UK Data Protection Laws Face Complete Overhaul

Technology companies around the world hold a lot of data on their users. When you think about the amount of information you willingly hand over one a daily basis, it’s quite alarming to think that we don’t currently have a hold on our own information. As a Facebook user, you will likely regularly share information about your whereabouts, your likes and dislikes in addition to the masses of pictures we all upload every day. If you have a SmartPhone, it’s likely that this phone is also able to gather information on you, all in the name of making your life easier by offering directions or suggestions. The UK government is now taking a stand against the tech companies and is preparing to bring in new legislation to hold companies to account.

Digital Minister Matt Hancock announced the new rules which will allow users to ask to see what personal data companies hold. The new rules will also mean that companies will have to erase the data on request. In addition to these stricter controls, parents will have greater controls over their child’s data and will be able to give consent for it to be used. It will also become a criminal offence for an organisation to intentionally or recklessly make it possible for an individual to be identified from anonymised data. In the past, firms could make it so that users gave their consent for their data to be used by default, but changes to the law mean that organisations will have to gain explicit consent. This will mean the end of “opt out” options on online forms, and instead users will have the option to “opt in”.

In order to respond to the changing nature of big data, the definition of personal data will also be expanded to include IP addresses, DNA and browser cookies. This will have wide-reaching implications for a number of large tech organisations, including Facebook and Google. The changes are intended to make organisations more accountable for the information they hold on their users by enforcing financial penalties for non-compliance. However, the move has been criticised by some business groups. Mike Cherry, national chairman at the Federation of Small Businesses noted that small companies are likely to be hit hardest by these changes. He said: “They simply aren’t aware of what they will need to do, which creates a real risk of companies inadvertently facing fines.”

What is Malware? How To Protect Your Business from Malware

Malware is a shortened way of saying “malicious software”. In short, malware is any kind of programme written with malicious intent. Things like viruses, spyware and Trojans are all types of malware, so malware isn’t a specific type of virus, more a way of describing any malicious type of software written with bad intent. Malware can be written or created by anyone, including hackers just looking to have fun to government intelligence agencies looking to gather information. There are also criminal organisations that are intent on stealing personal information from unsuspecting internet users.

Malware can be very dangerous as it can be used to disrupt businesses, steal information or even blackmail users into handing over money. If you want to protect your business or personal devices from malware, it’s important to know what malware is and what you should be looking out for.

Signs your computer might be affected by malware

There are a number of things you should be looking out for when using your computer, tablet or phone, as these could be signs that your device has been infected with malware.

  • Your computer is running slower than usual and normal tasks are taking much longer
  • There are unusual pop-ups when you are using an internet browser
  • Your computer might stop working or crash unexpectedly
  • Your hard drive is working harder than usual. You can see this in the task manager on Windows devices.
  • Your web browser homepage has changed
  • Unusual programmes open when you launch your computer
  • Your friends, family or colleagues report unusual email or social media messages that appear to come from you
  • Your device battery is running out faster than usual
  • Unusual error messages pop up or won’t go away
  • Your security software has been disabled
  • You cannot access your computer at all

What to do if you suspect your computer has been compromised

One of the biggest problems with internet security is that users fail to act quickly. At the first sign that you think something might be wrong with your computer, you should ask an expert for help. If you keep using the computer you risk compromising your files, spreading the malware to another computer or giving the malware creator access to your personal information. If you work in an office, malware can spread very quickly through your local network, so you should disconnect the computer from any networks and revoke the device’s access to any cloud accounts.

Letting an expert look at the computer is far better than trying to fix the problem yourself. If your computer has access to internet banking accounts, it’s important to let your bank know that this information may have been compromised. Your bank will be able to update your internet banking security passwords and may send new bank cards if you are concerned that you may have entered your bank details while your computer was infected.

If you are ready to out task your IT security, get in touch with our team at BCN Group to discuss your needs.

Top 8 Reasons Your Business Needs a Disaster Recovery Plan

The importance of a disaster recovery plan cannot be overstated. Many business leaders may consider a disaster to be a hurricane, tornado, flood or earthquake. However, the truth is a disaster is any event that prevents a business from accessing the data and systems it requires to operate, including regional power outages, cyberattacks, human error, employee sabotage and hardware failure. Every company faces the risk of IT interruptions that can grind business to a halt, risking high financial costs, reputation loss or even greater risks for you and your customers.

