class

Security Awareness is important, here’s why.

In 2018, data breaches cost UK organisations an average of £6.4 million.
Human error, meanwhile, accounted between 60% and 90% of them.
Those facts alone are usually enough to convince people security awareness training is very important.
Usually….

As a Managed Service Provider, we can only advise our Client base of the benefits of why they need to introduce Security Awareness Training, sooner rather than later.

1. Prevent Data breaches and Cyber Attacks

Starting with the most obvious, security awareness training helps prevent business destroying data breaches.

The precise number of breaches security awareness training prevents is impossible to count. In an ideal world, we’d be able to run a controlled trial in which the exact same people working for the exact same company were divided in half: a control & a test group. The latter would be given training, the former would not. The two could then be compared to see the difference in knowledge.

Such situation is almost impossible – but that doesn’t mean advanced security awareness training providers are unable to demonstrate the ROI of security awareness software. Although an imperfect measure, it’s possible to measure the incidence and prevalence of breaches pre- and post-awareness campaigns and use the resulting metrics to glean an indication of ROI.

This is your first line of defence. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your pass code or pin; so, even if your phone is stolen, your information cannot be accessed. For this reason, you should consider mobile device management for your users.

2. To influence company culture in security measures

A culture of security has long been seen as the motherboard for chief information security officers. Equally, such a culture is seen as notoriously difficult to achieve.

With the aid of security awareness training, some are heading in the right direction to gain this credible stronghold reputation.

By keeping an eye on indicators of culture, advanced security awareness training platforms can actually help security professionals monitor, nurture and develop a culture of security – making their people a proactive defence against threats.

3. To make technological defences stronger & Intelligent

Technological defences are, clearly, a valuable weapon in preventing data breaches. But technological defences require input from people. Firewalls need to be turned onto maximum security. Security warnings need to be acknowledged. Software needs to be constantly updated and monitored.

Few businesses today would dream of operating without technological defences. And yet, without security awareness training, technological defences are not used anywhere near full potential.

To make matters worse, attackers today rarely bother attempting to penetrate businesses through purely technological means. Today’s attackers typically prefer to target people, who are sceptical but suffer from accidental clicking with lack of knowledge of the damage an email can do.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

servers

Cyber Criminals love your Servers, they’re full of Data.

37% of cyber attacks are discovered directly on your servers, making them the most likely place to identify an attack within your organisation. That’s one of the alarming stats taken from a recent survey from around 3000 IT managers around the world.

 But why are servers such tempting targets for cyber attacks?

1. Servers are at very high value

Servers often contain an organisation’s most valuable data. For example, personally identifiable information such as employee and customer records could be stolen if they’re not adequately secured on the server.

Regulations, such as the strongly introduced GDPR that protects EU citizens’ data, encourages significant fines for non-compliance. Attackers know this and will threaten to release sensitive data if their demands are not met.

2. Server downtime is extremely costly

Servers are the holy grail of organisations and are critical to their day-to-day functioning. Unexpected downtime can seriously impact productivity by revoking access to important files or communication tools such as Microsoft Teams. Ransomware attacks can cause organisations to grind to a halt unless a costly ransom is paid.

In instances where an organisation is reliant on servers for commercial function downtime can be very severe.

3. Servers are the perfect staging ground to start an attack

Servers are usually strongly connected in an organisation’s network. They are also online & running 24/7, which makes them an ideal platform for launching further attacks and looking for weak spots to exploit across the entire network. If you can’t identify a compromised server, the gates to your IT stronghold could be wide open to threats.

So what can be done in order to secure your organisation’s servers? The answer is in the right combination of advanced protection, visibility with powerful tools like Endpoint Detection and Response and server specific features such as File Integrity Monitoring.

 

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

otter

GDPR are issuing some nasty fines, Avoid them.

In recent months as you’re probably well aware of, both British Airways & Marriott Hotels have hit the headlines due to enormous GDPR fines – £183 million for British Airways and £99.2 million for Marriott.

The fines show that the General Data Protection Regulation, has given enforcers like the UK’s Information Commissioner’s Office, some serious tools to play with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a unworthy $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new fines in strong motion, we highly recommend you make sure you’ve minimised your risk of being next in the firing line.

