The complexities of keeping your DNS secure

DNS management has always been a complex task. The main issue is that it is often a convergence of two different disciplines – system administration and network management.

You need system administration skills to compile nameservers, edit zone data files and configure files. You also need networking expertise with a detailed understanding IP addresses and subnets.

The dual nature of DNS management means that computing and networking departments are often reluctant to take responsibility

Until management makes the decision for them and it becomes a resource issue. An experienced IT specialist is required with skills and experience in each area.

Also, depending on the complexity of the infrastructure, a single skilled administrator may not be sufficient.

When an organisation spans multiple locations, it adds a layer complexity along with multiple operating systems, software systems and other DNS implementations. A team of administrators with experience of different operating systems and name servers may be necessary across the different locations.

This is a problem that is not going away as organisations as almost every TCP/ IP based network and business application uses DNS. It is a fact that if DNS is not working then neither is the network, which massively impacts productivity and the bottom line.

Even desktops start to be reliant on DNS. Computers that belong to Active Directory domains will need to look up SRV records in DNS to locate a Domain Controller. Without DNS this process can’t take place so login authentication services can’t occur.

And then, there’s the security aspect of DNS management.

According to Infosecurity magazine, an estimated 20% of UK businesses were subject to a DNS attack. Without the proper security hackers would be able to take control of your DNS and extract sensitive data. They could also divert users to fake Facebook or banking sites and capture login credentials.

If you use Office 365 or SharePoint, they can do something similar.

One option is to outsource your DNS management to industry leading experts with the skills, experience and infrastructure in place.

Is Your Human Firewall Switched On?

Give us the opportunity to show you where the weakness in your corporate network is. Leave your details here and we’ll be in touch to schedule a Free Phishing Audit, Staff Training and a Report.

We look forward to working with you!

IT Security Alert – Massive Security Flaw in Office 365

Researchers have come across a security flaw in the way Office 365 email filters are designed to handle HTML code resulting in hackers getting malicious links into the mailboxes of end users.

The hackers used an incredibly simple trick to get malicious URLs to bypass Office 365 mail filters, by splitting up the malicious links by using a < base > URL tag.

Normally, when Office 365 scans the email it identifies the malicious URL and blocks it. By splitting the link, hackers trick Office 365 into looking at the base domain only and unless the whole domain is blacklisted, the spam email with the malicious link will slip through the filters. Worryingly, even Microsoft’s Advanced Threat Protection (ATP) and Safelinks systems do not have the ability to scan and merge base URLs, and check they are safe.

According to researchers, the vulnerability will affect everyone using Office 365, except those who are using a third-party email security service such as Topsec Email Security, whose Blended Threats service re-writes every URL contained within every email it filters so that every time an end user clicks on a URL it checks that the URL is safe before serving the web page. Hackers continue to search to find holes and flaws in services such as Microsoft Office 365 so it is vital to put as many layers of security in place as your budget will allow.

If you are not wrapping Topsec Email Security around Microsoft Office 365 or utilising Topsec Blended Threats, please contact us and we can set up a free, no obligation trial.


For more information contact 01691 663000 or email sales@vcwsecurity.com

5 Ways to Secure Your Cloud Data

More methods and places are becoming available to store our data and this trend is not really showing any signs of slowing down. It seems as though with every step forward into the future we take as an interconnected online community, we must take a few extra cautionary steps to ensure its success.

The latest trend being brought to the forefront of our curious consciousness is cloud technology and its seemingly vast nature of unlimited space for storage. Many cloud data storage options are free, which is clearly attractive to the masses, but the risks are also present.

To help you take advantage of cloud data storage while minimising your risk of it being hacked or otherwise compromised, we’ve laid out five steps you can take to ensure your privacy is maintained and your information remains secure:

1. Use Encrypted Cloud Services

If you feel apprehensive about placing your important company or personal data on the web, then you’ve likely been taught well on how to navigate the internet, or worse, you’ve fallen victim to it. One way to ensure safe cloud storage is to be picky with your cloud provider and select one that encrypts your data locally.

While this process may take longer than an unencrypted method, it’s for good reason. This method goes as far as shielding access to your information from those who work at the service provider. A super bonus would be if this encryption also extends to the uploading and retrieval process.

2. Practice Local Backups

One of the cardinal rules that any online expert will tell you is that you should store your data in at least two places. Should the initial copy of your information be compromised somehow, it’s always advised to have another hard copy in a reliable location. As it’s not expected for cloud databases to crash or suddenly become available, you should always duplicate and keep your information on an external hard drive within reach.

3. Read the Fine Print

As you should do with every type of program that you download onto your hardware, reading between the lines of the Terms and Conditions can prevent you from making a major mistake in your data storage.

Typically, tricky wording can cause you to give up your rights unintentionally when programs sound too good to be true (and/or free).

For data storage programs specifically, some providers aim to share your information with advertisers or like-minded partners without you knowledge. If you can speak to a representative at the company or research the provider online, it would serve as a great benefit so you’re aware of what you’re getting into before it’s too late.

4. Backup Your Password (2-Step Verification)

In past posts, we’ve discussed the importance of having a strong password whenever necessary, and the same goes for your online storage. One overlooked tip is to not use the same exact password on multiple platforms, as one successful hack can wreak havoc on your online accounts.

