Security

Blog, GDPR, Security, Technology, Uncategorized

Is The Password Dead?


2 Comments

My boyfriend was amazing me last weekend when he showed me how he could unlock his brand-new Google Pixel 2 using just his voice. I was seriously impressed until he laughed and showed me the index scanner on the back that actually unlocked it. To be honest, it’s a perfectly useless piece of hardware since I know his pin code anyway. Which isn’t much of a win- I just get full access to the albums upon albums of stupid memes that he stores for later consumption.

These days, it seems as though you’d need to live and work in the Pentagon to keep your data safe. And even then, you’d probably be safer by having a photographic memory and never writing or typing anything. Ever. For the entirety of your life- and chances are, you’ve ballsed that one up already, right? If not, there you go, cyber security problem solved. You can tell that annoying antivirus update pop-up reminder where to stick it because you JUST DON’T NEED IT. However, if you don’t have the privilege of a) living in the Pentagon or b) having a photographic memory, then keeping your data safe can be a smidge harder (and I’m betting that’s most of us). Back in the old days of computers and the internet, simple passwords were enough to keep sensitive data safe. Nowadays, the opportunities for cyber criminals to exploit this information are too good for these less-than-moral people to miss out on.

But, as with the Google Pixel 2, we’re quickly catching on to the fact that a simple password or pin number isn’t enough, especially when it comes to our accounts online. According to password management company Dashlane, a single email address can be registered to a whopping 130 passwords. This tells us that some people either have too much time on their hands or a terrible memory, or both. Let’s be honest, when we have a password that we can remember, has a capital letter, a special character AND contains more than eight letters, we all use the same one for the random things around the web. Deliveroo, Amazon, Tesco Delivery; so many things are online now and they all require an account. And it’s not much better in the workplace. ‘For security purposes’, passwords get changed every three months or so at work, but it’s just a case of using a particular word and going up the number line each time we get that annoying notification. I am definitely guilty of this (I wait until the absolute last minute to message around to all of our IT support techies to get it changed. So they all end up knowing my new password. I like to call it ‘herd immunity’). And 42% of workers admit to sharing their passwords with co-workers. So, in the age of GRPR and a heightened awareness of cybercrime, we have to ask ourselves; is the password dead?

A recent Verizon report states that two thirds of data breaches are caused by stolen passwords or misused credentials. So basically human error. And it’s not like we can remove that problem until AI progresses enough to create robots that can do the work for us- wouldn’t that be convenient? Maybe robots are the answer, but not in the short term.

Passwords are a lot like mayonnaise. You wouldn’t consume it on its own (or at least not more than a tablespoonful or two straight from the jar at a time), but it’s a nice little addition to a dish. So what would be the ‘piece de resistance’? We have biometrics that are starting to become popular. Even I managed to fall into the ‘high tech’ phenomenon of having a thumb scanner on my ancient iPhone. And how many times has NatWest bothered me about getting their banking app? “It’s so much safer!” they say. “I don’t trust mobile devices!” I scream back. “WE’VE NEVER HAD A SECURITY BREACH!” they holler. “I WILL NOT BELIEVE IT!” I finish. I’m paraphrasing, of course, the conversation I had with my, considerably older, banking agent. Shocked that a twenty-something would have so little faith in technology, he took out his fancy phone to show me. Needless to say, I won that argument. As it was, it took me a while to get into the idea of biometrics. Realistically, all it takes is some criminal genius to sever your finger to access your bank account. I don’t know about you, but having someone steal my money after stealing my thumb is, quite literally, adding insult to injury.

So what about removing the password altogether? I’m not suggesting we scrap the whole thing, of course. But multi-factor authentication has become something of interest recently. Microsoft shocked the world in May when they announced in a blog post that they were trying to rid the world of passwords for good. Promising a future where end users will never have to deal with passwords while also vowing that user credentials will never be ‘cracked, breached or phished’ seems too good to be true. But apparently, with 47 million users worldwide, Windows Hello is very much a thing. And it only needs one authentication method; facial recognition (luckily, you’re slightly less likely of having your face severed), fingerprint or retina scan. If you are absolutely adamant that fingerprint scan is the way you want to go, you can buy a tiny little USB device to plug into your laptop, a bit like the connection bit of a wireless keyboard. I’ve said it before, but starting my day like Tom Cruise in Minority Report sounds pretty cool. I might just start getting out of bed at the first alarm every morning. My ultimate favourite feature of Windows Hello is Dynamic Lock. It’s a fancy name for something pretty simple; essentially, your computer detects when you’re out of reach and automatically locks itself. And by ‘you’, I mean your phone. So you’ll never have to worry about fire drills, emergency pee breaks, or having your laptop stolen out of the window by sleuths with fishing rods. True peace of mind.

What makes Windows Hello so secure? If you use facial or fingerprint recognition, Microsoft does not transfer the raw data over the internet. So that’s already a huge chunk of potential Mission Impossible criminals who won’t be able to make latex copies to break in. Apparently, Microsoft doesn’t even store the raw data, creating a digital abstraction instead that can only be interpreted with a machine. And what user information does get transferred across the internet gets encrypted to almost-Pentagon standards. And all you need is the Windows 10 Anniversary Update- easy!

So, what do you think? Will you be chucking that little black notebook full of usernames and passwords? (Maybe burn it instead) Or will you insist on keeping the same password you’ve used since you had to put your social media profiles on private? Either way, you might be interested in hearing what our experts can do for you.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

Cyber Criminals are at Gen-V; Are You?