GDPR is focused on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever you are located. Marriott, a U.S. organisation, is a prime case in point.

Here are five best rules we recommend all organisations stick to, in order to minimise the risk of a destroying GDPR fine:

  1. Patch daily, patch often. Reduce the risk of a cyber attack by fixing issues that can be used to gain entry to your systems illegally. There is no perimeter, so everything matters: patch everything you can get hold of.
  2. Secure personal data that’s in the cloud. Treat the cloud like any other computer you own – close un-needed ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your environments, including QA and development.
  3. Minimise access to personal data. Reduce your exposure by collecting and retaining only the information you need, and making sure only people with access to it are the people who need it to do their jobs. Not everyone needs access.
  4. Educate your business. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR requirement. Whether they’re involved with computers or not, everyone needs to educating.
  5. Document and prove data protection activities. Be able to show that you have thought about data protection strongly and have taken sensible precautions to secure personally identifiable information.

We can help you.

S2 Computers can perform tests on your systems to ensure they are protected, as well as information that your business is conforming to best practice, including penetration testing and intrusion testing, however the very basic elements of patching endpoints with vendor security patching, and ensuring antivirus is up to date is the often overlooked start point.

So why not choose the local experts to keep you infection free! That’s no mean feat in the current climate. We use a multi-layer approach of services and products to keep your systems running virus-free and we can manage your email too, to keep them from infecting your business IT.

To add extra layers of additional security, S2 Computers can liaise with you to ensure that there are comprehensive policies in place for password control, access control and network housekeeping and importantly remote access and BYOD policies. We can look at the current implementations of any other facet of your network, and give advice on industry best practices to ensure your business is sufficiently covering your risk.

fire

Prevent Ransomware with the power of Firewall

Ransomware has jumped to the top of the news, again. With devastating attacks continuing to impact governments, education and business operations in multiple states, countries & Continents, With the United States being the most recent under attack in Texas.

Capital One was a major firm recently caught under fire of Ransomware.

Attacks can start in a number of different ways – some with a simple phishing email, others with hackers leveraging vulnerabilities in networking stacks to gain a foothold and move to other systems on the network. One of the most devastating network vulnerability exploited in a ransomware attack was Capital One, only just a couple of months ago.

Since then, new vulnerabilities have been discovered, but there are still many networks out there that are vulnerable.

Unfortunately, many of these poorly written networks are piled with vulnerabilities that are ‘wormable’, which means hackers & malware can exploit these holes in an automated method with no user interaction, enabling the infection to spread quickly and easily to a wide group of systems.

Of course, deploying an industry leading protection product and maintaining a strict patch management strategy are top best practices. But there are also other best practices you should consider to help keep ransomware, hackers & threats out of your network in the first place.

Your firewall provides vital protection against exploits by closing up or protecting vulnerable ports, as well as blocking attacks using an Intrusion Prevention System (IPS). IPS looks at network traffic for openings, exploits and blocks any attempt for attackers to get through your network perimeter or even cross boundaries or segments within your internal network.

Here are the essential firewall essentials to prevent ransomware attacks from getting into and moving laterally on your network:

  • Minimise the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding. Specifically for RDP, ensure port 3389 is not open on your firewall.
  • Apply IPS protection: Apply suitable IPS protection to the rules governing traffic to/from any Windows hosts on your network.
  • Minimise the risk of lateral movement: Protect against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

texas

Texas is a big place, almost as big as it’s Cyber attacks…

Texas is a big state, a very big state. With nearly 30 million residents it’s the second largest state in America, it has a land mass twice the size of Germany, and a GDP larger than Russia. Texans like to boast, “Everything is bigger in Texas”, and usually that’s a good thing to brag about. However, this time bigger certainly wasn’t better.

News hit a few weeks back that 22 government organisations in the Lone Wolf State were recently under attack by structured & sophisticated ransomware attacks. It’s a timely reminder that as attacks continue to evolve, it’s crucial that your protection evolves even faster.

 

How can I make sure I avoid a sophisticated ransomware attack?

So how can you help ensure your organisation isn’t the next victim?

