The UK government has just announced the launch of its ‘Help to Grow’ digital scheme which offers discounted software and free advice to small businesses.

Applications Open Now

The Help to Grow scheme is designed to support smaller businesses in adopting digital technologies to help them to grow. Applications for the scheme opened on 20 January.

Free Advice and Online Support

The scheme offers access to free, impartial online support and advice about how digital technology can boost a business’s performance. The support and advice can be accessed via Help to Grow’s online platform here: https://helptogrow.campaign.gov.uk/

Discounted Software

Eligible business in any business sector can also access a discount of up to 50 per cent towards the costs of buying approved software (from a group of approved suppliers), worth up to £5,000.

The 4 criteria for eligibility for the discount are:

1. Businesses must be based in the UK and registered with Companies House or be a registered society on the Financial Conduct Authorities Mutuals Register.
2. Employing between 5 and 249 people.
3. Actively trading for more than 12 months and having an incorporation date of at least 365 days prior to application.
4. Businesses must be purchasing the approved software for the first time.

Currently Just For CRM And Digital Accounting Software

Each eligible business can receive only one financial discount towards the purchase of one approved software product up to a maximum of £5,000 (not including VAT) in the Customer Relationship Management (CRM) and Digital Accounting software product categories. The government says that other software product categories will be available with the discount soon, including e-commerce software. The discount will cover 12 months’ worth of approved software product core costs, exclusive of VAT.

What Approved Software?

At this opening stage of the scheme, the approved CRM software suppliers whose products the discount applies to are Capsule CRM, Zymplify, Livepoint Software Solutions Ltd, Gold-Vision CRM, and Deskpro Ltd. The suppliers of the digital accounting software that the discount applies to are Sage, Intuit Ltd, and Crunch.

FSB and CBI

Mike Cherry, National Chair at the Federation of Small Businesses, said of the scheme: “For those small firms who are eligible, providing the means to make improvements through projects like this will make a real difference for those that are keen to expand their knowledge and skills.”

“We’re encouraging as many eligible small firms to apply and make the most of this new scheme.”

Also, Lord Karan Bilimoria, President of the CBI, said: “The launch of Help to Grow digital will help thousands of SME businesses invest in technologies. Supporting businesses on their digital transformation journey is fundamental to unlocking economic growth, boosting productivity, and creating a more resilient future for firms.”

Help to Grow: Management Scheme

The government already offers a ‘Help to Grow: Management’ scheme launched in 2021 as part of the wider government effort to back businesses and ‘level up’ the economy.

Under the ‘Help to Grow: Management’ scheme, small businesses can access 12-weeks of learning designed to fit alongside work commitments. The scheme can help businesses to develop a bespoke business growth plan, access 1:1 support from a business mentor, and learn from peers and network with other businesses. The scheme is 90 per cent funded by the government and participating businesses only need to pay £750. More information is available here: https://smallbusinesscharter.org/help-to-grow-management/

What Does This Mean For Your Business?

The last two years have created an extremely tough business environment, particularly for small businesses and businesses from all sectors have been forced to undergo a rapid digital transformation and associated learning (and cost) curve. Tools like CRMs can be costly to small businesses, but their use can really improve efficiency and productivity. For example, Enterprise Research Centre (ERC) figures show that businesses who use CRMs see on average productivity boosts of 18 per cent, so a its possible to see how a big discount on (approved) CRM software could help with growth. Also, ERC figures show that businesses adopting digital accounting software can get an 11.8 per cent increase in employee sales over 3 years. Discounts on this type of software could also provide an extra means for small businesses to increase growth. Free help, such as that offered via the Help to Grow portal, as long as it has real value, is bound to be welcomed by small businesses at this time. The biggest help right now would, of course, be greater certainty and a real improvement globally in the COVID situation, but the government scheme is one of many small ways that eligible businesses could improve growth in the coming years. The relatively small choice of approved suppliers and software types in the current round of the scheme, however, may not suit many small businesses right now, meaning that they may need to wait longer for any value and benefit.

