Have you ever sent an email to the ‘wrong person’?

How often have you accidentally sent an email to the wrong person?  It’s so easy to do. You’re busy, and it’s urgent. It must go out immediately! You press the send button and instantly realise it’s gone to the wrong recipient, or multiple recipients.   999 times out of a 1,000 this isn’t going to be an issue.  You recall it, apologise to the recipient(s) and they delete it ~ no harm done!

What happens when that email contains sensitive data? Data that you are liable to protect under GDPR rules?   This can be classed as a data breach, and may be a reportable issue under GDPR legislation. It could mean that your organisation is fined, leading to all kinds of issues.

CASE ~ Gloucestershire Police were fined £80,000 by the Information Commissioner’s Office (ICO), relating to an email breach on sensitive data! An officer sent an update on a case to 56 recipients by email.  He used the TO field, rather than the BCC (blind copy) field.

ICO Head of Enforcement Steve Eckersley said:

“This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity.

“The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.”

It’s easily done and mistakes happen, unfortunately this isn’t an excuse under GDPR rules!

TAKE STEPS TO PROTECT YOURSELF

  • USE ~ Email encryption or password protection for files where personal or sensitive data is being sent. Alternatively, look at sharing it by secure file sharing rather than email.
  • TRAINING ~ Staff awareness training is imperative.  Staff not only need to be aware of possible hacking/phishing, but also how important it is to be vigilant and precise at all times when handling personal data.

CT Business Solutions are IASME certified, and we can help with all areas of security including secure file sharing, email encryption and staff awareness training.

Don’t wait until this becomes a problem. Get in touch TODAY and allow us to put processes in place to ensure that you are doing everything possible to protect your business and the data you hold.

ERIC ARNOTT ~ Director

T. 0161 798 4336

GDPR Myth: You must get fresh consent from your clients to comply!

 

As an IASME Certified body we are ‘all things GDPR’. Having said this I know that it has become increasingly infuriating for a lot of small companies who get bombarded with information, which isn’t necessarily correct!  So, I thought I’d do a bit of myth busting for you.

GDPR Myth: You must get fresh consent from your clients to comply!

 

You do not need to automatically refresh all existing consents for the new law. GDPR sets the bar high for consent, so it’s important to check your processes and records to be sure existing consents meet the GDPR standard. If they do there is no need to obtain fresh consent.

What meets GDPR Standards?

Where you have an existing relationship with a customer who have purchased services or products, fresh consent may not be needed.

Remember, it may not be appropriate to seek fresh consent if you are unsure how the information was collected in the first place. This indicates that the consent wouldn’t have met the GDPR standard under our existing Data Protection Act. In all honesty you probably don’t have the right to keep, or use the data!

Some of the Myths we’ve heard are, ‘GDPR says I’ll need to get fresh consent for everything I do’ – categorically this is incorrect.

Think about whether you need fresh consent before requesting it. Don’t forgot to put in place terms and conditions for people who may wish to withdraw their consent. Ensure your unsubscribe option is fully operational.

Please be mindful that if information isn’t clear and easy to understand, organisations risk non-compliance as it isn’t clear what they are consenting too.

Being open and transparent is a key element of the GDPR – informing people how their data will be used. Before sending emails, you should consider the best point of contact for the customer. When emails are the best point of contact, consider embedding useful information and links on your company’s emails so customers are aware of how you use their data.

Some have said that they will lose customers by collecting fresh data and following GDPR guidelines, on the other hand customer engagement and trust are key. Is having a database of 8,000 unengaged clients better than a database with 500 who reply on a regular basis to your offers and promotions?  Quality is key.

Scaremongering about consent persists, but headlines still often lack context about the different lawful bases organisations could consider for processing personal information under the GDPR.

For processing to be lawful under the GDPR, you need to find a lawful basis before you get going. There are six lawful bases available, which you would choose depending on your purpose and relationship with the individual.

