email-header

We are bringing the Let’s Get Synchronized tour to the North West

This free event is taking place on:

Friday 30th September 2016
9am – 2pm
Mercure Haydock Hotel
WA11 9SG

Click Here to Register: http://virtuetechnologies.co.uk/solutions/security/lets-get-synchronized

Event Overview

As multi-academy trusts(MATs) evolve, the need to scale services and support transition across their academy base is a priority. We work with a range of MATs across the UK to support them in overcoming their individual challenges and issues. As we are educationally focused, we have the experience and passion to understand such challenges and issues to create a bespoke ICT solution to best suit your school’s evolving needs. Whether you are an existing school, new build or converting academy, we believe this event will be beneficial to you.

On the day, Virtue Technologies Managing Director Phil Lawson, will discuss how we can assist with existing schools and new schools joining a MAT and provide you with an overview of multi-site network designs and available support structures from Virtue Technologies.

At the Let’s Get Synchronized event, hear from Sophos Engineers who will be discussing how their products offer a cloud based approach to internet security and can help with the security challenges faced by MATs. Max out on the latest security updates at the Let’s Get Synchronized Skate Park with a series of urban sports challenges including skateboarding tricks and downhill cycle racing and prizes!

Our guest speaker John Bidder, from Blippit, will be discussing social media strategies for multi-academy trusts. John will talk about how social media can be used to raise the “brand” awareness of the trust and reach parents of existing pupils and potential new pupils.

Check out the event agenda below to see what else is happening on the day.

Event Agenda

9.00am Arrival and Coffee

9.30am Introduction and overview of services for Multi- Academy Trusts

  • Introduction by Phil Lawson – Managing Director of Virtue Technologies
  • Services from Virtue for new and expanding MATs, discuss how we can assist with existing Schools and new schools joining a MAT
  • Overview of multi-site network designs and available support structures from Virtue Technologies

9.50am Audit, documentation and planning services

  • Will Stead, Virtue’s Head of Operations will discuss the documentation and planning services we can assist with. This ranges from 3-5 year budget planning, risk registers and all round IT plans.

10.10am Sophos Sessions

  • Sophos sales engineers will discuss how their products offer a cloud based approach to internet security and can help with the security challenges faced by multi-site MATs
  • Advanced protection with Next Gen Endpoint (15 mins)
  • Synchronised Security delivered through Next Gen Network (15 mins)
  • IT is hard! Find out how the cloud can help simplify IT security challenges (15 mins)

10.55am Coffee Break. Competitions and games will take place at the Let’s Get Synchronised Skate park!

11.25am Social Media Strategies for MAT’s

  • John Bidder from Blippit discusses social media strategies for MATs. How MATs can use social media to raise the “brand” awareness of the trust and reach parents of existing pupils and potential new pupils.

11.45am I Am Cloud

  • I am Cloud Identity management – Single Identity across all services giving MIS Integration and single sign on to external public cloud resources such a Office365, Google, Moodle, Frog etc.

12.05pm Virtue Technologies

  • Trust Wide Private Cloud – how we design a multi-site private cloud for a MAT, discussing the benefits to the trust and costs involved
  • Azure AD integration – integration of Microsoft Public Cloud – Azure active directory to the MAT private cloud and benefits to this
  • Cloud hosted servers – options to move servers to the cloud, costs and benefits to doing this.

12.35pm Customer Q&A

12.45pm Complimentary Lunch

Venue Details

Mercure Haydock Hotel, Penny Lane, Saint Helens, WA11 9SG

avoiding-internet-scams1-caution-laptop

Staying safe online this Summer

With the summer holidays just around the corner, children are looking forward to having more free time.

For some, this will be spent using the internet to keep in touch with friends, catch up with the latest apps and online trends, and playing their favourite games.

For parents, it’s a great chance to sit down with your children and visit their favourite sites and games together, so you can keep in touch with their online lives, and show them you are interested. It’s a good opportunity to have positive conversations about the internet, so that if anything happened online that worried or upset your children later on, they would feel more confident in confiding in you.

Keeping in touch online

During the Summer holidays, young people may want to keep in touch with their friends through social networking sites or games. It’s a good time to ask them about what sites they use, and remind them you have to be at least 13 to use most social networks. Encourage your children to use the privacy tools on the services they use, so that the content they post is only available to people they know and trust in real life.

