The latest news from Hightrees Organisation Limited
Hightrees Organisation is very happy to announce we have been successful in our assessments for the Cyber Essentials scheme and the IASME standard.
We’ve received the following from Wiltshire Police and thought it would be a handy resource for our Small Business clients.
| “Since the beginning of the coronavirus pandemic and people are staying home during lockdown, we’ve been encouraged to find alternative ways to keep in touch with friends, family and colleagues. It’s important to keep talking and using technology is a great way to have face-to-face conversations, albeit digitally. This has led to a huge influx of people downloading new platforms, one of which is Zoom – a video conference application. With its rapid rise in popularity, unfortunately comes a rise in potential risk. Users who are unfamiliar with the app and recommended security settings, can leave themselves open to incidents of ‘zoom-bombing’, whereby uninvited guests are able to hijack the virtual chat sessions with inappropriate language or display offensive or indecent images. This can understandably be incredibly upsetting and shocking for the members attending. But it’s easy to take a few simple steps to ensure this doesn’t happen when hosting a video call: 1. Make the meeting private by either setting up a password or using a ‘waiting room’ feature which allows the host to control entry, these should both be set as a default on the App. 2. Consider limiting audio or video requirements if necessary, you can prevent attendees unmuting themselves after entry if required in the settings. 3. Limit screen sharing permissions to either just the host or trusted attendees. If publicising the event on social media, be extra vigilant with your settings. 4. You can also record meetings in Zoom, which will help an investigation in the event of criminal activity, however you must ensure the participants are aware if any recording is being created. Gemma Vinton, Detective Inspector for the Digital Investigations and Intelligence Unit, said “Incidents of this nature have been reported globally as well as in the UK recently, however we have now unfortunately had three reports within Wiltshire in the last week. These ‘zoom-bombings’ have involved extremely unpleasant indecent child-abuse video footage being shown via screen sharing by a meeting participant who was not known to the organisers of the video conferences. “The meetings were publicised on social media with limited security settings so we’re urging individuals and businesses alike to remain vigilant and ensure settings are fixed correctly to prevent future occurrences.” Police and Crime Commissioner, Angus Macpherson, added “This is an extremely malicious online crime which can have lasting effects on the victims and particularly the host of the meeting feeling responsible. It’s difficult to understand the motives: it could be pranksters simply aiming to prove that they ‘can’ infiltrate a conference and cause a stir and a bit of embarrassment; or it could stem from a much darker, more sinister place. “The important thing to remember is it’s possible to prevent uninvited guests to your video calls, as it’s vital we all continue to stay in touch.” For more information and advice on how to protect yourself against cybercrime visit the Wiltshire Police website https://www.wiltshire.police.uk/ If you have been a victim of cyber-crime report it to the police on 101, or Action Fraud at www.actionfraud.police.uk or call 0300 123 2040.” |
| Message Sent By Sian Rivers (Police, Communications Officer, HQ) |
Our emails have been hacked, this account has been compromised, I’ve notified all the other members of staff – what can we/you do ?
This was basically an email that Hightrees received from a client recently.
Upon investigation there was no hack. No activity or rogue logins on the sending email account at all.
When we actually found a copy of the email in question, it all became clear.
The email were a pretty typical but growing in use “spear phishing” email.
In a nut shell this is where an email is sent appearing to be from a known source/name but is actually not the person you think it is.
The Email Security software highlighted this email in question as potentially an issue but it couldn’t be guaranteed.
As this information might be useful to others, below is a breakdown of some things to look for :
Display name is Mr CEO
This is purely what is displayed as the person sending it. This is normally someone known to the person receiving the emails. The names of people in the Management Team, the owner, Directors etc are often available on company websites, Social Media or via Companies House.
Many businesses and organisations have email information available to the general public, so making something appear to come from “The Boss” lends an air of confidence to the email. This happens with many businesses – “it’s an email from the boss I must reply…” at first glance.
Email Address – executivecommitte286@gmail.com
As you can see, this is not a internal company email. Technically this could still be a valid email if it was a personal email account.
Email Contents
The first email was along the lines of
“I’m really busy, can you do me a favour ?”
Nothing spammy, nothing to immediately raise concerns – after all it is a message from “The Boss”.
Once a reply was sent, the tone of the email was still kept conversational and went along the lines of :
“I need to organise a prize for the next meeting, but I’m going to be tied up on a video conference – can you help me organise this please ?”
Again, no big red flags, no dodgy links – The Boss is busy and needs MY help.
There was a bit of to and fro – “give me an hour and I’ll give you the details” until the crunch point came.
I need you to get hold of some Apple iTunes gifts cards, if you can get 4 x £50 and 1 x £100 and scratch off the codes and email them to me I can do the rest. If you could do it within the next couple of hours it would be a life saver…..
This is tailored for a growing scam, where people are persuade to purchase gift cards and then pass on the codes to a 3rd party. Sometimes this is blatantly obvious and out of character for the person you think has sent the message, on other occasions it may seem normal.
