Category: IT News

Would you leave your house unlocked if nearly half the homes in your area had been burgled? If an attack was likely, would you wait until after the break-in to act?

No? Then why treat your business that way?

As with any breach of security, a proactive response is always better than reactive – why wait for the damage to be done when you can try to prevent it in the first place?

With cyber attacks continually on the rise, it’s really important that all businesses, no matter their size, act proactively in response to the increase in attacks and successful hacks.

You might think reactive IT security will save you money, but it’s only in the short-term. In the longer-term you run the risk of increased financial costs, using the wrong tools for damage control, and no clear way of resolving issues.

Proactive approaches are all about anticipating that something might happen and being prepared for it. Proactive IT security leaves less room for cyber attackers to exploit your systems, and also makes it easier to identify problems sooner – and makes it easier to fix them.

Here are just two reasons why we think being proactive is the best attitude to take towards your IT security:

1. No more constant clean-up

Unfortunately, cyber-attacks are no longer a rarity. Once upon a time, it might have been worth your while holding off on investing in IT security. Now, when 1/3 of UK businesses suffered an IT breach last year alone, it’s no longer a matter of “if” we see another breach, it’s “when”.

1/3 of UK organisations suffered IT breaches last year, even though 70% invested in some sort of IT security. Without an element of proactive IT security, this figure would be a lot higher.

After an attack, more damage will have been done when you don’t have some element of proactive IT security in place. Attacks damage your safety measures; you likely lose data which causes financial and reputational damage as well.

Clean-up costs can be enough to make your eyes water, and even more when coupled with loss of productively or revenue. It’s best to have security measures continuously in place to lessen some of the damage.

2. Reactive security measures are often light work for pro-hackers

As much as you might believe otherwise, hackers will generally always be one step ahead – whether it’s through developing stealthier ways to attack, or new ways to hack and fool people.

Even the most unsophisticated hackers have access to coding which can easily evade antivirus (AV) detection. They’re often tuned into AV provider updates as well. This means that hackers get the same messages as clients when they are told to update their systems to account for new hacking codes.

This works as a push for hackers to roll out their new methods – putting businesses one-step behind the criminals.

It’s easy to treat IT security as something you don’t need straight away, but in the long run it’s much better for your company if you’re proactive about it. We can’t pretend a cyber attack just won’t happen – they’re becoming more and more likely every year as we become more globally and digitally-connected.

We can sit back and wait to do something after an attack, or we can be proactive and put in place some preventative measures to make your business less likely to be breached in the first place. Not only will this help put your mind at ease, it can also make your clients and customers at ease that their information will be less accessible to hackers.

With all this in mind, there’s so much that we at Consider IT can do to help you protect your business and your clients from cyberattacks before the take place, saving you in the long-term.

We can help you with everything from support services to improve productivity, increase security and reduce the overall costs to your business, to bring you through Cyber Essentials Accreditations. We’ll turn your back up platform from a “recovery in days/weeks” situation to “we’ll have you online anywhere in the world within 15 minutes”.

We even offer our purpose-built Disaster Recovery suite for your team to use in times of crisis.

Find out about all of the services we have on offer at https://considerit.com/what-we-do/managed-it-services/cyber-security/cyber-essentials/

Get in touch with us on 0131 510 0110 or [email protected] to chat about our IT support services.

You read that right – now is the time to sign up for a chance to stake a claim on vouchers worth up to £1,000 to help protect your business from online threats.

We’re so proud of our Cyber Essentials accreditation, we want your business to have a slice of the pie as well.

We want you to stake a claim on the £500,000 pot up for grabs through the Government’s Cyber Essentials Voucher Scheme – before it runs out.

The Cyber Essentials scheme aims to improve Scotland’s cybersecurity, making it one of the most secure places to do businesses.

We’re one of a handful of CREST-accredited specialists in the country which can deliver Cyber Essentials, while helping you claim back up to £1,000 of the costs from Scottish Enterprise.

With hundreds of high-profile IT security breaches happening every year, cybersecurity should be a top priority for any business as it affects every one of all shapes and sizes.

If your business falls victim to a cyber-attack, the costs involved in recovery can be incredibly expensive, so why not help protect your business with a government grant – how easy could it be?

Becoming CREST-certified can protect your business from up to 80% of cyber risks. It also shows your customers and clients that you’ve taken a proactive approach to security – giving you an edge over your competitors.

Our team of IT experts is one of the very few teams in Scotland which can manage both Cyber Essentials and Cyber Essentials Plus certifications for clients.

Both certifications involve a rigorous assessment of business processes, data security and security testing. CE Plus involves double the tests on a client’s infrastructure – including assessments of exposure to malware, internal vulnerabilities, workstations and mobile devices.

