Advanced Protection for Your Users and Devices

Cyber threats have changed and are evolving rapidly. Many modern attacks no longer rely on traditional malware. Instead, they target user accounts, exploit trusted access, and operate in ways that can bypass standard antivirus solutions entirely. At Cortec IT, we’re continually reviewing how we protect our clients. As part of that, we’re introducing two advanced security services designed to strengthen both device and identity protection.

Introducing Our Latest Security Enhancements

Powered by Huntress

• These services are delivered through Huntress, a leading security platform backed by a 24/7 Security Operations Centre (SOC).
• Their team actively monitor, investigates, and responds to potential threats in real time, providing an additional layer of protection beyond traditional tools.
• Huntress also delivers industry-leading response times, typically responding within minutes to confirmed threats, helping to stop incidents before they escalate.

What Are the New Services?

Identity Threat Detection & Response (ITDR)

ITDR focuses on protecting your Microsoft 365 accounts and user identities.

Today’s attackers often target login credentials or session tokens rather than devices themselves. This allows them to gain access without triggering traditional security alerts.

ITDR helps to:

• Detect suspicious or unusual login activity
• Identify signs of account compromise
• Respond quickly to prevent unauthorised access

This is particularly important as identity-based attacks continue to rise.

Managed Detection & Response (MDR)

MDR enhances protection across your devices, including PCs, laptops, and servers.

Unlike traditional antivirus, MDR monitors behaviour and fileless activity in real time, allowing it to detect advanced threats that don’t rely on known malware.

With MDR in place:

• Suspicious activity is identified early
• Threats can be investigated and contained quickly
• Devices can be isolated if needed to prevent spread

Why This Matters

Traditional security tools are no longer enough on their own.

Modern attacks are:

• More sophisticated
• Harder to detect
• Often focused on user accounts rather than devices

By combining identity and endpoint protection with 24/7 monitoring, these services provide a much stronger security posture, helping to reduce the risk of downtime, data breaches, and financial impact.

Who Are These Services For?

These services are particularly valuable for organisations that:

• Rely on Microsoft 365 for email and collaboration
• Handle sensitive data
• Want greater visibility and faster response to potential threats
• Don’t have access to a dedicated in-house security team

Try It for Yourself

For our existing IT support clients, we’re offering the opportunity to trial these services and see the protection in action within your own environment. We highly recommend these services as part of a modern security approach built to detect, respond to, and stop threats in real time.

If you’re an existing client, get in touch with us today to arrange your free trial.

Want to Learn More?

If you’re not currently a Cortec IT client but would like to learn more about how we can support your business, feel free to contact our team. We’ll be happy to discuss your requirements and how we can help strengthen your security. Providing expert IT Support and Managed IT Services across Kent, London, and the South East. For regular updates, please follow us on LinkedIn.

Ransomware and Encryption Viruses 

 

We would like to reiterate that all users must be very careful when clicking any form of link be it a link to an unknown website or an attachment embedded within an email. If the sender is unknown or you feel that the email is not actually from the stated sender, it is always better to ignore the email than risk opening it.
Fake emails or emails containing fake links & attachments are routinely used to gain access to small business accounts or banking information. Anti-virus and Anti-spam tools will stop most of these but users still have a vital role to play.

 

Key information on Ransomware/Viruses

 

By now you will probably be aware of the term ransomware, but in short it is a type of malware that will attack your computer, locking you out and displaying a message that demands you take a certain action, almost always involving some form of forced payment before your computer can be returned to its normal state.
Following on from this you may have heard of a type of ransomware known as an Encrypto or Encryption virus. This is an extremely intrusive and potentially costly piece of malware that will in addition to locking you out of your computer, set a fixed time that you have to unlock it.
After a computer or server has been infected with the virus, a message will come up on your screen stating that your files have been encrypted and a warning saying that if you do not send a specified amount of money within a fixed amount of time, all of your information and user data will be lost indefinitely.

So how does the Encrypto virus spread? 

It is typically distributed via email, the hackers hide strings of code containing the Encrypto virus within an attachment that for example may look like a normal PDF but in reality is an executable file.
If you or a colleague opens the fake PDF, the virus is given access to your PC and all of your files. It will then start encrypting the files on your computer and begin telling you that the only way you can get the key to decrypt all of your files on your PC is to pay them before time runs out.

