Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    Phishing for information

    Spearfishing is exactly what you think it is and civilisations have used the method to feed from marine life for centuries. Spear phishing, on the other hand, is a relatively new way for hackers to feed from sensitive information online for their own malicious gain; be it financial, political or to cause disruption and embarrassment.
    This month, we commissioned a survey of 263 IT professionals in Irish businesses via TechPro magazine. The research gave us insights into how cyber security is driving change within organisations and IT departments.
    The research also discovered continued targeted attacks using relatively simple but highly effective means, such as phishing, against individuals within organisations. More than 48% of organisations said an employee was the subject of a personal, targeted or spear phishing attempt. In excess of a quarter organisations said they did not know if a member of their organisation had been targeted.
    Spear phishing usually looks like an email pretending to be from someone you know or another credible source like a bank or well-known brand. The origins of the email however are actually more nefarious and the sender is looking to extract money from the target or gain unauthorised access to confidential data. Signs like strange language or phrasing in the email can set off alarm bells, but often it’s hard to recognise such an attempt to hack.
    A recent Verizon data breach reports said 23% of people who receive a phishing email will open it. A further 11% will go on to click on the link or attachment. Phishing in all its guises; general, spear and whale; continues to be a very effective way for the “bad guys” to cause both personal and organisational damage.
    How to recognise phishing?
    It can sometimes be hard to spot in the heat of a busy work environment and overloaded inbox, but we all need to think twice about received emails. Remember, if in doubt – ask IT or a trusted information security expert. Here are some pointers to think about before you open an email.

    • Is this a credible source?
    • Does this person or organisation normally communicate with me in this way?
    • Do not divulge personal or financial information; a phone call to the supposed requester is best to check validity
    • Reduce spam as much as you can and make sure you have good quality firewalls, AV and other appropriate technical solutions in place
    • Thinks twice before clicking links, downloading files or opening attachments
    • Beware of pop-ups
    Insights

    Discerning the security risk to the individual and the…

    Technology has managed to further blur the line between work and personal life, which was already a fine line to begin with. Mobile devices and smart devices means we are contactable at all hours. Having access to work applications on our phones and laptops mean we can work anywhere. It also makes us more likely to swipe and refresh our work email as often as if it’s a social networking site.
    With that in mind Ward Solutions, in association with TechPro, commissioned an information security survey. The survey looked at discerning the security risk to both the individual and the organisation; a risk which has come about as the office expands into the home.
    The survey is now closed. Stay tuned for detailed results!
    Contact our team if you have any information security needs we can help you with.

    Insights

    Award Season: Ward Solutions shortlisted for Company of the…

    The team at Ward Solutions is delighted to announce that we have been shortlisted for the prestigious and competitive Company of the Year Award at the upcoming Tech Excellence Awards 2015.
    Pat Larkin, co-founder and director, Ward Solutions, said, “The nomination recognises the hard work, passion and great attitudes within our whole team. It also recognises our commitment to the customer and our mantra of always ‘doing the right thing’ by the customer.”
    Ward Solutions was shortlisted by an expert panel of judges for achievements during 2014, including growth of both revenue and employee numbers; new investment; new customer wins; new services and innovation.
    Our dedicated provision of information security services has led to a customer retention rate of over 98 per cent.
    A huge announcement for Ward Solutions last year was that we bolstered our team of information security personnel with 22 new jobs across our Dublin and Belfast offices and we were delighted that this achievement was recognised.
    Judges also considered Ward’s new services and innovation throughout 2014, which included Managed Security Service Provider (MSSP), a new eLearning platform and our popular ‘Information Officer as a Service’.
    The Tech Excellence Awards are in their fifteenth year and acknowledge excellence in implementing tech solutions, the business of marketing and implementing technology for business.
    The Awards Presentation Night will take place on Thursday 14 May in the Ballsbridge Hotel, Dublin 4, where Ward is nominated alongside five other companies for the honour of Company of the Year.
    If you want to hear more about Ward’s services, why not get in touch with the team.

