Blog

Pondering thoughts and random ramblings from Hightrees Organisation Limited

The Role of Human Cyber Risk

The Role of Human Cyber Risk 150 150 Small Business IT Solutions
Human Risk Report Example

How long would it take an attacker to breach your business?

This is how your data can potentionally expose your small business – its not rocket science, but sometimes covering the basics is often overlooked.

You or your users’ credentials are exposed on the Dark Web

Millions of stolen data records, including usernames and passwords, are added and sold on the Dark Web every year. 63% of businesses reported the loss of sensitive data in 2019.

Compromised credentials are used for phishing & social engineering

Users often re-use the same password for multiple accounts, making it easy for attackers to conduct business email compromise (BEC). 88% of companies faced targeted phishing attacks in 2020.

Human error is exploited and your business is breached

Criminals prey on unwitting users and human error, such as downloading malicious attachments, as a gateway to corporate data. 95% of successful data breaches come from human error.

Did you know you can calculate your human cyber risk and help boost your resilience ?

Get your free report to learn:
» Your users’ overall human risk score
» Their resilience to social engineering
» Your company’s ‘time-to-breach’
» How to tackle your human risk areas

Reclaim your personal time + phone number !

Reclaim your personal time + phone number ! 150 150 Small Business IT Solutions

Many small businesses start by giving their home or mobile numbers out to their customers. Keeping the costs down initially helps and new business so using a phone number you already have makes sense.

Your number is put on business cards, social media and websites – you need people to be able to contact you. 

Roll forward a few months……

  • The phone rings when you are on holiday
  • Calls come in outside your normal working hours
  • You already on a personal call and another one comes in
  • Taking a trip overseas – mobiles costs can be expensive

Can you afford NOT to answer your mobile, it may be a new client or a long-standing customer?

Do you give up your personal time to answer a call on the offchance ?

Reclaim control of your phone and your time

Control your phone, not the other way around

Our VoIP telephone system allows you to easily get a phone number for your business in 5 easy steps

  • Choose your a telephone number – keep it local or go national
  • How many users do you need (i.e who needs to be able to make/receive calls)
  • Choose a PAYG Tariff or get unlimited calls per month for each user.
  • Setup what happens when someone rings you & when you are available
  • Install the free VoIP app on your mobile or desktop

That’s it ! 

When someone calls your new telephone number, your app will ring – you know it is a business call and you can choose how to deal with it.

Clease check out all of our VoIP system features or contact us about our VoIP telephone system.

If your mind is already made up – head over to our VoIP Portal to get started.

WFH with VoIP

WFH with VoIP 150 150 Small Business IT Solutions

Move from the office, to home and back to the office with ease.

VoiP on your laptop, mobile or handset
Don’t be tied to your office phone line – work from anywhere !

One of the key benefits of VoIP during these “interesting” times is unlike your business premises, it isn’t tied to a location.
With our free VoIP apps , you can answer business calls as if you were in the office.

No matter your location, your customers and clients won’t even know the difference.

Never get caught off guard.

Global pandemic, local lockdown or personal emergency ?

It’s business as usual with VoIP.

If you can’t get into the office, or need to work from home, your business phone system won’t be holding you back. Using our apps, or by taking your handset home, your office phone number travels with you. No diverts, no extra incurred costs, no need to disclose your personal mobile.

Business Hours Changing ?

Need to reduce your business hours, either due to lockdown or some other reason ?

You can make use of our Time Diaries function to change functionality easily. Toggle call routes on or off at particular times of the day to suit your business or personal needs.

Keeping your customers up to date.

Keeping your customers informed of change is important.
Let your VoIP system can do the hard work. Simply record your “news” and play it to callers before you even pick up the phone.
This is ideal for schools and clubs where you have many callers asking for the same information.

Busy or unavailable – don’t miss a message.

Get the right information to the right people easily.


The easy to use call route menu helps guide your callers to the right person or department.This helps you process your calls and can make life easier for your customers.
Can’t take the call or demand is high ?You won’t always be free to take calls, no matter the situation. Everyone needs a brew right ?
Give your callers the option to leave a voicemail, to free up their time and reduce “on hold” frustration.
Voicemails are emailed to you automatically. No need to “check the machine” , just your email.

Unexpected Business boost or need to downsize ?

