What’s your biggest threat when it comes to cybercrime?
This article was posted on Monday, December 10th, 2018 in the category cyber security, and was written by Morton Bell
What’s your biggest threat when it comes to cyber crime?
It’s a common misconception that the biggest cybercrime threats facing businesses and individuals are young hoody wearing hackers, sitting in their bedrooms creating dangerous software in the early hours. Or, more sophisticated figures, James Bond-esque characters sitting in a room full of computers, deep inside a secret facility protected by armed guards.
The truth is, they aren’t. Your biggest threat, sadly, is more likely to be a trusted member of staff who isn’t trying to hack into your systems, but just doesn’t understand anything about cyber crime.
Try as they might, most of the time hackers can only break into your computer network if someone lets them. And 75% of the time, this happens completely accidentally. One wrong click on a link or attachment, and a hacker is inside your system.
If you and your staff don’t know how to recognise common scams like phishing emails, it’s only a matter of time before one of you gets caught out.
We help our clients ensure their technology is protected and their important data and systems are backed up and able to recover quickly following a disaster. Staff training and awareness is part of this.
Speak to us today about protecting your business.
Ubers massive data breach.
This article was posted on Thursday, November 23rd, 2017 in the category cyber security, data Backup, data protection, and was written by Morton Bell
Ubers massive Data breach and what it means for your business.
Does anyone rob banks any more?
It just seems such an old fashioned way for criminals to make money. When you consider that last year Uber gave some hackers $100,000 not to use the data they’d just stolen from the giant taxi company.
Uber’s recent admission that it had personal details of 57 million customers and drivers stolen is major news. Yet there will be other hacks reported in the months ahead.
Earlier in the year the NHS was held hostage by hackers, causing more than 6,900 appointments – including some operations – to be cancelled.
Data theft has become big business. Either stealing it. Or locking it and charging a fee for its release.
It would be easy to sit back and think your business is too small to be targeted. But sorry, you can no longer be that complacent.
As a busy IT support business, we’re right at the coalface of helping local businesses to protect themselves from attacks. And there’s a horrifying amount of activity from people trying to get into computers they really shouldn’t.
This is a big deal. It’s not just about data. It’s about trust.
Because when data is stolen from a company you deal with, it breaches your trust in that business. Trust is won slowly, and lost quickly.
And from May next year, it’ll also be about the law. The General Data Protection Regulation – GDPR – comes into effect.
The main aim is to give individuals a greater level of control over their personal data. Which means that all companies who hold any customer information will be subject to strict rules.
And penalties for this kind of data breach will become more severe…
While we don’t yet know exactly what happened with the Uber hack, typically hackers get into a system through one of a number of ways:
- Phishing: Your staff accidentally allow hackers in, perhaps by clicking a dodgy link in an email
- Neglect: Operating systems and software quickly get out-of-date, or haven’t had the latest security patches updated
- Stupidity: Accidental loss of data by a member of staff. Like leaving a USB stick or laptop on a train
I would hate to see your business suffer the reputational and profit damage that Uber is about to suffer.
So, a question: Can we perform an extensive security, risk management and GDPR readiness audit on your system please, just to be absolutely sure there are no easy opportunities waiting for a hacker?
Of course there will be a charge for this audit. But we’d rather know exactly what potential problems are lurking, so we can fix them.
Call our team now on 0114 223 8999
IT support blog
This article was posted on Wednesday, February 1st, 2017 in the category IT support, and was written by Morton Bell
How good is your IT support really?
The most common misconception about IT support is that for you to be getting efficient and good IT support, you should see your IT expert on a regular basis. However we believe that the opposite is true.
Here at Backup4business, we pride ourselves on delivering the best service possible, as a result of our proactive and constant remote work, our client’s don’t often see us unless it is absolutely necessary or you request to see us.
I know this may sound odd and as though we just don’t want to see you and, in a way, it’s true, but not for the reasons you may think. As IT professionals we see constant or scheduled onsite support as a weakness in IT support service and we avoid this at all costs.
Have you been delayed from working by simple errors causing disruptions? This could be your computer crashing, unable to access printers, files, or emails etc. Of course you have, we all know that technology isn’t infallible, however the approach that you and your IT support take to those problems is key to your efficiency as a business.
All IT based disruptions waste time, and as a business you are paying your staff to sit and wait for their devices to work, so the old adage of ‘Time is Money’ has never been more true.
So what are the approaches to IT that we don’t think work for the client? Well, the two main protagonists are ‘Support on Demand’ and scheduled IT support engineering time.
In both these instances staff save problems up or try to fix them themselves, and as result of both these approaches more time is wasted and potentially the problem is worsened.
The reason for saving the problems up until your next scheduled support visit, is the same as not admitting the problem exists or trying to solve it yourselves, the key driver is trying to save the cost of the onsite engineering time.
At Backup4Business, we believe that If you had good IT support, these small errors would be dealt with quickly and efficiently, often before you even know they exist, thereby increasing the productivity and efficiency of your staff and in turn your business.
Why waste time with bad IT when, in the long haul, it’s only going to hinder your businesses success instead of assisting in it.
The FAQ of GDPR
This article was posted on Wednesday, February 1st, 2017 in the category Uncategorised, and was written by Morton Bell
Are you preparing for GDPR?
Identity, DP and security for today’s business.
Here are 9 of the frequently asked questions we have been asked.
We hope this clears up some of your uncertainties concerning GDPR.
1) Is reviewing your security systems enough?