If possible, use the two-step method which forces users to log into an email account, then enter a password. Google offers this option to strengthen the security of your accounts and deter hackers from attempting your account.

5. Monitor Your Online Browsing

Due to the fact that you’re storing you information on an online resource with the cloud, this means that your online behavior should mirror that fact. Common practices that you may normally use on your personal computer shouldn’t be done on a device that has access to confidential or important data.

Logging into hotspots, opting-in to remember my password and clicking on questionable links are all signs of careless behavior that a hacker looks for when seeking to cause damage. Remember to always practice smart surfing methods on the devices that hold your most important information to not tempt a cyber criminal to harm you, your customers or you organisation.

VCW Appointed Distribution Partner for Topsec Cloud Solutions

Topsec Cloud Solutions, a leading provider of cloud-based managed email security solutions, has appointed VCW Security as sole UK distribution partner.  Specialising in the distribution and marketing of IT security solutions and services to end-user companies via the reseller channel, VCW is now looking to expand the market for Topsec’s range of cloud based solutions including anti-spam, anti-virus, email continuity, email content filtering, image analysis, email archiving, secure file sharing, phishing awareness training-as-a-service and domain management.

According to Ger Gill, Topsec Cloud Solutions Sales Director:  “With extensive experience of launching innovative new security solutions to the reseller channel, VCW has unrivalled technical expertise and a pro-active approach that will provide an effective launch pad for success across the UK.  We are working closely together to develop a range of marketing and technical support materials that will enable resellers to maximize sales of our highly scalable solutions.”

Topsec’s Email Security operates at internet level and provides real-time scanning of all incoming emails to filter out spam, and other threats before being released to an organization’s IT network.  It efficiently quarantines email according to organizational security policies and offers a false positive rate of 1:1,000,000.  Eliminating all persistent cyber threats, frees up valuable bandwidth, increases network performance and protects against unwanted business disruption. All outbound emails are also automatically scanned before they leave the Topsec network.

VCW Security added:  “We are pleased to be working in partnership with Topsec Cloud Solutions and look forward to helping establish a strong and active reseller channel for the company’s best in class security solutions across the UK.  Being cloud-based, they are affordable for organisations of every size and provide a complete solution to securely manage businesses data without requiring any upfront investment.”

How to Remedy the Email Security Gaps in Microsoft Office 365

Making the move to Microsoft Office 365 brings great benefits to the user.

However, unknowingly organisations assume that Office 365 has sufficient built-in email security and they risk being exposed to a wide range of security risks, data loss and business continuity issues.

This was recently seen when Microsoft’s cloud based service the Azure Active Directory was down for over 14 hours worldwide. Read More.

Many of Topsec’s customers who wrap Topsec Email Security around Microsoft Office 365 to provide extra layers of security against spam, malware, ransomware and phishing were able to maintain business as usual and continued email availability with all the following features:

  • Enhanced Email Security Service
  • 24/7/365 Telephone Support
  • Concierge Service
  • Email Track & Trace
  • Email Continuity
  • Anti-Ransomware & Anti-Phishing

Give your organisation the ability to manage and secure its email security without the burden of maintaining the underlying infrastructure.

Don’t let spam ruin staff productivity

Regain control with TopSec Email Security, the comprehensive cloud-based email service.

Removing the persistent invasion of spam, undesirable content and viruses will save your company thousands of pounds and give back valuable lost bandwidth for business use. It also increases speed and capacity, eliminates unnecessary interruption and frees up your employees time.

Topsec Email Security does this by:

  • Dealing with spam securely before it hits the client gateway
  • Reducing system overheads on overworked firewalls and mail servers
  • Immediate notification if an email has been quarantined
  • Optional daily spam digests
  • Web-based, self-service quarantine
  • Increasing productivity

And because it’s a fully managed service, TopSec Email Security will free up the time of your key IT staff allowing them to concentrate on business-building objectives, like strategy and compliance.

To kick things off, we are offering 12 months for the price of 6 on opportunities closed before the 31st May. In order to qualify, you must attend a 1-2-1 web demonstration and evaluate the service*

Fill in the form below to join our webinar

Give us the opportunity to show you just how robust, advanced and innovative the Topsec Cloud Solutions products are. Leave your details here and we’ll be in touch to arrange a convenient time where one of our expert security consultants will run through a live demo online with you.​

Subscribe me to your mailing list

 

Introducing Topsec Cloud Solutions – Security for email and data

VCW is delighted to announce a new partnership with Topsec Cloud Solutions, the leading email security company. This will help protect IT networks against the significant increase in email based Ransomware and Phishing attacks.

Topsec is currently protecting upwards of 1 million mailboxes across UK and Irish public and private sectors. Organisations such as Comic Relief, United Trust Bank, Test Valley County Council, Centrica and the Irish National Health Service are already using Topsec services:

  • Topsec Email Security
  • Topsec Email Continuity
  • Topsec Email Blended Threats
  • Topsec FileXchange

To kick things off, we are offering 12 months for the price of 6 on opportunities closed before the 31st May. In order to qualify, you must attend a 1-2-1 web demonstration and evaluate the service*

Fill in the form below to join our webinar

Give us the opportunity to show you just how robust, advanced and innovative the Topsec Cloud Solutions products are. Leave your details here and we’ll be in touch to arrange a convenient time where one of our expert security consultants will run through a live demo online with you.​

Subscribe me to your mailing list