ActiSoft Technology - Blog by BillActiSoft Technology - Blog by Billhttps://www.actisofttechnology.com/blogs/author/billWed, 22 Apr 2026 17:12:35 +0200http://zoho.com/sites/<![CDATA[7 Reasons Why You Need a Password Manager]]>https://www.actisofttechnology.com/blogs/post/7-reasons-why-you-need-a-password-managerResearchers attribute 80% of all breaches to weak passwords. These seemingly innocuous combinations—birthdays, pet names, or “12345”—become gateways f ]]>

Researchers attribute 80% of all breaches to weak passwords. These seemingly innocuous combinations—birthdays, pet names, or “12345”—become gateways for cybercriminals. They exploit lists of commonly used passwords and employ simple hacking tools to guess their way into accounts. Imagine someone getting rich by cracking passwords and draining bank accounts.


Monitoring your employees' password habits can be a daunting task without a password management solution in place. A business password manager grants organisations full control and oversight of their employees' password behaviours. The process of onboarding and offboarding employees is also streamlined. Continue reading to discover the functions of a password manager and how it can advantage your organisation.

What Is a Business Password Manager?

A business password manager is a tool that enables you and your employees to track, store, share, protect, and manage all passwords. Passwords are kept in a secure, cloud-based digital vault, accessible only with a master password. This vault can also store more than passwords, including documents, identity cards, and SSH keys, thus streamlining the security of your employees' files and passwords. Additionally, a password manager facilitates the creation of strong, unique passwords for each account, securely storing them.

Password managers play a vital role in maintaining the security of your organisation and simplifying the management of your employees' passwords. They also negate the need for employees to submit help desk tickets for password resets.

Benefits of Having a Password Manager For Your Organisation

Unsure of how a password manager can benefit your organisation? Consider these six advantages of deploying a business password management solution.

1. Enforce Organisation Password Policies Efficiently

Centralising password management within a single platform enables organisations to standardise and implement password security policies throughout the organisation. This includes setting a minimum password length and mandating the use of Multi-Factor Authentication (MFA) for every compatible site.

Employing a password manager permits IT administrators to verify compliance with organisational password policies among all employees.

2. Visibility Into Password Practices

Without centralised password management, IT administrators lack insight into employees' password habits. This issue of visibility is increasingly critical with the rise of remote work. It will prevent your employees reusing the same password across various sites and applications. Password managers offer a centralised console that grants administrators full visibility into employees' password practices, regardless of whether they are working in the office, remotely, or using a hybrid approach. Don’t worry the IT administrators cannot see the passwords in a user’s vault.

3. Securely Share Passwords 

In businesses, password sharing is essential and crucial for task completion, yet it's imperative that employees have a secure method to share these passwords with their team. A password manager serves this purpose effectively. It enables organisations to establish shared folders for various groups such as individual departments or project teams. Moreover, users can securely share credentials with designated individuals, with the added convenience of automatic credential transfer to the recipient's vault.

Furthermore, our offering of Keeper's password manager provides the option to dictate whether the recipient of shared credentials or folders has the permission to edit or merely view the shared items.

4. Implement Role-Based Access Control (RBAC)

Employees should be granted only the system access necessary for their job functions, nothing more, this is the Principle of Least Privilege. This not only aids in preventing insider attacks but also reduces organisational risk if an employee's account is compromised. Adopting a standardised password management solution allows organisations to enforce Role-Based Access Control (RBAC) and keep track of account activities for any unusual behaviour that might suggest misuse or a security breach.

5. Dark Web Monitoring

Cybercriminals often target Software as a Service (SaaS) developers and other vendors, aiming to steal credentials from their clients' employees. It may take months for an organisation to detect a breach, and usually, the victims of these third-party breaches are the last to realise they've been compromised. Meanwhile, cybercriminals might have already sold the stolen login credentials on the dark web.

BreachWatch, a widely-used extension for Keeper's password manager included in our Enterprise offering, monitors dark web forums and alerts organisations in real-time if any employee passwords or credentials appear online. It integrates smoothly with the Keeper password management platform, allowing IT administrators to promptly enforce password resets.

6. Simplified employee onboarding and offboarding

The use of a uniform password manager streamlines the onboarding process for new hires, facilitating a smooth transition even when the team is partially or fully remote. IT administrators can efficiently prepare new employees for work within minutes by either manually registering each one via the admin console or enrolling multiple users simultaneously using Keeper's supported methods. New employees are welcomed with a personalised email invitation containing a link to set up their Keeper Vault.

Former employees retaining active passwords pose a significant cyber risk, and securing passwords during the offboarding process is vital to an organisation's cybersecurity infrastructure. Upon an employee's departure, their system access must be revoked without delay. Password managers not only enable IT administrators to promptly withdraw access from ex-employees but also offer the option to conceal passwords for current employees within the platform. This measure prevents the copying of passwords through screenshots or written notes and facilitates the secure handover of accounts to successors.