First and foremost, businesses need to be aware that GDPR comes into effect on 25 May 2018 and that means that your business should be prepared and have everything in place to ensure you are compliant by then.
The next point to consider is that so far as the ICO (Information Commissioners Office) is concerned, they will take the view that your business was already fully compliant with the Data Protection Act 1989 (DPA). Therefore this should merely be an extension of your responsibilities and everything that goes with that.
The following information should help answer some of the common questions that we are asked about GDPR and give you some guidance as to what to do within your organisation. If you feel you need more information please download our ‘Next Steps Guide to GDPR’ or contact us for further information.
As a business, we have members that have completed GCHQ Certified Training for assessing GDPR and we are in regular contact with the ICO about the regulation. Our aim is to help our clients and subscribers to make sense of the regulation and we will relay updates that we receive to interested parties, with more in depth help for our clients naturally.
2) So why am I raising GDPR as a discussion point?
Well, in our experience many companies have either ignored completely or only paid lip service to the current DPA, meaning that they are likely to be very underprepared for GDPR.
In some instances that means you are starting from Zero. Starting from nothing can sometimes make it easier to implement the new requirements and this we think is the case (for the far more in depth) GDPR, rather than trying to adapt what you already have in place.
3) Some companies seem to think it won’t apply to them, or at least not as much, due to their size or location.
This simply isn’t true, it is law and is applicable to all organisations of all sizes that hold ‘Personal Information’, regardless of your office location and yes that means it includes organisations in other non EU countries if they hold information about EU citizens.
4) But it’s not as though anyone is policing whether we are prepared or not!
This is true, there is no organisation that can knock on your door randomly and demand to see that you have put everything in place, and then either take action against you or give you a gold star for good behaviour.
However any complaint or enquiry by an individual could trigger this and even if that seems unlikely in your organisation, then consider the effect of a data breach and your responsibility to report it.
With Cyber Crime not only being prevalent but growing at unprecedented levels (20% increase from 2014-2015), the chance of you being hit by a malware which would require you to report the incident to the ICO is growing and is (to some extent) out of your control.
5) There must be some leeway or allowance for first offences aren’t there?
The ICO takes the attitude under the DPA that corrective action and guidance is more effective than punitive fines and they have openly stated that they intend to continue with this course of action for GDPR. So provided that you are neither deliberately negligent, nor a repeat offender and the severity of your breach is not too great, you will most likely not receive a fine.
There is a lot of scare mongering about GDPR currently and in particular about the expected actions of the ICO and the fines they will levy.
Much of the time the perpetrators of the scare mongering refer to the massive fines that could be levied (GDPR could see 4% or £17 million whichever is the larger Vs DPA £500,000 maximum), however the ICO has never (yet in its history) issued the maximum fine under the DPA and says that it certainly isn’t looking to make examples of organisations for minor infringements of the GDPR.
Having said that, the evidence is slightly contradictory, when you combine the fines under the DPA and the PECR (Privacy and Electronic Communications Regulations). In 2016 the ICO state that they only fined 16 organisations under the DPA which is true, however they fined a further 17 under the PECR giving a total of 33 fines in 2016. At the time of writing (August 2017) so far this year we are already at 44 (combined).
Whatever the figures are, the simple fact is that we all have to comply or face the risk of some penalty.
6) If we have put things in place by May 2018, is that all we need to do?
Organisations should be aware that GDPR should be viewed as a living process, you are required to continually review and assess the potential impact of all decisions, processes, practices and their potential impact on GDPR compliance moving forward. If you decide to offer a new service/product etc then you need to have assessed the potential impact of GDPR regulations and acted according to the results.
It only takes one enquiry / complaint from an individual to the ICO for them to have the right to knock on your door and ask to see the evidence of your GDPR compliance and the processes and continuous monitoring that you have put in place.
Our advice would be to put Privacy and Protection of data at the start of all your thinking and your actions, this is commonly known in the industry as Privacy by Design.
7) Ok, so if I ask my IT provider to work with my office manager to put things in place that will cover it won’t it?
The simple answer to this is no. GDPR requires buy in and active involvement from the highest level to the lowest level, with specific subsets of people being involved in each project and always having consideration for who should have access to what.
Think about Privacy by Design as being an extension of the old ‘Need to Know Basis’.
Many people also think that IT alone, or worse, a single IT solution will make you compliant. While IT will obviously help to protect data in the first place, there is no single vendor or single solution that can make you compliant. The watch word is ‘Collaboration’, and this should be orchestrated between all departments and suppliers that have any involvement with anything to do with your data.
8) Surely there is a document that states exactly what we have to do to become compliant?
I am sure we all wish this was the case, but sadly it is not.
GDPR as a regulation is based purely upon Principals, in other words the regulation and the regulator (being the ICO in the case of the UK), state only what you should have in place to be considered compliant and not how to get there. How you get from where you are now to the point of compliance is down to you to decide, assess, and implement and then to review.
9) So how do I get there from here?
Well, this will depend on where you are starting from, but our advice (unless you are very conversant with management and quality systems and the DPA) would be to look at your organisation from the outside and to assume that you have nothing in place.
Identify your data and then who are the controllers and processors, as these people could potentially be personally liable for data breaches.
Then as a top tip, we would recommend that you use Risk Assessments and Risk Mitigation and Management as your starting point.
If you would like further information on how to move forward, then subscribe to our mailing list and receive guides and information on GDPR and other subjects around Risk management. The next guide being released is the ‘Next Steps Guide to GDPR’ which outlines the actions that you can take to set you on the right path to compliance.