If your still on your journey to compliance you should continue with your efforts to comply. The 25th May deadline has been and gone but that doesn’t mean you can ignore it. Remember this date was the start rather than the end of GDPR Compliance. Organisations need to sustain this is the best way to take people with you on your business journey.

 

ERIC ARNOTT ~ Director
CT Business Solutions (N Mcr)

GDPR – Announcement from CT

 

GDPR Ready

CT Business Solutions (N Mcr) are pleased to announce they are now fully certified to both IASME Governance Standard and Cyber Essentials; both recognised standards regarding data handling and security for business.

Managing Director, Eric Arnott, states “as a provider of IT support it was imperative that we ensure that we are compliant with all the requirements necessary to ensure that we are ready for GDPR coming into force on 25th May 2018”.

Eric is also an IASME certified assessor, which means that CT Business Solutions are now able to advise and consult on all aspects of data governance, up to the IASME Governance standard and Cyber Essentials.

 

 

 

If your business isn’t prepared for GDPR then get in contact –

0161 798 4336

eric@ctsmanchester.co.uk

——————————————————————————————————————————————————————————–

Ransomware ~ Protect your business

WannaCry – Petya #Ransomware ~ Protect your business

Action not reaction : Prevention is always better than the cure!

Two very recent ransomware outbreaks “WannaCry and Petya” literally put every IT and security team around the globe into reaction mode! These new outbreaks aren’t going away and will continue to seek out vulnerabilities in business IT security. It’s time to take action – NOW.

Petya ransomware spread its way across 65 countries in a matter of hours! WannaCry and Petya are a new breed of ransomware, allowing explosive propagation throughout organisations worldwide.  It’s imperative that businesses understand the repercussions of these attacks, and more importantly how to protect themselves.

Petya is a prolific outbreak of ransomware that attacked computer servers all across Europe, particularly in Ukraine and Russia. The ransomware spread using vulnerabilities found in Microsoft Windows; vulnerabilities that Microsoft patched in March 2017 for the Eternal Blue exploit.

It begs the question if the Microsoft giants released a patch why were so many businesses hit? Basically they ignored the windows updates / patches!  Have you ever said “I’ll sort that later”.  Later can be too late.

What is Ransomware?

Ransomware is viruses that locate and attack vulnerable unprotected servers. They hijack computer data, infecting and encrypting all the user’s files and displaying messages demanding a Bitcoin ransom – literally demanding a payment to get your company information returned.

Any IT savvy and business will have backups, but not necessarily recent ones (backups should run every evening!). Any business without a solid backup are faced with the decision to pay up or lose their data.

How to Protect Against Ransomware

Luckily, there are various safeguards you can take to protect yourself and your clients from Ransomware. If it all seems too time consuming, or daunting – get in touch with the team at CT Business Solutions (0161 798 4336) or email info@ctsmanchester.co.uk.  It doesn’t have to be painful, or expensive to put procedures in place to put in place great protection and procedures. The expensive bit is NOT putting protection and procedures in place.  Here are a couple of easy ways to start getting your IT security in order.

Patch, Patch, Patch

It really can be that simple. The best way to protect is to stay up to date with Windows patches.  Also by educating users about what to look out for.

Antivirus –– Antimalware

Ensure that your entire network and PC’s are covered by reputed antivirus and antimalware products.  Free options out there aren’t necessarily doing the job YOU need them to do.  The paid versions are continuously researching, updating and adding patches to security as attacks occur. If you’re unsure about the best products to use give us a call.   In recent attacks the products used on CT clients’ IT infrastructure didn’t suffer a single breach worldwide!

Educate, Educate, Educate

For a business that didn’t keep up to date with patches, if they have basic security tools in place, such as antivirus, antimalware etc. they would be protected from any damage from these attacks.  The issues arise when the internal education of employees is lacking. Just investing in these tools isn’t enough. They need to be managed and supported, and more importantly employees need to be educated fully in what to look out for.