Below are 8 reasons your business should consider a Disaster Recovery Plan.

1. Because your business cannot afford any downtime. 20% of businesses experience a failure (fire, flood, power outage, natural disaster, etc.) in any given year, and 80% of those businesses will go under in just over a year.

2. Because your customers and potential customers expect it. The average consumer now expects the information they want to access to be available whenever it is convenient for them. Downtime means a lack of availability to your customers and a loss of business in the immediate and possibly long term.

3. Because you have spent a significant amount of time and money building your reputation – you need to protect it. Downtime and lost data can ruin reputation, brand and ultimately diminish trust that can result in lost revenue.

4. Because nature is unpredictable. Businesses that don’t have a backup and disaster recovery plan in place can find it almost impossible to resume operations after a major disaster hits. An estimated 80% of all companies that experience a business interruption of greater than five days, without recovery plans, go out of business.

5. Because machines and hardware fail. While we’ve made huge strides in the reliance of our technology, it’s still not perfect and is bound to have issues here and there. You can buy the best equipment on the market but that does not safe guard you from malfunctions, lemons and breaks. Although it may be expensive for your company to eliminate any single point of failure in your IT infrastructure, it is really the only way you can be sure that a hardware failure will not interrupt your service or cause data loss. We recommend all our clients to back up their data regularly, ideally using our highly secure managed hosting services.  This will help to eliminate any interruptions in case of IT infrastructure failures.

6. Because we live in a 24/7 world that requires ‘always on’ capabilities. 72% of web users report abandoning a company website for a competitor’s due to frustrations with the website . If a website goes down, online shoppers are not willing to wait for the unknown time at which the site will be back online. If you aren’t protecting your internet and network you could end up sending your business straight over to your competitors.

7. Because you can’t predict what data might be lost and the value it had to the running of your company. 43% of companies were immediately put out of business by a “major loss” of computer records, and another 51% permanently closed their doors within two years — leaving a mere six percent “survival” rate.

8. Because humans make mistakes. While this is among some of the hardest mistakes to prevent and correct, ensuring your data is regularly backed up lets you restore it to an error-free state. 80% of unplanned outages are due to ill-planned changes made by administrators and 60% of availability and performance errors are the result of misconfiguration.

For help with your DR planning, call BCN Group on 0345 095 7000.

What is Agile?

Agile methodology is perhaps one of the most misunderstood concepts in the IT industry. What started as a software development methodology has now been adopted by many other industries and departments. It wouldn’t be unusual to hear an events organiser or manufacturers referring to their work as agile. Here at BCN, you may hear us refer to ourselves as an agile solution provider, but what exactly does this mean? To understand the meaning of the term agile, let’s start by looking at the history of the phrase…

What is agile?

The Agile Manifesto was established in 2001 by a team of software developers. Their belief was that their skills would be put to better use if they were able to focus on solving problems and finding a better way to collaborate with their colleagues and customers. The team valued things like individuals and interactions over processes and tools and working software over comprehensive documentation. These principles have now been stretched and skewed to match a number of industries outside of software development.

How has agile evolved since then?

Since the early days of agile offering a way for software developers to redefine the way they work, it has now been adopted as a general management technique. It isn’t unheard of for managers to apply agile methodology to every aspect of a business. The idea of creating a minimum viable product as soon as possible is very attractive to business owners as it means they can make all of the important decisions based on feedback. The idea that done is better than perfect is not lost on money-conscious business owners.

Could agile work for me?

Agile is a difficult concept to get right in an organisation as it is a huge departure from more conventional management practices. Agile only works if everyone understands it and is on board with the methodology. Getting rid of the usual hierarchy, architecture and structure of a team can be difficult. One of the hardest areas to get right is letting go of the idea that the business is a steady state machine. Instead, business owners have to be willing to take risks, try new things and implement things that might later be scrapped. While this might sound risky, that’s because it is. However, it’s also an important part of learning and can allow a business to grow faster than it would if left in a steady state.

How is BCN agile?

