Booking.com – are you asking the question how strong is my password?

The latest problems at Booking.com illustrate the issues around password security and will have many people asking the question how strong is my password?

A strong password is only part of the answer; passwords can be brute forced, so where possible, adopt Multifactor Factor Authentication as well.

See the Guidance from the National Cyber Security Centre – How secure is my password

Password & Multifactor Authentication (MFA) Policy

To ensure better password hygiene, create a company password policy with the following guidelines:

  1. Use passwords that are at least eight characters long and include a combination of letters, numbers, and symbols. If you don’t use a password manager, adopt passphrases instead.
  2. Avoid using personal or company-specific words, names, or addresses in your passwords.
  3. Use a unique password for every service you use.
  4. Never write passwords on paper or in an insecure digital form. To manage your passwords, use a password manager. This will securely store and manage all your passwords in one place.

Use Multi-Factor Authentication. MFA reduces the likelihood of a breach by orders of magnitude. It uses your mobile device as a second security check for those who don’t know.

How strong is my password, and how can I better manage it in future?

We recommend our customers use Keeper Password ManagerKeeper Password Generator & Manager as it will store passwords, create strong passwords, manage multifactor authentication and check your existing passwords to ensure they aren’t reused or have been leaked in known data breaches.

Keeper Security business password manager software

So what is happening at Booking.com

More details on the problems presently being experienced at Booking.com are found in this article on the BBC. It looks as though passwords are only part of the issue; the other half of the task facing the security teams is managing accounts with admin rights, especially those used by suppliers.

Monitoring your accounts with admin rights and highlighting unused and redundant accounts is something that needs to be done across a company’s services, especially those that are cloud-based, so these days, that’s most of them.

Many of you will be looking at putting Microsoft’s Copilot in place to take advantage of the many benefits it will bring regarding productivity; who doesn’t need a virtual assistant?

One of your early priorities should be to ensure your M365 environment is secure, as the potential for inadvertently giving access to data and worse will be amplified by AI.

Much of the work towards a secure environment revolves around improving your Microsoft Secure Score, which can be done within your M365 tenant; we prefer to use our preferred management tool, Octiga 365, as it also highlights areas where security can be improved.

 

Keeper Password Generator & Manager

This article from the BBC graphically demonstrates the need for us to use a password generator to create secure credentials; left to ourselves, we (humans) are just not up to the task of creating unique, complex credentials.

23andMe data leak article
It also looks like the companies we rely on to secure our data are often not up to the task; in this case, the genetic testing firm 23andMe could have insisted. They presumably manage the services their customers log onto and so should have set up policies to stop customers from using simple passwords.

23andMe, in effect, could have insisted customers adhered to safe password practices, used an in-page password generator to choose a password and used multifactor authentication, but instead, they preferred to point the finger at irresponsible customers who re-used passwords.

We recommend our customers use the Keeper Password Manager.

Contact Us

password generator

Password & Multifactor Authentication (MFA) Policy

To ensure better password hygiene, create a company password policy with the following guidelines:
1. Use passwords that are at least eight characters long and include a combination of letters, numbers, and symbols. If you don’t use a password manager, adopt passphrases instead.
2. Avoid using personal or company-specific words, names, or addresses in your passwords.
3. Use a unique password for every service you use.
4. Never write passwords on paper or in an insecure digital form. To manage your passwords,  when creating passwords, use a password generator and adopt a password manager. This will securely store and manage all your passwords in one place.
Use Multi-Factor Authentication. MFA reduces the likelihood of a breach by orders of magnitude. It uses your mobile device as a second security check for those who don’t know.
We provide the business Password Manager. Keeper SecurityKeeper Security – business password manager manages all of your logins, suggests improvements, monitors for leaks of old passwords and alerts you to potential issues.

Getting M365 and Sharepoint security ready for Microsoft Copilot, Sharepoint security is key

Microsoft’s Copilot is an AI agent that will be on the agenda of many of you, so by now, you will have realised that getting your business ready for M365 security is central, and Sharepoint security is key.

