16 Oct

Cyber security: a business essential

 

For businesses in the UK which operate digitally in some respect, cybersecurity is now a non-negotiable aspect of operating a company. According to government figures, some 98 per cent of businesses and charities in the country have an online presence of some sort, underlining just how important cybersecurity has now become. 


Which businesses need to worry about cybersecurity? 

Quite simply, if you operate on the internet, you need to think about cybersecurity. That could be anything from running a website to using social media and having company email accounts. The threat is very real. Government figures show that as many as 43 per cent of businesses and charities experienced some kind of cyber breach or attack over the last 12 months. The fact that on many occasions these businesses held personal data of some sort makes the issue all the more serious.

From corporates to SMEs

If you thought that cybersecurity was just a consideration for the high profile companies which employ hundreds or thousands of people - think again. SMEs are also being targeted, meaning that every PC, laptop or tablet which you use needs to be safeguarded against breaches. That's because the consequences of a cyber attack which compromises your digital security are worth avoiding - they can range from one of your devices being incapacitated for a few days, costing you time and money, to the reputation of your business with customers being damaged, perhaps irreparably. 

Getting the basics right

If you can't see security symbols each time you use your PC, laptop, tablet or smartphone, this might be an indication that you do not have adequate protection against cybersecurity attacks. Among the cybersecurity basics which you should be ticking off are strong passwords which offer resistance to some of the password guessing tools which can be employed by hackers. Aim to incorporate three random words in your password, along with capital letters and special characters. Also, ensure that all of your software is up to date with all the latest security updates. If your security software is not up to date, you could be risking leaving gaps for cybercriminals to target. 

Backing up your data is another important habit which it can be important to develop. This can act as a safety net should the unwanted scenario of a cyber attack occur. This can be done automatically in many cases - ask your IT support provider for help with backing up data. 

Take the next steps? 

Ensuring you have the necessary knowledge to protect your business from cybercrime is essential. Whether you develop this knowledge in-house or rely on the expertise of your IT support or Cloud Services provider is up to you. If you do choose to educate yourself on all things cybersecurity, you should know that the National Cyber Security Centre’s Small Business Guide is a fantastic resource which can be a great help to businesses which wish to tighten up their online security. You can access this guide here: https://www.ncsc.gov.uk/smallbusiness 

The sooner we start to see cybersecurity as a business essential, the quicker we can begin to slash the number of cybersecurity breaches.

 

Traditional AV is no longer effective at stopping today’s cyberattacks.

In fact, to prevent security breaches in your organisation, you must protect yourself not only from known and unknown threats but also from the failures of any traditional AV solutions deployed in your environment.

It’s time to replace your traditional antivirus solution with a real breach prevention tool.

 

Traps uses multiple methods of prevention. Traps checks everything that is run on an endpoint against a whitelist in the cloud called Wildfire. When Traps encounters code it hasn’t seen it detonates that code in Palo Alto Network’s cloud and either denies if it is deemed a threat or adds it to the whitelist going forward. That whitelist is shared with all Traps customers amounting to a huge repository used by all Traps installations.

 

Consilium are the only managed service provider of Traps in the UK. Palo Alto is a leading enterprise provider of security solutions and a recognised Gartner Leader for the last five years consecutively. They are at the absolute cutting edge of endpoint protection.

 

Get in touch today to find out how we can help your business.

 

01 Oct

Microsoft Security: what's new and what you need to know

Microsoft Threat Protection

Microsoft has announced its new security solution Microsoft Threat Protection. Saving users and security teams time by integrating its protection across email, documents, PCs, identities, and infrastructure into a single experience in Microsoft 365. Microsoft has drawn from its experience in security products to produce its most comprehensive security solution, offering an end-to-end detection, remedial, and shielding solutions to protect companies and organisations from cyber threats. 


Password-free login

Nearly all data breaches stem from passwords becoming compromised. Microsoft is delivering new support to bring an end to password security breaches by offering login via the Microsoft Authenticator app. Removing the need for passwords across thousands of apps that are connected to the Azure Active Directory and used by businesses every day. The app removes the need for passwords, eliminating the number one security liability for businesses by combining face and fingerprint recognition, PIN, and smartphone technology.

