Stay Protected Against Ransomware – Best practices to apply immediately

The following recommended measures should always be taken into account:

Backup regularly and keep a recent backup copy off-site.

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Don’t enable marcos in document attachments received via email.

Microsoft deliberately turned off auto-execution of marcos by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn marcos back on, so don’t do it!

Be cautious about unsolicited attachments.

The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s the one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.

Don’t give yourself more login power than you need.

Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Consider installing the Microsoft Office viewers.

These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support marcos at all, so you can’t enable marcos by mistake!

Patch early, patch often.

Malware that doesn’t come in via document marcos often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

Keep informed about new security features added to your school applications.

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet” which helps protect you from external malicious content without stopping you using macros internally.

Open .JS files with Notepad by default.

This helps protect against JavaScript borne malware by enabling you to identify the file type and spot suspicious files.

Show files with their extensions.

Malware authors increasingly try to disguise the actual file extension to trick you into opening them. Avoid this by displaying files with their extensions at all times.

Join us for an informative webinar to learn about ransomware threats and how schools such as yours can stay secure against them. The webinar ‘How to Protect Against Locky and Friends’ is taking place on Thursday 23rd June 2016 – 12:00pm – 1:00pm BST. Register here:

Ask yourself these four questions before launching your data protection strategy

We’ve recently talked about some of the main reasons why you need to encrypt your data. And we showed you the potential consequences when your data isn’t encrypted.

So now that you’re ready to look more closely at encryption in your establishment, where should you begin?

Every educational institution is different, so there is no one-size-fits-all data protection strategy. Before you can put your strategy into an actionable plan, you need to answer the following four questions.

1. How does data flow into and out of your establishment?

Do you receive emails with file attachments, or send them out? Do you receive data on USB sticks or other removable media? How does your school store and share large amounts of data internally and externally? Do you use cloud based storage services like Dropbox, Box, OneDrive, etc.?

What about mobile devices and tablets? According to a Sophos survey, the average technology user carries three devices.  How do you rein in the wide range of devices that have access to data?

You should look for an encryption solution that is built to adapt to the way you use data and how data flows within an establishment.

2. How does your educational institution and your individuals make use of data?

What are your employees’ workflows, and how do they go about making their day-to-day jobs more productive? What tools, devices or apps do your students use and do any of those present a possible vector for data loss?

You need to understand how employees and students use third-party apps, and whether you should prohibit what is often called “shadow IT,” if you can trust the security of those systems, or bring development of these tools in house.

3. Who has access to your data?

This topic can be both an ethical and regulatory discussion. In some situations, users should not ethically have access to certain data.

Worldwide, there are some data protection laws that stipulate only those who need data to perform their tasks should have access to it; everyone else should be denied. Do your employees have access to just the data they need to do their job, or do they have access to data they do not need?

4. Where is your data?

Centralized and mostly contained in a data center? Completely hosted in the cloud? Sitting on employee laptops and mobile devices?

According to a Tech Pro Research survey, 74% of organizations are either allowing or planning to allow their employees to bring their devices to their office for business use (BYOD). Employees are carrying sensitive corporate data on their devices when they work from home and on the road, increasing the risk of data leaks or compliance breaches. Think how easy it would be to access confidential information about your school if an employee’s smartphone gets stolen or misplaced.

Challenges and solutions

According to the 2015 Global Encryption & Key Management Trends Study by the Ponemon Institute, IT managers identify the following as the biggest challenges to planning and executing a data encryption strategy:

• 56% – discovering where sensitive data resides in the organization
• 34% – classifying which data to encrypt
• 15% – training users on how to use encryption

Unfortunately, there is no one-size-fits-all solution to these challenges. Your data protection plan must be based on your school: the type of data your school works with and generates, local regulations, and the size of your school.

Your school needs to understand how to comply with a clearly defined data protection plan and how to use encryption. They must be clearly told which data they have access to, how this data needs to be accessed and how they can protect this data.

Most importantly, you need to ensure that you can both offer and manage encryption in such a way that it doesn’t impact the school’s workflows.

Switch to a Better Firewall – 5 reasons your next firewall should be from Sophos

Sophos Keeps it Simple – Sophos’ UTM firewall’s simple, intuitive user interface(UI) is designed for you. It lets you quickly protect your network and users. And it makes day-to-day management tasks easy.

Lightening Speed – Sophos have engineered their UTM firewall to deliver outstanding performance. They built it using Intel multi-core technology, solid- state drives, and accelerated in-memory content scanning.

One Box Solution- With Sophos you’ll get all-in-one protection. They offer the latest next-gen firewall protection you need plus features you can’t get anywhere else – including mobile, web, endpoint,email encryption and DLP. No extra hardware. No extra cost. Choose what you want to deploy.

Built-in Reporting – Every appliance comes equipped with a hard drive or a social-state disk, giving you comprehensive on-box reporting that you can access in seconds. See what’s happening on your network in real-time and quickly access historical data.

Industry Leader – As a Gartner Magic Quadrant Leader for UTM. Mobile Data Protection and Endpoint, Sophos are at the forefront of the security industry. Sophos’ global network of threat experts, work around the clock, every single day, detecting, analysing and blocking new threats.

For more information please email: or call 01695 731 233

Multi-factor authentication for Office365

You’ve probably seen a wealth of reports in the past couple of months regarding the stealing of intimate photos of celebrities and the subsequent posting of these images online. It’s believed this was made possible through the use of third party software which obtained the users’ login id and password, one way of preventing this from happening is to implement multi-factor authentication (or two-step verification) to stop the tool from being able to infiltrate the relevant service’s internet storage.

Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.

This addition of multi-factor authentication is part of Microsoft’s ongoing effort to enhance security for Office 365, and they’re already working on Office desktop application improvements to Multi-Factor Authentication for Office 365. Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customise their security preferences.

