• 05 June 2026, 19:50 PM

Email Support

support@dsmgroup.co.uk

Call Us

03333 22 11 00

Head Office

The Old Hangar, Peterborough PE8 6NE

Category Archives: Cyber Security

  HomeDSM Group   : :   Cyber Security
Managed Services
Posted on By Author DSM Group Categories blog, Cloud Backup, Cloud Computing, Cyber Security, Hardware & software, Hosting & Colocation, IT Support

6 Benefits Of Using Managed IT Services

“By giving IT staff more time to focus on progression and increasing productivity, a managed IT supplier offers businesses the support and room they need to grow.”

While new technologies present powerful opportunities for enterprises, they also introduce challenges. The pace of change in IT is unprecedented. IT departments can no longer survive on one or two computer models, a single operating system, and a short list of approved applications. The mobile devices and cloud-based technologies that have brought so much possibility have also introduced a multitude of devices, platforms and apps for IT departments to manage and secure.

For many organisations those challenges add up to significant expense: the cost of hiring and training qualified workers, purchasing the infrastructure to support emerging technologies, and keeping systems up to date. Rather than struggle to keep pace with technology, many organisations turn to managed IT providers for help. By trusting a third party such as DSM to handle cloud deployments, data center solutions, mobile initiatives, collaboration tools and security, organisations can focus their time and resources on their core business objectives.

IT service providers take a pragmatic approach to IT solutions resulting in a higher standard than many organisations are able to achieve in-house. Top service providers also offer ongoing management and maintenance of the underlying infrastructure, along with end-user support and service guarantees.

The benefits of managed IT services are clear: In 2014, only 30 percent of organisations used managed services, but within a year, that figure had nearly doubled. Managed services can cut IT costs by as much as 40 percent while doubling operational efficiency.

Turning to a trusted IT partner offers several advantages, including:

1. Freeing up IT staff

Most internal IT departments are at capacity. Outsourcing back-end functions or complex, rapidly changing technologies to a managed service provider, organisations can dedicate their in-house technology experts to projects that will further their core objectives and promote innovation.

2. Keeping pace with the demands for IT expertise

Organisations around the UK are struggling to fill IT positions, particularly in cybersecurity and cloud solutions. Outsourcing these functions to a partner with technically skilled and specialized engineers in new and emerging technologies alleviates these pressures.

3. Greater scalability

IT organisations spend weeks, even months, deploying massive systems. Many organisations are finding it more effective to start small, move fast and expand as needed. DSM’s modular approach to managed services makes it easy for enterprises to scale up or down depending on demand, such as a retailer increasing capacity around peak periods or a startup experiencing sudden growth.

4. 24/7 availability

The 9-to-5 workday is as outdated today as the phone booth. When users work around the clock, so must the network. With a managed IT provider, help is always available — days, nights, weekends or holidays — to support users.

5. Shifting the burden of compliance

In addition to regular audits, many organisations are obligated to meet standards and requirements with their IT initiatives. Reporting and security are imperative in the healthcare, education, financial services and retail industries. DSM understands the regulations that organisations are bound by and can provide the systems, processes and reports to guarantee that organisations meet their requirements — without placing that burden on in-house staff.

6. Predictable monthly costs

Every IT investment comes with peripheral costs. Organisations need adequate networks, storage, and security. They must train staff, deploy systems and manage equipment. Unexpected costs arise at any time. By outsourcing initiatives to a managed IT provider, organisations can break down their costs into fixed monthly payments. Instead of the large capital expenditures that come with managing systems in-house.

To discuss your requirement or book a free IT review please contact us @ support@dsmgroup.co.uk or call 03333 22 11 00

 

pen testing
Posted on By Author DSM Group Categories blog, Cyber Security

A quick guide to effective pen-testing

Do you want to uncover vulnerabilities before a Cyber hacker exploits them? Maybe you are already aware of your network’s vulnerabilities, but need a third party to argue that your network security needs additional investments? Or does your Business need penetration testing services to comply with a certain security regulations.
Here is guide that explains the best practices to be used before, during and after network penetration testing.

 1.)  Pre-Test Stage

This section lists the activities to pay attention to before penetration testing.