From the 1st of November, Microsoft has made Microsoft 365 Copilot “generally” available for enterprises worldwide. But you’ll need to buy a minimum of 300 seats.

The £30 per user per month cost is in addition to the M365 E3 or E5 subscription, and so – in some cases – will nearly double the monthly outlay per user. Microsoft M365 Copilot also requires an annual commitment.

Anyone who has read my previous blog on Copilot will realise I’m a fan and am actively encouraging my customers to adopt it.

The term “General Availability” is a bit of a red herring as most of us will have to wait to get access to Microsoft Copilot. However, this should be seen as an opportunity to gain knowledge on the product, understand how it may affect Sharepoint security and ensure your organisation is ready to take advantage when Microsoft make it available to the SMEs who arguably will be the biggest beneficiaries.

So, most of us can’t get Copilot right now, but we can make preparations that will give us a head start when we get our turn.

M365 Sharepoint security and Copilot go hand in hand

Get our White Paper on the adoption of Copilot

Getting your Sharepoint security structure in place beforehand

As Copilot uses organisational content in the Microsoft 365 tenant – such as users’ calendars, emails, chats, documents, contacts, and more- organisations must duly prepare for Copilot adoption, particularly from a security and compliance perspective.

Because of the breadth of the change that adding Copilot to your IT ecosystem will bring about, I would suggest that this is a good point to review your existing controls and plan for how you will need to control information in the future.

It might be a good time to go into your M365 tenant and check your Secure Score. yes, using the Microsoft tools to improve your score is a challenge for most of us; we have found the Octiga M365 Security is an excellent way to address this as it is very visual and has great intuitive tools that make the whole experience much simpler and help you stay on top of it in the longer term.

Book an Octiga Security Demo

Of course, we are happy to use our experience to help you improve your M365 secure score and Sharepoint security as well.

One of the things to remember about AI is that presently, Natural or Human intelligence has at least one significant advantage: it can be selective about the information it may choose to share with, for instance, a customer.

Give Copilot or any other AI, especially chatbot information, and it will use it if you haven’t given it express rules for who should have access; don’t expect AI to exercise common sense or discernment.

Microsoft Copilot: Has the Potential to Be a Game-Changer for Business Productivity.

Preparing to take advantage of Micosoft Copilot

Microsoft Copilot has been released as a paid addition to the Microsoft suite of Office Apps. Copilot has many capabilities, including acting as a digital assistant, sorting and summarising emails, helping create presentations and documents, and even attending Teams meetings for you.

We are currently working to help our customers prepare for the launch of Copilot and to help them get the most out of it.

Artificial intelligence (AI) is going to revolutionise the digital world in many ways both good & bad;

According to Bill Gates, the former CEO of Microsoft, in his Gatesnotes blog, the businesses that adopt AI will be successful in the future.

(The Age of AI has begun | Bill Gates (gatesnotes.com)

While the Artificial Intelligence debate continues to occupy the press, it is a cause for anxiety to areas of the workforce and Governments around the world are wringing their hands over how or whether they should be looking to regulate AI. The tech giants, understandably, aren’t standing still.

Microsoft has demonstrated its commitment to being at the forefront of AI innovation with the release of Copilot, an AI assistant.

Microsoft Copilot promises to impact businesses by enhancing productivity and elevating output quality significantly.

As an IT professional who has had a sneak peek at what Copilot can do, I’m genuinely impressed; in the coming months & years our focus as a company will be actively facilitating our customers’ adoption of AI in their businesses.

We believe Microsoft Copilot is poised to usher in a new era of workplace efficiency.

For more information about Copilots current abilities this article on the BBC website gives a good overview.