Cyber Essentials is an intensive undertaking, but it’s well worth it – and even more so when the government is helping to foot some of the bill.

Early March 2020 has been earmarked as the closing date for applications to the scheme, so what are you waiting for?

You can find out more about Cyber Essentials and all of our services at https://considerit.com/

When the news broke on Monday 21^st October that self-proclaimed “hack-proof” VPN service NordVPN was the victim of a hack in March 2018, we were surprised – but not shocked.

Hacks, leaks and security breaches can happen to any company – even privacy giants who claim to have complete cybersecurity at the heart of their product. No organisation should ever claim to be 100% “hack-proof”.

The point of a virtual private network (VPN) is to make your data private by sending your surfing traffic to different servers in different countries – essentially masking what websites you’re browsing. VPNs are used by millions of people as an easy way to maintain some level of privacy online.

NordVPN prides itself on data privacy and complete protection, claiming to shield their customer internet activity with Double VPNs, military-grade encryption and CyberSec (some of the most seriously cutting-edge security technologies around). NordVPN is one of the most popular VPN providers in the world with over 5500 servers in 59 countries.

Customers around the world were right to be concerned when they found out that their private data may have been accessed by hackers, especially when NordVPN claims to have a “zero log” policy, which means they don’t track, collect or share any user data.

NordVPN admitted a server in a data centre in Finland had been accessed by an attacker last year, by exploiting a vulnerability of one of the remote server providers.

An expired internal private key had been exposed, which means hackers could have intercepted traffic and viewed the websites users were visiting. A hacker could have also potentially performed dangerous man-in-the-middle attacks on users by pretending to be a NordVPN server. This means if users were typing in private information – like credit card numbers or addresses – on other websites while using NordVPN their details could have been stolen.

More worryingly, the management interface used by the server gives hackers free reign over the system – commonly referred to as “God mode”.

NordVPN has claimed no user credentials were intercepted and that no other server on the network was affected. NordVPN didn’t name the server in the statement on their website, but said that it had ended the contract it had and shredded all of the servers they had rented from the provider.

The server was vulnerable between January 31^st and March 20^th 2018, but NordVPN has said it was breached on only one occasion during March.

We haven’t heard how long the attacker had access to the server for, whether it was hours, days or even months. It’s also not clear how many users were affected and how much traffic was intercepted.

Even though the server doesn’t exist anymore, and NordVPN claims no user credentials were intercepted, this attack is a serious reminder of how vulnerable a company can be.

Companies should be aware of any potential issues or weak spots in every aspect of their IT security and should be more vigilant if using external server providers so that they can be aware of any possible vulnerabilities a provider might bring. The bottom line is, no company can ever claim to be 100% “hack-proof”.

Get in touch with us on 0131 510 0110 or [email protected] to chat about our IT support services.

1/3 of UK businesses suffered IT breaches in 2019, even though 70% have IT security.

32% of all UK businesses identified IT security breaches in the last 12 months – and alarmingly 60% of those were large and medium-sized companies.

These breaches occurred in spite of the fact that seven in ten businesses have invested some level of spending in IT and cyber security, with 33% of them having formal cyber security policies in place.

The shocking findings come according to the Cyber Security Breaches Survey 2019.

UK businesses of all sizes invest money into IT and cyber security for several reasons. The most common reason is to protect customer data, followed by preventing fraud or theft and protecting assets such as cash or intellectual property.

IT and cyber security breaches can be extremely costly for business. The average annual cost for a company which lost data as a result of breaches was £4,180 this year, an increase on the average cost in 2018.

The question remains: why are companies which have invested in IT security and training still regularly suffering security breaches?

It’s important to start by identifying the most common security breaches. These include staff falling victim to phishing attacks, fraudulent emails and online impersonations of an organisation, and malware and viruses.

IT security breaches can occur even with IT support – the most common reason being human error in opening phishing emails or unsecure links. A lack of staff awareness around backing up data and creating strong passwords can also lead to security breaches. We offer a wide range of staff training and guidance for clients to help them understand how best to protect against these types of breaches.

A third reason why IT security breaches occur is down to machines or devices that have dropped out of IT’s sight. At Consider IT, we regularly carry out vulnerability scanning to source and resolve any issues or concerns we come across. We also manage and maintain our client’s servers and endpoint patching, and update systems weekly.

At this point, the general thought towards IT security and cyber security breaches is that it’s likely going to happen and there’s no real concrete way to stop it if an attacker is dedicated enough.

We recommend taking a proactive approach to IT security as this is much more effective than waiting for a breach to happen and reacting after the damage has been done. We focus on reducing the impact of breaches and ensuring our clients can recover swiftly and easily if a security breach does occur.

