In today’s digital landscape, cybersecurity threats continue to evolve. They pose
significant risks to individuals and organizations alike. One such threat gaining
prominence is zero-click malware. This insidious form of malware requires no user
interaction. It can silently compromise devices and networks.
One example of this type of attack happened due to a missed call. That’s right, the victim
didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a
zero-day exploit enabled it. The missed call triggered a spyware injection into a resource
in the device’s software.
A more recent threat is a new zero-click hack targeting iOS users. This attack initiates
when the user receives a message via iMessage. They don’t even need to interact with
the message of the malicious code to execute. That code allows a total device takeover.
Below, we will delve into what zero-click malware is. We’ll also explore effective strategies
to combat this growing menace.
Zero-click malware refers to malicious software that can do a specific thing. It can exploit
vulnerabilities in an app or system with no interaction from the user. It is unlike traditional
malware that requires users to click on a link or download a file.
Zero-click malware operates in the background, often unbeknownst to the victim. It can
infiltrate devices through various attack vectors. These include malicious websites,
compromised networks, or even legitimate applications with security loopholes.
Zero-click malware presents a significant threat. This is due to its stealthy nature and
ability to bypass security measures. Once it infects a device, it can execute a range of
malicious activities.
These include:
Data theft
Remote control
Cryptocurrency mining
Spyware
Ransomware
Turning devices into botnets for launching attacks
This type of malware can affect individuals, businesses, and even critical infrastructure.
Attacks can lead to financial losses, data breaches, and reputational damage.
To protect against zero-click malware, it is crucial to adopt two things. A proactive and
multi-layered approach to cybersecurity. Here are some essential strategies to consider:
Regularly update software, including operating systems, applications, and security
patches. This is vital in preventing zero-click malware attacks. Software updates often
contain bug fixes and security enhancements. These things address vulnerabilities
targeted by malware developers. Enabling automatic updates can streamline this process
and ensure devices remain protected.
Deploying comprehensive endpoint protection solutions can help detect and block zero-
click malware. Use advanced antivirus software, firewalls, and intrusion detection
systems. They establish many layers of defense. These solutions should be regularly
updated. This ensures the latest threat intelligence to stay ahead of emerging malware
variants.
Human error remains a significant factor in successful malware attacks. A full 88% of data
breaches are the result of human error.
Educate users about the risks of zero-click malware and promote good cybersecurity
practices. This is crucial. Encourage strong password management. As well as caution
when opening email attachments or clicking on unfamiliar links. Support regular training
on identifying phishing attempts.
Perform routine vulnerability assessments and security reviews. This
can help identify weaknesses in systems and applications. Weaknesses that enable an
exploit by zero-click malware. Address these vulnerabilities promptly through patching or
other remediation measures. These actions can significantly reduce the attack surface.
The more applications on a device, the more vulnerabilities it has. Many users download
apps then rarely use them. Yet they remain on their device, vulnerable to an attack. They
are also more likely to lack updates.
Have employees or your IT team remove unneeded apps on all company devices. This
will reduce the potential vulnerabilities to your network.
Be careful where you download apps. You should only download from official app stores.
Even when you do, check the reviews and comments. Malicious apps can sometimes slip
through the security controls before they’re discovered.
Zero-click malware continues to evolve and pose severe threats to individuals and
organizations. It is crucial to remain vigilant and take proactive steps to combat this
menace. Need help with a layered security solution?
Contact our team at IT Centre here to discuss your cybersecurity needs.
Article used with permission from The Technology Press.
Last month we shared an article about the benefits of investing in quality technology for your businesses growth. Read the full article here
In the past we’ve also talked about how you actually go about planning and budgeting for IT within your business, as well as some thoughts around purchasing hardware and leasing options.
Here we look at some examples of companies that have invested in quality technology, and the growth they have experienced, plus offer some tips for small businesses in New Zealand.
An example of investing in quality technology is local company Hortinvest.
Hortinvest is an Otago based company that develops and manages orchards which produce export-quality fruit, providing returns to those who have invested in the projects.
Over the years Hortinvest has invested in technology and constructed a leading-edge packhouse outfitted with the latest food-grade technologies.
All parts of the process are computer controlled or monitored from picking in the orchard right through to packing.