7. Helpdesk Tickets

It is estimated that 40% of help desk calls/tickets pertain to password resets, each costing the business approximately £60. Envision a scenario where a multitude of employees are synchronised on a 90-day password renewal cycle; the impact on productivity could be substantial.

IT support teams can be targeted with social engineering attacks aimed at password resets, they typically rely on static data to confirm an employee's identity, a password manager such as Keeper mitigates that risk.

Consider the potential accomplishments of your support team with a decrease in password reset calls/tickets!

Choosing Keeper as Your Organisation’s Password Manager

Keeper's Enterprise password management solution offers all the essential features required in a password manager, plus many additional benefits. The Keeper password manager operates on a zero trust and zero knowledge basis, ensuring that only the end user can access the plain-text data in their Keeper vault—Keeper's employees included.

With Keeper for Business, every employee receives Keeper across an unlimited number of devices, ensuring comprehensive protection throughout the company. Moreover, it includes a complimentary family plan for every employee.

Contact our friendly Cyber Security specialists at Actisoft today to find out how Keeper Password Manager can help you improve your security posture and protect your users and organisation.

Get Started Now!
]]>Sun, 02 Jun 2024 12:42:22 +0000<![CDATA[UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks]]>https://www.actisofttechnology.com/blogs/post/uk-cybersecurity-org-offers-advice-for-thwarting-bec-attacks1Written by Stu Sjouwerman The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organisations defend themselves again ]]>

Written by Stu Sjouwerman

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organisations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members.

The NCSC says employees should be cautious about the type of personal information they post on the internet, since criminals can use this knowledge to make their attacks more convincing.

“If there is information about senior staff on work and private websites, including social media accounts and networking sites, criminals can use this to make their phishing emails appear more convincing,” the advisory says.

“This information, freely available on the internet, is known as a ‘digital footprint’. Without this information, the phishing emails used to conduct BEC should be easier to spot as fraudulent. All staff, but especially senior executives who have access to valuable assets or information, should review their privacy settings on their social media accounts, and think about what they post in order to reduce their digital footprint.”

The NCSC stresses that BEC attacks are more targeted than most phishing emails, and are more likely to bypass technical security measures.

“Since BEC emails are normally sent in low volume, standard email filters (designed to identify ‘scam emails’) may struggle to detect them, especially if they come from a legitimate email account that has already been hacked,” the advisory says.

“Alternatively, a BEC email may have been sent from a ‘spoofed’ domain, designed to trick users that they are dealing with a legitimate organisation. Some BEC emails may contain viruses disguised as invoices, which are activated when opened.”

The NCSC says users should be on the lookout for the following red flags associated with BEC attacks:

    • “Think about your usual working practices around financial transactions. If you get an email from an organisation you don't do business with, treat it with suspicion
    • Look out for emails that appear to come from a senior person within your organisation, requesting a payment to a particular account. Look at the sender's name and email address. Does it sound legitimate, or is it trying to mimic someone you know
    • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of phrases like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately.'"

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organisations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.security culture and reduce human risk.

The NCSC has the story.

Other NSCS resources on BEC;

Business email compromise: new guidance to protect your organisation

Business email compromise Dealing with targeted phishing emails Graphic

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!
Try It Now!
]]>Thu, 23 May 2024 16:03:13 +0000<![CDATA[The Power of Password Managers: Safeguarding Your Digital World]]>https://www.actisofttechnology.com/blogs/post/the-power-of-password-managers-safeguarding-your-digital-worldIn today's digital age, where our lives are increasingly intertwined with the online world, ensuring the security of our personal information has beco ]]>

In today's digital age, where our lives are increasingly intertwined with the online world, ensuring the security of our personal information has become paramount. A crucial aspect of protecting our digital assets is creating and managing strong, unique passwords for every online account. Yet, remembering multiple complex passwords can be a daunting task. This is where password managers come to the rescue, offering convenience, peace of mind, and fortified protection against a range of cyber threats. In this blog, we explore the benefits of using a password manager and the threats they effectively shield us from.

What are the Benefits to Using a Password Manager

Enhanced Security

Password managers generate strong, randomised passwords for each of your online accounts, significantly reducing the risk of unauthorised access. Unlike using predictable passwords or reusing the same one across multiple sites, which can make all your accounts vulnerable if one is breached, a password manager keeps each password unique and encrypted.

Convenience and Time-Saving

With a password manager, you no longer need to memorise or write down passwords on sticky notes. Instead, you only need to remember one master password to access the password manager itself. This saves valuable time and reduces the frustration of struggling to remember numerous passwords.