We work with some of the industry leaders in agile solutions providers, including Nimble Storage, VMware and Cisco Meraki. We have an in-depth knowledge and appreciation for how agile solutions can help to transform businesses. Our partners are the ones leading the way in agile development, transparency and continuous improvement.

Is Your Business Guilty Of Data Hoarding?

Computer storage has come a long way in the past 30 years. There are people alive today who have never encountered a 3.5” floppy disc. These storage devices could house a paltry 1.44 MB. To put this in context, you’d need over 736 floppy discs to equal 1GB of storage. We now have an abundance of storage available on every device we own, which means we get to be a lot less picky the data we hang on to, but this abundance of storage has led to a new security problem. Data hoarding.

What is data hoarding?

Data hoarding is what happens when individuals and companies don’t have a policy in place for sorting through their data and keeping the relevant information while deleting the rest. With storage becoming cheaper and more readily available, the risk of data hoarding is higher than ever before. After all, it’s much easier to just cling on to everything rather than making decisions about what needs to stay and what can go.

What does data hoarding mean for security?

Unfortunately, data hoarding can have serious implications for security. The reason for this is very simple. Imagine you have a giant stack of papers. Most of the pieces of paper contain useless information, but a few of the pieces have your bank details on them. If you lost track of a few pieces of paper, it would be difficult for you to know if the information contained on the paper was important or useless. Data hoarding works the same way. Unless you have a system in place for organising and then sorting your data by importance, then you could end up hanging on to some potentially damaging data in amongst the useless data.

Data breaches are sadly not uncommon and can have serious financial ramifications for companies. Ensuring you know what information you hold on customers is the first step in keeping it safe. Data hoarding can lead to holding duplicate files or hanging on to sensitive information for longer than you need to. Putting a plan in place to ensure only essential information is kept on file is the best way to protect against data hoarding.

Switching to cloud storage is one of the best ways to prevent duplicate versions of files causing problems for data security. By keeping everything in one secure and central place, this can help to prevent employees from keeping duplicate versions of the same files on their computers or mobile devices. This also makes it much easier to establish a system for organising the files and ensuring only essential information is kept around.

If you’d like to know more about how BCN can help you prevent data hoarding, get in touch today on 0345 095 7000, email us on info@bcn.co.uk or fill in the contact form below.

Beyond The Four Walls: Essential Mobile Security for Businesses

The internet has revolutionised the way we do business. Securing your company used to be all about keeping things within the four walls of your office. A firewall and antivirus software could keep threats at bay and this was widely accepted as sufficient for IT security. Then the mobile device came along and turned this four-walls theory on its head. With devices coming in and out all the time, accessing sensitive emails over coffee shop WiFi networks and falling between the cracks of internet security, the issue of mobile security doesn’t come up nearly as often as it should. Every company should have a mobile security policy in place to protect sensitive data from falling into the wrong hands.

Update your company mobile security policy

Every business should have a mobile policy that includes security provisions. This should outline what is and what isn’t acceptable on a company mobile device. This includes phones, tablets and laptops as they can all be taken away from the office and are therefore at higher risk. Your policy should also specify if users can access company data from their own devices.

Designate responsibility for mobile security

Things like keeping software and antivirus software up-to-date can often fall between the cracks, particularly for personal and mobile devices. Deciding who is responsible and making sure they are aware of this responsibility is essential. This can become part of the mobile security policy and should be checked frequently to ensure employees are compliant.

Switch to the cloud

The cloud provides unrivalled security for users on the go. If you want to keep your data secure, then storing all of your sensitive data on a cloud account is far safer than saving it on a mobile device. If your phone, laptop or tablet is ever stolen and you are using a cloud account you can simply revoke access and your data will remain secure.

Use data encryption

In 2012, a NASA employee’s laptop containing the details of 10,000 employees was stolen from their car. While the laptop did have password protection, it wasn’t encrypted, which meant the data was at risk. If it can happen to NASA, it can happen to you. Encrypting all devices is an essential step for mobile security but it is often overlooked as password protection is seen as sufficient.

Mobile security is an essential component of any company security plan if you want to keep your business your business. With more and more employees switching to mobile devices and working outside of the four walls of the business, it makes sense to put a mobile security plan in place to keep your data secure.