Here are some ways in which it can benefit businesses of all sizes:

  • Streamlined Workflow: Copilot can automate mundane tasks, freeing employees to focus on more strategic and creative aspects of their work. This translates to increased efficiency and higher productivity.
  • Error Reduction: With its advanced AI algorithms, Copilot is well-equipped to assist users in avoiding common errors and pitfalls. This not only saves time but also enhances the quality of output.
  • On-the-Fly Guidance: Copilot’s ability to offer real-time assistance is a game-changer. It can suggest solutions and provide insights as employees work, making it an invaluable partner in problem-solving.
    Learning and Adaptation: Over time, Copilot can learn from user interactions, evolving to suit the specific needs of your business better.

Microsoft Copilot

This adaptability ensures a tailored experience for each user.

In preparation for the implementation of Copilot in your organisation, consider the following factors:

1. Data Integration: Ensure that Copilot can seamlessly integrate with your existing systems and processes to maximise utility.
2. Security: Microsoft has a strong track record in security, but it’s essential to assess the potential risks and safeguards involved in using an AI assistant like Copilot.
3. Training and Onboarding: Plan a smooth transition by training employees to maximise Copilot’s capabilities.
4. Customization: Tailor Copilot to your business’s unique requirements to maximise its potential.

Get our Whitepaper on Microsoft Copilot adoption and the low hanging fruit that can be addressed by AI

As promising as Copilot may be, it’s important to remember that specialised product-oriented chatbots may still have their place for specific tasks. With its broad capabilities, Copilot may not be as precise in certain areas as dedicated, task-specific chatbots.

In conclusion

Microsoft’s Copilot is poised to be a game-changer for businesses, offering many benefits to enhance productivity and output quality.

As an IT professional, I look forward to witnessing its positive impact on our workplaces. To fully leverage its potential, businesses should proactively prepare for its implementation, ensuring seamless integration and optimal utilisation.

While Copilot is a versatile assistant, there will still be room for specialised chatbots in specific scenarios, making it crucial to choose the right tool for the job.

30 years of web browser security threats and 20 years of Cyber Awareness Month

Web browser security threats probably go back at least 30 years to 1994 and the advent of Microsoft Internet Explorer.

This year 2023, marks 20 years of Cybersecurity Awareness Month, so let’s spread a little awareness.

These days, children are given lessons at school about staying safe on the web, but many of us adults probably weren’t.

When you consider that most office-based workers spend 70-80% of their time on the web, it’s clear that companies should be training their staff and giving them the basics. That’s why Cyber Awareness Month is so important.

Before we talk about any technical layers of security that should be put in place, let us be clear that a lack of awareness can undo any efforts we make with the other security layers.

In the ever-evolving landscape of cybersecurity, some things remain constant. One of those is that over 70% of security issues are related to users accessing harmful content on the web – either directly through a web browser or indirectly by clicking on a link in an email.

IT Security Training protects against web browser security threats

It’s crucial to address the three primary threats that can compromise your online safety. These threats can be broadly categorized into three main areas:

  1. Web Browsing Security: The first layer of defence is your web browser. The internet is a vast realm, and what you click on and interact with can significantly impact your cybersecurity. Defending against web browser security threats such as malicious websites, phishing attempts, and unsafe downloads all pose potential risks. It’s imperative to exercise caution when browsing the web and avoid clicking on suspicious links.
  2.  Email Vulnerabilities: The second layer of vulnerability often intersects with web browsing – it’s what comes in over your email. Phishing emails, malware-laden attachments, and social engineering attacks can all infiltrate your inbox. Email filtering solutions are crucial in identifying and quarantining such threats before they reach your inbox.
  3. Social Media Interactions: The 2.5 layer refers to what and who you interact with through social media. Cybercriminals often exploit personal information shared on social media platforms to craft convincing phishing attempts or impersonate trusted contacts. Being cautious about sharing sensitive information and scrutinising friend requests and messages is vital.

To protect against these threats, three layers of security are essential:

  • Human Firewall: The first and most critical layer is the one inside your head – your knowledge and awareness. Cybersecurity education and training are paramount. This awareness extends to understanding the potential risks and how to respond when facing a suspicious situation.
  • DNS Web Filtering: Implementing DNS web filtering solutions to tackle web browser security threats by helping prevent access to malicious or inappropriate websites. This layer of protection acts as a barrier to keep users away from dangerous online territories.
  • Email Filtering: Email filtering solutions, powered by advanced algorithms and threat intelligence, can identify and quarantine potentially harmful emails. This layer is indispensable in preventing phishing attempts and malware distribution via email.

