Infosec Cloud
Solutions. Services. Training.

Webinar: Secure and Simplify Access to Cloud Apps

Cloud-based apps bring productivity and flexibility benefits – but also a headache for IT in terms of management, control and on-boarding/de-provisioning access.

Plus your employees need to remember a whole host of username and password details.

Attend this webinar to find out how the OneLogin Unified Identity Access Management and Cloud Application Management Platform simplifies the management and control of cloud-based apps, ensures unified security and governance across all IT systems, and cuts access management costs by 50% or more.

The platform provides:

*  Single Sign-On (SSO) across all devices
*  Adaptive Multi-Factor Authentication
*  Real time On/Off Boarding
*  Multi-directory integration
*  Synchronised app use

Improve your users cloud experience.
Take back control of app use.

If you cannot attend the webinar but would like more information, please email [email protected]

Prefer to speak to someone? Please call 01256 379970 opt 1

Register now

Email [email protected] or complete the registration form below:

Name

Job Title

Company

Email Address

Enter these characters below: captcha

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Infosec Cloud adds OneLogin Identity Management to Cyber Security Portfolio

    Cybersecurity reseller Infosec Cloud enrols OneLogin to reduce traditional authentication-related security, compliance and resourcing challenges.

    Cybersecurity reseller, Infosec Cloud, has further bolstered its solutions and services portfolio with the addition of the entire product offering from OneLogin, the industry leader in Unified Identity and Access Management. The partnership will provide Infosec Cloud enterprise customers with secure on-demand connection for all users to all cloud services and applications, via all their devices, no matter where they are. As part of this, OneLogin supports secure Single Sign-On, Multi-Factor Authentication, directory integration with AD, LDAP and other external directories, user provisioning, endpoint management and more.

    To remain competitive in the fast-paced digital revolution, businesses of all sizes are adopting cloud-based applications at an astonishing rate. But with a wealth of employees accessing applications from all over the world, from numerous devices, at different times, IT resources have been stretched in all directions to ensure appropriate employee provisioning to maintain high security and compliance standards. Cloud, the agile IT phenomenon, has turned corporate networks into a heterogeneous minefield.

    To simplify the modern maze of a corporate network, OneLogin has recently added OneLogin Access to its portfolio, which allows companies of any size, for the first time, to manage access for on-premise and cloud-based applications with a single Identity-as-a-Service (IDaaS) solution. The platform simplifies and streamlines the whole identity and access management process; thereby reducing costs, improving security and contributing to overall IT efficiency.

    “Never has it been more critical — or more complex — to securely manage access across the explosion of distributed applications, data, and intelligence,” said OneLogin CEO Brad Brooks. “Historically, a customer’s only option was building a cumbersome, multi-vendor, prohibitively expensive solution. Our Unified Access Management Platform featuring OneLogin Access is purpose-built for hybrid customer environments, fundamentally changing authentication for enterprises and opening up digital transformation opportunities.”

    “We chose to partner with OneLogin as it offers an efficient and flexible solutions for Unified Access Management, SSO and MFA. This makes it easier for our customers to migrate to and manage secure access to information in the cloud,” said Andy Hanson, CTO Infosec Cloud.

    A broad range of over 5,000 technology and application partners have already pre-integrated OneLogin SSO identity management into their applications. These include SAML-enabled apps, such as Office 365, Google Apps for Work, Box, Workday, BMC Remedyforce, Salesforce, and EMC Syncplicity. New applications can be quickly added through the OneLogin standards-based interfaces.

    Over 2,000 enterprise customers trust OneLogin to secure and manage identities in cloud, legacy and hybrid environments.

    Read more – Whitepaper: Identity and Access Management Without Compromise

    Gain a comprehensive overview of IAM and how a cloud-based solution from OneLogin strengthens both security and productivity across IT and end users.

    Request your copy here >> https://www.infosec-cloud.com/iam-without-compromise/

    Check your Facebook Privacy Settings

    Find out how to check and change your privacy settings on Facebook.

    Great advice from Trusted Reviews:

    The entire Facebook/Cambridge Analytica affair highlights just how important it is to keep track of the apps you use − or have used in the past − that are connected to your Facebook account through Facebook Login. This is because the data was gathered through an app called ‘thisisyourdigitallife’, which allowed people to log in to it using their Facebook account.

    You can find a list of apps that have access to your Facebook data, such as your name, pictures, birthday and friends list, on the App Settings page.

    There’s a good chance the list will be significantly longer than expected.

    Clicking each entry in the list shows you the types of data you’ve given them permission to access. By unchecking each box, you can limit how many of your personal details they can get their hands on. You can also unlink the apps from your Facebook account on this page, by clicking the ‘X’ that appears next to them.

