IT Security

Windows Server 2008 R2 End of Life Support is nearing: January 14 2020

Only 6 Weeks until Microsoft ends the life of some of its most popular products.

These products include: Windows Server 2008, Windows Server 2008 R2, Office 2010, Windows 7, and selected business server software.

What does that mean for your business?

1. You’ll lag behind your competitors:

There are no patches or updates for old software, leaving businesses
still using it lagging behind competitors.

2. Outdated servers like Windows Server 2008 R2 costs more to run:

Old software costs more to run. Companies that upgrade to smarter,
faster, more secure systems and migrate to the cloud, save a fortune over time with drastically reduced capital costs.

3. You will be vulnerable with Windows Server 2008 R2:

Hackers love end of life operating systems, because it’s far easier to exploit.
The combination of no more security updates and lots of unpatched
holes makes it a prime target for cyber criminals.

4. Windows Server 2008 R2 will not be GDPR compliant:

Organisations that fail to protect their customers’ data are not compliant with GDPR. One of the main criteria of the new regulation is that
you have to use up-to-date, secure operating software, so if yours is falling short then all the hard work you did in 2016 will have been for nothing.

What if I don’t upgrade or replace Windows Server 2008 R2 by January 14th, 2020?

Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches.

What shall I do?

If you haven’t upgraded yet, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible.

To meet with a member of our team or discuss your needs, please contact the ITCS support desk on 08456 400200 or email support@itcs.co.uk and we will be happy to help.

WebWindows Server 2008 R2 End of Life Support is nearing: January 14 2020

Cyber-Crime & SMEs: Who would want to attack my business?

When you look to the media, it is very rare to see small businesses making headlines for being attacked by cybercriminals. However, cyber-attacks in the UK grew by a dizzying 140% in 2018, and show no signs of slowing down in 2019. Moreover, According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses.

These figures don’t seem to make sense at first glance. Firstly, why would attackers put a small business in their crosshairs? Surely the big payoffs would come from going after larger operations? Secondly, the news is filled with headlines about cyber-attacks on large entities like the NHS, British Airways, and TalkTalk – SMEs are very rarely mentioned?

It might be tempting to think that your business has little in the way of value for hackers in comparison to the Talk Talks and Yahoos of the world. The fact of the matter is that your business has systems which hold data. Anything your business can leverage to make a profit, so can hackers. The statistics speak for themselves:

2/3 of companies with 10 – 49 employees suffered some form of cyber-attack in 2018.

The ONS estimate around 4.5 million cyber-crimes were committed in England and Wales during 2018.

Cyber-crime now accounts for more than 50% of all crimes in the UK (National Crime Agency).

According to the UK Gov’s ‘Cyber Survey 2019’, 31% of small businesses & 60% of med-sized businesses experienced a cyber-attack in 2018.

These figures are intimidating: The threats are real. But something stands between them and your organization’s data: you and your security teams, with the insight, perspective, and tools to take action.

Here are a few simple, yet effective tips that will benefit any business owner:

1. Perfect Password Protection:

This seems obvious; password protection is a standard practice these days. However, using a strong password that gets changed regularly is the foundation of good cyber-security. Follow these simple protocols when creating your passwords to ensure they are as strong as possible:

  • 8-16 characters in length
  • combination of upper and lowercase letters
  • include numbers and symbols
  • don’t choose obvious passwords
  • Change regularly

Implementing policies to deal with the sharing of passwords, even with co-workers, is also a good idea.

2. Layered Protection:

Layered protection in terms of technology and tools, means implementing various security controls to protect separate entryways. For example, deploying a firewall, endpoint protections, and secure email gateways – as opposed to relying only on traditional perimeter defenses. This also means limiting access to certain types of information, and adding levels of protection such as additional passwords, encryption, and so on.

Potential security risks can occur at a variety of levels. As a business owner, you need to set up security measures that provide multiple layers of defence against these risks. Layered security aids in keeping even the most sensitive data safe.

3. Monitor Personal Devices:

This sounds a little bit ‘Big Brother’-esque, but this doesn’t mean invading your staff’s personal privacy or disallowing specific software and apps. It just means that as a small business, you may not have the capital to provide devices like laptops, tablets, and smartphones for employees to use. In other words, employees may use personal devices to access company data.