 

Two new types of Matrix Ransomware.

 

Recently two new aggressive forms of Matrix Ransomware variants have been discovered that are being installed via hacked/intercepted Remote Desktop services. While both of these variants will encrypt your computer’s files, one is a more advanced and makes use of cipher strings to wipe free space on the infected systems.
This form of ransomware is being sent to victims from the attackers who are brute forcing their way through the passwords of Remote Desktop services connected directly to the Internet. Once the attacker has gained access to a computer, they will then upload the ransomware installer and execute it via the remote connection.

Basic info about the two viruses and what they do to an infected machine:

• Installed over hacked Remote desktop tools.

• They encrypt unmapped network shares.

• Displays a status window while encrypting data.

• Clears all shadow volumes and copies on the machine.

• Encrypts all of the machines filenames.

• Uses ciphers to wipe free space on the machines.

 

Due to the fact the Matrix Ransomware is installed via hacked Remote Desktop services, it is extremely important to ensure that all access is locked down correctly. This includes making sure that computers running remote desktop services are not connected directly to the Internet, instead placed behind secure VPNs or remote desktop gateways that are secured with an active SSL.

 

How can all of this be prevented?

 

Unfortunately, there is no way to 100% prevent these types of attacks, our recommendations to help safe guard you are:
Make sure that all staff are vigilant when it comes to emails from senders that you don’t know, especially those of which that contain files.

Enabling file extensions within Windows is done so that you can easily recognise this type of attack by the file name containing .exe, .cmd or .bat instead of the standard .docx, .docs or .pdf.

Lock down remote desktop access. We have been actively locking down RDP to known ip addresses and helping to ensure that computers on your servers are placed behind VPNs or remote desktop gateways secured with SSL.

Have up to date Anti-virus and Anti-spam filters. Cortec recommends the use of ESET, which is a record-breaking antivirus and antispyware protection software. We also recommend the use of Email Filtering, using advanced predictive analytics giving the reassurance that the software will identify malicious sources before they can attack, keeping your email and IT systems safe. Feel free to get in touch to find out what we can offer you.

Having regular and secure backups of critical data. We’d like to remind you of the importance of having a backup system in place for your critical files. This will help mitigate the damage caused not only by malware infections, but hardware problems or any other incidents as well. Cortec offer a range of offsite backups and cloud services that we are happy to talk to you about.
Don’t give them money. If you are unfortunately infected by a ransomware virus and do not have a backup of your files, we would always recommend that you DO NOT pay the ransom.

Upgrade operating system. To safeguard against ransomware and encryption viruses, it’s crucial to upgrade operating system such as Windows promptly when Microsoft announces the end of life for a version, ensuring your system remains secure and supported.

We say this because it makes malware attacks like the aforementioned into a highly profitable process, not to mention the chance that you will not even receive an encryption key.

Regular backups, system updates, and employee awareness are crucial in preventing attacks. Partnering with a trusted provider like Cortec IT Business IT Support Kent ensures your business has professional IT support to implement these measures effectively.

We hope you found this page helpful. Please visit the “About Us” page to learn more about our team.
Additionally, if you’d like to stay up-to-date, please follow us on social media.

Password Security – Take action now!

 

You may have noticed some discussion in the news recently that several MPs have been sharing their login details with their staff as a matter of course. This brought a lot of criticism from security professionals and the ICO (Information Commissioner’s Office), who have now reminded MPs of their duties under the Data Protection Laws. The existing data protection laws and the new GDPR states that you have a duty of care over any personal data held within your systems. This potentially opens up companies to fines if these duties are not treated seriously or breached without pre-emptive measures.

Username and password combinations are the primary methods used for authenticating users, allowing them access to data and mailboxes. We’re seeing increased amount of attacks on networks where criminals try guessing usernames and passwords, with the intention being to either steal data or more often install a virus to encrypt files and then blackmail companies.

The Basics

 

At a basic level, you shouldn’t share your password with anyone, this includes members of staff and colleagues. A crucial part of our staff contracts is that breaking this could lead to potential disciplinary action. If you need a team to access your emails or documents, it’s always better to set up permissions correctly rather than giving out your password; we can help.
We recommend that you pick a good password that is as complex as you can remember but, more importantly, of sufficient length. We recommend setting a password of at least eight characters comprising two words, some numbers and special symbols ($,@,#, etc.).