Some businesses are actually flourishing and growing in these Covid times, sadly some are not doing as well.
Getting your staff set up with the service is as simple as adding them to the system and call routes.
There’s no need to arrange for engineers to come in and install new phone lines or extra equipment.
All you need is an internet connection.
Users can be added or removed from your VoIP plan at any time.

Make your phone system do the work.

These are just a few of the ways in which a VoIP phone system can simplify the switch between remote working and being in the office.
If you’ve been restricted by your business phone system during recent times, you’ll be glad to know that switching your telephone service is easy.


Interested in making your telephone system work for you, not the other way around. ?
It’s time to get in touch with us to chat about our VoIP solutions.

The virtual Didmarton Bluegrass Festival 2020

Virtual Bluegrass Event with real products

Virtual Bluegrass Event with real products 1279 2000 Small Business IT Solutions

One project we have worked on recently was introducing a new online store for Didmarton Bluegrass Festival.

Due to Covid, the UK’s premier Bluegrass, Americana and Old-Time music festival couldn’t take place this year.
The Didmarton Bluegrass organisers worked hard to host a 2 day online, virtual festival via Facebook and wanted to make the experience a little more real by setting up an online store.

A very busy 2 days sorting out SSL certificates, creating merchandise, sorting artwork, testing products and shipping and fine tuning testing payment processing resulted in their online Didmarton store being live – just in time for the first performance.

You can till get your hands on the 2020 Didmarton Bluegrass Festival goodies including a limited edition t-shirt or hoodie !

Hit up the Didmarton Bluegrass Festival Site to check out their range of products

Laura Lian John Lennon Statue

New website for local Artist

New website for local Artist 2560 1784 Small Business IT Solutions

After Hightrees responded to a plea on a local Facebook Group, we’ve just launched the new website for local Artist Laura Lian.

Laura needed to do some work on her website but due to the previous design and lack of maintenance this proved to be quite complex.

The new website focuses more on the images rather than the text, allowing Laura to showcase her art pieces, including her John Lennon Peace Statue.

Behind the scenes, we’ve made some improvements to the SEO aspects of the site and have made some recommendations for further improvements.

A lots of the images on the site were not in a digital format originally so these will be replaced over time.

Due to an important Press function, the website needed to be up and running in less than 3 days. This included redesigning the entire site, adding all of the content and images and going live.

With a few early starts and late nights, the site was made live today with a couple of hours to spare !

Take a look at the new Laura Lian website

We can’t promise a fast turnaround all the time, but if you need to revamp your website, please get in touch.

The New Normal ? We can help you with that

The New Normal ? We can help you with that 150 150 Small Business IT Solutions

One of the highlights of the recent lockdowns has been the ability of businesses, of all sizes, to cope.

Many small businesses have had to adapt and embrace new technology as they could no longer operate on a face to face basis. Something that wasn’t considered important previously.

Our new phone system allows you to adapt as your stafing and business needs change in these “new normal” times.

No nonsense, easy to use telephone solution that gives you the ultimate control and staying in contact with your clients.

How can VoIP help my business ?

Open and close the office at a moments notice but still be available for your clients.

  • Using our system, your phone line isn’t tied to your premises so you can answer your office calls from anywhere, easily.
  • Talk your office calls on your mobile or a simple web browser or take your handset home.
  • Voicemails are emailed to you so no need to “check the machine”.

Need to setup an information line for your clients ?

  • Simply record your message and it is played to anyone calling your busines, or create a specific information line number.
  • Change your message easily – record the audio on your laptop or direct via VoIP System.

Keep you customers and clients updated in a simple and easy way.

Dont pay for diverts !

If you or your staff need to work from home, there is no need to divert calls to personal mobiles or start the “telephone tag” game.

  • Our phone system can be used via a handset so each user can access their “extension” via a handset, our free mobile app or even a web browser or all three!

You can keep your mobile number private and your customers see calls from your normal business number.

Aren’t these VoIP systems very technical ?

Your VoIP telephone system setup is available to change just using a a web browser.

How you handle your calls is entirely under your control, via a simple flow chart style approach

A simple example of call routing – incoming calls rings User 1001 (which is actually a handset AND mobile app), if no answer it gets sent to voicemail.

Isn’t VoIP Expensive ?

How does 2 users and a local phone number for under a £10 per month sound ?