    However, as Facebook’s FAQ notes, “The app or game may have stored info from when you were using it, but you can contact the developer to ask that they delete any info they may still have.”

    You can also switch off Facebook’s integration with apps completely, meaning you won’t be able to log into apps, games and other websites using your Facebook account. To do this, go to Settings, Apps and Websites and Plugins, then select Edit and Disable Platform.

    Raj Samani, chief scientist at McAfee, says that using your Facebook account to login to another app “bridges your digital islands, allowing the two companies to collect more data and build an in depth profile about you and your activity.”

    He recommends going even further to protect your data. “Set up a new login and password for the apps you’re using. It may take a minute longer but it will help you to avoid data being shared between different services,” he told Trusted Reviews.

    Read the full article to see the 18 actions you need to take today:

    Go to: http://www.trustedreviews.com/news/facebook-privacy-settings-2939307#gyGsUfpyC5uZkExK.99

    Stop end users causing security incidents in your organisation –  find out about our award winning Security Awareness Training and Training service >> https://www.infosec-cloud.com/security-awareness/

    Stop your organisation falling victim to phishing attacks

    No matter how much is invested in securing IT infrastructure, organisations are only as secure as their end users.

    Users have the knowledge and access that cyber-criminals need to breach an organisation’s security. And cyber criminals are using more and more sophisticated phishing attacks to obtain this information.

    Today, compromised credentials represent the vast majority of hacks, and phishing attacks are responsible for the majority of those breaches.

    So how can organisations prevent users from opening and  clicking on phishing emails?

    The quickest, easiest and most cost-effective way is to train and test employees to actually change their behaviour.

    End Users are the Target

    Without training, users often fail to question whether they should open an attachment or click on a link without verifying that the attachment is legitimate and the website is valid. Plus, in the workplace, employees may have a false sense of security that the organisation’s IT security technology will catch anything malicious, so they do not need to worry.

    Unfortunately, cyber criminals are good at social engineering. They research organisations, read news articles, blogs and other information, and they find out who works at an organisation and their job role. The result is a well-crafted and targeted phishing email.

    These attacks cannot be prevented but they can be stopped with effective training and testing. Plus, organisations should carefully review what information is made public.

    Typical Phishing Attacks

    Once the cyber-criminal has the ‘trust’ of the target end user, typical attacks include:

    *  Embedding a link in an email that redirects to a fake website requesting sensitive information.
    *  Installing ransomware via a malicious email attachment, or by downloading a ‘free’ app.
    *  Spoofing the sender address in an email to appear as a reputable source and request sensitive information.
    *  Requesting a fund payment over the phone by impersonating a known company contact. or referring to a request by a more senior member of staff.

    The goal is to collect sensitive information so as to gain access to otherwise protected data, networks, etc. The phisher’s success relies upon establishing trust with their victims – your employees.

    Changing Employee Behaviour

    Employees need to be aware of, and vigilant against, the potential risks of opening email attachments or clicking on links from unfamiliar sources. This can only be achieved by providing an effective security training and testing program that actually changes behaviour.

    Unfortunately, security training is often delivered as an annual event or held at an employee’s orientation. If the training is given online and not tracked or tested, employees can rapidly click through the content, ignoring most of the information. If given in person, the training may be PowerPoint slides in a small font narrated by an uninteresting speaker for an hour…

    The solution is a continuous program of professionally developed, workplace training (delivered at the desktop), bespoke phishing tests, and immediate remedial training for those who ‘click’.

    This approach will also provide reports detailing the effectiveness of the program (ie the reduction in the number of users who ‘click’).

    Remember it only takes one end user to take the bait.

    Read more about Security Awareness Training and Testing (SATT)

    See our SATT managed service: https://www.infosec-cloud.com/security-awareness/

    Phillips Solicitors reinforces Cyber Attack Protection with Security Awareness Training and Testing

    Phillips invests in end user IT Security Awareness Training and Testing, to protect both their own data and networks, and those of their clients.

    Based in the heart of Basingstoke since 1986, the firm works towards achieving the best outcomes for their employees, clients and the local community However, by holding client confidential and sensitive information, including financial details, Phillips, like all Legal Firms, is an attractive target for cyber criminals.

    Aware of their responsibility to their clients, Phillips was one of first law firms in Hampshire to be awarded Cyber Essentials Plus accreditation. The Cyber Essentials scheme identifies the security controls an organisation needs in place to help defend against Internet-borne threats.

    A key element of the accreditation is to ensure all partners and staff understand security issues, applicable company policies and how to identify and terminate potential cyber attacks. To meet this need, Phillips initially planned to run their own security awareness training, but upon evaluating the market they choose the fully managed awareness training and testing service provided by Infosec Cloud.

