While there is always a lot of focus on phishing emails directing users to malicious pages or capturing credentials using cloned websites, a still-very-common scam catches organisations out every day: the ceo impersonation scam. The aim of these scams is to have an employee – often a new one in the organisation – sent an…
What are SharePoint and OneDrive? In order to understand synchronisation, we first need to understand what we are synchronising. SharePoint SharePoint is the Microsoft document management and Intranet tool – organisations can use it to store all their company files/data/folders and to restrict user access to them. SharePoint is a cloud-based product with advanced features…
What is MFA? MFA – or multifactor authentication – is an additional piece of item or piece of information needed to login to a system. Common examples are codes sent by text message that you need to enter to access a banking app or other secure platform. How does it work? Microsoft 365 has multiple…
Information security risk management is the process of identifying vulnerabilities to your information assets that could impact their confidentiality, integrity or availability along with the threats that could exploit those vulnerabilities – together these define the risk. The next step is to evaluate the risk to determine its severity, usually by considering the impact if…
We recently saw an infrographic posted to LinkedIn describing how DNS worked that was full of errors. Now no simple diagram is going to cover all aspects of DNS but we feel that ours is the best balance of accuracy and simplicity! Some people suggested that the full DNS query (the FQDN) wasn’t submitted to…
Have you ever clicked Send on an email only to have a moment of terror when you’re not sure if you sent it to the right recipient? Or worse, you knew you’d sent it to the wrong recipient, and it had sensitive information attached but it was too late to do anything. Fortunately, Outlook has…
Information security is all about ensuring the availbility, confidentiality and integrity of information assets (the CIA triad), however many organisations attempt the risk assessment phase of an information security programme without having clear visibility of what their information assets are or perhaps they are aware of some but haven’t prioritised nor modelled the threats against…