Firstly, does your solution provide or have industry-leading technology to ensure attackers can’t use un-patched, vulnerable software programs to distribute and install ransomware into your systems?

S2 Computers can perform tests on your systems to ensure that they are secure, and your business is conforming to appropriate methods, including penetration testing and intrusion testing, however the very basic elements of patching endpoints with vendor security patching, ensuring antivirus is up to date is the often overlooked start point.

Should that not prevent an attack – or should an exploit not be leveraged – how will your solution stop attacks it’s never seen?

So why not choose the local experts to keep you infection free! That’s no mean feat in the current climate. We use a multi-layer approach of services and products to keep your systems running virus-free and we can manage your email too, to keep them from infecting your business IT.

Keeping a continued eye on the security that is deployed in your systems.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

Could a puppy get your business hacked?

How lovely. Lisa in accounts has a brand new puppy.

It’s taking over her life. There are photos on her desk. It’s all she seems to talk about. Hey – she even changed her password to include his name.

And suddenly that puppy has become a security risk to your business.

Because hackers are clever. They look at social media feeds, and build profiles of people based on what they share. You’d be surprised how many people base their passwords on their pets or children’s names.

We’re S2 Computers, here to protect businesses in Norwich.

image

Ever lost an important Email?

Email is a vital lifeline

With us all receiving tens, if not hundreds, of emails per day – across countless devices, it is so easy to accidently delete or misfile an email, never to be seen again!

With nearly all walks of industry now relying on email as a formal, (and legally recognised) form of communication, it has never been more important to ensure you never lose anything from your mailbox.

I have seen instances in my career where a client won a court battle against a supplier, because they were able to produce email evidence of a contractual discussion. The win saved them from a potential £25m loss. Quite a unique example, however a pertinent one to the importance of access to email.

So much like your file data, you’d want to ensure your backup is protecting your emails too?

So, what do I have to do?

With email carrying such a level of importance to all our livelihoods, we’d best make sure that we can recover a single email, just as readily as our entire file server.

Most entry to mid-level backup services won’t have a provision to backup your email platform. Particularly if it’s something complicated like Microsoft Exchange that you are running within your own premises, or, if you are hosting your email within a service such as Office 365.

However! There are services that can.

What is available?

There are a number of backup service operators that now support direct integration to backup from, and restore to, email hosting services, (whether that is on premises or within services including Office 365).

Every IT professional will have their favourite and as a provider of Managed IT Services we have a few options open to us, which we compare to best meet the needs of our individual clients.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

365

Office 365 isn’t a safe means of Backup!

Are you working from Office 365?

Like millions of others globally, you are likely using Microsoft’s Office 365 platform for a part of your day to day business. Whether that’s for email, file storage or collaboration with team members, you’ll have data of some kind residing in Microsoft’s mega cloud productivity service.

365 is great. Helping all of us to be more efficient, work from anywhere and with anyone, with minimal fuss. However, like all cloud platforms, having your data within Office 365 doesn’t mean it is backed up…

There is a great misunderstanding taken from the pleather of messages that are promoting the use of cloud services; that being in the cloud means you no longer need backup. This couldn’t be further from the case.

So, what do I have to do?

Whether working from the cloud, or from a traditional file server within your office premises, you will only have a single copy of your file data. The only thing that’s changed is where you access that data.

Yes – that data is less susceptible to hardware failure and will be more readily available for access than ever before. Although, is just as vulnerable to accidental deletion, cyber-attack, corruption, or complete loss.

By default, Cloud operators will not indemnify you against any disaster that results in the loss or corruption of your files, even with a hardware failure on their infrastructure.

The result = it’s critical to have a backup service in place that can copy your files out of Office 365 into in a ring-fenced secure backup storage space.

What is available?

There are a few backup service operators that now support direct integration to backup from, and restore to, Microsoft Office 365 – among many other Cloud storage services.

Every IT professional will have their favourite and as a provider of Managed IT Services we have a few options open to us, which we compare to best meet the needs of our individual clients.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

police

GDPR enforces Professional-Grade Backup

Something you might not know already…

Backup and disaster recovery solutions are vital under the GDPR.

With any Business accountable or in control for the possession of significant data, they must have the ability to recover any lost personal data that they hold in a timely manner.

