Cyber Security – How aware are you of the growing risk?

Majority of business now have their data stored within a network and its availability will determine productivity, so one cannot afford to take the view ‘it would never happen to me’ as in a recent PWC study 87% of SME’s and 97% of large corporations experienced a form of security breach last year! So, why in a recent BT study it showed that only 17% of UK businesses class it as a main IT priority compared to 41% in the US?

Data breaches can have huge implications such as financial losses to damages to brand reputation. For example in the PWC report states the average cost of a breach to a SME is £35k – £65k and to a large corporation it is £450k – £850k!

Financial losses such as these will undoubtedly disrupt cash flow and create a dent in the company finances, causing a knock-on-effects on operations. So with consequences such as this, why are only a small amount of UK businesses worried about Cyber Security and have it as a priority, could it be the lack of knowledge on the topic?

It is a common belief that data breaches are from external threats but, it has been suggested employees often play a key role in breaches – like the PWC report states ‘serious security breaches are often due to multiple failures in technology, processes and people’.

This is further reinforced by Avecto recent article suggesting ‘that removing admin rights would mitigate 96% of critical vulnerabilities affecting Windows operating systems, 91% of critical vulnerabilities affecting Microsoft Office and 100% of vulnerabilities in Internet Explorer.’

This highlights the value of educating employees on security procedures that need to be followed and what the implications are if they are not. It also shows by having the correct privileges or admin rights in place for each user depending on their job role can make a significant difference in safeguarding the IT network.

When facing Cyber Security an attitude of safeguarding and it might happen to me is required. By being proactive to maintain a secure IT network environment, a need for continuous monitoring and amendments and most importantly educate employees on cyber security.

For more information or advice on IT security please contact us

Advertisements

Implementing Virtual Desktop Infrastructure: Steps You Might Consider

Virtual Desktop Infrastructure (VDI) is simply a different way users can access their desktop – remotely. By transforming tradition desktops into a cloud-like service it offers flexibility and scalability allowing employees to remote-in anywhere and on any device.

If you are thinking of implementing VDI at your workplace we have put together a few steps that you may want to consider.

  1. Choose the Right Virtualization Approach – A company can virtualize in different ways so, a decision needs to be made between whether to virtualize the entire desktop environment on a server. Or create remote access terminals where applications are hosted on a central server.
  2. Assess the Network before Development – Conduct an assessment of the network to check whether there will be adequate bandwidth to support the peak load of each virtual desktop user.
  3. Evaluate the Different Thin Clients – To implement VDI you will need to decide on a ‘Thin Client Terminal Management Software System’. It is advisable for businesses to look at how each department uses different applications in order to choose the most suitable option and to test which will provide the best interface and usability for the business needs.
  4. Develop a Desktop Virtualization Strategy – Servers are the heart of desktop virtualization so, check whether the current infrastructure has the sufficient capacity to deploy VDI. You will need to check whether the Critical CPU, memory, I/O resources are available to support the peak processing demands of users and make sure the datacentre SAN has enough storage to host all the virtual desktops you are planning to implement.
  5. Security – It is fundamental to have strong security measures controlled by IT administrators, they should implement access control and configure each user with the right access level and policies. When deploying VDI it is also important to have endpoint security in place to secure each endpoint.
  6. Choose a Data Backup solution – In order to backup your new Virtual Desktop Infrastructure a virtual or cloud backup solution will be required.  You can use products such as Veeam and Doubletake; each will offer great benefits but, you need to choose the one that is most suited to the business disaster recovery planning requirements.
  7. Plan, Communicate and Deploy – The length of time it takes to deploy VDI in a corporation depends on the size of the company. But, once a plan is in place it should be communicated to the employees stating the benefits of this change, the timescales and any expected downtime that may occur. This will help eliminate confusion, doubts and gain employees buy-in.
  8. Finally, Test your Backups – Always conduct backups regularly, consistently and check whether they were successful to ensure you will always have an up-to-date copy of your data in case of a disaster.

For more information on VDI and how you could benefit contact us today.

Netshield has been Shortlisted for an Export Award!!

It will soon be time for the team at Netshield to put on our dancing shoes as we are selected as one of the three finalists in the Export category for the Express and Star Business Awards 2013.  The winners of the different categories will be announced at the glittering awards ceremony held at the Wolverhampton Racecourse on 16th May 2013.

