We work with organisations from all walks of life, with different ambitions and requirements. Explore how we’ve helped them reimagine everyday, and align technology with their culture and business goals.
Menu
Protecting your organisation in the cloud: disaster recovery plans
The number of businesses that have moved to the cloud has increased exponentially over the past 12 months. But have they updated their disaster recovery plans? Here's what you need to do.
86% of UK businesses experienced a phishing attack in 2020, and they’re only getting more sophisticated. To protect your business, you need to strengthen your domain security, starve attackers of information, and adopt a culture of caution.
What is a ransomware attack and how often do they happen?
Criminals are taking advantage of the pandemic to perform a new wave of sophisticated ransomware attacks. Learn how the threat is evolving – and how you can protect your business – in our latest blog.
What makes the education sector a prime target for cyber attack?
With cyber security threats in the education sector ever increasing, it's important to understand who's attacking your establishment and what attack vectors they use.
5 lessons to be learned from 2020 cyber security breaches
Cyber criminals have prospered during the pandemic and, now more than ever, businesses need to up their security game. Our 5 key lessons from 2020 security attacks can help you set your priorities.
Thousands of new malware threat types are detected each year, but Microsoft 365’s Application Guard is providing innovative new ways to combat them. Find out how it can help your business in our blog post.
What the financial services sector needs to know about cyber security
£2.5 billion of financial services revenue is lost every year because of cyber-attacks. Ask yourself these five questions to ensure your firm doesn't become a victim in 2021.
The workplace has transformed rapidly over the past ten years, as enterprises look to take advantage of the emerging technologies. Increasingly, employers and employees alike are able to leverage modern communications platforms and cloud technology to greatly enhance productivity and collaboration. As adoption of internet-based solutions increases, however, so does cyber crime. Almost half of UK businesses suffered an attack in the past year, with many experiencing cyber security related issues at least once a week. Most employees are likely to have had some kind of security training, standard procedure for the majority of businesses now, but how many know exactly how hackers attack? Psychological tricks hackers deploy With more companies using strong security solutions, attackers are shifting focus to exploiting workers, rather than network and system vulnerabilities. These so-called ‘people hackers’ use four main techniques to bypass critical thinking. Understanding them can help you detect attacks before they do damage, reducing the risk of any human errors being made. The most common psychological trick is quite simple: providing, or seeming to provide, something the victim needs. Many of us scoff at emails promising free products, but it can be much more crafty than that. Perhaps you’re at a conference when the Wi-Fi goes down. Before you know it, a backup network is up and running, but you’re prompted to enter your credentials again. This captive portal, purposefully launched by an attacker, could distribute malware or steal information from your device. The hacker has created the need and the solution, without arising suspicion. Such attacks can be made more powerful if the attacker appears to be a person of authority. In recent years, there has been a rise in assailants that use information gathered about higher-level employees to impersonate them. From the victim’s perspective, it may look like their boss requesting an important document or credential. In reality, it could be an attacker posing as them. The further an attacker infiltrates a network, the easier such impersonation becomes. Information gathering acquired through these methods also helps a hacker launch attacks during stressful periods, when logical thinking is compromised. When a deadline is looming and stress levels are high, employees are more likely to lose focus and download a document or open an attachment without thinking. Finally, but crucially, hackers will try to divert your attention one way while performing an attack elsewhere. It could be as simple as an email from a “co-worker”, asking you to print and deliver a physical document to their desk, whilst your system is being compromised in the background. Here’s a useful snapshot that you can share with colleagues and employees within your organisation: Click on the infographic above to download a PDF you can share with your users. Dealing with a suspicious email Studies have revealed that around half of UK hacks are phishing scams via email. One in every 3,722 emails is a phishing attempt, and most of those make use of one or more of the psychological techniques above. With attackers getting more sophisticated, here’s how you can protect yourself properly: Naturally, adhering to the above as well as staying productive during stressful times can be difficult, but thankfully, there are solutions out there that do most of the heavy lifting. Email security tools scan all inbound emails in real-time to look for suspicious content and detect anomalies in sender addresses or email headers. These alerts are passed on to employees in their email client while attachments are scanned before they can be downloaded. If a user does click a suspicious link, it will open in an isolated browser to protect from malware and phishing attempts. Our partners LIBRAESVA have developed an insightful test to see how secure your organisation’s email is. Simply enter your email address and they will send you a series of test emails to see what gets through your email security.
Retrofitting cyber security controls to protect your remote workers
With no end in sight to the current pandemic and remote working, it's time to retrofit cyber security controls to protect your organisation and remote workers.
Protecting your organisation in the cloud: disaster recovery plans
According to the Cloud Industry Forum, 88% of businesses in the UK are actively using cloud services, and that figure was based on activity pre-pandemic. With COVID-19 still forcing thousands of businesses to operate either remotely or with flexibility, it’s highly probable that the number of those relying on the cloud is already even greater than the statistic suggest.
If your business is one of those, or about to begin using cloud computing, there’s one question that you should be asking yourself in relation to protection. And not just at the outset. This question needs to be asked on a regular basis. Is everything in the cloud automatically protected? On the face of it, at least, it appears simple to answer. There are so many advantages to cloud computing, not least its physical security, that the most obvious response is yes. And, to a large extent, that’s correct. But it’s not quite that straight-forward.
For example, what do you do when the unexpected happens? A recent serious fire in the French city of Strasbourg, on a site operated by cloud firm OVH, resulted in the loss of data and service outages across Europe. Not all its data centres were affected by the fire, but OVH had to switch off every single one of its servers and recommended to its customers that they activate their Disaster Recovery Plans. OVH went on to add: “We ask that our customers exercise caution around the emails they receive: in times of crisis, it is common for malicious activity (phishing, spam, etc.) to increase. It is more important than ever to stay alert.”
