Join up with the cool people
The message exclaims that you should "Join the millions of people who are up to date!" The suggestion is that there is some sort of exclusive club where all the cool people hang out and enjoy protection from violations of privacy in perfect harmony. There's also a link in place which takes you to, amongst other things, another nagging tool online, reminding you that Windows Defender Antivirus is an all-in-one solution to protect you from the looming threat of viruses, malware and spyware. Yes, you read that right - Windows Defender...
This is a rather impressive claim from the company, considering their product actually ranked dead last in numerous bench tests and almost caused them to be sued by their rivals for engaging in non-competitive behaviour. But if Microsoft recommends it, who are we to say it isn't good?
Why we have to say "fair enough"
The reasoning behind the nagging is understandable. Three months from now, the Anniversary Update will become essential if you want to continue receiving security updates. If you don't download it, you will hardly be better off than users who are still running Windows XP. So, in all fairness to Microsoft, on this occasion they have the right to pester. Following the instructions is in the best interests of the user. Nevertheless, it is quite aggressive and typical of what we've come to expect from Microsoft - in a nutshell, they seem to think their customers are complete imbeciles who don't understand basic tech.
Standards were set
Were it not for all the other nonsense Microsoft has thrown at users, we would probably be less cynical about this sort-of-helpful nag. If you don't have the Anniversary Update at all, then you won't be seeing this issue yet, but you soon will. Updates to Windows 10 have a 2-year lifespan, and the very first deadline for this will be arriving on 9th October.
Windows 10 itself has a scheduled end date of 13th October 2020, after which there are to be 5 years of support before all updates are discontinued.
As long as the nagging from Microsoft remains at a low level, as it is in this instance, users will probably be happy enough to give them a pass. But the first week of October will be an interesting time, as we are likely to see Microsoft get into such a blind panic that we'll all end up receiving pop-ups while we're casually browsing.
Consilium UK are an IT company with expertise in Microsoft products and software. We provide the IT support Glasgow residents can depend on. If you have any issues with Microsoft or other products that you need assistance with, please contact us - we will be happy to hear from you.
Collaboration has always been an important tool within business. Being able to work on the same project with colleagues is crucial for success. Even if staff are not working on a project together, they may still need to collaborate across departments or on a one-to-one level. Think of a guidance document drawn up by one team that another team needs to see, or a sales director's PA needing access to his latest expenses claim form.
This has become even more common in the modern digital business world. Many businesses now have staff working remotely, working from home or spread across many different geographical branch locations. All this means that greater levels of flexible and effective collaboration are needed for many organisations.
This is where Cloud services have stepped in and helped immensely.
After 44 years in business, many passengers might expect British Airways to have tightened up on its IT support. But on the 19th July – one of the most popular travelling days of the year – the former "world's favourite airline" suffered yet another catastrophic IT failure, delaying tens of thousands of passengers for up to 15 hours.
With 31 inbound and 11 outbound flights axed from London Heathrow, approximately 30,000 passengers were left stranded at international airports overnight, many of whom were families expecting to begin their summer holidays.
Turning IT failures up to 11
The delays came on the same day that Heathrow Airport’s fire alarm had gone off in their control tower, causing understandable delays and cancellations. It was then that British Airways suffered what they're calling, "an issue with a supplier IT system," which they said would cause "knock on delays." Prospective BA passengers might be forgiven for thinking this was an understatement, after their 15-hour unscheduled delay in the departure lounge.
While British Airways did apologise to their customers "for the delay to their travel plans," their apology may have been drowned out by Virgin Atlantic gleefully reminding customers that their flights, from the same airports, were unaffected. Events of this nature don’t just risk the business losing custom to competitors in future, but, in this instance, also being hit by substantial compensation claims from customers who look set to receive anywhere from around €250 to €600.
IT issues a common problem for BA
Unfortunately for British Airways, over the past few years IT failures have become something of a common occurrence.