Do you have any questions regarding Petya or other ransomware? Are you interested in learning more about how CT Business Solutions can help protect your business against future attacks?
Telephone us today and our team will discuss how we can help. 0161 798 4336

Very best regards,

Eric Arnott

How to protect yourself against cyber attacks

The continuous and relentless virus attacks are a serious threat to virtually every business. We are being bombarded with advice and it can become overwhelming.

The threats are real, and should be taken seriously. You need to ensure that you’re taking a few positive steps to protect yourselves.  Long term we do advise that you get in touch to arrange a cyber health check with CT Business Solutions.  GDPR will come into force in May 2018 and if you collect / handle data it will be even more crucial to ensure you’re cyber-safe.

FOR NOW –

  • If you use Windows, install the patch Microsoft released. This will block the specific vulnerability that the WannaCry ransomware exploits. These instructions are located on this page in the Microsoft Knowledge Base
  • If you are using an unsupported version of Windows, like Windows XP, Windows 2000 or Server 2003, you can get the patches for your unsupported OS from the Microsoft Update Catalogue. We strongly recommend that you consider moving to a supported version of Windows as soon as possible.  We can help with this transition if you need assistance.
  • Update your antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.  All CT Business Solutions clients were unaffected by all the recent attacks.
  • We can’t stress this strongly enough – BACK UP regularly and make sure you have offline backups. Would your business survive if you lost all your data, not just relating to a cyber-attack?  If you have a back-up and you are infected with ransomware, your backups won’t be encrypted.
  • Businesses should also be monitoring their logs closely for suspicious activity across firewalls and anti-virus software. This facility is done in-house by CT Business Solutions for all our managed clients.  If you are worried and want to discuss the benefits of our services, then get in touch.

CT Business Solutions offer a wide range of IT support and services. If you are in any doubt about your current support get it touch. We offer a free IT audit that will give you a basis to work from to ensure you’re getting the most from your IT infra-structure.

ERIC ARNOTT

Director at CT Business Solutions

T. 0161 798 4336

Ransomware: how safe are you?

Cyber security hit the headlines again this week with several high-profile victims including the NHS having their data held to ransom with a demand to pay up $300 to get the affected files decrypted.  You can learn more about this attack here.

The National Cyber Security Centre is involved in the investigation of this case, but what are the implications for you?  What is ransomware and what measures should you take to protect yourself?

Ransomware is the name given to malware which encrypts the data files on a computer and demands payment to provide the encryption key which will give access to the information.  There is no guarantee that your data will be released; after all, you are dealing with cybercriminals who are intrinsically not trustworthy.

If you find yourself in this situation, the best solution is to restore your information from backups once all traces of the malware have been removed.  You might find that the attack has also disabled your security software; these will need to be checked too.

However, as you all know, prevention is much better than the cure.  It pays to take measures to ensure that your systems are protected from cyber attacks.  In practice, this entails the following steps:

  • Install antivirus protection
  • Make sure that Windows updates and security patches are applied
  • Run Malwarebytes
  • Check that all important data is backed up regularly, and the backups can be restored.
  • Antispam protection will prevent many malicious emails from getting through
  • Implement a strong password policy; consider using a password manager
  • Be wary of clicking on suspicious email attachments or pop-ups.

Our service plan customers can rest assured that we monitor the system and antivirus status for all your computers and we will take steps to bring you up to date if issues are discovered.

The biggest danger for computer systems comes from the computer users themselves.  In a busy office, it is easy to assume that an email is from a legitimate sender and the rogue attachment is accessed. It is well worth taking a moment to examine the email to check that it is genuine.  Our blog ‘How to Maximise Cyber Security for your Business’ is a good place to start; you can read it here.

User training in cyber security will go a long way to protecting your systems.  Get in touch with the CT team in Manchester today about ensuring you, your business and your employees are cyber aware.

Contact – T. 0161 798 4336.   E. eric@ctsmanchester.co.uk

Eric Arnott, Director

With special  thanks to Suzanne Rice at CT Tonbridge for this article.  www.

General Data Protection Regulations – What you need to know.

