Am I crazy? Possibly. Probably! Maybe… Who knows? Who gets to decide anyway?

What am I on about? Well, I’m evangelical about ensuring my businesses educate our customers on all matters IT, so you can actually REDUCE your reliance on your IT company. Logically that means in time they won’t have to spend as much money with my businesses, or they may even be able to drop us completely and do it (IT – geddit?) themselves. Would you like to know how to reduce your reliance on your IT company? Well, keep on reading…..

So let’s consider:

• We’re providing FREE education on all matters IT to our clients (and everyone if you follow us on social media or this blog)
• That FREE education reduces client dependence on us
• Reduced client dependence means reduced fees for my companies
• In the extreme you may feel that you don’t need us at all!

Simply put, we’re providing free education which may result in reduced income for us.

Yeah, that’s crazy.

Do you think?

Or maybe there’s something else going on? If so, what?

Confidence and trust, that’s what.

We’re confident that by educating our customers and their staff in computing and IT matters we will increase trust. And if we increase trust, they’ll continue their partnership with us.

Let’s face it, there are too many companies in IT who give the industry a bad name. We conducted a market survey last year, and the number one issue that came out was ‘Trust’. People rely on their IT provider to provide them with IT solutions appropriate to their business. Too often those people don’t understand what is being offered and can be left with an uneasy feeling of paying for something they don’t need.

That is absolutely not what any of my businesses are about. The last thing I want is for our customers to feel that way. We want – we need – you to feel assured with your IT solutions. The only way we can do that is through education and trust.

That’s why if you follow us on social media (Facebook, Twitter, LinkedIn) you will see, at least weekly, tips on all matters IT.

That’s why this year we implemented our ‘IT Roadshows’ – we visit all our contracted customers and present to every member of their staff. What we do, why we do it, computer usage tips,  cyber security tips. Free.

That’s why all our staff are instructed to communicate in plain English – to explain any matter IT in a way that the recipient understands. No bamboozlement.

And that’s why all our staff sign-up to our cultural values. You can read them all here.

Crazy? If doing what is right for our customers is crazy, then fine, guilty as charged!

Thanks for reading, until next time…

Our MD Guy Phoenix explains the principles of local and cloud-based backups and his recommendations for businesses in this 2-minute video.

A recent interview on the Harrogate podcast was conducted by Andrew Gray of Truth Legal, with our Group Managing Director Guy Phoenix. Guy talks about his business background and provided recommendations to anyone looking to start their own business.

Check out our MD Guy Phoenix on Great Yorkshire Radio discussing social media cyber perils and what SMEs can do to protect themselves.

Check out our MD Guy Phoenix on the Harrogate Business Hour discussing cybersecurity for SMEs with Andrew Gray of Truth Legal Solicitors.

Yes, you and your staff are the biggest risk to your business. This is an actual case study of a cyber-crime that we dealt with in 2018.

The Start

A local company in Yorkshire (previously unknown to us) approached us, asking us to come and take a look at one of their computers, they had been hacked.

On investigating it was apparent that they hadn’t just been hacked; in-fact they had lost a six-figure sum. It was an existential threat to their business.

We have standard protocols for dealing with cyber attacks, and in this case we immediately:

• Quarantined the computer in question
• Conducted a full security sweep of their systems followed by password changes

Day One actions

During this first contact, we observed signs of bad practice. A USB stick was lying next to the infected computer.

‘What’s that doing there?’ I asked.

It turned out that they had been advised to take a copy of software and data they needed from the infected PC and transfer it to another PC on their network so they could continue working on the data in question. (Astonishingly, they had been advised to do this by their principal software provider!). This meant there was a risk that malware had also been transferred.

We quarantined another PC and then the whole network, followed by a full security sweep.

Follow-on actions

Having plugged the immediate gap, we were asked to conduct a complete examination to confirm what happened, how it happened and to report on the same.

We were also asked for recommendations on their wider cyber security arrangements.

Our findings were quite illuminating.