No Comments

Since the dawn of the internet, we’ve learned that keeping our sensitive information under lock and key is important. Even more so nowadays, with the explosion of ecommerce asking for everything short of your National Insurance number. And nine times out of ten you can choose to save your card details for the next time you’re feeling too lazy to get out of bed to grab your wallet. If you really think about it, that’s probably not the best thing to do. But while putting our bank accounts at risk, you’d expect big corporations who have entire qualified, skilled and experienced IT teams to have a handle on their security, right?

Oh boy, could you be any more wrong. In a recent CheckPoint survey, 97% of the organisations that were assessed were not prepared for a Gen-V cyber attack. The thing is, cyber-attacks and security protections have evolved significantly in the last 30 years, but not at equal levels. Currently, organisations are at Gen-III. We fell into Gen-III in the early 2000s, when attackers learned to leverage vulnerabilities in the components of an IT infrastructure. This includes operating systems, hardware and applications. A fantastic example was the SQLSlammer worm. Since then, Gen-IV has emerged in 2010 as cyber criminals became more sophisticated, targeting the world of finance, where sandboxing and anti-bot were the main protections.

Back in 2017, the dreaded Gen-V cyber attack made a roaring entrance with the world-shattering WannaCry ransomware attack. We’re looking at large-scale, multi-vector attacks, using uber-sophisticated attack tools. It’s safe to say that we’re not in Kansas anymore. These attacks are major, generally using ‘state-sponsored’ technologies that can target networks across countries, companies and even continents. Cyber criminals are getting their hands on these technologies from simple leaks or as a result of reverse engineering, and cause major reputational damage for the organisations affected.

So what can be done? The risk of a security threat is omnipresent. No matter what you do, your organisation will be exposed in one way or another (unless you favour the slate-and-chalk method of working).

Check Point’s Infinity is one of the best ways to handle the stress of cyber security. Focusing on prevention instead of detection, it’s a hyper-aware platform that provides consolidated security across networks, cloud and mobile. Combining a single security platform, pre-emptive threat protection capabilities and a unified system for management. With the release of R80.10, it features plenty of clever capabilities and enhancements which include unique policy layers, security multi-zones and boosted performance, to ensure security management. With the move to cloud earmarked for most organisations, the integrated Check Point vSEC Cloud Security’s comprehensive portfolio integrates with both private and public cloud platforms, so you’re covered regardless of your cloud preferences.

Infinity also boasts an impressive threat prevention in the form of anti-ransomware technology that enables businesses to remain protected against even the most sophisticated ransomware and cyber extortion. If your organisation is big into mobile (whose isn’t?), SandBlast mobile has the intelligence to detect both known and unknown malware, effectively blocking it before it becomes a problem. You’ll never have to worry about poisoned wi-fi networks, ‘man-in-the-middle’ attacks or SMS phishing. There are so many nifty features of Infinity that make it a clever investment for an organisation, no matter its size. Centre stage, it has centralised management and role-based administration that allows it to apply to all organisation use cases.

Gen-V will certainly not be the last upgrade in cyber security. As technology improves, expanding and intruding into more and more of our lives, the sophistication of cyber criminals will progress just as fast. It won’t be long until I’m writing about a major Gen-VI cyber-attack and its implications affecting another group of international organisations. So now is the time to start getting ahead of the hackers. We work hand-in-hand with Check Point to ensure that your infrastructure is at the highest level of cyber security so you don’t need to worry about that.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cloud, Cloud Hosting, IT Solutions, Security, Technology, Uncategorized

Saying Goodbye to your Legacy Systems


3 Comments

If, when you were six, someone had asked you what 2018 would look like, how far off would you have been? In the last 20 or 30 years, the world of tech- and therefore the world around us- has been changing exponentially. And what person hasn’t been amazed by what we’ve achieved as a human race? But with innovation to that degree, we now live in a world where what we have is never good enough, and where money exists in creating the future. Before we get bored of a new technology, something bigger and better has been produced. People camp out in all weathers to be the first to get their hands on the latest gadgets. We all know someone who insists on buying the latest iPhone, spending thousands every year, purely to be able to say that they have it. Let’s face it, new gadgets can be exciting; moving images on a screen? Having a camera in our phones? Storing something in the cloud? What magical sorcery is this?

But with that comes a lot of change. And no one likes change. It’s a fact of life. Little innovations, yes, but big, huge, drastic change is never welcome. Unfortunately, in the world of tech, human instinct is rarely prioritised (this is why our screen-addicted children with all of the child-friendly apps have lesser social skills than us). Such is the case with legacy systems. When they first were created, they constituted a benchmark in the world of business and industrialisation. Suddenly, IT was more than manually putting numbers into a computer to systematically create graphs, it was running critical business operations such as general ledgers, inventory management and other back office systems. With legacy systems, key business activities could be done quickly and automatically, changing the focus of employees from mundane tasks to improving the organisation.

It will be zero surprise that the latest big, bold and brilliant innovation of the last ten years has been cloud. Organisations are waking up to the realisation that to stay ahead of the curve, and indeed keep up with the demands of customers, cloud and a cloud strategy is a major priority. We are smack-bang in the middle of the digital transformation revolution, and cloud is the ultimate destination, an essential business driver that is completely altering the world of industry. But one of the biggest challenges that face organisations yearning for cloud is their legacy systems. These siloed, inefficient and uneconomical systems are a towering behemoth to digital transformation that refuse to come into the 21st century.

