Santa has a very important responsibility with his Christmas Lists, as they contain a lot of personal data!  This means they come under GDPR because of the personal identifiers held on the list.  So, what advice would we give Santa if he came to MJD for IT support on keeping his Christmas Lists safe and secure, let’s jump in:

  • Ensure that he has them stored electronically in a location that is backed up regularly.
  • Ensure that only the elves who need access to the lists have access to the lists and review permissions every year.
  • Only store the data he needs to on the individuals on his Christmas List and clearly state why he is keeping the data.
  • Ensure that the lists are held securely and adequate protection measures put in place.

So, for Santa to do this we’d recommend the following:

  • Layered security software to protect all devices on his network (antivirus alone is no longer sufficient).
  • A robust back up system, such as a Datto.
  • Have permission levels and security groups setup for users on the network.
  • Review the data each year and check that he still needs to keep the data and if so for how long (For Example – scrooge should be removed from the list).
  • Review his processes for data requests, right to erasure requests and correcting data held (For Example – if the grinch wants his data removed then he can ask and it will be done.)

We here at MJD are always happy to help Santa with his IT support requests to ensure he can concentrate on his core business activities of delivering presents to all the lucky girls and boys.  If you would also like some advice on GDPR and cyber security please don’t hesitate to get in touch with the team here at MJD.

 

We all love to get the most for our money, but we want to highlight the potential dangers that lurk within “Black Friday Deal” emails.  We encourage everyone to exercise just as much caution, if not more, before you click on any link within these emails.  Our previous blog posts on phishing emails and staying safe within your emails are linked here: The silent threat in your InboxGone Phishing!

We urge everyone to remember, these emails are just as likely as any other type of email to be spoofed by cyber criminals to get you to click on the link.  They may even allow you to buy a product, albeit a counterfeit product, to get your details and your money.  If you do receive an email with a deal you’d really like to purchase from a trusted shop, try typing the website straight into the web address bar in your browser and finding the product that way.  Then you don’t have to worry about clicking on a potentially malicious link.  In the past twelve months alone, the Active Cyber Defence programme has removed 113000 malicious URLs from fake online shops where consumers ended up with counterfeit goods or nothing at all.

The National Cyber Security Centre offer some great advice on keeping yourself safe while online purchasing this Black Friday here.

They offer some key top tips such as:

–              Be selective of where you shop

–              Only provide necessary information

–              Use a secure and protected payment method

–              Keep your accounts secure

If you do receive a suspicious-looking email over this festive period, forward it to report@phishing.gov.uk for the NCSC and the City of London Police to include it within their Suspicious Email Reporting Service.

As always, if you think you have fallen victim to a scam email or phishing email please don’t hesitate to contact the team here at MJD to help you get yourself or your business secure again.  And if you find any great black Friday deals let us know too!

As a Cyber Essentials accreditation body here at MJD, we always highly recommend our clients go through the process of Cyber Essentials and always encourage clients to take the next step in their security journey to Cyber Essentials Plus as well.  But, we often get asked why they should take these steps to become accredited, so today let’s explain our reasoning behind the recommendations of becoming a Cyber Essentials accredited company.

The process of achieving Cyber Essentials accreditation should be viewed as a method of checking your current work practices and identifying areas that need improvement to achieve the accreditation.  The process of becoming accredited acts as your checklist to ensure and know that your company is hitting a certain level of cyber security protection for you and your clients.  It may identify areas that you didn’t even realise were related to cyber security.  In this sense it is a valuable exercise to go through to help identify and then resolve weaknesses in your security.  This is then used every year when you reassess to know that you are still working to the same standard.

Through becoming accredited you have a standardised level that any client can recognise and immediately understand how secure your setup is.  It can greatly help when tendering for bids with potential clients as you can answer any cyber security questions with your accreditation rather than trying to explain and demonstrate the policies and technology you have in place.