Aligning your Disaster Recovery Plan with the cloud
How many businesses using the cloud have a Disaster Recovery Plan in place? And of those that do, how many are testing it regularly? At present, the data isn’t available to answer these important questions but what you can be certain of is that any UK business – of any size – could be derailed by a fire at a French data centre. The safest way to work through a situation like this to have a carefully architected cloud solution in place.
Data is likely to be your most valuable asset, as it is for most modern-day companies. Any loss of data, or loss of access to it by something like a fire, can cause immediate and sometimes permanent harm to your reputation, yield and efficiency. You can’t prevent the unexpected from happening, but you can be ready for it if it does. That’s where a Disaster Recovery Plan comes in. If the worst really does happen, how quickly and efficiently you recover will be largely down to what you’ve planned and tested for.
In the past, traditional disaster recovery involved establishing a remote site away from your business where protection protocols, often laborious and time-consuming, had to be tested and maintained manually. With the cloud, of course, that’s no longer the case. It’s a lot quicker, takes up much less of your time, but it still requires careful planning and testing. If your organisation is currently moving to the cloud, or is already cloud computing but would like to revisit or prepare a Disaster Recovery Plan, we can help you uncover the best solutions for you. Don’t let someone else’s disaster become yours too.
Phishing attempts are so common now that you’d be hard pressed to find an internet user who hasn’t seen one. According to the government’s cyber breaches survey, 86% of businesses experienced a phishing attack in 2020, a rise of 14% since 2017.
This growth has only sped up since the start of the pandemic. HMRC detected a 73% rise in email phishing attacks in the six months since the pandemic began. As far as security researchers can tell, this sudden increase can be linked to the rise of home working and the vulnerable emotional state many targets find themselves in. Criminals have seized the rapid change Covid-19 has brought and will continue to do so until the global cases recede.
Despite this increase, when most of us think of phishing attacks it’s the ones that are easy to spot. Such emails poorly imitate a company in a bid to get you to divulge account or payment information. As you may have noticed, though, phishing attempts are getting more sophisticated.
“Spearphishing” attacks take a step back from the broad net attackers usually cast and highly tailor emails or phone calls to target specific employees. Often, once they have access to a network via a low-level employee, they impersonate them, targeting those with more valuable information.
These types of emails can be difficult for experts to spot, let alone your average user. As a result, preventing successful attacks can be a real challenge for many IT departments. Though some basic training will prevent the bulk of phishing attacks, it does little to prevent high-level imitations.
How to reduce the success rate of phishing attacks
If basic training isn’t enough, what can you do to protect your business against this new wave of attacks? Here are some of our top suggestions:
1. Strengthen domain security
With impersonation attacks so common, it’s vital that enterprises have strong domain security. If an attacker manages to get a hold of your registrar account, it becomes infinitely easier for them to pretend to be someone in your organisation. With the right access, they can send an email from a company address and mastermind attacks that are far more successful.
As well as securing your registrar account, you may want to register the most common misspellings of your domain and implement security protocols like DMARC and SPF and DKIM.
2. Reduce available information
Holding detailed information about your company on its website may provide reassuring transparency, but it’s also a treasure trove for attackers. Think about what information your customers need to know and what is just unnecessary fuel for attackers. Is it really important that your customers know who every team member in your company is? Does each of them require a publicly accessible email address, or can inquiries be directed elsewhere?
This extends to the information your employees share on social media. Attackers can use information about recently closed deals, new partners, and more. Ensure you have a clear and strict policy about what information should be made public.
3. Adopt a culture of caution
Though many companies perform training sessions, staggering numbers of employees click on phishing links every day. For the biggest impact, resilience shouldn’t just be boiled down to a quarterly seminar – it needs to be built into the culture of the company.
Adopting a “caution over comfort” mindset will help employees to think critically whenever they see an email that makes them uneasy. Make it known that they’re encouraged to double-check with their superiors or the IT department if they have any doubt.
This should extend to transactions. Often, phishers who have access to credentials will strike by jumping into an existing email chain about a deal and providing their own payment details instead of the intended recipient. A strict transaction policy that requires validation through security questions on a different communications channel can combat this.
4. Run spoof phishing campaigns to raise security awareness
Regularly running imitation phishing campaigns raises awareness amongst your user community about what to look for in a genuine phishing attack, and helps you identify individuals who need further support.
To help you run regular campaigns, we provide Phishing & Security Awareness as a Service. This hands free service means you don’t have to remember to run phishing campaigns, we do it for you. Campaigns are regularly updated in line with the evolving sophistication of genuine attacks. For many of our customers, this service helps them to tick compliance boxes and cyber security training requirements.
5. Stop phishing emails in their track a robust email gateway
Implementing the above tips will significantly reduce the chance that a phishing attack is successful without a significant financial investment. However, the unfortunate truth is that so long as phishing emails are still hitting employees’ inboxes, mistakes will be made.
That’s where an email gateway like Mimecast or Fortimail comes in. By scanning email in real-time, these solutions identify suspicious emails and block, flag, or categorise them before they reach an employee’s inbox. They scan every URL, sandbox and scan all attachments, and look for anomalies in the sender and email text.
With an intuitive dashboard and regular updates, email gateway solutions act as a one-stop-shop for phishing protection, taking human error out of the equation while reducing the burden on the IT department.
If your organisation is experiencing an increase in phishing attacks and you’d like help protecting your users, data and systems, please get in touch. We’re always happy to discuss your unique environment and the options available.
What is a ransomware attack and how often do they happen?
Ransomware attacks are not a new security threat. In fact, the first was orchestrated in 1989, with its proceeds allegedly going to charity. In the past five years, however, ransomware attacks have the hit headlines across the globe. Attacks, experts say, are becoming more sophisticated, more harmful, and more frequent.
In its base form, ransomware is a type of malware designed to lock a user out of their files – typically by encrypting them with a key only the attacker knows. The methods to achieve this, however, are constantly evolving.
The notorious WannaCry ransomware is perhaps the most successful example of this. It made use of an exploit discovered by the United States’ NSA to achieve an unprecedented level of spread. It successfully hit the NHS, FedEx, and more, expanding through their network automatically to lock as many computers as possible.