  • Define the scope. Regardless of the pen-test type, list the number of networks, the IP address range within one network, subnets and computers to avoid any misunderstanding. Otherwise, pen testers might leave some network systems unattended or worse, hack some third party systems.
  • Define the time frame. Penetration testing shouldn’t disrupt your company’s everyday operations. Imagine if a pen tester used a technique involving heavy network traffic. If used at peak times, it could overload the network and crash it.
  • Decide if you want your IT security and technical information to be in the know. Unannounced penetration testing is good to assess the status of your security team. Yet, it may slow down the process or even block it, for example, by cutting access from internet for pen testers.

2.)  Test Stage

This section covers practices followed by pen testers while conducting network penetration testing.

  • Gather as much customer information as possible. Pen testers use the customer’s website, WHOIS databases and web search engines.
  • Conduct a network survey. This process provides pen testers with server names and domains, the range of IP addresses owned by the organisation, information about closed and open network ports, running OS and services.
  • Determine existing vulnerabilities. At this stage, pen testers scan the network looking for vulnerabilities to use for penetration attempt. Vulnerability scanning can be automated and manual. A combination of the two methods will boost the effectiveness of the process considerably.
  • Identify suitable targets. Pen testing will always be conducted within a time frame set by you. So, out of the list of vulnerable targets on your network, it’s essential to choose the proper ones not to waste time and effort doing unnecessary job. It would be sensible to choose the servers, as the primary targets for penetration testing.
  • Attempt penetration. To exploit vulnerabilities, pen testers use specialist, customised tools. These tools categorise vulnerabilities based on the severity. This helps to provide a customer with a report of vulnerabilities that need to be fixed immediately.

3.) Post-Test Stage

Network penetration, as such, is over. But the penetration testing procedure isn’t. Two stages are left: cleaning up and report generation.

  • Report generation. A well-structured report is a welcome hand in risk management. It should start with an overview of the penetration testing process followed by the most critical network vulnerabilities that need to be addressed in the first place. Afterwards, fewer critical vulnerabilities should be highlighted.
  • Cleaning up. Pen testers’ code of practice doesn’t allow to leave any surprises in your network. To keep it clean, pen testers should maintain a detailed record of all actions performed throughout the stages of penetration testing.
man in the middle
Posted on By Author DSM Group Categories blog, Cyber Security

What is a Man-in-the-Middle Attack and How Can You Prevent It?

 

This type of cyber crime is very common and on the rise, so here’s what you need to know about MITM attacks, including how to defend yourself and your business against them.

What is a man in the middle attack?
The idea behind a man-in-the-middle attack is straight forward: Intercept traffic coming from one computer and send it to the original recipient without them knowing someone has viewed, and potentially altered, their traffic.
MITM attacks give the perpetrator the capability to steal funds, redirect a browser to a malicious website, or steal information to be used in later cyber crimes.

These are three popular types of MITM attacks your business will most likely encounter:

1. Email Hijacking
Hackers target and gain access to important email accounts, they will then monitor activity and transactions to make their eventual attack a lot more convincing. For example, they could wait for a scenario where the customer is sending money and respond, spoofing the company’s email address, with their own bank details instead of the company’s. Unfortunately, the customer thinks they’re sending their payment to the company, but they’re really sending it right to the hacker.

2. Wi-Fi Eavesdropping
Most MITM attacks rely on Wi-Fi connections. Hackers will set up a Wi-Fi connection with a legitimate-sounding name and all the hacker has to do is wait for you to connect and they’ll instantly have access to your device. Alternatively, the hacker can create a fake Wi-Fi device disguised as a legitimate Wi-Fi access point to steal the personal information of everyone who connects.

3. Session Hijacking
When you log into a website, a connection between your computer and the website is established. A hacker will then hijack your session with the website through various ways. One option they use is stealing your browser cookies. Your cookies store small pieces of information that makes web browsing convenient. It can be your online activity, login credentials, pre-fill forms, and in some cases, your location. If hackers get hold of your login cookies, they can log into your accounts and assume your identity.

“Who is the typical target of a man in the middle attack?”

Any person or any business could be the target of a MITM attack.