 

Click here to generate some examples of strong passwords, as mentioned above. Use a different password for your work account and other places. If someone manages to get hold of your Facebook password, you don’t want them to have access to your work email. An example is a website that you frequent has a security breach leading to all registered email addresses and passwords being stolen; the criminals could then use the email address to look up the users’ mailboxes and try the same passwords across multiple platforms. They could for example use the compromised email and password to gain access to and do some online shopping.

Two Factor Authentication

 

Two-factor authentication, or 2FA, adds a layer to your primary login. Without 2FA, you can enter your username and password to gain access to an account. A password is a form of single-factor authentication. The second factor is in place to help make your account less prone to forced entry.  The three main types of multi-factor authentication:

 

• Something unique that you will remember, such as a personal identification number (PIN), a pattern or a password.
• Something you have on you: This will be a fob or phone that randomly generates an authentication code every 30 to 60 seconds.
• You, a modern form of multi-factor authentication can be a facial recognition scanner,  a fingerprint scanner or a voice print system.

Regularly updating passwords, using multi-factor authentication, and monitoring accounts can significantly reduce security risks. Partnering with a trusted provider like Cortec IT Business IT Support in Kent ensures your business has expert IT support to implement these measures effectively.

Please get in touch with our experienced IT support team for any Cyber Security service in Dartford, Kent, South East England. Similarly, you can explore our social media for news, views and reviews.

Director Fraud Follow-Up

 

We want to reiterate that all users must be cautious when clicking any link, be it a link to an unknown website or an attachment embedded within an email. If the sender is unknown or you feel that the email is not from the stated sender, verifying its legitimacy before interacting with it is better.

 

Spoofed emails or emails containing fake links & attachments are routinely used to gain access to business accounts and gather personal, business and banking information. Anti-virus and Anti-spam tools will help block a large majority of these, but they can sometimes slip through the cracks, leaving it up to you to spot anything suspicious before it’s too late.

 

Director Fraud & Online Security

 

Suppose you receive an email that you feel could be fraudulent or malicious. In that case, it’s always best to tread carefully and check with the sender before giving over any passwords or information that cyber criminals could use.

Director Fraud

 

Lately, we have seen a significant increase in spoof emails from cyber criminals claiming to be company directors, accountants and managers, targeting staff members to gain access to systems & information. Many emails get the victim to buy gift cards or a similar purchase.

The fraudster will register domains designed to be highly similar to a targeted company and data farm information from public records such as a Companies House or LinkedIn to find company directors’ names and information so they can set up fake email accounts in their names.

So using our domain as an example, “@cortecit.co.uk”, they may set up “@coretecit.co.uk” to trick users.

 

Most common types of scam emails:

 

• Someone will pose as a boss or director of a company, instructing a staff member to send them money or provide information. This is often in the form of buying gift cards or vouchers.
• We have seen them pose as an IT company/department of a bank, saying they will need to make a series of test transfers.
• Will pose as a supplier claiming you have unpaid invoices with a link used to farm information from you, install malware or get you to send them money.

The display name will be correct in these instances, but the email address must be genuine. This may only show up in some email clients, such as mobile phones.

How to ensure you’re protected

 

Our top recommendations:

 

• Ensure all members of staff are aware of this kind of fraud / spoofing.
• Have a procedure in place that allows all members of staff to properly verify contact from Managers and Directors.
• You should have a two-step authentication procedure in place before any monetary  transactions are made, this could be as little as a pin/phrase sent in the email, all the way up to verbal confirmation of a transaction either in person or over the phone.
• Always review any form of financial transactions for errors and changes, such as a misspelt company name or email address, changes in bank details, etc.
• Work out and consider what information about your company is publicly available and whether it needs to be public, places you should check include: Companies House, social media platforms and company websites.
• Ensure that all computer systems are secure and that antivirus/antispam software is up to date and installed where appropriate.

Microsoft Defender For Office 365

 

User impersonation protection is a security feature provided by Microsoft Defender for Office 365 that helps protect users from phishing attacks. Phishing attacks are attempts by cybercriminals to trick users into sharing sensitive information, such as login credentials, by posing as a legitimate entity or person.