  • Go PAYG so you only pay for the calls you make
  • Or go “unlimited” on a per user basis to cover their calls toUK Landline & Uk Mobiles.
  • Or choose a call pack for your entire business.

Don’t forget that call bundles are only cost effective if you make a lot of calls, this applies to any form of phone deal.

Handy Hint : Once you start regularly hitting the price point between PAYG and “Bundle” you can change your tariff via Your Account.

Sounds good – what do I next ?

Simply head over to the Hightrees VoIP Portal and get started !

New VoIP Portal launched

New VoIP Portal launched 150 150 Small Business IT Solutions

We’ve just made getting started with VoIP telephony even easier with our new self-service portal.

Use your business phone system on your laptop, mobile or VoIP Handset

Business Quality VoIP in the Cloud

Help shrink your call costs with our state-of-the-art VoIP service and feature rich switchboard in the cloud. YOU choose the call package best suited for your business needs.

PAYG, Unlimited UK (inc Mobiles!), Unlimited EU or Call Packs to cover your entire business.

Our self service VoIP system is always on, accessible from anywhere and can be customised exactly how you want it to operate your business.

What features are included?

  • SIP User Management
  • Time of Day Routing
  • Alternative Caller ID
  • Hardware Integration
  • Conference Bridge
  • Call Routes & Forwarding
  • Voicemail & Mailboxes
  • Call Management
  • Call Monitoring
  • SIP Trunking
  • Integrated IVR
  • Music on Hold
  • Call Recordings
  • Fax to Email

Your Phone System Direct To Your Device

Whether you work out of your smartphone or conduct your business through your laptop, the Hightrees VoIP app harnesses the power of your phone system direct to your device of choice.

Or use an exisiting VoIP handset – the choice really is yours.

This may mean the end of giving out your personal mobile numbers to clients when you are out of the office.

Take a look – head over to the Hightrees VoIP Portal now

Cyber Essentials and IASME Governance Certification

Cyber Essentials and IASME Governance Certification 150 150 Small Business IT Solutions

Hightrees Organisation is very happy to announce we have been successful in our assessments for the Cyber Essentials scheme and the IASME standard.

IASME GDPR Governance and Cyber Essentials
read more

Zoom-Bombing In Wiltshire

Zoom-Bombing In Wiltshire 150 150 Small Business IT Solutions

We’ve received the following from Wiltshire Police and thought it would be a handy resource for our Small Business clients.

“Since the beginning of the coronavirus pandemic and people are staying home during lockdown, we’ve been encouraged to find alternative ways to keep in touch with friends, family and colleagues. It’s important to keep talking and using technology is a great way to have face-to-face conversations, albeit digitally.

This has led to a huge influx of people downloading new platforms, one of which is Zoom – a video conference application. With its rapid rise in popularity, unfortunately comes a rise in potential risk. Users who are unfamiliar with the app and recommended security settings, can leave themselves open to incidents of ‘zoom-bombing’, whereby uninvited guests are able to hijack the virtual chat sessions with inappropriate language or display offensive or indecent images.

This can understandably be incredibly upsetting and shocking for the members attending. But it’s easy to take a few simple steps to ensure this doesn’t happen when hosting a video call:

1. Make the meeting private by either setting up a password or using a ‘waiting room’ feature which allows the host to control entry, these should both be set as a default on the App.
2. Consider limiting audio or video requirements if necessary, you can prevent attendees unmuting themselves after entry if required in the settings.
3. Limit screen sharing permissions to either just the host or trusted attendees.
If publicising the event on social media, be extra vigilant with your settings.
4. You can also record meetings in Zoom, which will help an investigation in the event of criminal activity, however you must ensure the participants are aware if any recording is being created.

Gemma Vinton, Detective Inspector for the Digital Investigations and Intelligence Unit, said “Incidents of this nature have been reported globally as well as in the UK recently, however we have now unfortunately had three reports within Wiltshire in the last week. These ‘zoom-bombings’ have involved extremely unpleasant indecent child-abuse video footage being shown via screen sharing by a meeting participant who was not known to the organisers of the video conferences.

“The meetings were publicised on social media with limited security settings so we’re urging individuals and businesses alike to remain vigilant and ensure settings are fixed correctly to prevent future occurrences.”