Since the success of WannaCry, there has been an explosion in the number of ransomwares, some of them using similar techniques and others creating new ones. The highly-sophisticated Ryuk has had particular success in recent times, combining a credential theft trojan with manual intervention to strike swiftly across the entire network.
According to a recent SonicWall study, the number of new ransomware variants is only growing. It noted a 46% increase in new strains each year, with Ryuk accounting for a third of all attacks.
So, how high is the threat to UK businesses right now? A report by Check Point suggests higher than ever. Ransomware attacks in the UK jumped by 80% in Q3 2020 as attackers looked to exploit mass remote working. Worldwide, it says, a new organisation becomes the victim of ransomware every ten seconds.
Further, the number of so-called “double-extortion” ransomware attacks are increasing. Attackers are not only threatening to lock enterprises out of their data – they also say they’ll leak it if they don’t pay up. Nearly half of all attacks used this method in Q3 2020, making it a significant and developing risk.
Protection against ransomware attacks
With this increased threat, businesses stand to lose even more should they fall victim to a ransomware attack. As well as the weeks of downtime ransomware can bring, improper protection can lead to leaks of confidential documents and intellectual property.
Fortunately, while attacks are becoming more sophisticated, so are the cyber security solutions deployed to protect businesses from these threats. Combining sophisticated backup systems and advanced anti-malware protection, many solutions use heuristic analysis to detect known and new ransomware and stop it in its tracks. By constantly monitoring machines, these solutions will suspend a ransomware’s activities and restore a version of the file from moments before.
Further safeguards are also needed to protect local and cloud backup files. Solutions that actively monitor local files, prevent backups from being modified. When choosing cyber security backup solutions, look for products that feature strong end-to-end encryption and only allow modification by authorised agent software. This ensures that protection applies even if the ransomware tries to overwrite the Master Boot Record (MBR) or tries to attack the security software itself.
What solutions are right for your organisation?
Every company and organisation is different, with different vulnerabilities, risk profiles, IT environment and, of course, available budget. For this reason, not every security solution is right for your organisation, which is why we recommend an initial cyber security health check to help understand your requirements and environment before looking at potential solutions. If you’d like to take us up on our free offer, please click on the link below.
What makes the education sector a prime target for cyber attack?
The cyber threat to the Further and Higher Education sector sits within the wider threat to UK enterprise overall. As with any large organisation, universities and colleges handle large volumes of personal data, intellectual property and other data assets, all of which makes education a target for cyber attack.
Understanding what assets you hold and why they may be of value to cyber criminals and malicious actors is a key step towards protecting your organisation, your data and your people. Below we explore what’s special about education and who may be targeting your organisation.
Further and Higher Education institutions handle large volumes of sensitive data that may be held for many years. A wide variety of data on students, faculty members, alumni, parents and university staff make them highly attractive targets.
Research universities and medical schools may also handle data from other organisations. Such as medical data for hospitals linked to the university or corporations and public sector bodies connected to research projects and grants. This data may attract both those seeking financial gain as well as those looking to steal intellectual property.
Lack of centralised structure
In many cases, sensitive data is stored in different locations rather than one centralised place. Student data may be stored by individual colleges or campuses. With many education providers merging to form larger establishments, staff data may also historically reside in different locations.
Furthermore, duplicate sensitive data may be propagated across an organisation, with different departments holding the same information. Alumni offices, central administration, schools and colleges may all have their reasons for storing the same data on a student or even faculty staff.
Organisational vulnerabilities
Decentralisation is often reflected in other ways too. Such as cyber security policies, processes used to handle data, cyber security tools and security awareness programmes.
Ensuring that everyone within such a diverse organisation adheres to the same policies and safeguarding procedures is no easy task.
Widespread use of personal devices
FE & HE institutions depend on large sectors of their user community having a personal device. Students are the obvious risk, with the majority accessing organisational systems from often less well protected mobiles, tablets and laptops.
However, admin and faculty staff also use their own devices, especially in recent times with the increase in remote learning / teaching. Security awareness can be a problem and there can also be resistance from the user community if the IT department want to put controls in place on personal devices.
Remote learning
Accessing organisational apps and data remotely exposes another vulnerability. This can be exasperated by lack of data security awareness, frustrations around using new technology to work or teach remotely and a proprietary attitude to personal devices.
Who’s attacking your network?
So who’s responsible for this increase in attacks on the education sector? The key threats to education establishments are:
Criminals looking for financial gain
State-sponsored espionage
Both actors will use the same vulnerabilities to access your network. But while the criminal looking for financial gain will often make themselves known once they’re ready to act with a ransom demand, nation states seeking to steal personal data and intellectual property and criminals stealing data to sell, prefer to remain undetected.
Ransomware attacks on the increase
Since late February 2021, the National Cyber Security Centre (NCSC) has seen an increased number of ransomware attacks affecting education establishments in the UK. The NCSC previously acknowledged an increase in ransomware attacks on the UK education sector during August and September 2020. It has now updated its Alert in line with the latest activity.
Ransomware attacks prevent organisations from accessing their systems or data until a ransom is paid. Threats to release stolen sensitive data on ‘name and shame’ websites, are also on the increase if the ransom is not paid.
The NCSC said that, “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.”
Attackers gain access to the target’s network depending on the vulnerabilities they identify. Common attack vectors include:
Once inside your network the attacker will generally increase their privileges in order to identity high-value assets. The NCSC reports recent malicious activities including:
sabotage backup or auditing devices to make recovery more difficult,
encrypt entire virtual servers,
use scripting environments (e.g. PowerShell) to easily deploy tooling or ransomware.
How to protect your users from ransomware attacks
The best defence is to your people. Security awareness training (regularly updated) and imitation phishing campaigns to raise awareness and also identify susceptible users, makes a real difference. This can be challenging with a high turnover of students, which is why comprehensive security measures must also be deployed.