Another benefit of the Cyber Essentials accreditation is that it comes with Cyber Insurance which is an added benefit, aside from all that we’ve discussed above.  We believe at MJD that this is an investment in your business that will not only benefit you now but in the future as well.  The peace of mind that going through this process will also generate is a benefit that has no monetary value but will put to rest some of the worry that comes with the threats out in the cyber world.

If you have any questions about this process or are interested in getting started on your Cyber Essentials journey please don’t hesitate to get in touch with the Team here at MJD.

Ransomware is used by cyber criminals to hack a device and encrypt the files.  They then ask you for a payment to decrypt the files if you are lucky and they do give you the key.  Unlike other computer viruses where they can usually be removed after infecting your device, the only way to resolve a ransomware is to have the key to decrypt the encryption, which usually only comes from paying the ransom.  Ransomware is a costly cyber crime, with WannaCry estimated to have caused losses of $4 billion and NotPetya upwards of $1.2 billion.  It is not something to be taken lightly and the best form of protection is prevention and preparation for what to do in the event of a ransomware attack.  Anti-virus and anti-malware software is no longer enough to protect against these attacks, you need robust layered security measures, procedures and protocols, training on how to deal with suspicious emails and never postpone or cancel updates on your devices.

Several key points to ensure that you protect yourself from ransomware are:

  • Always use robust antivirus/antimalware software
  • Always purchase legitimate software where updates are regularly available to keep it secure
  • Use layered security such as firewalls & device/network monitoring systems
  • Backup your data regularly and ensure the backup you use detects ransomware attacks & protects your data accordingly
  • Keep your device security and software up to date
  • Use a password manager, they are very well priced and can make life so much easier for you.

The best way to protect yourself from a ransomware attack is to avoid and prevent, due to it being highly unlikely you will decrypt the files without the key from the hackers.  This explains why we always recommend installing anti-virus and anti-malware software and why we encourage you not to postpone or cancel updates on your devices.  This also highlights the importance of a good back up system, so that if you do get attacked by ransomware, you can restore from the last clean back up and at most lose a couple of hours to a day’s work.

We have a couple of previous articles on these points which go into more detail on Windows updates here and on back up systems here  and here.

When trying to reduce your chances of downloading ransomware onto your devices practising good online habits such as using complex passphrases and changing them frequently, avoid suspicious websites or downloading files from unverified sources will also help prevent a ransomware attack.  If you have any concerns about your device or network security in relation to ransomware please don’t hesitate to get in touch with the team here at MJD.  Lets make IT work for YOU.

As restrictions are easing and we are moving into a new phase of living with the COVID-19 pandemic, we are seeing a trend develop for a hybrid working pattern and home working is here to stay.  That’s why this week we wanted to highlight the essential pieces of equipment that we would recommend to make your work from home setup more efficient and make your IT work for YOU.

  1. Docking Station

The most useful piece of kit you could have in your work from home and your office setup is a universal docking station.  We recommend and use the Terra 731 Docking Station, which means that all you have to do is connect a USB cable to your laptop and you can be connected to your monitors, speakers, internet, keyboard and mouse as quickly as you can connect the cable!  This can make the transition between office to your home desk feel effortless and you won’t even think about it.  This means you and your employees can concentrate on getting down to work and not having to setup your desk and work station each time you move between the two setups.

  1. Height adjustable monitors/Monitor Stands

                           

It is important to make sure that you now consider your work from home setup as a permenant fixture and therefore, are your monitors at the correct height for ensuring you have good posture?  If you have two monitors are they both at the same height?  If not, it would be worth considering new height adjustable, or if these monitors are still in good working order a monitor stand which would allow you to properly adjust the height of the monitor screen.  Terra have a range of monitors so please get in touch with your specific requirements for a bespoke recommendation.

  1. Microsoft 365

By using Microsoft 365 for your whole business setup or as a hybrid solution, this can help you to move seamlessly from office to home by having access to your files in the 365 cloud.  This also gives you access to use Teams to help manage your business remotely and to collaborate and stay in touch even while you are all in different locations.  If you have any questions or want to maximise the use of your 365 licenses, just get in touch with the MJD team and we’d be more than happy to help.