What the hackers did

A Phishing email was sent to one of the client’s generic email accounts. One person monitors these and this one, marked for the attention of accounts, was forwarded on to the accounts team.

Only one person was in the accounts department that day. They opened the email and downloaded the attachment. Nothing happened, so they disregarded it and moved on.

That night the hackers were in and out in under an hour. The attachment had opened a direct link from the hackers to the individual PC. They accessed the client’s accounting system and changed the bank account details of their eight largest suppliers. They then logged out and did nothing else, so there was no sign that anything untoward had happened.

Until 6 weeks later when suppliers started to ring up and ask where their monthly payments were. That’s when we were called in.

What we did

We produced a police-actionable report on our findings and this was submitted to local police and cybercrime units in London. The hackers appeared to be in Hungary, but in fact, were traced to South-East England.

The perpetrators were found and successfully prosecuted in September 2018. All but £9k of the stolen funds were recovered. Obviously, the client was relieved and delighted with this given the circumstances.

However, it could, and should have been zero, and here are the reasons why.

How it could have been prevented – the biggest risk to your business

The client did not have professional IT management in place – they thought (incorrectly) that their software provider took care of it. Had professional IT support been in place, the software that infected the original PC would not have done so – no download would have been allowed through automated procedures. Even if the software had somehow got through, the hackers would not have been able to gain access to the accounting systems, again due to procedures and policies that professional IT management would establish.

None of the staff had cyber hygiene training. With that training, either (or both) of the email recipients could have spotted the potential issue.

Protective monitoring software would have spotted the incoming email and also the late-night access. No such software was in place.

So, there was any number of ways that the attack could have been foiled. As the title states, you and your staff represent the biggest risk to your business succumbing to online crime.

Cybercriminals depend on two things:

• Trust – or to put it another way, a lack of cyber hygiene knowledge. The human factor is responsible for 80% of successful cyber crimes
• Poor IT setup and systems– it’s a false economy to set up and manage your own IT systems if you aren’t a trained IT professional

Summary

Since this event, the client has implemented professional IT support (through us), cyber security software (from us) and IT policies in accordance with our recommendations.

A fascinating story right?! Before you close this webpage, let me ask you -are you going to act right now on your cyber security arrangements?

Yes? Good. You should. You can start by requesting our free cyber assessment questionnaire, or arranging an online call with us to conduct it with you face-to-face. We’ll assess your cyber risk and send you our recommendations, free of charge, no catch.

Later? When? Why the delay? Cybercrime is the fastest growing criminal enterprise in the world, it is the biggest risk to your business.

No? OK, well thanks for reading and best of luck! Remember – the biggest risk to your business succumbing to online crime is you and your staff.

We don’t ever want to say ‘told you so’…

Why Companies like yours are seeking Cyber Hygiene Training for their staff.

We all see the headlines on the news – ‘millions of records breached’, ‘company loses £££ hundreds of thousands in hack’ etc. And let’s be honest, after a while it’s just white noise in our busy lives.

Besides, it won’t happen to me, will it? We’re just a sole trader/small/medium sized business.

Sorry, but no. It will. Without exaggeration, we’re receiving reports of breaches on a daily basis now. And we can say from our own experience that the often quoted statistic – that 80% of breaches are a result of staff inadvertently causing them – is spot on.

That’s where cyber hygiene training comes in. Here are some of the many reasons why companies like yours are now investing in cyber hygiene training.

1. Firstly, they know that around 80% of successful cyber breaches are due to a lack of staff knowledge.
2. Secondly, they know that a cyber breach could cost them tens, if not hundreds, of thousands of pounds; possibly it could cost them their business altogether
3. Also, they’re worried about falling foul of data protection laws and getting huge fines
4. Fourthly, they know that investing in cyber hygiene training is the most cost-effective way to protect their businesses, even if they already have firewalls and anti-virus software
5. Lastly, I guess very simply, they just want peace-of-mind.

Poor education and user awareness of the cyber threat can often be the easiest way for an attacker to gain access to your business systems.