Relatively simple measures can be put in place to secure your network. A robust approach to patching will help secure devices. Multi Factor Authentication (MFA) provides an additional level of security for remote access systems. Vulnerability Management identifies vulnerabilities, balances risks with business operations, and gives you much needed visibility to protect your establishment from evolving threats.
Email security platforms are vital to identify and disrupt phishing attacks. These solutions don’t have to be onerous on the IT department either. End-user quarantine management processes protect your network but allows users to self-service and release their own messages in a secure environment.
If you would like to discuss how to better protect your network and data, please get in touch with our cyber security team. We work with many schools, colleges and universities, and are happy to share experience and best practice.
To read our case study on Coleg Gwent’s email security solution, click here >
Data protection is at the forefront of most CEOs minds this year as the inevitability of a data breach has become very much a reality for most organisations. While many public data breaches appear to be predominately in the US, we can’t afford to be complacent here in the UK.
The infamous data breach at TalkTalk in 2015 (actually the second that year, if not the third) certainly caused many people to wake up to this reality, not least after TalkTalk revealed that the cost of the October data breach amounts to £60 million. For a company with projected earnings before interest, tax and other items for the year ending in March of £255-£265m, and a dividend increase of 15%, this is not an insignificant amount.
Consider what it would mean to your business to have approximately a quarter of your income wiped out by a data breach. While we don’t know the breakdown of where the £60 million has been spent, we have a good idea of the costs a data breach incurs.
The following factors can all contribute to the overall cost of a data breach. Although the average total cost of a data breach has risen year on year, £2.37 million based on the Ponemon Institute’s most recent benchmarking report, 2015 Cost of Data Breach Study: United Kingdom, where this money is spent as a percentage of the overall total has remained fairly stable.
Lost Customer Business: 43%* TalkTalk estimated they lost 101,000 customers following the October hack, but other estimates put this figure closer to 250,000.
Investigation and forensics: 16%*
Customer acquisition cost: 9%*
Inbound contact costs: 8%*
Outbound contact costs: 7%*
Audit and consulting services: 5%*
Public relations and communications costs: 3%*
Legal services – defence: 3%*
Legal services – compliance: 3%*
Free or discounted services: 2%*
Credit monitoring services: 1%*
Actual figures will naturally vary depending on the sector an organisation operates in, and the nature of the data breach. For example, ‘lost customer business’ will not be such a significant cost if the data breach only impacts on employee records. However, when looking at these figures CEOs should be aware that they may have higher risks and costs because of the sector they operate in. The table below shows the per capita cost by industry of those benchmarked organisations:
How to reduce the cost of data breaches
It’s not all doom and gloom. While another study by PwC – 2015 Information Security Breaches Survey – commissioned by HM Government, found that 9 out of 10 businesses in their survey had suffered some form of data breach; there are ways to reduce the cost to businesses. The Ponemon Institute study identified the following as factors that can reduce cost of a data breach:
Extensive use of encryption: up-to-date data protection methods protect both from malicious attacks and human error,
Incident response team: clear systems, procedures and key staff to deal with any data breach ensures that no time is lost addressing the breach and militating against it,
BCM involvement: awareness, training and planning for getting business critical systems back up and running in the event of an incident can reduce the costs associated with loss of business significantly,
Board-level involvement: sponsorship from the Board will ensure that cyber security and data protection procedures are embedded in the organisation,
Employee training: clear guidance and training on how to deal with a data breach, and how to recognise one (as well as prevention training), will result in a swifter and smoother response,
CISO appointed: fortunately for any Chief Information Security Officer reading this, your role is an important factor in preventing and reducing the risk and cost of data breaches,
Insurance protection: Data breach insurance naturally reduces the overall costs for the organisation, but may also be instrumental in putting better data breach planning in place so that incidents are managed effectively.
So although in all probability most businesses will experience a data security breach at some point, the risk can be managed and therefore the impact on your organisation reduced.
5 lessons to be learned from 2020 cyber security breaches
It’s an undoubted fact that the global pandemic of 2020/21 will leave businesses operating in a vastly different landscape to just twelve months ago, with many making considerable alterations to the way in which they function. One such adjustment will be the urgent need for greater vigilance when it comes to cyber threats; something that affects businesses and organisations both large and small.
Quick to capitalise on the disruption caused by remote working and compromised security away from office machines, cyber criminals ‘prospered’ in 2020. According to stats disclosed by it.pro.co.uk, there was a massive 20% rise in cyber security threats compared to 2019, with ransomware attacks alone surging by 80% in the UK in the third quarter of the year.
Throughout 2020, attacks in the UK (and around the world) hit the headlines. Most recently on reuters.com, the SolarWinds hack was hailed by Microsoft President, Brad Smith, as “the largest and most sophisticated attack the world has ever seen”. But in every other month of the year, a well-known UK business or organisation reported an incident, including a HMRC phishing message to the self-employed in June; a TV License text scam in August; an M&S spoof ad in October used to harvest personal information; and a hack at Manchester United in November. These were just the tip of the iceberg.
5 reasons why cyber security awareness is key
So, what key lessons can be learned from these key attacks in 2020? How can you make your business safer in the new environment ahead?
Click on the image for more detail
1. Phishing and spam are more sophisticated than ever before
Anyone can be taken in by a polished scam, and phishing is evolving with plenty of new twists. Expected to remain a significant threat in 2021, the danger is refining quickly. Watch out for ‘spear-phishing’ (where individual victims are researched first and then contacted directly); ‘vishing’ (voice phishing, where a voice message purporting to be from your bank or another service provider informs you that your account has been compromised); ‘smishing’ (the same as above, but done via SMS text messages); and ‘angle phishing’ (where the criminal uses social media feeds to discover companies with a poor customer service experience and then poses as a member of the support team in a direct message to targets).