So it will be all fingers crossed until then…

For full news story check out our website

Considerations when Implementing Security on your IT Network: Business of Cybercrime Series – Part 3

The lack of adequate protection and defences on an IT network would make a business vulnerable to hacking and the implications can be damaging, often the damage is dependent on what mood the hacker is in and what devastation they would like to cause.

Effects from a hacking can disrupt business operations, causing downtime, corrupt data, affect brand perception and reputation. Being a victim of cybercrime can also mean the business breaches the data protection act or experience compliance breaches.

With technology moving so quickly within the IT market, there are a number of methods and products to choose from – the key is to choose what is right for your network.

You need to consider:-

  • What type of IT infrastructure does the business have? Virtual or Physical?
  • What are your data requirements?
  • What would you consider to be your critical data or programs?
  • What security is currently implemented on your network?

Rule of thumb is a full assessment of the current security situation and the condition of the infrastructure is necessary, in order to help determine what is the right solution for your business.  After the assessment, you can then decide on which method or security brand would be most suitable.

3 methods of protection:-

Anti-Virus

Is software to help defend you against viruses and other malware threats including Trojans, worms and sometimes spyware; however, the level of protection provided by the anti-virus is dependent on the one you choose.  Well-known brands include Sophos, Symantec and Kaspersky.

Firewall

A firewall helps to prevent unauthorized access to a computer or a network, there are two types ‘network firewall’ and ‘client firewall’.

A network firewall is installed on the boundary between two networks, normally located between the internet and a company network – it can be either a device or software running on a computer that acts as a gateway to the company network.  Whereas, a client firewall is when software is installed and runs on an end users computer, protecting only that particular computer.  Well-known network firewall brands include SonicWall and Watchguard.

Encryption

This secures your data by encrypting your desktops, laptops, emails, USB’s files and other devices; it prevents unauthorized access where the information can only be accessed by entering an encryption key or password.

For an IT network it is advisable to have at least Firewalls and Anti-Virus software installed. For businesses that uses mobile devices and have a mobile workforce who carry business data around, encryption is recommended. For example, 2-factor authentication can be implemented on business mobile phones, to ensure if the phone was lost or stolen it will help prevent others using it because it is a secure method that seeks to decrease the probability that the user is presenting false evidence of its identity. Well-known 2-factor authentication brands include Cryptocard and Vasco.

Other ways of encryption includes installing a type of software on a device where data is automatically encrypted, email encryption and manual encryption where the user chooses what data requires encoding.

So, regardless of the size of the organisation security is necessary for protection as data is a key asset and is also valuable in the wrong hands.

When it comes to cybercrime business should not think it ‘will never happen to me’, ‘My data isn’t worth the hassle’ but, the truth is, cybercrime criminals do not discriminate, if you have business data you can potentially be a target.

For more information on how to protect your business data please feel free to contact us.

Business of Cybercrime Part 1: With everything turning digital, why not crime as well?

Cybercrime is on the increase as we generate more and more digital data on a daily basis, this is especially the case within organisations. It was found in government reports cybercrime cost the UK economy £27billion pounds where £21billion was cost to businesses. They describe cybercrime as ‘any illegal activity that uses a computer or the internet as its primary means of commission to include any activity that uses a computer as a storage device’; as the Cabinet Office suggest ‘Technology has enable old crimes to be committed in a new and subtle way’.

Typical examples of business cybercrime:-

  • Information Theft
  • Extortion
  • Corporation Identity Theft
  • Reputation Attacks

Data is an organisations key asset and we generate more everyday whether it is from a simple email or the creation of a new contract – data is invaluable and in the wrong hands things can take a nasty turn.

For example: In May 2012 ‘Hackers Blackmail Belgian Bank with Threats to publish their Customer Data’. The company experienced a data breach, where the hackers claimed to have captured login credentials and tables with online loan applications holding details such as full names, job descriptions, contact information and income figures. Hackers demanded payments of around US$197000 and they would not publish the data. According to the hackers the data was stored unprotected and unencrypted on the servers. Luckily for the company, hackers did not follow through with the threat.’ – Source: CIO.com  

This case is classical example of a business being victims of information theft and being extorted for their security vulnerabilities. Would you be able to predict what it would cost the business if a cybercrime incident occurred? What if your IT infrastructure is hacked, data is stolen and the Information Commission Office imposes a hefty fine? What if a hacker decides to ruin your company reputation?

Cybercrime affects different businesses in different ways and it is unpredictable; so, when it comes to cybercrime precautionary measures are necessary in order to decrease the risk of becoming a victim.