IT Security

Microsoft Excel vs. Coronavirus: Why investing in the right resource is critical

Microsoft Excel is usually the go-to tool for creating spreadsheets and performing calculations with restricted data sets. For that kind of work, it’s invaluable. But should it ever be used as a database?

As we have all seen play out in real-time this week, catastrophic results can ensue when you fail to invest properly in the correct resources for projects.

What happened to the coronavirus test and trace data:

This week, almost 16,000 cases of coronavirus in England went unreported because of a glitch caused by an Excel spreadsheet. According to Tech Radar, PHE was unable to keep track of the thousands of results, due to outdated software.

Although the maximum number of rows per Excel file is more than one million, it seems the system stored each test result in a new column instead. This has a maximum of approximately 16,000 per file. This is thought to have been down to the use of older versions of Excel, which store fewer columns in its .xls files than newer versions with their .xlsx format.

Why Microsoft Excel was the wrong resource:

Multiple IT experts have been scratching their heads over the UK Central Government’s decision to use Excel for such a sensitive task.

Paul Norris, Senior Systems Engineer at TripWire, says Excel is useful for small tasks but not for handling large quantities of data:

Desktop tools such as Excel should not be used for large datasets, and investment should be made into technology that can securely process large datasets to ensure data integrity and accurate results.

Another massive issue? Data security. Excel software, while simple to use and collaborate on, is not appropriate for providing significant data security. Multiple users were never incorporated into the desktop interface. This means that files are easily corrupted by simultaneous use, which can also cause performance issues. If several users do have access, multiple versions could be updated and stored independently, causing confusion over which version is the latest.

A cautionary tale for all businesses: Invest in proper resources

If this week should do anything for business owners and project managers, it should serve as an important reminder about the necessity of using and investing in the right software for the right project.

While using a cheaper option may seem like a savvy decision at the time, it can result in disastrous consequences – particularly when the software or project involves sensitive client data.

Make sure you have a trusted IT Specialist on hand to help with this. Whether you have an internal IT Department or you outsource, get a trusted advisor to guide you to the correct solutions that fit your business needs.

WebMicrosoft Excel vs. Coronavirus: Why investing in the right resource is critical

EasyJet Cyber-Attack: What to do if you’re affected

EasyJet has been hit by a ‘highly sophisticated’ cyber-attack which could have exposed up to 9 million people’s details. Here’s what to do if you’re affected.

How will I know if I’ve been affected?

For those EasyJet customers who have had their credit card details stolen, steps have already been taken to ensure all these people are contacted.

On the specific recommendation of the UK’s Information Commissioner’s Office (ICO), the remainder will all be contacted by 26 May. If you are not contacted by this date, that means your information has not been accessed, easyJet said.

The airline added there was no evidence that any of the personal information had been misused. However, it is still early days in terms of this incident, that had been brought to their attention in January.

I think I may have been affected (or I’m worried I have been). What can I do?

The first thing you should do is change your password to your EasyJet account. If you need tips on how to create a strong password, see this article: CLICK HERE

We’ve also discovered a neat new tool that will scan the dark web and see if your password has been stolen at all – it’s called ClearScore Protect.

ClearScore Protect

ClearScore Protect is a new free service aimed at tackling online fraud.

The offering from ClearScore, a credit score and credit marketplace, is an anti-fraud dark web monitoring system, which has just been unveiled in response to new figures revealing that a third of adults in the UK have been victims of online fraud.

ClearScore Protect monitors the dark web for any stolen passwords, alerting users to any potential breaches every three months. Once users have been alerted to any stolen information, they will be shown a page containing all of their breached passwords, with simple and easy instructions on how to change them. In performing these actions, the user will prevent cybercriminals from taking advantage of their data for financial gain.

You can find the tool here: ClearScore Protect

Article Sources

conversation.which.co.uk/money/easyjet-cyber-attack-data-breach-advice/

EasyJet company alert: Cyber Security Incident

WebEasyJet Cyber-Attack: What to do if you’re affected

Get Started with Collaborate:

Giving you the tools to enable effective remote working: ITCS Cloud System is a complete Unified Communications solution, providing businesses with an easy-to-use and reliable collaborative experience across multiple devices and sites.

ITCS Cloud Phone Systems, along with a PC/Laptop soft-phone and mobile app, let you connect your office phone to your preferred business device. Your PC/Laptop or Mobile becomes an extension of your desk phone, allowing you to make and receive calls, transfer to colleagues, view any missed calls and record call statistics, just as you would from the office.