By providing cyber hygiene training on operating safely within a cyber context to your staff, you will reduce the potential of attack through social media, internet browsing and routine emails.

Plus, it isn’t expensive! CCS have online courses from just £35. That’s right – £35! Compare that to the existential threat and costs of a cyber breach to your business. It’s a no-brainer isn’t it?

You can get in touch and request a free cyber assessment by contacting us – here are the details.

This is the Transcript of my recent video log (The impact on a Brand of a cybersecurity breach) – my voice is difficult to hear since I was asked to keep it down by the BA Cabin staff for disturbing other passengers. {Sorry!}

I’m actually making this Vlog on board a British Airways flight from London to Austin in the United States, where I’m looking forward to a much needed holiday, taking in the Austin City Limits Music Festival and the Formula 1 Grand Prix – GO LEWIS!

I’ve been incredibly fortunate to be upgraded to First Class by BA, and I’m going to make a separate Vlog for my marketing business to highlight what it’s like. In this Vlog I’m actually focusing on cyber security.

A couple of weeks ago I was invited to present at the Brand Yorkshire conference in Harrogate in the UK. The topic was the impact on a Brand of a cybersecurity breach. I highlighted a few companies to exemplify best and worst practice, and one of the companies I talked about was BA, since they were victims of a cyber breach this Summer. I thought I would take the opportunity on board a long BA flight to reiterate what happened to BA and what they did about it.

What happened?: For more than two weeks this summer (August 21 to September 5), hackers were inside the systems of British Airways.

They took the personal and financial details of customers who made, or changed, bookings on ba.com or its app during that time.

Names, email addresses and credit card information were stolen – including card numbers, expiration dates and the three digit CVC code required to authorise payments.

Around 380,000 transactions were affected. BA blamed a “sophisticated” group of cyber criminals but didn’t give any more details. A post on its website says people should contact their banks, people will be reimbursed and it will pay for a credit checking service.

In summary, BA gave Full disclosure. Recommendations on their website. Contacted the customers.

Now I asked the conference where I presented, what could BA have done better about this cybersecurity breach? Well, it was a bit of a trick question, because I actually think BA did an excellent job – and I’m not saying that because they just upgraded me! They got out in front of it, were open and transparent, contacted their customers and told them what to do, and assured them that they would cover any costs. The additional credit check service was a nice touch too.

The conclusion of my talk highlighted how businesses can prepare for something like this. The first aspect of course is prevention – stop the cybersecurity breach from happening. The BA breach was sophisticated, nonetheless there are means of ensuring your website is protected and monitored. Similarly there are methods for protecting IT systems in general, notably:

• Cyber Hygiene Training for all staff – 80% of successful attacks are a result of poor cyber hygiene training
• Software Measures – know when you’re under attack. Continuous Performance Monitoring can alert you to potential attacks and breaches – externally and internally
• Vulnerability and Cyber Assessment Audits – getting a third party to conduct a thorough and holistic review of your cyber security is the best way to get started on the road to a robust and secure business.

It won’t surprise you to hear that my IT companies – Fresh Mango Technologies (based in the Caribbean) and CCS (based in the UK) provide these services to clients. It’s also worth me pointing out that they aren’t hugely expensive. We have a starter package for SMEs which costs just £195 or $295 a month. When you consider the cost of a breach – frankly it can be an existential threat to most SME’s – it’s well worth the investment.

Finally, from prevention we go to the post-breach action plan. You need a crisis management plan in place. There are plenty of recommended PR plans available online, my favourite is the Adweek plan, because it’s straightforward:

• Get your plans in order
• Triage the problem
• Respond quickly on social
• Be honest, transparent and direct

I don’t think you’ll be too surprised to hear that my marketing agency can assist with this as well!

Anyway, I think it’s clear that British Airways had options for a  robust crisis management plan in place, and their execution of the same was very good indeed. We had a show of hands at the conference, asking the question who would book on BA.com again. There was an overwhelming majority saying they would without hesitation. Clearly a job well done!

