The human factor is a large part of your business’ cyber security protection.  Spam filters, anti-virus, anti-malware, firewalls etc can only do so much to protect us and our businesses.  85% of breaches have a human element involved!  This means we need to continually invest in training and awareness of our employees.

If there was a piece of technology or a way to ensure that people never clicked on the link or opened the attachment of a suspicious email, whoever invented it would become a billionaire overnight.  However, as such a piece of kit does not exist, we need to think about training the human element to spot such emails and potential attacks.  One training course is also not going to be enough to make a difference, continuous training is required to keep the learning fresh and current.  The forgetting curve shows that in just as little as 20 mins, we already have forgotten 40% of what we learnt.  The same study that developed the forgetting curve learnt that repetition in learning over a period of time increases the percentage of knowledge retained.

This highlights that with something as important as your cyber security it really is a necessary component of your protection that you enrol your employees in continuous security awareness training.  Here at MJD, we partner with KnowBe4 to provide our clients with continuous training through the form of fake spam and phishing emails and schedule training videos that are sent out to all employees at a company enrolled in the training scheme.  This also allows for analysis of users response times to the fake emails and how they interact with them, allowing the training to be tailored to each user.

If you are interested in starting a cyber security training programme for your employees, get in touch with the team here at MJD!

This week we wanted to give you some pointers on how to make the most of your IT budget for this year.  We always recommend our clients speak with us about their IT budget and allow us to help advise them on what is required to be done this year and what they could look to do as improvements.  IT doesn’t have to be a scarey and large cost centre to your business.  We want to make your IT work for you and to do that we can help to demystify and help plan your IT spend.  Nobody likes something which is unpredictable or unknown, so let us help you to make it a known and quantifiable cost that allows you to plan and make better decisions for your IT infrastructure. Let’s dive in!

The first thing to consider is are there any major items in your IT infrastructure that will need replaced or be an additional requirement this year?  For example, servers, switches, routers, networking hardware or software upgrades etc.  Then, consider the recurring IT costs you might have for support, software etc.  Once you have accounted for these costs and set these funds aside you will now be able to see what funds you have available for improvements.

Once you have worked out your available funds for improvements, you can now make decisions easier on any requests you get from staff for new PCs, laptops and other devices.  When you know what is available to be spent on improvements and additional kit, the question of if you can afford it in your budget is already answered, leaving you to weigh up the business benefits to the new device.  If you don’t have any requests from staff for new devices a great place to start is to look at the age of all your devices and plan in to replace the older devices over the course of this year with the remaining IT budget.

If you roll this approach out to your IT plan each year and schedule replacing your older equipment, you will start to see less and less “failures” of PCs which bring unexpected costs and expenditure, and is unpredictable by the nature of failure.  Where you will end up is in a position with planned, predictable and expected IT costs.  If you’d like to discuss your IT budget the team here at MJD would be more than happy to help you plan your IT requirements for the coming year.

Are you considering getting IT support for your business?  It can be difficult to carry out the research and determine who would work best for your business with so many sources of information to consider online.  So this week we want to give you 4 key areas to focus your research and questions on for your short list of IT support providers.  Let’s look at each area in turn.

Experience

Do they have experience in the IT industry?  This is an important question to determine the reliability of the IT support you will receive.  If they have good experience in the IT support industry, they will be better equipped to provide you with reliable and timely response to IT issues.

Do they have experience with your industry?  How can they demonstrate this experience to you?  Do they have references and recommendations?  It is important that your IT support provider has experience in any software packages you use as a critical part of your business, and if they have current or previous experience of working with companies in your industry this can help with resolving specific issues that arise with your software packages.  Without this knowledge, it could increase the time taken to troubleshoot such issues.

Knowledge

Does the company and their engineers have the current qualifications that you would expect or desire from an IT support provider?  Ask if they regularly invest in their engineers training and that they have the required qualifications to ensure they can provide the services that you need.  Ask about the skills available with their organisation to get an understanding of the breadth and depth of the knowledge of the engineers that will be working on your IT.  Do they have the knowledge and expertise on all the services you require them to look after?  But sometimes it’s not just about the technology, what about your local area?  Are they aware of any challenges that make the area your business is based in unique? The team here at MJD certainly know that the North of Scotland has a variety of different challenges based on the rural and remote locations of some of our clients and this needs to be factored into their IT requirements to ensure that the solutions work for their circumstances.

Products and Services

What relationships do they have with the best IT services for things such as Cyber Security, anti-virus, remote management, back-up, Microsoft offerings etc?  Do they have dedicated account managers and partnerships with these services and tools that they will provide to you to help you run your business efficiently?  Once they provide this information, ask yourself if this is the standard of products and services you want or require for your business.

Contract Options

What support contracts do they offer and what are their response times for each offering?  You need to know going into any support contract what response time to expect for the service you are purchasing from them.  This will help you to both have a more successful and low stress relationship going forward, allowing for the chance at a very productive business using IT to your advantage.