Google has announced in an email that users with legacy (old) free G Suite accounts have until 1 July to upgrade to paid subscriptions or lose access to most services.

Ten Years Free

Google has said that legacy G Suite users i.e., those who have been able to use their custom domain accounts for free for ten years, must upgrade to a paid Google Workspace subscription to keep their services by July 1, 2022. The G Suite legacy free edition will no longer be available starting from that date.

Google also says on its support site that, even if users choose to wait, Google will begin upgrading subscriptions automatically on May 1, 2022. This will mean that an organisation’s account will be upgraded to a new Google Workspace subscription based on the features that the organisation currently uses.

Setting Up Billing Required

Google is, therefore, asking Legacy G Suite account holders to set up Google Workspace billing before July 1, 2022, or the Google Workspace subscription will be suspended until this is set up. If users still haven’t set up their billing account for Workspace after 60 days, Google says that those users will no longer have access to Google Workspace core services, such as Gmail, Calendar, and Meet.

What Is The Legacy Free G Suite Account?

Google’s free edition was first made available to businesses, organisations, and schools from 2006 to December 6, 2012, with Google Apps. The free edition of G Suite—also known as the legacy free edition of Google Apps— gave users a reduced set of business features.

What Is Google Workspace?

Google Workspace, introduced in 2020 as part of a new brand identity, is Google’s cloud-based, collaborative working platform. Workspace, Google’s answer to competing products like Microsoft 365 with its ‘Teams’ app (and competitors like Zoom), is where its productivity apps (Gmail, Calendar, Drive, Docs, Sheets, Slides, Meet, and more), and core communication and collaboration tools (chat, email, voice and video calling, content management) are grouped together. Workspace gained huge popularity during the pandemic lockdowns when demand surged for cloud-based platforms that enabled remote and hybrid working. Google Cloud claims that Workspace now has more than 3 billion active monthly users!

How Much Will It Cost To Upgrade To A Google Workspace Account?

The basic Business Starter subscription costs £4.60 per user per month (currently discounted to £4.14) and offers 30 GB of Drive storage, 99.9 per cent uptime guaranteed, and increased security. Users can also bolt-on extra subscriptions as required e.g., Google Voice to get a dedicated business phone number. Business Standard, and Business Plus packages are also available. The packages can be compared at https://workspace.google.com/intl/en_uk/pricing.html

What Does This Mean For Your Business?

Google’s argument for the need to upgrade appears to be that legacy suite account holders should be pleased that they had 10 years for free, and that the legacy version never offered benefits like the Workspace platform does anyway e.g., 24/7 support, 99.9 per cent uptime and more storage. For Google, the introduction of Workspace would be a way to seriously challenge Microsoft’s Office/365 dominance and, as Javier Soltero, the VP of Google Workspace claimed in late 2020, “This is the end of the ‘office’ as we know it.” Google reported “strong” revenue growth for Workspace in its third-quarter results (October) indicating that it is a popular subscription. For those users who have enjoyed the legacy, an upgrade is clearly an additional cost, but there may be additional valued benefits. Those who don’t want to upgrade “may” still be able to keep YouTube and Google Photos, but Google clearly wants to strongly encourage users to at least take up a basic subscription as soon as possible.

In this tech insight, we look at what a watering hole attack is, some examples of such attacks, and how businesses can defend against this threat.

Poisoning The Water

A watering hole attack is a targeted, ‘supply chain,’ cyber-attack strategy, similar to spear phishing. With this strategy, the attacker identifies a website that’s frequented by users of a targeted organisation, or entire sector. The attacker then infects the website(s) with malware and identifies weaknesses in the main target’s cyber-security. The attacker then manipulates the ‘watering hole’ site to deliver that malware, such as a Remote Access Trojan (RAT), so that it can exploit these weaknesses.
When a member of the target organisation’s device becomes infected (like drinking from a poisoned watering hole, hence the name) in a way that the target will not notice (also known as ‘drive by’), the attacker can then gain access to the infected device. This can, in turn, enable the attacker to access the target organisation’s network

Stealing and Spying

The goal(s) of this strategy, as with other strategies is/are to steal personal information, banking details, and intellectual property, and/or to conduct espionage. Also, it can enable the attacker to access corporate systems and assets, and potentially gain further details for even more cyber-attacks.