    Mike Worth, IT Manager, Phillips Solicitors commented: “ The Infosec Cloud service was extremely competitive, yet more importantly offered a good, helpful service and strong understanding around Security Awareness and the impact on regulated businesses.”

    Impressed by the results, Phillips has just recently renewed to continue the service for a third year, confident that all partners and staff are informed, empowered and cyber security vigilant.

    Training and Testing

    Infosec Cloud provides an integrated programme of online training and bespoke, random test phishing emails. Vulnerable employees who fall for the emails after the initial training, are provided with immediate, remedial training.

    This fully managed service has been designed by experts in cyber security and training. A dedicated team manages training delivery and tracking, and uses information in the public domain to build customised, test cyber-attacks.

    Cyber Security Aware

    Back in 2014, Philips Solicitors were already improving staff awareness around cyber and data security. However, the firm quickly appreciated the necessity and benefit in delivering a structured and continuously reinforced Security Awareness Programme.

    The firm chose to work with Infosec Cloud as the combination of awareness training and customised cyber-attack testing guaranteed a change in employee behaviour.

    Plus, being fully managed, there were no additional demands on the IT team.

    “Our security awareness has significantly increased and continues to do so as a direct result of the service Infosec Cloud provides. Their methodical approach along with expertise ensures that we achieve a measurable return on investment,“ added  Mike Worth, IT Manager, Phillips Solicitors.

    Since purchasing SATT from Infosec Cloud, Phillips has purchased other services and are looking to further strengthen the relationship. Phillips has been impressed by Infosec Cloud’s extensive cyber security expertise, industry knowledge and understanding of specific client requirements.

    Infosec Cloud is an established IT Security reseller and managed services partner. The company offers a comprehensive portfolio of cloud-based, hybrid and on-premise IT security, productivity and compliance solutions, plus video-based, measurable employee security and GDPR awareness training.

    Click Here for more information on our Security Awareness Training and Testing service >>

    Are your legacy software applications letting hackers in?

    Guest Post: Chris Lund
    SecurEnvoy

    It’s a real challenge for any IT administrator to stay on top of network security against a constantly changing threat landscape.

    The traditional network edge is now all but non-existent thanks to BYOD, homeworking and cloud-based software, and there are inevitable compromises to the hardness of network security as a result.

    While it’s a considerable task to keep up to date with the various patches and updates for the newer tools, when breaches do happen, it’s often through older legacy tools that hackers gain access. 

    It’s hardly surprising: business software and infrastructure has evolved enormously in the last few years. Those platforms on which businesses have been reliant on for 10, 15 years or more, were conceived for a different – dare I say a more innocent – era. They were designed to be housed in closed networks with less devices and as a result their security features fine for the times – are now no longer fit for purpose.

    Exacerbating the problem, if those platforms are no longer the backbone of your business software stack, but now fulfill a supporting role, then it’s quite feasible they’ve not received the attention they should from your system admins.

    And this is exactly the weakness which hackers thrive on, and through which so many large-scale breaches have been instigated.

    Now you might be thinking that old database of outdated customer contacts is of no value to a hacker. But to do so is to misunderstand the dynamics of a hacking attack completely.

    The truth is, legacy platforms are often the gateway into the system that eventually leads to a far more serious breach.

    Credentials based attacks primarily involve hackers gaining access to weaker parts of the network, such as those legacy applications, using stolen credentials. They then use these as a platform to move laterally through the network, often over an extended period of time, eventually gaining access to core systems and critical business data through re-used passwords, sloppy integrations, or by installing key loggers on unsuspecting users’ machines. In unprotected networks, this can cause havoc, leaving the door open to subsequent follow-up attacks or crippling loss of data.

    Scary stuff. So, what can be done about it?

    Multifactor authentication solution providers (MFA) make much of their abilities to easily protect the latest web apps and end point devices with a tokenless, single-sign-on MFA solution.

    But that’s not where our partner, SecurAccess’ protection capabilities end. Far from it. SecurAccess is designed to integrate with all major firewall, VPN and network infrastructure tools to enable you to ensure network-wide security MFA protection.

    Plus, the beauty of implementing tokenless MFA at the network level is that it works in tandem with your firewall.

    In doing so, not only does it enable authentication at the network edge, it allows multiple SSO access levels for different user groups, or enforces authentication when access to other, higher value areas of the network is requested. By authenticating at the traffic level, using a solution such as this means that even where the attacker has managed to obtain correct username and passwords, they are blocked from establishing further access.

    From a security perspective this is powerful stuff: It’s not quite the silver bullet in dealing with sloppy password practices and malicious phishing attacks, but it’s a powerful tool in your armoury.

    Learn more about how SecurAccess works with Cisco, Citrix, Palo Alto and other infrastructure providers to deliver network-wide security, by requesting a call with one of our consultants here.

