ITCS News

4 Key Security Threats that Businesses Need to Prepare for in 2019

From high profile data breaches of companies like Facebook and British Airways, to mounting evidence surrounding Russian interference in the 2016 US election, it is safe to say that 2018 was a landmark year in terms of security vulnerabilities and emboldened cyber-criminals. So, with 2019 set to bring more technology advancements, what can you do to protect yourself, and what should your priorities be as a business?

The Information Security Forum – also known as the ISF – is a trustworthy source that senior security professionals and board members turn to for guidance on information security and risk management. They have identified 4 key security threats that businesses will be faced with this year – as well as tips for risk management. You can read the full report here.

Key threats for 2019 include:

1. Increased Sophistication of Cyber Crime

In 2017, high-profile incidents, such as the WannaCry ransomware attack, made file-encrypting malware internet enemy number one. 2018 actually saw a decrease in the number of Ransomware attacks, as many businesses invested in backup solutions that eased the impact of a ransomware attack – or even investing in high quality Endpoint Detection and Response (EDR) systems – which basically eliminate the risk altogether.  However, there are still many high-profile ransomware attacks happening, which is why this threat remains at the top of our list as a threat to business in 2019.

How to Prepare:

John Zorabedian, author of Sophos NakedSecurity Blog – suggests that preventing ransomware attacks can be as simple as getting the basics of cyber security right. Back up your files regularly,  train and retrain employees in your business (we can help with that if you need). Use a password manager and never reuse passwords. Keep up to date with operating system patches and app or software updates. Change the default administrator passwords on things like home routers, modems, and network-attached storage servers.

2.Legislation Falling Behind 

ClickDimensions-GDPRBoth regional and national legislators are struggling to keep pace with the fast-paced developments in Cyber-security. They are set to fall even further behind in 2019, with most current legislation in place being years behind the technological curve. At the same time, as businesses cry out for more regulation, sweeping changes get made with tight deadlines that don’t allow adequate time for organisations to attain compliance. The ISF identifies how national regulations will also provide a hindrance: “legislation by its nature is government and regulator driven, resulting in a move towards national regulation at a time when cross border collaboration is needed. Organisations will struggle to keep abreast of such developments which may also impact business models which many have taken for granted”.

What Can I do?

Unfortunately, this one is mostly down to government and regulation. Without doubt, there remains much to be done and it requires the collaboration between governments, private initiatives, the academic sector, and of course, users.

3. Smart Devices will Challenge Data Integrity

Picture+for+ArticleAs the world enters a new era of technology, businesses are implementing smart devices enthusiastically in an effort to impact their business. This is a huge positive; however, many users won’t realise that these devices are often insecure by design, and therefore offer many opportunities for attackers. These types of attacks are on the rise; in 2018, SophosLabs saw significant growth in the volume of attacks targeting IoT devices. One of the reasons for this is that it’s challenging to detect a device is affected until something goes horribly wrong.

There will also be an increasing lack of transparency – vague terms and conditions will allow organisations to use personal data in ways customers did not intend. This will prove problematic for business, as it’ll become less clear to pinpoint what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones or conference phones. To add insult to injury, when breaches occur, organisations will be held liable by regulators and customers for inadequate data protection.

The Fix:

Again, the main advice for preventing these types of attacks is to focus on mastering the basics. Make sure all devices are kept updated, and continually updating passwords. A new device that’s being introduced as a replacement for old devices makes it increasingly easy to forget about every connected device on your network. But old devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.

Each device is a potential weak point that has to be secured. So, if there are old access points that you no longer use, you’ll want to thoroughly disconnect them from the network – even going as far as doing a factory reset on the gadget.

4. Supply Chain Assurance Myths

Supply chains are a vital component of any B2B or B2C organisation. They are integral to the smooth running of a business, with valuable – and often sensitive – business information being shared with trusted suppliers. It’s important to remember that when this information is shared, direct control over your data is lost. This year, many organisations will realise that gaining traditional reassurance of their supply chain security is a lost cause. Businesses that continue to focus on assuring supply chain security with approaches such as self-certified audit and assurance, may preserve the illusion of security in the short term, but will inevitably discover that the security foundations they believed to be in place were lacking. Even the smallest supplier, or the slightest supply chain disruption, can have serious impacts on your business. Brand management and brand reputation are subject to the successful security of your supply chain; both are constantly at stake.