Microsoft Secure Score

The enterprise-class report card for cybersecurity is now available and claims to reduce the chance of a data breach by 3000 percent. It supplies assessments and recommendations to organisations to help secure admin and end-user accounts with MFA and terminating client-side rules for forwarding of email.

Microsoft Secure Score assists IT professionals in understanding and protecting their data security while improving overall management of their systems. The Microsoft Cloud App Security, Azure Active Directory and Azure Security Center offer additional control measures to strengthen the security and defence against threats to networks and data. 

Azure confidential computing

Azure will be giving a public preview on its DC series of the groundbreaking solution to protecting data while it’s being processed in the cloud. Breaches of data often occur from hackers and cyber criminals gaining access to data that is in use for analysis and computation. This has put off many organisations entering data into cloud-based workloads. However, Azure’s new service is the first in the world to provide a platform that secures and protects the confidentiality and integrity of customer data while it is being used in a cloud-based workload. 

Enhancements in modern compliance

Microsoft 365 compliance solutions have been enhanced to help organisations and companies make sure they comply with the General Data Protection Regulation (GDPR). An enhanced unified labeling solution allows for the creation and configuring of sensitive data with Office 365 acting in unison with Azure Information Protection. The streamlined experience offers users of Office 365 Security and Compliance Center an integrated approach to configuring data and automatically assigning protection and retention labels to sensitive data. Upgrades to the Compliance Manager Solution include strengthened data protection controls and new risk assessment templates. 

The Cybersecurity Tech Accord

Since it was first agreed in early 2018, the Cybersecurity Tech Accord has seen 27 more global organisations, including Panasonic and Swisscom, join the collaborative fight of global tech companies to protect customers all over the world from cyber attacks by criminals and nation-states. The total number of signatories is now 61, providing a broad base of expertise and knowledge to help keep the world’s systems and data secure. 

For more information on cloud services and IT support contact Consilium UK.
12 Sep

Balancing security with usability, and why keeping your users happy is a good thing

What's the best way to make a computer secure? Unplug it from the internet, turn it off, and put it back in the box. True though that may be, forcing your entire team to shut down their laptops and lock them away is unlikely to be great for their productivity levels. Like many jokes, though, there is a grain of truth. Yes, we could maximise the security of all our devices but if, in doing so, we make them unusable, then any security benefits are pointless.

Instead of getting in the way of users doing their work, good security should support and enable your business; adding benefits without slowing things down or adding costs. But how is that possible?

Making security usable

Many people see security and usability as two opposing ends of a scale; thinking that as you increase one, you decrease the other. However, this model encourages us to think of measures which are excellent at improving security in theory (such as long, complex passwords) but which have little to no impact on, or even damage security, in practice (e.g. users re-using passwords across different services).

Presented with two equally straightforward ways of completing the same tasks, one more secure than the other, users will generally make the right choice. However, if the secure way is not usable (e.g. too complex, time-consuming, or stops the user from doing what they want) then people will usually find their own solution. The users' own solution will get the job done, but will it be secure?

In the past, users have been punished for finding their own solutions to problems like this. Now, we realise this is the wrong approach. After all, if the security team's approved procedures mean that work grinds to a halt, are users really wrong to look for alternative options?

So, how can we help users to work securely?

It isn't always easy to make security usable, as anyone who has ever attempted to use email encryption will attest. Your security and IT support teams may have to do some work to make things simple for your users but, nevertheless, here are some things you might want to consider:

Secure by default

When you're buying or sourcing new technology, aim for systems and devices where the most obvious way to use them is also the most secure. Most new smartphones, for example, are encrypted by default, which makes them much more secure.

Take the strain

Find ways to take the effort of making things secure away from your users, and make their lives easier. Allowing your users to use a recommended, secure password manager, for example, will make it much easier for them to choose - and use - a strong password.

Make it practical

There's no point at all in having pages and pages of security procedures in a big manual that none of your employees have time to read. Instead, keep it simple, talk to your team, and find out what measures you can put in place that will both improve security and make your company run more smoothly.

Advice and support

If, though, you don't have the time, knowledge, or expertise to put all of this into practice yourself, our experienced Glasgow IT Support staff can help. Contact us today.

 

To arrange your free and confidential Security Lifecycle Review (SLR) please contact us today and one of our team members will be in touch.