  1. Laptop

     

A laptop goes without saying, due to its portability will allow you to take it between the office and your home office with ease and combined with a docking station at both desks will allow you to always have everything you need at all times.

  1. Headset

If you are not the only one in your house then to ensure privacy and that your clients and colleagues can hear you clearly in video calls a headset is a must and not an expensive part of your kit.

  1. Security Software

This is a rather vague heading, but by this we want to encompass not just anti-virus & anti-malware but also security monitoring services which constantly monitor for suspicious activity on your devices which could be a result of malware or a ransomware attack plus remote management software for mobile devices to allow you to wipe them and protect your data if they are lost.  This is the most important part of your hybrid setup and why we left it to last to ensure it’s the one that sticks with you.  Portable devices are more likely to get lost, be left behind and be outwith your nice secure office network and therefore need protection from the environments they find themselves in.  Get in touch with our Cyber Security Specialist here at MJD to discuss your security software requirements and how to best manage your portable devices.

 

Gone are the days of being able to easily identify a phishing or scam email, as these are usually caught by our spam filters or move straight into our junk folders.  More and more we need to be vigilant against every email we receive into our inbox as we see increasing threats from hackers.  Today’s blog we want to encourage you to form the habit of answering the following 3 questions for every email you receive.

  1. Was I expecting an email from this individual?

Is this an email on a subject that you have been dealing with this individual previously or an ongoing piece of work you are collaborating on?  If the answer is yes, you are not completely safe yet.  Hackers can be very patient people and will sit and monitor an inbox and will try and learn the type of emails this person may send or that you may receive.  They can even spoof or gain access to this individuals mailbox to make the email look even more genuine.  If the answer is no, pick up the phone and give the individual a call.  It will take you only a few minutes to double check with the individual, but think of the hours of downtime you might save if you have avoided allowing a cyber attack to infiltrate your organisation.

  1. Do I usually receive emails with attachments from this individual?

Is this something which you usually receive attached to an email?  If the answer is yes, has it come at the usual time and day?  Is the file format what you are expecting?  If not, the same solution applies to give the individual a call to check if they meant to send this to you.

  1. Do I usually receive attachments like this?

What we mean by this is, if it’s an invoice do you usually work with invoices and receive them?  Or a quotation or purchase order?  Is it a document you usually receive and work with, if not then question why it’s been sent to you and give the individual in question a call.

As you can see, the same check is relevant to all three questions, just to pick up the phone and give the individual a call to double check this was meant to be sent to you.  At the end of the day, the worst that can happen is you have a chat with them and maybe even discuss what they’ve sent you or what you’re working on, and in the best case scenario, one phone call saves the whole organisation from the threat of a cyber attack.

If you have any questions about phishing or spam emails, please don’t hesitate to get in touch with the team here at MJD.  No question is a stupid question when it comes to protecting your company from a cyber attack.

We all want to ensure our customers are happy with the service we provide, and if our customers are going to be waiting or carrying out daily tasks in our premises, we may want to provide them with an internet connection.  Especially in our area of Scotland, where sometimes the 4G signal may not be up to scratch.  However, are you allowing a security risk to your entire network by handing out your wireless password.

If you haven’t secured your wireless network then plain and simple, this is a massive security risk and you should stop immediately.  The best way to offer your customers a wireless option, is through separate private and public wireless networks.  This allows you to segregate and control the access the public has to your business network to avoid a damaging data breach.  This does not mean you need to have two separate broadband lines and separate access points for private and public.  There are access points on the market that allow segregation within the same access point network.  The team at MJD have fitted and maintain these systems across our clients networks and can do so remotely to reduce site visits and costs for our clients.

While security is the main concern you should have with offering customers wifi, it is also important to consider that this reflects on your business image.  If your wifi is slow and unreliable, then it may be best not to offer wifi until you are able to resolve the issue.  If this is something you and your customers are experiencing, there could be several reasons why.  The speed of your broadband connection, the hardware providing the wireless connection and the activities the wifi users are performing could all be having an affect.  If your wireless network is not setup to limit streaming/downloading one customer could spoil the wireless connection for all users.

