Data breaches are expensive, make sure your team are Cyber-aware.

Data breaches are expensive, make sure your team are Cyber-aware.

In 2018, data breaches cost UK businesses an average of £6.4 million.
Human error, 
in the meantime, accounted between 60% and 90% of them.
Those facts alone are usually enough to 
persuade people security awareness training is very important.
Usually….

As a Managed Service Provider, we can only advise our Client base of the advantages of why they need to introduce Security Awareness Training, sooner rather than later.

 

1. Dodge Data breaches and Cyber Attacks

Commencing with the most plausible, security awareness training helps counter business destroying data breaches.

The exact number of breaches security awareness training prevents is impossible to count. In an ideal world, we’d be able to run a controlled trial in which the exact same people working for the exact same company were divided in half: a control & a test group. The latter would be given training, the former would not. The two could then be compared to see the variation in security knowledge.

Such a situation is not quite achievable – but that doesn’t mean advanced security awareness training providers are unable to explain the ROI of security awareness software. Although an imperfect measure, it’s possible to measure the incidence and prevalence of breaches pre & post-awareness campaigns and use the resulting metrics to glean an indication of ROI.

This is your first line of security. If someone wants to access your device, they will first need to break this barrier. This is not an easy task and can serve as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your data cannot be accessed. For this reason, you should consider mobile device management for your users.

2. To influence company culture in security methods

A culture of security has long been the motherboard for chief information security officers. Equally, such a culture is seen to be very challenging to achieve.

With the aid of security awareness training, some are heading in the right path to gain this dependable stronghold reputation.

By keeping an eye on indicators of culture, advanced security awareness training platforms can help security specialists monitor, nurture and develop a culture of security – making their people a proactive defence against threats.

3. To make technological defences stronger & more intelligent

Technological defences are, clearly, an important weapon in avoiding data breaches. But technological defences require input from people. Firewalls need to be turned onto maximum security. Security warnings need to be acknowledged. The software needs to be constantly updated and observed.

Few businesses today would wish of running without technological defences. And yet, without security awareness training, technological defences are not used anywhere near their full potential.

To make matters harsher, attackers today rarely bother attempting to penetrate businesses through purely technological means. Today’s attackers typically prefer to target people, who are sceptical but suffer from accidental clicking with lack of awareness of the destruction an email can do.

 

Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Cyber Criminals will target your Servers, it’s where the private data is.

Cyber Criminals will target your Servers, it’s where the private data is.

Just over 37% of cyber-attacks are identified directly on your IT servers, making them the most likely place to distinguish an attack within your organisation. That’s one of the most concerning stats taken from a recent survey from around 3000 IT managers around the globe.

 

Why are servers so tempting for Cyber Attackers?

1. Servers are very high in value

Servers very often contain an organisation’s most valuable data. For example, personally identifiable information such as employee and customer records could be stolen if they’re not professionally secured on the server.

Regulations, such as the strongly introduced GDPR that protects EU citizens’ data, encourages significant fines for non-compliance. Attackers know this knowledge and will threaten to publish sensitive client data if their costly demands are not met in due course.

2. Server downtime is remarkably costly
Servers are the IT motherboard of most Enterprises and are crucial to their day-to-day functioning. Unforeseen downtime can seriously impact productivity by denying access to important files or communication tools such as Microsoft Teams. Ransomware attacks can cause businesses to grind to a standstill unless a costly ransom is paid.

Instances, where a Business is reliant on servers for commercial function downtime, can be very severe.

3. Servers are a perfect place to start an assault
Servers are normally strongly connected to an organisation’s network. They are also online and operating every day of the year, which makes them an ideal platform for launching further attacks and looking for weak spots to exploit across the entire network. If you can’t identify a server that’s being held hostage, the gates to your IT stronghold could be wide open to threats from all over the world.

So what can be done in order to secure your important servers? The answer is in the right combination of advanced protection, visibility with powerful tools like Endpoint Detection and Response and server-specific features such as File Integrity Monitoring.

 

Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Become GDPR compliant, before they issue you with a nasty fine.

Become GDPR compliant, before they issue you with a nasty fine.

In current months as you’re almost definitely aware, both British Airways & Marriott Hotels have hit the headlines due to tremendous GDPR fines – £183 million for British Airways and £99.2 million for Marriott.

The penalties show that the General Data Protection Regulation has given enforcers like the UK’s Information Commissioner’s Office, some significant tools to work with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a worthless $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new punishments in strong action, we very much recommend you make sure you’ve lessened your risk of being next in the firing line.

GDPR is centered on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever you are located. Marriott, a U.S. organisation, is a prime case in point.

Here are five best rules we advise all businesses stick to, in order to decrease the risk of an irreversible GDPR fine:

  1. Update every day, patch constantly. Diminish the risk of a cyber-attack by fixing issues that can be used to gain entry to your systems illegally. There is no boundary, so everything matters: patch everything you can get hold of.
  2. Safeguard private data that’s in the cloud. Treat the cloud like any other network you own – close un-needed ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your locations, including QA and development.
  3. Limit access to personal data. Lessen your exposure by collecting and retaining only the information you need and making sure only people with access to it are the people who need it to do their jobs. Not everyone needs admittance.
  4. Train your business. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR obligation. Whether they’re involved with computers or not, everyone requires training.
  5. Document and prove data protection activities. Be able to show that you have thought about data protection deeply and have taken sensible precautions to secure personally identifiable information.