If you want to ask MJD about any of these questions please don’t hesitate to get in touch with the team here at MJD.  We’d be more than happy to help.

VPN stands for Virtual Private Network.  It allows you to connect to a different network securely over the Internet.  They can be useful to protect your business activity when working on public wi-fi as well as a few other roles.  VPNs give you the security by encrypting your internet traffic and hiding your IP address in a secure tunnel.

The VPN allows the device you are working on to connect to another device, for example connects your laptop at home to a device in your office, and then allows you to work on files on that device in your office.  This means that your laptop at home now acts like it is on the network you are connected to and allows you to access the local resources on that network.

Let’s now discuss why you might need a VPN or the circumstances in which a VPN would be highly recommended:

  • Using public wifi
  • Access to files and data while away from the office
  • Privacy online, particularly when travelling

When using public wifi without a VPN anyone else on that network could easily intercept and steal your data such as passwords etc and monitor your online traffic, allowing them to steal your identity.  Using a VPN while on a public network means that your online traffic and the data this creates is within a secure tunnel and is very difficult to intercept.

VPN can also allow you a secure way to access important business data and files on your office network while you are away from this network.  The VPN will provide you with an encrypted connection to help prevent data leakage.

If you are concerned about your privacy online and the data tracking and monitoring that your ISP may be sharing with advertisers and other third parties, a VPN will stop this tracking and protect your privacy from third parties your ISP may share the data with.

If you are considering employing the use of a VPN service and want some more tailored advice and guidance for your circumstances please don’t hesitate to get in touch with the team here at MJD we can provide you with the latest encryption and security services.

This week let’s discuss the top 5 IT tasks to focus on this new year.  We will go into each one in more detail and link to some of our previous blogs to help you make plans and set goals for your IT for 2022.  Let’s look at the top 5 tasks first:

  • Security
  • Work From Home Hybrid Setups
  • Cloud services
  • Microsoft 365 licensing Changes
  • Forward Planning for Hardware Requirements
  1. Security

No matter the time of year security should be the top of your priority list when considering your IT setup.  However, let’s make 2022 the year we all take a proactive step to cyber security rather than a reactive step when a cyber attack happens.  MJD can help you on your proactive security process through getting Cyber Security accreditation and advising solutions that are suitable for your circumstances.  You can read our blog on Cyber Security accreditation here and all our other security related blogs are tagged so you can easily filter and read more on particular topics.

  1. Work from Home Hybrid Setups

As the global pandemic is still with us and affecting the way we live our lives and how we work, we would always recommend considering your office setup.  Do you have the capability to allow employees to securely and productively continue to work from home if required.  Also, don’t just consider this for the pandemic, think beyond the pandemic and the flexibility that this can give your company and your work force, that for whatever reason they can’t work in the office they can continue to work and allow your business to function.  From an office fire or flood which leaves you without a workspace to snow stopping employees travelling to the office, if you have the capabilities and technology in place, business can continue.  We have a blog here on our essential WFH equipment and a blog on the considerations of the WFH environment and your business security here.

  1. Cloud Services

This area ties in nicely with the previous area, but should be given it’s own importance and time to be considered as this can benefit the business not just for the WFH benefits.  As more and more of the software we use daily offers cloud based options it is important that we make ourselves aware of these if the options are available to us.  Cloud based services can give us the flexibility to work from anywhere and reduce the capital costs required with servers and the maintenance of this equipment.  Most cloud services are monthly based subscriptions so allow you to budget for a fixed cost each month and not have to guestimate your maintenance budget on servers and any parts that may be required further down the line for them.  We wrote a blog on what is the cloud which you can read here.

  1. Microsoft 365 Licensing Changes

This year Microsoft are making some changes to the way in which they offer their 365 licensing.  These changes will see a shift from monthly licensing charges to annual commitments and we would urge you to speak with your Microsoft 365 provider to plan and discuss the impact this may have on your business in the coming year.  We will be in touch with all our clients to discuss these changes.

  1. Forward Planning for IT Hardware Requirements

Unfortunately, the worldwide chip shortage is going nowhere anytime soon, so we still need to consider our IT hardware requirements as far in advance as possible.  We are still seeing shortages of equipment with no forecast dates of arrival of the stock to our suppliers from the manufacturers, so the more time you can give your IT service provider to get the hardware the more chance of success you will have.  You can read our blog on the chip shortage here.

If you would like to discuss any of these IT areas and would like help to plan your IT for 2022 please don’t hesitate to get in touch with the team here at MJD, and let’s make 2022 the year your IT works for YOU!

 

MERRY CHRISTMAS FROM EVERYONE AT MJD SYSTEMS

Mark, Jill, Craig, Ian, Gareth, Marko, Lawrence, Aidan, Natalie, Audrey, Flora, Skye & Jax

WISH YOU ALL THE BEST FOR 2022

Our Office will close at midday on Friday 24th December and will re-open on Wednesday 5th January 2022

This year again we have decided not to send Christmas cards and we will donate the money to our nominated charity.