    Insights

    Change your password to a passphrase for added security

    Have you ever created a login, been prompted to enter a password featuring symbols, capital letters, your next door neighbour’s maiden name and at least one number, only to completely forget it the next time you login? Which means you have to go through the whole painful process again? Well, you’re not alone.
    Passwords are a pain, but Ward Solutions is all about removing complexity when it comes to information security. We’ve put together some helpful tips from Edward Snowden, the man notorious for leaking classified information from the US National Security Agency to the media!
    John Oliver, an English writer and comedian with his own show in the US, journeyed to Russia to interview Snowden about information security, data protection and cyberattacks, and this is what he discovered.
    Password security
    Both Oliver and Snowden agreed that as hacking is a huge concern for businesses and consumers globally, it is vital that internet users are educated on password security.
    Remembering logins and usernames for various accounts and devices isn’t easy, which is why people often use an easy to remember word with five to eight characters as their password. According to Snowden, this is a big mistake.
    “Bad passwords are one of the easiest ways to compromise a system. For someone who has a very common eight character password, it can take less than a second for a computer to go through the possibilities and pull that password out,” he explained.
    Passphrase, instead of password
    What to do? Well if your password is “Password123”, “passwerd” or some other variation, change it immediately!
    “The best advice here is to shift your thinking from passwords to passphrases,” Snowden continued.
    “Think about a passphrase that works for you, that is too long to brute force, and that is also unlikely to be in the dictionary.”
    Margaretthatcheris110%sexy
    Many logins require a mixture of characters, numbers and capital letters, but as Edward Snowden points out, it can be difficult to recall these.
    “It can be a lot harder to remember a password that is 13 characters long, with upper case and lower case letters, characters and numbers, than it is to remember a simple phrase like maragaretthatcheris110%sexy,” he said.
    Go on, make the change
    So if you think your weak password could compromise the safety of your personal or business data, change it to a passphrase you can remember easily! It’s one easy step that will help protect your IT systems. Remember, if you need more advice on protecting your IT systems, get in touch with the team at Ward.
    Ends

    Insights

    Doing the right thing by your customer

    If you search through stock photos for the term “business”, results will mostly show people in various states of professional attire, pointing at charts, spreadsheets and probably sharing a serious cup of coffee while examining some very serious documents.
    It is hard to capture the deeper intricacies of business through stock photos, one of these being building and maintaining a relationship with your customers.
    Keep the customer in mind
    The mantra underscoring every key decision we make at Ward, whether it is adding a new service or increasing our team, is “do the right thing”. We keep the customer foremost in mind when it comes to decisions big and small, and this has been critical in maintaining our integrity and in driving our 98% customer retention rate. When it comes to solving a problem for our customers, we assess their needs, and do what’s right for them. This doesn’t mean new hardware or software if there’s no need for it. Every customer is different and we tailor our solution for the client.
    Happier workers, better customer service
    Ward Solutions is not alone in doing the right thing by our customers.
    Last month in the US, a virus swept through offices throughout the country causing a high volume of sick leave. The US has no laws requiring paid sick leave. In a timely manner, as Americans were sneezing onto their desk-phones and keyboards, Microsoft announced plans to require its US contractors, with a minimum of 50 staff, to give employees a minimum of 15 days paid holiday and sick leave.
    This is a great example of a company doing the right thing by its customer. Happier workers provide a better service and are more productive. Employees who have better benefits are more motivated to provide a great service for customers. By removing the pressure of losing pay due to being sick, Microsoft is increasing the likelihood of employee retention and in turn, increasing customer satisfaction who know they will have long term relationships with Microsoft contractors.
    Owning up to security breaches
    Another example of a company doing the right thing comes from social media management platform, Buffer. It suffered a security breach in October 2013 and, immediately, it owned up to the problem and told its customers. Instead of hoping nobody would notice, Buffer opened up lines of communication, explained what had happened and kept customers updated on the problem. Owning up to an issue and letting the customer know what is going on, even at the risk of losing clients, is a key trust creator.
    Complete transparency
    Chipotle, a fast-food chain that operates more than 1,450 restaurants across the world, has voluntarily began labelling ingredients in their menus, including GMOs or Genetically Modified Organisms. It is the first fast food chain to do so, at the risk of losing customers. The company said being transparent with its ingredients engenders more trust with the consumer.
    Ethical responsibility
    Well-known clothing company TOMS has made the purchase of its products an easy ethical choice for its customers. For every sale of TOMS shoes, eyewear and bags, it gives away a matching product to someone in need. Globally, more than 2 million children in need have received TOMS shoes. Its One for One programme also funds maternal health care, medicine for children and health screenings in developing countries.
    This dedication to giving back to the community means TOMS customers never have to think twice about the ethical background of the products they are buying. TOMS does the right thing by the customer, by the environment and by the community.
    More than spreadsheets…
    It is easy to associate business with boardrooms and briefcases, but the big picture encompasses the customer, environment and whole communities. If a company treats its employees well, gives back to the community and makes sustainable choices for the environment, the customer will always have peace of mind that they have made the right choice and that they are doing the right thing.