Password Strength Analysis

A password manager often includes features that analyse the strength of your existing passwords and identify any weak or duplicate ones. It helps you rectify these issues and reinforces your overall security posture. Better ones alert you to any passwords that may have been breached.

Cross-Device Synchronisation

Most password managers offer synchronisation across various devices, ensuring that your passwords are accessible and up-to-date wherever you go. This feature allows for seamless access across smartphones, tablets, and computers.

Auto-Fill Functionality

Password managers can auto-fill login credentials for you, streamlining the login process and reducing the chance of typing errors that might lead to accidental exposure of sensitive information.

Threats Password Managers Protect Against

Phishing Attacks

Phishing remains one of the most common cyber threats, where attackers use fake websites to steal login information. Password managers help combat this by automatically recognising the correct URLs and refusing to auto-fill credentials on malicious sites.

Credential Stuffing

In a credential stuffing attack, hackers use combinations of usernames and passwords from previous data breaches to gain unauthorised access to multiple accounts. Password managers thwart this threat by ensuring each account has a unique, strong password.

Keylogging

Keyloggers are malicious software that record keystrokes, allowing hackers to capture sensitive information like passwords. Password managers mitigate this risk by auto-filling passwords, bypassing the need for manual typing.

Shoulder Surfing

In crowded places, attackers might watch over your shoulder to steal passwords as you type them. Password managers minimise this risk by eliminating the need to manually enter passwords.

Insider Threats

Password managers protect against internal threats by limiting access to sensitive information. Organisations can restrict access to the password manager's master password, ensuring only authorised personnel can retrieve the stored credentials.

The adoption of a password manager is a critical step towards fortifying your digital security and safeguarding your sensitive information. By generating strong, unique passwords, protecting against various cyber threats, and offering convenient access to your online accounts, password managers prove to be indispensable tools in the fight against cybercrime. Embrace the power of password managers and take control of your digital world with confidence and peace of mind. Remember, your passwords are the gatekeepers to your online world, and with a password manager, you hold the keys to their fortified protection.


81% of breaches are due to a failure to secure passwords, credentials and secrets, you can remove that risk by adding a password manager to your security stack. It's an excellent addition to your multi-layered security.

At Actisoft Technology we look to make you secure so that you can Work From Anywhere (WFA) not just in the office or at home, take your protection with you wherever you go.


Talk with us about how Keeper password manager can help you mitigate the risk to your organisation from weak passwords.

]]>Tue, 01 Aug 2023 13:47:33 +0000<![CDATA[Unraveling the Web of Deception: Exploring the Different Types of Phishing]]>https://www.actisofttechnology.com/blogs/post/unraveling-the-web-of-deception-exploring-the-different-types-of-phishingIn the vast and interconnected world of the internet, phishing has become one of the most prevalent cyber threats. Phishing is a deceptive tactic used ]]>

In the vast and interconnected world of the internet, phishing has become one of the most prevalent cyber threats. Phishing is a deceptive tactic used by cybercriminals to trick unsuspecting individuals into divulging sensitive information, such as login credentials, financial data, or personal details. As technology evolves, so does phishing. In this blog, we'll delve into the various types of phishing attacks that have emerged, shedding light on their methods, potential consequences, and ways to stay protected. The below is far from an exhaustive list.

Phishing

Phishing is one of the most common and traditional forms of phishing attacks. Cybercriminals send fraudulent emails, masquerading as legitimate organisations, such as banks, government agencies, or popular online platforms. These emails typically include enticing subject lines and convincing content, urging recipients to click on malicious links or provide their confidential information. The links lead to fake websites designed to steal user credentials, ultimately compromising their accounts and personal data.

Spear Phishing

Spear phishing is a highly targeted and personalised form of phishing. Unlike generic phishing, spear phishing attacks are tailored to specific individuals or organisations. The perpetrators conduct extensive research on their targets, utilising information from social media, public records, or data breaches to craft convincing messages. As a result, the chances of success in tricking the recipients into revealing sensitive information or clicking on malicious links are significantly higher.

Whaling

Whaling is a specialised and sophisticated form of phishing attack that targets high-profile individuals, such as top-level executives, CEOs, company founders, politicians, celebrities, or other individuals with significant authority, influence, or access to valuable information. It is also known as "CEO Fraud" or "BEC" (Business Email Compromise) targeting.

Smishing (SMS Phishing)

With the increasing use of mobile devices, cybercriminals have shifted their focus to exploit text messages for phishing attacks. Smishing, or SMS phishing, involves sending deceptive text messages containing links to fake websites or asking recipients to reply with personal information. The messages often pose as notifications from trusted sources, making it easy for users to fall victim to this form of phishing

Vishing (Voice Phishing)

Vishing, short for voice phishing, relies on social engineering through phone calls to deceive individuals. The attackers pretend to be legitimate entities, such as bank representatives or tech support personnel, to trick victims into revealing sensitive information. Vishing attacks often use tactics like caller ID spoofing to appear more convincing and trustworthy

Pharming

Pharming is a more sophisticated type of phishing that involves compromising the domain name system (DNS) or poisoning the local DNS cache. This manipulation leads users attempting to access a legitimate website to be redirected to a fraudulent one without their knowledge. As a result, victims unknowingly provide their sensitive information to malicious websites, believing they are interacting with genuine platforms.