GDPR is the ‘General Data Protection Regulation’ which from 25th May 2018 will affect every single organisation that collects and even handles data relating to all EU residents.

The age of digital is upon us, and continues to gather pace. GDPR has been introduced to ensure that an individual’s data protection rights are regulated fully.

  • What is the purpose of GDPR?

To simplify the free flow of personal data in the EU by applying a consistent data protection framework across the member states.

  • Who does it apply to?

Every single organisation that collects or handles data relating to EU residents.

  • Why you need to start now.

You need to start preparing now. Ensure that you are fully compliant. GDPR requires organisations to develop clear policies and procedures to protect personal data. You will be required to adopt appropriate technical and organisational measures and ensure that all staff are fully aware of these procedures.

Failure to meet all the requirements could cost you 4% of annual global turnover, or Euro 20 million – whichever is greater! Unfortunately data breaches are commonplace, and increase in scale and severity almost on a daily basis.

  • I’ll do it later!

Don’t under-estimate the length of time if can take to put new policies in place. Consider how you will have to dismantle, recreate, adjust and amend your current data protection policies to ensure you comply! Fines of 4% could quite easily lead to business insolvency.

Brexit!

UK organisations handling personal data will still need to comply, regardless of Brexit! This has been confirmed by the Information Commissioner.

 

 

The GDPR will introduce a number of key changes, which you can read in full at – More information about the GDPR >>

If you want to discuss this with CT Business Solutions to start implementation procedures then get in touch with us on 0161 798 4336, or email eric@ctsmanchester.co.uk.

CT will help you understand GDPR in full

  • Assist in its implementation
  • What to do with international data transfers
  • Data subjects rights and consent
  • Ensuring your staff are aware of your procedures.

Best regards

Eric Arnott ~ Director ~ CT Business Solutions

T: 0161 798 4336

How to Maximise Cyber Security for Your Business

Cyber Security is BIG news, but many businesses are still unsure what it’s all about and the implications of a data-breach.  If that’s you then don’t bury your head in the sand. Just ask yourself “Would my business survive a data breach? Would my business survive a data breach fine”?  Probably not, and if it did how would it affect your long-term reputation?

In 2016 Yahoo uncovered one of the largest data breaches in history – to date!  According to IdentityForce.com, Yahoo discovered a breach from 2013 that may have put as many as one billion Yahoo accounts at risk.

With such big-league companies falling victim to cyber security attacks, it may seem daunting as to how you start to implement your own security. Security software is evolving all the time, and responds rapidly to the new ways that hackers find to infiltrate these systems. To the hackers, it’s almost a game of chess – tactical and strategic. So, we’ve provided the following tips which focus on ‘planning ahead’. They’re a great starting point for you and your business – start building up your defence now!

Boosting Cyber Security for Your Business

Computers hold some of your company’s most confidential and essential data. Make sure you’re taking the proper steps to safeguard your cyber information with these suggestions.

·         Install the best security software

First of all, you need to ensure you have security software installed.

Anti-Virus Software – Always purchase a reputable brand. At CT we use ESET because of the benefits and high success rate. Free versions don’t tend to be supported in the same way, or react to new viruses that are emerging almost daily. We can provide anti-virus from as little at £30 + VAT per year!

Anti-Spam Software – This helps prevent Phishing, which refers to the way hackers ‘fish’ for private information (bank log-in, company data, etc.).  Hackers try to steal confidential information by disguising themselves as a typical spam email, or even a trustworthy website. Anti-spam software will help narrow down these phishing attempts, as well as identify and block other types of spam.

·         Secure your network

Just as security software protects data on your computer, a Virtual Private Network (VPN) protects your data online. VPN’s are popular with corporations for many reasons. One of the biggest benefits of using VPN’s is that users have the ability to securely access a private network while in public settings. For example, when you connect to your company’s VPN, you appear to others as being in a different state or country than you truly are. This is a huge benefit for anyone who needs to access data remotely in a safe way.