With user impersonation protection, Microsoft Defender for Office 365 uses machine learning models to analyse incoming emails and detect signs of phishing attempts. These models identify emails that attempt to impersonate a user or a trusted entity, such as a company or a brand, and mark them as suspicious or block them outright.

User impersonation protection works by comparing the sender’s display name, email address, and other attributes to known information about the user or entity they claim to be. If there is a mismatch, the email is flagged as suspicious.

Additionally, Microsoft Defender for Office 365 can also learn from user feedback. If a user marks an email as phishing or not phishing, the system can use that feedback to improve its detection accuracy.

In summary, user impersonation protection is a crucial security feature that helps protect users from phishing attacks by identifying and blocking suspicious emails that attempt to impersonate a user or a trusted entity.

 

If you have any questions, contact us, you can talk to us about possible ways to improve your security and help put measures in place to reduce the chance of successful fraudulent attacks. Similarly, you can leave us message via our social media as well.

Common cyber threats and how to help prevent them in the UK

 

Cyber threats are a serious concern in today’s digital world, and we must all take steps to protect ourselves from potential harm. Here are some common cyber threats that you need to be aware of and how you can prevent them:

 

Malware Attacks

 

Malware is like a virus that can cause harm to your computer or network. Be careful when downloading attachments or clicking links from unknown sources to prevent malware infections. Keep your antivirus software up to date and scan your computer regularly for any malware or viruses.

 

Phishing Scams

Phishing scams are attempts to steal sensitive Information, such as passwords or credit card numbers. To avoid these scams, please be careful of unsolicited requests for personal Information and never click on links from unknown sources. Use anti-phishing software to detect and prevent these types of scams.

 

Ransomware

Ransomware is a specific type of malware that can lock you out of your system or encrypt your files, demanding a ransom in exchange for the decryption key. Be careful when opening emails or clicking links from unknown sources to prevent ransomware attacks. Keep your software updated with the latest security patches, and back up your important files regularly.

 

Social Engineering

 

Social engineering attacks involve tricking you into giving away sensitive Information, such as passwords or credit card numbers. To prevent social engineering attacks, be cautious when responding to requests for personal Information, verify the identity of the person or organisation making the request, and use two-factor authentication to protect your accounts.

 

Identity Fraud (CEO/Accounts/Director fraud)

 

Cybercriminals can use stolen or false personal Information to impersonate someone and gain access to sensitive Information or resources, damaging businesses and individuals. To prevent identity/director fraud, keeping your personal Information secure and limiting access to sensitive data is essential. Companies should implement robust identity verification procedures and monitor accounts and transactions for suspicious activity.

Regular system updates, staff training, and professional monitoring can significantly reduce cyber risks. Partnering with a trusted provider like Cortec IT’s IT Support Kent ensures your business has continuous protection and expert guidance.

What to do if you suspect you are a cybercrime victim?

 

If you suspect that your computer or personal Information has been compromised, act quickly to minimise the damage. Here are some steps you can take if you have been compromised:

• Disconnect from the internet
• Change your passwords
• Notify your bank and credit card companies
• Update your software
• Scan your computer for malware
• Monitor your accounts
• Seek professional help

In conclusion, cyber threats are a serious issue we must be aware of. By taking the necessary precautions, being vigilant, and following the steps above, you can help protect yourself and your business from potential harm. However, please contact our experienced IT support team for any cybersecurity services in Dartford, Kent, or the South East England region. Similarly, you can explore our social media for news, views and reviews on Common cyber threats and how to help prevent them.

How to Spot Junk / Mail

We get hundreds of reports each month of spam emails and potential malicious emails being sent to company staff members. So, we though it might be a good idea to put together a guide on ways that you can spot if an email is legitimate.

How to spot spam, phishing & malicious emails

 

When receiving emails from potential clients and leads (users who are not regular correspondents), you will need to take further steps to determine whether the email is a legitimate enquiry.

 

1. Who sent the email & were you expecting it?

 

The first thing that everyone looks at when they get an email is who it has been sent from. More often than not this provides instant feedback on an emails legitimacy. You should have an idea of the names and email addresses of people that you work with and often correspond with, so when an email comes in from an unknown sender it is always best to verify its integrity before responding to it.