Search Engine Phishing

Search engine phishing leverages manipulative techniques to place fraudulent websites at the top of search engine results. Unsuspecting users looking for specific information may unknowingly click on these malicious links, leading them to fake websites designed to steal their credentials or infect their systems with malware

Clone Phishing

Clone phishing involves creating replicas or clones of legitimate emails, often targeting users who have already received a genuine email from a trusted source. The attackers modify the content slightly, either by attaching malicious links or using a sense of urgency to prompt the recipient to take immediate action. This form of phishing aims to exploit the recipient's trust in previously received communications, increasing the likelihood of successful deception

Phishing attacks continue to evolve and adapt to the changing digital landscape. Cybercriminals employ a wide range of tactics to lure unsuspecting victims into their traps, stealing sensitive information and causing substantial harm. Being aware of the various types of phishing attacks is crucial in maintaining online security.

To protect yourself, always verify the legitimacy of emails, messages, and websites. Use strong, unique passwords for each online account, enable two-factor authentication whenever possible, and keep your devices and software up to date with the latest security patches. Vigilance and cybersecurity awareness are the keys to staying one step ahead of these malicious actors and safeguarding your digital identity and assets

Want to reduce the risk to your organisation from phishing? We have many options that can be combined to give you Defence-in-Depth protection such as our Security Bundles, Security Keys and of course Security Awareness Training

]]>Tue, 25 Jul 2023 18:49:56 +0000<![CDATA[Insider Threat: Is there an Enemy Lurking Within Your Business?]]>https://www.actisofttechnology.com/blogs/post/insider-threat-is-there-an-enemy-lurking-within-your-businessInsider threats represent a huge security risk to all organisations, and research suggests that the average cost is almost twice that of other types o ]]>

Insider threats represent a huge security risk to all organisations, and research suggests that the average cost is almost twice that of other types of breach.  Whether the people behind the threats are acting nefariously or are completely oblivious to what they’ve done, the impact is just as serious. While business leaders are becoming more aware of the risk of insider threats, many organisations still lack the resources and knowledge to protect their data. In this article, we’ll take a look at the different types of insider threat, discuss the associated costs and show you how to mitigate risk. 

What is an Insider Threat?

The term “Insider Threat” is used in the cyber security industry to describe any kind of threat posed by individuals from within an organisation. This can include current employees, stakeholders, contractors, board members, partners and previous employees. Basically, it refers to anyone who has the potential to access networks and put them at risk, whether intentionally or accidentally. The kind of information at risk of being compromised might be financial records, customer and employee data, passwords, business contracts or details of the organisation’s security procedures.

Insider Threats fall into two broad categories: intentional and unintentional. 
Intentional Threats tend to come from disgruntled employees, current staff members or contractors who misuse systems for their own personal gain and/or to cause disruption. People may work alone or in partnership with others, such as hacking organisations or business competitors.

Unintentional Threats are down to user error and lack of awareness. Those without adequate training and knowledge about cyber security issues can inadvertently put their networks at risk by falling prey to phishing scams, exercising poor password security or sharing data on compromised devices.

Different Types of Insider Threats

There are several different types of insider threat:

Second Streamers

This refers to current employees who intentionally misuse their organisation’s confidential data, either for financial gain or while working in partnership with others. Second streamers are thought to account for about 62% of all insider threats.
Angry Ex-Employees

When people feel wronged, they sometimes want to seek revenge – and compromising valuable data is a great way to do it. About 29% of disgruntled ex-employees committing deliberate sabotage do so for personal financial gain, while others act purely maliciously and want to cause as much damage and disruption as possible. 

Inadvertent Insiders 

This is one of the most common types of insider threat facing organisations today, and it’s all down to user error. People often don’t realise they’ve made a mistake (such as clicking on a dodgy link or sharing financial records with a convincing fraudster) until it’s too late, which is why it’s essential for all employees to have robust, regular cyber security awareness training. 

Persistent Non-Responder

If you regularly hear someone say something like “all these security measures are just a waste of time, who would want to attack us anyway?” you’re probably dealing with a persistent non responder. Anyone who consistently refuses to adopt appropriate security protocols and continues to share passwords or use insecure devices is a risk – and it’s not always who you might expect. CEOs and board members are often the worst offenders.