Another perk of VPN’s is that everything within the network is encrypted. In short, even if a hacker tried to obtain some of the data within the VPN, none of it would be accessible due to the unique connections and fundamentals of the VPN. These are just a couple of the many benefits of securing your network.

·         Back up your data

If your data is stolen or lost, you should always prepare yourself with a backup copy of important files. Consider purchasing an external hard drive to hold essential files. To further secure your backed-up data, be sure to store the external hard drive in a disclosed location. Keep this location for your knowledge only, or consider trusting another individual with the location as well. It’s important to note that this strategy is only secure if the data’s location is protected, too.

Whilst external back-up is important you need to check that the external hard-drive is working. Cloud storage is the storage of data online in the cloud (a physical storage of information across multiple servers / locations) and is owned and managed by a hosting company. Your data is stored in a way that makes it accessible from multiple devices over a network, typically the internet. Check out our cloud solutions at:-

CT North Manchester – Cloud Services

·         Get cyber insurance

Investing in cyber insurance is a trend that is gaining popularity with the ever-growing world of technology. Though underwriting for cyber risks is still not entirely concrete due to the newness of the concept, acquiring insurance can’t hurt the security of your business. You should come up with a list of expenses you would want to be covered by insurance in the event of a cyber-attack. Then, you can research different options and providers to find a plan that is the most suitable. Though cyber insurance generally only covers first-party losses and third-party claims, having an insurance plan in place can majorly offset any future costs due to a cyber security breach.

If you would like assistance on how to secure your business in the best ways possible, contact the team at CT Business Solutions on 0161 798 4336, or via email at info@ctsmanchester.co.uk.  Our knowledgeable staff is equipped to assess your company and help find solutions to keep your business safe. Learn more about our data and network security services here.

Eric Arnott, Director

5 Ways Cloud Storage Can Help Your Business

It would appear that everything is now being stored in that thing they call ‘The Cloud’!  Digital cloud storage of everything from Apple’s iCloud for your music and photos, to Google Drive for your documents and spreadsheets.  It has revolutionised the way business is done today.

The data that exists on Company servers is growing faster than you can store it, and is causing serious headaches for many business owners.  The internal servers become sluggish due to being overloaded by large amounts of data, which in turn causes issues when it needs to be accessed.   Sound all too familiar?

At CT Business Solutions we’ve identified five ways in which moving to Cloud storage will help your business. Helping you to streamline processes, and get back on track just by moving to an efficient digital storage platform.  So no more misplacing of important documents, issues with inefficient file sharing, or lost time waiting for large files to load!

1. Save on the Cost of Technology Infrastructure

A significant portion of a business’ day to day work is done on computers. From editing documents and spreadsheets to creating reports, files are created and modified regularly. Each time another file is saved on your server, storage space decreases. Buying and maintaining new servers to grow the size of your digital storage costs money. With cloud storage, you eliminate the need for costly internal servers. Running out of digital space no longer results in a panicked order for another server, it is a quick call to your cloud manager to ask for a storage increase.

2. Reduce Your Company’s Energy Consumption

Becoming eco-friendly is one of the top items on many organizations’ to-do lists. Internal servers draw a lot of power as they operate. If you are looking for ways to be more environmentally conscious as a company, making the switch from servers to cloud storage can drastically cut down on the utility bill by saving energy.

 

3. Safeguard Against Data Loss

From server failures and employee mistakes to natural disasters, data loss is a major concern for companies. With the increased reliance on digital files, cloud storage can help protect your business against significant data loss. When your records and data are stored in the cloud, you don’t have to worry about a power failure or flood wiping out the digital lifeline of your company.

4. Data When and Where You Need It

Having access to files is one of the most important aspects of having a productive day. With internal servers, employees usually can’t access files stored on the server unless they are physically plugged into it. Cloud storage allows data to be accessed wherever you are, whether you need to open the budget spreadsheet from your hotel room or your Photoshop file from the comfort of your home office.