This has seen them become leaders in their industry.
Photo 2022 -Packhouse at Tarras
Ross Kirk oversees construction and fit-out of the high-tech Lindis Coolpac packhouse at Tarras.
Looking further afield, Tesla is a great example of a company that knew from the beginning how to use technology in business to stand out.
Tesla cars are highly innovative, eco-friendly, future-proof, and easy to maintain. The way that Tesla continues to achieve such good results is with continuous investment in effective technology.
For example, Tesla was one of the first car manufacturers in the world to introduce software updates over the air. All you need to do is to download a software update using Wi-Fi and launch the installation.
If you are a smaller business, investing in technology is a win-win solution. Starting off on the right foot means that you can create systems and processes that ultimately save money and increase efficiency.
Cybersecurity: Investing in good cybersecurity from the outset ensures that your business is secure against cyberattacks.
The right systems: Investing in good processes with accounting systems, HR systems, CRMs, and communication tools such as Teams makes your business run much more effectively.
Password Management Tools: Setting up passwords from the start saves time and money as well as enhancing security.
Email set up: Setting up email correctly from the beginning has been shown to save employees grief and companies a lot of time and energy.
IT Hardware: You can read our article here about things to look out for when buying IT hardware, as you can spend a lot of money on the wrong hardware.
Technology is evolving rapidly, and investing in good quality IT and technology will stand you in good stead to future proof your business. Not only that, it could give you an edge on your competitors.
If this all feels a little bit overwhelming, please feel free to reach out to us at IT Centre for a chat about your specific requirements.
IT Centre have looked after the Sidekick Wanaka office for many years, from way back when a couple of Wanaka likely lads owned the business that was then called Findlay and Co.
When Sidekick CA bought Findlay and Co they started hearing about the fantastic IT services being provided by the team at IT Centre.
Sidekick provide accounting and business services out of their network of eight offices throughout the South Island. They are a multi-Xero award winning practice and were the first Xero platinum partner in the world!
IT Centre had already set Sidekick Wanaka (then Findlay & Co.) up on Microsoft 365. It was decided to migrate all the other offices (except two) to a new group domain and tenant on MS365. However, as their then IT provider didn’t have the skills to do this they decided to manage it internally.
Before launching into this project, they wanted the security of knowing they had the backup of a team that had plenty of experience in this area. A team that could provide consistent, ongoing support for the whole group afterwards.
It was at this stage that Peter Humphrey, Director at Sidekick Wanaka, suggested they call IT Centre to see if we were interested in taking over support for the whole group.
Firstly, we onboarded them to our support systems, and migrated them over to our Managed Security Service (Eset Cloud Protect) and Managed Online Backup service for all of their MS 365 data.
How the Remote Support tools assisted:
Using our Remote Support tools, we were able to assist staff with issues arising from the migration, including OneDrive syncing and web browser profiles.
The fact IT Centre is based in Wanaka and Sidekick is spread across the South Island was not a problem.
The staff and management were so impressed with the smooth transition from the old system to the new and the ideas and suggestions we provided that they have now asked us to look at migrating the Wanaka and Christchurch office to the new MS365 tenant.
“ Sam, from IT Centre, has really impressed a lot of people throughout our group, with his knowledge and skill. There have been numerous internal chats about how beneficial the team has found moving to the IT Centre Wanaka, thanks!.”
Julie Copland – Group Operations Manager, Sidekick
If you are requiring similar support for your business, IT Centre would be happy to assist. Reach out to us here.
Monitoring is the practice of routinely monitoring all the components within an organization’s network to track, measure, and troubleshoot performance issues, failures, or deficiencies.
The advantage of automated monitoring software is that it speeds up the very time-consuming areas of network monitoring. These tools help uncover what might be overlooked with manual network monitoring.
Network monitoring continues to be crucial for businesses in order to be productive and avoid serious threats from network failures and server downtime.
When establishing your monitoring practices, you need to consider which reports you use as measurements. These are some common ones:
There are many involved reports that can be automatically generated by the monitoring software. The good thing about having all of this done automatically by your IT Alliance member is that anything outside of the parameters of normal will (mostly) be flagged immediately, and automatically fixed.
Failure to monitor in this modern way of working with remote users now becoming an everyday occurrence could cost your company in downtime as well as many other issues.