If this is the case for your business, you need to create policies that allow your network administrator to install monitoring software, push automatic security updates, and call for regular password changes.

4. Train Employees:

Even with a technical support staff in place, your employees can create some of the greatest risks to cyber-security. However, when properly trained, they can also become some of your greatest assets – and a first line of defence against a data breach. With this in mind, it’s imperative that organisations conduct regular training sessions throughout the year to keep employees aware of potential scams and the ways they can make their organisation vulnerable.

 

 

5. Plan for Attack:

As you’ve seen above, cyber-attacks are now so prevalent, it’s best to prepare for the worst. You need to take a proactive approach to IT security. Ensure you employ a company that will take the time to get to know your business, and design a network security solution to suit your needs and budget.

 

 

6. Hack Yourself:

Before creating procedures and controls around IT security, organisations need to determine their risk. One of the best ways to find vulnerabilities is to hire an appropriate consulting firm or IT specialists to audit your system in search of weaknesses. From there, you can begin to make changes that will better protect your business, your network, and your clients.

 

 

 

Rounding Up:

SMEs have an inherent advantage over larger companies: smaller business tend to be more agile and flexible, so can adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. By giving cyber security the same priority as other business goals, SMEs can maintain their advantage and thrive in the new digital world. Cybercrime is on the rise and IT security is vital. ITCS can help you defend your data. Get in touch today for a free IT security audit – forewarned is definitely forearmed.

WebCyber-Crime & SMEs: Who would want to attack my business?

World Password Day should Be Every Day!

It’s World Password Day: when you look back – even as little as ten years – cyber security has never been as important as it is today. Businesses and Consumers both store some of their most sensitive details live behind online password protection. Financial information, confidential files, official documentation, personal photos, the list goes on. With intimidating statistics coming out about hackers and business all the time (Did you know there is a hacker attack every 39 seconds?), it seems that keeping sensitive online data safe needs to be at the top of everyone’s priorities.

With this in mind, World Password Day seems to present the perfect opportunity to be diligent about ensuring our passwords are secure. A few tips to keep in mind include:

1. Make your passwords 9-10 characters long:

Most websites recommend an 8 character minimum, but we would recommend using a minimum of 9 or 10 characters on all passwords.

2. Check your password vulnerability:

Go to a site such as haveibeenpwned.com – this is a completely free site built by one of Microsoft’s Regional Directors. Type in one of your passwords and see if your chosen code-word have been compromised in a breach and are generally available to hackers. If they are, change them wherever they are used.

3. The No-Name Rule – but expanded:

Do not use common passwords, and do not use basic personal details within your passwords. Info such as your birthday, family members’ names or pets’ names is easily guessable. According to security company SplashData the two most commonly used passwords are “123456”, and “password” – a dream for hackers and fraudsters.

4. Complex is Best:

Strong passwords normally incorporate a mixture of the following:

  • Uppercase characters
  • Lowercase characters
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/

5. Lather, Rinse… but DO NOT REPEAT:

Do Not Re-Use Passwords! Password reuse is extremely common. It’s extremely risky, but it’s a regular occurrence, because it’s easier to remember one or two passwords, and people aren’t aware of the potential impact. But, repeating the same password across several sites means if a hacker discovers just one password, all personal info is suddenly at risk. Therefore, it is crucial to diversify your passcodes to ensure hackers cannot obtain access to all of your accounts at once, should one password be somehow compromised.

Overall, it is absolutely crucial to ensure that your passwords are as secure as possible, every day – not just on World Password Day. CyberCrime is only escalating, and neglecting the defence of your network is simply allowing your data to be hacked. Secure your passwords now, and make sure you keep vigilant to the risks that we all face.

If you have any questions or concerns around computer security, please don’t hesitate to contact the ITCS support desk on 08456 444 200, we are always happy to help.

WebWorld Password Day should Be Every Day!

Tips for Cutting IT Costs in Your Company

A part of your business streamlining processes that takes time to develop is your cost-cutting strategy. Over the course of months and years in your industry, you’ll become increasingly aware of the inputs that you’re paying to keep your company afloat. What you may not be so aware of is the fact that the costs of your IT systems – perhaps the most important and biggest source of your business expenditure – can be reduced with smart planning.

