You’ve checked your pockets, your bag, under pillows … and then it hits you. You left your work phone on the table at the coffee shop.
You panic.
It's not the device itself that’s got you worried, but all the sensitive business information stored on it. If that mobile ends up in the wrong hands, you’re facing a nightmare.
But that worry could be over. Microsoft and Samsung are joining forces to make your work mobiles safer. This month, they’re launching a groundbreaking solution to help protect anyone who uses a Samsung Galaxy device in the workplace.
How?
With something called on-device attestation. It lets companies see if mobile devices have been compromised, even at their deepest components. Think of it as a security guard for your cell phone.
Samsung brings its software and hardware innovations to the table, whilst Microsoft provides its endpoint management expertise.
And whilst other device attestation tools require a network connection and access to cloud services, this solution works reliably regardless of network connectivity or device ownership model.
This solution will be released alongside Microsoft Intune (previously known as Windows Intune), a unified endpoint management service for both corporate devices and BYOD (Bring Your Own Device). And it will be available to select Samsung Galaxy smartphones and tablets, especially those "Secured by Knox".
So, whether you're working from the office, a busy coffee shop, or a remote cabin in the woods, you can rest assured your device is safe.
In business, your mobile is more than just a communication device. It's a vault of sensitive (and valuable) information. And with Microsoft and Samsung on the case, that vault just got a lot safer.
If we can help you keep any of your devices more secure, get in touch.
You’re no stranger to the endless threats lurking in your email inbox. But have you ever considered that an email that seems to be from Microsoft could end up being your worst nightmare?
Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. That’s where cybercriminals send you an email that contains a malicious link or file. They’re trying to steal your data.
And while Microsoft isn't to blame for this, you and your employees need to be on high alert for anything that seems suspicious.
During the second quarter of 2023, Microsoft soared to the top spot of brands imitated by criminals, accounting for a whopping 29% of brand phishing attempts.
This places it well ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, these three tech titans account for more than half of the observed brand imitator attacks.
But what does this mean for your business?
Despite a clear surge in fake emails targeting millions of Windows and Microsoft 365 customers worldwide, careful observation can help protect you from identity theft and fraud attacks.
Whilst the most imitated brands change from quarter to quarter, cyber criminals are less likely to change their tactics.
They use legitimate-looking logos, colors, and fonts. Phishing scams frequently use domains or URLs that are similar to the real deal. But a careful scan of these, along with the content of any messages, will often expose typos and errors – the tell-tale signs of a phishing attack.
One of the latest attacks claims there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.
And whilst tech firms continue to be popular scam subjects, many cybercriminals have turned to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.
What can you do to protect your business?
The answer is simpler than you might think. The best course of action when it comes to phishing is to slow down, observe, and analyze. Check for discrepancies in URLs, domains, and message text.
If we can help you keep your team aware of the risks, get in touch.
How many times a day do you respond to an email without really thinking about its contents?
Maybe it's a request for some information. Perhaps it’s asking you to pay an invoice. All mundane stuff. But no sooner than you’ve hit send, you've fallen victim to a Business Email Compromise (BEC) attack.
A BEC attack occurs when a cybercriminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust.
It might sound like something that only happens to big corporations, but that's not the case.
According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than $26 billion over the past few years.
And Microsoft brings more bad news, with its recent findings showing that they’re getting both more destructive and harder to detect.
So, what can you do to protect your business from BEC attacks? Here’s our advice:
- Educate your employees: They are the first line of defense against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice, like strong passwords, multi-factor authentication, and secure file sharing.
- Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).
- Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference, or face-to-face meeting. Don't rely on email alone to confirm these types of requests.
- Monitor your email traffic: Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changes to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.
- Keep your software up to date: Ensure that you're always running the latest version of your operating system, email software, and other software applications. These updates often include vital security patches that address known vulnerabilities.
BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.
Don't wait until it's too late – take action today to keep your business safe.
If you want to know more about how to protect your business from cyber threats, our team is always ready to help you. Give us a call.
Check out our latest BlueCastle IT Tech Tip Video.
Can you guess which company was most impersonated in financial phishing emails last year? You’ve probably got an account with them yourself.
Watch this week’s tech tip video to find out how to keep your business protected from financial phishing scams.
Check out our latest BlueCastle IT Tech Tip Video.
Cyber criminals have come up with another way to spread malware and ransomware – using the contact form on your business’s website.
Watch our latest tech tip video to learn about this new form of attack, and what you can do to keep your business safe.