Check who has sent the email, if you press a reply button always take a look at the return path / who you will be responding to. Does this match up to the content of the email? Does this email look to be a genuine enquiry? And finally does the email address match up to any previous enquiries?

One further trick you can do is look up the users email address online to check if it has been flagged anywhere online for spam.

Another thing you can do is see if the email address matches up to a company’s website. For example, if you were to lookup: sales@cortecit.co.uk, you would find our website and verify that the domain used in the email matches that of our website.

 

When receiving emails from potential clients and leads (users who are not regular correspondents), you will need to take further steps to determine whether the email is a legitimate enquiry.

2. What is the subject line?

The second thing that we all do when examining an email is check the subject line. Spammers & online fraudsters will try their very best to make their emails look legitimate but at the same time want to draw your attention.

A lot of the time they will use eye-catching headings like “Limited Time”, “Important”, “Urgent” and other such hyperbolic titles. You will also see multiple prompting headings such as “Immediate Action”, “Required”, “Take Steps Now” or “Verify Now”.

Also be wary of any emails that do not contain any headings, since it may either be spam or a genuinely important letter that was sent in haste.

3. Grammar and tone of the email.

Examine its content. Firstly, if an email addresses you as “Sir/Madam”, “Colleague”, “Company Name”, “Department” or anything that is vague and seems abnormal, you can instantly question if it was sent from a legitimate source.

Secondly, check for consistent bad spelling, poor/incorrect grammar and blatant red flags in regard to tone and sentence structure. We are all prone this here and there, but if this is consistent across an entire email chain it can be a sign of spam mail. This point is situational, depending on target audience of your business, reach of your company and many other factors, however, if this is flagged along with other points raised it could be used as evidence of illegitimacy.

4. Purpose of the email.

Why has this individual sent you the email? As mentioned previously are you being prompted to “Take Action”, send funds or complete a task that is not normal?

When requested to send funds or make a payment, it sounds obvious, but you should always take extreme care to ensure you are not being targeted:

• Verify that the payment is legitimate with any relevant staff members.
• Implement verbal confirmations when transferring money internally between accounts.
• Verify that the location of the payment is correct and legitimate.
• Make sure you do not give out any billing information to con-artists.

When prompted to “Take Action”, “Urgent” and other such prompts:

• Is this a service that you use?
• Search online to verify that the task they are asking you to complete is real.
• Has this been sent to other users, and has it been flagged online as a phishing email?
• Is the email trying to get you to click a dodgy link?

5. Links and attachments.

Within the email that you are analysing have you been asked at any point to click on a link or button to complete a certain action? If so the first thing before clicking on a link is to check the destination that you are being taken to.

There are a few ways to check this:

• If you are using a laptop/pc/mac, you are able to hover over the link with you cursor and in the bottom left of most browsers and mail systems you will see where the link is taking you. Depending on what device/system you may even get a preview box popup over the link with the address.
• The second option is to right click and “copy hyperlink” / “copy link address”. You can then paste the link into a text area, such as notepad, Microsoft word or any other text areas without having to click/open the link.

Does the link look suspicious? If the link for any reason feels malicious then it is best to do further research before clicking on it. The only definitive way to ensure that a link is legitimate is to ask the user that has sent and verify that it’s a genuine enquiry. If it has been sent from an unknown sender, then the best course of action is to simply not click it.

The same advice all applies to files and attachments within an email, if you are not expecting an attachment from the sender, then its best to verify its legitimacy before attempting to open it.

6. Check the email chain for any dates.

Dates and timestamps contained within an email can often provide a clue to an email’s legitimacy and takes seconds to check. If you receive an email containing dates that are abnormal (distant past or forward dated), it is likely that the email is not genuine.

7. If it looks dodgy it probably is.

It is always best practice to be cautious when opening any email regardless of who it is sent from. If an email even looks slightly illegitimate, it is best to follow the previous 6 steps before opening any links or attachments.

You should never open an attachment unless you know who sent it to you, why they have sent it to you and what its purpose is.

It is possible to receive an email from a colleague that is illegitimate, to find out more on this please read our 2 previous post on email spoofing, director fraud/online security and Phishing.