This article provides tips to help you cut these hefty costs.

Modern Software Solutions

Software packages are a part of your obligatory expenditure in business. You don’t simply require hardware and computing power – you also need the programs that’ll help you perform whichever process your business is concerned with. With software developers quickly moving to produce the best solutions for businesses large and small, there’s healthy competition to take advantage of in this space.

Whether you take it upon yourself to personally monitor the emerging tech scene, or you rely on IT specialist advisors to do it for you, it’s fundamentally important that you keep your software up-to-date and effective. The best software packages – offering the best balance between investment and outputs – are centralised, allowing you to process a number of different functions through the same program. These are easily onboarded as third-party applications, with data transfer capabilities to ensure that you don’t lose your past work.

Energy Usage

Computing power relies on a constant source of energy and, especially in larger offices maintaining a number of devices between working hours, this can add up substantially. You can enact a number of strategies to keep your energy costs down – the simplest of which being to ensure that no device is left running unnecessarily. Likewise, purchasing efficient hardware with low-energy cooling systems is another way to reduce the energy used by your computers.

Meanwhile, you can also cut costs with the energy supplier themselves. Use this site to find a comparison of utility prices in the UK, with business-specific packages competing for your attention and custom on-screen. This is the simplest way to reduce your expenditure on energy bills, and will help you make cost-efficient use of the tools that your staff use every day.

Upgrade Wisely

Every company must intermittently upgrade their hardware, which is a costly process that you’re unable to avoid as computing systems slowly become either obsolete or incredibly slow. When you are forced to consider a wholesale upgrade to your computing systems, you’re faced with a choice – whether you invest in a long-term solution with plug-in extras you can onboard over time, or a shorter-term investment that gets your company running smoothly on new hardware.

In either case, you’re going to want to talk with IT specialists, and monitor tech sites, in order to find the best deals on your new office equipment. Bear in mind that many providers will provide discounts for multiple computer purchases, so sometimes it pays to buy in bulk to achieve the discounts that’ll cut your IT costs.

These tips will help you cut the IT costs in your company dramatically, while maintaining the same performance levels that helps your staff make the most of the technology available to them in the workplace.

WebTips for Cutting IT Costs in Your Company

Norsk Hydro: The ultimate example in handling a data breach

We regularly post about being prepared for a cyber attack in your business, but the sad fact is, that sometimes, they happen. 
So, if you’re hit by a Cyber Attack, what do you do?

The Norsk Hydro Cyber Attack: March 18th 2019

Norsk Hydro, one of the world’s largest global producers of aluminium, suffered production outages after a cyber attack affected operations across Europe and the U.S. Hitting 160 plants worldwide, many branches had no choice but to switch to manual operations, and several of its metal extrusion plants used to make components for car manufacturers and other industries were shut.
Not only this, but the company’s new CEO had only started one day before. Talk about the ultimate test.
It’s clearly a situation that no business wants to find itself in. But the way in which the company reacted, we believe, was extremely impressive and should serve as an example for all business. In fact, many industry professionals have agreed that both operationally and from a PR perspective, the company’s reaction may well become industry standard.
Here are some of the main takeaways that other businesses can take from the attack:

1) Honesty is the best Policy

One of the most commendable aspects of Hydro’s response to its’ data breach was its transparency: Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack. The company utilised daily webcasts and social media posts to keep business partners and the media informed about what was going on. With its email systems down, the company used Facebook as a main source for communication. They also used a redirect on their website, sending users to a temporary Azure hosted area:

holding page norsk hydro

The temporary holding page that Norsk Hydro Sent users to after the attack

This allowed them to control the narrative from the outset: The company has been completely transparent about the scale of the incident, constantly reassuring stakeholders and media about their efforts to tackle it.

The result? Well, most tellingly, the company’s share price has remained more or less constant throughout the attack’s aftermath. Despite such major upheaval, insurance company RMS believe that Hydro behaved exceptionally in terms of its communication of the breach:

“One of the critical factors in cyber breach response and recovery is executive action, including public communications, accountability, and responsibility,” RMS said.

2) Forewarned is definitely Forearmed:

It’s well known among businesses that cyber attacks are now a ‘when’ not ‘if’ scenario. Therefore, being prepared for incidents such as this should now be commonplace.

At a news conference, Hydro’s finance director Eivind Kallevik said that the company would not pay the extortionists:

We have good back-up routines. Our main strategy is to reinstall data from the back-up systems.”

Any business would hate to find itself in the position of having to shutdown operations for any longer than absolutely necessary following an attack. Hydro was the ideal example of a business that is prepared: it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

It would be prudent and good practice for any sized business to build its’ cyber defences and segment networks, to reduce the chances of an attack successfully permeating your organisation. Ensure that you have a secure, working backups of your critical data so you can get back up and running as soon as possible if an incident does occur.

3) Upgrade to the Cloud:

Unlike some other victims of cyber attacks in the past, the fact that Hydro had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

Cloud hosting not only serves as a disaster recovery solution, but allows portability: everyone in your business can access data across multiple offices or different locations on the go.

4) A business is only as good as its’ people:

Hydro released a Youtube video on April 2, explaining the attack. In it, the company states how its employees were prepared to do whatever it took to get the company back up and running: ‘with a tremendous effort of our colleagues…the plant has managed to get production back up to 100% normal, despite operating in manual mode’. Staff spent hours building a manual drawing archive so that orders could be fulfilled. ‘Everyone wants to help,’ the video states, ‘we do not even have to ask people’.

Did you know that globally, human error is the second largest cause of data breaches? At Hydro, staff are experienced and prepared, so they were able to be proactive and run manually for a while.

Watch their video here – it really provides an insight into the dedication of the company’s staff:

Ensure your personnel are clued up and prepared for a security breach, and know exactly what to do in the event of a cyber attack.

Rounding up:

LockerGoga is a particularly nasty form of ransomware as it has the capability for destructive erasure (also known as “wiping”). The attack on Hydro could have caused severe damage to industrial control systems, had the ransomware gained network access. As the Insurance Journal said, “If it had become necessary to do an emergency shutdown of critical plant, this could have led to a very costly recovery operation”.  This actually happened at a German steel mill in December 2014.

It is almost certain that there will still be a battle at the organisation before everything is returned to normal, but you cannot fail to be impressed by what the global company have achieved so far. They should serve as an example to us all in how to prepare, and react to, a cyber security attack.

WebNorsk Hydro: The ultimate example in handling a data breach

4 Key Security Threats that Businesses Need to Prepare for in 2019

From high profile data breaches of companies like Facebook and British Airways, to mounting evidence surrounding Russian interference in the 2016 US election, it is safe to say that 2018 was a landmark year in terms of security vulnerabilities and emboldened cyber-criminals. So, with 2019 set to bring more technology advancements, what can you do to protect yourself, and what should your priorities be as a business?

The Information Security Forum – also known as the ISF – is a trustworthy source that senior security professionals and board members turn to for guidance on information security and risk management. They have identified 4 key security threats that businesses will be faced with this year – as well as tips for risk management. You can read the full report here.

Key threats for 2019 include:

1. Increased Sophistication of Cyber Crime

In 2017, high-profile incidents, such as the WannaCry ransomware attack, made file-encrypting malware internet enemy number one. 2018 actually saw a decrease in the number of Ransomware attacks, as many businesses invested in backup solutions that eased the impact of a ransomware attack – or even investing in high quality Endpoint Detection and Response (EDR) systems – which basically eliminate the risk altogether.  However, there are still many high-profile ransomware attacks happening, which is why this threat remains at the top of our list as a threat to business in 2019.

How to Prepare:

John Zorabedian, author of Sophos NakedSecurity Blog – suggests that preventing ransomware attacks can be as simple as getting the basics of cyber security right. Back up your files regularly,  train and retrain employees in your business (we can help with that if you need). Use a password manager and never reuse passwords. Keep up to date with operating system patches and app or software updates. Change the default administrator passwords on things like home routers, modems, and network-attached storage servers.

2.Legislation Falling Behind 

ClickDimensions-GDPRBoth regional and national legislators are struggling to keep pace with the fast-paced developments in Cyber-security. They are set to fall even further behind in 2019, with most current legislation in place being years behind the technological curve. At the same time, as businesses cry out for more regulation, sweeping changes get made with tight deadlines that don’t allow adequate time for organisations to attain compliance. The ISF identifies how national regulations will also provide a hindrance: “legislation by its nature is government and regulator driven, resulting in a move towards national regulation at a time when cross border collaboration is needed. Organisations will struggle to keep abreast of such developments which may also impact business models which many have taken for granted”.

What Can I do?

Unfortunately, this one is mostly down to government and regulation. Without doubt, there remains much to be done and it requires the collaboration between governments, private initiatives, the academic sector, and of course, users.

3. Smart Devices will Challenge Data Integrity

Picture+for+ArticleAs the world enters a new era of technology, businesses are implementing smart devices enthusiastically in an effort to impact their business. This is a huge positive; however, many users won’t realise that these devices are often insecure by design, and therefore offer many opportunities for attackers. These types of attacks are on the rise; in 2018, SophosLabs saw significant growth in the volume of attacks targeting IoT devices. One of the reasons for this is that it’s challenging to detect a device is affected until something goes horribly wrong.

There will also be an increasing lack of transparency – vague terms and conditions will allow organisations to use personal data in ways customers did not intend. This will prove problematic for business, as it’ll become less clear to pinpoint what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones or conference phones. To add insult to injury, when breaches occur, organisations will be held liable by regulators and customers for inadequate data protection.

The Fix:

Again, the main advice for preventing these types of attacks is to focus on mastering the basics. Make sure all devices are kept updated, and continually updating passwords. A new device that’s being introduced as a replacement for old devices makes it increasingly easy to forget about every connected device on your network. But old devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.

Each device is a potential weak point that has to be secured. So, if there are old access points that you no longer use, you’ll want to thoroughly disconnect them from the network – even going as far as doing a factory reset on the gadget.

4. Supply Chain Assurance Myths

Supply chains are a vital component of any B2B or B2C organisation. They are integral to the smooth running of a business, with valuable – and often sensitive – business information being shared with trusted suppliers. It’s important to remember that when this information is shared, direct control over your data is lost. This year, many organisations will realise that gaining traditional reassurance of their supply chain security is a lost cause. Businesses that continue to focus on assuring supply chain security with approaches such as self-certified audit and assurance, may preserve the illusion of security in the short term, but will inevitably discover that the security foundations they believed to be in place were lacking. Even the smallest supplier, or the slightest supply chain disruption, can have serious impacts on your business. Brand management and brand reputation are subject to the successful security of your supply chain; both are constantly at stake.

What to do:

Refocus on managing key data and understanding where and how it has been shared across multiple channels and boundaries, irrespective of supply chain provider. The best method is to implement a supply chain information risk assurance process, which is focused on information shared with upstream suppliers. This can be done by using supply chain maps to follow the information. Such an upstream information-sharing assessment tracks what is being shared with the suppliers’ suppliers and beyond. The results draw attention to significant concentrations of information, triggering the implementation of additional controls on your suppliers and can mitigate risks.

In Summary:

The unfortunate reality of today’s complex digital marketplace is that it is impossible to prevent every security compromise beforehand, and that no matter how much you prepare, there are still risks. However, being proactive now also means you, and your business will be better able to react rapidly and intelligently when something does happen.

For more information, guidance, and support on making sure your infrastructure is as secure as possible, get in touch with one of our engineers.

email header

Web4 Key Security Threats that Businesses Need to Prepare for in 2019

Windows 7 End of Life Support is nearing: January 14 2020

Only 6 Weeks until Microsoft ends the life of some of its most popular products.

These products include: Office 2010, Windows 7, and selected business server software.

What does that mean for your business?

1. You’ll lag behind your competitors:

There are no patches or updates for old software, leaving businesses
still using it lagging behind competitors.

2. Old software like Windows 7 costs more to run:

Old software costs more to run. Companies that upgrade to smarter,
faster, more secure operating systems, such as Windows 10, and migrate to the cloud, save a fortune over time with drastically reduced capital costs.

3. You will be vulnerable with Windows 7:

Hackers love end of life software, because it’s far easier to exploit.
The combination of no more security updates and lots of unpatched
holes makes it a prime target for cyber criminals.

4. Windows 7 will not be GDPR compliant:

Organisations that fail to protect their customers’ data are not compliant with GDPR. One of the main criteria of the new regulation is that
you have to use up-to-date, secure software, so if yours is falling short
all the hard work you did last year will have been for nothing.

What if I don’t upgrade or replace my machines by January 14th, 2020?

Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7.

What shall I do?

At ITCS, we have already upgraded many of our customers to the replacement Windows 10 platform.

If you haven’t upgraded yet, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible.

To meet with a member of our team or discuss your needs, please contact the ITCS support desk on 08456 400200 or email support@itcs.co.uk and we will be happy to help.

WebWindows 7 End of Life Support is nearing: January 14 2020

1/3 of UK leaders say they’d rather pay a hacker than invest in IT security – is UK plc waiting for the ransom notes?

Like most of Britain’s IT Leaders. IT Specialists ITCS are acutely aware of the importance of robust IT security systems and the threat posed by the growth in cyber-attacks and ransomware.  However, it seems that outside the IT department, business leaders are not giving adequate priority to the business risks they face from IT security threats.

IT Security Risks ‘huge’ as April report shows 350% Increase in Cyber Attacks

The Global Threat Intelligence Report (GTIR) published in April, reported that ransomware attacks surged by 350 per cent in 2017, accounting for 29 per cent of all attacks in EMEA and 7 per cent of malware attacks worldwide.  Victims have included public systems, such as the NHS, which impacted every area of the organization, including patient care.

The NHS response has been to allocate £150m on cyber-security to avoid a repeat of the incident – there is nothing like a headline-grabbing incident to raise the urgency of IT security spending.

‘Ordinary’ businesses face the same security risks as Public Bodies

It isn’t only official Government bodies, but absolutely every business that is at risk from the growing menace of cyber attackers – and it seems that UK business leaders, even in some of the UK’s largest employers are not treating IT security with the priority it deserves.

The 2018 Risk Value Report, published today, sees one third of senior global business decision makers admitting they would rather pay a hacker’s ransom demands than invest more of their hard-won budgets in information security.

ITCS Managing Director Brian Stokes said he was ‘shocked but not surprised’ by these results.  Brian said:

“This report is shocking, seeing as the UK’s top leaders don’t even know how much the ransom is likely to be, or even if they will ever get their data back after paying a ransom. This mindset is sending the wrong message, essentially telling international hackers they have a blank cheque ready – and are sitting waiting for the demands to arrive.  If that’s not scary, I don’t know what is.”

C-Suite leaders are over-confident about IT Security

It seems that outside the IT department, C-Suite leaders and other key decision makers are over-confident when it comes to assessing vulnerability within their own organisation.

Only 41 per cent of UK respondents were confident that their organisation had not been affected by a data breach already, but only 10 per cent of UK business leaders acknowledged that their organization was at risk of a future security breach.

22% of senior leaders ‘don’t know’ if their organization has suffered a security breach already

Nearly a third of senior leaders (31 per cent) believed they were not at risk and do not expect to suffer a breach – while this perhaps shows overconfidence, most worrying of all is that 22 per cent of senior UK business leaders admitted that they were not sure whether their organization had already suffered a breach or not!

Business leaders ‘idealistic’, not ‘realistic’

Kai Grunwitz, Senior VP EMEA, NTT Security, comments:

“Many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry. While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

The issues that concern UK business leaders

Only 4 per cent of UK leaders identified information security as the single greatest risk to the business.

Notably, 14 per cent identified Brexit as the single greatest business risk facing UK businesses, but  competitors taking market share (24 per cent) and budget cuts (18 per cent) were the biggest concerns – it seems that most business leaders fail to appreciate the risks posed by poor IT Security and the impact a breach could have on the business.

UK Leaders under-estimating costs of an IT Security breach

The report also shows that UK executives are estimating lower costs than their international colleagues should a breach occur.  While global estimates predict costs to be USD1.52m, UK executives estimate their recovery costs would be on average USD1.33m.

UK Leaders under-estimate time to recover from a breach

UK executives also show far more confidence than their international colleagues when it comes to predicting recovery times.

Globally, respondents anticipate it would take 57 days to recover from a breach, whereas in the UK, decision makers predict it would take just 47 days to recover, one of the lowest estimates for any country.

IT Security is not ‘just an IT issue’

Brian Stokes, Managing Director of ITCS, said:

“This survey proves what we’ve been saying for some time, that over-confidence in IT Security is widespread and in most cases this level of confidence is not justified among UK business leaders.   Attacks have the potential to disrupt an entire business so the threat needs to be discussed at board level – in every business, not just within IT businesses.

“GDPR sent UK plc into a panic, but IT Security spending is just as important to address – and also critically important to GDPR.  If these figures are correct, then we have way too many senior executives who are under-prepared, over-confident it will not happen to them, and happy to run the risk and pay an unquantified price if a breach occurs.   Their employees, customers and shareholders deserve better, I encourage them to act now.”

 

Business leaders who have any questions about IT Security can contact ITCS by telephone on 08456 444 200 or by visiting their website: https://www.itcs.co.uk

Web1/3 of UK leaders say they’d rather pay a hacker than invest in IT security – is UK plc waiting for the ransom notes?

‘World Password Day’ flooded businesses with password advice – that fell on deaf ears!

With each weekday bringing another new ‘World Day for xxxx’ on social media, businesses can’t help but become a tad cynical – but some advice is still worth following.

May 3rd was officially World Password Day – a rather odd thing to celebrate, but nonetheless social media was flooded with advice for businesses on what to do, most of which probably got overlooked by the very businesses that nonetheless hit like and share!  With new reports finding that one in five UK businesses have been hacked, and that nearly half of all UK attacks target UK manufacturers, password security is something businesses cannot afford to ignore.

ITCS spoke about it to Welsh Business News about the issue – click here to read the full article

Web‘World Password Day’ flooded businesses with password advice – that fell on deaf ears!

Gone Phishing!

ITCS Cyber Security expert, Wayne Harris, discusses the growth in ‘Phishing’ attacks – and how ITCS are protecting their customers

Information is now the lifeblood of most businesses, and the more we do on-line, the higher the risks of cyber-crime and greater the rewards for the attackers.

Let’s face it, we all receive a mass of emails every day, and as good as the email spam filters are getting, inevitably rouge mails will get through.  Your next line of defence are your users, and this raises the importance of adequate cyber security awareness training, and the investment in your staff.  I meet with companies on a regular basis, who are looking to invest in their information security, but often they haven’t covered the basics when it comes to their staff training.

So, what is ‘phishing?   A phishing email (or sometimes SMS or instant message) is an electronic message sent to a user (or group of users) purporting to be from a trustworthy organisation or government department.  These messages invite you to open a link (such as viewing an online invoice), or an attachment that will lead the user to a malicious website or install malicious software on your devices (such as ransomware).  These malicious websites are designed to draw you in, and may look genuine to a casual user.  This year we have seen attacks masquerading as energy providers, parcel delivery notifications, and popular on-line auction and e-commerce sites.  They all have something in common – they all invite the user to click the links!

Great care should be taken with these types of attacks, as they are either designed to infect computer systems, steal personal details, user credentials (and often users will use the same password on multiple accounts), or to coerce the user into paying fake invoices and initiate banks transfers.  Our advice to users is to never click links on emails unless you are absolutely certain that it is genuine – if you are in any doubt, check or better still, go directly to the genuine website.  We also advise that any bank details provided via email should be double checked directly with the provider before making payment – use the existing information you have for them, don’t reply to the email, and speak to a known contact.

At ITCS, we have gone to great lengths to protect your systems, where possible through the implementation of software restrictions, and enhanced spam filtering, and offer next generation security solutions to further enhance the security of your network.  In the event of a successful attack, our Backup and DR solutions will ensure that your data is protected and your business can recover quickly.

Over the last year, we have run cyber security briefing sessions for our business customers, and have offered over 100 free places to our business support customers.  In addition, we have written and delivered bespoke user training to various customers throughout the UK at their own sites to further protect their business information and financial assets.

For further information, or to book your free cyber security briefing session, please call 08456 444 200, email support@itcs.co.uk or visit our website for more information.

WebGone Phishing!