The contents of spear phishing emails vary greatly, but they tend to be targeted to a specific aim rather than just dodgy weblinks as this helps the email appear genuine. Emails tend to be more conversational than typical spam/malware style attempts which helps with the “it must be genuine” feel.
As the first email that has come through is pretty basic, are you free, can you contact me – it’s human nature to respond as you think you know who you are talking to. Once this conversation starts , you are adding to the credibility of the mail so further spam/security checks become lower.
If in doubt, always contact the person via the proper email address/telephone to confirm.
Conclusion
Luckily in this instance, somebody twigged that something wasn’t right and raised concerns.
Whilst easier said than done, it is important not to over-react in these situations.
Panic emails mentioning danger words like “hack”, “compromised”, security etc do unintentional damage to both the users faith in the system and the supplier of any of the services mentioned, espcially if you jump the gun and email ALL of your contacts to say you have a problem.
You then run the risk of having to deal with the original problem and then dealing with the chinese whispers fall out.
With the current situation, many small businesses will be looking at their cash flow.
Hightrees have just setup Stripe payments for our invoices, so if you need to pay by credit or debit card securely, you can do that.
Starting from April 10th, any invoices issued can be paid for, securely via Stripe if you need to. The link will be included in your invoice.
Been busy over the last couple of days sorting out a VoIP system to help the Pewsey Coronavirus Community Association.
The PCCA has been setup to help the local community deal with the local problems in the current Covid-19 situation.
From arranging meds/prescriptions to food parcels, general help and advice to dog walking – the group is aiming to help their local community in anyway they can.
We noticed a Facebook post and the problems they were having trying to operate with a single landline so we said we could try and help out.
In essence, we have created a new phone number and built a glorified answering machine. This relatively simple system will take the pressure off manning a physical line and taking messages.
The new answering service operates a menu system and voicemails are forwarded to the “team leads” for each particular service.
We’ll be looking at adding softphones remotely so callers can talk to a real person, especially important when lots of people are self isolating and contact with others is limited.
Sunday 29th March Update
After raiding the old/spare kit cupboard we’ve managed to persuade some old VoIP handsets into service. The network cable length are a bit of a guess-timate but should be good enough to allow the PCCA to operate from their central location at The Little Lunch Box in Pewsey.
Lots of business and organisations are having to change the way they work.
We have cancelled any non-business critical site visits and physical meetings.
Luckily not that many, but it is always good to catch with clients face to face over a brew.
If your small business needs any help or advice on
Please feel free to get in touch.
It doesn’t have to be a problem.
From the simplest “how do I do” questions through to a 30 user data migration – we’ve covered a lot this year !
Hightrees Organisation would like to wish all of our clients, old & new, a very Merry Christmas and a prosperous New Year !
We’re taking the opportunity for an extended Christmas Break and will be returning on 13th Jan 2020
There will be very limited e-mail support during this period.
Running a small IT company means you are competing with some pretty big companies, with more buying power both in terms of deals and advertising so at Hightrees Organisation we try to only offer services that are :
We would rather work with you, at affordable prices all year round, rather than throwing money at advertising & raising and lowering prices throughout the year, just for the sake of “insert sale of choice here” bargains.
Does that sound reasonable to you ?
First off, we’re moving over to a new invoicing system so expect a new look to your invoices.
They still get emailed to you, but over time, you will have the ability to get statements, payment records, make payments online etc.
We’ve also opened a new bank account, so your new invoices have the new payment details for you to make your payments via Bank Transfer.
Any questions ? Please get in touch.
There have been a few working weekends this year, due to clients moving services to Hightrees.
A range of projects, from Email migrations to E-Commerce to Office365.
Instead of watching 1’s & 0’s move, the time was used to catch up on some online training.
First on the cards was a refresher on Google Analytics Qualification. A very powerful tool that is often not used to its full potential via many Small Businesses. Not sure if this is down to the technical nature of the software or a lack of understanding of what you can do.
Sticking with the Google theme, a “quick” refresh on Digital Marketing Fundamentals, via Google Digital Garage. This course covers quite a broad range of topics, not all of which will be applicable to all businesses, but full of handy knowledge.
Next up, as they were on “Special Offer”, were a couple of Digital Marketing, Content Marketing and Copywriting courses on Udemy.
One of the biggest things we picked up from this range of courses, was the power of words and their use. It is very easy to get bogged down in SEO, keywords and trying to hit all the technical targets that you forget about the person reading it.
Running a Readability check on www.hightrees.org showed a lot of the pages were for Grade 13+, whereas the target is a lot lower. It also sticks two fingers up to our policy of trying to keep our IT Small Business solutions user friendly and simple to understand.
Over the coming weeks, the aim is to to be more people orientated and make things easier to read.
It sounds simple right ? but trying to juggle the balance so far is proving to be ‘interesting’ !
We’ve started revamping the website to make things less wordy and more user friendly.
It will be interesting to see how a difference in writing style reflects in the behind the scenes in Google Analytics
Watch this space…..