IT security solutions

Security Best Practice

Most IT security professionals would agree that it is no longer a matter of if you get breached, it is a matter of when. And with the media awash with news informing us of businesses or government organisations suffering data breaches and high-profile attacks, security teams are being held accountable for addressing risks – externally as well as internally.

It is now more important than ever that IT departments take a structured approach to their organisations cyber security. While there are some basic network security measures that every IT department is aware of, such as the use of firewalls and antivirus software, there are also other best practices, policies and procedures that some organisations do not yet follow.

The following IT security best practices should all be taken into consideration:

Update of Software and Systems

Cyber criminals are constantly inventing different techniques and finding new vulnerabilities.  The majority of malware does not target new and unknown security vulnerabilities, it seeks out well-known and established exploits that have been fixed in the latest versions of firmware in the hope that organisations do not update.

To keep your network protected and optimised ensure that software and hardware security is up-to-date with the latest patches and firmware.

Backup of Data

Data backups are a basic security measure that has gained increased relevance over the past few years.  With the rise in Ransomware attacks, designed to encrypt all of an organisations data until the decryption key is paid for, a complete and current backup of all data is crucial.

Backed up data must be properly protected and encrypted with backups made frequently so if a backup does need to be utilised, the information is as up-to-date as possible.

Prevent Data Loss. Protect Your Data

A lot of organisations do rely on the trust and honesty of their employees. However, this does not stop data from leaving the organisation in one shape or form.  In truth users with or without knowing it allow data to be breached, leaked or stolen with more and more IT security teams admitting that the top security concern in recent years has been data leaving an endpoint.

It is now more important than ever to control user access, monitor activity and know what is happening with company data.

Monitoring User and Third Party Activity

Users with privileged accounts have an increased level of trust, but at the same time can pose one of the biggest threats to data security.  These users have the tools to pilfer sensitive data from organisations and go unnoticed. When undetected, insider threats can be costly to organisations.

The monitoring of user activity allows IT security teams to detect unauthorised behaviour and verify user actions so they do not violate security policies.

Educate and Train Users

When we talk about cyber security, users are generally considered the weakest link. However, raising user’s awareness around the cyber threats the business faces and educating users on cyber security best practice enables organisations to limit the risk of data breach and loss.

End user training can include topics such as:

  • The ability to identify malicious emails (Spam, Phishing).
  • The importance of creating strong passwords.
  • The risks surrounding the removal of valuable data from the company via various media.

Use Two Factor Authentication

Organisations are being encouraged to apply this security standard to their user accounts as added protection.  It employs an additional device such as a security token or mobile device (for soft tokens) to confirm the identity of the user.

Two factor authentication adds a second layer of security to your network and provides a very reliable procedure for user login activities.

Changing Default Passwords

Many systems now come with a set of default credentials hard coded into the device’s software. These are usually freely available to obtain on the internet and are relatively well known by cyber criminals.

Most malware targeting networks are looking for system that have not had the default credentials changed in order to hijack them.  The only way to ensure that your devices cannot be so easily hijacked and infected is to change all default passwords as soon as possible and ensure that the replacement passwords are complex and unique and are changed on a regular password management cycle.

Handling Passwords Securely

With two factor authentication providing user accounts with extra security, organisations cannot afford for users to view this as an excuse to overlook password handling security policies.

Employees need to be educated to ensure their passwords are long, complex and fully unique.  They must also not share credentials with one another. While they may find this convenient, it is placing the organisation in an unsafe position and at a heightened risk of data breach or leak.

While this seems a lot to implement, once the majority of practices are in place they require very little intervention.  They should be monitored in the background and will only require attention if a security issue arises.

Don’t wait for the worst to happen.  Adopt these security best practices and be prepared for the worst.

/6 Comments/by
Flexible working via cloud at IT consultancy

How flexible working via cloud can prevent businesses from “freezing”

Aside from the obvious benefits of cloud computing; cost savings; improved uptime; and the advantage of operating on the latest infrastructure platforms, as winter rears its ugly head one key benefit shifts to the forefront of the list – flexible working.

A cloud system is always available.

Snowy days and icy conditions can cause havoc on our roads and understandably many employees are unable to make it into their place of work.  An issue which can severely affect business activity.

If employees are unable to get in to the office their job function cannot be fulfilled, which for you could cause serious business disruption.