Examples

Examples of watering hole attacks include:

– The VOHO multi-phase Campaign. Back in 2012, attackers compromised a local government website in Maryland and a regional bank in Massachusetts, along with other sites related to the promotion of democracy in oppressed regions. The targets were organisations related to financial services, government agencies, and the defence industry, and the attack involved the use of re-directs and infection by Gh0st RAT malware. The attack saw 32,000 visitors from 731 unique global organisations being re-directed to an exploit site where around 4,000 hosts are believed to have downloaded exploit files, leading to a staggering 12 percent success rate for the attackers.

– From 2017 to 2018, a country-level watering-hole attack was launched in China by the “LuckyMouse”/ “Iron Tiger” group. This espionage campaign was reported to have targeted a national data centre of an unnamed central Asian country. The attackers injected malicious JavaScript code into the official government websites.

– The 2019 ‘Holy Water’ attack targeted Asian religious and charity groups. The attackers used an Adobe Flash update prompt to trigger the malware download. Although the motive was unclear, the attack may have been used for espionage.

How To Protect Your Business From Watering Hole Attacks

Ways that you can protect your business from watering hole attacks include:

– Keep anti-virus and software patches up to date.

– Use browser-based security tools to inform users of bad sites (bad reputation) and extra malware protection.

– Have a good email protection solution and consider using a secure web gateway (SWG) to filter out suspect traffic.

– Regularly inspect and monitor websites that are most visited by employees with a focus on malware detection. Also, have a procedure in place to quickly inform employees not to visit sites that have been identified as compromised.

– Check traffic from all third party and external sites before allowing employee access.

– Assess, know, and control the full extent of your supply chain (a watering hole attack is a supply chain attack).

– Educate/inform and train employees about the nature of the threat and how to avoid it.

– Never click on unknown/suspect links in emails or websites and exercise caution at all times when browsing.

– Consider adopting a ‘zero trust ‘security approach for the business/organisation.

What Does This Mean For Your Business?

This is broadly a supply-chain related attack (web resources) where instead of actively hacking or sending phishing emails, the criminals set traps for unsuspecting victims to walk into. In this respect, it is less obvious for businesses to spot. The first step is recognising and raising awareness of the threat. Following normal security good practice is always helpful plus some additional measures in this case such as identifying, regularly inspecting and monitoring websites that are most visited by employees and focusing on what additional malware protection can be added to employees’ browsers and devices. With an increasing number of more complex and inventive attack methods, many businesses are shifting to a complete ‘Zero Trust’ approach for their IT security. A more a data-centred rather than ‘moat and castle’ view of IT security gives companies greater holistic control and reduces the potential for the kind of gaps that cyber criminals can exploit with strategies like watering hole attacks.

In this article, we look at how spam filers work and what can be done to ensure that our legitimate emails reach their target and aren’t wrongly filtered out as ‘spam’ .

Why We Need Spam Filters

Although we’re focusing on how to avoid spam filters, it’s worth noting how important they are to businesses. Figures vary between surveys but around half of email is known to be spam and more than 90 per cent of malware arrives in spam emails. For example, Gmail in 2020 recorded blocking more than 100 million phishing emails with its filtering system, and figures (Statista) from September 2020 show 88.88 billion spam emails were being sent worldwide every day.

It is therefore necessary to filter our emails to stop our email boxes from becoming filled with irrelevant and possibly dangerous emails such as phishing emails. Filtering out unwanted emails also makes it much easier to see our important emails. Bear in mind, mailbox providers have a commercial interest in wanting users to continue using their service and having an effective spam filter can help this happen.

How Spam Filters Work / Spam Filter Types

Spam filters vary in their design across mailbox providers, but there are broadly several types that use different signals and scores to judge an email as being spam (and direct them to your spam folder). For example:

– Bayesian filters (and other heuristic filters) spot suspicious word patterns and frequencies in messages.

