open malware attachments, send sensitive data and even wire corporate funds.

• Unexpected Emails appearing to come from a Manager asking to make a payment – always verify such requests directly with the person.

• Email requests appearing from Suppliers with new bank details included – always verify directly with Supplier.

• Emails with (fake) Sharepoint links or PDF links

It is likely that fraud is being tried when you are asked to:

• Provide personal information to an unknown source.

• Verify your account information with the threat of suspending your account.

• Sell an item with a promise of payment that is much more than the item is worth.

• Make urgent payments that you are not aware of.

• The email comes from a non-official address/domain (e.g. protect@ITmicrosoft.com instead of protect@microsoft.com) or includes links to odd websites.

Key Tips:

- Never click on any suspicious link – if you “hover” your mouse over the link you will often see the web address is not what you expect

-it is always best practice to verify any email request for payment or changes to details with a known contact within the respective organisation. If you doubt, call by phone to verify.

Microsoft also provide some further guidance about Phishing on their website.

If you have any doubt about security or would like to implement our network security solutions please contact us