In this situation the ability to access business information from anywhere, at any time is essential. Cloud computing makes it possible for employees to work outside of the office and helps maintain “business as usual”.

By putting a Bring Your Own Device (BYOD) policy in place, even employees who are usually office based can be set up to work remotely. Many households will own a device of some description and so employees can work from their own device such as home desktop PC’s, laptops and tablets.  They simply require setting up in advance.

Cloud computing limits the impact of shutting down on a snowy day.  However it is not just the cruel winter that makes it worthwhile.

As and when required the system can scale proportionately with your business, so for example if you are a seasonal business and perhaps take on extra staff during the summer months you can simply add users and remove them when they are no longer required.  You purely pay for the users you require and once they are no longer required, you no longer need pay for them.

Despite its increasing popularity, cloud can still be a scary unknown for those with a limited understanding of the service.

In brief, the benefits of cloud include:

  • Offers value for money
  • Ready for any business
  • Makes your business truly mobile
  • Efficient and reliable
  • Scales to grow with your needs
  • Works with your existing IT
  • Highly secure

When working from the office is not an option, be it due to weather conditions, road closures, power outage or natural disaster, the cloud is invaluable to ensure business operates as closely to normal as possible.

The disruption a large number of businesses experienced during the UK’s most recent adverse weather conditions is merely a reminder of how viable cloud computing is for so many businesses.

Contact eSpida today for more information on cloud services.

/0 Comments/by
IT consultancy business meeting

Rightsourcing: what is it and why do you need it?

Ok, so I made that up.  It doesn’t feature in the dictionary just yet, but my prediction is it’s only a matter of time.

What is rightsourcing?

In brief, rightsourcing is the process of deciding what it is you want and what your business actually needs.

The analysis and decision process could focus on cost, practicality, competences or timeliness, enabling a business to select the most appropriate sourcing arrangement to fulfil a project.

Questions to ask during the decision-making process

Firstly, analyse your internal team:

  • How efficient is the team in each job function?
    • What skills gaps are there across the in-house team?
  • Is there anything the in-house team could be doing that is currently outsourced?
    • Applying the skills matrix to the existing projects to ensure compatibility.
  • Likewise, is there anything the in-house team is currently doing that could be more efficiently fulfilled if outsourced?
    • Recognising any skills gaps for existing and new projects.

Secondly, analyse your contractors:

  • Do you have a good relationship with your contractors; do you have a good level of trust; do you have confidence in their abilities?
    • Experience across multiple vendors is a good start.
  • Do your contractors show a true interest in the success of your business?
    • Understanding the entire over-arching view of the business then where IT is delivered to add true value to the business.
  • Can you rely on them to recommend the most appropriate products and services?
    • Remaining fully aware of new relevant technologies and applying the best value and best advice at all times.

Through this type of analysis every project can be explicitly planned and undertaken, either internally (insourced), via contractors (outsourced) or through a combination of both.

The benefit of consultants

With their heightened expertise, consultants often recognise issues from a different perspective.  This fresh thinking, coupled with the knowledge and understanding of the latest technologies, can offer organisations cutting edge technologies delivering effective solutions to problems that may never have been noticed and considered – and commonly at a much lower cost.

A good outsourced supplier will act as an extension of your workforce: understanding your business requirements and objectives whilst working alongside you and your internal team to deliver the best level of service possible adding value at every stage of the process.

Final thoughts

In summary, rightsourcing selects the right people for the right job, to deliver the best service at the best price.

By tailoring personnel, be it internal or external, to the right processes, businesses’ can accomplish tasks efficiently and effectively and enhance the overall business.

When you plan your next project, consider the options. Rightsource. It’s that simple.

To find out how eSpida can assist you with your next project contact us on 0344 880 6145 or email info@eSpida.co.uk

/1 Comment/by
Joel Campbell IT Consultant at the Waterdale Group

eSpida supports technical apprenticeship scheme

The recruitment of talented and ambitious individuals is paramount to The Waterdale Group.  As such the group continues to support the Technical Apprenticeship Scheme to map out the company’s future.

Apprentices are aged 16 or over and combine work with studying to a structured programme in order to gain skills and knowledge in a specific job.  By working with experienced staff, an apprentice learns job-specific skills which assist with the academic side of the course and ultimately the progression towards a qualified role.

