Author: Becky

Understanding Least Privileged Access: A Critical Security Principle for Modern Businesses

Posted on July 27, 2023 by Becky - Blogs, Hot Topic

Understanding Least Privileged Access: A Critical Security Principle for Modern Businesses

Home » Archives for Becky

Written By

Becky Griffin

Publish Date

27/07/2023

Categories

Blogs Hot Topic

In today’s digital world, where data breaches and cyber attacks are on the rise, ensuring robust cybersecurity measures has become a paramount concern for businesses and individuals alike. One essential concept that plays a crucial role in securing sensitive information and safeguarding critical systems is “Least Privileged Access.”

In this article, we will delve into the meaning of least privileged access and its significance in maintaining a strong security posture for organisations.

What is Least Privileged Access?

Least Privileged Access (LPA), also known as the Principle of Least Privilege (POLP) or the Principle of Least Authority, is a security principle that advocates providing users, applications, or processes with only the minimum level of access required to perform their specific tasks and responsibilities. In simpler terms, it means granting individuals or software just enough permissions to carry out their job functions and nothing more.

The rationale behind this principle is to reduce the potential attack surface and limit the damage that malicious actors or errors can cause if a breach occurs. By adhering to the least privileged access approach, organisations can prevent unauthorised access, data leaks, and unauthorised modifications to critical systems, thereby bolstering their overall cyber security posture.

How Does Least Privileged Access Work?

Implementing least privileged access requires a thorough evaluation of user roles, access rights, and the data or resources they need to perform their duties. Here’s a step-by-step breakdown of how it works:

Identifying User Roles: The first step is to categorise users into specific roles based on their job functions and responsibilities. For instance, employees in human resources may require access to sensitive personnel data, while software developers may need access to the source code repository.
Defining Access Rights: Once user roles are identified, administrators must define the minimum level of access rights necessary for each role to fulfil their duties effectively. This involves analysing the data and resources that each role requires and granting access accordingly.
Implementing Access Controls: Access controls are enforced through security mechanisms like role-based access control (RBAC), access control lists (ACLs), and permissions management. These mechanisms ensure that users are restricted from accessing data or resources beyond what is necessary for their roles.
Regular Auditing and Monitoring: To maintain the effectiveness of the least privileged access approach, regular audits and monitoring are essential. This helps identify any discrepancies, unauthorised access attempts, or potential security breaches promptly.

Benefits of Least Privileged Access

Reduced Attack Surface: By limiting access rights, the potential attack surface for cybercriminals is significantly minimised, making it harder for them to find vulnerabilities and exploit weaknesses.
Enhanced Data Protection: LPA ensures that sensitive information is only accessible to those who genuinely require it, mitigating the risk of data breaches and leaks.
Improved Insider Threat Mitigation: Even if an insider account gets compromised, the damage is limited due to the principle of least privilege.
Compliance and Regulatory Requirements: Many industries have specific compliance standards that mandate the implementation of least privileged access as part of their data protection protocols.

As technology continues to evolve, organisations must remain vigilant in their commitment to upholding strong security practices. Embracing least privileged access should be viewed as an essential part of a comprehensive cybersecurity strategy, ensuring that critical systems and data remain safe from harm in an ever-changing threat landscape.

If you’d like to learn more about how Cobweb can help implement a least privileged access strategy, please get in touch.

Cobweb Connect – Cyber at The Etihad – Weds 12 July 2023

Posted on June 12, 2023 by Becky - Events & Webinars

12^th July 2023

08:30 - 15:15

Etihad Stadium

Ashton New Road, Manchester, M11 3FF

Speakers

Agenda

FAQs

Getting here

Meet our speakers

Sarah Armstrong-Smith

Chief Security Advisor Europe at Microsoft

Dr. Francis Gaffney

Senior Director, Mimecast Labs & Future Operations

Ronan McCurtin

VP Europe at Acronis

Javvad Malik

Lead Security Awareness Advocate at KnowBe4

Clare Satchwell

Managing Director at Cobweb

Agenda

08:30 - 09:30 | Registration & Breakfast

09:30 - 09:35

Welcome & Introduction

A welcome from our Managing Director, Clare Satchwell.