From every location, using any device:

Users can access the cloud service from wherever they are located – whether in the office, on the move, or at home – using desktops, tablets or smartphones. The service runs on Windows and Mac desktops, and iOS
and Android mobiles.

The user interface is intuitive and similar on all devices, and users experience seamless continuity when switching between types of device (e.g. leaving home or the office and transferring to a tablet or smartphone in real time).

What about meetings with clients?

The guest facility of My Room enables customers to be invited into an online meeting. If they have internet access, they can call directly as an IP call, or use call back. If they don’t have internet access, they can dial in using a pin.

Solve today’s workplace challenges with ITCS cloud-based tools:

FEATURES INCLUDE:

Smart call routing and call handling – as a cloud-based service, whatever device is being used, communications are tied to your business identity (i.e. your business phone number) so call handling features work as usual. For example, if a user is working remotely using a mobile device, any incoming calls can automatically call forward from their desk phone with no disruption to the caller and without call forwarding charges.

SIP trunking extends unified communications – for locations that may have an on-premises phone system not yet fully depreciated, this enables smart team working tools to be extended to all users across a mixed on-premises and cloud communications service estate.

Support for multiple devices smartphones and tablets (Apple and Android), desktops and laptops (Apple and Microsoft, Chromebook and Linux).

Time is of the essence, given the current situation with COVID-19. We are working on a first come first serve basis for remote working setup, but understand the importance and working tirelessly to deliver these crucial services.

WebGet Started with Collaborate:

5 Tips for Developing a Robust Disaster Recovery Plan

A Disaster Recovery Plan is essential to any business. Business continuity plans have tended to focus on the risk posed by natural disasters such as flooding, fires, or cyber-threats. A global health pandemic like COVID-19—where no company property was destroyed but staff would be asked to work remotely for months or even years—tended not to even factor into their risk calculations.

From devastating floods to recent growing cyber threats, power outages, hardware failure or human error, there’s a lot that can go wrong in your organisation; much of which is out of your control.

From telecoms that can work wherever you are, implementing user-specific access control policies and presenting applications through the cloud, here are tips and advice for creating a robust coronavirus business continuity plan.

Tip 1: Business risk analysis

This may seem obvious, but you would be surprised how many organisation do not conduct an in-depth risk analysis of their business. The first stage in any disaster recovery project should be to assess the risks facing the organisation. Managers should link risk assessments to a business impact analysis. It is only by looking at risk and impact together that allows a director to scale your organisation’s priorities, and also to decide on the type of protection measures needed.

Some risks will be so great, and the impact so high, that only a formalised business continuity plan will reduce them. For others, a staged recovery plan might be acceptable. ITCS provides a free IT Security Audit so that you can assess the risks facing your business.

You should also consider supply chain risks. A supplier is likely to have its own business continuity arrangements, but its priorities and recovery objectives might not align with your own

You can’t protect against every possible threat, but the key is to have the most comprehensive picture possible of the risks facing the business and an understanding of their likelihood, how deeply they affect the business, and how long it would take to recover from them.

Tip 2: Break down IT Risks

IT failures remain a significant source of outages for businesses, and your IT Infrastructure will be critical for remote working. Industry analyst IDC calculates that half of organisations would not survive an outage that takes down their central IT systems “for an extended time”. But it is not easy to predict which parts of a system could fail, and the impact of the failure.

Directors need to adopt a similar approach to IT risks as they do to environmental, human or infrastructure risks. Experts should examine the likelihood of failure across all components of core systems, whether these are on-premise, outsourced or in the cloud.

IT teams should not just look at hardware, but at the risks posed by data loss and data corruption, including through cyber attacks or malware, and of application unavailability. They should then be able to rank systems in terms of how critical they are and how easily they can be restored or recovered.

Tip 3: Set recovery objectives

Your IT System audit will, in turn, set the key objectives for your Disaster Recovery Plan. This includes an understanding of acceptable periods of downtime, and their cost – something that can only be calculated in discussion with the business.

The disaster recovery plan is likely to consist of resilience, availability, and business continuity measures, along with backup and recovery strategies and a degree of managed failure.

This might include contingency plans, such as staff working from home using cloud-based applications and mobile phones, through to access to high-end business continuity locations. Fortunately, cloud-to-cloud backup of application data and backup of on-premise data to the cloud are both helping businesses of all sizes to become more resilient.

Tip 4: Set your response strategy

Disaster recovery is the archetypal “people, process and technology” challenge. Unless the outage is brief enough to get by on cloud-based services and through remote working, the business will need to consider alternative working locations and how to move staff and technology there.

If the outage affects a data-center and systems fail-over to a secondary site, IT will need to work to restore the primary location or find a new one, as well as ensure that the now single fail-over site is backed up too.