They’re just plain difficult
One of the biggest barriers for migrating to cloud is the simple difficulty that a legacy system poses. One might think that maintenance costs would be minimal. With less upgrading, patching and training, legacy systems should be easy to replace and never think of again, right? Alas. Support for updates have become more challenging to come across as they reach end-of-life, and the ones that are available are usually quite expensive because of this. Legacy systems are also complex, fragile and about as flexible as concrete. Because they were created for another time, with a completely different set of parameters, they’re just disastrous in the face of the new, application-centric systems.

Security is not a priority
Oh boy, is security a problem when it comes to legacy systems. If your Data Protection Officer isn’t going prematurely grey and chain-smoking as soon as they walk into the building then someone should be worried. There wasn’t so much as a whisper of GDPR when legacy systems first became a thing, and because of this they’re way behind. This is an obvious one; updates and changes in IT are done to keep up and ahead of evolving security threats. After Wannacry, we know that cyber criminals are at Generation V when it comes to technical capabilities, and as it stands, even with improved cloud security most organisations are still at Gen III. Legacy systems are so behind they almost don’t figure on the Gen chart. And if you’re lucky enough to have a developer that’s willing to mastermind an update capable of patching major holes like Wannacry, it would be so late that the next disaster would be impending. Essentially, your legacy system is a disaster waiting to happen. But we can fix it, I promise.

It’s way behind on like, everything
If you are B2C and you’re relying on your legacy system to be in with the hip young consumers of today, you’re going to be in for a shock. Chances are, your competition may or may not be that new breed of internet-built company that began in a world where having an in-house data centre isn’t a thing. If anything, they probably don’t even know what a legacy system is. They didn’t exist when dial-up internet was the only option. Hell, they probably don’t even remember the pain of following the weak wifi signal to the top of the stairs to send an email only to sneeze and lose it again. So while they’re moving from new app to new update, optimising their performance with the latest Instagram or Windows 10 features, chatting away on instant messaging that you can’t achieve, your legacy system is restricting you and your potential.

You don’t have to be a prisoner of your legacy system, nor does it have to be super complicated. The thought of switching to a whole new way of doing something might seem scary, I know. It’s not easy to put all of your faith into an idea that you’ve never dealt with before, and the risks that you take while moving over. Luckily, here at Cetus, we’re pros. Register now for a free consultation with one of our senior solutions architects, they love a good challenge!

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Cetus Solutions, Citrix, IT Solutions, Security, Technology, Uncategorized

When a User Leaves


No Comments

(Potential) door slamming, cardboard boxing, silent goodbyes; it can be a bit dramatic when an employee leaves the business. Even on good, moving-on-to-better-things terms, it can take its toll. Writing up job descriptions, endless interviews, the empty desk. There’s lots to do when the ex-employee closes the door. And that’s all well and good, but what about the IT side of things? It’s not simply a case of handing over a laptop and starting anew. Without realising it, you would be watching not only a good friend walk out the door, but a security breach too. A walking, talking security breach. Imagine the nightmare. With BYOD becoming more and more popular, you don’t know what devices they were using to work or what data they have stored where. Let’s be honest, if it wasn’t a stressful situation before, the recent enforcement of GDPR has only made it worse. And it’s not like you can ask them to take out all of their devices and go through all of their files, contacts and photos. The desk would be covered in personal and company phones and laptops, USBs, the company iPad and the slightly sicky, sort-of cracked personal iPad that has every indication of a child being given it to play with during a moment of parental weakness. There would be drama for the water cooler. Or, as we call it in the UK; the Hallway Stop n’ Chat. So, what should be done when a user leaves?

Regardless of how an employee leaves, they’re going to walk away with something. Whether it’s your business practices, how you like your coffee, or behind what book Lorna hides her chocolate, something’s going to go. In this scenario, it’s a case of looking at what’s sensitive and what’s not (Lorna needs a hiding place rota regardless). Back in the day, people would slip files into their briefcases and quickly waltz out the door, whereas nowadays it’s quick and easy just to copy a digital file, and none will be the wiser.

Before there’s even chats about Having Been Here Too Damn Long or the more popular I’ve Wasted My 20s At This Desk, it’s best to prepare for the worst. And even more so if you have, or are thinking of establishing, a BYOD policy at work. Start with an extensive, written BYOD policy. Sounds easy, but I promise you that it’s not.

Treat it more like a software development project- compile ‘what if’ scenarios. Include some ‘beta testing’; a period of time to review real-life situations before handing in the final copy. A few things to consider, since there is 100% going to be the office eejit that will take the mickey; ‘acceptable business use’ is just as important as the limits of ‘acceptable personal use’- you just know some yob is going to be playing Candy Crush if they find even the tiniest loophole. Decide what kind of apps you don’t mind being downloaded, and what apps you most certainly do. What company resources (think email, calendars and so on) is acceptable to have access to on a personal device? Obviously, harassing people on company time on a company device is a no-no, just make sure everyone else knows. Same goes with texting or emailing while driving. Sounds obvious, but you’d be surprised how much it isn’t to some people. Think security; what security requirements are needed before being allowed to connect to company networks? What happens of the device is lost or stolen? At this point, you may as well bookmark this post to come back to after doing the above. I’ll wait. Now that you have your policy defined – how do you enforce it? We use Citrix XenMobile and Citrix ShareFile to provide a centralised, single point of management for our mobile devices.

