Someone Will Tell Me If They Get a Virus. Right?

Five Reasons Why You Don’t Need IT Support

This is part two of five blog posts which bust the myths surrounding managed IT support.

Let me tell you about an incident which slapped SupportWise in the face recently, and while we don’t see it often, it sends shivers down our spine when it does.

A client emailed the team at SupportWise with this request; “We have this spam email, please could you block it?” The technician assured the client, and got to work. The technician extracted the headers (with the user’s permission and with them present on the phone) and copied/pasted them into our trusty header analyser. Two minutes later we discover this email was legit.

Now when we say legit, we mean from a technical standpoint.

The email came from an Outlook client, sent via their mail servers and wasn’t spoofed (the SPF, DMARC, DKIM etc. all matched). It looked as if it was sent from the person in question. Normally we’d see a mismatch somewhere and block away. But this time was different. Even the email IP showed it was approximately in the area in which the user was located.

So we sat down with a coffee and decided what the plan of action was going to be. We needed a password reset on that user and maybe now was the time to implement a Two-Factor Authentication System (see our previous blog post), some form of threat protection and providing the client with more tools to look into suspicious logins.

Now while this wasn’t a virus, such a security breach is still something which companies don’t like to shout out from the rooftops. In fact, in my 10 years experience, maybe two clients have come forward and said; “Hey, X has clicked on an email – please ignore anything which looks dodgy and no we haven’t changed our bank details”. When they do this, it is before the breach has become a problem.

However, the calls we usually get are; “One of our customers has received an email from us saying that our bank details have changed and they’ve just sent a few thousand pounds off to an unknown bank account.”

Such an issue isn’t always easily detectable by the user until it is too late.

Can I Protect Myself Against This Sort of Thing?

Not directly but education is key here. Learning to recognise phishing emails, and more importantly not clicking on links is an important weapon in your arsenal against the hackers.

Also, enabling 2Factor Authentication is key in securing down your email accounts.

Many providers offer a phishing training service where they send safe emails to employees with the objective of demonstrating the dangers of phishing. So perhaps you will one day receive an email from SupportWise offering free cinema tickets by clicking on a link. Don’t click on the link. If you do you have failed the training!

What else can I do to protect myself?

There is an on-going debate about the effectiveness of anti-virus software. One could argue that this is the first line of defence, others say that it’s the last.

However, having effective up-to-date anti-virus software is a great start and will never be a waste of effort. However you’re only as strong as your weakest link. Regular checks should be made on the firmware of:

  • Firewalls and routers.
  • Printers and scanners.
  • PC BIOS / Hardware.
  • Switches (mainly managed ones).

The Role of IT Support

A good IT Support provider should have detailed knowledge of your infrastructure and will regularly keep these things up-to-date. If in doubt, ask for an overview of any hardware/software which you have in place and check each one to ensure they are running the latest versions of firmware.

You can also get your support provider to check your spam filters and ensure they are working correctly. As technology advances, support services are even more effective and providers are able to catch even the most convincing of spam emails.

SupportWise completes these audits on a regular basis and works closely with cyber security specialists to prevent breaches and protect our clients, 24/7.

We are your first line of defence in keeping your IT systems safe.

We are IT superheroes, just without the dodgy underwear.