A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone.
Internationally well known companies such as Apple, Meta, Twitter, and Samsung have all disclosed cybersecurity attacks this year.
In the most recent quarter, CERT NZ responded to 2,001 incident reports about individuals and businesses from all over New Zealand.
In New Zealand Phishing and credential harvesting remains the most reported incident category (from CertNZ).
This graph shows the breakdown by incident category for the past quarter in New Zealand.
Australian telecoms company Optus – which has 9.7 million subscribers, suffered a “massive” data breach this year. According to reports, names, dates of birth, phone numbers, and email addresses may have been exposed, while a group of customers may have also had their physical addresses and documents like driving licenses and passport numbers accessed.
IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.
Data breaches happen mainly when hackers can exploit user behaviour or technology vulnerabilities.
The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.
Popular methods for executing malicious data breaches include:
Here are some key tips for mitigating risks to your business. If you require help with these, please reach out.
Data breaches cause business downtime and can cost your reputation and bottom line. Once you’ve had a data breach and it has been made public, your customers may lose faith in your ability to protect their private information.
A managed services provider can install protection and take precautions against data breaches. Contact our team here to discuss this further.
What should I be doing to secure my business?
One of the first things about Security is realizing that security is much more than stopping people “hacking in”.
It is fundamental to any business to have a business continuity plan (BCP). If you plan for a power outage what happens? Your IT systems will be down.
Can I use the same plan if an outage occurs to my IT systems and it’s not a power problem?
Security is the foundation of resilience.
The hardest part about security is getting started. Often, it’s on the “to do list” until it’s too late.
Hopefully you have already talked to your IT Alliance partner and had the security business continuity conversation.
If not “What should I do first” is a common question? Rather than recommend one single thing, the answer should be – “Have a plan”
So, what does your plan need to cover?
Look at your plan as being a holistic business continuity plan, that is a living document. Continually revisit, update, fire drill, and improve.
Many of the incidents we see disrupt business are due to poor Cyber hygiene not some advanced nation state hack.
Do the following to enhance your security:
Can my staff trust that the Cyber workplace is as safe and secure as possible? If it is, you will see productivity and creativity flourish, staff retention rises as well as the ability to recruit new staff.
“She’ll be right” – Is not a plan! “No surprises” is a plan.
For further advice, contact your local IT Alliance member to discuss creating a plan for your business.
By Paul Caldwell – Microsoft Security BDM
Given the recent spate of storm events, and the weather experts saying we’re going to get more in the future, now is the time to check your IT equipment is protected from weather events.
New research from NIWA (National Institute of Water and Atmospheric Research) has shown that extreme events have occurred four to five times more frequently in the last decade.
Many IT technicians had call-outs from clients after the recent storms. Thunderstorms can literally fry electronics, and this causes not just replacement cost, but also work disruption and even possibly data loss.
Our technicians carry surge protectors in their cars, so that whenever they are working, they can ensure that sensitive IT equipment is at least surge protected. But for clients we see less often, or who are not on a managed service agreement, it’s easy for IT devices to not be surge protected. Your staff, cleaners or others will sometimes move plugs about. Be aware that this does matter.
Now is a good time to have a look at your computer equipment. Feel free to ask us next time we are on site.
Surge protectors
A surge protector guards against the damage that sudden power surges can cause.
Things that people often forget to surge protect
UPS or Uninterruptible Power Supply
An uninterruptible power supply (UPS) is an electrical apparatus that provides emergency power when the mains power fails.
Unplug IT from the wall
Last thoughts
Thunderstorms and lightning are real threats to IT and can cause not just cost, but also disruptions to your business. Surge protectors can last for years and all your IT equipment should use them.
While surge protectors can last for years, it pays to keep a close eye on them and replace them if needed. Please feel free to reach out to our team at IT Centre to help you with this.
Nothing is more true than the fact that IT moves quickly these days!
Part of keeping up with IT, and the rapid changes is making sure that your business has the right equipment to do the task.
In this article we will be providing a few ideas for how to make a plan/budget for new or replacement equipment, as well as offering you some information on leasing.
Most businesses will have a budget for IT hardware and other goods and services that they need to operate.