24 Aug

The necessity of backups for your organisation

Having a duplicate copy of your business' critical information, stored in a remote location, is a must for any organisation. There is no shortage of calamities which can befall your data and cause you to lose a vital set of files at a crucial moment.

- Computer crashes always happen at the worst possible time, and often lead to data loss, especially if you didn't save that presentation you were working on.

- Malware. Ransomware, in particular, can render your entire organisation unable to access files for days, or possibly forever, unless you have the right backups.

- Hard drive failure. Most commercial hard disk drives will last for approximately 50,000 hours before they fail. That may sound like a lot, but however long the drive lasts is no consolation if it fails and you lose access to all of the data stored on it.

- Physical computer damage. If it's possible for something to go wrong, it will. And that includes your team pouring coffee over their work laptop, or your server having a critical failure. 

 

The bottom line


Bad things happen. Unless data is stored on at least two separate devices, preferably in two physically separate locations, a single failure could cause you to lose it entirely. Some files can be recreated, some work can be redone, but many documents are simply irreplaceable and, for many businesses, data losses can come with stiff legal penalties and fines under the GDPR.

Backing up

For most SME's we recommend Veeam. The Veeam Cloud Connect service can create cloud backups of all of your valuable business data, as well as offering options to create local backups which are very useful when someone accidentally deletes that valuable file at a crucial moment.

If your business doesn't have a backup system for your data, or if you're concerned that your current system might need an upgrade take a trial of Veeam with us to see how we can held safeguard your computer systems. 

Contact Us to Sign up for a FREE no obligation trial

More information can be found here

 

14 Aug

Microsoft Windows Store nagging us to update Windows 10

Once again, Microsoft has succeeded in getting on people's nerves with incessant pop-ups. This time, it relates to when people are using the Windows Store. There now appears a banner announcement on the app's landing page with the prime goal of alerting users that their Windows edition is older than the April 2018 update version. And it won't go away until you actually bite the bullet and download the update.

Join up with the cool people

The message exclaims that you should "Join the millions of people who are up to date!" The suggestion is that there is some sort of exclusive club where all the cool people hang out and enjoy protection from violations of privacy in perfect harmony. There's also a link in place which takes you to, amongst other things, another nagging tool online, reminding you that Windows Defender Antivirus is an all-in-one solution to protect you from the looming threat of viruses, malware and spyware. Yes, you read that right - Windows Defender...

This is a rather impressive claim from the company, considering their product actually ranked dead last in numerous bench tests and almost caused them to be sued by their rivals for engaging in non-competitive behaviour. But if Microsoft recommends it, who are we to say it isn't good?

Why we have to say "fair enough"

The reasoning behind the nagging is understandable. Three months from now, the Anniversary Update will become essential if you want to continue receiving security updates. If you don't download it, you will hardly be better off than users who are still running Windows XP. So, in all fairness to Microsoft, on this occasion they have the right to pester. Following the instructions is in the best interests of the user. Nevertheless, it is quite aggressive and typical of what we've come to expect from Microsoft - in a nutshell, they seem to think their customers are complete imbeciles who don't understand basic tech.

Standards were set

Were it not for all the other nonsense Microsoft has thrown at users, we would probably be less cynical about this sort-of-helpful nag. If you don't have the Anniversary Update at all, then you won't be seeing this issue yet, but you soon will. Updates to Windows 10 have a 2-year lifespan, and the very first deadline for this will be arriving on 9th October.

Windows 10 itself has a scheduled end date of 13th October 2020, after which there are to be 5 years of support before all updates are discontinued.

As long as the nagging from Microsoft remains at a low level, as it is in this instance, users will probably be happy enough to give them a pass. But the first week of October will be an interesting time, as we are likely to see Microsoft get into such a blind panic that we'll all end up receiving pop-ups while we're casually browsing.

Consilium UK are an IT company with expertise in Microsoft products and software. We provide the IT support Glasgow residents can depend on. If you have any issues with Microsoft or other products that you need assistance with, please contact us - we will be happy to hear from you.
09 Aug

How to increase business collaboration with Cloud technology

Collaboration has always been an important tool within business. Being able to work on the same project with colleagues is crucial for success. Even if staff are not working on a project together, they may still need to collaborate across departments or on a one-to-one level. Think of a guidance document drawn up by one team that another team needs to see, or a sales director's PA needing access to his latest expenses claim form. 
This has become even more common in the modern digital business world. Many businesses now have staff working remotely, working from home or spread across many different geographical branch locations. All this means that greater levels of flexible and effective collaboration are needed for many organisations. 