What to do:

Refocus on managing key data and understanding where and how it has been shared across multiple channels and boundaries, irrespective of supply chain provider. The best method is to implement a supply chain information risk assurance process, which is focused on information shared with upstream suppliers. This can be done by using supply chain maps to follow the information. Such an upstream information-sharing assessment tracks what is being shared with the suppliers’ suppliers and beyond. The results draw attention to significant concentrations of information, triggering the implementation of additional controls on your suppliers and can mitigate risks.

In Summary:

The unfortunate reality of today’s complex digital marketplace is that it is impossible to prevent every security compromise beforehand, and that no matter how much you prepare, there are still risks. However, being proactive now also means you, and your business will be better able to react rapidly and intelligently when something does happen.

For more information, guidance, and support on making sure your infrastructure is as secure as possible, get in touch with one of our engineers.

email header

Web4 Key Security Threats that Businesses Need to Prepare for in 2019

Windows 7 End of Life Support is nearing: January 14 2020

Only 6 Weeks until Microsoft ends the life of some of its most popular products.

These products include: Office 2010, Windows 7, and selected business server software.

What does that mean for your business?

1. You’ll lag behind your competitors:

There are no patches or updates for old software, leaving businesses
still using it lagging behind competitors.

2. Old software like Windows 7 costs more to run:

Old software costs more to run. Companies that upgrade to smarter,
faster, more secure operating systems, such as Windows 10, and migrate to the cloud, save a fortune over time with drastically reduced capital costs.

3. You will be vulnerable with Windows 7:

Hackers love end of life software, because it’s far easier to exploit.
The combination of no more security updates and lots of unpatched
holes makes it a prime target for cyber criminals.

4. Windows 7 will not be GDPR compliant:

Organisations that fail to protect their customers’ data are not compliant with GDPR. One of the main criteria of the new regulation is that
you have to use up-to-date, secure software, so if yours is falling short
all the hard work you did last year will have been for nothing.

What if I don’t upgrade or replace my machines by January 14th, 2020?

Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7.

What shall I do?

At ITCS, we have already upgraded many of our customers to the replacement Windows 10 platform.

If you haven’t upgraded yet, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible.

To meet with a member of our team or discuss your needs, please contact the ITCS support desk on 08456 400200 or email support@itcs.co.uk and we will be happy to help.

WebWindows 7 End of Life Support is nearing: January 14 2020

ITCS Celebrates Latest Awards Win for IT Support Team

The ITCS team have another reason to celebrate as we have been named Best Business IT Support Company 2018 in the 2018 Welsh Enterprise Awards.

It’s greatly appreciated by the support teams who work at our highly-regarded Head Office and 24 hour support centre in Bridgend, and of course our Midlands regional office and nationwide network of engineers.

We now provide IT Support, Business Telecoms, Web Design, PPC and SEO to businesses throughout the UK.

The awards, hosted by SME-News, analyse every aspect of entrants’ performance over the past 12 months, considering factors like commitment to innovation, working practices and how they compare to their industry competitors.  The results will be formally announced in October 2018, but winners have been notified early.

Managing Director, Brian Stokes, said he was delighted to receive the award:

“I’d like to thank the awards organisers for recognizing the outstanding efforts of our IT support team. Every team member is committed to delivering excellent customer service and this award reflects the hard work and effort they put into exceeding customer expectations.  I’m delighted to receive this award on their behalf, and would like to personally thank the customers who took time to support our nomination.”   

WebITCS Celebrates Latest Awards Win for IT Support Team

ITCS welcomes ‘more durable’ Gorilla Glass for next-gen mobile phone handsets

Welsh business mobile provider ITCS are pleased to learn that handset screen manufacturer Corning are introducing an even tougher version of their famous Gorilla® Glass, which Corning claim is the most durable cover glass to date. Having been introduced in September 2007, and leading the industry since, Corning’s Gorilla® Glass screens have provided serious protection … Continue reading

WebITCS welcomes ‘more durable’ Gorilla Glass for next-gen mobile phone handsets

Congratulations to AerFin CEO Bob James on OBE award

We love to shout about good news from our customers, and an OBE is definitely something worth shouting about!