Our advice is that if you have more than a handful of computers, you will benefit from forecasting and budgeting for IT expenditure.
Once your business is established, there is a very good chance that you will need to replace your IT equipment every few years. Such a good chance, in fact, that you can plan on it!
Drawing up an IT replacement schedule helps you plan well in advance, and helps ensure you have the funds when you need them.
This can be done in conjunction with our team here at IT Centre. If you don’t have a list already, we can assist you to do an audit of the IT equipment that you have, the date it was installed, and therefore when it is likely to need replacing based on its expected life.
This asset management plan needs to be revised every year for budgeting purposes.
We strongly suggest that you do this years in advance of when you actually require upgrades. It’s not hard to do.
This list can help you have a clear and actionable plan on existing equipment, when warranties expire, and the requirements for a staggered plan for new hardware.
Whilst many of our clients purchase outright as the overall cost is lower, leasing can be a good option for when you are starting out, if your business is expanding rapidly, or if cash flow is wrapped up in other parts of the business.
Leasing turns capital expenditure which has to be depreciated, into a monthly payment that is immediately expensed. It can also be an advantage in keeping assets off your balance sheet – speak with your accountant or advisor about this.
Obviously the disadvantage of leasing is that you are using someone else’s money and so they will need to charge you for that, as well as for their efforts! You could arrange your own finance and purchase, instead of leasing, in which case it pays to do your research on interest rates.
Upgrading your technology for modernisation and expansion and to get more reliable up-to-date technology is very important, as using outdated technology can cost money and time. Sometimes it is a case of weighing up your options here.
Using leasing options, your business may be able to move forward more quickly then it otherwise may have been able to, financed in a way that suits your budget or cash flow.
Whilst leasing is more costly than buying in the long run, one of the advantages is that you can establish predictable payment structures aligned to your needs, taking the stress out of an upfront payment.
This all means that you can get the technology you need with the budget you have today by utilizing IT leasing arrangements.
“When I became self-employed 20 years ago, I got my first laptop and setup via Flexirent, as it meant I didn’t need to spend the cash and then have the asset/depreciation. Instead, I kept the cash, and the entire cost was a relatively small monthly expense. So, sometimes, especially for new start-ups, it means you can save your cash for something you do need, or as a reserve. For more mature companies, taking a lease for gear, means that the cash can stay with you, which can help with liquidity.” Comment from ITA member.
These are just a few of the leasing options that some of our clients use. This is by no means conclusive, and we are not aligned with any of these companies. All of our advice is simply that, advice. Please make sure you do your own thorough research on this subject. Never before has the saying ‘read the small print’ been more applicable. We strongly advise that you speak with your financial advisor and or accountant about this.
Feefunders | |
From Fee Funders website: Your business receives 100% of the customer invoice paid upfront, whilst your customers enjoy the flexibility of monthly installments. Fee Funders manages the monthly customer’s payments by direct debit over three, six, nine or twelve months . Your business achieves upfront cash flow at no cost. Your clients pay a basic interest rate to achieve a spread of their outgoings. It’s like outsourcing a spread payment option for free! | A simple, hassle free approach to funding for your business and your clients.Your business has the money in the bank within three working days of the customers first direct debit, giving enhanced cash flow with no debtor management distractions. Staff can remain focused on core business activities. |
Flexicommercial | |
Flexicommercial offers your business flexible equipment finance solutions. The credit criteria for finance varies depending on whether you are an existing or new business and the required amount of finance. | Choose the equipment you need.Choose the type of lease that best suits your needs.Select the payment term to best suit your budget.Apply over the phone or through your supplier in store.Sign and return the paperwork for approval |
Of course these are just suggestions and all leasing arrangements should be thoroughly considered before being entered into.
Hint – Leasing companies will usually be quite happy to include IT engineer setup costs in the value of the lease. For larger or more complicated systems, this can be quite a substantial part of the project costs. This means you can also expense those costs as well.
We can help you to do an audit of your current equipment, and make a plan for future expenditure.
Something that makes this type of IT cash-flow of forecasting easier, is if you are on an MSP (managed service provider)plan. Being on a Managed Service agreement removes many of the fluctuations of IT budgeting as generally you pay a fixed monthly fee for IT support.
Please feel free to reach out to our team at the IT Centre to discuss this further.