Right, with that niggly bit out of the way, let’s look at monitoring. Not the breach-of-privacy looking-over-shoulders kind of monitoring that will definitely end in tears and a lawsuit, monitoring where your data is going. That sounds much less dramatic. It is time for your IT department to shine. Set up shared company file servers for starters. There are plenty on the market, but I can say from experience that Citrix Sharefile is the best one (that’s mostly because it’s so simple even I can use it). With these file servers, make sure to set up protocols, such as who can access what files and how. With ease, IT can now monitor who is accessing those files and when. Likewise, copying anything from the company server onto a company or personal device is logged. Local devices are cool, until they’re riddled with company data. A big help in not letting too much data get downloaded is knowing the ins and outs of the applications and services that your users use. What kind of liberties do these apps allow? A central repository that can be monitored is a really good idea, adding a layer of security to company networks.

According to a report from Osterman Research, 67% of organisations don’t know if they can detect whether an employee is still accessing corporate resources. Think that’s bad? A whopping 76% can’t tell if a third party (like a contractor) has stopped working on their organisation’s systems and data. If that’s not scaring you, the thought of the fine for breaching GDPR because of some eejit who sees their chance and takes it should. But I’m not here to panic you (only a little, or you wouldn’t be reading all the way to the bottom). Like all well-established organisations, Cetus has had its fair share of employees leave for one reason or another (although thankfully far lower than the average tech company). Thankfully, we’re a team of experts that know exactly how to deal with it. If you haven’t sorted out some policies to prevent your sensitive data from walking out the door, make sure to have a chat with one of our experts. They’re only a phone call away and they’re sure to help you eliminate some of that stress.

We’ve helped hundreds of organisations to implement their mobility strategies and we’d love to share our experiences with you. We can provide everything to get you started from Business Case analysis (at no cost) to high level designs and implementation…

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

 

Blog, Continuum, IT Solutions, Security, Technology, Uncategorized

How to Develop an Effective Cyber Security Strategy


2 Comments

We thought 2017 was particularly bad for cyber security threats. WannaCry (on which I’ve only just gone and written a one-year update), Peyta/NotPeyta…. The monthly rate of ransomware attacks against UK organisations increased up to 10 times the rate of 2016. But 2018 is set to beat every record made in 2017. In January alone, there were 7,073,069 attacks on UK organisations, and that number is set to soar throughout the rest of the year. The threat that a cyber attack poses is only getting worse. There were constant instances of security breaches being plastered over the news in the first half of this year alone; Ticketmaster, University of Greenwich and Timehop are only a handful of high-profile examples. So it’s not really a surprise that security and risk management were rated the most important priority in 2018 for CIOs in NASCIO’s November 2017 survey.

Panicked? Sorry, you weren’t supposed to be. In reality, all organisations- big or small- should expect a security breach at some time or another. There’s no way of avoiding it, but there is a way of being prepared. I’ll stop waffling on and get to the good stuff; how you can develop a cyber security policy and improve your best practices so that when disaster strikes, you’ll already be sorted. Mostly. (And if you do happen to face/be facing a security breach I’ve got you covered)

If you’ve got software and systems, update!
It’s really a no-brainer; IT needs to be updated regularly. Maybe in the 90s or early 00s you could get away with only updating whenever you happened to fancy the latest version of Windows to replace your current Windows 95, but it’s not the case now. With the internet, automatic updates are here to stay- whether we find them an annoyance or life-saving. Windows 10 only has two major updates a year and countless little ones that improve so much about the platform- including its security. After all, it was a dodgy unpatched Windows system that started the whole WannaCry debacle. So guys, make sure you update!

Understand the cyber security risk in relation to your organisation
Your organisation depends on a lot of things. Digital processes, data, systems, and your employees mastering the trick of gossiping and doing their work. All of these (minus the employee issue) are vulnerable to being manipulated. The whole point of a robust cyber security strategy is to protect them against fraud, theft of sensitive data and business disruption- along with the risk to your reputation along with it all. Your entire organisation has to work together to protect these vital processes from the threat. Thankfully, here at Cetus, we understand just how important it is to keep everything ticking along smoothly. In fact, we offer a complimentary security posture review to ensure that your business has the necessary security that it needs. We analyse where your organisation is exposed to security risks and provide you with recommendations on how to address them. Our finished report will analyse your network traffic to detect security threats; malware infections, usage of high-risk web applications, intrusion attempts, loss of sensitive data…. The list goes on. It will also evaluate your organisation’s end-point security, focusing on mobile management, user rights management, advanced end-point protection, patch and user rights management, and enterprise file sync and share. Importantly, the report will assess any threats posed from within your infrastructure – east-west traffic, privileged user access and user access rights. Basically, your entire infrastructure will be analysed to make sure that as little of the bad stuff as possible can breach your systems.

Taking a look at your social engineering
This is an interesting one. If you’ve never heard of this before, it’s basically GDPR handling in the office. We’ve all been panicking as we worked towards the deadline on May 25th, but privacy protection doesn’t just end there. Social engineering can be the simple calling out of a password to another co-worker behind them, or the more serious incident of pulling up a website at work and volunteering passwords and other vital information that can end up in the wrong hands. Hell, someone on the end of a phone saying the right things with the right amount of confidence could potentially sweet-talk the more trusting to give out a piece of information- and sometimes that’s all they’ll need.

Perform regular data backups
I’ll try and keep this one quick because here at Cetus we rabbit on about them all the time. Backups are great. Should you have the misfortune of having a ransomware attack, having a copy of the data that’s held hostage can be a life saver. Firstly, you’ll know exactly what data the hackers have- or if they gained access to personal information that could cause problems-, and you won’t have to worry about data loss regardless of whether you pay the ransom or not. Backups; if you haven’t got them sorted what are you waiting for?! With so many types of backups to choose from, from tape to replication (we suggest keeping up with the times and trying out Continuum), there’s no excuse not to have that sweet disaster recovery/business continuity plan in place.

Lock everything up tight
There’s no point in having the best firewalls money can buy, along with the most secure cyber security solution, and cyber attack just-in-case plan of action if a criminal can just waltz through the front door and calmly collect all of your information on a USB. If your sever room (or server part of the floor as the case may be) isn’t locked up tighter than Alcatraz then eventually there’ll be a problem. Remember, not everyone in the office needs access to the servers!

These are the most basic points to note for a cyber security strategy. Cyber threats are real and preventing attacks will always be a better alternative to reacting to one after it has breached your infrastructure. One of the most important in the list is understanding the cyber security risk in relation to your business. Make sure to book a complimentary security posture review today, and take the biggest step towards securing your infrastructure or speak to one of our cyber security experts today.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Citrix, Cloud, Continuum, IT Solutions, Security, Uncategorized

Top Trends in Digital Transformation for Your Business


No Comments

The tech world is fascinating. We’re always on our toes, trying to figure out how to use the latest innovation that’s been rolled out office-wide. We’re lightyears ahead of where we were only ten years ago. With that, it’s so easy to fall behind in what’s going on in the world of tech and all the great improvements that come with it. Hell, just go on a two-week holiday and you’ll come back to 2,000 urgent emails and a brand-new content collaboration system that eclipses the old one. There are new ways of doing everything, so god forbid you don’t pay attention. The trends in digital transformation change quickly, but these are the main ones your business needs to keep up with to stay ahead.

Cloud and hybrid cloud are taking over
It’s a bit like opening a tin of chocolates to yourself; you just can’t stop the outpouring of those delicious chocolates wrapped up in colour just constantly getting plucked out of the tin. There’s been a huge movement towards cloud in recent years. Everyone and their mother loves cloud and just can’t get enough of it. Business-wise, improving your IT infrastructure to respond to change just makes sense. With the exponential creation of data becoming an issue that has to be considered early rather than in hindsight, digital transformation surrounding cloud brings with it numerous benefits. Organisations love the dexterity of scalability; never needing to worry about what they have but knowing that there will always be room to grow or decrease depending on needs. Of all the cloud options, hybrid cloud is by far most popular, almost indispensable for most organisations, big or small. The ability to have that little bit more control over your data with on-prem data centres is the best first step into the wonderful world of cloud.

Importance of user experience
User experience will always be a major factor in digital transformation for businesses. It goes without saying that when your employees are happy, the higher productivity rises. And that’s what we all want, right? But user experience goes beyond just having coffee and chocolate digestives available downstairs. So what about the other niggly techy bits? Cloud sprawl can be a massive problem for businesses. Chunks of data here, there and those few spots you least expect it can quickly become a problem. We’ve (read: I have) already discussed how cloud sprawl can irritate your users enough for them to abandon your well-established IT infrastructure and turn to the world of shadow IT. A good IT solution will go above and beyond what the user wants and needs. Think of the basics; an email platform, a file-sharing platform, the ever-popular instant messaging app that allows your users to make quick work of small issues. The necessities, basically. Then think of what your users will want to ensure the smooth running of their work day. Now amalgamate and watch the productivity rise!

Remote workforce
We’ve heard it a million times before. Mobile workspace, digital workspace, modern workspace – whatever you want to call the ability to work from anywhere that isn’t the office – it’s the future of work. What’s new? Shockingly, there is more excitement around every corner in the tech world (I did say that it’s fascinating). The latest updates to Citrix Workspace were unveiled in May’s Citrix Synergy. It encompasses all of the usual things that you’d expect from a digital workspace; ultra-secure security, ultra-fast one-sign-in-works-for-them-all authentication, ultra-easy access to any of your files from any of your devices, clouds, networks. All that fun stuff. But the fun just doesn’t stop there. From collating collections of your favourite apps for quick sharing, universal search and – my favourite – using any screen as a presentation screen (no matter how big) just by using a QR code. I swear, it’s magic. And it really makes a difference.

Cyber security priority
WannaCry really wasn’t that long ago, but, even over a year later after the devastating attack, 66% of IT security pros have admitted that they haven’t improved their patch management systems. The biggest issue facing organisations when it comes to cyber security is the lack of progress and drive to be ahead of cyber threats. Terrifyingly, WannaCry was a Gen V-level cyber-attack. It’s terrifying because not only has tech advanced so quickly in so little time (the firewall is the cure for Gen II cyber threats), the majority of businesses are way behind. According to Check Point’s Cyber Security Generations Survey from March 2018, only 10% of IT security professionals are at Gen IV and, worse still, only 3% are at Gen V. If that doesn’t scare you, not much will. So it’s pretty clear; stepping up the digital transformation of your organisation is for absolutely nothing if you ignore the cyber security part of it because then you’re opening yourself up to more attacks. It doesn’t matter how careful you are, how much garlic you hang by the window or how much you trust that Starbucks Wi-Fi, there’s only one way to make sure that you’re protected.