Managing online friendships

The holidays are also a good opportunity to talk to your children about their online friendships and encourage them to be good online friends. It’s also important to remind young people that even if you have been chatting to a friendly person on a site or in a game for a while, if you only know them from being online they are still a stranger and you should not give out your personal details to them. If you are worried about an adult pressuring your child online, you should contact the Police and report it to CEOP

 Sharing those holiday snaps

Some children may want to share photos and videos of what they are getting up to in their summer holidays online. Talk to your children about what types of photos are appropriate to share, and who they are okay to share with. Photos can hold clues that give away personal information. For example, if you share a selfie of you and friends, are there any landmarks or street signs that give away your location?

Finding a balance

Without the structure of the school day, children may spend a lot of their time on the internet. The internet is a fun place to be, and children may find it hard to manage their time between being online and offline. Talk to them about how important it is to spot the signs that they have been online for too long. For example, they might get tired eyes, a headache, interrupted sleep or mood swings. Setting a time limit can be helpful, but remember to set it before they start playing a game or chatting online, so they get less frustrated when it’s time to stop. Offer some alternative activities to being online, and remind them the summer holidays are also a time to enjoy being outside and having a rest.

Enjoy the summer holidays!

Reblog from UK Safer Internet Centre – “Staying safe online this summer” posted 12th July 2016

5

Ben Whittle’s latest Uber Computer Update

1

Ben has finally finished the fabrication and painting of most of the panels and has assembled the desk for cable routing and testing. There is still a lot of wiring to be done, and while it isn’t particularly complex it has been very time consuming. As you can see below the loom for the SSD activity indicator strip is now complete and in place.

2.png

Ben has also completed the wiring for the Asus ROG panel, intake fans and lighting. In order to test these systems Ben has removed the motherboard and drives from his existing system and mounted them in the desk. This has enabled him to test the front mounted USB ports and audio jacks, power switch, cooling fan speed control, SSD indicator strip, etc…

3.png

So far everything is working as expected, Ben is particularly pleased with the lighting and is looking forward to seeing the painting lit up in the right hand side. He is currently unsure what to do with the legs, the original plan was always to paint them black as with the rest of the desk. A few people have said they like them as they are, as a compromise Ben is considering staining them to try to match the finish of the M-Audio studio monitors which will sit either side of the screen.

4

Ben will give this a try first and see how it looks as it is much easier to paint black over varnish than sanding off black paint. Thankfully the colour of the lighting is much easier to change:

5

It is looking ok from the front but there is still much work to be done, still many cables to make, terminate and route. The rear panel still needs to be cut out and painted, then it will be on to mounting the exhaust fans and rear connectors. Currently it is just a mess of wires, pipes and components:

6

Ben is hoping to have the panel and cabling complete in August, then the construction will be complete and he’ll be ordering the components and testing. More updates to follow soon.

AAEAAQAAAAAAAAUUAAAAJDA3NjU4ODlhLTgxZmQtNDBiMC04NDg0LTNkY2RjNWE1MWQ3MA

The Questions you are Probably Asking Yourself Around Sandbox Technology

In the continuing arms race between cyber criminals and the organisations whose data they covet, we continue to see new, ever more sophisticated, tools being deployed both sides.

Lately, attacks called advanced persistent threats (APT) which were originally used only against very large organisations have become more common and are now being used against smaller companies, such as schools, either to attack the smaller entity itself or as a stepping stone to other larger targets.

Small and midsized businesses such as schools are on the radar of attackers, who actually see them as low hanging fruits because many of them lack the resources, the security and the multi-layer defence programs to help protect themselves. 42% of small businesses report being a victim of cyber-attacks and the majority of the companies hacked were hacked twice or more.

Growing Awareness

On a positive note, we are seeing a rise in security awareness driven by the increased coverage of cyber threats in the mainstream media. This has helped many organisations improve their security posture: Employees see news about cyber-attacks and develop more awareness of security risks and so are less likely to engage in risky online behaviour; senior management understand the risks more clearly so IT departments find it easier to obtain the budget required to strengthen and improve their defences.

Demand for Comprehensive Next-Generation Security Solutions

IT teams in organisations of all sizes now understand that sophisticated cyber-attacks can use unknown malware that can evade traditional gateway and endpoint protection. This is why many organisations are considering new solutions to combat this problem. Additionally, there’s a lot of hype encouraging you to buy additional next generation solutions to deal with these unknown threats.

However, often these technologies are too complex and expensive for many businesses to consider. Many of the complex security solutions used by larger enterprise require multiple dedicated devices which are resource and maintenance intensive. They also tend to have low accuracy; this means a skilled team is required to analyse the results. Buying more solutions from multiple vendors that don’t talk to one another isn’t a recipe for a manageable threat defence.