– Blocklist filters block and remove emails from senders who are identified on a spammers list.

– Content filters, as the name suggests, study the contents of an email with regards to language, such as words often used by spammers (special offer, discount) and inappropriate language. There are also ‘language filters’ but these are used to filter out messages with a different geographic language than that’s indicted by the recipient.

– Header filters study an email’s legitimacy based on the characteristics of its header e.g., the IP address.

– Rule-based filters apply rules established by users to incoming emails to decide whether they are delivered to the spam filter rather than the inbox. For example, these rules could be based on words or phrases in the message or header.

Other spam filtering judgements may be made using:

– Engagement rates. For example, if a (sender) mailbox has a high number of emails that are sent, not looked-at at then deleted, this could indicate low engagement (a sign of spam) and lead to an email being filtered out.

– Low mailbox activity. If an email box is rarely used apart from sending out large numbers of emails at once, this can be judged to indicate that it is a spam email account.

– Identification and reputation (a reputation score signalling how trustworthy your emails are) are often the main reasons why emails land in the inbox or the spam folder, not just the email’s content.

Getting Your Emails Past Spam Filters

Most of us, however, are not spammers and have legitimate marketing, business, and personal messages, sent with good intentions that we need to ensure at least reach their target, hopefully to get read. Ways that emails can beat spam filters include:

– Whitelisting : Since most major email providers (Google, Yahoo and Microsoft) automatically exempt whitelisted addresses from more scanning, ask known contacts to whitelist your email address in their spam filter, or to add your address to their contact list.

– Use Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) and DMARC email authentication. For example, attaching DKIM signatures to an email (as an encrypted header), SPF records to link your emails back to the domain, and the DMARC protocol to protect your domain from unauthorised use e.g., spoofing are all (more technical) ways to indicate that your emails are not spam.

– Where possible, avoid using spam trigger words in the header and content of an email e.g., buy, ‘double your’, XXX, earn, cash bonus, etc. There are many large lists of spam trigger words online and the guiding principles are to avoid anything that is sensationalising or over-promising.

– Personalise emails e.g., with the recipient’s first name. This indicates that the email is less likely to be unsolicited.

– Avoid using odd formatting (to stand out), strange use of punctuation or strangely formatted fonts. All of these are common signs of spam.

– Keep your email deliverability rates high e.g., keep your email list clean (remove inactive users and invalid emails), make sure emails are compliant with current web laws, and add engaging text.

– Only provide links to reputable websites.

– Include an unsubscribe button/link in marketing emails.

– Pay attention to spelling and grammar – use spelling/grammar checkers, and proof-read emails.

– Make sure the ‘sent from’ name is easily recognisable e.g., your name and business name together.

What Does This Mean For Your Business?

The number of different factors that spam filters use to spot and isolate spam is, of course, good for us all, but can make it more challenging to design legitimate business emails that make it to their target. Paying attention to basic rules and checks (spelling, grammar, formatting, links, personalising, avoiding spam trigger words) and using a legitimate, well-maintained email account/platform with a clean list can provide a good basis for getting past spam filters. Looking into using SPF, DKIM and DMARC may also be worthwhile. It is important to get the best ROI in terms of time and money spent in creating and sending marketing and company communications emails and designing-in deliverability of emails is, therefore, vital.

Here are 3 tips/tricks for Google Chrome to help with queries and searches that can be typed directly into the address bar (also known as the Onnibox):

Find websites that are similar

– For example, type related:bbc.co.uk

– This will deliver results showing similar (media) websites.

– The same type of search can be carried out for any website.

Use Google Chrome as a calculator

– Type in the required calculation For example, 2*3+8.

– The returned result will show the answer (14) loaded into calculator which you can use for more calculations.

Use a search term and site: to search a specific website for specific term

– To look for specific reference for a term in a whole website try, for example, Sandwiches site:bbc.co.uk

– This should return all the pages in the site where that term is used.