2. Simulating an attack can expose vulnerabilities before it’s too late
The SolarWinds attack shows how clever a ransomware attack can be, and they are – or should be – a great concern for companies and organisations of all sizes. One of the best ways to understand your own vulnerabilities is to simulate a ransomware attack on your own system, discover where your weaknesses are, measure the ability of your business to detect and respond to the breach, and then fix the problems. One key learning to remember: According to techtarget.com one of the most overlooked vectors of attack are wireless guest networks.
3. It’s important to test the integrity of the software you use
Be more rigorous in how you test the software you have on your network. Don’t simply accept a vendor’s third-party validation or an automated code review. Manual reviews are much more robust, allowing for proper interrogation of codes and updates, and are much more likely to detect any vulnerability and limit potential damage.
4. Staff awareness of threats and risk could prevent most attacks
This sounds like common sense but is so often overlooked. At every step of the way, the most efficient method of limiting the damage from cyberthreats to your company is to keep you and your staff trained about the risks.
5. Don’t just check everything once – it’s a continual process
Again, this part is important but frequently shelved when people are busy. Build it in to your IT calendar and make it a priority.
Phishing & Security Awareness as a Service
Phishing & security awareness tools are designed to tackle the issue of users being a weak link in your IT security.
Yet many organisations struggle to get the most from these resources. No matter how many training videos and security awareness tools you have at your disposal, to be effective you need to regularly run awareness campaigns and achieve high levels of employee engagement. This is usually a manual process and can be a drain on resources.
That’s why we have created a service that manages this workload for you.
Cloud Business’ Phishing & Security Awareness as a Service boosts security with regular phishing awareness campaigns run on your behalf.
Fully managed service – A managed service offering a minimum of 6 phishing/training campaigns per year.
Train your users – Access the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters.
Phish your users – Improve awareness by running extra simulated phishing attacks whenever you want.
See the results – Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
If you’d like to find out more about this service, please get in touch with our team.
The IT security landscape is ever evolving. According to a 2020 SonicWall cyber report, hundreds of thousands of unique malware strains are found each year, many of them bringing new techniques and vulnerabilities. To meet these growing threats, security solutions must evolve: which is exactly what Microsoft is doing with its 365 platform.
Throughout 2020, Microsoft released new features into its flagship offering that address the growing threat cybercriminals pose to businesses. In September, OneDrive SSO with Microsoft 365 reached general availability, followed shortly by new email forwarding controls to reduce the capabilities of spearphishers. In November, it launched Microsoft Information Protection worldwide, helping admins discover, classify, and protect sensitive data.
This year, however, the suite has reached a more vital milestone: the general availability of Application Guard for Office. For those unfamiliar to the term, Application Guard protects users from files that may be unsafe by opening them in a sandbox. Secure containers provided by Hyper-V means that any attempts at file modification don’t leave the isolated environment.
Building on its history of integration, Microsoft 365 Application Guard is informed by and shares data with other security products in the suite. Working in conjunction with Safe Documents and Microsoft Defender for Endpoint, it’s able to scan a file for malicious behaviour and open it in a container if it poses a threat.
For businesses, this means passive protection against data and credential theft on any type of device. Application Guard extends to PC, Mac, mobile devices, and tablets, whether they’re company-owned or personal devices.
By replacing Office’s “Protected View”, Application Guard can also increase productivity without sacrificing security. Rather than prevent editing on documents from unknown sources, it lets users safely read, edit, print and save. This can, in turn, reduce the burden of IT departments by ensuring they don’t need to manually check and approve flagged files.
Proactive security
While Application Guard acts as an essential protection tool, Microsoft is also utilising it to improve its general threat intelligence capabilities. According to Senior Program Manager Emil Karafezov, each document Application Guard isolates also helps improves the tool itself:
“When a user does encounter a malicious document, it is safely isolated within Application Guard,” said Emil in his latest blog post. “Every malicious attack contained by Application Guard improves our threat intelligence, which enhances our detections and ability to protect your organisation and all of our customers.”
These continuous improvements and developments over the past year demonstrates Microsoft’s ability to stay agile, flexible, and innovative, despite its size. By ensuring solutions are built to continually improve, Microsoft demonstrates its commitment to protecting users in the long-term. With new threats emerging daily, the constant and natural evolution of its tools will offer huge benefits to companies of all shapes and sizes.
To make proper use of these innovative features, however, businesses must understand how those available within their Microsoft 365 licence work. If you’d like to learn how you can use the platform to remain protected despite the risks of home working, get in touch with us today.
At the beginning of the month, Microsoft identified zero-day vulnerabilities in on-premise Exchange Servers, which are being exploited by a nation-state affiliated group.
On-premises Exchange Servers 2010, 2013, 2016, and 2019 are affected, not Exchange Online.
An Exchange “Zero Day” Critical Security Patch has been released and many organisations have now applied it. For those that haven’t, Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments you have. The first priority should be servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
Below are listed steps and resources from Microsoft to help you protect your on-premise Exchange environment. However, if you would like our help, especially if your Exchange servers haven’t been kept up-to-date which can make patching more difficult, please get in touch asap.
Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
We also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise we shared here.
Cumulative Update Installation (Best Practice)
Reboot the server before upgrade.
Test Upgrade on non production (if available).
Have a tested & working backup of both AD and Exchange.
Use an elevated command prompt to run the Cumulative Update.
Temporarily disable any anti-virus software during the update process.
Download the EXE or ISO (see links from the first section)
Run the setup.exe (run as administrator double click or from CMD)
Select either check for updates. / don’t check for updates subject to your requirement.
Select Upgrade, Agree to the license terms, complete the readiness checks.
Although hundreds of millions of Exchange mailboxes now run in Exchange Online, a substantial number remain on-premises. Many large organisations run hybrid deployments and keep some mailboxes on-premises.
When vulnerabilities like the one above are identified, it can be tricky to apply patches when servers have not been kept up-to-date. As a result you may have to get support from an external party to ensure your environment is secure. So when an update becomes available, install it.
You could also ask your IT service provider to support your Exchange environment. They will do this job for you, ensuring you’re always up-to-date.