New Age Threats Need Next Level Security – Sandbox

One technology, that’s had more than its fair share of hype, is the sandbox.

The questions you are probably asking yourself around sandbox technology are:

What is a sandbox?

A sandbox is an isolated, safe environment, which imitates an entire computer system. In the sandbox, suspicious programs can be executed to monitor their behaviour and understand their intended purpose, without endangering an organisation’s network.

Do I really need a sandbox?

Organisations need a range of security technologies to protect them from threats both known and unknown. It’s likely you’ll already have deployed Secure Email Gateway, Secure Web Gateway, UTM or Next Generation Firewall at your internet gateway, as well as endpoint protection to your desktops and servers.
Even vendors that only supply standalone sandbox technology would never suggest that their product provides a complete defence against advanced persistent threats. They acknowledge that many security layers are essential to protect against these threats. What a sandbox does provide, is your own dedicated environment to analyse, understand and take action, on the threats to your organisation that haven’t been detected by this stack of conventional security measures. Sophisticated targeted malware, designed to evade detection, will be detected and blocked when detonated in your sandbox.

Why don’t my conventional defences protect me from these APTs?

Basic signature-based antivirus will protect you against known malware. But signature-based antivirus is reactive and increasingly outpaced by today’s attackers. Most leading security vendors us a range of approaches such as malicious traffic detection capabilities and emulation to supplement signature-based detection. However, if your data or credentials are valuable enough to the attacker, they will have spent time discovering what type of security you are using and tested their unique malware to ensure that it will evade detection by your defences.

Surely this kind of technology is only for larger organisations?

An attack on Target Stores, a large US retailer, resulted in 40 million credit card numbers stolen. This had an enormous impact on trust in the Target brand and led to the company spending a significant amount of money on breach-related expenses, like providing monitoring services to protect customers from fraud. Target is certainly a large organisation, but what’s important to consider is that the attackers stole the credentials of Target’s air conditioning contractor. This small supplier was seen as a soft target and an easier route into the larger business. So organisations of all sizes should consider sandbox technology; a targeted attack could cost you your key customers and is one factor in the statistic that 60% of small firms go out of business within six months of a data breach.

Another point solution? That sounds expensive.

Sandbox can be expensive, no doubt. But there are ways of reducing your costs. In their research note on network sandboxing Gartner recommends:

“If your organisation is budget-constrained or looking for a quick path to add sandboxing, first evaluate adding sandboxing as a feature from one of your current security vendors.”

Your existing UTM, Firewall, Secure Web Gateway or Email Gateway may have sandboxing-as-a-feature options available.

With the introduction of cloud computing, the way processing power and storage is delivered and priced has changed. Companies now have access to greater processing power at affordable prices. This has driven a revolution in what can and can’t be delivered as a service.

Sandboxes have proven very effective in identifying and stopping APTs by creating a full working environment for the malware to operate in and making it hard for it to identify that it is being analysed. Previously, such a complex solution had to run on dedicated hardware and have a team of analysts to decipher the results limiting it to large enterprises and malware research labs.

By moving sandboxing to the cloud, the reduction in cost means security vendors can apply more processing power and share resources across multiple customers. It also means companies no longer have to rely on in-house expertise as their vendors or partner can provide the analysts from a central location. This reduces the costs to such a level that all organisations can afford sandboxing.

It sounds complicated – do I have the resources to try and deploy this?

When you begin to trial solutions, consider solutions that are easy to try and deploy. Cloud- based solutions can be rapidly deployed giving you instant results without the need to deploy hardware or upgrade appliances.

Sophos Sandstorm

Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defence solution that complements Sophos security products. It quickly and accurately detects, blocks, and responds to evasive threats that other solutions miss, by using powerful, cloud-based, next generation sandbox technology.

For more information about Sophos Sandstorm visit: http://virtuetechnologies.co.uk/solutions/security/Sandstorm
56acd1e3c4eca2fea403c90579965c68-700x

Stay Protected Against Ransomware – Best practices to apply immediately

The following recommended measures should always be taken into account:

Backup regularly and keep a recent backup copy off-site.

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Don’t enable marcos in document attachments received via email.

Microsoft deliberately turned off auto-execution of marcos by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn marcos back on, so don’t do it!

Be cautious about unsolicited attachments.

The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s the one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.

Don’t give yourself more login power than you need.

Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Consider installing the Microsoft Office viewers.

These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support marcos at all, so you can’t enable marcos by mistake!

Patch early, patch often.

Malware that doesn’t come in via document marcos often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Keep informed about new security features added to your school applications.