In 2017, 75,000 passengers were delayed over a bank holiday weekend after a supplier switched the wrong switch resulting in a hugely disruptive failure of the airline’s computer system. While the airline was adamant this was an accident and that an IT engineer "accidentally hit the wrong button," it left a sour taste in the mouths of travellers.
Prior to that, in 2016, BA suffered a total failure at its check-in desks. Staff worldwide had to resort to using pen and paper after their IT system failed them; disruption that robust IT backup systems could have prevented.
On top of that, Heathrow’s Terminal 5 has been beset by 5 technical failings throughout the last ten years.
Safeguarding your IT to protect your customers - and your reputation
Unfortunately, British Airways’ many technical glitches mean it is now destined to make the headlines whenever a fault occurs, no matter how accidental, causing much damage to the once reputable BA brand.
In the 21st century, customers increasingly expect a faultless service from businesses, with seamless IT infrastructure underpinning this. Thankfully, more and more businesses are looking to outsource their IT, take advantage of secure cloud services, and maximise efficiency.
Nevertheless, BA’s unfortunate track record is a timely reminder to make sure you understand how safe, reliable, and secure your systems are, and how your processes and data would be protected under similar circumstances. After all, it’s not just your customers that will suffer if your IT system lets you down – but your reputation too. For reliable IT support in Glasgow, get in touch with us at Consilium today.
‘Experts’ have been foreshadowing the demise of the password for at least a decade. Nevertheless, and despite the advent of other secure authentication methods, password use has only increased.
The surge in password use is largely down to an increase in online and cloud services, including in the government and public sectors. Passwords are a straightforward (and cheap) security measure, and the attractiveness of password-based systems over other authentication measures is easy to see.
However, this unchecked proliferation of passwords has caused users to become overloaded with the sheer number of credentials they are required to remember. This password overload leads users to do the things that every IT professional tells them never to do: write passwords down, use simple or predictable passwords or, reuse passwords across different systems. Sorry, if you’re an IT professional – we know that made you cringe.
So, what can you do to protect your password-based systems?
1. Change the default passwords
In 2012, best estimates were that there were “several hundred thousand” devices connected to the internet still using the default administrator password. Now, in 2018, the total is likely to be many times that. Changing the default password is a simple, easy, and essentially free way to stop anyone on the internet from accessing your network. In your organisation, ensure that changing the default password on new devices is standard practice, and conduct regular audits of your network to look for unchanged passwords.
2. Let users write their passwords down.
Well, okay, not quite. But allow them to use password managers. In fact, mandate it. Typical users will have at least 22 passwords to remember – an impossible task without resorting to simplification or reuse. Providing a secure, officially – sanctioned way for users to keep track of their passwords means no more password overload, which means more secure passwords.
3. Stop asking users to change passwords.
Many organisations have historically asked users to change their password every 30, 60, or 90 days. Leaving aside the fact that this only causes more overload for users, it’s not very effective as a security system either. Long-term illicit use of passwords is better tackled by monitoring the network for unauthorised or unusual patterns of access and warning users so that at-risk passwords can be changed.
4. Sharing Passwords – No, no, no, no, no!
Explicitly prohibit the sharing of passwords. Not only is it inherently insecure, but it completely removes your ability to monitor or audit use. Instead, if there is a genuine need for staff to have rapid and emergent access to systems, consider alternatives to passwords such as RFID-badges.
5. Password Strength
Good passwords are difficult for both humans and computers to guess and many password strength meters are not good at dealing with these competing priorities. For more on what makes a great password, and what doesn’t, consult the NCSC’s guidance at https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach or contact us now for specialist advice.
As IT specialists, we are constantly reminding all of our clients of the importance of good security practices, especially when using cloud services. An incident last week, however, should be a reminder to everyone that it's not only our work accounts we need to keep secure but our personal apps too.