It may also be the time to consider whether you should be running on-premise Exchange servers. Moving to the cloud and Exchange Online will reduce the risk of these kinds of attacks.
3 reasons to move email to the cloud
The increasing sophistication of attack. This vulnerability now has a patch, but don’t expect attackers to
Multifactor authentication. Moving email workloads to the cloud supports better user-level defence through multifactor authentication and use of conditional access policies.
More functionalitywith Exchange Online. On-premises Exchange is not a big focus for Microsoft any longer. Instead Exchange Online gets all the attention. It’s part of the full Microsoft 365 experience, integrating with Teams, OneDrive, SharePoint, Planner etc. with more features and delivering a collaborative modern workplace experience.
If you would like to discuss migrating to Exchange Online, please get in touch. You may also like to read our case study on how we migrated 22,000 mailboxes for Solent University, click here >
What the financial services sector needs to know about cyber security
Financial services companies contribute £130 billion per year to the UK economy. A significant amount of revenue, but one that is increasingly threatened by cybercriminals. A November 2020 survey revealed that 62% of financial service providers suffered a breach in the twelve months previous, with the Cabinet Office estimating close to £2.5 billion in financial services revenue lost due to security breaches every year.
The financial services industry is an enticing prospect for attackers, and it’s easy to see why. Typically, firms hold vast swathes of customer money and sensitive data. Moreover, the documents they process regarding ongoing deals can be invaluable to competitors or enable share purchases based on ‘insider’ information. Additionally, A Varonis research report indicates that the average employee in the financial sector can access a staggering 11 million files. Almost two-thirds of FS companies additionally have over a thousand sensitive files available to every single employee – without restrictions.
London-registered Deloitte suffered a breach after an attacker gained access to an administrator account that sources said required no multi-factor authentication. The bank of Ireland, meanwhile, was fined €1.6m in 2020 for a series of historical breaches.
With the mass shift to home working in the UK, the risks are continuing to rise. Since the increase in remote work, 40% of UK financial services firms say they’ve noticed a rise in cyberattacks. The hurried adoption of new technologies, lack of onsite IT support, and poor security practices are all likely to have contributed to this rise.
5 cyber security questions to ask your CSO
While there is no easy fix for the security challenges financial services firms face, they should, at a minimum, ensure they can confidently answer the following questions if and when they may be asked:
1. How are we protecting our data?
Firms must have a robust data protection policy in place for both customer and internal information. Financial services companies should have features like email encryption, multi-factor authentication, and conditional access in place, but a wider security strategy, that acts as a company-wide guide, is vital.
2. What is our response strategy for a customer information breach?
As well as preventative measures, employees should know how to respond in a worst-case scenario. They should assume a breach will happen at some point and be able to refer to specific incident response protocols in order to quarantine, report, and respond to threats.
Regardless of the seniority of the employee, they should know who to contact if data is lost, who is responsible for informing clients, and when and how they should take remedial action. A widespread understanding of breach protocol will ultimately lead to less damage and a smoother recovery.
3. Do we have a robust cyber insurance policy?
A cyber attack not only damages reputation – it could come with fines, litigation costs, settlements, investigation costs, and more. Firms should have a good quality cybersecurity liability insurance that clearly outlines the situations it covers. If you follow the recommended security philosophy that a breach is inevitable, it only makes sense to know your insurance plan inside out.
4. Can we prove regulatory compliance?
Regulatory compliance is naturally essential for the financial industry, and firms should abide by the Financial Services and Markets Act (FSMA) and the Information Commissioners Office (ICO). They may also have to answer to other bodies and institutions such as the DCA, PRA, and FPC, depending on their activities.
FS firms should be able to prove that they’re compliant with associated regulations – being able to do so makes customer data more secure and strengthens your reputation and reliability.
5. When was our last penetration test?
Though having strong answers to the questions above is sure to increase security and resilience, there’s still only so much businesses can do alone. Those in the financial industry should be invested in undergoing regular penetration tests to check the strength of their security and subsequently find and fix any weak areas.
The financial services sector has historically a key victim of cyber crime, and the shift to a remote workforce is only making the sector a bigger target. Now, more than ever, financial companies must have robust data protection strategies, breach protocols, cyber insurance policies, and regulatory compliance.
If you struggle to answer any of the above questions or would like to improve your security, give us a call.
The workplace has transformed rapidly over the past ten years, as enterprises look to take advantage of the emerging technologies. Increasingly, employers and employees alike are able to leverage modern communications platforms and cloud technology to greatly enhance productivity and collaboration.
As adoption of internet-based solutions increases, however, so does cyber crime. Almost half of UK businesses suffered an attack in the past year, with many experiencing cyber security related issues at least once a week. Most employees are likely to have had some kind of security training, standard procedure for the majority of businesses now, but how many know exactly how hackers attack?
Psychological tricks hackers deploy
With more companies using strong security solutions, attackers are shifting focus to exploiting workers, rather than network and system vulnerabilities. These so-called ‘people hackers’ use four main techniques to bypass critical thinking. Understanding them can help you detect attacks before they do damage, reducing the risk of any human errors being made.
The most common psychological trick is quite simple: providing, or seeming to provide, something the victim needs. Many of us scoff at emails promising free products, but it can be much more crafty than that. Perhaps you’re at a conference when the Wi-Fi goes down. Before you know it, a backup network is up and running, but you’re prompted to enter your credentials again. This captive portal, purposefully launched by an attacker, could distribute malware or steal information from your device. The hacker has created the need and the solution, without arising suspicion.
Such attacks can be made more powerful if the attacker appears to be a person of authority. In recent years, there has been a rise in assailants that use information gathered about higher-level employees to impersonate them. From the victim’s perspective, it may look like their boss requesting an important document or credential. In reality, it could be an attacker posing as them. The further an attacker infiltrates a network, the easier such impersonation becomes.