To remain compliant, you must have the obligatory backup and disaster recovery strategies in place and actively take the time to frequently test the strength and the effectiveness of the solution.

This is only the start, as you’ll find out there are lot more implications to it, you’re going to need to comply with all of them.

 

…We didn’t know this; how do we abide by GDPR?

By assessing each distinct implication and making sure your Business is within guidelines!

With British Airways & Marriott Hotels receiving enormous fines, you shouldn’t be expecting a slap on the wrists, we recommend you get your Business in order and follow all the directions.

Covering the first of many serious points involved; Having a backup recovery point is essential, regardless if you want one or not.

Whether you’re outsourcing or have other methods, you need a secure recovery point in which you can restore important data from, quickly.

You’re also going to need a procedure in place, for regular testing, assessing and evaluating the effectiveness of the measures involved for ensuring the security.

Do you feel confident that you could tackle inbound or masked cyber-attacks? If not, you should be looking for ways to reinforce your protection as you now must report any breaches within 72 hours of them taking place.

An effective way to ensure yourselves of Cyber protection, is to become Cyber Security Essentials accredited.

Data compliance is for every member of the team, whether you’re involved within IT or the legal side of the Business or not, everyone needs to be GDPR aware.

Finally, for now, Consistent Data backups are crucial, as well as regular Backup testing, you need to check frequently and backup your data often in order to comply, don’t get caught out at the closing stage.

 

What opportunities are available to us as a Business?

At this given time, there are many varieties of services and options available.

Whether you wish to Backup physically yourself, (Given the widespread implications this is un-recommend), making sure you’re secure with multiple copies in multiple locations, ideally following our ‘3-2-1 Backup rule’.

Or follow a secure route through an outsourced Backup provider, like us. In which we will provide a secure data Backup solution. A dedicated cloud backup, our online backup service is a secure and automatic way of ensuring that your critical data is protected offsite.

Whether you’re in a defenceless position, or just unsure of what position you are, you need to get ahead & updated with GDPR and Data compliance, contact us for all knowledge regarding backups and following security protocols.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

stormy clouds

The Cloud is a very useful Place…

The benefits are endless…

The Cloud is fantastic. There are thousands of different flavours and operatives of Cloud-based services to choose from; providing you with a protected, flexible and agile working atmosphere to truly work from anywhere.

Wherever we choose to work, we’ll have issues with our data safety, privacy and backup. You could have the most sophisticated Cloud infrastructure and still be vulnerable to tomorrow’s cyber-attack.

Therefore, we will always need a wide-ranging backup, irrespective of the type of IT we use.

 

…but it’s not a dependable backup.

As we’ve already documented, the Cloud is an IT concept that delivers great independence for the modern workplace. However, many wrongly assume that by working from the Cloud and by no longer having their data sat on a local physical disk or server that they can see, their data is secure and backed-up as standard. This regrettably isn’t the case.

It is a common misunderstanding that taking the single copy of your file data from that old office server and storing that copy within OneDrive or Google Drive will cure all your backup griefs.

The use of popular Cloud services, such as Microsoft’s Office 365 or Google’s Apps environment, provide only a single storage location for your data and do not backup your files as standard.

 

So, we need a local copy?

We’re not saying step back in time and change your working methods to old fashioned ones through fear of having multiple copies of your data.

In fact, by physically cloning files and storing copies in multiple locations will only create chaos in the backup structure & run without any automated schedule.

From a backup viewpoint, working from the Cloud as a single location for your file data, should be treated with the same consideration of having a file server in the office still. In-line with the best practice of the ‘3-2-1 rule’, it’s strongly advised to run a professional backup service to replicate that data to at least one (if not two!) alternative independent location.

 

What services should we use to Backup our Data?

There are reliable services available that integrate directly into Cloud platforms, such as Office 365 and GoogleApps, and automatically backup all your file data (and even things like emails) to an substitute encrypted Cloud-based storage location.

Your team benefit from the ability to continue to work as they always have, with peace of mind that should they suffer a loss, corruption or failure of the company’s chosen Cloud service, that file data can be stored quickly.

We can help

If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.

JOIN THE CLUB!