09:35 - 10:35

Incident Response & Crisis Management with Q&A

Join Chief Security Advisor Europe at Microsoft, Sarah Armstrong-Smith as she shares insights into effective incident response and crisis management

10:35 - 10:50 | Coffee Break

10:50 - 11:30

The State of Email Security in 2023

Join former government Head of Cyber Security expert, Dr. Francis Gaffney, now Senior Director, Mimecast Labs & Future Operations at Mimecast as he takes us through the current state of email threats.

11:30 - 12:00

Moving beyond Phishing

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, explains why every organisation should focus on the first line of defense - their employees - and the importance of building a corporate culture that encourages security awareness.

12:00 - 13:00 | Lunch Break

13:00 - 13:40

Are you Disaster Recovery ready?

Ronan McCurtin, VP Europe at Acronis, will be sharing his thoughts on why a disaster recovery plan is crucial for every business.

13:40 - 13:55 | Break

13:55 - 14:40 | Stadium Tour

14:40 | Prizes & Close

You don't want to miss

Learn

Hear from industry experts from Mimecast, Acronis and Microsoft to share their insights with you.

Connect

Meet with the experts, as well as other like-minded businesses and understand their approach to cyber security.

Explore

It's not all work! We’ve scheduled time for you to take a tour around the legendary Etihad Stadium.

FAQs

We’re bringing together best in class knowledge in the cyber security sector. Talks will be educational rather than sales orientated to help you get the most out of the day.

There will also be plenty of opportunities to talk to the cyber security experts during networking breaks.

Yes a great breakfast and lunch will be provided. Please let us know of any dietary requirements you have.

Yes – there are lots of spaces available – we’ll contact you closer to the date with the information you need to access the car park.

Places are limited so if your schedule changes and you can’t attend, please email hello@cobweb.com to free up your space for someone else.

Getting here

By Car

Use Ashton New Rd, Manchester M11 3FF for your Satnav. There's plenty of free parking available - but you must let us know if you plan to drive as we'll need to provide your reg number.

By Tram

Metrolink runs from the city centre including Manchester Piccadilly station to Etihad Campus stop and also connecting to Ashton. The journey time from Piccadilly is less than 10-minutes.

The Power of Managed Services – From Cost Savings to Increased Security

Posted on May 9, 2023 by Becky - Events & Webinars

Tuesday 6^th June 2023 | 10:00 - 10:45

Webinar Overview

With the IT industry facing complex challenges such as rising security threats and a global shortage of skilled professionals, an increasing number of businesses are seeking to entrust the management (or co-management) of their IT services to Managed Service Providers like Cobweb.

In our webinar, we'll explain:

Why organisations are choosing to hand over the responsibility of their IT to an MSP
Why our customers choose us as their provider of choice
The different services we can manage for you - and the benefits of us doing so for your organisation

If you'd like to learn more, please sign up via the form above.

Presenters

Juan Lyall

Commercial Manager

Oliver Moazzezi

Solutions Architect

Keir Nolan

Head of Managed Services

Cobweb Fundraising for ‘Do Something Marvellous Week’

Posted on May 9, 2023 by Becky - Company News

Cobweb fundraising for ‘Do Something Marvellous Week’

Home » Archives for Becky

Written By

Richard Meek

Publish Date

09/05/2023

Categories

Company News

Cobweb are proud to support Roald Dahl’s Marvellous Children’s Charity.

Cobweb is dedicated to supporting the Roald Dahl charity during Nurses Week (6th May – 12th May) through a series of events for the ‘Do Something Marvellous Week’. The primary goal is to raise the charity’s profile and donations towards their mission.

On Saturday 6th May, we participated in Fareham Parkrun to raise awareness and interact with runners before the start time at 9 am.