Our latest apprentice, Charlie Quirk, has been recruited to work across all companies of The Waterdale Group and will be spending part of his week working alongside the eSpida team.  Speaking about joining the business, Charlie says, “I am very happy to have been selected as The Waterdale Group’s latest apprentice. The apprenticeship will help me to develop my technical skills whilst gaining a recognised qualification.  Everyone at Waterdale has been really welcoming and I feel confident that I am working alongside the right people to help me focus on my career goals.”

The Waterdale Group has a positive history of working with young apprentices. Joel Campbell originally joined the group as an apprentice in 2012 and following the successful completion of his accreditation (Level 4 City and Guilds and CompTia A+ and Network+ Industry certification) Joel was offered a permanent role within the infrastructure team.  He comments, “The apprenticeship scheme provided me with a good foundation for working life.  Working whilst studying enabled me to learn from colleagues and expand the knowledge I was gaining at college. Now, 5 years on, I have a great job with a fantastic company and feel proud that the group chose to invest in me and my skills.”

The Waterdale Group’s chosen apprenticeship training agency is TDM Wyre Academy who specialise in technical and digital industries. For more information regarding apprenticeships with The Waterdale Group please contact Danielle Piotet on 0344 880 6145.

/0 Comments/by
Infrastructure at night

Moving from a reactive to a proactive approach to IT

A unified approach to IT can prove challenging, be it due to budgets, scheduling, customer expectations, or aligning departmental goals with the company’s corporate goals.  Many businesses deal with issues as they arise. Factors such as ageing equipment, a natural disaster or a security breach inevitably demand time and attention to solve and can cause costs to spiral.

The article ‘Moving from a reactive to a proactive approach to IT’, by Nigel Crockford, Business Development Manager at eSpida explains why running-to-failure is not helping your business grow

Moving from a reactive to a proactive approach to IT’ is available to read at www.computing.co.uk

/0 Comments/by

What’s the next big thing in Cyber Security?

Cyber security on laptop

Twenty years ago, security in IT broadly only consisted of firewalls, antivirus, passwords and development patches. Hackers and data thieves soon found ways of attacking these simple devices to gain access to sensitive organisational data.

As a result, security providers and vendors have invested in the development and production of more advanced technologies in order to defend business networks. Many different security products are now available in the defence against cyber criminals such as anti-virus, spyware detection and threat detection software to name just a few.

So, what’s next?
This is the question constantly being asked, along with what will be the next big thing in cyber security? and what will people be talking about in the next year or so?

The answer broadly lies with the cyber attackers. For each method of attacking organisational networks they develop, the vendors will be developing their products and security solutions accordingly, in order to prevent the attacks.

Change is coming
Rather than taking a traditional reactive response to cyber threats, vendors are becoming proactive by developing software to deal with known activity. Having investigated the way in which attackers operate, vendors are introducing this methodology to remove the initiative from the attacker. Realising attackers collaborate between themselves, vendors have now moved into sharing information, such as knowledge and tools, between themselves which in turn decreases the response time to threats.

With this sharing of information, vendors can now look to the future one step ahead of the cyber criminals and by using a more proactive, defensive approach will be better prepared to foresee potential attacks. By adhering to the GCHQ code of conduct guidelines along ISO 27001/2 and by following known practices and a number of elementary processes, businesses can eliminate some of the lower risks.

With cyber criminals constantly developing new threats, it is imperative that organisations keep their cyber security active and up to date.

My recommendation
Businesses should start with basic security best practice, looking at access control as well as applications within the organisation, ensuring these are forced to update and patched as deemed appropriate for your business.

I would welcome your questions on best practice procedures. Please feel free to contact me at jon.dixon@espida.co.uk

/2 Comments/by

Data security: Two factor authentication

Locked gate for data security

In today’s technological world, media reports of website hacks are becoming more and more prevalent. Furthermore, with human error reportedly accounting for almost two-thirds (62%) of data breach incidents, personal details are frequently being compromised.

Nowadays passwords alone, even those considered complex, are no longer satisfactory to keep the hackers at bay. A scary thought for businesses holding hundreds, thousands or, in the case of some large corporations, millions of customer records. However, there are options available to increase IT security and protect data.

Two factor authentication
To confirm a user’s stated identity, Two Factor Authentication (2FA) uses a combination of two different elements from three categories; knowledge, possession and inherence.