The main way to contain a disaster, and to ensure effective recovery, is to maintain good communications. The business should, in advance, appoint a person to lead the disaster response. This person does not have to be the person who wrote the DR plan but does need to be familiar with it.

The disaster response team should include experts from outside IT, including HR, as well as representatives from business operations. Crucially, the team should have a way to communicate in an emergency and, ideally, take part in any DR exercises.

Tip 5: Test the DRS Plan

Testing your disaster recovery or business continuity plan through an exercise can be disruptive, but they are necessary. A DRS exercise will test if the plan needs to be reviewed or updated.

It is only by testing that a firm will know whether the plan works and whether it is resilient enough to perform under pressure. Simulation, and testing the communications systems, is the best way to expose any weaknesses. Teams can then feed insights gained from the testing phase back into the risk assessment and business impact analysis, fine-tuning the plan as they go.

In Summary:

The unfortunate reality is that it is impossible to prevent every business risk and that no matter how much you prepare, there are still risks. However, being proactive now also means you, and your business will be better able to react rapidly and intelligently when something does happen.

For more information, guidance, and support on making sure your infrastructure is as secure as possible, get in touch with one of our engineers.

SOURCES:

https://www.computerweekly.com/feature/Five-essential-steps-to-a-sound-disaster-recovery-plan

https://searchdisasterrecovery.techtarget.com/Risk-assessments-in-disaster-recovery-planning-A-free-IT-risk-assessment-template-and-guide

https://www.dynamicnetworksgroup.co.uk/resources/news-and-views/may-2019/what-counts-as-a-disaster%E2%80%9D-in-it/

 

Web5 Tips for Developing a Robust Disaster Recovery Plan

Cyber-Criminals Cashing in on Coronavirus

IT Security experts are warning of new phishing campaigns designed to capitalise on global fears of the fast-spreading corona virus.

There are a number of campaigns circulating which are spreading misinformation and conspiracy theories.

Mimecast has detected one such campaign, with emails titled “Singapore Specialist: Corona Virus Safety Measures.”

Of course, clicking on the link in the email will lead to a covert malware download.

According to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, cyber-criminals are also targeting credential theft with their attacks: “Our researchers have seen fake [Microsoft] Office 365, Adobe and DocuSign sites meant to steal credentials linked to coronavirus-themed emails.”

“The most notable developments we have seen are attacks that leverage conspiracy theory-based fears around purported unreleased cures for coronavirus and campaigns that abuse perceived legitimate sources of health information to manipulate users,” said DeGrippo.

Protect yourself against Cyber Threats:

There are a number of simple steps you can take to minimise risk, such as using a reliable IT Security solution and following safe cyber-hygiene practices such as strong password usage and never enabling macros in any attachments if you do open them.

Be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus.

Sources

https://www.computerweekly.com/news/252478553/Cyber-criminals-spread-coronavirus-conspiracy-theories

https://www.infosecurity-magazine.com/news/coronavirus-attacks-malware/

WebCyber-Criminals Cashing in on Coronavirus

Windows Server 2008 R2 End of Life Support is nearing: January 14 2020

Only 6 Weeks until Microsoft ends the life of some of its most popular products.

These products include: Windows Server 2008, Windows Server 2008 R2, Office 2010, Windows 7, and selected business server software.

What does that mean for your business?

1. You’ll lag behind your competitors:

There are no patches or updates for old software, leaving businesses
still using it lagging behind competitors.

2. Outdated servers like Windows Server 2008 R2 costs more to run:

Old software costs more to run. Companies that upgrade to smarter,
faster, more secure systems and migrate to the cloud, save a fortune over time with drastically reduced capital costs.

3. You will be vulnerable with Windows Server 2008 R2:

Hackers love end of life operating systems, because it’s far easier to exploit.
The combination of no more security updates and lots of unpatched
holes makes it a prime target for cyber criminals.

4. Windows Server 2008 R2 will not be GDPR compliant:

Organisations that fail to protect their customers’ data are not compliant with GDPR. One of the main criteria of the new regulation is that
you have to use up-to-date, secure operating software, so if yours is falling short then all the hard work you did in 2016 will have been for nothing.

What if I don’t upgrade or replace Windows Server 2008 R2 by January 14th, 2020?

Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches.

What shall I do?

If you haven’t upgraded yet, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible.

To meet with a member of our team or discuss your needs, please contact the ITCS support desk on 08456 400200 or email support@itcs.co.uk and we will be happy to help.

WebWindows Server 2008 R2 End of Life Support is nearing: January 14 2020

Cyber-Crime & SMEs: Who would want to attack my business?