On Wednesday 10th May, we will host an office bake sale with staff preparing savoury and sweet treats to sell, with all proceeds going to the charity.

Finally, on Friday 12th May, we will undertake a charity walk from our office in Fareham to QA Hospital in Cosham and back, covering approximately 10 miles. At QA Hospital, we will meet with the Roald Dahl nurses to express our gratitude for their support.

Our efforts during Nurses Week aim to support the Roald Dahl charity’s vital work and to make a positive impact on the lives of children living with lifelong, complex conditions across the UK.

Why are we doing it:

Our Billing Manager, David Barnsley-Parsons has first-hand experience of the support that Roald Dahl Nurses provide after his daughter, Harriet was diagnosed with epilepsy.

“When Harriet was around 10 months old, we started to have concerns about her development. She was missing milestones and seemed to have plateaued in her development. After conversations with Community Paediatrics and several blood tests later, Harriet was diagnosed with a genetic disorder. The type of disorder she has is completely unique to her, caused by an unbalance in genes on chromosomes 9 and 10. Whilst very little is known about the extent to which this will affect her, the genes involved are linked to mild to moderate learning difficulties and global development delay.

As part of the investigation process into Harriet’s genetic disorder, an MRI scan of her brain was carried out and this highlighted several changes which we needed to be aware of. One of these made her more susceptible to developing epilepsy, however, it wasn’t until she was 2.5 years old when she had her first seizure.

Harriet’s seizures are prolonged (around 15-20 minutes each in length) so after her first episode we were given rescue medication to administer to her after 5 minutes of the seizure. Each time she has a seizure it involves an ambulance trip to hospital and monitoring to make sure she is recovering from the episode as expected and then a review of her medication dosage. She is very lethargic after a seizure and she will often then miss the next day’s activities.

When the diagnosis was made for Harriet, we did not know where to turn. There wasn’t a leaflet handed to us of people can help and support us through something we had no experience of. Harriet is now 4 and continues to have an irregular pattern of seizures. With the support of the Roald Dahl nurses, we have been able to manage her medication to reduce the severity of the seizures. They have been able to provide us with the information we need to spot the signs of a seizure and to help us be prepared.

As Harriet transitions to mainstream school, the nurses can be on hand to provide training to the school to help them prepare for caring for Harriet.”

The Roald Dahl Charity have said:

“This May, join us in a life-changing mission to raise 1 million pounds to provide vital specialist long-term care for over 1,000 children living with some of the most serious and complex conditions across the UK.

Roald Dahl Nurses currently support over 32,000 children living with lifelong, complex conditions across the UK. These children often have multiple health conditions, which require lifelong specialist care.

Specialist care from a Roald Dahl Nurse reduces A&E visits, hospital admissions, and consultant appointments. Roald Dahl Nurses work in hospitals across the UK and are a vital lifeline to the whole family, coordinating care, and providing access to professional emotional support.

Too many children with serious illnesses do not receive this vital specialist care. This stress places on these families is significant and relentless. That’s why we believe that every child living with a complex, lifelong condition deserves a Roald Dahl Nurse.”

If you’d like to support Cobweb during ‘Do Something Marvellous Week’, please donate to our Just Giving page!

Donate now

Microsoft 365 Workshop | Do More with Less

Posted on March 9, 2023 by Becky - Events & Webinars

Thursday 23_^rd March 2023 | 10:00 - 11:30

Workshop Overview

Many businesses are under-utilising the functionality of their Microsoft 365 package, and we want to empower you to get the most from your investment.

Join us for a live workshop delivered by a Microsoft accredited trainer, where we’ll demonstrate how Microsoft 365 can help solve key business challenges.

You'll learn how Microsoft 365:

Enables your teams to work more collaboratively
Secures your business with technology you can trust
Makes it easier to securely manage apps and devices

If you'd like to discover how you can get the most out of Microsoft 365, please sign up to the workshop via the form above.

FAQs

This workshop is designed for those who currently use Microsoft 365, but would like to learn about how to get more from the platform.

