No matter what kind of business you run, IT issues come up from time to time. This is why you partnered with an IT Service Provider. Right?.. So, you don’t have to worry. But, are you worried?
Are you facing recurrent IT issues despite this? Are you facing outages that are taking longer and longer to fix? or in the case of an issue, have you found it hard to get hold of someone to deal with it?
If you can’t answer these questions satisfactorily, it may be time to change.
An able IT Service Provider will use best-in-class people, tools and technologies to deliver the best solutions. They will take a proactive approach to be able to detect and solve problems before they arise. They will also prevent the likelihood of issues happening again.
Here are five tell-tale signs that might make you think, do you need to change your IT Service Partner.
1) Your IT Service Partner Has Slow Response Times
Any business can be faced with server crashes and internet outages. However, when it does, your provider should be on it immediately. If it takes a long time for your provider to respond, you are potentially faced with a severe loss of production and money.
2) Your IT Service Partner Does Not Have 24/7/365 Monitoring
Most company employees may typically work 9 to 5, but your network and your data never sleeps. As such, your solution provider must be round-the-clock too. Your provider must have the correct blend of remote and on-site personnel available at all times of the day and night to give you proactive 24/7/365 monitoring services.
3) Your IT Service Partner Does Not Provide Data Backup
Any business will run dead without its data. How long could you business survive if you lost your data or it was compromised? Our guess would be, not very long. Your provider should have ironclad data protection and secure data backup plans for you.
4) Your IT Service Partner’s “Strategic Guidance” Sounds More Like A “Sales Call”
The correct provider for your business can double up as a virtual IT Director. Many organisations have rudimentary knowledge of enterprise IT systems, and as such outsource their IT. However, due to bad business practices, many providers use this as an opportunity to milk more out of their clients. Stuck with unnecessary expensive upgrades to your software you hardly use? Your provider might just have tricked you.
5) You Have Outgrown Your IT Service Partner
Sometimes, your provider might struggle to provide you with the best support, despite their best efforts. This might not always be their fault. Maybe, your company outgrew your provider. Maybe, they just don’t have the manpower or access to the latest technologies that you need to sustain and better your own growth. It might be time to part ways with your provider.
What should you do to protect your business from further damage?
Should you pay that ransom demand? – Here’s a scenario based on real-life experiences.
Scenario
IT staff at fictional High Street Solicitors firm Graham Solicitors head office have been caught by a phishing email. A member of staff clicked on a link to a spoof website because they thought the email looked genuine. It wasn’t. That was two months ago. Today, is when it all goes wrong…
Tuesday 09:00
Mick Rayall, Graham Solicitors’ IT administrator, began his day clearing the company’s email inbox of the usual junk, but one message stands out. His heart stops.
“We have more where this came from. We will contact you shortly with our demands,” further down the message is someone’s name, email address and credit card details.
Mick hopes it’s a hoax, but can’t take the risk. He calls the companies security officer, Steve Richardson. Steve isn’t impressed as he’s on holiday in America where it’s 4:00am.
“This had better be important,” he sneers. Mick forwards the suspect email.
“Have we checked the credit card number?” Steve asks, with tension and sincerity in his voice. “Is it one of our customers?”
“When did we get this?” Steve snaps.
“Er, it would appear we got it yesterday just after work, so I didn’t notice it until first thing this morning.”
“So we are 12 hours into this?”
“Er, yes,” Mick mumbles sheepishly.
Tuesday 14:30
“We’ve just got a second email come through,” Mick tells Steve. “It’s a ransom demand for £15,000 in the Bitcoin crypto-currency. We have to pay by 21:00 BST or they are going to delete all of our customer records.”
“What?” shouts Steve. “I thought you told me they only had one?”
“Er, no. They are claiming to have them all.”
In a cold sweat, Steve calls Graham Solicitors’s legal counsel Margaret Greaves for advice. She has to dial in several times as her headset isn’t working properly. Her voice keeps dropping out during the conversation.
“It looks like there is a potential breach,” she says. “Don’t respond to that message. I’ll need to review our existing legislation so we know where we stand.”
“What about the police?” asks Steve, his holiday now thoroughly ruined. “Who are we going to notify?”
Tuesday 15:30
Things are rapidly spiraling out of control for Graham Solicitors. The hackers have sent a sample of customer names and credit card numbers they hold.
Steve has now confirmed that the sample is genuine.
“How about if we shut down the website?” asks Mick. “Then we can limit the risk.”
Margaret butts in. “Before we do that, who should we tell first? What’s the data breach policy?”
“I thought that info came from legal,” says Steve.
“Aren’t you in charge of data protection?” Margaret asks Mick.