Cloud Computing Advantages for SMEs

The cloud offers flexibility, scalability and security. Which is convenient, because these are just some of the things small business owners are looking for. For those growing a business, there can be no better IT solution than one that grows with them. The world of business is fast changing, and the business owners leading the way are those switched on to cloud computing advantages.

While it might seem like a complex concept, anyone with an email account can grasp the idea of cloud computing and its advantages. For anyone who has ever logged into their email account from a computer that isn’t their own and found all of their emails and files accessible to them, the advantages of cloud computing are fairly easy to understand. The modern company isn’t confined to one location, and the rise of entrepreneurs starting businesses from their dining table means that cloud computing is the logical choice to enable collaboration without a traditional office environment.

Here are just some of the cloud computing advantages we can think of…

Increased Collaboration

One of the most obvious cloud computer advantages is the opportunity for collaboration. An office in a box solution allows the work from home entrepreneur to scale up their operations as an when required. This might mean collaborating with someone on the other side of the city, or the other side of the world. This solution travels with the business owner, meaning they are always ready for the next step in growing their enterprise. However, the only obstacle lies in company-wide adoption. Issues with compatibility can arise if one user is reluctant to adopt new technology. For cloud computing to work, everyone will have to be on board, which means educating all of the stakeholders and staff on how the cloud works.

Speed Up Processes

The cloud has no doubt streamlined many processes which we now take for granted. For businesses, the prospect of speeding up cumbersome processes can help to free up time for other tasks. Going paperless, for example, can free up time spent stuffing envelopes or scrambling through filing cabinets. Moving processes to the cloud also opens up the possibility of using big data to make better business decisions.

Improve Security

We couldn’t compile a list of cloud computing advantages without mentioning security. The threat of cyber attacks hasn’t been far from the headlines in the past couple of months, which is prompting some companies to review their security protocols. Unfortunately, SMEs often think they’re immune to such threats until it’s too late. With the right hosted cloud services provider, security can be greatly improved. Even steps as simple as keeping software up-to-date will help to improve IT security and reduce the risk of malware infection. And if something goes wrong, data recovery from the cloud can help to minimise disruption.

Everything You Need To Know About Turla Malware

Of all the places on the internet you’d expect to find hackers coordinating their next attack, Britney Spears’ Instagram account isn’t likely to factor high on your list. And yet, the security firm Eset has confirmed that the comments section of the pop star’s Instagram account has been used to spread and control malware. Despite these seemingly innocent associations, the Epic Turla malware attacks have been described by Kaspersky Lab as “one of the most sophisticated ongoing cyber-espionage campaigns.”

It is thought that Turla, as it is more commonly known, is controlled by Russian hackers, and they’ve been using the comments section of Britney Spears’ Instagram account to test their Advanced Persistent Threat (APT) virus. On the surface, the comments look like spam but are actually used to direct infected users to other sites. The virus works by creating a backdoor into a user’s computer and then “phoning home” to the malware’s command and controls servers.

How does Turla malware work?

The comments will often direct users to compromised web pages that will prompt them to install fake Adobe Flash Player or other fake software. From the infected websites found so far, the attacks appear to be targeted at government websites. Once a system is infected, the attacker will receive a summary of the victim so they can decide how to proceed. This might include installing a keylogger on the system or RAR archiver that will allow the attacker to collect more information.

How do I stay safe from Turla malware?

Installing a sophisticated anti-virus software package from a reputable supplier is essential. The only way that your antivirus will stay effective is if you keep it updated, so make sure you don’t put off updating your software for any reason. You should also keep frequently-used third party apps, such as Microsoft Office, updated.

It’s also important to be aware what you are installing on your computer and double check you have the correct version before hitting install. If a browser prompts you to install something, it doesn’t take long to search for the name and install from a trustworthy source.

Be wary of clicking on shortened links generated by websites like bit.ly. If you receive a bit.ly link in an email or on social media, you can put it through a URL expander in order to check where it is taking you.

And finally, this information should be circulated throughout your organisation, as it is important that everyone is aware of the threat and has a basic understanding of how it works. Often, people are the weakest link in an IT security plan and can find ways to circumnavigate anti-malware controls put in place to protect everyone. Educating your workforce is the best way to mitigate the threat of malware to your business.