The workshop will take place virtually on Thursday 23 March 2023 at 10:00am and will last for an hour and a half.

Please ensure you have a laptop ready with access to your Microsoft 365 apps

Cobweb host second cyber security event

Posted on February 15, 2023 by Becky - Company News

Cobweb host second cyber security event

Home » Archives for Becky

Written By

Richard Meek

Publish Date

15/02/2023

Categories

Company News

Last week, we hosted Cobweb Connect, an in-person event that provided attendees with a better understanding of our solutions. The event, held at Premier League Football Club Southampton’s ground, focused on cybersecurity and was titled Cyber @ St Mary’s.

Our keynote speaker, Dr. Francis Gaffney, a former government advisor on security, shared insights on the tactics and psychology used by cybercriminals to compromise individuals and businesses.

David Tweedale from Mimecast introduced their latest gateway-less solution, which provides an easy entry point for businesses looking to add an extra layer of security.

We also had Cornel Heijkoop from Acronis, who talked about the importance of backing up data using Microsoft backup, company backup, and implementing a disaster recovery plan. James Grove, IT Director at Southampton FC, gave a fascinating insight into the importance of implementing multi-layered protections to minimize risk in elite sports teams.

Oli Moazezzi, one of Cobweb’s Solution’s Architects, talked about how businesses often fail to utilize the functionality they have within their Microsoft 365 packages and how a review of their tenant can uncover gaps in their setup.

Attendees then enjoyed lunch, which included a selection of artisan sandwiches and wraps. The sausage rolls were a particular hit with one impressed attendee, who called them “game changers.” Southampton legend Francis ‘Franny’ Benali also joined us for lunch, chatting with attendees and taking many selfies with them.

The day concluded with a tour of St Mary’s, which Franny Benali led. Attendees got insights into what it is like to be a professional football player and saw behind the scenes of the changing rooms. The event was a huge success, with great feedback received, networking between attendees, and positive conversations on how Cobweb can partner with businesses to review and improve their current security standing.

Keep an eye out for the next #CobwebConnect, coming soon!

How often will you be prompted for MFA in Microsoft 365?

Posted on February 14, 2023 by Becky - Blogs

How often will you be prompted for MFA in Microsoft 365?

Home » Archives for Becky

Written By

Richard Meek

Publish Date

14/02/2023

Categories

Blogs

Multi-factor authentication (MFA) is a security feature that adds an extra layer of protection to users’ accounts by requiring them to provide two or more forms of authentication before accessing their data. In Microsoft 365, MFA is a commonly used security feature, and it can be configured by the organisation’s IT administrator to meet their specific security requirements.

The frequency of which users are prompted for MFA in Microsoft 365 varies depending on the organisation’s settings, but typically, users are prompted when they:

Sign in to their account from a new device
Sign in to their device from a new location
Change a password
Swap between Office 365 accounts
Perform a sensitive action, such as accessing financial or legal information.

However, the frequency of prompts can be customised by the IT administrator based on their organisation’s security needs. For example, some businesses may require re-authentication for all sign-ins or after a specific period of time, such as every 30 days, while others may only prompt for MFA when there is suspicious activity detected.

If you have questions about multi-factor authentication or would like to find out more about implementing it within your business, get in touch with our team.

Rackspace Hosted Exchange ‘Security Incident’ leaves 1000’s of companies stranded

Posted on December 7, 2022 by Becky - Blogs

Rackspace Hosted Exchange ‘Security Incident’ leaves 1000’s of companies stranded

Home » Archives for Becky

Written By

Dan Raven

Publish Date

07/12/2022

Categories

Blogs

Early Saturday morning, Rackspace customers started complaining that they were unable to access their accounts.

Rackspace set up an incident response page stating ‘We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available’.

Rackspace then offered free access to – Microsoft 365 through an Exchange Plan 1 subscription, as the fastest way to restore service, and offered do-it-yourself instructions on how to migrate.