5. Data Stays Safe

One of the main concerns with cloud storage is security. Many incorrectly assume that cloud storage is not as secure as a physical server. Cloud storage technology has multiple security measures in place to protect your data. From file encryption to password protection, your data is safe when stored in the cloud.

If you still haven’t moved to digital cloud storage, then allow us to assess your current internal IT infrastructure and work with you to make your business more efficient and streamlined.

Christmas Online Shopping and Christmas Holidays at CT Business Solutions (N Mcr)

Santa Claus working on laptop computer. Isolated on white background

As much as we keep avoiding the elephant in the room, Christmas is fast approaching (How does time go so quickly?) We will be on urgent call-out most of Christmas but will be shutting the doors for some Christmas Festivities:

Our office will be closed from 6.00 p.m. on Friday the 23rd of December 2016.

We are on call for urgent breakdowns – Wednesday 28th, Thursday 29th and Friday 30th December from 8.00 a.m. until 6.00 p.m.

The office will reopen fully on Tuesday 3rd January 2017.

For all of you out there starting to panic about last minute shopping we thought we’d share these ‘stay safe’ tips!.  MERRY CHRISTMAS and a HAPPY NEW YEAR – 


Safe Online Shopping Tips for Christmas and the Bank Holiday sales!  Happy Shopping

The 12 days of Christmas countdown has commenced!  People start to hit ‘panic-shop’ mode – Not enough shopping days left! No annual leave!    Don’t get carried away.  As more and more people turn to online shopping to avoid the chaos that is Christmas, so do the on-line Grinches! Determined to ruin your Christmas.

So while you shop from your comfy armchair you still need to be vigilant! While online shopping takes away the threat of pick-pockets there is still the big threat that someone is stealing your personal information if you don’t take precautions for safe online Christmas shopping.

 

  1. Don’t let ‘Grinch through the door’ – The number one way to protect your devices and data is to install mobile anti-virus software and make sure it’s up to date.
  2. Ho-ho-hold on before you click on a link delivered to you in an email. If the offer seems too good to be true it probably is!   It could be a “phishing” scam, where shoppers who click through are led to a false site developed to steal their data. Good practise is to enter the website name by hand into your browser.
  3. Santa’s watching! And so are thieves unless you lock your device. Webroot found that a surprising 53% of respondents leave their devices unlocked, which can expose their personal information to prying eyes. Most devices request that you lock it with a password or code; take advantage of this feature to keep your information secure.
  4. ‘Appy holidays: For safe online shopping, make sure your apps are downloaded from a trusted source, such as the Android Market, Apple App Store or the Amazon App Store. When you download the app, it will ask for various “permissions.” Be sure to read through them and note whether they make sense.  For example, does a shopping app need access to your contact list? Another way to check on the safety of apps is to read through the feedback in the comments section of the market and choose apps with a high rating.
  5. There’s no place like home at Christmas … for safe online shopping. Remember, a secure network connection – (i.e. most homes or workplaces – is ideal). Public Wi-Fi can be hacked by someone with the right tools, exposing your passwords, billing information and other sensitive data. Therefore, if you’re using a public connection, it’s best to limit yourself to window-shopping and price comparing, rather than buying.
  6. Deck your halls: A security app is more than ornamental window dressing – it’s vital for online shopping. Webroot found that only 40% of respondents have a security app installed on their smartphones and tablets, putting their devices and personal information at risk. Take a hint from older surfers: While younger users more often use their devices for shopping – to place orders, compare prices and download coupons – the survey found that users aged 50 and older were more likely to have security on their device.

Above all, to stay healthy and wealthy, you’ve got to be wise. Just as you would exercise caution with your wallet and belongings in a crowded shopping centre, remember to be as vigilant online. Keep your cyber information secure.

Xmas-Snowman-pic

If you need any IT advice or support get in touch with the team at CT.  (T. 0161 798 4336).     In the meantime have a fantastic Christmas and New Year.

#WEBELIEVE

Best regards

Eric