Cirrus - IT, Cloud & Comms

16/06/2026

Mobile contract renewal due soon?

Before you sign another agreement with your current provider, let us compare the market for you.

We provide business mobile solutions across all major UK networks including EE, O2, Vodafone and Three starting form £0.70 a month!

✓ Keep your numbers
✓ Business Calls, SMS, Data and Data-only SIMs
✓ Multi-network options available
✓ Free, no-obligation comparison

Leave us your renewal details and see what's available before you renew.
https://go.cirrusits.co.uk/mobile-renewal

15/06/2026

📱 New Free Mobile Coverage Checker

Not sure which mobile network performs best at your address?

Our new Mobile Coverage Checker lets you:

✅ Check EE coverage
✅ Check O2 coverage
✅ Check Vodafone coverage
✅ Check Three coverage

Simply enter your postcode and select your address.

No registration required.

Try it here:

https://www.cirrusits.co.uk/mobile-coverage-checker/

15/06/2026

The one Outlook rule you need to set to save yourself from awkward conversations.

It's called "delay delivery." You set it once in classic Outlook, and from that point on every email you send sits in your Outbox for a specific time (that you set) before it leaves.

If you spot a typo, realize you sent the wrong attachment, or wrote something in frustration you wish you hadn't, you have can a standard 2-minute delay to give you enough time to stop it.

Just delete the email from your Outbox before the timer runs out.

To set it up in classic Outlook:

1. Go to File > Manage Rules & Alerts

2. Click "New Rule" and pick "Apply rule on messages I send"

3. Skip past the conditions so it applies to every email

4. Check "defer delivery by a number of minutes" and set it to 2

5. Save the rule

This is better than Outlook's built-in "Recall" feature, because it works every single time.

12/06/2026

Could your business be paying too much for its mobile contracts?

Before you renew, let us review your current arrangements and compare the available options.

Whether you have 1 connection or 100+, we'll provide a free comparison and help you understand what's available.

You might be surprised by the savings and network options available today.
https://go.cirrusits.co.uk/mobile-renewal

10/06/2026

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:

▶️ Block device code authentication flow in Entra ID for users who don't need it.

This protocol was designed for devices with limited input, which most office staff don't use. Open Conditional Access and create a policy that blocks device code flow by default.

▶️ Train your team. Microsoft will never email you a verification code to enter on its login page.

If a user gets an email instructing them to enter a code into login.microsoftonline.com, the email is phishing, no matter how legitimate the sender looks.

▶️ Use phishing-resistant MFA where possible, like FIDO2 hardware keys or Windows Hello for Business.

Authenticator app prompts are better than nothing, but they don't protect against this specific technique.

If you don't know how to do these things, let us know and we’ll help you out.

25/04/2026

You waste time receiving, configuring, and shipping laptops to remote employees.

When hiring remote staff, the traditional IT process requires shipping new hardware to a central office, manually installing software, configuring security settings, and shipping the device a second time to the employee.

These delays onboarding and doubles shipping costs.

Microsoft 365 Business Premium includes Windows Autopilot.

You purchase hardware from a vendor and instruct them to ship it directly to the new employee.

When the employee powers on the device, connects to Wi-Fi, and enters their company email address, Autopilot automatically connects to your Microsoft tenant.

It applies your specific security policies, installs required applications, and configures the desktop environment automatically.

The device is fully configured for business use without an IT administrator ever physically touching the hardware.

If you need help doing this for your business, comment below with “configure”.

20/04/2026

Granting AI agents access to your data comes with severe risks.

You should ONLY connect these automated systems to your live data if you have strict security boundaries.

Here are just a few of the permission controls you MUST implement:

✅ Restrict all AI agents to "read-only" access within your network.
✅ Deny the automated system any permission to authorize payments or move funds.
✅ Block the AI's ability to delete or permanently alter original files.
✅ Audit the API permissions of any third-party AI tool before connecting it.

That’s just the bare minimum.

You must define limitations and rules for every single process that AI touches.

If you want a full AI Acceptable Use Policy template to implement in your business, comment below with “AI” and we’ll send it to you.

15/04/2026

You can open questionable files and test unverified software without risking your local operating system.

Employees occasionally need to open unverified email attachments or unfamiliar software tools. Executing these directly on a workstation risks malware infection.

Windows 11 Professional includes a built-in feature called Windows Sandbox. It generates a temporary, isolated desktop environment.

You can open files and install software within this isolated environment. If a file contains malware, it cannot access your primary hard drive or the broader company network.

Closing the Windows Sandbox window permanently deletes the temporary operating system and all associated files.

Search for "Turn Windows features on or off" in your taskbar to enable Windows Sandbox.

10/04/2026

Text messages are not the most secure method for two-factor authentication.

Using SMS relies on telecommunications security, not IT security. Attackers can call a mobile carrier, impersonate a user, and transfer the phone number to a new SIM card.

They then trigger a password reset and intercept the SMS code, bypassing the password entirely.

Transition your accounts to better secured alternatives. Use an Authenticator App or a physical hardware security key.

Have you audited how your employees receive their authentication codes?

27/02/2026

Critical Vulnerability Alert: The "React2Shell" flaw is being actively exploited to breach organizations. Over 77,000 IPs are vulnerable. If you run React-based servers, verify your security patches immediately.

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code ex*****on flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors.