21 Jun

Yet another breach. It's imperative to take action

And the award for the first high-profile data breach post-GDPR goes to – Dixons Carphone!

The announcement that the electronics retailer had suffered two incidents of cyber crime was shocking not just because of the magnitude of the breach, but also the timing. It came within days of new data protection laws going live. 

Dixons Carphone – which trades under names including Carphone Warehouse, Currys PC World and Dixons Travel - had to admit to the theft of around 1.2 million general user data files. Which in turn meant the potential exposure of an eye-popping 5.9 million card details.

The company mitigated the admission by pointing out that the criminals had not gained sufficient data to be able to use the card information to create fraudulent payments. The majority of the cards involved are chip and pin protected.

Dixons Carphone's chief executive Alex Baldock has been quoted as saying: "Cybercrime is a continual battle for business today and we are determined to tackle this fast-changing challenge."

The incident served as a reminder that the EU General Data Protection Regulation is the start of a journey, not a destination.

Dixons Carphone joins a prestigious list of “victims"

The move to create far more advanced data privacy and security rules under the GDPR arose from a growing understanding that Big Data means “Big Problems”.

The more transactions that occur online and the more personal information organisations gather and store, the richer the pickings for determined hackers.

In 2016 there was a 475% increase in data breaches compared to the previous year. To show the scale of this, it represents almost 54.5 million records left exposed by UK companies.

The organisations who have been caught out in recent years include some surprising names, including the NHS and government departments in the US. The list also includes the mighty tech company Yahoo, which admitted to the largest data breach in history; a grand total of one billion accounts. 


Don’t think for one minute that the issue of data breaches is confined to the big players with the massive data stores though.

According to figures released by the UK Government, a large number of relatively small companies and even charities were the victims of cyber crime in 2017. This research found that more than 40% of businesses had been affected, and 20% of all charities. The most common source of these breaches or attacks was fraudulent emails. 

So, though the Dixons Carphone announcement is viewed with horror, the company is far from alone in finding itself on the receiving end of ever more sophisticated hackers and fraudsters.


Data regulation is a guide, not a cure all

The GDPR is a signal for organisations to clean up their act, but this still requires them to bring in expertise and the latest systems to continuously outsmart the cyber crime fraternity.

The new law brings with it fines of up to £17 million or 4% of global turnover. However, introducing stringent cyber security measures to protect personal data is not just about avoiding penalties. It is also required to restore consumer trust and keep businesses trading.

The measures needed include using cloud services that offer the highest possible levels of security, and which use all available updates to best effect.

To arrange your free and confidential Security Lifecycle Review (SLR) please contact us today and one of our team members will be in touch.

 

13 Jun

Seeing inside web traffic with Palo Alto SSL Decryption

Consilium UK is offering free Security Lifecycle Reviews (SLR) in collaboration with Palo Alto Networks.

Click here to arrange one today to find out what’s really happening with your network.

Over the past few years we have been bombarded with new regulatory compliance such as Cyber Essentials and GDPR, however there is still an internal issue on outgoing traffic which could contain anything! User data, credit card information, sensitive company documents, and incoming malware!

11 Jun

Cyber Essentials

Cyber Essentials accreditation is something that can benefit all businesses, irrespective of the industry they operate in. For many public sector organisations or for business that work with the public sector this is becoming a mandatory requirement in 2018.

We are currently offering a promotion around to help achieve Cyber Essentials here.

So far, very few businesses in the UK have made an effort to secure this certification. Cyber Essentials is designed to improve cyber security at any company or organisation, and it does this by focusing on five key controls. These controls are patch management, malware protection, access control, secure configuration, internet gateways and boundary firewalls. Below, we will take a look at the different reasons why you should consider obtaining Cyber Essentials certification at your business.

You will be able to bid for government contracts

One reason why you should consider acquiring Cyber Essentials certification is that you will have the ability to bid for government contracts. The government in the UK has stated that all suppliers need to comply with the Cyber Essentials scheme if they are to be considered for any sort of contracts that involve providing technical services and/or handling sensitive information. So you can see, it is vital you get involved if you intend to grow your business.

Show your customers that you take the data breach threat seriously

Customers are wise to the cyber essentials threat that plagues the digital world. After all, they only need to turn on the news or browse online and they will hear news of thousands of customers that have had their personal data stolen in the latest breach. You need to reassure your customers and potential customers that this will not happen when they shop with you. One of the best ways to demonstrate this is by acquiring Cyber Essentials certification.

Protect against common threats

While there is no way that you can 100% protect your business from any threat, you need to ensure you mitigate the risk as much as you can. This is what the Cyber Essentials course is all about. It will ensure that you have all of the skills, resources and knowledge needed to best defend your business from the threat of a cyber attack. 

It gives you a great chance to audit your internal security

The fourth and final reason why you should consider obtaining Cyber Essentials certification at your business is that it provides you with an excellent opportunity to audit your security in-house. When was the last time that your business fully audited the IT security policies that are in place? The vast majority of data breaches happen because of employee mistakes or errors that are made in-house. You can eliminate these by using everything you have been taught in the Cyber Essentials course to effectively and thoroughly audit your business. 

As you can see, there are many different reasons why your business should consider Cyber Essentials accreditation.

For our current promotion on Cyber Essentials click here.

If you require further information about this, or you are looking for a business that can provide you with the IT support and Cyber Security Services you need, look no further than Consilium UK

Contact us today for more information.

06 Jun

Why Office 365 is great for businesses

The adoption of cloud services can be a huge decision for organisations of all sizes, which means most will want to ensure it’s the right step to take before committing to making the change.

04 Jun

Are you making one of these cyber security mistakes?

There are many reasons why you need to be concerned about cyber security in the current day and age. You only need to look at the sheer number of attacks that occur on a daily basis to see that this is a serious problem for companies all over the world. You are a target, no matter how big or small your business is, or what industry you operate in. Not only this, but you need to recognise that the impact of a cyber attack could be truly devastating. You will be faced with huge financial losses and your reputation will end up in tatters. To make sure this does not happen, read on to discover some of the common cyber security mistakes businesses make so that you can avoid making them.

Assuming that other businesses are secure

This is one of the biggest mistakes that most companies make today. They assume that all of their third-party suppliers are secure and/or if a breach happens they will not be to blame, the third-party will be. These errors can be very costly. You are responsible for choosing the people you work with. Needless to say, when it comes to cloud services and Glasgow IT support, security should be a high priority. But it should also be a priority for any other type of service or supplier that is going to be handling your personal data or the data of your customers.

Failing to get your employees on board

All employees at any type of business should be trained in cyber security. Did you know that a large number of breaches occur due to employees? While a small number of these attacks are malicious, the vast majority of them occur due to employee error. This would not happen if you trained your employees in cyber security. Firstly, they need to understand why cyber security is so important, how it relates to their role, and the ramifications of a data breach. You then need to teach them about the steps they should be taking to protect vital data. Don’t assume that they will know the basics. Talk about everything from secure passwords to two-factor authentication. 

Thinking it is just about malware

Last but not least, a lot of business owners assume that cyber security is all about protecting from malware. Yes, this is one problem, but it is one of many. Over the past few years, cyber criminals have got much more sophisticated and they use many different approaches to breach a system. From phishing and Trojans to advanced persistent threats and botnets, you need to protect your company from all angles.

Hopefully, you now have a better understanding regarding the common cyber security mistakes that are made by businesses across the UK and the world. If you can avoid the errors that we have talked about, you can give yourself a great chance of making sure your business is never the victim of a data breach.

 

Consilium is certified to offer Cyber Essentials & Cyber Essentials Plus Consultancy. We can help you through the process including from doing an initial health check through to remediation and finally achieving accreditation. 

Click here for our current promotion around Cyber Essentials Certification from only £995 

30 May

Using cloud technology responsibly and compliantly

In many different areas of business, cloud services remain one of the highest priorities on IT support departments’ plans for the near future. Many businesses may not have even noticed that an increasing number of services they rely on are actually being delivered by cloud technology – emails, data storage, and even the applications their employees use on a daily basis.

14 May

5 top features your NGFW should have

 Cybersecurity is surely one of THE most critical aspects of any businesses IT set-up. Of course, one of the main ways to protect your network online is with a firewall. These act as a barrier to any malicious online activity and stop it from harming your systems. 

01 May

Is it safe to use Windows 7? And how the cloud can help you replace it

According to data from January 2018, over 42% of desktop and laptop computers are still running Windows 7, compared with just 35% running the latest version, Windows 10. You may not be aware that this is a problem, but remember that Windows 7 is now a nine-year-old operating system, with a codebase reaching all the way back to Windows NT in the early 2000's. There are students starting university this year who were not even born when the foundations of Windows 7 were written. In computing terms, that's not just old; it's positively prehistoric!

Why does it matter?

Using an out of date operating system means that your business's computers are not protected by the best available security measures, which are only available on modern, up-to-date systems. It does not matter how effective your anti-virus software is, and even the best AV software can surprisingly make your computer less secure, rather than more. An out of date system can never be a safe system.

Threats of an out-of-date operating system

Leaving aside that an operating system as out-of-date as Windows 7 is unlikely to be compatible with most new or updated software, it is also at risk from severe security flaws, including:

Ransomware

Recent ransomware attacks have focused on exploiting security vulnerabilities in older, out-of-date, operating systems. Ransomware attacks are especially dangerous for businesses as they can stop you accessing - or even destroy altogether - your most valuable asset: your data. Last year's WannaCry attack on the UK National Health Service is one example of such an issue which was directly attributable to corporate users continuing to use computers with out-of-date operating systems.

Malware

Computer viruses as they used to be - trojans, worms, etc. - are less of an issue now that criminals are utilising more advanced forms of malware (malicious software) to achieve their aims. Some particularly insidious kinds of malware can sit silently on a computer, reading all of a user's keystrokes, and then send their usernames, passwords, and the content of any documents they are writing, back to the criminals to use as they wish. Malware like this is a significant source of information for organised crime gangs to commit financial fraud and identity theft, and it is vital for your organisation to prevent it.

Data loss

Possibly most topically, any form of compromise to your business's computing systems could result in the loss of customer data or the theft of that data by a third party. With the advent of the General Data Protection Regulation on 25th May, this could cost your business €20,000,000 or more for a single data breach.

How can cloud services help?

Virtual desktops such as Office365, or a more comprehensive solution which allows access to a full range of applications such as Citrix XenDesktop, can support all of your staff to work on a secure, modern, up-to-date operating system. Additionally, because these solutions can be used on lower-specification hardware than a full install of Windows 10, your business could dave significant capital costs.

20 Apr

Tips for developing a business strategy for the cloud

Use of cloud services is becoming increasingly popular with one of the key benefits being that they are available to authorised internet users anywhere in the world on demand. Cloud service providers deal with all infrastructure details and users only need to be involved with the service output and can utilise the service in any location. Microsoft O365 is one example of a cloud service provider, but there are also private service providers who can offer cloud solutions dedicated to meet more specific client requirements. 

Develop a business strategy for the cloud

Any business considering adoption of the cloud needs to think about their goals and motivation prior to signing any kind of service level agreements. Some likely goals and motivations to move to cloud services include:

- A requirement to accelerate the delivery of applications in order to gain a competitive advantage
- Improvements to IT efficiency, both in terms of staffing levels and IT infrastructure
- Increased flexibility of investment leading to optimal returns
- Moving to expanding markets in new geographical areas and requiring the provision of new capabilities
- Reducing risk with added control and continuity for all critical applications

If you can identify with two or three of the goals and motivations above, then it's highly likely your business is ideally situated to profit from a move to cloud services. 

The first step in moving to a cloud provider is to match up application requirements to the features, technical requirement and services provided by cloud services. 

Cloud providers generally offer flexible services, with opportunities to increase or cut down levels of service, depending on current business requirements. Making best use of this ability does, however, require an understanding of likely minimum and maximum levels of service required, so they can be incorporated into any service agreement.

is an important feature of all cloud services, but should not be taken for granted. Cloud service providers offer a high level of security but application security is not provided and this needs to be a consideration for business applications teams.

You should expect a highly stable service level from your cloud prov00der, however, you will need to work out the levels of support you might potentially require from your cloud services provider. There could be occasions when urgent technical support is required even if cloud services are all working fine. For example, where users experience performance problems there could be a requirement for performance, storage, database, networks or applications analysis from your provider, and these details need including within any service agreements you are drawing up with cloud providers. Recognising and clearly defining all potential future support requirements from your cloud services provider in advance helps ensure any potential problems are addressed in a timely manner.

Consilium provide IT support and a variety of cloud services solutions from leading providers for businesses of any size. We can advise on the right cloud solution for your business and work with all our clients to maximise IT resources and improve business profitability. Contact us for more information.

13 Apr

4 ways to improve your IT support processes

 

If you've ever been the recipient or requester of IT support, you know that repairing something that's gone wrong or explaining certain techniques or mechanics, can be a convoluted process that requires many steps to find the right solution - often wasting time that could otherwise be used more effectively. When it comes to managing the way your IT support process works, there are many things to consider. Here are just a few simple ways you can improve that process to get your network, system or PC up and running faster:

1. Use a troubleshooting list

With computers and IT, in general, being a more complex system than ever before, it's a fact of life that once in a while something will go wrong. But when it comes to errors or problems based on everyday office work, sometimes there can be an easy - if not obvious - solution. 

Sharing knowledge on past problems, whether by email or with a list of potential solutions, can improve your chances of your employees being able to fix minor issues themselves, or at least put them through their paces before contacting IT support; saving you both time and cost.

2. Create a flagging or tier system

Not all problems are created equal - for example, a network going down may be a higher priority than someone not being able to access a specific software, or certain staff members may need to access IT services more than others. 

Putting in place a central flag or tier system internally allows you to advise IT support which tasks are the most important; even if, to those outside your particular team or business area, it may not seem as necessary.

3. Update your IT services

Many IT support issues can be immediately resolved, or at least lessened, by ensuring the IT services used by your business are up to date and current. This is especially important in relation to systems such as networks, as well as operating systems to keep up with the latest updates in software. 

Knowing that the version of everything you're running is correct can go a long way towards solving ongoing issues, and can ensure that all IT support queries are more likely to be genuine.

4. Outsource to the experts

IT support in-house may be a tempting choice for many businesses. But by outsourcing that service not only are you entrusting your business to a team of experts, rather than one person who may be overworked, you're also accessing information from experts in different areas of IT, which could result in faster resolving of issues.

Outsourced IT can better adapt to busy times, sudden influxes of issues and overall flexibility with the support they can provide - giving you far more leeway if something does go wrong.

If you're looking for an excellent IT support service in Glasgow, look no further. From traditional repair and management of support to cloud services, we can provide everything you need to ensure your business is kept up and running. Contact us today to find out more about what we can do for your business.
1 2 3 4 5

Recent Posts