AerFin CEO Bob James was recently awarded an OBE in the Queen’s Birthday Honours List for services to exports in the aerospace industry.   ITCS supply the company with business broadband and business telecoms, and our team were delighted to hear about the award.

ITCS Managing Director, Brian Stokes, said:

“I am proud to supply Aerfin and look forward to continuing to work with them.  The company are one of Wales success stories and have pioneered Welsh aerospace innovation around the Globe.

“It only remains for me to add my congratulations to what I’m sure will be a very long list for one of Wales’ most successful businessmen.”

WebCongratulations to AerFin CEO Bob James on OBE award

1/3 of UK leaders say they’d rather pay a hacker than invest in IT security – is UK plc waiting for the ransom notes?

Like most of Britain’s IT Leaders. IT Specialists ITCS are acutely aware of the importance of robust IT security systems and the threat posed by the growth in cyber-attacks and ransomware.  However, it seems that outside the IT department, business leaders are not giving adequate priority to the business risks they face from IT security threats.

IT Security Risks ‘huge’ as April report shows 350% Increase in Cyber Attacks

The Global Threat Intelligence Report (GTIR) published in April, reported that ransomware attacks surged by 350 per cent in 2017, accounting for 29 per cent of all attacks in EMEA and 7 per cent of malware attacks worldwide.  Victims have included public systems, such as the NHS, which impacted every area of the organization, including patient care.

The NHS response has been to allocate £150m on cyber-security to avoid a repeat of the incident – there is nothing like a headline-grabbing incident to raise the urgency of IT security spending.

‘Ordinary’ businesses face the same security risks as Public Bodies

It isn’t only official Government bodies, but absolutely every business that is at risk from the growing menace of cyber attackers – and it seems that UK business leaders, even in some of the UK’s largest employers are not treating IT security with the priority it deserves.

The 2018 Risk Value Report, published today, sees one third of senior global business decision makers admitting they would rather pay a hacker’s ransom demands than invest more of their hard-won budgets in information security.

ITCS Managing Director Brian Stokes said he was ‘shocked but not surprised’ by these results.  Brian said:

“This report is shocking, seeing as the UK’s top leaders don’t even know how much the ransom is likely to be, or even if they will ever get their data back after paying a ransom. This mindset is sending the wrong message, essentially telling international hackers they have a blank cheque ready – and are sitting waiting for the demands to arrive.  If that’s not scary, I don’t know what is.”

C-Suite leaders are over-confident about IT Security

It seems that outside the IT department, C-Suite leaders and other key decision makers are over-confident when it comes to assessing vulnerability within their own organisation.

Only 41 per cent of UK respondents were confident that their organisation had not been affected by a data breach already, but only 10 per cent of UK business leaders acknowledged that their organization was at risk of a future security breach.

22% of senior leaders ‘don’t know’ if their organization has suffered a security breach already

Nearly a third of senior leaders (31 per cent) believed they were not at risk and do not expect to suffer a breach – while this perhaps shows overconfidence, most worrying of all is that 22 per cent of senior UK business leaders admitted that they were not sure whether their organization had already suffered a breach or not!

Business leaders ‘idealistic’, not ‘realistic’

Kai Grunwitz, Senior VP EMEA, NTT Security, comments:

“Many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry. While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

The issues that concern UK business leaders

Only 4 per cent of UK leaders identified information security as the single greatest risk to the business.

Notably, 14 per cent identified Brexit as the single greatest business risk facing UK businesses, but  competitors taking market share (24 per cent) and budget cuts (18 per cent) were the biggest concerns – it seems that most business leaders fail to appreciate the risks posed by poor IT Security and the impact a breach could have on the business.

UK Leaders under-estimating costs of an IT Security breach

The report also shows that UK executives are estimating lower costs than their international colleagues should a breach occur.  While global estimates predict costs to be USD1.52m, UK executives estimate their recovery costs would be on average USD1.33m.

UK Leaders under-estimate time to recover from a breach

UK executives also show far more confidence than their international colleagues when it comes to predicting recovery times.

Globally, respondents anticipate it would take 57 days to recover from a breach, whereas in the UK, decision makers predict it would take just 47 days to recover, one of the lowest estimates for any country.

