IT support blog
This article was posted on Wednesday, February 1st, 2017 in the category IT support, and was written by Morton Bell
How good is your IT support really?
The most common misconception about IT support is that for you to be getting efficient and good IT support, you should see your IT expert on a regular basis. However we believe that the opposite is true.
Here at Backup4business, we pride ourselves on delivering the best service possible, as a result of our proactive and constant remote work, our client’s don’t often see us unless it is absolutely necessary or you request to see us.
I know this may sound odd and as though we just don’t want to see you and, in a way, it’s true, but not for the reasons you may think. As IT professionals we see constant or scheduled onsite support as a weakness in IT support service and we avoid this at all costs.
Have you been delayed from working by simple errors causing disruptions? This could be your computer crashing, unable to access printers, files, or emails etc. Of course you have, we all know that technology isn’t infallible, however the approach that you and your IT support take to those problems is key to your efficiency as a business.
All IT based disruptions waste time, and as a business you are paying your staff to sit and wait for their devices to work, so the old adage of ‘Time is Money’ has never been more true.
So what are the approaches to IT that we don’t think work for the client? Well, the two main protagonists are ‘Support on Demand’ and scheduled IT support engineering time.
In both these instances staff save problems up or try to fix them themselves, and as result of both these approaches more time is wasted and potentially the problem is worsened.
The reason for saving the problems up until your next scheduled support visit, is the same as not admitting the problem exists or trying to solve it yourselves, the key driver is trying to save the cost of the onsite engineering time.
At Backup4Business, we believe that If you had good IT support, these small errors would be dealt with quickly and efficiently, often before you even know they exist, thereby increasing the productivity and efficiency of your staff and in turn your business.
Why waste time with bad IT when, in the long haul, it’s only going to hinder your businesses success instead of assisting in it.
The FAQ of GDPR
This article was posted on Wednesday, February 1st, 2017 in the category Uncategorised, and was written by Morton Bell
Are you preparing for GDPR?
Identity, DP and security for today’s business.
Here are 9 of the frequently asked questions we have been asked.
We hope this clears up some of your uncertainties concerning GDPR.
1) Is reviewing your security systems enough?
First and foremost, businesses need to be aware that GDPR comes into effect on 25 May 2018 and that means that your business should be prepared and have everything in place to ensure you are compliant by then.
The next point to consider is that so far as the ICO (Information Commissioners Office) is concerned, they will take the view that your business was already fully compliant with the Data Protection Act 1989 (DPA). Therefore this should merely be an extension of your responsibilities and everything that goes with that.
The following information should help answer some of the common questions that we are asked about GDPR and give you some guidance as to what to do within your organisation. If you feel you need more information please download our ‘Next Steps Guide to GDPR’ or contact us for further information.
As a business, we have members that have completed GCHQ Certified Training for assessing GDPR and we are in regular contact with the ICO about the regulation. Our aim is to help our clients and subscribers to make sense of the regulation and we will relay updates that we receive to interested parties, with more in depth help for our clients naturally.
2) So why am I raising GDPR as a discussion point?
Well, in our experience many companies have either ignored completely or only paid lip service to the current DPA, meaning that they are likely to be very underprepared for GDPR.
In some instances that means you are starting from Zero. Starting from nothing can sometimes make it easier to implement the new requirements and this we think is the case (for the far more in depth) GDPR, rather than trying to adapt what you already have in place.
3) Some companies seem to think it won’t apply to them, or at least not as much, due to their size or location.
This simply isn’t true, it is law and is applicable to all organisations of all sizes that hold ‘Personal Information’, regardless of your office location and yes that means it includes organisations in other non EU countries if they hold information about EU citizens.
4) But it’s not as though anyone is policing whether we are prepared or not!
This is true, there is no organisation that can knock on your door randomly and demand to see that you have put everything in place, and then either take action against you or give you a gold star for good behaviour.
However any complaint or enquiry by an individual could trigger this and even if that seems unlikely in your organisation, then consider the effect of a data breach and your responsibility to report it.
With Cyber Crime not only being prevalent but growing at unprecedented levels (20% increase from 2014-2015), the chance of you being hit by a malware which would require you to report the incident to the ICO is growing and is (to some extent) out of your control.
5) There must be some leeway or allowance for first offences aren’t there?
The ICO takes the attitude under the DPA that corrective action and guidance is more effective than punitive fines and they have openly stated that they intend to continue with this course of action for GDPR. So provided that you are neither deliberately negligent, nor a repeat offender and the severity of your breach is not too great, you will most likely not receive a fine.
There is a lot of scare mongering about GDPR currently and in particular about the expected actions of the ICO and the fines they will levy.
Much of the time the perpetrators of the scare mongering refer to the massive fines that could be levied (GDPR could see 4% or £17 million whichever is the larger Vs DPA £500,000 maximum), however the ICO has never (yet in its history) issued the maximum fine under the DPA and says that it certainly isn’t looking to make examples of organisations for minor infringements of the GDPR.
Having said that, the evidence is slightly contradictory, when you combine the fines under the DPA and the PECR (Privacy and Electronic Communications Regulations). In 2016 the ICO state that they only fined 16 organisations under the DPA which is true, however they fined a further 17 under the PECR giving a total of 33 fines in 2016. At the time of writing (August 2017) so far this year we are already at 44 (combined).
Whatever the figures are, the simple fact is that we all have to comply or face the risk of some penalty.
6) If we have put things in place by May 2018, is that all we need to do?
Organisations should be aware that GDPR should be viewed as a living process, you are required to continually review and assess the potential impact of all decisions, processes, practices and their potential impact on GDPR compliance moving forward. If you decide to offer a new service/product etc then you need to have assessed the potential impact of GDPR regulations and acted according to the results.
It only takes one enquiry / complaint from an individual to the ICO for them to have the right to knock on your door and ask to see the evidence of your GDPR compliance and the processes and continuous monitoring that you have put in place.
Our advice would be to put Privacy and Protection of data at the start of all your thinking and your actions, this is commonly known in the industry as Privacy by Design.
7) Ok, so if I ask my IT provider to work with my office manager to put things in place that will cover it won’t it?
The simple answer to this is no. GDPR requires buy in and active involvement from the highest level to the lowest level, with specific subsets of people being involved in each project and always having consideration for who should have access to what.
Think about Privacy by Design as being an extension of the old ‘Need to Know Basis’.
Many people also think that IT alone, or worse, a single IT solution will make you compliant. While IT will obviously help to protect data in the first place, there is no single vendor or single solution that can make you compliant. The watch word is ‘Collaboration’, and this should be orchestrated between all departments and suppliers that have any involvement with anything to do with your data.
8) Surely there is a document that states exactly what we have to do to become compliant?
I am sure we all wish this was the case, but sadly it is not.
GDPR as a regulation is based purely upon Principals, in other words the regulation and the regulator (being the ICO in the case of the UK), state only what you should have in place to be considered compliant and not how to get there. How you get from where you are now to the point of compliance is down to you to decide, assess, and implement and then to review.
9) So how do I get there from here?
Well, this will depend on where you are starting from, but our advice (unless you are very conversant with management and quality systems and the DPA) would be to look at your organisation from the outside and to assume that you have nothing in place.
Identify your data and then who are the controllers and processors, as these people could potentially be personally liable for data breaches.
Then as a top tip, we would recommend that you use Risk Assessments and Risk Mitigation and Management as your starting point.
If you would like further information on how to move forward, then subscribe to our mailing list and receive guides and information on GDPR and other subjects around Risk management. The next guide being released is the ‘Next Steps Guide to GDPR’ which outlines the actions that you can take to set you on the right path to compliance.