Network Audit

TwentyFour IT

Optimise your IT infrastructure with a comprehensive network assessment. Network performance can fluctuate and there can be untraceable threats lurking on your network.

We perform network audits to expose potential weaknesses and identify any areas for concern. You will receive a fully detailed report, highlighting the status of your network and identify what measures should be taken to secure and safeguard your network and the data stored. We deliver the same, consistent results regardless of your company size and location.

What Your Audit Will Cover

Security is a key priority of ours on an audit. Flaws in your security can be overlooked. Particularly if you don’t understand the potential risks.

Any major threats which are identified will be isolated where possible. You will then be advised by an experienced engineer exactly what steps need to be taken. We will then make further recommendations with regards to your security. This will include things such as  your server, hardware upgrades, operating system upgrades, data storage, backups, disaster recovery, WIFI, communications etc.

Should there be any existing security measures already in place, our engineers will test them to determine the robustness and level of response to varying modern day cyber threats. This will include any potential or harmful threats that can arise because of a lack of user education.

Are you confident that your data passes securely over your network?

Cyber criminals love to exploit weaknesses on a business’ network infrastructure. They wreak havoc on network devices. Once your network has become compromised, it is imperative that your data is stored and protected.

Once thieves have your data they will stop at nothing to use your sensitive information for their own personal benefit.

  • We will help you assess just how secure your data is?
  • Where it is stored?
  • What backups are taken and how?
  • What administrative rights users must have access to sensitive data?

An audit is conducted by one of our highly experienced third line engineers. They have the knowledge and insight to best advise you on the right course of action. They will produce a report which will clearly explain how your network is performing and what necessary steps need be taken.

As the audit is conducted on your site premises, sometimes the report will be sent through to you a day or two later to ensure that all the areas of your network have been thoroughly addressed and reported on This is to give you a clear overview and status of the network. The final audit report will be presented to you, along with our expert’s findings and recommendations in an easy to understand PDF document, which can be presented to any decision makers for review.

Since the introduction of the GDPR, it is your responsibility as a business to ensure your employees’ and your customers’ data is stored and shared in line with the regulations. If you are not meeting these requirements, your organisation could face a very hefty fine and risk the loss of reputation.

We can review your current procedures to ensure you are GDPR compliant.

  • Review your current procedures
  • Conduct a risk assessment
  • Assistance with policies and procedures
  • Ensure you understand how to keep your company compliant

Does your IT support fry your Brain?

We understand that it can be daunting, but we are here to help.

Latest News

TwentyFour IT

How to Check If Your Email Account Has Been Breached

It’s hard to find someone who hasn’t had their email account hacked at some point. Many people believe they aren’t a target for being hacked as they don’t hold valuable information. This is incorrect and everyone can hold information which can expose threats to an organisation.“Cybercrime is the greatest threat to every company in the world.” (Ginni Rometty, Chairman, President and CEO, IBM)

One of the most common ways cyber crimes happens is through your email account. In this article we will give you a breakdown of how an email account is breached. We will also discuss what measures you can take to ensure you are following the best practices to protect your accounts.

How?

Let’s start with how an attacker could have gained access to your account. We are seeing more frequent incidents where users are been targeted by email phishing. This is essentially someone sending you an email to try gain information out of you. This can be as simple as them using your email layout/signature to target your clients or even members of your staff.

Another way is with emails containing links. This can be in the form of a PDF attachment on the email or there could be a link directly within the content. When you click on this link you will be prompted with a login page that is a replicate of the website/business they are impersonating. If you enter any information on this page e.g. email address /password, the attacker will now have gained access to your information. They will now be able to login into your email account.

Why?

There are constantly new techniques being developed against stopping these attacks from happening. However as fast as these are being developed and implemented attackers are quickly coming up with new ways to target people or companies. Unfortunately for the team fighting back against them, this method is very difficult. This is because people often receive many emails containing several links in them. It would require training our software to examine each link on an individual basis to decide whether it’s an authentic or corrupt link.

In the past attacker’s have gained access to mailboxes by sending out a mass spam email to all your contacts. As more people have becoming aware of generic spam email, the attackers are developing new tactics which are more inventive and methodical.  One method they are undertaking is, that once they have gained access to your account they will then spy on your account in order find out as much information as possible this will include…

  • Gathering intelligence about you
  • What you do
  • Who you talk to
  • Your position in the company
  • How you word your emails.

They may also put a forward on your account. This will then forward any emails you receive to an email account they control.  By doing this the attacker doesn’t have to stay logged into your account and the forward will remain even if you change your password.

Once they have gathered the information they require from you, they may decide that you’re not a target worthwhile. Nevertheless, they may use the information they have gathered to target someone higher up in your organisation like an accountant. Just think about what an attacker could do with access to your accountant’s mailbox. Your invoices, your customers invoices or possibly your bank details.

By using this information, an invoice can be created that looks identical to your organisations. The only change will be that somewhere in it will have or include something about “we have updated our bank details”. This can then be sent to one of your clients from the email addresses they have gained access to.

As most businesses have a good relationship with there clients and have gained a shared trust from them. Clients will pay this to the details they have received as they recognise and do business with you.

Okay, How Do I Check?

If you are using Outlook, under the Home tab you should have an option to manage your inbox rules.

Where to find Manage Rules in Outlook

This will then open a box that displays all the rules you currently have on your mailbox. Most people will have rules set in place to move emails from X folder over to Y folder.

Once here you will need to look for is any rules that forward or redirect emails. The only way to check this is to check each rule individually as they could have named the rule to something which you would suspect as not being legit.

When checking the rules in place, look for anything that contains the words “forward” or “redirect”. Pay very close attention these.

If you do have a rule that is forwarding/redirecting emails to an unknown email address this is a very strong indicator that someone has had access to your account at some point in time and they may still be monitoring your emails.

There is also a seconded type of forwarding. However, this is something which would need to be performed by your IT department. This is a quick test which usually takes couple of minutes to perform. This check is very advisable and highly recommend.

It may not be realistic to perform the above task if your have a lot of users within your organisation. You may also not feel confident with users checking this themselves. If so, you can ask your IT to check. This will involve taking all the rules people have set up and checking for works such as ‘forward’ and ‘redirect’.

My Account Is Clean, How Do I Secure Myself?

If you are using an Office365 licence which is Business Premium or above (this does not include Exchange Online Plan 1) then you can ask IT to setup multi factor authentication on your account.

With this method installed on your account if anyone manages to figure out the password, they would also need the code that is texted to your mobile phone to login to your account and access your data. So, unless the attacker also has your phone. Your safe.

What Else Can be Done?

IT can also put something in place to detect auto forwarding of emails and notify and/or block if one has been detected. This would be an early warning of a potential breach.

Summary

Putting these practises into place can help protect your email account from becoming compromised. There are still ways in which cybercriminals can access your information but by following these practises you are reducing the risk of expose your business to these types of threats.

TwentyFour IT

If you would like more information on the different security services we offer to keep your business secure click here.

Or if you would like to speak with our team, please get in touch with us here.

Sign up to our Newsletter

TwentyFour IT

(We do not share your data with anybody, and only use it for its intended purpose)