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet” which helps protect you from external malicious content without stopping you using macros internally.

Open .JS files with Notepad by default.

This helps protect against JavaScript borne malware by enabling you to identify the file type and spot suspicious files.

Show files with their extensions.

Malware authors increasingly try to disguise the actual file extension to trick you into opening them. Avoid this by displaying files with their extensions at all times.

Join us for an informative webinar to learn about ransomware threats and how schools such as yours can stay secure against them. The webinar ‘How to Protect Against Locky and Friends’ is taking place on Thursday 23rd June 2016 – 12:00pm – 1:00pm BST. Register here: https://attendee.gotowebinar.com/register/4345127391462205699

TeslaCrypt ransomware gang reveals master key to decrypt files

Articles about ransomware often don’t make terribly happy reading, especially if you’ve gone looking for the article because you’re looking at a “pay page”. That’s the message you see from most ransomware after it has scrambled your data, when the crooks make absolutely sure you know how to go about buying your data back.

Occasionally, the malware attacks everything. That happened with ransomware called Petya that scrambled the low-level index of your C:drive so you couldn’t boot at all, let alone use a browser or copy-and-paste text, or even take a screenshot.

You had to find another computer to get online, and manually type in a long, alphanumeric personal decryption code that Petya displayed:

uilfyug

But most ransomware is much more commercially savvy than that, and goes to great lengths to ensure that your operating system and all your applications are left well alone. That leaves you free to get online, follow instructions, and send money to the criminals.

To leave you in doubt what to do next, some ransomware event changes your wallpaper so that the how-to-play details are permanently in your face:

jjduySo we were surprised and delighted in equal measure to read that security researchers over at ESET had reached out to the crooks behind TeslaCrypt…

…asked them for the private key used in the operation…

…and received the reply, “Project closed, master key for decrypt XXX…XXX,[…] we are sorry.”

We weren’t inclined to believe that the crooks really were sorry, but it seems that the master key was genuine.

Most ransomware uses what’s called a hybrid cryptosystem, in which files are scrambled with a regular symmetric encryption algorithm such as AES, which is fast and straightforward.

Each computer, or more commonly each file, uses a unique, randomly chosen key that is never saved on disk, so it can’t be recovered directly. Instead, the file encryption key is then itself encrypted using a public key for which only the crooks have the corresponding private key. (Public-private encryption, known as public key cryptography, relies on two related keys: one that locks data, and another that unlocks it. You can’t use mathematics to figure out the private key from the public key because they have to be generated as a pair. In other words, the public key means that other people can scramble data that only you can decrypt.)

Usually, the crooks never part with the private key – they just use it to decrypt the unique AES key or keys needed to unlock your computer.

Because your key is unique, it only works on your files, so you can’t use it to help out other victims. In other words, the announcement by the Teslacrypt gang that they’ve revealed their business secret is unusual. Indeed, various public tools have already been created to use the Teslacrypt master key to unscramble locked files for free.

Result!

Of course, only vistims who have been hit recently and haven’t yet paid up, or victims who backed up their already-encrypted data just in case, will get much use out of the master key at this stage.

Why did the crooks do it?

That really is the million pound question, and we shall probably only ever be able to guess at the answer:

We can think of the following possibilities:

  • The crooks are genuinely sorry, and have retired in a fit of conscience.
  • The crooks were hacked by another gang, who spilled the master key to ruin their rivals’ business.
  • The crooks have switched their time and effort to newer ransomware.
  • The crooks have made so much money that they want to retire in a media-friendly way before they get caught.

What do you think?

TrilbyTV_rlogo_480

Introducing Trilby TV Digital Signage

We had some interesting partners attend our 10 Year Anniversary Event on May 6th. We thought we would share one of them with you in a little more detail.

Trilby TV is our new digital signage partner who specialises in schools. They were formed by some passionate educators that wanted to bring schools signage back to life in an “easy to use” and controlled environment.

The concept is pretty simple….

 

ttvcrUpload

Use the iPad app, Chrome app or website to upload your video and select a category.

 

ttvappcrpApprove

Get the video approved for playback, all it takes is one tap from a moderator who could be a teacher or student.

 

ttvplaycropPlayback

Your video will playback on your digital signage. Simply install the player app on your PC, Chromebit, iPad, or AppleTV. And that’s it! – your students work can bring the school signage back to life and even be accessed by parents from home.

 

If you would like to arrange a demonstration or free trial to show you how good it really is, please contact us today on 01695731233 or email toby.wilkinson@virtuetechnologies.co.uk