How to Mitigate Risk 

The cyber security landscape is constantly evolving and notoriously complex, so it’s impossible to completely eliminate risk. However, by adopting a multi-layered approach and ensuring you’re completely transparent about what you expect of your employees, it’s entirely possible to significantly reduce the risk of insider threats. Here are just a few measures you can take to protect your organisation:
    • Undertake regular risk assessments to assess the likelihood of an attack
    • Ensure all staff have regular security awareness training
    • Maintain close management of all user permissions and ensure that leavers are immediately removed from your systems
    • Undertake penetration testing at least once a year
    • Implement 24/7 network monitoring 
    • Organise a cyber security assessment/simulated phishing attack
    • Set up a managed detection and response system 
Minimising the risk of insider threats doesn’t have to be hard work when you have the right team on your side. Contact our friendly specialists at Actisoft today to find out how we can help.

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!
Try It Now!
]]>Tue, 12 Jul 2022 16:39:33 +0000<![CDATA[What Are Social Engineering Attacks and How Can You Prevent Them?]]>https://www.actisofttechnology.com/blogs/post/what-are-social-engineering-attacks-and-how-can-you-prevent-them is a common tactic used by cyber criminals to manipulate people into sharing confidential information.  Hackers exploit people’s trust, knowing ]]>
is a common tactic used by cyber criminals to manipulate people into sharing confidential information.  Hackers exploit people’s trust, knowing that when we’re under pressure we may be more likely to make mistakes. The kind of information hackers seek out varies, but commonly includes bank account details, personal information and company files. Social engineering is a common tactic used by cyber criminals to manipulate people into sharing confidential information.  Hackers exploit people’s trust, knowing that when we’re under pressure we may be more likely to make mistakes. The kind of information hackers seek out varies, but commonly includes bank account details, personal information and company files. 

Hackers love to use social engineering because it’s easier to trick someone into sharing their password than to spend time trying to hack into an account. So, they lull victims into a false sense of security by gaining their trust and pretending to be someone else. 

Social engineering attacks take many forms, but they commonly look like emails and messages from friends and trusted organisations:
Emails from Friends

Hackers spend a while collecting information about their targets, so if your social media followers and friends list are publicly visible it’s relatively easy for them to create fake email from a friend. These messages contain links, videos or images that include malware, so if you click on them they’ll gain instant access to your device and all your vital information. 
Emails from Organisations 

These kinds of cyberattack are known as phishing emails. Like fake friend emails, these can be very convincing and are designed to look like they’ve come from trusted sources, such as HMRC or your bank. 

Once hackers have gained a target’s trust, they will create a sense of urgency by asking for help. This might be in the form of a desperate friend being stranded in a foreign country and needing some funds to be wired to them urgently, or a financial institution asking for you to verify personal information.  They may also send a message claiming you’re the winner of an online competition, or pretending to be your boss or co-worker asking for client details. 

The Cost of Social Engineering 

The monetary cost of social engineering attacks on businesses vary according to different sources, from anywhere to £25,000 to upwards of £4 million. 

The biggest social engineering attack recorded to date was led by Evaldas Rimasauskas, who successfully targeted Google and Facebook. He set up a fake company and bank account, posing as a computer manufacturer who worked with the two tech giants. His team of scammers then sent phishing emails to a number of employees within Facebook and Google, attaching invoices for work that had been genuinely undertaken by the real manufacturing company.  The money was then deposited into fraudulent accounts, and over the course of two years over $100 million was extorted. 

But perhaps the most important – and most often forgotten – impact of social engineering attacks is the human one. The guilt and shame associated with clicking on an infected email and causing huge organisational damage is too much for some people, with victims becoming depressed or developing severe anxiety. Two people are thought to have committed suicide following the Ashley Madison cyber-attack of 2015, and many others have lost their jobs and livelihoods.
How to Protect Yourself Against Social Engineering Attacks

Since social engineers like to act when people are more likely to be under pressure, it’s important to try to stay mindful and vigilant at all times. Here are some ways you can minimise the risk of a successful attack:

  • Report and delete any messages that ask for financial information or passwords
  • Set your spam filters to “high” and regularly check your folders to ensure no legitimate emails are in there 
  • Install robust anti-virus software, firewalls and email filters on all devices and user accounts
  • Use multi-factor authentication and strong passwords, so even if anyone does manage to get hold of your password they’ll still be asked to provide further information if their credentials aren’t familiar
  • Double check all email addresses claiming to be from friends or trusted sources before you respond – particularly if they contain links or ask for information
  • Be wary of tempting offers – if it looks too good to be true, it probably is
  • If in doubt, stop. Taking a few minutes to check whether something is legitimate is a lot less time consuming than clicking a link in haste
To find out more about how to keep your organisation safe, contact our friendly team of Cyber Security specialists at Actisoft Technology today.