Spam Spoofed Emails – Malicious 

 

We have seen an increase in the amount of malicious emails being received by clients, in which the sender claims to have hacked your email account and placed malicious software on your PC to steal your personal information.

These emails can be fairly convincing, often containing an old password of yours that has been compromised in a data-breach and will use email spoofing to make it appear as though it has been sent from your own email account.

This is almost certainly not the case and is a scare tactic used to convince people into sending them large sums of money.

 

“How do they have my password?”

 

With so many different passwords to remember across all of the online services that we rely on daily, many people slip into bad habits and use similar, if not the same password for multiple platforms.

Over the last few years there have been many large-scale data breaches, that have leaked a wide variety of personal information ranging from usernames and passwords to home addresses and dates of birth. Once obtained this information will either be illegally sold or leaked to the masses online via message boards or paste bin sites.

 

“Has my data been compromised?”

 

Prior to the GDPR regulations it was not required for a data processor to notify affected users of a data breach and as such a large majority of the people were and still are unaware that their information has been compromised. The most effective way to find out if you have been affected by a data breach is to use a site called haveibeenpwned, simply pop your email address into the homepage to see if your email is attached to any known data breaches. You can also use this site to check how many times your password has featured in a data breach, this does not necessarily mean you have been affected but can be used as a measurement of password strength and security.

Spoofed emails & Common scams

 

We have seen many different examples of online scams and spam mail. One of the more common ways cyber criminals trick people into paying them is by purchasing domains similar to those used by businesses and then setting up email accounts of employees, usually using information sourced from LinkedIn and company websites.

Recently we had received a report from a company’s accounts department that had been targeted. The scammers had got hold of a domain similar to theirs but with a “1” instead of an “I” in it. They had created an email account mirroring that of the managing director, copying everything including his email signature and email formatting. They had managed to get hold of an old email chain and sent a request for a bank transfer from the company bank account.

Best practice to avoid being caught out by these types of scam is to verify payments made with an authoriser or even the person that has made the request verbally before actioning any transfers. Having a set procedure in place for handling transaction and any deviations from this could be a flag for suspicion.

“I’ve been compromised what do I do?”

DO NOT give them any money.

If you pay the ransom you are effectively making this method of scamming profitable, encouraging these individuals to continue phishing/scamming.

 

DO NOT respond to the email.

With the nature of this attack/scam, the senders rely on the likelihood that a small amount of the recipients will respond out of the batch of millions.

 

Change your passwords attached to the account.

More information on how to create a secure password can be found here.

 

Delete the email.

The best thing to do with emails like this are permanently delete them from your inbox.

 

Consider setting up 2FA (2 factor authentication).

 

More information on 2FA and password security can be found here.

 

Purchase spam filtering tools.

 

This will not completely stop these types of emails; however, it will significantly reduce the number of them that you receive and filter out any malicious emails of other natures, such as Phishing and Ransomware.

Please contact our experienced IT support team for any Cyber Security service in Dartford, Kent, South East England. Similarly, you can explore our social media for news, views, and reviews.

Director Fraud and Online Security

We would like to reiterate that all users must be very careful when clicking any form of link be it a link to an unknown website or an attachment embedded within an email. If the sender is unknown or you feel that the email is not actually from the stated sender, it is better to ignore the email than risk opening it.

Fake emails or emails containing fake links & attachments are routinely used to gain access to small business accounts or banking information. Anti-virus and Anti-spam will stop most, but users also have a vital role to play. One example we frequently see is that a suspect email will contain a web link that will ask for your email password. This will then be used to commit banking fraud and other problems. Be extremely careful of any links you receive via email, and never enter your email password into a web page. You can always call us if you receive an email you’re not sure about or if you are being asked for your email password by a web page.

Director Fraud – Director Fraud Protection in Kent

We have noticed an increase in spoof emails claiming to be company directors and managers emailing other members of staff asking them to transfer money or for information that could be used by fraudsters to commit banking fraud. Online fraudsters are becoming ever-more sophisticated, and will stop at no end.

There are many instances of fraudster registering domains designed to be extremely similar to a targeted company and using public records such as a Companies House or companycheck to find out company directors names and information so that they can set up fake email accounts in their names. Our support desk are happy to discuss possible bad emails before they are opened, in this way users can gain an understanding of what to look for.