Knowledge
– Passwords
– PIN’s
– Secret questions/memorable information

Possession
– Card readers
– Wireless tags
– USB tokens

Inherence
– Fingerprint readers
– Retina scanners
– Voice recognition

Two factor authentication may be carried out with a hardware token or a soft token such as an authentication app on a smart phone.

Hardware tokens such as the Yubikey from Yubico are becoming more common in the workplace. They add an extra layer of security to networks and user accounts to ensure it is only the authorised user that can access the data with their personal credentials.

Yubikey and Authlite
The Yubikey is a touch sensitive authentication device (hardware token) used for second authentication and is best used with a pin or password. The Yubikey will generate a one-time passcode and provide that second authentication and when used in conjunction with Authlite, a simple yet strong two-factor authentication module (soft token), will provide two factor authentication to the network.

Setting up the system is straightforward and quick to configure from start to finish.

For organisations of all sizes there are many benefits of using the Yubikey for two-factor authentication:
– Prevents unauthorised access by requiring the physical presence of the token to log onto a device
– Easy to use
– Affordable – Total cost of ownership is significantly reduced
– Durable – no moving parts, crushproof and waterproof
– Can be used as part of a business’s ongoing GDPR policies and procedures

Summary
The old adage ‘prevention is better than cure’ has never been more relevant in the world of cyber security, as any organisation that has fallen victim to a data breech will testify.

Making it near impossible for hackers to access your accounts, two factor authentication is one of the cheapest, most simple things to put in place to secure any account. The question isn’t why should you use two factor authentication, it is why wouldn’t you use two factor authentication?

For more information about two factor authentication and how we can help you, get in touch on 0344 880 6145 or email info@espida.co.uk

 

/3 Comments/by
GDPR compliance for employees and candidates

Is your HR team the key to GDPR compliance?

Is your HR team the key to GDPR compliance?

GDPR is fast approaching and HR professionals are looking to be considerably affected, particularly surrounding recruitment data.

In an article published today, featured on the GDPR:Report website, Nigel Crockford, Business Development Manager at eSpida explains how HR departments can lead by example in GDPR compliance and ensure the organisation is ready for the change in legislation?

The article is available to read here

/0 Comments/by

Hillgate Travel opts to work with eSpida

Infrastructure business man on aeroplane

London-based Hillgate Travel, has opted to work with Technical Consultancy, eSpida, to design, architect and deliver a highly available, scalable and secure technical platform, to support the organisation’s double digit growth.

Hillgate Travel is the largest privately owned travel management company offering a global, full service portfolio from passport and visa management, through to group and individual VIP management. With over 175 employees and processing over 400,000 transactions a year, the company has seen rapid growth in demand for its services.

With a traditional data centre model in place, Hillgate Travel was supporting an ever-growing, onerous hardware footprint which was increasingly at odds with its three guiding principles: security, availability and scalability. Antoine Boatwright, Chief Technical Officer for Hillgate Travel comments, “We knew that our model had to change to deliver against the demands of the business as it was becoming harder to manage the current environment. I wanted to create a consolidated solution that would cope with the reality of today and the anticipated growth of the next five years.”

After ruling out public cloud options, the company was approached by Birmingham-based IT consultancy, eSpida, which, after two days of on-site discovery, formulated a proposal for change. The eSpida team quickly grasped the scope of the project within the context of Hillgate’s overall business strategy; it delivered a vision of a new architecture and challenged some of the more traditional, Microsoft-centric policies employed in the company.

eSpida proposed taking Hillgate from a physical to a virtual environment to minimise footprint. Introducing Linux into the hardware portfolio has not only improved performance and availability but drastically reduced the cost basis for the entire solution. “eSpida understood the commercial parameters of our project and made its recommendations based on what we needed and not what it wanted to sell us. That was refreshing. The lead consultant, Paul Hanson, also worked within context; he understood the relevance of our design beyond the scope of the project, to ensure that we were future-proofing our investment.”

Hillgate is half way through the implementation of this project with eSpida, but is already seeing the benefits of the change in cost and end user experience. However, most notable is the change in attitude within the Hillgate technical team which is thinking more creatively about other technical projects. “eSpida is a trusted, strategic business partner to Hillgate; the team is innovative and strategic but incredibly easy to work with. Our engagement has been honest, thorough and has really opened our eyes to new ideas.”

/0 Comments/by