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!
Try It Now!
]]>Fri, 01 Jul 2022 09:47:38 +0000<![CDATA[Your Money or Your Data! A Guide to Ransomware]]>https://www.actisofttechnology.com/blogs/post/your-money-or-your-data-a-guide-to-ransomwareWhat is Ransomware?  Ransomware is a kind of malicious code that renders a device, server or file unusable until a payment is made to a cybercrimi ]]>
What is Ransomware? 

Ransomware is a kind of malicious code that renders a device, server or file unusable until a payment is made to a cybercriminal. Attacks have more than doubled since 2020, and a recent study found that incidents reported to the ICO grew from 326 to 654 between 2020 and 2021. Actual figures will be much higher, as not all incidents are reported (although of course they should be!). The heavily impacted sectors according to the report are finance, education and insurance, but all sorts of businesses have been affected.

Over the years ransomware has evolved and become increasingly sophisticated. While some malicious software of this kind just encrypts certain files, others have the power to completely destroy entire file systems.
How it Works

As soon as the malware has been installed – usually as the result of a user clicking on a link – the hacker takes control of the system and freezers the user out until they pay up. They often ask for payment in Bitcoin, due to its anonymity, but cyber criminals will sometimes ask for bank details or other types of payment such as Amazon gift vouchers too. Even once the ransom has been paid, there’s no guarantee users will regain full access to their files afterwards. In fact, while over half of victims pay up, but only 8% get all their data back.

The Cost of Ransomware Attacks

According to Yubico, the average cost of a ransomware attack was $1.85 million (£1.4m) in 2021. Along with the initial monetary demands, other costs include business downtime, lost sales, operating costs and legal fees. In the case of attacks where more sensitive information is compromised, costs can be as much as $4.44 million (£3.5m).
There are severe reputational costs to consider too. New strains of ransomware can affect entire supply chains, which puts partner organisations and their customers at risk. Under GDPR regulations all breaches must be reported to the ICO, which means they are also made public. Insurance companies are less likely to touch organisations that have been hit hard by ransomware attacks, and if they do, you can expect your premiums to rocket.

Once an organisation has been targeted – and agreed to pay the ransom – they then become an easy target for future ransomware attacks.

Although most cybercriminals are motivated by money and other financial rewards, others act out of spite or for political reasons. They often use a range of different methods to extort money or information, and in some cases if ransoms aren’t paid they’ll even go as far as contacting customers direct and demanding money from them. 

How to Prevent a Ransomware Attack 

A while ago, all you needed to protect against a ransomware attack was a secure backup system and fast data restore process. Things have changed in recent years. At their worst, modern attacks can bring entire organisations to their knees, so traditional methods are no longer enough, so you need a more comprehensive, multi layered line of defence in place. 
But as with most other cyber-attacks, the best way to avoid a costly ransomware attack is by creating a culture of awareness and making sure your staff have the right training. Malicious software can only be installed if a human allows it, so it’s essential that everyone knows what to look out for. 

Here are some steps you can take to minimise the risks:
    • Make sure everyone in your organisation is trained and knows to never click on unverified links
    • Have all your emails scanned for malware
    • Install firewalls and Endpoint Protection 
    • Only ever download from trusted sites that your IT team have approved
    • Keep regular backups of all your files
    • Avoid using public Wi-Fi 
    • Never allow unverified, unfamiliar USBs in any of your devices
    • Install robust security software 
    • Never share sensitive data with anyone you’re not 100% certain of 
As specialists in cyber security, our team at Actisoft can talk you through all the risks and provide you with all the tools you need to avoid a ransomware attack. From firewalls and Endpoint Protection to Cyber Essentials accreditation and much more, we’re here to help. 
Get the Manual

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!
Try It Now!
]]>Mon, 20 Jun 2022 10:50:48 +0000<![CDATA[National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation]]>https://www.actisofttechnology.com/blogs/post/national-health-service-becomes-the-latest-victim-of-a-credential-harvesting-phishing-operationBlog courtesy of KnowBe4 Written by Stu Sjouwerman Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resul ]]>
Blog courtesy of KnowBe4
Written by Stu Sjouwerman
Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.

According to security researchers at email protection vendor Inky, the 139 compromised NHS accounts were being misused from October 2021 until March of 2022 as the cornerstone of further phishing attacks attempted to either harvest credentials to major online platforms, or to trick victims into providing banking details.

Emails were likely sent using two IP addresses serving as SMTP relays for the NHS’ 27,000+ users, allowing attackers to work remotely. What may have allowed this attack to remain undetected for 6 months was the number of emails being sent:
You’ll note the dramatic spike in the number of emails sent in March of this year, likely drawing attention to the attack.

Emails impersonated both the NHS and individuals within, using NHS email footers, and names of compromised individuals to add credibility to the scams.
While there were only 139 compromised email accounts (out of over 27,000, according to the NHS), it literally only takes a single phishing email to alter the course of an individual or an organisation. Because most phishing scams need to get the victim to focus on one response action (e.g., clicking a link or opening an attachment), the scams can generally be identified pretty easily, if the user is vigilant.