“Nope, not me…”
“Oh no, is it me?” asks Steve dispiritedly. “Anyway, if we take down the website that’ll just draw attention to ourselves won’t it? I’m not sure if that’s the right thing to do.”
“Me neither,” says Margaret.
Graham Solicitors’ head of public relations, Katie Ellis, has been called in to the situation.
“This is not good,” she exclaims rather obviously. “We didn’t protect our customers’ private data. There’s a chance we’re gonna get hammered for this.”
She points out that the company has a promotion running on the website currently.
“We’re driving people to the website right now. What about their details? Are they being stolen too?”
“Quite possibly,” says Steve. “We’ve got to shut down the site – or the eCommerce side of it anyway. And then we’ve got to decide whether or not to pay their ransom.”
Tuesday 17:30
Katie Ellis has drafted a public statement but doesn’t propose releasing it until people start asking questions.
“We can just say we are experiencing an incident and do it reactively,” she says.
“No – not an incident – a breach,” Steve advises.
“Don’t use the word ‘breach’ – not yet anyway,” Margaret pipes in, thinking of the legal ramifications. Mick bursts in on the conference call.
“We’ve found some malware! We had an email come in that went to in to quarantine, we checked it out and it has an attachment. That could be it.”
“Ok, you haven’t clicked on it have you?” asks Steve, his day rapidly going from bad to worse.
“Er… I just thought it would speed things up…”
Steve swears and drops out of the call to get his security staff to check for any more damage.
Margaret turns the conversation to informing the Information Commissioner’s Office.
“We can report it online or phone them,” she tells them. “But we need to say what we did to reduce the problem.”
“We were supposed to get new threat detection software last year, but we never got round to it so it wasn’t replaced,” says Mick. “It just didn’t happen – I never got to do it.”
“Well don’t tell I.C.O. that,” Margaret shouts. “If we can’t show we have satisfactory controls in place we could be in a bit of trouble. And the cyber-insurance firm might not pay out.”
Later, Steve confirms that most recent phishing email turned out to be a red herring, but tells the team: “We’ve found a phishing email sent two months ago that was linked to a log-in page made to look like the one for our online backup provider. That’s how they got in.
“Ok, we have to handle things better from now on,” Steve concludes. “There’s no doubt in my mind that this will happen again, and it’s only going to get worse.”
So what should Graham Solicitors have done?
Reacting late has put Graham Solicitors on the back foot. You need to move very quickly in these situations otherwise the Cyber attackers will decide the pace.
A poor understanding of data breach laws made the business vulnerable. They obviously did not have a breach policy in place nor did they know who was responsible for each role.
The firm should have:
prepared a cyber-security breach plan with step-by-step actions to take
rehearsed this plan with staff
decided who is responsible for what during a breach
notified third-parties and suppliers
BE PROACTIVE -partner with an IT Cyber Security specialist for proactive support in the event of a breach
refused to pay the ransom – there is no guarantee the data would be given back.
And if your firm is the victim of a data breach:
identify where the incident came from
contain infected devices (get them offline)
assess how many machines have been affected
restore lost data from back-ups
BE REACTIVE – partner with an IT Cyber Security specialist to make sure this doesn’t happen again.
A workplace recovery plan will build resilience into your business, and prove to your staff and clients that you’re serious about keeping your business alive in the event of a disaster.
But what does a good plan look like? Here are five important factors you should consider:
24/7 access
A business continuity workarea recovery site which isn’t accessible 24 hours a day is something you want to avoid. While it’s easy enough to find a site that you can access during normal working hours, you should also consider the wider impact of a disaster scenario. You may, for example, need to use the disaster recovery (DR) site out of hours during a disruptive incident. Moving kit and people in the early hours is hard enough without the added issues of access.
Facilities
When disaster strikes it’s easy to get caught up in the bigger picture and forget about the everyday resources your office needs to function. We’re not talking about servers and desktops but the smaller items that make life easier – like cables, phone chargers and even stationery – as well as a way of storing them.
The presence of local amenities and accommodation are also easily overlooked, but could be of great significance to you and your staff if you have to stay at the site for many weeks.
Staff support
The top priority for most firms is the well-being of their staff. This was confirmed in a recent survey carried out by the Business Continuity Institute (BCI), which found that 90% of practitioners put staff safety before other factors, such as security of critical data, customer support and productivity.
Having a team of professionals at hand who can deliver a smooth transition for your business when you most need it is invaluable. Your workplace recovery provider should be committed to making your move into a backup office location as easy and uncomplicated as possible, especially during the initial stages following an incident.
Security and privacy
In an ideal world you’d want your business continuity work area to be a replica of your current office. Of course, this isn’t always possible – which is why it’s important to concentrate on your core requirements. One such requirement may be a high level of security and privacy. For example, if you’re working with sensitive or regulated data you may decide that a shared space is simply out of the question for your business.