Most common types of scam emails:

 

• Someone will pose as a boss or director of a company instructing a member of staff to deposit into the fraudulent account.
• Fraudsters will often pose as the IT company of a bank saying they will need to make a series of test transfers.
• They will claim to be a supplier or business partner asking for fake outstanding invoices to be paid into a new bank account.

If you have any questions, you can talk to us about possible ways to improve your cyber security and help put measures in place to reduce the chance of successful fraudulent attacks. 

How to Ensure You’re Protected from Director Fraud & Online Security Threats

 

Cybercriminals are increasingly targeting directors and senior staff using sophisticated scams like impersonation, invoice fraud, and business email compromise (BEC). Protecting your organisation starts with awareness and proactive procedures.

• Train All Staff – Not Just Finance Teams
  Everyone in your organisation should be aware of the risks of director fraud, not just your accounting or finance departments. Awareness is your first line of defence.

• Verify Manager & Director Communications
  Create a clear, company-wide policy for verifying any requests from directors—especially if they involve financial transactions or sensitive data.

• Use Two-Step Verification for Transactions
  Require a two-step approval process for all financial transactions. This could range from a shared security phrase to verbal confirmation via phone or in-person.

• Review All Transactions for Red Flags
  Always double-check for irregularities in payment requests—such as slight misspellings in company names, unfamiliar bank details, or unusual email formats.
• Audit Public Information About Your Company
  Review what’s publicly available on platforms like Companies House, your website, and social media. Remove or limit details that could be used in phishing or impersonation scams.
• Ensure Robust IT Security Systems
  Confirm that all your devices and systems are protected with up-to-date antivirus, anti-malware, and spam filters. Secure email systems are essential for fraud prevention.

At Cortec IT, we offer tailored cybersecurity solutions designed to protect company directors and senior executives from targeted cyber threats. From endpoint protection to employee awareness training and advanced email security systems, our team is ready to defend your business.

Worried about director-targeted fraud?
Contact Cortec IT for a free security assessment and find out how we can help secure your leadership and critical business data.
Call us : 020 8467 9222

Finally, if you have any questions or concerns about your organisation’s security, our expert team is here to help. We’ll work with you to identify vulnerabilities, implement effective measures, and reduce the risk of director fraud and cyberattacks.  Contact us today to discover how we can support your business with smart, secure technology solutions. And if you’d like to stay informed about our latest services, security tips, and technology updates, follow us on social media, it’s a great way to stay connected.

Are you ready for GDPR?

 

General Data Protection Regulation, or GDPR, will overhaul how businesses process data. This regulation is the biggest change in two decades and will come into force on May 25th 2018. It will change how businesses and public sector organisations can handle the information of customers. The GDPR is Europe’s new framework for data protection laws – it replaces the 1995 data protection directive, which current UK law is based upon.

 

How does GDPR affect?

 

If your company either controls or processes personal data you will be affected by the new regulations. If you are subject to the Data Protection Act, you will also be subject to the GDPR. Personal data broadly means a piece of information that can be used to identify a person, name, address, IP address, the list is endless. In the full details of GDPR there are 99 articles that set out the rights of individuals and the obligations companies have. These include allowing people to have easier access to data that companies hold about them, new fines and a clear responsibility for organisations to obtain consent from people they collect information about.

From a company perspective you will be more accountable for the handling of people’s information. This includes having data protection policies, impact assessments and relevant documents on how you process data. The Information Commissioner’s Office (ICO) has to be told about any data breach 72 hours after you find out about it, as do all people it has affected.

 

What do I need to do?

 

GDPR will vary from business to business, To help prepare for the start of GDPR, the ICO has produced a 12-step guide which we recommend you read. The guide, covers steps from making senior business leaders aware of the regulations, working out which information is held, updating your procedures and what happens in the case of a data breach. If you are unsure about your obligations under the new regulations, our advice is to seek out professional legal advice to safe guard your company. It is your responsibility to ensure your company is ready for GDPR, For existing clients Cortec can implement technical solutions and advice that will help you reach compliance. If you would like to book a consultation slot with us please email: gdpr@cortecit.co.uk.

Finally, please contact us today and learn how we can help you boost your business with new technology.
And if you want to keep in touch with our services and Technology-related news, please follow our social media.