    Insights

    Ward Solutions educates NUIG and secures the campus in…

    Ward Solutions, Ireland’s leading information security provider, is implementing IT security systems and awareness training across National University of Ireland, Galway (NUIG), to manage information security and ensure compliance. The two year contract is worth in excess of €170,000.
    Based in the heart of Galway, NUIG has more than 2,700 staff and provides undergraduate and graduate degrees and diplomas to 17,000 students each year.
    NUIG aims to have best practice information security, safeguarding its data and ensuring compliance with relevant regulations. As part of a complete IT infrastructure overview, the university wanted to enhance its security processes, policies and systems.
    Ward Solutions won the security partner competitive tender to help the university proactively manage and monitor the university’s IT security landscape and help implement new policies and procedures to protect against vulnerabilities. Ward initially carried out a risk assessment on a number of systems that provided a complete overview of the critical data held on these systems. It also identified and tested potential vulnerabilities and measured security controls.
    Ward Solutions has now developed a set of security awareness training programmes as part of the new security policies and procedures. The online training provides advice and guidance on information security for every member of staff and insight on the role each individual plays in protecting the university. It is also providing face-to-face training for all members of staff who have responsibility for business critical and sensitive data.
    John Lavelle, head of strategy architecture and security, NUIG said, “Ward delivered what they said they would deliver and this has led to a true collaborative partnership. We cater for thousands of new students and alumni each year and as a result have a vast amount of data we wish to secure.
    “Ward Solutions brought the breadth of information security expertise and knowledge we needed. The size of its team means it has the ability to assign the right expert to each task, all of whom are certified to the highest levels. In addition, its experience in the education sector meant it understood our unique challenges and it could quickly develop policies and recommendations which we immediately implemented.”
    Brendan Molloy, business development manager, Ward Solutions commented, “Working in partnership with NUIG, we helped to classify and prioritise data on key systems to focus security spend on the right areas. Our combined offering of managed security, consultancy and training, coupled with leading vendor technologies, has helped to reduce the complexity of IT security for NUIG and ensures the university is protected at all times.”
    The next phases of Ward Solutions’ security programme with NUIG will be to enable students to securely embrace BYOD. The upcoming project aims to expand the current Wi-Fi access by implementing further secure networks across the campus through server hardening and the deployment of Web Application Firewalls.
    -Ends-
    Photo caption – Pictured at the NUIG campus in Galway are (L-R) John Lavelle, head of strategy, architecture and security, ISS, NUIG and Brendan Molloy, business development manager, Ward Solutions

    Insights

    Ward Solutions football competition

    They think it’s all over… it is now! Thanks to everyone who took part and who followed us on social media and subscribed to our newsletter.
    We hope you stay tuned for more competitions and especially, for more expert insight into information security and cybercrime.
    #COYBIG
    We’ll be cheering on Ireland during the following matches!
    Ireland V Poland – Sunday 29th March
    Ireland V England – Sunday 7th June
    Ireland V Scotland – Saturday 13th June
    Twitter
    LinkedIn
    Subscribe to our Newsletter

    Insights

    Win tickets to three Ireland matches at the Aviva

    Do you like winning incredible prizes? Do you like big sporting occasions where you can cheer wildly for your country? If you’re rapidly nodding your head in agreement, then read on!
    The very generous team at Ward Solutions is giving our social community the chance to win a truly amazing prize. We’re giving away a pair of premium level tickets to attend three upcoming Ireland matches taking place in the Aviva stadium.
    You and a friend could be part of the lucky crowd who gets to see the hat-trick of matches and cheer on the Irish team! Tickets are now sold-out so it’s an even more exclusive event!
    To enter, just follow/RT us on Twitter and LinkedIn and subscribe to our newsletter.
    Look for our #wardcoybig hashtag. Just three quick clicks and you could be going to three top football matches!
    The schedule is as follows:
    Ireland V Poland – Sunday 29th March
    Ireland V England – Sunday 7th June
    Ireland V Scotland – Saturday 13th June

    Closing date for entry is Wednesday 25th March. We will announce the winner on our website and on our social media channels at 12 noon so watch this space!
    Follow us now to enter!
    Twitter
    LinkedIn
    Subscribe to our Newsletter