Information gathering acquired through these methods also helps a hacker launch attacks during stressful periods, when logical thinking is compromised. When a deadline is looming and stress levels are high, employees are more likely to lose focus and download a document or open an attachment without thinking.
Finally, but crucially, hackers will try to divert your attention one way while performing an attack elsewhere. It could be as simple as an email from a “co-worker”, asking you to print and deliver a physical document to their desk, whilst your system is being compromised in the background.
Here’s a useful snapshot that you can share with colleagues and employees within your organisation:
Click on the infographic above to download a PDF you can share with your users.
Dealing with a suspicious email
Studies have revealed that around half of UK hacks are phishing scams via email. One in every 3,722 emails is a phishing attempt, and most of those make use of one or more of the psychological techniques above. With attackers getting more sophisticated, here’s how you can protect yourself properly:
Naturally, adhering to the above as well as staying productive during stressful times can be difficult, but thankfully, there are solutions out there that do most of the heavy lifting. Email security tools scan all inbound emails in real-time to look for suspicious content and detect anomalies in sender addresses or email headers. These alerts are passed on to employees in their email client while attachments are scanned before they can be downloaded. If a user does click a suspicious link, it will open in an isolated browser to protect from malware and phishing attempts.
Our partners LIBRAESVA have developed an insightful test to see how secure your organisation’s email is. Simply enter your email address and they will send you a series of test emails to see what gets through your email security.
Remote education – balancing productivity and security
Students across the world have been met with a very atypical environment this educational year. They’re trading desks in classrooms for virtual learning spaces, and teachers have so far been faced with many challenges associated with this kind of learning.
Whilst nothing will replace in-person teaching, education has been trending towards remote learning for some time due to the benefits it can offer to some. Modern tools have allowed students to study in their own homes without long commute times and have helped schools to cut down on costs.
One of the major shakeups to the education industry in the past five years has been the entry of Microsoft. No longer content to offer its generic Microsoft 365 services, the IT giant now offers solutions specifically tailored to students and teachers. None of these tools so far have made more waves than Microsoft Teams — a collaboration hub for communication and file sharing that is perfectly suited to remote learning.
Unrivalled benefits for remote learning
With Microsoft Teams, students can discuss and collaborate with their peers in a unified manner regardless of the device they are using. Real-time, collaborative document editing allows multiple students to work on the same file at once and teachers to be able to check and edit work without physical exchange of workbooks. In-built voice, video, and chat enables effective communication between students and teachers and gives students the chance to stay social with their peers. Another invaluable integration comes in the form of Whiteboard, which brings a classroom-like mind mapping experience.
Solutions like Teams also helps students to understand and be heard; an important benefit when learning remotely. When a teacher is presenting, they can raise their hand to call attention, while an integrated immersive reader helps those with eyesight and focus issues stay invested in text chat. Once a class is over, teachers can utilise Teams to set and track assignments. As a partial replacement for on-site intuition, they can also check the insights dashboard, which gives detailed student engagement data.
Cost reduction and digital transformation
Remote education can also significantly reduce costs and suit budget-restricted institutions and students. Both pupils and schools can benefit from lowered textbook, transportation, and rental costs. E-signature tools like DocuSign can also save money, reducing the amount of physical paperwork whilst speeding up the process of signing and reviewing documents.
Schools that don’t want to go fully digital can adopt a hybrid model; students can be physically on campus part-time and still benefit from tools like Teams and OneDrive to sync documents and feedback to their home PC. This is proving invaluable for students that need to self-isolate because of potential contact with Covid-19 cases.
Crucially, DocuSign and Microsoft Office for Education provide these features without compromising security. It’s no secret that educational organisations are a target for cyber-criminals. A late 2019 government report found that 41% of primary schools and 76% of secondary schools had identified a breach in the past 12 months. For further and higher education, that figure is 80%.
Clearly, educational institutions are an enticing target for criminals. They hold large amounts of profitable data and often aren’t as security aware as commercial businesses. As a result, it’s vital that organisations take advantage of the latest tools to protect students, data and research.
Microsoft’s Azure Active Directory Connect lets institutions with flexible education methods extend their on-premises identity to secure cloud access at home. It’s Information Protection and Cloud App Security solutions protect student data regardless of location, while the Mobility and Security features provide threat analysis tools to automatically spot attacks via behavioural analytics.
That said, government research shows that most breaches in education come not through viruses or malware but from phishing emails. To battle phishing attacks, a solution like Mimecast Email Security can be implemented. Stopping the majority of phishing and spam emails before they reach the inbox reduces the impact of poor cyber-education.
Ransomware also poses a big threat to the education industry. Though successful attacks are lower than other methods, they’re incredibly damaging when they succeed, often wiping out masses of valuable data. Educational institutions should ensure their security solution includes regular backups of on-premises, cloud, and mobile data, mitigating the risk of long downtime and devastating losses.
Fortinet and Azure integration
Many educational institutions use Fortinet solutions on-premise, but did you know that Fortinet delivers an Enterprise-class solution for Microsoft Azure users to protect application workloads beyond standard Azure security services? Integrated cyber security solutions provide protection whether virtual, in the cloud or on-premises.
As a Fortinet Expert Partner and Microsoft Gold Partner, Cloud Business has helped many schools and HE institutions migrate to the Microsoft cloud while protecting their networks, assets and people from cyber attack.
The world has changed a lot over the past year, but so has the way educational institutions utilise technology. Remote working tools are making learning more accessible and inexpensive than ever, while adoption of recent security innovations helps students and teachers stay secure even when remote. If you’d like to chat about building a remote learning model that’s truly secure, we can help.
Retrofitting cyber security controls to protect your remote workers
IT teams have without doubt played a heroic role in enabling business as usual for many organisations, rapidly deploying remote working for thousands of users and keeping the lights on.
However, in some instances, this has exposed organisations to cyber threats as controls used to access systems and data that are normally secured behind the corporate firewall, have been relaxed to facilitate remote working.
With no end in sight to the current coronavirus crisis, if you haven’t already, it’s time to retrofit cyber security controls to protect your remote workers and organisation.