After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at the next login. Each subsequent login is enforced and will require use of the password and second factor of authentication, any of the following may be used for the second factor;

  1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
  2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
  3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
  4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
  5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.


It may not be intimate photos (we hope not!) that are stored in your Inbox or OneDrive but the risk is the same – could you afford for your account to be compromised, what are the consequences of somebody obtaining your user id and password? To find out how multi-factor authentication for Office365 can help eliminate this risk contact us on 01695 731233 or drop us an email to

Microsoft Patch Tuesday release Update (MS14-066) – Rated as Critical

There have been many security flaws identified in SSL in recent o365tile2_122336
months and microsoft have just released a patch for another one.

The Facts

It’s for a vulnerability in the schannel component which is present in all Windows systems. Schannel implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.

Traffic is sanity-checked by schannel but there is a flaw in this process which can allow specially-crafted packets through. This can allow an attacker to run arbitrary code on any system offering TLS/SSL, potentially taking control of the system.

IIS servers are clearly at risk but your machine can also be vulnerable if you accept encrypted traffic. Microsoft were not aware of any successful attacks using this vulnerability at the time their advisory was drafted, but as it has now been made public there will obviously be vigorous attempts in certain quarters to take advantage of it.

What We Recommend

This vulnerability is limited to Windows devices only and there is no risk to any of our Sophos Security Gateways. The vulnerability should be taken seriously but we perceive the risk to you to be minimal, however we recommend you, just to be on the safe side, to install the latest updates available from Microsoft as soon as possible on all windows systems, particularly web and e-mail servers.

The benefits of an independent internet and security solution in Education

Firewall and filtering that you control

Firewall and filtering that you control

It is becoming increasingly essential for schools in the UK to have an independent internet and security solution. To have an independent internet solution means a school has control of both web filtering with access to and from their network. This enables them to alter and update filters and firewalls immediately as a threat is detected, blocking undesirable websites and therefore safeguarding the students.

But more crucially it allows the school to respond immediately to the needs of the teachers and learners, with the move to mobile devices and cloud based resources the need to be more flexible and responsive is critical. Many APPS and web based resources use non-standard ports and protocols that are blocked by centralised local authority firewalls and outdated corporate style security policies.

Imagine the situation; a teacher plans a lesson at home using maybe an iPad, kindle or similar. They arrive in a lesson connect to the School Wi-Fi and the APP or resource is blocked. The lesson cannot be taught leaving frustrated staff and pupils. The understanding teacher then asks the IT support team to unblock the APP in question for the lesson tomorrow. A call is raised to the LEA, and then logged and eventually a response is given. This response is often a negative one due to either the inflexibility of centralised solution or a security policy preventing them from allowing access. Leaving the teacher unable to conduct the planned lesson at in school.

With an independent internet and security solution the above situation would likely have been resolved within an hour if not minutes, removing the frustration of staff but also demands on IT support team.

This control over school filters can even open up some possibly controversial websites that could benefit teachers, students and learning. Currently in the UK the majority of schools have strict filters for social media websites due to the issues that can occur between pupils etc. However, Social media can have some real benefits for education. John Bidder from ‘Get Logged in’ discusses the benefits of social media within schools;

Typically using media which is social in nature brings benefits that are to do with timeliness, speed, insightfulness and having an authentic ‘ready’ audience. Social media is one channel that more and more schools are using to get the conversation of what children are learning going – even into the home with parents. However, to achieve any of this you first need to be able to access these tools and that’s where autonomy or a flexible filtering management set up is so important. 

Additionally, a transparent proxy is useful for schools looking to implement BYOD. A transparent proxy would be applied to devices as they join the network. Therefore, children, staff or guests entering the school with their own iPads, phones or laptops, will not need to change any settings on these devices to access the internet in school, yet they’ll be immediately safeguarded from any online threats without compromising the security of the main school network.

The key message is no two schools are alike, every School has different needs and views on levels of control. Each school needs the ability to respond quickly to the demands of the need computing curriculum, mobile devices/BYOD and cloud resources. To do this schools must be in control and be able to make their own decisions to implement change quickly.

The ‘Heartbleed’ and what it means to our customers

It has recently emerged that a major security flaw at the heart of the internet could be exposing internet users’ personal information and passwords to hackers. It is not clear how much damage the bug may have caused, but it is one of the largest security issues facing the internet so far.Heartbleed

The bug exists in a piece of open source software called OpenSSL which is designed to encrypt communications between a user’s computer and a web server.

This issue got the name Heartbleed as it affects an extension to a Secure Sockets Layer called the Heartbeat. This is one of the more extensively used encryption tools online and believed to be used by about two-thirds of all websites,  amounting to about half a million sites. If a website has a padlock symbol in the browser then it is likely that it is utilising SSL.

The bug is believed to be that serious a website has been established for it: This website outlines all aspects of the problem for anyone who may have concerns over there personal and private information.

The issue was uncovered by Google Security and Codenomicon who said it was created by a programming error. OpenSSL is open source, therefore, researchers were able to investigate the code in great detail which highlighted the issues. This is a very difficult task to carry out as code can be very complex and it can be time-consuming to locate such problems.

Virtue Technologies do not consider our customer UTMs to be at risk at this time as the relevant attack surface of the UTMs is not directly available from the internet on the standard SSL port. The exploit predominantly targets web servers rather than end-user environments.

However, Sophos released an update which included a fix for this vulnerability and as a precaution we have deployed this to all our UTM customers.

In the following video Elastica’s CTO Dr Zulfikar Ramzan walks through the mechanics of the Heartbeat (Heartbleed) flaw (at a high level), how an attacker can exploit it, and its underlying ramifications;