    GDPR Staff Awareness Training Service Launched

    With the GDPR deadline fast approaching, Infosec Cloud has launched an online Staff GDPR Awareness Training service.

    Subscribers to the service will be provided with video-based training, quizzes, posters and infographics. All training will be tracked and full reports provided to help meet GDPR compliance requirements.

    The goal of the GDPR Awareness Training is to help organisations avoid regulatory fines by improving employee understanding of the new data privacy regulation. Employees will learn how to make the right decisions about the personal data they collect, hold and process.

    The training meets Step 1 of the ICO’s ’12 Steps to Preparing for the GDPR’:

    You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have. (ICO, Preparing for the GDPR, 12 Steps to take now)

    The Infosec Cloud GDPR Awareness Training service was developed by training and subject matter experts and is already receiving positive feedback from customers. The training is suitable for all employees and presented in plain language, in an engaging and easy to understand manner.

    Pete Sherwood, MD, Infosec Cloud commented:

    “As experts in information security and compliance, and providers of the award winning Security Awareness Training and Testing service, we were asked by our customers to provide a GDPR Awareness Training service. Managed using our existing learning platform means we can enroll, deliver, track and report on training completion. All customers need to do is provide us with a list of employee email addresses.”

    The training topics include:

    * What is the GDPR?
    * Who needs to Comply?
    * What about Brexit?
    * GDPR Key Terms
    * GDPR Rights of Individuals
    * The GDPR and You

    The GDPR training service is fully managed and tracked, with staff receiving regular reminders to complete their training. Customers will receive unlimited access to all GDPR training resources.

    For more information, please see: https://www.infosec-cloud.com/gdpr-awareness-training/

    NEW: GDPR Online Readiness Assessment Tool

    Is your organisation on track to satisfy the requirements of the GDPR?

    This free GDPR Online Readiness Assessment tool enables you to find out where your biggest compliance gaps are, and helps you to develop a plan to close them.

    Assess your GDPR readiness in three easy steps:

    1. Complete the easy-to-follow online readiness questionnaire
    2. Automatically generate a report providing you with an assessment of your organisation’s readiness for GDPR, including your strengths and weaknesses
    3. Receive a tailored list of recommendations to help you develop an action plan

    Start your GDPR Assessment button

    Alternatively copy and paste this link into your browser: http://info.infinigate.co.uk/gdpr-online-readiness-assessment-infosec-cloud

    Note. Whilst we are confident that the information we provide is accurate, this assessment and its resultant report should only be used as guidance. For further information about the GDPR, its requirements and your exposure to it, please contact us by emailing: [email protected]

    Fake Meltdown and Spectre Patch Phishing Emails

    Take note – cyber criminals have already jumped on the ‘Meltdown and Spectre’ bandwagon with patch phishing attacks. You need to take action now.

    Key points:

    *  Vendors are quickly rolling out patches. Microsoft and Google did so last Thursday. Patch quickly but with discretion: not all anti-virus programs are compatible with the updates.

    *  Be alert for social engineering scams related to the bug announcements. These follow most major cyber incidents, and Meltdown and Spectre are no different. Remind your employees of your patching policies and notification practices (a ready-to-send email to your users is below). Remind your end users that they’re the last line of defence.

    *  Your IT end users may notice that some of the services they use seem to be moving more slowly. This may not be evidence of a problem, but rather a sign that those services, cloud providers in particular, are taking steps to mitigate the risk.

    *  ARM, Apple and AMD processors are known to be afflicted with Spectre – these chips are widely used in distributed, set-it-and-forget-it, Internet-of-things devices. This means the risk is likely to linger there the longest.

    *  The disclosure suggests a human problem. Google found the flaws last summer and vendors have been quietly working to prepare fixes since then. The news broke suddenly, and before fixes were entirely ready, because Google determined that someone, somewhere, had begun to leak the news.

    Text you can copy / paste and send to your IT end users:

    Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

    This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

    So, if cyber criminals are able to get malicious software running on your computer, they can access your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

    What Are We Doing About This?

    We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.

    In the meantime, you need to be extra vigilant, with security top of mind and Think Before You Click.

    Read more about Security Awareness Training for IT End Users >> https://www.infosec-cloud.com/security-awareness/

    Meltdown and Spectre

    Vulnerabilities in modern computers leak passwords and sensitive data.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.

    While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

    Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

    Read more, including:

    *  Meltdown Paper
    *  Spectre Paper
    *  Who reported Meltdown?
    *  Who reported Spectre?
    *  Questions & Answers
    *  Where can I find official info/security advisories of involved/affected companies?

     Go to >> https://spectreattack.com/

    © 2018 Graz University of Technology. All Rights Reserved.