OK, that’s the end of this Vlog, hope you enjoyed it and if you’d like to find out more about how my businesses can help your business, please get in touch. Just drop a message on the social media channel or blog where you saw this video and we’ll get back to you.

What’s your dream car?

A Ferrari? Maybe a Lamborghini or Porsche?

Maybe sports cars aren’t your thing? How about a luxury brand Grand Tourer like a Bentley or Aston Martin?

Maybe you have a young family and so your ideal car is something that can fit the whole family and also rates high in the Safety ratings?

Or perhaps you aren’t really a ‘car person’ and just want something reliable or practical? A Toyota, or a Ford or similar?

Whether your car is a dream, something ideal for your needs, or just a practical run-a-round, I bet there’s one thing they will all have in common.

You service them. Regularly.

Whether you service the car yourself or the local garage/main dealer services the car, you get it serviced.

Why?

Well, it’s kind of a no-brainer really. Servicing the car regularly ensures it runs smoothly and efficiently. It keeps the fuel-consumption optimal. It allows parts and tyres to be replaced before they fail or become dangerous.

It minimises your chances of a break-down, which as we all know creates huge inconvenience.

In short, proactive maintenance of your car ensures it runs smoothly and safely.

Given the context of this blog, no doubt you’ve figured out the analogy by now.

Proactive IT maintenance of your IT systems ensures your computer systems, and therefore your company, run smoothly and securely.

Servers, network equipment, desktops, laptops and Macs (yes Macs – see our earlier blog piece on the need to keep Apple Macintosh equipment updated) all need regular maintenance.

What’s more, they need to be serviced more regularly than your car. The major software providers, notably Microsoft, issue updates and patches regularly. These updates typically include bug fixes, improvements and upgrades. Most notably they include measures to combat recently-identified cyber threats.

Without professional, proactive IT maintenance and management of your IT systems, they will quickly degrade. Worse, without many of the ongoing updates, you may be leaving your company open to a successful cyber attack.

That’s why Managed Service Provision from Fresh Mango incorporates monthly maintenance of your server and networks as standard. That’s not all; to be truly proactive, an IT service needs to do much more than this. That’s the subject for another blog piece another time though.

So, next time you take your car in for maintenance, take a moment to think about your corporate IT. Is it helping your business run smoothly and securely?

If you can’t answer that question with an honest ‘yes’, make Fresh Mango your next call.

If you enjoyed this article you may also be interested in Children & Technology: Cookies, Webs & Touchscreen.

I’ve been thinking a lot about convenience and cyber security lately. Many of the most successful products and services make our lives more convenient. So much so that we take many of them for granted, probably to the point that they’re considered ‘Staples’ rather than modern conveniences.

Modern Conveniences

Washing machines, microwaves, mobile phones… and now we have voice-activated systems such as Google Home and Amazon Echo. Step-by-step new products make modern life a little bit simpler and easier. They are convenient; they allow us to get on with doing other things, whether for work or leisure.

Unsurprisingly we’re not keen to give up these hard-won conveniences. Would you give up your washing machine? Probably not, I know I wouldn’t. Yet my Grandparents never owned one! That’s just two generations ago.

What about your TV remote control? Probably a bit more easier to live without, but in these days of thousands of channels being available it would make choosing channels a pain. Yet I grew up as a boy with a TV that didn’t have remote control – it hadn’t been invented. We were considered privileged for having a colour TV! That’s less than 40 years ago.

The internet and mod-cons

Fast forward to 2018. The internet has become integral to our lives – business, personal, leisure, everywhere. Many governments have passed legislation to instate internet as a ‘Utility’, giving it the same precedence as electricity, natural gas and water supply.

Boiled down, the internet represents convenience. I can buy pretty much anything I need on the same laptop I’m writing this blog piece on. Pay my bills? Online. Book my next flights and holiday? Sure. I can manage my bank account. Less than 20 years ago all of these would have required a journey to buy goods, services or take care of my bills. The shopping centre, the bank, the travel agent, and so forth.

Would I want to go back to that? Absolutely not! Would you? I doubt it. The internet makes our lives easier and more convenient.