This is where Cloud services have stepped in and helped immensely. 

02 Aug

BA grounds flights for its traditional yearly IT outage

After 44 years in business, many passengers might expect British Airways to have tightened up on its IT support. But on the 19th July – one of the most popular travelling days of the year – the former "world's favourite airline" suffered yet another catastrophic IT failure, delaying tens of thousands of passengers for up to 15 hours. 

With 31 inbound and 11 outbound flights axed from London Heathrow, approximately 30,000 passengers were left stranded at international airports overnight, many of whom were families expecting to begin their summer holidays.

Turning IT failures up to 11

The delays came on the same day that Heathrow Airport’s fire alarm had gone off in their control tower, causing understandable delays and cancellations. It was then that British Airways suffered what they're calling, "an issue with a supplier IT system," which they said would cause "knock on delays." Prospective BA passengers might be forgiven for thinking this was an understatement, after their 15-hour unscheduled delay in the departure lounge.

While British Airways did apologise to their customers "for the delay to their travel plans," their apology may have been drowned out by Virgin Atlantic gleefully reminding customers that their flights, from the same airports, were unaffected. Events of this nature don’t just risk the business losing custom to competitors in future, but, in this instance, also being hit by substantial compensation claims from customers who look set to receive anywhere from around €250 to €600.

IT issues a common problem for BA

Unfortunately for British Airways, over the past few years IT failures have become something of a common occurrence.

In 2017, 75,000 passengers were delayed over a bank holiday weekend after a supplier switched the wrong switch resulting in a hugely disruptive failure of the airline’s computer system. While the airline was adamant this was an accident and that an IT engineer "accidentally hit the wrong button," it left a sour taste in the mouths of travellers.

Prior to that, in 2016, BA suffered a total failure at its check-in desks. Staff worldwide had to resort to using pen and paper after their IT system failed them; disruption that robust IT backup systems could have prevented.

On top of that, Heathrow’s Terminal 5 has been beset by 5 technical failings throughout the last ten years.

Safeguarding your IT to protect your customers - and your reputation

Unfortunately, British Airways’ many technical glitches mean it is now destined to make the headlines whenever a fault occurs, no matter how accidental, causing much damage to the once reputable BA brand. 

In the 21st century, customers increasingly expect a faultless service from businesses, with seamless IT infrastructure underpinning this. Thankfully, more and more businesses are looking to outsource their IT, take advantage of secure cloud services, and maximise efficiency. 

Nevertheless, BA’s unfortunate track record is a timely reminder to make sure you understand how safe, reliable, and secure your systems are, and how your processes and data would be protected under similar circumstances. After all, it’s not just your customers that will suffer if your IT system lets you down – but your reputation too. For reliable IT support in Glasgow, get in touch with us at Consilium today.

20 Jul

The problems with passwords; and how to solve them.

Whether you use cloud services or on-premise IT solutions, cyber security is more important now than ever. But did you know that one of the biggest threats to your security could be one of the things that you think helps to protect it? Passwords.

‘Experts’ have been foreshadowing the demise of the password for at least a decade. Nevertheless, and despite the advent of other secure authentication methods, password use has only increased.

The surge in password use is largely down to an increase in online and cloud services, including in the government and public sectors. Passwords are a straightforward (and cheap) security measure, and the attractiveness of password-based systems over other authentication measures is easy to see.

However, this unchecked proliferation of passwords has caused users to become overloaded with the sheer number of credentials they are required to remember. This password overload leads users to do the things that every IT professional tells them never to do: write passwords down, use simple or predictable passwords or, reuse passwords across different systems. Sorry, if you’re an IT professional – we know that made you cringe.

So, what can you do to protect your password-based systems?

1. Change the default passwords

In 2012, best estimates were that there were “several hundred thousand” devices connected to the internet still using the default administrator password. Now, in 2018, the total is likely to be many times that. Changing the default password is a simple, easy, and essentially free way to stop anyone on the internet from accessing your network. In your organisation, ensure that changing the default password on new devices is standard practice, and conduct regular audits of your network to look for unchanged passwords.

2. Let users write their passwords down.

Well, okay, not quite. But allow them to use password managers. In fact, mandate it. Typical users will have at least 22 passwords to remember – an impossible task without resorting to simplification or reuse. Providing a secure, officially – sanctioned way for users to keep track of their passwords means no more password overload, which means more secure passwords.

3. Stop asking users to change passwords.

Many organisations have historically asked users to change their password every 30, 60, or 90 days. Leaving aside the fact that this only causes more overload for users, it’s not very effective as a security system either. Long-term illicit use of passwords is better tackled by monitoring the network for unauthorised or unusual patterns of access and warning users so that at-risk passwords can be changed.

4. Sharing Passwords – No, no, no, no, no!

Explicitly prohibit the sharing of passwords. Not only is it inherently insecure, but it completely removes your ability to monitor or audit use. Instead, if there is a genuine need for staff to have rapid and emergent access to systems, consider alternatives to passwords such as RFID-badges.

5. Password Strength

Good passwords are difficult for both humans and computers to guess and many password strength meters are not good at dealing with these competing priorities. For more on what makes a great password, and what doesn’t, consult the NCSC’s guidance at  https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach  or contact us now for specialist advice.
12 Jul

Data Breach: TimeHop on Facebook

As IT specialists, we are constantly reminding all of our clients of the importance of good security practices, especially when using cloud services. An incident last week, however, should be a reminder to everyone that it's not only our work accounts we need to keep secure but our personal apps too.

TimeHop is a popular Facebook add-on application which, once granted access, is able to view all of your Facebook posts and photos, and post to your timeline. The company behind TimeHop has notified its users that, on 4th July 2018, they suffered a network intrusion that led to the loss of some 21 million users’ personal data including names, addresses and telephone numbers, as well as the private cryptographic keys used by the app to access your Facebook profile.
What has the company done?

TimeHop says that they detected the attack while it was in progress and were able to stop it, albeit not before some data had been compromised. In a statement, the company said that the breach happened because TimeHop had failed to enable multifactor authentication on one of their cloud computing accounts (something which they have now done).

If you are a TimeHop user, you will notice that you now have to re-authenticate the app. That’s because TimeHop has deactivated all of the security tokens which gave the app access to users’ Facebook profiles.

What personal data was lost?

The breach itself compromised the personal data of 21 million people – making it one of the largest single data breaches in history. The lost data includes:

• Names

03 Jul

5 services IT support can offer you

When considering signing up for IT support, Glasgow businesses might be wondering what exactly an external service can offer them in comparison to in-house IT. In fact, there are many different things a dedicated IT company can offer you that go above and beyond internal support – serving your business better and ensuring your company is running smoother than ever when it comes to your digital management and care. 

Here are just a few of the many great services that Glasgow IT support companies can provide to your business:

1.Emergency support

There's nothing worse than your email system, operating system or your actual hardware kicking the bucket with very little notice – and without a doubt, this always happens when you're in the middle of something very important. Employing an IT support company, especially a local one, can provide you with an emergency service specifically designed for your business, providing solutions and repair for your IT technology as soon as possible.

2. Backup and restoration

Unlike some internal IT support, choosing a dedicated company often means you have access to specific skill sets or technologies. This is often of great advantage when it comes to backing up relevant information or data off-site in a secure and encrypted way. Opting to employ IT support from an external company gives you access to expertise, and their experiential knowledge in backing up and caring for other companies' data will leave you in safer hands.

3. Superior security

Working with an external IT support company also provides you with a business that is invested in high security for IT systems – after all, they would need similar or identical systems for the management and care of their own data. This is especially key since the GDPR, with all the right measures needing to be put in place and maintained appropriately. IT support can provide that security and more with their expertise in the subject.

4. Training and support

It's in the name – IT support is all about supporting your business to do better when it comes to the management and usage of your IT systems. Depending on your requirements, an IT support company may be able to provide you with support by way of training and learning materials for specific software and systems. If they don't offer this internally, they will have all the recommendations you need to understand your IT system better.

5. Communication management

It's not just generic data that requires support and management. Everything from secure internal messaging systems to emails requires maintenance and a service that can resolve problems quickly and effectively. An external IT support company can keep those communication lines open, and even provide better services or systems to enhance your existing communications methods.

1 2 3 4 5
... 6

Recent Posts