For company-wide safety, we offer a wide range of staff training programmes to ensure clients are in the safest hands. Through our Cyber Essentials and Cyber Essentials Plus schemes, we offer easy solutions to sometimes complex problems. Our human touch puts your people at the heart of your tailor-made security plan that won’t skimp on productivity.

Protect you data, your network and your people by talking to our team today. Get in touch with us on 0131 510 0110 or [email protected] to find out more about our IT support services.

Consider IT creates a sleek office suite for disaster recovery in Edinburgh 

A DYNAMIC IT support firm has created a stunning 18-desk office in a prime city location – in the hope it will never be used.

Staff at Consider IT in Edinburgh have dubbed the sleek workplace a “ghost office” because the stylish desks and chairs are eerily empty and the powerful PCs at each workstation are left on, with no users, for updates and testing.

Despite investing heavily in an office set up which would be the envy of countless small businesses across the city, the team at Consider IT hope it will remain empty – although it can be operational with just a few moments notice.

Now the man who took the decision to create the bizarre, Mary Celeste-style, deserted office suite says it is a gamble that has paid off and has brought in a raft of valuable new business.

Dad of two Stuart Gilbertson, founder and MD of Consider IT said: “It’s our disaster recovery suite and we put loads of thought, care and attention into creating it. We are very proud of the set up.

“This is a vital insurance policy for those clients who are signed up for our disaster recovery service. If something catastrophic happens in their business, they have peace of mind knowing that their team can be back at work within minutes – with access to all of their computer systems, files and phones as if they were working at their own office.

“Of course, like most insurance policies, we hope it is never needed. The longer our Disaster Recovery Suite lies empty, the happier everyone can be. We know how weird it seems to have such an attractive office space lying empty for months on end. But when it is needed, it will be a genuine lifeline.

“The ability to quickly get a team back to work after a fire, flood or similar disaster can be the thing that helps a business to survive. Giving staff a pleasant, temporary work environment after that kind of trauma is also incredibly important.”

The firm has around 70 clients across Edinburgh, Glasgow and London, and since being founded in 2007, it has enjoyed continuous growth and has built up a £1.2m-a-year turnover.

Its fleet of orange and white branded support vehicles have become a familiar sight across the city, with its team of highly qualified technicians working with many of the city’s best-known SMEs, including the Faculty of Advocates, The Federation for Industry Sector Skills and Standards, Nile and Par Equity.

Stuart, 33, a computer networks graduate from Edinburgh Napier University, recently took the bold decision to move the flourishing IT company into a prominent office building in the heart of Leith’s bustling docklands.

Despite the huge cost increases and other risk of moving from modest 1400 sq ft offices into a plush new setting of over 3550 sq ft, Stuart believed the gamble was worth it to underline his firm’s business continuity credentials.

The former Broughton High School pupil added: “It was a massive risk and there were points where I thought we had bitten off more than we could chew. But we needed to make a big, splashy, bold statement to set ourselves apart that reflected the superior service that we offer.

“We’ve made our name as an IT support company, complete IT infrastructures with intricate networks, hosting high end servers and workstations.

“But we are so much more than that and this really helps define us by making it absolutely clear how committed we are to business continuity and being recognised as the gold standard.

“It’s a fantastic space, with some of the best and most sought-after views in Leith. So, the irony isn’t lost us on us that it simply sits empty all the time.

“But we now bring potential clients to see the disaster recovery suite for themselves and often that is the clincher for them. They can see we are serious, that we have got their backs. This simply isn’t a service that our rivals can offer.

“In the past six months alone, we have signed up at least five major clients on the strength of our disaster recovery suite, as well as the other, robust business continuity services we offer, including data backup services and IT managed services.”

Stuart says such disaster recovery services are often associated with giant firms like IBM and thought to be out of reach for smaller businesses. However, Consider IT works predominantly with businesses which have 20-300 staff.

The disaster recover floor also boast a chill out room, a pool table, a state-of-the-art meeting room for up to15 people which also offers advanced presentation and teleconferencing facilities. There is also a kitchen, a bar and even a shower area.

The space has to be carefully maintained and regularly tested. But while it lies empty, Consider IT does offer use of the impressive meeting room to clients. Stuart says many have taken up the chance to use the facility to host important meetings and private negotiations – some of which are international with the board rooms high tech conference set up.

He added: “We also have our own offices on the floor below which are also well-appointed. Our team were delighted when we moved and have been happier and more productive since. All in all the gamble has paid off handsomely.”

With growth, driven by word of mouth recommendations from satisfied clients, Consider IT has become the ‘go to’ IT support company in the city, recognised as a leader in daily support, VOIP provision and cyber security.

The friendly team pride themselves on a reputation for no-nonsense and jargon-free communication which its clients love. While IT support is a serious business, the staff are also a quirky and fun-loving team.