But (you knew there was a “but” coming). By making our lives more convenient, the internet has opened us up to a concept that never existed until late in the 20th century – cybercrime. Protecting ourselves against it does, regrettably, entail giving up some of the convenience of the internet we’ve all become so accustomed to.

Convenience and cyber security don’t immediately feel as if they are symbiotic.

Making life easier for our customers

In the past week, I visited the dentist and also a client with leisure facilities. Both had their wifi network and passwords on public display. Why? Well, it’s convenient for their customers. It’s nice if they have to wait a while to be able to get online. It’s also convenient for them. They don’t have to field requests for the wifi password. Everyone saves time and is more productive right?

Wrong. There is an assumption that everyone with access to the facilities has good motives. What if they don’t? By providing access to your wifi network you potentially provide access to your:

• IT network
• Systems, files and folders
• Client and supplier databases

Do you want absolutely anybody to access these? Of course not, yet that’s what these businesses had done, either inadvertently or with the best motives, or both.

Putting aside the implications of a data breach and fine under GDPR (and you shouldn’t – they’re serious), you’re putting your business at risk. For the sake of a wifi password! As I said, convenience and cyber security don’t appear to align.

Aligning Convenience and Cyber Security

This is just one of the almost countless examples where I see businesses putting convenience ahead of IT security. There are actually relatively straightforward measures that can be taken to improve your online and IT security, without giving up too much convenience. They cost a modest amount of money but compared to the consequences of a cyber breach they really aren’t costly at all.

With SMEs now officially the most targeted businesses for cybercriminals, isn’t it time to give up a small amount of convenience for the well-being of your business?

Convenience and cyber security can go hand-in-hand, you just need to take the appropriate measures, thanks for reading CCS’s latest blog.

I’ve been thinking a lot about triangles lately. Not the musical kind, but rather how they are such a useful (and simple) means of conveying building blocks and foundations. Notably the Foundations of IT Security:

With this (very) basic illustration I’d like to convey the main message of this blog piece. Namely that it’s essential to have a professionally established and managed IT infrastructure in your business before you embark on cyber security assessments, hardening, plugging gaps and so forth. In other words, get your foundations of IT security in place.

Cyber security is all the rage presently but, let’s face it, the requirement will never go away as long as we have the internet. Regrettably there are talented IT people who direct their energies towards obtaining information about individuals and companies for their own financial gain. We can’t change that, we can do our best to protect ourselves against it.

So what strategies can be employed to counter the cyber threat? Well, the cyber services offered by CCS are aligned to provide all the necessary counter measures, including:

• Cyber Awareness Training
• Continuous Protective Monitoring
• Cyber Intelligence Assessment
• Cyber Assessment Services
• Cyber Essentials Scheme
• Cyber Security Support Packages
• ISO27001 compliance

All of these are outlined in detail on the CCS website. However, before embarking on any of these services, you should consider the following basic questions relating to your current IT infrastructure.

1. Do you have a password policy and enforced password-change policy?
2. Do you have a server? If so, do you insist that all staff store their data on the server, not their desktop PCs?
3. What operating systems are you running on your server and PCs? Are they still supported? (Take a look at Microsoft out-of-support systems here)
4. Do you know if you have conducted health-checks on your server and PCs in the last 6 months?
5. Do you have backup solutions in place for your data?
6. Do you have a paid antivirus solution in place? (Sorry – as with all things in life you get what you pay for. Free anti-virus does not provide anything close to sufficient protection)
7. Do you have a Firewall in-place?

If you can’t honestly answer yes to these questions (and many others not touched upon here), then you need to obtain professional advice and management for your IT systems. Ignoring the security aspects for a moment, if you take care of the above matters your internal systems will run more efficiently. However, you really can’t ignore the security aspects. SMEs are just as likely to be targeted as big corporations.

So whether you’re a small, medium or huge business, professional IT system setup and management form the basis of your foundations of IT security. They’re a pre-requisite for cyber security.

Please, get it done, if for no other reason than you’ll sleep easier at night.