As we celebrate the 20th anniversary of Cybersecurity Awareness Month in 2023, it’s evident that a well-rounded approach to cybersecurity is necessary. While technical security layers are vital, they are less effective without the crucial human firewall. Therefore, individuals and organisations must invest in cyber awareness training, informing themselves about the latest threats and best practices. Combining technical defences with an educated and vigilant user base can significantly reduce the risks posed by the ever-evolving threat landscape.

Will Microsoft Copilot AI be boosting your productivity

Will Microsoft Copilot AI  prove that not all additives are bad for us?

We think Artificial Intelligence (AI) is poised to play a crucial role in our daily digital and professional interactions, and we aren’t the only ones.

Recently, Amazon announced its investment in Anthropic, a move that will enhance the capabilities of Alexa and provide AI support for the Amazon online store and AWS Cloud platform (Amazon Web Services).

Earlier this year Bill Gates said that the businesses that grasp the opportunities presented by AI are the ones that will succeed in the next few years.

Microsoft is certainly doing their bit to fulfil the old bosses’ predictions as this “fall” that’s Autumn to us Brits Copilot will be made available as part of upgrades to Windows 11, their browser Edge and of course, M365.

We will be blogging regularly on the new AI capabilities and as a security focused organisation Tamite will of course be looking at the privacy  implications.

Microsoft poised to launch its AI assistant, Copilot, into its M365 suite (formerly known as Office 365). As a helpful and reliable AI-powered assistant, we will assist our clients in understanding the potential of AI in their organizations and guide them towards easily achievable benefits by showing them how to snatch some low-hanging fruit

Read the BBCs article on this subject

https://www.bbc.co.uk/news/technology-66914338 Artificial

Grasping AI, the opportunity to supercharge your business efficiency and Office Microsoft 365 plans business security.

Microsoft 365 plans business security
Clippy’s back, and this time he’s got muscles

Grasping AI, the opportunity to supercharge your business efficiency, Microsoft 365 plans business security.

Microsoft 365 plans business security and efficiency with AI.

Presuming Artificial Intelligence (AI) doesn’t go rogue and decide to put an end to humanity or enslave us, it is likely that we will see AI becoming increasingly involved with our work and home lives.

Over the next few years, many of us will see AI within the products we know and love assisting us and doing stuff on our behalf.

Goldman Sachs predicts an increase in Global GDP of 7% over the next decade due to improvements in productivity due to Artificial Intelligence.

At some point in the future, we will all have personalised assistants (Alexa on steroids). Still, before that comes to pass, we can expect AI to be bolted onto all sorts of things we are already familiar with. So what will these integrations look like? And what will it mean for me?

Predictably technology companies such as Microsoft are early adopters; AI is poised to revolutionise information technology (IT), offering innovative solutions that enhance productivity, streamline processes, and optimise operations. Microsoft’s integrations with Microsoft 365 (formerly known as Office 365) exemplify how AI is harnessed to improve and assist us in various IT aspects.

Microsoft 365 plans business security and efficiency with future AI updates.