Back up all of the things
Again, it’s one of those things that we hear over and over; backup is important. If there’s a fire; fire up (pun intended) your backup system. If there’s a flood; fire up your backup system. Attack of the tin-eating frogs; fire up your backup system. Backup is a major part of the digital transformation because it’s often overlooked. Everything is up and running and perfect and you just couldn’t imagine anything going wrong. There’s really no point in sorting out your backup after disaster strikes. And in this day and age, there’s no excuse – there are so many different types of backup and replication that can be used for disaster recovery. Here at Cetus, we favour replication – it’s the future of backup – and we proudly suggest our very own Continuum.

Digital transformation should be a top three priority for every organisation that wants to keep up and ahead of the curve. If any of the above sound too difficult for you, or if you need a bit of a refresh on any of them, why not have a quick chat with one of our experts to see what we can do for you? In the meantime, it’s worth looking into our
free business challenge consultation to help you navigate your business challenges, while here in the office we argue about the best tin of chocolate (it’s obviously Roses).

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Our Upcoming Events, Security, VMware

WannaCry: What We’ve Learned One Year On


6 Comments

It felt like the world was held to ransom. All over the globe – an astounding 150 countries in fact -, little red boxes popped up on computer screens, causing dread and havoc. ‘Ooops, your files have been encrypted!’ they read, asking for between $300 and $600 (£230 to £470) in bitcoin for the safe release of the files. On Friday May 12th 2017 nations of the world collectively gasped as these faced the most devastating and widespread cyber security incident at that time. Over 200,000 machines were affected, with the perpetrators scamming over $112,000.

In Britain, the NHS was hit the hardest. The little red WannaCry pop-up appeared at 1pm on the screens of only four trusts, demanding the ransom. By 4pm, when the ‘kill switch’ was accidentally found, it had spread to 16 trusts. The cyber-attack threat was officially ‘stepped down’ by NHS England a week later, but not before the affected reached a staggering 80 out of 236 hospital trusts as well as 603 primary care and affiliate NHS organisations. Public health in the UK was seriously affected, since the ransomware attack resulted in thousands of cancelled appointments, infected systems and the diversion of A&E patients to other hospitals.

In hindsight, and a little bit of digging, it was a disaster waiting to happen. The NHS had been warned as far back as 2014 that their level of cyber security just wouldn’t cut it. With a failure to undertake the most basic of IT security procedures, which included patching and updating software, as well as not putting a strategy in place to properly deal with a cyber security incident, it’s a miracle that it didn’t happen sooner. But it was a huge wake-up call, not only to the NHS but to businesses globally. No longer would cyber security rest on the hopes of a flimsy firewall that hadn’t been updated in several years – this is a real risk, with significant consequences. So, in the year since WannaCry, what exactly have we learned?

It’s horrifying to think that WannaCry was a Gen-V cyber threat, while according to Check Point’s Cyber Security Generations Survey from March 2018, only 10% of IT security professionals are at Gen-IV and, worse still, only 3% are at Gen-V.

According to a recent report by cyber security firm Tanium, most organisations would still be unprepared should another incident like WannaCry happen again. The survey of 500 frontline IT security workers in the UK is shocking; 40% admit that their organisation is even more exposed than last year. Only 31% confessed that their organisation had invested in new security systems since WannaCry. As I stated already slightly higher up, it was basic IT security procedures that were the gateway for WannaCry, yet a staggering 66% of the IT security workers admitted that they still hadn’t improved their patch management process.

The results are definitive; it’s time to start safeguarding against further, potentially more devastating, cyber-attacks.

It’s all about the patching
WannaCry sneaked through a Windows weakness where there was a lack of security. Shockingly, it had been discovered and there had been a patch for the offending loophole two months before the attack. I know having to update is a major pain, but guys, it just needs to be done. WannaCry was a Microsoft Windows ransomware, a software that locked the files by encrypting them. This particular ransomware was particularly nasty because it was network enabled, which allowed it to essentially spread like a virus throughout not only the local network, but the internet as well. What your organisation needs right now is a patch management solution in place to patch for known vulnerabilities as soon as they arise, so that no little malware buggers can infiltrate your systems.

Backup, backup again, and verify
Had your organisation been hit with the WannaCry malware and you’d had all of your data backed up, you’d have been laughing – for the most part. Regardless of encrypting malware potentially hitting you, backups are critical for all things disaster recovery and business continuity. Whether it be tape or cloud (like Cetus Continuum), all of your data needs to be replicated somewhere safe. Regardless of where you store it (and we really do suggest cloud), it should all be encrypted. Security is, after all of this, a priority.

Use all of the threat intelligence and prevention
If you haven’t heard, micro-segmentation is really in right now. Which is really great in the face of cyber security. Life may be like a box of chocolates, but your data centre needs to be more like a hotel and protect itself from east/west traffic. This next point is important; invest in some good threat intelligence and threat security. At the moment, we’re working with Check Point and VMware to highlight how merging Infinity and NSX can create the ideal security solution to protect you.