Police and Crime Commissioner, Angus Macpherson, added “This is an extremely malicious online crime which can have lasting effects on the victims and particularly the host of the meeting feeling responsible. It’s difficult to understand the motives: it could be pranksters simply aiming to prove that they ‘can’ infiltrate a conference and cause a stir and a bit of embarrassment; or it could stem from a much darker, more sinister place.

“The important thing to remember is it’s possible to prevent uninvited guests to your video calls, as it’s vital we all continue to stay in touch.”

Please see a useful guide containing screen shots of how to set Zoom security settings here:

Zoom Security Guide

For more information and advice on how to protect yourself against cybercrime visit the Wiltshire Police website https://www.wiltshire.police.uk/article/723/Frauds-scams-and-cyber-crime.

If you have been a victim of cyber-crime report it to the police on 101, or Action Fraud at www.actionfraud.police.uk or call 0300 123 2040.”
 
Message Sent By
Sian Rivers (Police, Communications Officer, HQ)

Hacked ? No, just spear #phishing

Hacked ? No, just spear #phishing 150 150 Small Business IT Solutions

Our emails have been hacked, this account has been compromised, I’ve notified all the other members of staff – what can we/you do ?

This was basically an email that Hightrees received from a client recently.

Upon investigation there was no hack. No activity or rogue logins on the sending email account at all.

When we actually found a copy of the email in question, it all became clear.

The email were a pretty typical but growing in use “spear phishing” email. 

So how does spearphising work ?

In a nut shell this is where an email is sent appearing to be from a known source/name but is actually not the person you think it is.

The Email Security software highlighted this email in question as potentially an issue but it couldn’t be guaranteed.

As this information might be useful to others, below is a breakdown of some things to look for :

Display name is Mr CEO
This is purely what is displayed as the person sending it. This is normally someone known to the person receiving the emails. The names of people in the Management Team, the owner, Directors etc are often available on company websites, Social Media or via Companies House.

Many businesses and organisations have email information available to the general public, so making something appear to come from “The Boss” lends an air of confidence to the email. This happens with many businesses – “it’s an email from the boss I must reply…” at first glance.

Email Address – executivecommitte286@gmail.com
As you can see, this is not a internal company email. Technically this could still be a valid email if it was a personal email account.

Email Contents
The first email was along the lines of

“I’m really busy, can you do me a favour ?”

Nothing spammy, nothing to immediately raise concerns – after all it is a message from “The Boss”.

Once a reply was sent, the tone of the email was still kept conversational and went along the lines of :

“I need to organise a prize for the next meeting, but I’m going to be tied up on a video conference – can you help me organise this please ?”

Again, no big red flags, no dodgy links – The Boss is busy and needs MY help.

There was a bit of to and fro – “give me an hour and I’ll give you the details” until the crunch point came.

I need you to get hold of some Apple iTunes gifts cards, if you can get 4 x £50 and 1 x £100 and scratch off the codes and email them to me I can do the rest. If you could do it within the next couple of hours it would be a life saver…..

This is tailored for a growing scam, where people are persuade to purchase gift cards and then pass on the codes to a 3rd party. Sometimes this is blatantly obvious and out of character for the person you think has sent the message, on other occasions it may seem normal.

The contents of spear phishing emails vary greatly, but they tend to be targeted to a specific aim rather than just dodgy weblinks as this helps the email appear genuine. Emails tend to be more conversational than typical spam/malware style attempts which helps with the “it must be genuine” feel.

As the first email that has come through is pretty basic, are you free, can you contact me – it’s human nature to respond as you think you know who you are talking to.  Once this conversation starts , you are adding to the credibility of the mail so further spam/security checks become lower.

If in doubt, always contact the person via the proper email address/telephone to confirm.

Conclusion


Luckily in this instance, somebody twigged that something wasn’t right and raised concerns.

spearphising email security image

Whilst easier said than done, it is important not to over-react in these situations. 

Panic emails mentioning danger words like “hack”, “compromised”, security etc do unintentional damage to both the users faith in the system and the supplier of any of the services mentioned, espcially if you jump the gun and email ALL of your contacts to say you have a problem.

You then run the risk of having to deal with the original problem and then dealing with the chinese whispers fall out.

Please get in touch if you would like advice on email security and the services Hightrees can offer to help protect your email systems.