How do I prevent man-in-the-middle attacks?
There’s no simple ‘quick fix’ to protect yourself against MITM attacks, however here are a few to help you:

  1. Only connect known, trusted devices to your Wi-Fi networks. Don’t allow devices to automatically connect.
  2. Make sure all access points are secured and encrypted. Attackers that rely on physical proximity can be kept off a network by good security.
  3. Keep an eye out for phishing emails that request you to click to log in to a website.
  4. Train your staff to become a ‘Human Firewall’
  5. Make sure operating systems are patched and updated to prevent attacks that exploit weaknesses.

How would your business stand up against a Cyber attack?

o365 backup
Posted on By Author DSM Group Categories blog, Cloud Backup, Cyber Security, System Security

6 Reasons Why Office 365 Backup is Critical

While you are reading this, you may be thinking “Doesn’t Microsoft take care of Office 365 backup?”
It’s important to remember that SaaS platform providers, like Microsoft Office 365, take on the responsibility of application uptime and the underlying infrastructure. But it is the customer’s responsibility to manage and protect their vital business data.

We’ve identified 6 reasons why backing up Office 365 is critical:

  1. Accidental deletion: If you delete a user, whether you meant to or not, that deletion is replicated across the network. A backup can restore that user, either to on-premises Exchange or Office 365.
  2. Retention policy gaps and confusion: Office 365 retention policies are hard to keep up with, let alone manage. A backup provides longer, more accessible retention all protected and stored in one place for easy recovery.
  3. Internal security threats: Many businesses are experiencing threats from the inside, and they are happening more often than you think. Having a high-grade recovery solution mitigates the risk of critical data being lost or destroyed.
  4. External security threats: Malware and viruses have done serious damage to organisations globally in just the past year alone. A backup can easily restore mailboxes to an instance before the attack.
  5. Legal and compliance requirements: Ensure you can retrieve mailbox data during legal action and to meet any regulatory compliance needs.
  6. Managing hybrid email deployments and migrations to Office 365: Whether you are migrating to Office 365 or have a blend of on-premises Exchange and Office 365 users, the exchange data should be managed and protected the same way, making the source location irrelevant.

It is always nice to hear how our customers and partners are validating our solutions. IT Manager at Egelim Lojistik A.S.
Before this product I thought my emails were safe. Now, I am sure they are safe.”
Every customer can be confident that as they move to the cloud and expand their infrastructure, Veeam is there to protect and ensure Always on Availability.

Read the May 2017 Gartner Report: Adopt Microsoft Office 365 for Damage Control and Fast Recovery After Malicious Attacks. We believe this Gartner report can provide more information on Office 365 Backup.

 

 

cyber attack
Posted on By Author DSM Group Categories blog, Cyber Security, Disaster Recovery

What is it like to be the victim of a cyber-attack?

What should you do to protect your business from further damage?

Should you pay that ransom demand? – Here’s a scenario based on real-life experiences.

Scenario

IT staff at fictional High Street Solicitors firm Graham Solicitors head office have been caught by a phishing email. A member of staff clicked on a link to a spoof website because they thought the email looked genuine. It wasn’t. That was two months ago. Today, is when it all goes wrong…

Tuesday 09:00

Mick Rayall, Graham Solicitors’ IT administrator, began his day clearing the company’s email inbox of the usual junk, but one message stands out. His heart stops.

“We have more where this came from. We will contact you shortly with our demands,” further down the message is someone’s name, email address and credit card details.

Mick hopes it’s a hoax, but can’t take the risk. He calls the companies security officer, Steve Richardson. Steve isn’t impressed as he’s on holiday in America where it’s 4:00am.

“This had better be important,” he sneers. Mick forwards the suspect email.

“Have we checked the credit card number?” Steve asks, with tension and sincerity in his voice. “Is it one of our customers?”

“When did we get this?” Steve snaps.

“Er, it would appear we got it yesterday just after work, so I didn’t notice it until first thing this morning.”

“So we are 12 hours into this?”

“Er, yes,” Mick mumbles sheepishly.

Tuesday 14:30

“We’ve just got a second email come through,” Mick tells Steve. “It’s a ransom demand for £15,000 in the Bitcoin crypto-currency. We have to pay by 21:00 BST or they are going to delete all of our customer records.”

“What?” shouts Steve. “I thought you told me they only had one?”