TimeHop is a popular Facebook add-on application which, once granted access, is able to view all of your Facebook posts and photos, and post to your timeline. The company behind TimeHop has notified its users that, on 4th July 2018, they suffered a network intrusion that led to the loss of some 21 million users’ personal data including names, addresses and telephone numbers, as well as the private cryptographic keys used by the app to access your Facebook profile.
What has the company done?
TimeHop says that they detected the attack while it was in progress and were able to stop it, albeit not before some data had been compromised. In a statement, the company said that the breach happened because TimeHop had failed to enable multifactor authentication on one of their cloud computing accounts (something which they have now done).
If you are a TimeHop user, you will notice that you now have to re-authenticate the app. That’s because TimeHop has deactivated all of the security tokens which gave the app access to users’ Facebook profiles.
What personal data was lost?
The breach itself compromised the personal data of 21 million people – making it one of the largest single data breaches in history. The lost data includes:
When considering signing up for IT support, Glasgow businesses might be wondering what exactly an external service can offer them in comparison to in-house IT. In fact, there are many different things a dedicated IT company can offer you that go above and beyond internal support – serving your business better and ensuring your company is running smoother than ever when it comes to your digital management and care.
Here are just a few of the many great services that Glasgow IT support companies can provide to your business:
There's nothing worse than your email system, operating system or your actual hardware kicking the bucket with very little notice – and without a doubt, this always happens when you're in the middle of something very important. Employing an IT support company, especially a local one, can provide you with an emergency service specifically designed for your business, providing solutions and repair for your IT technology as soon as possible.
2. Backup and restoration
Unlike some internal IT support, choosing a dedicated company often means you have access to specific skill sets or technologies. This is often of great advantage when it comes to backing up relevant information or data off-site in a secure and encrypted way. Opting to employ IT support from an external company gives you access to expertise, and their experiential knowledge in backing up and caring for other companies' data will leave you in safer hands.
3. Superior security
Working with an external IT support company also provides you with a business that is invested in high security for IT systems – after all, they would need similar or identical systems for the management and care of their own data. This is especially key since the GDPR, with all the right measures needing to be put in place and maintained appropriately. IT support can provide that security and more with their expertise in the subject.
4. Training and support
It's in the name – IT support is all about supporting your business to do better when it comes to the management and usage of your IT systems. Depending on your requirements, an IT support company may be able to provide you with support by way of training and learning materials for specific software and systems. If they don't offer this internally, they will have all the recommendations you need to understand your IT system better.
5. Communication management
It's not just generic data that requires support and management. Everything from secure internal messaging systems to emails requires maintenance and a service that can resolve problems quickly and effectively. An external IT support company can keep those communication lines open, and even provide better services or systems to enhance your existing communications methods.
And the award for the first high-profile data breach post-GDPR goes to – Dixons Carphone!
The announcement that the electronics retailer had suffered two incidents of cyber crime was shocking not just because of the magnitude of the breach, but also the timing. It came within days of new data protection laws going live.
Dixons Carphone – which trades under names including Carphone Warehouse, Currys PC World and Dixons Travel - had to admit to the theft of around 1.2 million general user data files. Which in turn meant the potential exposure of an eye-popping 5.9 million card details.
The company mitigated the admission by pointing out that the criminals had not gained sufficient data to be able to use the card information to create fraudulent payments. The majority of the cards involved are chip and pin protected.
Dixons Carphone's chief executive Alex Baldock has been quoted as saying: "Cybercrime is a continual battle for business today and we are determined to tackle this fast-changing challenge."
The incident served as a reminder that the EU General Data Protection Regulation is the start of a journey, not a destination.
Dixons Carphone joins a prestigious list of “victims"
The move to create far more advanced data privacy and security rules under the GDPR arose from a growing understanding that Big Data means “Big Problems”.
The more transactions that occur online and the more personal information organisations gather and store, the richer the pickings for determined hackers.
In 2016 there was a 475% increase in data breaches compared to the previous year. To show the scale of this, it represents almost 54.5 million records left exposed by UK companies.