IT Security is not ‘just an IT issue’

Brian Stokes, Managing Director of ITCS, said:

“This survey proves what we’ve been saying for some time, that over-confidence in IT Security is widespread and in most cases this level of confidence is not justified among UK business leaders.   Attacks have the potential to disrupt an entire business so the threat needs to be discussed at board level – in every business, not just within IT businesses.

“GDPR sent UK plc into a panic, but IT Security spending is just as important to address – and also critically important to GDPR.  If these figures are correct, then we have way too many senior executives who are under-prepared, over-confident it will not happen to them, and happy to run the risk and pay an unquantified price if a breach occurs.   Their employees, customers and shareholders deserve better, I encourage them to act now.”

 

Business leaders who have any questions about IT Security can contact ITCS by telephone on 08456 444 200 or by visiting their website: https://www.itcs.co.uk

Web1/3 of UK leaders say they’d rather pay a hacker than invest in IT security – is UK plc waiting for the ransom notes?

Adwords is giving me clicks – so where are all the customers?

Google Certified Adwords specialist, Lisa Baker, discusses why self-managed Adwords campaigns rarely attract the right traffic and what customers can do to fix it!

It’s important to remember that customers may not actually buy online, but call your phone instead, especially if using a mobile, so your ads MAY be working better than you think.  However that’s another story.  It’s true to say that self-managed Adwords campaigns often waste huge chunks of budget because customers don’t know how to get the best from them.

“Adwords didn’t work for us”

“Adwords didn’t work for us” is maybe the most common thing I hear when it comes to speaking to new SEO clients.  Desperate to get a bigger share of the traffic for their keywords, many of them have invested considerable resources, sometimes thousands of pounds per month, only to see no return on their investment.

These same clients are the ones who give us a try and are surprised when a month later, they are getting more telephone calls to their business, a lower bounce rate, more leads and more conversions from the same Adwords budget – even after they have paid our management fees!

SEO and Adwords management is often seen as a ‘dark art’.  However, ITCS customers won’t find me waving a magic wand and chanting under a full moon to improve their Adwords performance – it’s actually just a matter of common sense.

The good news is that people like me use the same Adwords portal that you do – we just know how to use it better!

Here’s two ways you can make fast improvements:

 

Avoiding Broad Match Traps

The first tool in your kit needs to be match types – if you don’t know what they are, chances are you will waste 50-80% of your budget.

Google has four different match types – knowing how to use which type and when is critical in getting the right traffic.  Getting it wrong is the most common mistake we see.

Most ‘DIY’ managers only use broad matches and assume Google will only match when the customer search includes their term.  This is a costly mistake.

Broad matches, where a phrase is just written normally, allow for similar or related search terms.  This means in practice if you type in ‘Van MOTs’, Google will also match for Car MOTs, Van Sales, ‘My Van failed it’s MOT’, ‘What does an MOT cost’ etc.

This means two things will happen:

  1. Your budget will go fast, because there are lots of these irrelevant searches and
  2. All those clicks will do nothing to gain you business.

Our advice is:

  1. learn all about the different match types so you know what to use, when – and use broad matches with extreme caution, and
  2. Look into negative keywords use them to avoid irrelevant matches.

 

Getting it right: Quality Scores

Google assigns each keyword a quality score, from 1 to 10.  No matter how much you offer to pay, a keyword with a low score won’t get many ad views, and those it gets will be more expensive.

That’s because Google wants to deliver what customers are looking for.  So, if you don’t sell red shoes on the page your ad takes customers to, and you don’t mention red shoes in your Google Ad, chances are your quality score for the term red shoes will be low!

If you go to the keywords tab, within Google Adwords, you can modify the columns to show your Quality Scores.  If you also add the ‘ad relevance’, ‘landing page experience’ and ‘expected click through rate tabs’, you can see why Google has given your keyword that score, which tells you where you can start to make improvements.

Here’s a handy little infographic to show you why getting Quality Scores right could save you money.

Infographic Provided by Wordstream

Why choose an Adwords professional

While these two points will almost certainly reduce your wasted spend, in the right hands, you could see real gains for your business by getting Adwords right.  Just like adding an extension to your home is something usually best done by a qualified builder, you will get better results by using an expert to manage Adwords.