When you look to the media, it is very rare to see small businesses making headlines for being attacked by cybercriminals. However, cyber-attacks in the UK grew by a dizzying 140% in 2018, and show no signs of slowing down in 2019. Moreover, According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses.

These figures don’t seem to make sense at first glance. Firstly, why would attackers put a small business in their crosshairs? Surely the big payoffs would come from going after larger operations? Secondly, the news is filled with headlines about cyber-attacks on large entities like the NHS, British Airways, and TalkTalk – SMEs are very rarely mentioned?

It might be tempting to think that your business has little in the way of value for hackers in comparison to the Talk Talks and Yahoos of the world. The fact of the matter is that your business has systems which hold data. Anything your business can leverage to make a profit, so can hackers. The statistics speak for themselves:

2/3 of companies with 10 – 49 employees suffered some form of cyber-attack in 2018.

The ONS estimate around 4.5 million cyber-crimes were committed in England and Wales during 2018.

Cyber-crime now accounts for more than 50% of all crimes in the UK (National Crime Agency).

According to the UK Gov’s ‘Cyber Survey 2019’, 31% of small businesses & 60% of med-sized businesses experienced a cyber-attack in 2018.

These figures are intimidating: The threats are real. But something stands between them and your organization’s data: you and your security teams, with the insight, perspective, and tools to take action.

Here are a few simple, yet effective tips that will benefit any business owner:

1. Perfect Password Protection:

This seems obvious; password protection is a standard practice these days. However, using a strong password that gets changed regularly is the foundation of good cyber-security. Follow these simple protocols when creating your passwords to ensure they are as strong as possible:

  • 8-16 characters in length
  • combination of upper and lowercase letters
  • include numbers and symbols
  • don’t choose obvious passwords
  • Change regularly

Implementing policies to deal with the sharing of passwords, even with co-workers, is also a good idea.

2. Layered Protection:

Layered protection in terms of technology and tools, means implementing various security controls to protect separate entryways. For example, deploying a firewall, endpoint protections, and secure email gateways – as opposed to relying only on traditional perimeter defenses. This also means limiting access to certain types of information, and adding levels of protection such as additional passwords, encryption, and so on.

Potential security risks can occur at a variety of levels. As a business owner, you need to set up security measures that provide multiple layers of defence against these risks. Layered security aids in keeping even the most sensitive data safe.

3. Monitor Personal Devices:

This sounds a little bit ‘Big Brother’-esque, but this doesn’t mean invading your staff’s personal privacy or disallowing specific software and apps. It just means that as a small business, you may not have the capital to provide devices like laptops, tablets, and smartphones for employees to use. In other words, employees may use personal devices to access company data.

If this is the case for your business, you need to create policies that allow your network administrator to install monitoring software, push automatic security updates, and call for regular password changes.

4. Train Employees:

Even with a technical support staff in place, your employees can create some of the greatest risks to cyber-security. However, when properly trained, they can also become some of your greatest assets – and a first line of defence against a data breach. With this in mind, it’s imperative that organisations conduct regular training sessions throughout the year to keep employees aware of potential scams and the ways they can make their organisation vulnerable.

 

 

5. Plan for Attack:

As you’ve seen above, cyber-attacks are now so prevalent, it’s best to prepare for the worst. You need to take a proactive approach to IT security. Ensure you employ a company that will take the time to get to know your business, and design a network security solution to suit your needs and budget.

 

 

6. Hack Yourself:

Before creating procedures and controls around IT security, organisations need to determine their risk. One of the best ways to find vulnerabilities is to hire an appropriate consulting firm or IT specialists to audit your system in search of weaknesses. From there, you can begin to make changes that will better protect your business, your network, and your clients.

 

 

 

Rounding Up:

SMEs have an inherent advantage over larger companies: smaller business tend to be more agile and flexible, so can adjust to changes quickly. The lack of red tape and corporate complexity means they can act and adapt fast. By giving cyber security the same priority as other business goals, SMEs can maintain their advantage and thrive in the new digital world. Cybercrime is on the rise and IT security is vital. ITCS can help you defend your data. Get in touch today for a free IT security audit – forewarned is definitely forearmed.

WebCyber-Crime & SMEs: Who would want to attack my business?

World Password Day should Be Every Day!

It’s World Password Day: when you look back – even as little as ten years – cyber security has never been as important as it is today. Businesses and Consumers both store some of their most sensitive details live behind online password protection. Financial information, confidential files, official documentation, personal photos, the list goes on. With intimidating statistics coming out about hackers and business all the time (Did you know there is a hacker attack every 39 seconds?), it seems that keeping sensitive online data safe needs to be at the top of everyone’s priorities.