Par Equity has signed up to Consider IT’s Disaster Recovery Suite, not just to cover themselves for the risk of losing access their office as a result of a fire or power cuts, for example, but as part of their continuous improvement programme which focuses on cyber-security, client service and business continuity.

Could your business benefit from disaster recovery in Edinburgh?

Get in touch with us on 0131 510 0110 or [email protected] to find out more about our Disaster Recovery Suite and IT support services.

Picture this: you receive an email from your company chief executive informing you that a previously agreed deal is finalised and you are now required to perform the wire transfer. The email address and the information is credible. Why should you doubt it?

Except it isn’t really your boss. Despite coming directly from their email address, and without any signs of hacking, this is a scam technique mimicked across the world that has resulted in losses of at least $26bn (£21bn) in the last three years.

Although these scams seem rather unavoidable for their convincing style and methods, a massive takedown operation of global cyber-crime networks has begun, which saw the arrests of 281 suspected hackers across 10 different countries earlier this month.

While measures are being put in place to try to take down these cybercrime networks, Consider IT is here to give you some advice on how to spot these scams and on how you can avoid falling victim to them.

Firstly, everyone should be vigilant. Typically, scammers would aim for those at the top of the hierarchy of major companies – such as chief executive officers or chief finance officers – but now, more and more, criminals are reaching out to unsuspecting victims lower down the food chain.

A common tactic that’s employed is the manipulation of human resources departments. In these cases, we see hackers spoofing a victim’s email in order to contact HR to request that their wages be sent to a new bank account.

We’d advise that companies stay on high alert on Monday mornings. Knowing the way offices work, hackers try to rely on a sense of weekend ‘jetlag’, hoping that the backlog of emails that gathered over the weekend out of office will help their dodgy email go unnoticed. Due to the way spam filtering has evolved, many scammers will not bother spoofing the email address, and only change the ‘From’ name so it always worth looking at the actual email address the email has come from.

Similarly, a fake forward or reply has evolved as a new line of attack. Scammers simply start their subject with “Re:” or “Fwd:” to imply previous correspondence to trick victims into believing it’s legitimate. It obviously works, since researchers have found that fraud attempts of this sort have increased by more than 50% year-on-year.

Overall, as email spoofing is, in theory, a very simple technique in scamming, it is hard to suggest that it will be going away anytime soon. So, we at Consider IT would suggest that vigilance and awareness of these sorts of attacks is one of the best tools you can use to fight them.

Consider IT also offers a range of staff training programmes to ensure that your company is in the safest hands. Through our Cyber Essentials and Cyber Essentials Plus schemes, we offer easy solutions to sometimes complex problems. Our human touch puts your people at the heart of your tailor-made security plan that will not skimp on productivity. Our methods are proactive, rather than reactive, to infiltrate a hack before it happens, so you’re not left picking up the pieces when the damage is done.

Protect your data, your network, and your people by talking to our team today.

Come September, onboarding of new Office 365 users will automatically include Teams as the new normal.

The consumer version of Skype is not affected by these changes and there are no public plans to switch off the Skype for Business Server.

Skype for Business Online will be retired on July 31, 2021, and after that date the service will no longer be accessible. Between now and then, current Skype for Business Online customers will experience no change in service, and they’ll be able to continue to add new users as needed. However, starting September 1, 2019, Microsoft will onboard all new Office 365 customers directly to Teams for chat, meetings, and calling.

Since its introduction in 2014, Skype for Business has been a valuable tool for millions of people around the world. By combining instant messaging, calling, and video into a single app, the product established an exciting, new vision for business communications. Microsoft Teams is the next chapter in that vision, and with today’s news Microsoft are not only announcing the retirement of the Skype for Business Online service, we’re also communicating our confidence in Teams.

After more than two years in market, Teams is ready for our most demanding customers – and Microsoft are convinced that you’re going to love it! If you’re a current Skype for Business Online customer, start planning your migration today. We’re committed to helping you every step of the way, and we can’t wait for you to experience the new way to work.

Consider IT is proud to announce that we have been accepted to join the Scottish Business Resilience Centre‘s (SBRC) Trusted Partners scheme.

Trusted Partners is the group of companies working in Scotland who have passed the advanced status of being Cyber Essential Certifying Bodies. This scheme also carries the endorsement of the SBRC’s core partners in Police Scotland.

The scheme was set up as a way to advise and support SMEs in Scotland to reach a basic standard of cyber security. The group have all passed advanced checks into their technical abilities to offer Cyber Essential accreditation and have Certifying Body status.

The Scottish Business Crime Centre was established in 1996 and has evolved since then to reflect the changing needs of business and of their members. They are funded by a range of Private and Public Partners including the Police, Scottish Government, Association of Scottish Clearing Banks, the Drinks Industry, Scottish Fire and Rescue Service, and a wide range of business investors and members across Scotland.