The Security Incident has now been confirmed as a ransomware attack and highlights not just the need for protection against cyber threats, but also the need to have disaster recovery solutions in place such as effective back-up.

Over two decades ago Cobweb led the development of Hosted Exchange as a product and since then have evolved into a Cloud Solution Provider. During this time we have completed the move of all our hosted customers along with numerous customers running on premise and 3^rd party solutions to pure cloud Microsoft Solutions.

Microsoft recognise that Cobweb has more experience than any other Microsoft Partner in migrations from Hosted Exchange to M365. In these challenging times for both supplier and customer, safeguarding users and data from external threats is paramount, and Microsoft 365 provides a secure platform to meet these needs.

If you are a looking for improved security solutions, or are looking to move to the cloud, we can help you migrate to the most appropriate products and services for your business, and ensure your environment is as secure as possible.

Utilising Microsoft 365 for identity and device management, Mimecast mail gateways and Acronis backup solutions, Cobweb can help you move to a resilient, secure, and modern platform ensuring your users, data and devices remain safe and secure at all times.

Please contact our team for more details on our product bundles as well as professional services.

Implementing an effective backup strategy

Posted on November 25, 2022 by Becky - Guides

What's inside?

Download our free guide to find out more about how you can implement an effective backup strategy for your business.

The importance of a backup strategy - Explore why the growing range of external threats are making it increasingly important for businesses to have a robust back up strategy.
10 steps to implementing your backup strategy - Read through our steps for what needs to be considered when planning your strategy.
Where to get started - There's a lot to consider when planning your cyber security strategy. Read through our guidance for how and where to get started.

Download a copy

A quick guide to password managers

Posted on November 22, 2022 by Becky - Blogs

A quick guide to Password Managers

Home » Archives for Becky

Written By

Richard Meek

Publish Date

22/11/2022

Categories

Blogs

We’re often told that the passwords to access our online accounts should be really strong, and not to use them anywhere else. This is especially true for the password for your email account. If you’ve used the same password across different accounts, cyber criminals only need one password to access all your accounts.

Always use a strong and separate password for your email; that is, a password that you don’t use for any of your other accounts, either at home or at work.

If you have re-used your email password across other accounts, change your email password as soon as possible. It should be strong and different to all your other accounts.

Ideally, you should use unique passwords for all your important online accounts (such as banking accounts, shopping/payment accounts and social media accounts), not just your email account. You should also provide additional protection by setting up 2-step verification (2SV) on your email account, which will prevent a criminal from accessing your email account even if they know your password.

Weak passwords can be cracked in seconds. The longer and more unusual your password is, the harder it is for a cyber criminal to crack.

The trouble is, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is hard.

This is where a password manager can help. A password manager can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).

In addition, many password managers are helpful because they can:

synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using
help spot fake websites, which will protect you from phishing attacks
let you know if you’re re-using the same password across different accounts
notify you if your password appears within a known data breach so you know if you need to change it
work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop

To find out more about LastPass, Cobweb’s Password Manager Solution, get in touch with the team today!

Understanding Least Privileged Access: A Critical Security Principle for Modern Businesses

Cobweb CONNECT Cyber at The Etihad

Meet our speakers

Sarah Armstrong-Smith

Dr. Francis Gaffney

Ronan McCurtin

Javvad Malik

Clare Satchwell

Agenda

You don't want to miss

FAQs

Getting here

The Power of Managed Services – From Cost Savings to Increased Security

Webinar Overview

Presenters

Juan Lyall

Commercial Manager

Oliver Moazzezi

Solutions Architect

Keir Nolan

Head of Managed Services

Cobweb fundraising for ‘Do Something Marvellous Week’

Do More with Less – Microsoft 365 Workshop

Workshop Overview

Cobweb host second cyber security event

How often will you be prompted for MFA in Microsoft 365?

Rackspace Hosted Exchange ‘Security Incident’ leaves 1000’s of companies stranded

Implementing an effective Backup Strategy

What's inside?

A quick guide to Password Managers

Recent Posts

Recent Comments