 

Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Upgrade your firewall because ransomware is back in Business, again.

Upgrade your firewall because ransomware is back in Business, again.

Ransomware is back in the media, again. With destructive attacks continuing to impact governments, educational organisations and business operations in multiple states, countries & Continents, with Texas recently under fire with superior, advanced attacks.

 

Capital One was also an immense firm recently caught under siege from Ransomware.

Precise attacks can start in an abundance of unprecedented ways – some with a simplistic phishing email, others with hackers leveraging vulnerabilities in networks in order to jump onto other systems within the network. However, one of the most devastating ransomware attacks to happen in years, resulting in a worldwide disturbance, was when Capital One’s networks were exploited and vulnerabilities were blown wide open to the public.

Since the strike, new vulnerabilities have been identified, but there are still many networks out there that are highly susceptive to cyber-attacks.

Regrettably, many of these badly written networks are piled with issues that are easily ‘wormable’, which otherwise means hackers & malware can exploit these gaps in an automated method with no user interaction at all, enabling the malware to spread quickly and efficiently to a wide group of systems. In other words, taking over your entire infrastructure in a matter of moments.

 

Of course, deploying an industry-leading security product and operating a strict patch management strategy are the most beneficial practices. But there are also other best preparations you should consider to help keep ransomware, hackers & threats out of your network in the first place.

 

Your firewall provides indispensable protection against exploits by closing up or shielding vulnerable ports, as well as blocking attacks using an Intrusion Prevention System. IPS looks at network traffic for openings, exploits, and blocks any attempt for attackers to get through your network border or even cross boundaries & segments within your internal network.

Here are the firewall essentials to prevent ransomware attacks from getting into your Business network:

  • Reduce the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding.
  • Introduce IPS protection: Apply proper IPS protection to the rules governing traffic to/from any Windows hosts on your network.
  • Reduce the risk of lateral movement: Protect against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.

Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Texas is one of the biggest States in America, they’re not immune to Cyber attacks.

Texas is one of the biggest States in America, they’re not immune to Cyber attacks.

Texas is a very large state, huge in fact. With around 30 million residents it’s the second-largest state in the United States, it has a landmass twice the size of Germany, and a GDP greater than Russia. Texans like to boast, “Everything is bigger in Texas”, and usually that’s a good thing to brag about. This time bigger unquestionably wasn’t better.

 

The news hit late August that 22 government organisations in the Lone Wolf State were under bombardment by structured & advanced ransomware attacks. It’s a timely reminder that as attacks continue to develop, it’s essential that your security evolves even faster.

 

How do you avoid complicated ransomware outbreaks?

So, how can you help guarantee your business isn’t the next victim of universal cyber threats?

Firstly, does your security solution provider have industry-leading technology to ensure criminals can’t use old, exposed software programs to distribute and introduce ransomware into your IT infrastructures?

iTeam can perform tests on your systems to ensure they are dependable & guarded, with confirmation that your business is abiding by suitable methods, including penetration testing and intrusion testing, however, the very basic elements of reinforcing endpoints with vendor security patching, ensuring antivirus is up to date is the often neglected start point.

Should that not deter an attack, or should an exploit not be leveraged – how will your solution stop attacks it’s never seen?

So why not choose your local IT professionals to keep your Business infection free! That’s no mean feat in the current climate. We use a multi-layer approach of services and products to keep your systems running virus-free and we can manage your email too, to keep them from contaminating your business IT.

Keeping a continuous lookout on the security that is deployed in your systems.

 

Want to get the best solution for your business?

At iTeam, we take a security-first approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on cwatson@iteam.co.uk.

Cyber Essentials is Changing in 2020

Cyber Essentials is Changing in 2020

Cyber Essentials is 5 years old and the National Cyber Security Centre (NCSC) has reviewed the scheme. They will be looking to improve it by appointing a new Cyber Essentials Partner in order to ensure that Cyber Essentials keeps pace with the changing nature of the cyber security threat and remains relevant.

The aim is to:

    • refresh the service
    • increase accessibility
    • provide a simpler path to certification

The current system is administered by several Accreditation Bodies and this has brought about a lack of consistency and added complication. To simplify it there will only be one. The new partner has not been appointed yet, but the new system is expected to be in place by April 2020.

Cyber Essentials is required by Government to be affordable and accessible and the new system will have to meet these requirements.

There are currently 5 Accreditation Bodies operating the scheme on behalf of the NCSC and each one appoints a number of Certification Bodies with the knowledge, training and experience to be able to review and assess Cyber Essentials applications. iTeam is a Certification Body through the IASME Accreditation Body.

As we do not know what the new system will look like it is difficult to predict whether iTeam will continue to be a Certification Body with the new Accreditation Body but whatever happens Cyber Essentials will continue to exist. It is not necessary for iTeam to be a Certification Body for us to continue to provide our Total Secure Systems Management (TSSM) cyber security add-on to our support contracts and continue to get ourselves and our clients Cyber Essentials certified.

Other non-Certification Body MSPs use third parties to certify their clients. Services are being developed to certify in a different way, for instance rather than having us to complete your questionnaire once a year it may be possible to run an application to constantly assess your compliance.

One good thing is that the refresh of the Cyber Essentials scheme will give it better visibility in the business community and encourage more organisations to adopt it which means we will all be safer.

David Hewett
Managing Director
iTeam Solutions Ltd