And this vigilance comes with education through Security Awareness Training designed to help users understand the nature of phishing attacks, social engineering techniques, and the role they play in corporate cybersecurity.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
Go Phishing Now!
]]>Thu, 16 Jun 2022 15:30:26 +0000<![CDATA[What You Need to Know About Phishing: The Biggest Threat to UK Organisations]]>https://www.actisofttechnology.com/blogs/post/what-you-need-to-know-about-phishing-the-biggest-threat-to-uk-businesses-in-2022Phishing is an attempt by cybercriminals posing as legitimate institutions, usually (but not always!) via email, to obtain sensitive information from ]]>
Phishing is an attempt by cybercriminals posing as legitimate institutions, usually (but not always!) via email, to obtain sensitive information from targeted individuals. 

These attacks are on the rise, with more than 80% of organisations being targeted in 2021 alone. One of the most frustrating things about phishing is that these attacks are becoming so realistic and sophisticated that it’s becoming increasingly hard to spot them. So, even if you think you know everything there is to know about online scams, it’s still surprisingly easy to get caught out.

There are many different types of phishing, but in this post we’ll concentrate on the most common types affecting UK businesses right now. 
Email Phishing 

Most phishing attacks are deployed via email, and hackers are getting really good at creating fake accounts that look just like the real thing. They register fake domains that mimic well known organisations (such as Amazon, the NHS or Google) and send thousands of generic emails in what’s known as a “spray and pray” approach. The idea is that if they send a massive amount of emails, at least a few people will respond. 

These attacks are on the rise because they work. The fake domains they create are so realistic that targets have to look really closely – they copy the logos and font type exactly, and often just one character is out of place in the email address. Many recipients see something that looks very familiar and assume it’s safe. As soon as they click on the link or download the attachment, it’s too late.
Spear Phishing

This is a more sophisticated type of email phishing attack. Instead of using a “spray and pray” approach cyber criminals will target particular people within an organisation, which involves more time and effort. 

Before they send their malicious emails, hackers will have gathered important information about their targets including things like their name, job title, work location, email address and other specific information about their role. These attacks are particularly hard to identify because they address the user by name and often refer to other members of staff, meetings or work activities that are familiar to the target. Unlike the email scams of old, they’re often written in perfect English and seem totally legitimate – so it’s often only a matter of time before the hacker has access to the user’s data.

Whaling 

Whaling attacks go a step further, and are usually aimed at senior staff members within an organisation. Whaling emails tend to be more subtle, and they’re less likely to use tricks like fake links. Instead, they’re likely to pose as a CEO or board member requesting vital information or the transfer of funds. The hackers create a sense of urgency, saying things like “I know you might be busy but really need you to get this done now” and they rely on employees being keen to keep their bosses happy.
Angler Phishing

This is a relatively new form of attack, which is deployed via social media. Hackers share posts including fake URLs, cloned websites and infected links and use instant messages to encourage victims to download malware. Cyber criminals keep an eye out for customers contacting organisations with complaints, then hijack the organisations’ social media accounts and ask for the customers to provide their bank account details in order to receive a refund. Of course, that refund never happens, and scammers walk away with valuable data and banking information. 

Smishing and Vishing 

These are more like old school hacks because they take place over the phone rather than via email, but they’re no less damaging. In a smishing attack, the victim will receive a text message asking them to follow a link or download a piece of software to their phones, while a vishing attack involves a telephone conversation. A common tactic is for criminals to pretend to be calling from a bank, alerting victims to suspicious activities on their accounts. Attacks of this kind can look incredibly realistic these days, and hackers rely on the fact that when people are stressed and under pressure they’re more likely to make silly mistakes. 
Phishing attacks are estimated to cost the UK economy over £5 billion a year. The best way to prevent these attacks is with anti-phishing and anti-spam software, but it’s also essential to stay aware and on guard – which goes for smishing and vishing too. This means ensuring all staff are regularly trained and understand how to spot a potential threat.

For more detail about different types of phishing, our partner Fortinet has put together a comprehensive list you can also visit our Phishing page. We are also happy to talk to you about the most common threats to your organisation and deliver cyber security training. Contact us today for a no obligation quote!

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone
Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!
Try It Now!
]]>Wed, 15 Jun 2022 12:28:33 +0000<![CDATA[Top Cyber Threats to SMEs]]>https://www.actisofttechnology.com/blogs/post/top-cyber-threats-to-smes-in-2022....and-more-than-likely-beyondIf you’re running a small to medium sized business, it’s easy to think that you might not be a big enough fish to attract the interest of cyber crimin ]]>
If you’re running a small to medium sized business, it’s easy to think that you might not be a big enough fish to attract the interest of cyber criminals. But the truth is, small organisations are just as much at risk of hacks and other security threats as huge corporations – in fact, being smaller may make you more of a target. 