As we get nearer to the 26th of December, the elves will need to setup their out of office message ready for when they finish helping Santa on Christmas day!  The team here at MJD want to give them some advice and a how to video on setting this up in Microsoft Outlook.  We have previously highlighted Microsoft’s Online training library for Office products in this blog here.  But we’d like to direct the elves to this video from Microsoft which will take them through how to setup their out of office and the various settings they can change.

Microsoft Training Video – Out of Office

In terms of the content in their out of office, we’d encourage them to think about including only the information that is necessary and using the different messages for internal and external emails.  We went into more detail in our previous blog on out of office replies which the elves can read hereThey should try to limit the amount of detail in the external out of office to ensure that possible scammers can’t glean more information about their situation or company to be able to devise a social engineering hack.  One of our blogs from 2020 discussed social engineering and we included a video to show you the ease with which social engineers can hack into your personal accounts with just a few of your personal details, which you can read and watch again here.

 If you have any questions on out of office replies or cyber security in general please don’t hesitate to get in touch with the team here at MJD.

Rudolph will be preparing his usual Christmas email to be sent to all the hardworking elves and Santa’s suppliers to wish them a Merry Christmas from his fellow reindeers and Mr & Mrs Claus.  But what does he need to consider from GDPR while sending his email?  The team at MJD wanted to give Rudolph some guidance and advice to keep everyone’s data safe.

Rudolph can still send a Christmas email to all his intended recipients; he just needs to consider the content in his email.  If he wants to include direct marketing and the emails are sent to individuals, then he would need to ensure he has the individuals’ consent to receive this type of communication.  However, if he just wants to wish everyone Merry Christmas and all the best for the New Year without any marketing included this will be fine.

Another important email feature that Rudolph should make use of is the Bcc box.  This will mean that he doesn’t give anyone’s data or contact information to anyone else in the email.  It is a very simple function, but a very important one for a Christmas Wishes email.  This advice should allow Rudolph to send a successful Christmas message for Santa and the other reindeer.  If you have any other questions around GDPR and cyber security, please don’t hesitate to get in touch with the team here at MJD.

Santa has a very important responsibility with his Christmas Lists, as they contain a lot of personal data!  This means they come under GDPR because of the personal identifiers held on the list.  So, what advice would we give Santa if he came to MJD for IT support on keeping his Christmas Lists safe and secure, let’s jump in:

  • Ensure that he has them stored electronically in a location that is backed up regularly.
  • Ensure that only the elves who need access to the lists have access to the lists and review permissions every year.
  • Only store the data he needs to on the individuals on his Christmas List and clearly state why he is keeping the data.
  • Ensure that the lists are held securely and adequate protection measures put in place.

So, for Santa to do this we’d recommend the following:

  • Layered security software to protect all devices on his network (antivirus alone is no longer sufficient).
  • A robust back up system, such as a Datto.
  • Have permission levels and security groups setup for users on the network.
  • Review the data each year and check that he still needs to keep the data and if so for how long (For Example – scrooge should be removed from the list).
  • Review his processes for data requests, right to erasure requests and correcting data held (For Example – if the grinch wants his data removed then he can ask and it will be done.)

We here at MJD are always happy to help Santa with his IT support requests to ensure he can concentrate on his core business activities of delivering presents to all the lucky girls and boys.  If you would also like some advice on GDPR and cyber security please don’t hesitate to get in touch with the team here at MJD.

 

We all love to get the most for our money, but we want to highlight the potential dangers that lurk within “Black Friday Deal” emails.  We encourage everyone to exercise just as much caution, if not more, before you click on any link within these emails.  Our previous blog posts on phishing emails and staying safe within your emails are linked here: The silent threat in your InboxGone Phishing!

We urge everyone to remember, these emails are just as likely as any other type of email to be spoofed by cyber criminals to get you to click on the link.  They may even allow you to buy a product, albeit a counterfeit product, to get your details and your money.  If you do receive an email with a deal you’d really like to purchase from a trusted shop, try typing the website straight into the web address bar in your browser and finding the product that way.  Then you don’t have to worry about clicking on a potentially malicious link.  In the past twelve months alone, the Active Cyber Defence programme has removed 113000 malicious URLs from fake online shops where consumers ended up with counterfeit goods or nothing at all.

The National Cyber Security Centre offer some great advice on keeping yourself safe while online purchasing this Black Friday here.

They offer some key top tips such as:

–              Be selective of where you shop

–              Only provide necessary information

–              Use a secure and protected payment method

–              Keep your accounts secure

If you do receive a suspicious-looking email over this festive period, forward it to report@phishing.gov.uk for the NCSC and the City of London Police to include it within their Suspicious Email Reporting Service.

As always, if you think you have fallen victim to a scam email or phishing email please don’t hesitate to contact the team here at MJD to help you get yourself or your business secure again.  And if you find any great black Friday deals let us know too!