Figure out where you stand with a security posture review
There are hundreds of ways to fall foul of a cyber-attack in this day and age. With work no longer confined to the office, mobile workspaces have become all the rage – and for good reasons. Being able to work while on the field instead of having to wait to get back to the office, being able to work from home, or just simply being able to sort out an urgent matter when on holiday is revolutionary. And everyone’s trying to get into it. However, using some random Wi-Fi is always a risk. Honestly, you’ve not lived until you stand outside an O2 store trying to rob a second of Wi-Fi to send an email. In the rain. But how secure is that? A security posture review is essential to identify where your security has slipped. And it just so happens that we offer complimentary security posture reviews, where we analyse network traffic to detect a variety of security threats, evaluate end-point security, assess any threats that lurk in your infrastructure as well as other crucial little things. Have a chat with our experts to see where the danger can find a way in.

One thing is for definite; cyber security has never been so important, and making sure that your IT reflects that is the way to protect yourself as much as possible from an attack. It’s important to be proactive in your cyber security, or you’ll be reacting to a security breach instead.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Security, Uncategorized

What Would You do in the Case of a Cyber Attack?


2 Comments

A cyber attack. You’d get shivers down your spine just thinking about it. As more of our lives- both personal and professional- are being moved online, the threat of a cyber attack increases, and with it the repercussions it would entail. We all have firewalls, anti-virus software, a few bulbs of garlic by the window, all to keep the bad from coming in. But eventually, regardless of what measures you take (most IT professionals would not recommend the garlic), there will be a breach. Speaking in statistics, 83% of businesses believe that the complexity of their organisational structures and IT infrastructure is putting their company at risk. And just think about what you have online; so much of your personal life, and your business. While both are sensitive (though I personally don’t really mind if my chocolate-eating habits become public knowledge), the latter could really affect your business reputation. While we all know that an attack is a real possibility, a lot of businesses haven’t really put much thought into it, and haven’t put a contingency plan in place.
So, what should you do in the case of a dreaded cyber attack?

Don’t panic- find out what happened
First of all, breathe. Until you know exactly what has been hacked into, there’s no point in fearing the worst and losing your cool- you’ll need it going forwards. Now, it’s important to find out what exactly caused the breach, and fast. Speed is a priority, and might just be what saves your reputation. What data has been compromised? How much data has been compromised? It’s also vital to determine whether you’re looking at a malicious attack or a technical glitch.

Secure your systems
Now that you know what exactly you’re dealing with, you need to contain the breach. You might think that the first call of action would be to shut everything down. Push that big red button, sound the alarms, go into lockdown. This may not be the best idea though; the hackers could sense that you’ve cottoned on and that could in turn make it harder to identify the culprits. Using another device, change your passwords and logins- the hackers may have installed software to track and record your movements. Implement a firewall on the affected machine to prevent it from broadcasting outside of your building. If you try and track down the source of the attack it may leave you open to further attacks. This is where good business continuity comes into play; even ten minutes of system downtime can be extremely costly, so switching over to an unaffected back-up can help minimise financial impact. So, does your IT solution include business continuity? Have a chat with our experts at Cetus to alleviate that worry.

Call in your legal army
As soon as you discover a breach, call in your army- of legal defence. If you don’t have a company lawyer, now is definitely the time to get one. There are plenty of legal issues to be considered, including whether or not to inform the regulator. In The UK, we have the Information Commissioners Office (or the ICO, who are spear-heading the GDPR movement in the country). Protecting your organisation from claims of malpractice is paramount. This includes how you will be informing those customers of yours that are affected. Clearly, having legal defence to point you in the right direction is crucial. At this point, it’s important to begin keeping detailed records of everything that happened and your steps to resolving the issue. Everyone who is participating in the incident response needs to keep detailed, ongoing accounts of what steps are being taken and why, as well as any costs incurred as a result of the attack. Things of particular importance to note; all incident-related communications, the identity of the systems, services, accounts, network and data affected by the breach. Don’t forget to record all of the information that is related to the amount and the type of damage that has been inflicted.

Stay alert- it might not be over yet
This is the last thing you want to hear, but realistically, it might not be the end of the nightmare. I know you just want to start putting things back together and start healing, but with the variety of scams at the moment, you might not know what you’ve fallen into. Depending on the nature of your attack, there might be more suitable incident plans to minimise damage. Ransomware attacks are the most common forms of attacks recently, as criminals scare you into paying them for control over your computer. Get in contact with your leading anti-virus firm, they always keep on top of the latest attacks- you might not be the only victim. Just make sure to keep your other devices secure- the hackers are also able to attack tablets and smartphones!

Hearing the word get out
Be prepared- you might be in the press spotlight after the attack. This is another reason why it is so important to work quickly and ensure that you take all the necessary steps to detail what you do to contain the breach and how you work towards minimising the damage. You’ll need to have a tailored statement ready as soon as possible- if you don’t have an internal PR department it would be worth investing in external support. But before the press even start reporting on the story, it is wise to inform your affected- or potentially affected- customers. It’s not a nice prospect, but the sooner your affected customers know that their data was part of the breach, the sooner they can take measures to protect themselves.

Learn from the attack- investigate!
You’ve made it, hopefully with minimum breach and your reputation still standing. But now is not the time to celebrate- it’s time to learn from the incident. Carry out a full investigation, determining how it occurred, its affects and any remedial factors that would prevent it from happening again.