With this in mind, World Password Day seems to present the perfect opportunity to be diligent about ensuring our passwords are secure. A few tips to keep in mind include:

1. Make your passwords 9-10 characters long:

Most websites recommend an 8 character minimum, but we would recommend using a minimum of 9 or 10 characters on all passwords.

2. Check your password vulnerability:

Go to a site such as haveibeenpwned.com – this is a completely free site built by one of Microsoft’s Regional Directors. Type in one of your passwords and see if your chosen code-word have been compromised in a breach and are generally available to hackers. If they are, change them wherever they are used.

3. The No-Name Rule – but expanded:

Do not use common passwords, and do not use basic personal details within your passwords. Info such as your birthday, family members’ names or pets’ names is easily guessable. According to security company SplashData the two most commonly used passwords are “123456”, and “password” – a dream for hackers and fraudsters.

4. Complex is Best:

Strong passwords normally incorporate a mixture of the following:

  • Uppercase characters
  • Lowercase characters
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/

5. Lather, Rinse… but DO NOT REPEAT:

Do Not Re-Use Passwords! Password reuse is extremely common. It’s extremely risky, but it’s a regular occurrence, because it’s easier to remember one or two passwords, and people aren’t aware of the potential impact. But, repeating the same password across several sites means if a hacker discovers just one password, all personal info is suddenly at risk. Therefore, it is crucial to diversify your passcodes to ensure hackers cannot obtain access to all of your accounts at once, should one password be somehow compromised.

Overall, it is absolutely crucial to ensure that your passwords are as secure as possible, every day – not just on World Password Day. CyberCrime is only escalating, and neglecting the defence of your network is simply allowing your data to be hacked. Secure your passwords now, and make sure you keep vigilant to the risks that we all face.

If you have any questions or concerns around computer security, please don’t hesitate to contact the ITCS support desk on 08456 444 200, we are always happy to help.

WebWorld Password Day should Be Every Day!

Tips for Cutting IT Costs in Your Company

A part of your business streamlining processes that takes time to develop is your cost-cutting strategy. Over the course of months and years in your industry, you’ll become increasingly aware of the inputs that you’re paying to keep your company afloat. What you may not be so aware of is the fact that the costs of your IT systems – perhaps the most important and biggest source of your business expenditure – can be reduced with smart planning.

This article provides tips to help you cut these hefty costs.

Modern Software Solutions

Software packages are a part of your obligatory expenditure in business. You don’t simply require hardware and computing power – you also need the programs that’ll help you perform whichever process your business is concerned with. With software developers quickly moving to produce the best solutions for businesses large and small, there’s healthy competition to take advantage of in this space.

Whether you take it upon yourself to personally monitor the emerging tech scene, or you rely on IT specialist advisors to do it for you, it’s fundamentally important that you keep your software up-to-date and effective. The best software packages – offering the best balance between investment and outputs – are centralised, allowing you to process a number of different functions through the same program. These are easily onboarded as third-party applications, with data transfer capabilities to ensure that you don’t lose your past work.

Energy Usage

Computing power relies on a constant source of energy and, especially in larger offices maintaining a number of devices between working hours, this can add up substantially. You can enact a number of strategies to keep your energy costs down – the simplest of which being to ensure that no device is left running unnecessarily. Likewise, purchasing efficient hardware with low-energy cooling systems is another way to reduce the energy used by your computers.

Meanwhile, you can also cut costs with the energy supplier themselves. Use this site to find a comparison of utility prices in the UK, with business-specific packages competing for your attention and custom on-screen. This is the simplest way to reduce your expenditure on energy bills, and will help you make cost-efficient use of the tools that your staff use every day.

Upgrade Wisely

Every company must intermittently upgrade their hardware, which is a costly process that you’re unable to avoid as computing systems slowly become either obsolete or incredibly slow. When you are forced to consider a wholesale upgrade to your computing systems, you’re faced with a choice – whether you invest in a long-term solution with plug-in extras you can onboard over time, or a shorter-term investment that gets your company running smoothly on new hardware.

In either case, you’re going to want to talk with IT specialists, and monitor tech sites, in order to find the best deals on your new office equipment. Bear in mind that many providers will provide discounts for multiple computer purchases, so sometimes it pays to buy in bulk to achieve the discounts that’ll cut your IT costs.

These tips will help you cut the IT costs in your company dramatically, while maintaining the same performance levels that helps your staff make the most of the technology available to them in the workplace.

WebTips for Cutting IT Costs in Your Company