Scalability
Many companies make the mistake of not thinking ahead; it’s important to consider your medium and long-term needs, not just the must-haves in the aftermath of an unexpected event.
Depending on issues such as permanent damage to your original premises, you may find that you need to stay in your backup site for longer than originally anticipated and that your requirements change over time.
Your plan should therefore include details on how many workplace recovery positions you require in a disaster scenario over a period of time, as well as how long you can reside there
The convenience of Wi-Fi for most people is invaluable. Whether it is at home, in the workplace or out and about – even on holiday – we long to get connected wirelessly. It is, therefore, an increasingly important asset, especially in these ever-busy, mobile and interconnected times.
As such, being able to access it, anytime and anyplace, is essential to how we now live. In response to this, public Wi-Fi infrastructure is growing rapidly to meet our insatiable appetite for this service.
However, as advantageous as it is, there are risks associated with signing up to public hotspots, which many people seem to forget. We’ve all done it. We’ve all gone to a coffee shop or hopped onto a train and clicked to connect to the free Wi-Fi, without a second thought for whether it’s legitimate or secure.
We also seem to be quite happy to send our personal details to an unknown supplier or hotel offering these services just so we can get online, and if you’re lucky we may have only skimmed the provider’s terms and conditions. Yet, we should be more vigilant – the risks are plentiful.
With all this in mind, here are 10 tips to staying safe on public Wi-Fi.
Check the authenticity
Always ask the owner of the Wi-Fi hotspot for the correct network name and password.
Be wary if there is no WPA or WPA2 password (for Wi-Fi protected access), as this will mean the connection is unencrypted, and pay close attention to potentially spoofed hotspots that bear close resemblance to the official name.
Look for HTTPS
You should ensure that the web pages you visit are https encrypted where possible. You can check this by looking for https at the start of the URL address bar, or for the security padlock sign.
This indicates that the website, and that particular page, has a valid digital certificate and up-to-date SSL/TLS encryption, thus making Man-in-the-Middle (MiTM) attacks much less likely.
If there is no encryption, log out – especially if you’re doing something sensitive like online banking. You should also pay close attention to mobile sites, as there’s no guarantee they will be https.
Patch before you go
“Patching software regularly is essential security practice, especially with Wi-Fi.”
Patching and updating software on a regular basis is an essential security practice, especially when it comes to Wi-Fi.
You should keep your web browser, software and antivirus solution up-to-date to fix bugs, while an up-to-date antivirus engine will scan, detect and remove the latest threats.
Attackers will sometimes take advantage of poor patching by tricking unsuspecting users into downloading something they believe to be a software update. However, they will quickly realise that their machine has been infected with malware instead.
Avoid accessing sensitive information
By and large, public Wi-Fi networks should not be used to access email, online banking and credit card accounts, or any other sensitive data for the matter. Your best bet is doing that from home, where hopefully your internet service provider delivered router is both password-and firewall-protected.
Manually select Wi-Fi networks
Make sure your laptop, tablet or smartphone are set to manually select a Wi-Fi network, rather than having it automatically connect. Also, turn off sharing and Wi-Fi capabilities when the wireless is not in use, as this cut downs possible avenues for cybercriminals to exploit.
You should also remember to tell your phone or tablet to ‘forget’ certain networks if they are no longer in use or required, as this could mean your device will automatically reconnect when back in range.
Use a Secure VPN
If you travel a lot and don’t have a cellular dongle but still need connectivity, consider a virtual private network (VPN). This is a safe way of surfing the web in an encrypted manner.
VPN solutions provide encryption and security across public networks, as well as masking your IP address so that opportunities for phishing are dramatically reduced.
Utilise additional security tools
There is a much greater focus on online privacy than ever before, and so the likes of WatchGuard have become increasingly popular.
And, with regard to public Wi-Fi, you may find extensions useful in forcing encryption on websites that aren’t encrypted by default. This doesn’t protect you on all sites, but it will help for most.
Adopt 2FA
Enable two-factor authentication where possible. 2FA is increasingly seen as the future of authentication and it is wise for anyone using a hotspot. This per-website step adds an extra layer of protection for public password-sniffing hackers to try and overcome.
Logout when finished
Don’t stay permanently signed in to your personal accounts when accessing public Wi-Fi hotspots as you may leave yourself exposed. For further security, log out from each website after each session.
Turn off Wi-Fi if not in use
If you want to guarantee your security and you’re not actively using the internet, simply turn off your Wi-Fi. This is extremely easy in both Windows and OS X and will go a long way in protecting you from cybercriminals – the longer you stay connected, the longer people have to notice you’re there and they will start snooping around.
To discuss your WIFI Security requirements call us 03333 22 11 00