  1. Virtual IT Assistants and Chatbots: Integrating AI-powered chatbots into M365 environments allows employees to receive instant IT support and assistance. These virtual assistants can guide users through troubleshooting steps, provide solutions to common IT problems, and even automate routine tasks such as password resets, reducing the burden on IT helpdesks.
  2. Natural Language Processing for Documentation and Collaboration: AI-driven natural language processing can be used to improve collaboration and knowledge management within M365. For example, AI can automatically extract essential information from documents and emails, categorise content, and recommend relevant files to users, making finding and sharing information easier.
  3. Intelligent Data Analysis and Insights: AI-driven analytics tools within M365 can analyse large datasets to extract valuable insights. For instance, AI algorithms can identify trends in user behaviour, helping organisations understand how employees interact with their tools and applications. This information can be used to optimise workflows and improve user experience.
  4. Automated Threat Detection and Response: AI-powered security solutions integrated with M365 can monitor network traffic, identify unusual patterns, and detect potential security breaches in real-time. These systems can automatically respond to threats by isolating compromised devices or quarantining suspicious files, thus enhancing the overall security posture of an organisation.
  5. Predictive Maintenance for Infrastructure: AI can be employed to monitor the health and performance of IT infrastructure, such as servers and network components. By analysing data from these systems, AI algorithms can predict when hardware failures are likely to occur, enabling proactive maintenance and minimising downtime.

 

Chatbot example for business rollout

Chatbots have been around for decades, the classic chatbot example being Microsoft’s own Clippy.

chatbot examples include Microsoft's Clippy

Yes, Microsoft’s Clippy was a chatbot.

Specifically, Clippy was an animated character employed as an interactive assistant in Microsoft Office 97-2003.

Clippy was designed to provide users with helpful hints and suggestions as they worked in Office applications such as Word, Excel, and PowerPoint. For example, Clippy would appear as an animated paperclip and pop up with messages such as “It looks like you’re writing a letter. Would you like help?”

Everybody hated Clippy, so they were eventually quietly sacked, but Clippy and his brethren are if we believe the press about to take over the world and put us all out of a job.

Although Clippy was not a fully functional chatbot as we might think of today, it did engage in some limited conversation with users and responded to specific user inputs.

Compared to modern chatbot example, ChatGPT or Google Bard, Clippy was primitive.

However, Clippy is more representative of how we are deploying chatbots to support website sales functions, answering FAQs for customer service, and increasingly moving into the HR space.

In fact, Microsoft will be introducing chatbot features into upcoming editions of MS 365, so Clippy may ride again.

However, Clippy’s conversational abilities were quite basic, and many users found its presence and pop-ups annoying, which eventually led to its removal from Microsoft Office in later versions.

The new breed of chatbots is clever and are going to become cleverer.

Chatbots will undoubtedly be increasingly crucial for business, Clippy was a notorious fail, but get it right, and your business will reap dividends.

This article from Forbes is a great read.

The Good, the bad, and the ugly

Chatbots are used in business in a variety of ways, including:

  1. Customer service: Chatbots can provide 24/7 support to customers, answering frequently asked questions and providing help with basic tasks such as account inquiries or product recommendations. This can help reduce customer wait times, improve response times, and provide a more personalised experience for customers.
  2. Sales and marketing: Chatbots can engage with customers, answer questions about products or services, and provide recommendations based on customer preferences. This can help drive sales, increase customer engagement, and provide a more personalised shopping experience.
  3. Lead generation: Chatbots can qualify leads, gather information from potential customers, and schedule appointments or consultations. This can help businesses identify high-quality leads and improve their sales funnel.
  4. Internal communication: Chatbots can automate routine tasks such as scheduling, time tracking, and expense reporting. This can help reduce administrative workload and improve overall productivity.

Chatbots can help businesses save time and resources, improve customer engagement and satisfaction, and increase revenue and efficiency.

They can even help you write blogs.

What is a Chatbot?

Chatbots are in the news, but what is a chatbot? and how does it relate to Artificial Intelligence?

This was interesting, although, as usual, the journalists have unhelpfully lumped Artificial Intelligence (AI) & Chatbots into one thing; (which they aren’t).

Geoffrey Hinton, one of the fathers of what has become known as AI (Artificial Intelligence), is retiring from Google at 70.

The BBC article quoted Hinton as he has become concerned about how bad actors may use AI in the future.

https://www.bbc.co.uk/news/world-us-canada-65452940

At the same time, at present, Chatbots are mostly benign and little more than parrots that can reflect Internet content in a more understandable chatty format for us humans.

As for the fact they have better general knowledge than most of us poor humans, so does a copy of the Encyclopedia Britannica, and nobody is getting worked up about that.