Survey Reveals IoT is Now Biggest Security Risk

A report from the ISACA found that the Internet of Thing (IoT) is now the biggest cybersecurity threat. According to the 2017 State of Cyber Security Study, IoT recently surpassed mobile as the biggest security threat to organisations.

This increased threat comes on the heels of increased adoption of the new technology. According to the study, 97% of organisations that responded to the survey have seen IoT usage increase over the past year. However, this increased uptake in technology has not been matched by an increase in security.

The Internet of Things refers to the growing network of interconnected devices or smart devices. These devices are able to collect and exchange data in an automated process in order to help perform tasks or to learn from a process. In healthcare, this might include devices for remote monitoring or to keep track of inventory. In manufacturing, connected devices can be used to make decisions to streamline processes.

While adoption of new technology may be increasing, there are concerns from security professionals about the readiness of companies to deal with IoT security threats. According to the report, 62% of respondents experienced ransomware attacks in 2016, but only 53% developed a plan to address future ransomware attacks. Similarly, only 31% reported that the test their security controls on a routine basis, while 13% said they never test them.

Security attacks aimed at IoT device vulnerabilities are on the rise, although are less prevalently reported. In November 2016, cybercriminals successfully managed to gain control of the heating controllers for two buildings in Finland. By causing the smart thermostats to continually reboot, the heating was never able to turn on. Since the weather in Finland is frequently below freezing at this time of year, this was a significant security breach.

A lack of funding and investment in cyber security was identified as one possible reason for the increased threat. According to the survey, 48% of respondents don’t feel confident in their staff’s ability to deal with complex security threats. And rather than increase security spend, around half of those surveyed said they will see an increase in their cyber security budget this year, down from 61% in 2016.

As we have mentioned in previous blog posts, increased transparency and a willingness to learn from past mistakes are essential to ensuring security for businesses. If the industry is ever able to fully benefit from the opportunities offered by the Internet of Things, the threats to these smart devices must also be taken into consideration.

The Essential Components Of A Disaster Recovery Plan

If you’ve ever corrupted a file and had to start over on a complex document, you’ll know how frustrating it can be. Now imagine that happens to every file on every computer in your business. If your business relies on IT to function, then your business is at risk of IT failure. IT downtime and data loss can cost businesses hundreds of thousands. A study by EMC revealed that data loss and downtime cost businesses around £1 trillion in 2014. With more and more companies adopting digital technologies, the risk can only increase.

The process of planning for such a catastrophe within your business is known as disaster recovery (DR) planning. Disaster recovery planning is relevant for businesses of all sizes, yet is often overlooked by small businesses. Disaster recovery in a more general sense can cover things like fire or flood, but IT disaster recovery looks specifically at loss of data or system downtime. If you arrive at work on a Monday and your website is down and your company computers are infected with malware, would you know what steps to take? This is precisely how a disaster recovery plan can help you. Here are the essential components of a disaster recovery plan for business continuity.

Define disaster

Every company will have a different threshold for downtime or data loss. If you run a shop that relies on an EPOS to make sales, then downtime of anything more than an hour is likely to have a huge impact on your business. However, if you run an online shop, then anything longer than a few minutes of downtime would be unacceptable. Define at which point an inconvenience becomes a disaster so your employees know when to act.

Gather your contacts

It’s not uncommon for the person who discovers the problem to have no idea who to get in touch with first. Compile a list of IT contacts and their emergency backup contact so that you’ll know exactly who to get in touch with in an emergency. Review this every time you review your plan to make sure everything is up-to-date.

Create an inventory

When talking about continuity planning in terms of a natural disaster, many disaster recovery plans will include things like creating an inventory of all office equipment. The same should happen for your IT services. Create an inventory of all hardware and software and mark which components are essential. Each software package should have a provider contact which will need to be added to the contact list.

Make sure everyone is aware

One of the biggest problems with disaster recovery plans is that they are written, tested, placed in a folder and then forgotten about. Everyone in your business should be aware of the disaster recovery plan and everyone should know how to access it.

Cloud hosting can help to minimise the impact of data loss by creating a backup of your entire business setup on the cloud. Not only does this protect against data loss and downtime from security breaches, but it can also help to keep your business running seamlessly if your physical office is inaccessible or damaged.