    Insights

    Microsoft IE 11 security vulnerability: How to protect your…

    Lately, it seems as though we are dealing with new cyber-vulnerabilities and security weaknesses every couple of weeks. The latest of these hit news headlines when Microsoft publicly confirmed a security flaw in Windows 7 and Windows 8.1. This leaves Internet Explorer 11 users open to attack and makes websites vulnerable to hackers.
    The unpatched security vulnerability could be exploited in a number of ways and used to carry out malicious browser-based attacks. These include:

    • Phishing, by triggering users to access a website or click on a link
    • Hijacking a user’s browser
    • Steal sensitive information viewed by users on a website such as bank accounts, personal details, logins etc.
    • Pseudo defacement or faking damage to a website
    • Compromise of the user’s computer

    Here comes the science…
    There is a way to reduce the risk of data breach and loss of security. Website owners can carry this out by implementing “X-Frame-Options” headers on all pages of the domain. The same can be implemented for the trusted domain by choosing the “allow-from” option. The result: reduce the attack windows and mitigate the use of iframe.
    The X-Frame-Options HTTP response header can also be used to indicate whether or not a browser should be allowed to render a page in a <frame>,<iframe> or <object>.
    Protection for not so technical users..
    If you’re an end-user and are using Internet Explorer, the best way to be protected is to use another web browser, such as Firefox or Chrome, until Microsoft provides a patch.
    Stay one step ahead of vulnerabilities..
    This latest flaw is not the first and certainly won’t be the last weakness that could open up your organisation to potential harm. Our advice is to try to remain as proactive and vigilant as possible in safeguarding your business and your data against the latest threats. Feel free to contact us today to discuss how we can help you to remain protected at all times.

    Insights

    Solving new information security threats with Next Generation Firewall

    As well as the myriad of existing information security threats, many more are emerging from across the world. So on top of old threats, we also have new information security threats to be concerned about. Unfortunately, existing technologies can’t always cope with these new threats. In recent years, cybercrime has evolved and the level of sophistication of internet-based threats has increased dramatically. We believe that next generation security is the solution and below, we talk you through how it works.
    More and more frequently, hackers are preying on the vulnerabilities exposed through legitimate traffic and genuine users. Hackers are now aiming attacks at weaknesses found at the application layer in order to do some damage. Traditionally firewalls have a shortcoming in that they are network port-based, which means they have very little understanding of traffic at higher layers. They basically can’t “inspect” legitimate application traffic to see whether it is being used for normal purposes, or for an attack.
    However, new firewalls have gone up a gear in response to new threats. Known as Next Generation Firewalls, or NGFWs, these address shortcomings of previous firewalls, by providing additional functionality. This means the NGFWs can look deeper into the data that is carried by an application. This way, it can seek out known exploits, vulnerabilities and malware and find out if it is being used for an attack.
    Not only are NGFWs ready for sophisticated attacks, they are also very easy to use. NGFWs, such as those from Fortinet, are an integrated security platform. They operate at wire speed providing features like signature based intrusion prevention system. This feature uses “signatures” that match attack patterns. Other features include SSL (Secure Sockets Layer) inspection, application awareness and control. NGFWs also include traditional “stateful” inspection that characterises traditional firewalls and keeps track of the state of network connections.
    Top drivers for moving to a NGFW
    Research from 2014 showed the main reasons for moving to NGFW were increased use of social media, BYOD and more use of public cloud services such as Dropbox.
    There is a whole host of reasons to move to NGFW. Almost a quarter of organisations made the move to deal with sophisticated threat environments, such as APTs (Advanced Persistent Threats). Other reasons included consolidation of security functions, higher incidence of data breaches and security attacks.
    For organisations that are still using traditional firewalls and don’t plan to change, fear not. As an alternative solution they could add further point security solutions, for example, IPS (Intrusion Prevention System), URL filtering, antivirus of antimalware to their current firewall. Ideally they should look to replace their existing solutions with NGFW. From our team’s experience, the security and ease of use of an integrated NGFW platform outweighs the complexity and cost of multiple security platforms.
    This isn’t the end….
    Because it is such an interesting and evolving landscape, we will have more blogs for you on the topic of next generation security. Stay tuned and sign up to our newsletter to make sure you don’t miss out. Don’t forget to follow us on Twitter and LinkedIn.