If any of these issues seem familiar please don’t hesitate to get in touch with the team here at MJD and let’s make IT work for YOU.

Following on from a blog post last month on what is the cloud, we are taking a look at Microsoft’s 365 cloud services and provide you with some useful information to help you make the decision on whether 365 is right for your business.  Microsoft 365 can help you to become more productive in the new work from home environment we find ourselves in and take us through to the future hybrid working offices with more people continuing to work from home for a percentage of their working week.

Microsoft 365 is a cloud based productivity solution software which is subscription based.  This means you pay a monthly fee per user and you get the latest version of the Microsoft Office software. There are different levels of license which you can choose to purchase depending on what you require.  Microsoft 365 allows you remain connected and stay productive while working remotely, by allowing collaboration on work projects with colleagues and allowing you to store your company data which all employees can access without the need for a server or remote access to PCs in your office.  The subscription service also keeps your business agile and if you need to increase in size, you are not limited by your current IT hardware and infrastructure and require large capital costs for new servers and software, simply add a Microsoft 365 license and install it on the new device for the new employee!

There are 4 main packages to consider: Business Basic, Standard, Premium and Apps for Business.

  1. Business Basic – this gives you business email, access to Microsoft Teams, web based Office apps and cloud storage. This is perfect if you just need the ability to communicate with colleagues and clients.
  2. Business Standard – this also includes access to the desktop versions of the Office apps on top of the Basic offering but does not include the device management and advanced security options.
  3. Business Premium – this includes all of Basic and Standard, but with the added Advanced Security and Device Management and this makes it perfect for SME use and the product we recommend if you require more than the basic email address.
  4. Apps for Business – if you simply require the desktop versions of the Office suite, apps for business is designed for just that. Always have access to the latest version of the Office suite.

Another question we are often asked is how reliable is Microsoft 365.  To help our clients understand we explain that if your on premise server were to go down, you’d be without your data until we could resolve the issue or recover your data from your backup to get you running again.  However, with Microsoft 365 as they have a large cloud network of servers around the world, if there is an outage on one server it will move to another server in that data centre.   Then if the data centre fails, it would fail over to a secondary location.  So it would be rare that you would not be able to access your data due to an outage on the cloud server side.

Sometimes, it can be difficult to adjust your thoughts onto paying a monthly cost per user when previously you would have a capital outlay in one payment.  What is important to remember and to consider is that you are shifting from working with what will become outdated technology at the end of its life before you invest in new equipment to always having access to the latest software and technology.  So, rather than the unknown of what a future upgrade project might cost, you can now budget and plan for the known cost of your 365 subscription each month for the latest software and cloud technology that works to make your business more efficient.

The migration to Microsoft 365 from your server based operations can be a daunting thought.  However, the switch is a sensible choice if you are looking to increase your flexibility and allows you to move away from the need to make capital investments in servers to store your own data or run Exchange.  Microsoft 365 offers you flexibility to change your IT requirements to fit with your growing business month by month if required.  Your Managed Service Provider (MSP) will be able to talk your through and plan your migration to 365 to ensure that you experience minimal downtime and migration work is scheduled for out of hours.  Downtime cannot totally be avoided, however with the right planning and teamwork with your MSP minimal disruption can be achieved usually less than an hour downtime in total.  This is what we strive for at MJD in our 365 migrations, each stage is planned with you to best suit your current business activities to ensure the impact on your business operations is minimal.

This blog post will help you to begin to consider and decide if 365 is right for your business, but the Team here at MJD are always happy to discuss your options and make sure you are choosing the right solution to make IT work for YOU!

With World Backup Day approaching on the 31st of March we wanted to highlight the importance of a backup and encourage everyone to run a backup on the 31st of March, especially if you have never done a backup before!