Cyber security: Are employees the weakest link?
It seems there is a modern perception across many industries that employees are the weakest links in IT security. And, technology news website ‘The Next Web’ writes that “given the ever-increasing frequency of data breaches – with human error often being a cause or catalyst – you’d be forgiven for thinking that employees are naturally at fault.”
With the pandemic and lockdown forcing organisations to work remotely, and the media reporting increased cyber crime in light of the crisis, it’s vital that organisations brush up on security and fix any chinks in their security chain.
First though, they must first identify what the real weaknesses are.
Blaming employees for breaches in security is easier than blaming technology. Human error is normally down to the actions of a single person, whereas software failure is more complicated to explain; is it the fault of the software creators, the department managing it or the boardroom members who agreed to implement it?
More often than not, the real culprits of security breaches are neither employees nor technology alone. In the current crisis, mitigating circumstances such as having to rapidly migrate to cloud technologies and remote working may be to blame. Employees who are used to working securely within your perimeter fencing haven’t had to consider the implications of accessing the network remotely, using their own broadband or home computers and devices. Similarly, overstretched IT teams may not have had time to review security policies and strategies in light of remote working.
Therefore, if organisations want their employees to take cyber security seriously, they must invest both time and money in building a security strategy, implementing appropriate policies and controls, and ensuring the right cyber security tools are in place to protect employees and the organisation.
Cyber security tools to retrofit for a remote workforce
If you’re in a position where you need to retrofit cyber security tools for a remote workforce, we recommend exploring these 5 key areas.
1.Training and cyber security awareness
Education is first line of defence. It’s likely that many of your end users haven’t given much thought to the implications of remote working on cyber security. Why would they, unless you raise awareness and provide regular training in spotting threats and ensuring they’re access the network securely.
If employees are using their own devices there are additional factors to consider. One of them, which to our knowledge hasn’t received much attention, is an employees’ family members.
Many households have been forced to share devices for work and home schooling, and therefore there is the potential for someone outside of your organisation accidentally accessing the corporate network.
Basic security procedures such as logging out of corporate apps before sharing a device with another person, and not saving passwords on the device, is all that employees need to do protect their organisation. But if you don’t communicate these procedures to employees and raise awareness of issues like this, many employees could leave your organisation exposed to accidental breaches and human error.
Advanced email protection
You may be surprised how many potentially malicious emails can breach your email protection products. Many standard products don’t protect against the new advanced threats we are seeing like phishing and spear-phishing attacks. Often they cannot disarm links or sanitise code inside PDF’s either, or remove active content and other malicious components. And only a few standard products have specific protection against business email compromise (BEC) attacks.
What should you be looking for in an email protection product? We recommend using an advanced email security product that includes the following features:
Multiple AV scanning
Advanced spam protection
Unique URL and document sandboxing
Heuristic scanning and reputation checks to protect users from advanced threats such as phishing, whaling and infected attachments.
Mobile device security
With many remote workers using their own devices to access corporate systems and data, mobile device management tools are essential. If you’ve migrated to Microsoft 365, Enterprise Mobility and Security can help you secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Microsoft 365 users in your organisation. You can create mobile device management policies with settings that can help control access to your organisation’s Microsoft 365 email and documents for supported mobile devices and apps. If a device is lost or stolen, you can remotely wipe the device to remove sensitive organizational information.
Microsoft Intune can also help you manage a diverse mobile ecosystem in the cloud, providing integrated data protection and compliance capabilities that let you be precise about what data different users can access as well as what they can do with the data within Office and other mobile apps.
An additional layer of security that will help secure your organisation against breaches due to lost or stolen credentials, for example as a result of a social engineering attack, is multi-factor authentication. This also helps protect access to corporate systems if a user has a device lost or stolen, or if, in the case of remote workers and BYOD, multiple people have access to a device.
Azure users can enable Multi-Factor Authentication (MFA) with conditional access, and integrate MFA with on-premises systems. Get in touch if you would like to find out more.
Network visibility tools
Knowing who and what is accessing your network is crucial. You can’t protect what you can’t see so deploying a Virtual Security Operation Centre (VSOC) will help you identify network blind spots, ensuring that network security policies are not being violated and also search for threats and alert you to any anomalies.
We often compare this kind of cyber security tool to having a smoke alarm in your house. Most of the time it’s not needed, but when it is you’re alerted to threats in real-time so you can respond appropriately and protect your business quickly and limit any damage.
dDo you need support retrofitting cyber security controls for a remote workforce? If you have any questions or would like to explore how our cyber security team can help, book a discovery call to discuss your challenges and IT environment.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__cfruid
session
This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.
__hssrc
session
This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
__RequestVerificationToken
session
This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
cookielawinfo-checkbox-advertisement
1 year
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor
never
This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID
session
Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
MS0
30 minutes
No description available.
MSFPC
1 year
No description available.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__hssc
30 minutes
This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
_gat
1 minute
This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__hstc
1 year 24 days
This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
__lotl
5 months 27 days
This cookie is set by the provider Lucky Orange. This cookie is used to identify the traffic source URL of the visitor's orginal referrer, if there is any.
_ga
2 years
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid
1 day
This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_lo_uid
2 years
This cookie is set by the provider Lucky Orange. This cookie shows the unique identifier for the visitor.
_lo_v
1 year
This cookie is set by the provider Lucky Orange. This cookie is used to show the total number of visitor's visits.
_lorid
10 minutes
This cookie is set by the provider Lucky Orange. This cookie is used to identify the ID of the visitors current recording.
hubspotutk
1 year 24 days
This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
ANONCHK
10 minutes
This cookie is used for storing the session ID for a user. This cookie ensures that clicks from advertisement on the Bing search engine are verified and it is used for reporting purposes and for personalization.
IDE
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID
1 year 24 days
Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie
15 minutes
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC
session
This cookies is set by Youtube and is used to track the views of embedded videos.