“Er, no. They are claiming to have them all.”

In a cold sweat, Steve calls Graham Solicitors’s legal counsel Margaret Greaves for advice. She has to dial in several times as her headset isn’t working properly. Her voice keeps dropping out during the conversation.

“It looks like there is a potential breach,” she says. “Don’t respond to that message. I’ll need to review our existing legislation so we know where we stand.”

“What about the police?” asks Steve, his holiday now thoroughly ruined. “Who are we going to notify?”

Tuesday 15:30

Things are rapidly spiraling out of control for Graham Solicitors. The hackers have sent a sample of customer names and credit card numbers they hold.

Steve has now confirmed that the sample is genuine.

“How about if we shut down the website?” asks Mick. “Then we can limit the risk.”

Margaret butts in. “Before we do that, who should we tell first? What’s the data breach policy?”

“I thought that info came from legal,” says Steve.

“Aren’t you in charge of data protection?” Margaret asks Mick.

“Nope, not me…”

“Oh no, is it me?” asks Steve dispiritedly. “Anyway, if we take down the website that’ll just draw attention to ourselves won’t it? I’m not sure if that’s the right thing to do.”

“Me neither,” says Margaret.

Graham Solicitors’ head of public relations, Katie Ellis, has been called in to the situation.

“This is not good,” she exclaims rather obviously. “We didn’t protect our customers’ private data. There’s a chance we’re gonna get hammered for this.”

She points out that the company has a promotion running on the website currently.

“We’re driving people to the website right now. What about their details? Are they being stolen too?”

“Quite possibly,” says Steve. “We’ve got to shut down the site – or the eCommerce side of it anyway. And then we’ve got to decide whether or not to pay their ransom.”

Tuesday 17:30

Katie Ellis has drafted a public statement but doesn’t propose releasing it until people start asking questions.

“We can just say we are experiencing an incident and do it reactively,” she says.

“No – not an incident – a breach,” Steve advises.

“Don’t use the word ‘breach’ – not yet anyway,” Margaret pipes in, thinking of the legal ramifications. Mick bursts in on the conference call.

“We’ve found some malware! We had an email come in that went to in to quarantine, we checked it out and it has an attachment. That could be it.”

“Ok, you haven’t clicked on it have you?” asks Steve, his day rapidly going from bad to worse.

“Er… I just thought it would speed things up…”

Steve swears and drops out of the call to get his security staff to check for any more damage.

Margaret turns the conversation to informing the Information Commissioner’s Office.

“We can report it online or phone them,” she tells them. “But we need to say what we did to reduce the problem.”

“We were supposed to get new threat detection software last year, but we never got round to it so it wasn’t replaced,” says Mick. “It just didn’t happen – I never got to do it.”

“Well don’t tell I.C.O. that,” Margaret shouts. “If we can’t show we have satisfactory controls in place we could be in a bit of trouble. And the cyber-insurance firm might not pay out.”

Later, Steve confirms that most recent phishing email turned out to be a red herring, but tells the team: “We’ve found a phishing email sent two months ago that was linked to a log-in page made to look like the one for our online backup provider. That’s how they got in.

“Ok, we have to handle things better from now on,” Steve concludes. “There’s no doubt in my mind that this will happen again, and it’s only going to get worse.”

So what should Graham Solicitors have done?

Reacting late has put Graham Solicitors on the back foot. You need to move very quickly in these situations otherwise the Cyber attackers will decide the pace.

A poor understanding of data breach laws made the business vulnerable. They obviously did not have a breach policy in place nor did they know who was responsible for each role.

The firm should have:

  • prepared a cyber-security breach plan with step-by-step actions to take
  • rehearsed this plan with staff
  • decided who is responsible for what during a breach
  • notified third-parties and suppliers
  • BE PROACTIVE -partner with an IT Cyber Security specialist for proactive support in the event of a breach
  • refused to pay the ransom – there is no guarantee the data would be given back.

And if your firm is the victim of a data breach:

  • identify where the incident came from
  • contain infected devices (get them offline)
  • assess how many machines have been affected
  • restore lost data from back-ups
  • BE REACTIVE – partner with an IT Cyber Security specialist to make sure this doesn’t happen again.
1 2