There is far more to managing Adwords than can be gathered in a simple blog post, Google Certified specialists have to undertake exams every year to maintain their status, and in order to get the best results, our advice is always to use a Google Partner like ITCS.

In case you are wondering what your matches look like, ITCS offer a free review, and will be happy to show you where you could make savings.

Ultimately, Adwords is no different to any other power tool.  In the right hands, it’s an investment in your business – getting it wrong should not be an option.

If you’d like your free Adwords review, click here.

WebAdwords is giving me clicks – so where are all the customers?

‘World Password Day’ flooded businesses with password advice – that fell on deaf ears!

With each weekday bringing another new ‘World Day for xxxx’ on social media, businesses can’t help but become a tad cynical – but some advice is still worth following.

May 3rd was officially World Password Day – a rather odd thing to celebrate, but nonetheless social media was flooded with advice for businesses on what to do, most of which probably got overlooked by the very businesses that nonetheless hit like and share!  With new reports finding that one in five UK businesses have been hacked, and that nearly half of all UK attacks target UK manufacturers, password security is something businesses cannot afford to ignore.

ITCS spoke about it to Welsh Business News about the issue – click here to read the full article

Web‘World Password Day’ flooded businesses with password advice – that fell on deaf ears!

How thinking within the box helped a major client improve business resilience

The ITCS projects team are regularly asked to ‘think outside the box’ – but a recent disaster recovery project saw us thinking very much within it!

One of our established clients, a huge international automotive specialist, had approached the projects team to commission and build a back-up data centre solution for their site in South Wales, which employs over 500 people.  The client had identified that existing backup switches were not sufficiently remote to the main site, so if a disaster such as a fire or flood occurred, the back-up would be equally vulnerable.

ITCS were initially tasked to identify a good, secure location for an additional data centre within the existing building complex, but having inspected the site over several hours, Projects Director Glyn Pearce was unable to identify a suitable location which would not be equally affected by any disaster that befell the main data centre.

As the project would need an exterior site, Glyn needed to find a solution for a custom structure which would be affordable, reasonably fast to complete and sufficiently strong and secure to act as a disaster recovery suite.  Having seen containers used for all manner of purposes, Glyn came up with the idea of using a shipping container to create a disaster recovery suite, completely customized to meet the company’s exact needs.

Shipping containers are made from weathered steel, so offer good fire resistance and are secure.  Unlike traditional buildings, a container was quick to build and could be located anywhere, so finding the right spot sufficiently distant to the main building would not be a problem on the large site.  The location chosen would then require the ITCS Projects team to lay a 3000m fibre data cable from the main site to the disaster recovery suite, ensuring connectivity in a crisis.

Glyn presented the solution to the client, who loved the idea and instructed ITCS to go ahead with the build.

    

The build itself took 6 weeks at the ITCS site in Bridgend.  The team took an initial empty container, and the other departments at ITCS watched with interest as the projects team converted it into a complete office suite with both the hardware and comfort required to ensure business continuity in the event of a disaster.  The next step would be installation of the disaster recovery suite at the clients site.

Logistics and transport were the next challenge.  Thankfully, ITCS have a good working relationship with local heavy transport experts Smiths Heavy Haulage.  We were able to work with them closely to manage the logistics of transporting a heavy container to site and we were well equipped to handle the installation.  We employed contractors and managed the entire on-site project including health and safety during both installation and the laying of the 3000m fibre cable.

The result is a completely custom, robust disaster recovery solution that has seriously increased our client’s business resilience.

The client was over the moon with the final result, which was implemented on time and on budget.

Glyn

Projects Director Glyn said:

“What seemed an initial challenge was easily overcome.  I always joke that working in the projects team means being able to think outside the box – I’ve now had to agree it means thinking WITHIN a box sometimes!

“This is a perfect illustration of how good planning, creative thinking and good relationships with logistics and contracting teams can deliver a complex project and make it look effortless to the untrained eye.  We’ve already had enquiries for similar projects for other large companies in the South Wales area, and it feels great to know that no matter what life throws at our clients, we are able to help them ensure business continuity.”

 

WebHow thinking within the box helped a major client improve business resilience