It all starts with your company department@domain
The most important asset your company will ever own is its sales portfolio. It is how those sales are generated and if it is by advertising on the web or social media, then your domain (web address) becomes that most important asset. Businesses often do not realise that a mature domain that generates sales enquiries has value. This value can sometimes be more than you think. If you own a domain that is well established and is a .co.uk or .com you have endless possibilities. If you do not have full ownership or control then the opportunities are offered to the people who do. For example, we have had clients where when they started their business, chose a company who registered the domain and hosted a website for them, only to find that the web company owned the domain and not the business. The consequences without realising it are that the web company has your asset and may hold you to ransom.
In many small businesses, your emails are possibly the only records you have of a transaction or communication with your customers. In our experience, we have found small businesses with business-name@gmail, @hotmail. @btinternet etc. Most business owners do not realise they do not own or fully control their email address as these are referred to as a public email service NOT domain email service. These mail boxes have limited space and the email are often deleted once they have been downloaded from the server after a period. So as a critical record of communication, the only copy you may own is on a laptop or a PC which will be lost upon hard drive failure.
To own the domain, the format should be firstname.lastname@example.org
Let’s say you have a website www.business-name.com or .co.uk. Your web developers would have given you a few emails to manage your business. i.e. email@example.com , contact@ business-name.co.uk.
- Check ownership of your domain and make sure you have full access to your advanced DNS settings
- Avoid hosting your website where you registered the domain.
- Avoid hosting your emails on the same web server.
- Avoid handing all access rights to person or company as any dispute could leave you vulnerable.
- Avoid dealing with a company who has no physical address or telephone number.
- Avoid hosting outside the UK or EU as your information is in another country of which you cannot easily control or apply legislation such as GDPR.
- Do deal with local reputable business. Visit the premises. Establish who they are, how long they have been in business and who are some of their clients.
- Finally, avoid asking your mate or someone who uses a PC as you might regard them as IT professionals just because they can Google. Seek qualified professionals, they will save you money and stop you from making classic mistakes.
Your IT consultant is possibly the only professional that can make you money. Your solicitor or accountant will send you a hefty bill to either account or resolve a dispute. IT professionals are not valued in the same way. Things are changing as it is recognised that the skills and experience of good IT consultants can avoid disputes and setup systems and software that help you grow. Our template business works, get your business set up TODAY
Pricing starting from £699.00 +VAT
- 2 hrs consultation with our Qualified IT consultants
- Domain ownership
- Domain Heath check
- Domain DNS settings
- Cloud Set up
It is even more important than your Company name. Why?
You can change your Company name, move premises or even sell your Company, as you will have secured the main sales asset, your Domain.
Your domain allows you to have a cloud infrastructure managed under this account. Security of this domain can be controlled by yourselves, removing the need for anyone to own your IT infrastructure. This is paramount to a modern day business and the future of any potential your business may have. We know how to do this.
Taking the business into the cloud is not as painful as you think and can bring the flexibility and major advantages to save you time and money. Although each scenario is different, it can become customised to your needs, we have a foundation template where we have adopted many customers. The transition was made as painless as possible and was soon adopted by the staff members with very little staff training. Individual support for business owners and management is key so they can maintain confidence and control within the system. We adopt the principal of “If you make the staff happy, you make the Boss happy”
Emails, attachments and files
Every Company uses emails which often has attached files. This is not the most secure way to send sensitive documents these days. Inadvertently, without knowing, you will have contravened the new GDPR especially if you communicate about individuals within the communication. We have a solution for this.
Data stored on mobile devices are the most vulnerable. These devices hold Company details and personal data and could be lost or stolen anytime. If they are not set up within secure device policy, you do not have control of your Companies data. At worst case scenario, you have allowed members of staff to walk away with your sensitive data that could be used to transfer to your Competitors and by doing so you will have compromised your security. We have a solution for this.
One of the most prolific frauds today (find link) where businesses have lost about £41 million is the changing of bank details fraud.
If you do not set up security to stop hackers into your email, the consequences could be far more serious than you think. In simple terms, you need all devices that access your emails registered. If anyone tries to log into your emails, you will be notified so that you can allow or block access. We have a solution for this.
The hacker gains access and reads your emails. You may question ‘How?’ but when you read on the news of big companies having their database hacked, this list is passed onto criminals and they will target public email addresses i.e. Hotmail, TalkTalk, BT Internet, AOL, etc.
As discussed in Part One, it would be more difficult to hack a domain email address.
The hacker logs into your account and studies your behaviour. They look for correspondence where your Client pays you money. You will probably have an attached Invoice to the email so they have your bank details as well. Next, they will look for opportunities and contact your Client seeking the right moment to make the ‘attack’. They will email the Client and using established psychology to indicate that you are making changes to your current payment received methods.
You will not be able to see the conversations as they delete the email as soon as it is sent so that you are unaware that this is taking place. They will then proceed to offer new bank account details due to a change of bank for any future payments to be paid into. They will indicate a speedy timeline to up the pressure for them to do it quickly. As this point, one would assume that your Client picks up the phone to verify the instruction to change banks but the hacker has already applied enough pressure and has figured out that they are too busy to do this, in a busy accounts office.
Once the money is transferred into the hackers account, they will transfer it overseas immediately, of which the UK Banks have no jurisdiction. The UK Banks cannot do any more and will not admit to any liability, in our experience. The Law is changing to prevent transfers happening so quickly so as to provide a window of opportunity to block the transfer, but until the Law is changed, you and your Client are at risk.
You have still not been paid but the Client says that they have paid. You are left in a difficult situation in which you must now take action against your Client for non-payment of your invoice. This will definitely sour the relationship between you and your Client. The Client feels that it is not their fault as you have had your emails hacked and you argue that you have not been paid and they should have checked before they changed the Bank Details.
Whilst you and the Client spend time and money arguing over who is liable, the Hacker is left laughing as he knows that if you were to work together and investigate, you may be able to gather enough evidence as to the perpetrator but, at this point, our experience is that most people continue to argue as to avoid any responsibility or fault.
It is slightly more complex in that in most cases there is a member of staff responsible for the payment and because their job is potentially on the line, they will not co-operate and often end up going off sick with stress. Time is of the essence in most investigations and the people involved not co-operating is anticipated by the hacker.
Here is the final warning, now the hacker has robbed you and caused undue stress and disruption to your Business, the hacker has placed you on a ‘suckers list’. Your information and the way they extorted the money will be passed onto a hacker with a different scheme. This will not happen immediately as you will initially be on your guard but will remain to exploit other opportunities. People who have been scammed are reluctant to admit their failings as it makes them feel stupid.
This is the intention of the hacker to distract you from taking things further. The Client thinks it was you that was at fault because you allowed your email to be hacked, when in fact the victim is your Client. This is because they are the ones with the money and you were only the means to get at it. Your Client will not admit this, in most cases, and will bury the incident without procedures to stop it ever happening again.
To back this article, we have true stories of Companies where the sums have flawed (1) for £125,000 and (2) for £28,000 Both frauds were of a similar nature and involved the changing of bank details . The difference being (1) was an email hack and (2) was a cloning of a similar named business with a spelling mistake that was not spotted because of the long Company email address. We helped to recover the £125,000 and the £28,000 is still on-going.
Our Clients are fully protected and have taken our advice. Their Clients however have not taken the advice and think it will never happen again.