Attackers are targeting thousands of businesses every day, and those with less robust defences in place make much easier prey than bigger organisations who can invest more time and money into cyber security. 

Hackers also love targeting small businesses because they often deal with large sums of money and have great contacts – which means there’s lots of lovely data to steal.

It's often said that knowledge is power, and that’s certainly true when it comes to cyber-crime. The owners and managers of SMEs need to be aware of the risks, which is why we’ve put together this short article outlining the most common cyber-attacks right now and what we have seen.
1) Phishing 

By far the most prevalent – and damaging – threat facing small and medium sized businesses in 2022 is phishing. These attacks account for 90% of all breaches; a figure that’s grown by 65% since 2021. Phishing attacks are when a hacker sends an email pretending to be from trusted contact, tricking the recipient to click on a malicious link, download a code or share sensitive information. There are several types of phishing attacks you need to know about:

  • The spray and pray approach, which is where hackers send out thousands of emails all at once, in the hope that one or two will bite
  • Spear phishing: a campaign that targets a particular person or organisation and includes information which is known to be of interest to the specific target
  • Whaling: an even more targeted and carefully executed attack, where the hacker goes after a specific C level executive in the organisation 

Phishing attacks are becoming increasingly sophisticated, which means that even if you think you’ve seen it all before, you could still be caught out.
2) Ransomware 

Ransomware is a type of malicious software which prevents or restricts users from accessing their computer systems and data, commonly by locking their screens and/or files until they pay a ransom. Like other cyber-attacks, ransomware technology has become more sophisticated over recent years. A popular attack at the moment is a breed of ransomware known as “cryptoransomware” where files are encrypted and users are forced to send an online payment in return for a decryption code.

Hackers will push for payments in all sorts of ways, though. The costs vary according to the type of ransomware being used and different exchange rates. Users are often asked to pay their ransoms in bitcoin, because it offers a greater level of anonymity, but hackers also list alternative options such as Amazon gift cards or iTunes vouchers. Sometimes it seems like an easy option to just pay up, but it should be noted that paying the ransom is no guarantee your files will be returned.
3) Social Engineering 

Social engineering plays a huge role in cyber-crime. Even though advances in technology have been behind more sophisticated attacks, those attacks can only be properly deployed by a human. So, hackers work hard to understand how people think and manipulate them into making security mistakes or sharing valuable data. Social engineering happens in several phases. First, the hacker investigates their victim and identifies any weaknesses in their security systems. Next they start to gain their trust, either by sharing information the victim might be interested in or by pretending to be a trusted contact. Then, when the target lets their guard down and begins to trust the hacker, they’ll go in for the kill. 
4) Insider Threat 

Insider threats are posed by individuals from inside an organisation. This can include current or previous staff members, partners and contractors with access to passwords and company data. These individuals may act maliciously, intentionally stealing data or infiltrating systems for personal gain, but often they’re completely unwitting. Lack of awareness about cyber security issues can turn the most diligent worker into an insider threat, so it’s important to have robust policies and training measures in place. 
5) Shadow IT

Shadow IT is a term covering the use of different IT systems, apps, services and devices that haven’t been approved by an IT department. Since Cloud services have become more popular, and also since the first lockdown, the use of Shadow IT has grown exponentially. New technology drives innovation and can deliver huge cost and time savings, but without the right security measures in place it also poses a huge risk.


6) Software Exploits

A software exploit is a code that’s been written to take advantage of a particular vulnerability or flaw in a piece of software. Although security professionals sometimes develop these exploits as evidence of vulnerabilities, they’re also widely used by hackers with malicious intent. 


The purpose of this article is to provide you with an overview of the most common threats to your organisation. We’ll go into more detail about each type (and a few others!) in our next articles. In the meantime, if you want to know more about how to protect your SME from cyber threats, get in touch!

Are your users putting a big target on your organisation’s back?

Cybercriminals are constantly coming out with new ways to hack into your network and steal your organisation’s confidential information.

Find out if your users are putting a big target on your organisation’s back.

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organisation’s hidden exposure risk associated with your users.

PET makes it easy for you to identify users with exposed emails publicly available on the web, and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!

Here's how it works:

  • Checks to see if any of your organisations email addresses have been part of a data breach
  • Tests against 10 types of weak password related threats associated with user accounts
  • Checks against breached or weak passwords currently in use in your Active Directory
  • Reports on the accounts affected and does not show/report on actual passwords
  • Just download the install, run it, get results in minutes!
    Identify how many users take the bait and reply before the bad guys do! 
    Try It Now!
    ]]>    Fri, 10 Jun 2022 11:13:34 +0000