The organisations who have been caught out in recent years include some surprising names, including the NHS and government departments in the US. The list also includes the mighty tech company Yahoo, which admitted to the largest data breach in history; a grand total of one billion accounts.
Don’t think for one minute that the issue of data breaches is confined to the big players with the massive data stores though.
According to figures released by the UK Government, a large number of relatively small companies and even charities were the victims of cyber crime in 2017. This research found that more than 40% of businesses had been affected, and 20% of all charities. The most common source of these breaches or attacks was fraudulent emails.
So, though the Dixons Carphone announcement is viewed with horror, the company is far from alone in finding itself on the receiving end of ever more sophisticated hackers and fraudsters.
Data regulation is a guide, not a cure all
The GDPR is a signal for organisations to clean up their act, but this still requires them to bring in expertise and the latest systems to continuously outsmart the cyber crime fraternity.
The new law brings with it fines of up to £17 million or 4% of global turnover. However, introducing stringent cyber security measures to protect personal data is not just about avoiding penalties. It is also required to restore consumer trust and keep businesses trading.
The measures needed include using cloud services that offer the highest possible levels of security, and which use all available updates to best effect.
To arrange your free and confidential Security Lifecycle Review (SLR) please contact us today and one of our team members will be in touch.
Consilium UK is offering free Security Lifecycle Reviews (SLR) in collaboration with Palo Alto Networks.
Click here to arrange one today to find out what’s really happening with your network.
Over the past few years we have been bombarded with new regulatory compliance such as Cyber Essentials and GDPR, however there is still an internal issue on outgoing traffic which could contain anything! User data, credit card information, sensitive company documents, and incoming malware!
Cyber Essentials accreditation is something that can benefit all businesses, irrespective of the industry they operate in. For many public sector organisations or for business that work with the public sector this is becoming a mandatory requirement in 2018.
We are currently offering a promotion around to help achieve Cyber Essentials here.
So far, very few businesses in the UK have made an effort to secure this certification. Cyber Essentials is designed to improve cyber security at any company or organisation, and it does this by focusing on five key controls. These controls are patch management, malware protection, access control, secure configuration, internet gateways and boundary firewalls. Below, we will take a look at the different reasons why you should consider obtaining Cyber Essentials certification at your business.
You will be able to bid for government contracts
One reason why you should consider acquiring Cyber Essentials certification is that you will have the ability to bid for government contracts. The government in the UK has stated that all suppliers need to comply with the Cyber Essentials scheme if they are to be considered for any sort of contracts that involve providing technical services and/or handling sensitive information. So you can see, it is vital you get involved if you intend to grow your business.
Show your customers that you take the data breach threat seriously
Customers are wise to the cyber essentials threat that plagues the digital world. After all, they only need to turn on the news or browse online and they will hear news of thousands of customers that have had their personal data stolen in the latest breach. You need to reassure your customers and potential customers that this will not happen when they shop with you. One of the best ways to demonstrate this is by acquiring Cyber Essentials certification.
Protect against common threats
While there is no way that you can 100% protect your business from any threat, you need to ensure you mitigate the risk as much as you can. This is what the Cyber Essentials course is all about. It will ensure that you have all of the skills, resources and knowledge needed to best defend your business from the threat of a cyber attack.
It gives you a great chance to audit your internal security
The fourth and final reason why you should consider obtaining Cyber Essentials certification at your business is that it provides you with an excellent opportunity to audit your security in-house. When was the last time that your business fully audited the IT security policies that are in place? The vast majority of data breaches happen because of employee mistakes or errors that are made in-house. You can eliminate these by using everything you have been taught in the Cyber Essentials course to effectively and thoroughly audit your business.
As you can see, there are many different reasons why your business should consider Cyber Essentials accreditation.
For our current promotion on Cyber Essentials click here.
If you require further information about this, or you are looking for a business that can provide you with the IT support and Cyber Security Services you need, look no further than Consilium UK.
Contact us today for more information.