And there we have it. While a cyber attack isn’t on anyone’s wishlist, these are some of the best ways of dealing with the aftermath. Not in the middle of a cyber attack right now? Come talk to one of our experts today to complete a complimentary security posture review, where we will analyse network traffic to detect a variety of security threats including malware infections,
evaluate end-point security with focus on mobile device management,
assess any threats posed within your infrastructure such as east west traffic, and more.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

Practice Safe Mobility – Protect Your Endpoints


No Comments

It’s not the naughties anymore – the age of consequence-free mobility is over I’m afraid. It’s time to start practicing safe mobility. It’s time to put some endpoint protection on your ‘device’. The result of not doing so exposes your business to risk from threats, data loss, and unauthorised access.

For decades now, endpoint security has been the domain of anti-virus software. This was because Windows endpoints were the primary target, and we all ‘knew’ that they were vulnerable. Many businesses installed AV software on endpoint and moved on to more important matters…

So, what’s changed? Well, I would suggest that things have changed from two perspectives: the ‘use case’ has changed, and the threat environment has changed.
Taking each in turn…

From a use case perspective:
• The age of the virtual desktop seemed to be upon us (at least from Cetus’ perspective) – and then came ‘the well-managed Windows 10 desktop’.

• We’ve been acting like consumers for years now – buying smart phones, tablets and phablets and then wanting to use them for work.

• We’ve also been liberating ‘our’ data – storing it in personal cloud stores like Dropbox and sending it via our personal email accounts in an effort to be more productive
So what’s changed from a threat perspective?

• The days of good ‘old-fashioned’ viruses seemed to disappear when the use of nation state cyber weapons ransomware became an everyday thing (think Wannacry).

• Threats are now specifically targeting mobile devices (think Man-in-the-Middle Attacks. Women-in-the-Middle attacks are also a threat).

• Public cloud services are now part of most corporate strategies (think OneDrive), extending network boundaries into ill-defined, global data centres.

• Increased legislation with regards to the protection of individuals and their personal data (think the GDPR and its somewhat over stated, but none the less terrifying €20m fine).

The above list is by no means exhaustive, and tries to give a flavour of the changing threat landscape. So where am I going with this? Well, the good news is that our friends at Check Point have a solution to your cyber woes. Our cyber security portfolio provides Check Point End Point Security and Security Gateway Appliances that allow us to provide end-to-end security that encompasses your data centre, end points and the Cloud.
Specifically, from an endpoint perspective – Check Point provides data security, network security, threat prevention and a remote access VPN for complete Windows, Mac OS X and mobile device security.

If you’ve been playing fast and loose with your endpoints then we’re here to help. Our free-of-charge Security Posture Review will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert

Blog, Cetus Solutions, IT Solutions, Our Upcoming Events, Security, Uncategorized, VMware

When ‘Traditional’ Approaches to Security Are No Longer Enough…


1 Comment

Security attacks are without doubt increasing in sophistication and frequency. With the average time to detect a breach over 200 days(!) the damage an attack could cause is frightening… Simultaneously, for many organisations their IT infrastructure and networks are becoming increasingly complex – with 83% of businesses believing the complexity of their organisational structures and IT infrastructure is putting their companies at even greater risk for security breaches.

In recent years, the number of high-profile data breaches compromising sensitive information has continued to rise. Although breaches were achieved in different ways, the majority exposed the fundamental weakness of the perimeter-centric network security model: after all, once the perimeter is breached, it is difficult to stop threats from moving laterally (east-west) throughout the data centre. These attacks have proven that investing in perimeter firewalls is insufficient and that more investment is needed to secure east-west (server-to-server) traffic.

One solution is virtualisation. Virtualisation abstracts the underlying infrastructure from the applications running on top of it, giving IT departments full visibility into the data path. Abstracting applications from the infrastructure provides the ideal enforcement point to compartmentalise applications through micro-segmentation of the network. This allows simplified security-policy creation and management. It also helps reduce the overall application infrastructure attack surface and provides the ability to effectively prevent threats from breaching the data centre. Leveraging abstraction in the data centre also protects the infrastructure from any compromise.

In our attempt to help more organisations improve their security posture, we are proud to announce that last year Cetus Solutions earned VMware’s highly sought-after specialist competency in Network Virtualisation. VMware, who pioneered the term software-defined data center (SDDC), awarded Cetus with the accolade after demonstrating technical competency, experience and expertise in delivering NSX solutions.

VMware NSX is the network virtualization and security platform for the software-defined data center. VMware NSX brings security inside the data center with fine grained policies tied to the virtual machine they protect. Essentially, with NSX, IT departments can programmatically create, snapshot, store, move, delete, and restore entire networks with the same point-and-click simplicity and speed of a virtual machine—delivering a level of security, agility, and availability never before feasible with hardware-centric or traditional operational approaches.

Our Managing Director, Mike English, had a few words on the achievement;

“We are delighted to have secured the Network Virtualisation competency from VMware. In the last twelve months, we have seen an uplift in conversations centred around data center security and particularly micro-segmentation. VMware NSX’s capabilities makes this level of protection economically and operationally feasible for the first time for a lot of customers. By gaining this competency, it shows our commitment to helping customers define, deliver and manage their security strategy in line with their business requirements.”

With the threat landscape increasing ‘traditional’ security approaches are failing to effectively secure a modern organisation. Now is the time to revaluate your approach to security. Our free-of-charge security posture review will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert