2017 – Time to get Defensive!

Protecting Your Businesses Digital Property

The best visual analogy for the digital walls of defence that are needed for businesses today is that of a mediaeval castle. Imagine that your business is at the centre and your varying levels of security defence being the Moat, Outer and Inner defence measures. The more levels of defence, the more difficult it is to get through to the centre (your valuable businesses data).

Firstly, your business will need to identify its most valuable property that is held within the digital realm. This form of information could be the identity (i.e. social security number, Postal Address, Email Address) of yourself and anyone that you employ and the data that you use remotely through devices that could be stored via cloud services.

Once highlighted, these forms of data need to be mixed into your cyber protection plan. You will need to ensure that these assets are defended at all costs because after all, cyber criminals are mainly after personal details and valuable data.

Where to start?

Each level of defence is going to need an individual means of defence. The levels of defence should be protecting data in value order. The first level should be defending data that your business sends and receives digitally, this is used by criminals to send misleading emails under false pretence that seem genuine and result in the victim giving away their details directly (i.e. asking for payment of an ‘outstanding’ invoice).

This best forms of defence for this initial level are Firewalls, Anti-Malware / Virus / Spyware software.

Keep your head in the Cloud

Don’t worry, you can still use cloud services as you usually would. But do not use them as an ‘excuse’ not to vet the service provider and the security measures they take with your data, or indeed back it up! You are most probably going to want to enabled additional security services, such as 2 Factor Authentication for Office 365 to protect the data that you have stored there.

For data residing on your internal systems you must be using support systems and automatic patching, as well as ensuring users have the correct privileges to only access the data they need. Ensuring you meeting the Cyber Essentials standard is a great method of ensuring you

The Final line of defence

Backup is there when all else fails, and should have a copy automatically stored off-site. Remember that data that can get encrypted by cyber criminals? Well some of that data could be your backup, and if you only have a single copy, held onsite, well you’ve just lost all that data.

Cyber Essentials

By meeting the government backed Cyber Essentials accreditation you are taking a practical first step in taking cyber security seriously, one that stops 80% of all common cyber-attacks.

Southern IT Networks are certified to be able to assess against the Cyber Essentials and Cyber Essentials Plus standards, if you want to learn more call 01323 287828. 

The Cloud - what you need to know for your business

 

Everyone seems to be doing it but us?

A recent study by Intuit (makers of QuickBooks) found that among small businesses the adoption rate of some form of cloud technology is now as 64%, up from the 37% last year – that’s huge, so why are people using ‘the cloud’ and what can it do for your business?

Firstly, among those 64% of businesses using ‘cloud’ technologies that doesn’t mean that they run their whole business in the cloud, it could just be their accounting system, email, file-storage or CRM – or combinations of the above. This is the most common type of scenario we see amongst our clients as they can choose the parts of their business that it is right for them (with expert guidance from us!) to use cloud technology for – this approach is called a hybrid cloud. 

So, what are the main benefits to using cloud based technologies in your business?

OpEx costs – most business love the fact that you end up with a per user / per month cost. There is no big CapEx outlay, you are always up-to-date with the software and budgeting just got a whole lot easier! 

Disaster Recovery – We are not saying we use the cloud, I’m safe, I don’t need a backup – you still need those. However if disaster strikes it is much simpler to carry on working on those systems that are cloud based, if you’ve thought through what you need to do to leverage that power in your Business Continuity Plan!

Flexibility – Generally most cloud technology providers have a very flexible way to scale up (or down) their products which is great for business that have seasonal variations in demand, or just makes the continued expansion of any business so much simpler.

Work from anywhere with increased collaboration – So many cloud based systems now make collaborating on documents so easy, whether you are sitting with your team in the office or are hundreds of miles apart, and when you are on those business trips - business as usual is so easy. 

Security – Most people start their cloud conversations with us with this. Our answer is usually along the lines of “Your server is less secure here. It’s not in a dedicated data centre environment, have backup power or continuously replicated elsewhere. It’s more prone to damage from fire, theft flooding or human mishaps than it is in the cloud.”

Do we still think it’s unsecure? You should of course do your due diligence on what measures potential cloud providers take with your data, and agree that they suit your business and regulatory compliance requirements - something we are often asked for help with. 

There are many other benefits, and possible downsides depending on your business. The only way to see if it’s right for you is to make sure you evaluate the solutions fully, engage with your IT provider at the early stages and use them to help you find out if it’s right for you.

As IT Support providers, we have usually an unbiased view - in the middle of you and the cloud technology provider.

If you need to get your business started on your journey to the cloud then call us on 01323 287828.

What now for the European Data Regulations now we’ve decided on Brexit?

Hopefully, you’re aware of the new General Data Protection Regulation (GDPR) that comes into force on 25th May 2018 and are preparing for them!

It is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union.

But we’re leaving, so it doesn’t affect us, does it?

Firstly, we likely will not have negotiated our exit by the time this regulation is due to come into force, but secondly, all those we do business with are going to require us to meet the same standards they have to, and it’s going to affect almost every business, as the emphasis shifts from being solely on Data Controllers, as required under the current Data Protection Act, to Data Processors.

The fines are getting serious…

Fines for data breaches are set to be the higher of €20 million or 4% of a company’s annual global turnover.

An easy way to start to think about the new GDPR regulation is to think ‘Privacy by Design’, by this we mean thinking about data protection from the moment you start thinking about how to collect and record data. For example, keeping data types separate that could be used together to cause a security breach, such as bank details and names and addresses.

The current Data Protection Act is Inadequate

The Data Protection Act (as have many other EU Acts) has been deemed inadequate by the commission, and transfer of data from the EEA to the UK could only continue with no changes if it were deemed adequate, so we need a GDPR equivalent, so may as well just adopt the same standards than re-invent the wheel? 

We'll keep you posted with any further updates and what you need to do