For those of you who are interested enough to read on, I and my copy of AI Chat have quickly explained the relationship between Chatbots and artificial intelligence (AI).

These are two related but different concepts in the field of computer science.

A chatbot is a computer program designed to simulate conversation with a human via text or voice messages. Chatbots are typically programmed to respond to specific questions or prompts using pre-set answers or commands.

They are often used in customer service, website inquiries, and other automated interactions.

On the other hand, artificial intelligence is a broader concept encompassing many technologies, including machine learning, natural language processing, and computer vision.

AI refers to the ability of machines to perform tasks that would typically require human intelligence, such as understanding natural language and recognising patterns in data.

While chatbots utilise some basic AI technologies like natural language processing to make their interactions with humans more seamless, they are not artificial intelligence. Instead, AI is capable of more complex and adaptive behaviours that can solve problems and learn from data.

In general, chatbots are a specific application of AI for a narrow purpose, while AI has a broader range of applications across various fields.

Data backup is vital as Government raise Ransomware to tier 1 threat

The UK Government has effectively raised the stakes for businesses that don’t adequately look after the multiple threats posed by Cyber Criminals; we recommend a layered approach that includes data backup to cover all your bases.

In early February, Foreign Secretary James Cleverly announced the NCA (National Crime Agency) crackdown on perpetrators of Ransomware, potentially affecting how businesses deal with Ransomware incidents.

UK Gov Elevates Ransomware to Highest threat status

The UK government have given Ransomware Tier 1 threat status, elevating it to the highest level and demonstrating government fears of the damage done to UK businesses and institutions.

Simultaneously the announcement of seven Russian nationals who have had assets frozen and travel bans imposed.

UK cracks down on ransomware actors – GOV.UK (www.gov.uk)

The reason for the elevation of Ransomware to tier 1 national security threat coincides with attacks against businesses and public sector organisations becoming increasingly common.

Recent victims include UK schools, local authorities and firms.

The new campaign of concerted action actively coordinated with the US; thus far, 149 British victims of Ransomware known as Conti and Ryuk have been identified by the National Crime Agency (NCA)

The threat according to the National Cyber Security Centre

NCSC Chief Executive Officer Lindy Cameron said:

“Ransomware is the most acute cyber threat facing the UK, and attacks by criminal groups show just how devastating its impact can be”.

“The NCSC is working with partners to bear down on ransomware attacks and those responsible, helping to prevent incidents and improve our collective resilience”.

“It is vital organisations take immediate steps to limit their risk by following the NCSC’s advice on how to put robust defences in place to protect their networks”.

Tamite Secure IT recommend layered security, including a robust approach to data backup

*What do the NCSC mean by robust defences? The most common approach is what is termed layered security and should include data backup.

Victims of ransomware attacks should use the UK government’s Cyber Incident Signposting Site as soon as possible after an attack.

The UK’s Office of Financial Sanctions Implementation (OFSI) is also publishing new public guidance that sets out these new sanctions’ implications in ransomware cases.

The individuals designated today are:

  • Vitaliy Kovalev
  • Valery Sedletski
  • Valentin Karyagin
  • Maksim Mikhailov
  • Dmitry Pleshevskiy
  • Mikhail Iskritskiy
  • Ivan Vakhromeyev

Paying the ransom could make you guilty of of breaching the sanctions

Making funds available to the individuals such as paying ransomware, including in crypto assets, is prohibited under these sanctions. Organisations should have or should put in place robust cyber security and incident management systems in place to prevent and manage serious cyber incidents.

The cost of a successful ransomware incident to your business far outweighs the costs of implementing a Data Security Strategy. Therefore, we often recommend Acronis Cyber Protect to our SME customers as part of the strategy.

Data Backup & Disaster recovery

The reason is simple, Acronis are known for its data backup capabilities and online backup pricing; however, we have been impressed by the Cyber security functions built into the product, including Ransomware Protection.

 

 

Verified by MonsterInsights