We have previously covered the topic of why a backup is important and tips on how to chose a suitable backup service for your circumstances which you can read here:

Why is a backup important?

Today lets highlight the top 3 reasons why you need to implement a backup system.  Software as a Service (SaaS) apps do not back up your data, examples of these are Microsoft 365 and Google Mail.  Now these services will assure you that THEY won’t lose your data, but what if YOU lost the data?  In a recent report by Aberdeen Group (Read the report here) the top cause of data loss is human error.  Consider your most important document to your business, how well could you cope if you lost it forever or at best had to wait 6 hours or more to retrieve it, could you survive?

Cyber attacks are not slowing down. In the first half of 2020, ransomware attacks increased by 715% exploiting the COVID-19 pandemic.

Also, there are at least 3.4 billion fake emails being sent every day around the world (Read the report here) all attempting to gather more information to determine email accounts to target their attacks on.  Coupled with the fact Microsoft reported 480,000 accounts were compromised by “spraying” attacks.  This is where the attackers run a common password such as “Winter2020!” against numerous accounts until they have success.  If that number sounds big, compare it to the fact Microsoft stop 300 million fraudulent sign in attempts per day!  Same as thinking about that business critical document, what would happen is you couldn’t access your email account for a day or more?  We have a great blog article with advice on setting strong passwords here to help protect yourself from spraying attacks.

The evidence in the Small Business Reputation and the Cyber Risk report (Read the report here) shows that cyber security attacks are damaging SMEs, its not just the large multi national corporations that are targeted.  89% of SMEs reported that cyber breach ramifications are “huge and long-lasting”.  30% of SMEs surveyed reported lost of clients and 29% a reduction in their ability to win new business.  So combined with losing current clients, you could also struggle to replace that business if you don’t protect your data.  These costs far outweigh any capital and monthly costs of implementing a backup solution.

On a positive note, 4 in 5 small businesses with a comprehensive Business Continuity and Disaster Recovery (BCDR) recover from ransomware attacks within 24 hours.  The average cost of downtime as a result of an attack for 2020 was $274,200 which has almost doubled since 2019.

If you have a comprehensive backup solution in place, such as a Datto system which is MJD’s chosen backup partner of choice, you can reduce that downtime cost considerably and not have to even consider paying the ransom to then also pay a MSP to decrypt the data as well.  Not to mention the unproductive time of employees unable to perform your core business activities without access to your data.

If you are interested in implementing a Datto Backup System, or would like some advice on a backup solution please don’t hesitate to get in touch with the team here at MJD.

Today’s blog topic may be something you have never even considered or realised exists.  So lets explore why it’s required and the benefits for your business.  It is important to remember that we now use our mobiles like laptops and computers to access and browse the internet and this means they are vulnerable and exposed to the same threats as our laptops and computers.  Like with your PC or laptop you should always keep your mobile software up to date and try not to delay installing a new update.

There are two main type of mobile OS: Android and Apple iOS.  The Apple iOS is more locked down in comparison to Android and all apps are subject to security checks prior to being released through the app store.  Now this does not mean that Android is without its own security features from Google, however, with Android devices it is recommended that an additional anti-virus software package is installed on your Android mobile device.

The mobile anti-virus software will scan your device regularly and alert you to any potential security threats and help remove these threats.  One of the key features which are important to make sure your mobile anti-virus software has is remote wipe.  This means that if a mobile device has been lost or stolen you can wipe all data on the phone and the memory card.  This way, even if the device is lost/stolen the data on the device can’t also be used to the criminals advantage.  This means you are protecting your data and the data of your clients and complying with GDPR.

Mobile anti-virus software allows you to continue your business security protection beyond the walls of your office and when unfortunately the device has left the hands of your employees.  But this is not a free ticket to let your  guard down, it is important that you are still vigilant for phishing emails, unknown senders and attachments and dodgey websites with the anti-virus software being the icing on the cake of your security mindset.

If you are interested in implementing a mobile anti-virus package across your devices please just get in touch with the team here at MJD.