Irrespective of industry, IT system failures can have a devastating effect on small and mid-sized businesses. IT disruption for even a few hours can bring business operations to a standstill resulting in significant financial loses. Crises’ such as server or internet failure, cyber-attack, fire, flood or even a natural disaster could takeout your IT infrastructure and cripple your business. SMEs, therefore, must have a disaster recovery plan in case of such a catastrophe. Not having a plan to fail can put your enterprise at risk of financial loss, brand damage and most importantly risk of losing customers.

Consequences if you Fail to Plan (for failure)

Despite all the awareness and precautionary tales surrounding these events, there are still a large number of SMEs that choose not to develop a disaster recovery plan until it’s too late. Below are a few compelling facts which highlight just how important it is to prioritize a disaster recovery plan.

• Downtime: SMEs on average experience over three downtime incidents each year due to some form of disaster.
• Power cut and connectivity failures:
  • Around 77% of UK businesses (approximately 4 million) experience connectivity failures.
  • Businesses on average suffer 4-5 outages in a year with a six-hour waiting period for the services to be restored.
• Security breach: Last year almost 43% of UK businesses suffered a cyber-attack resulting in variable amounts of downtime.
• Financial and productivity loss: Per a report by Daisy Group, UK SMEs on average experience 45 minutes of downtime each week which is approximately £500 per employee, per year, in lost productivity.
• Data loss: Per a report by IDC, 40% of SMEs in the UK do not have a data backup plan in place and if they do, then around 50% of the data backups are only partially recoverable.
• Enterprises failing to recover: According to a report by Deloitte, almost 90% of businesses without an IT disaster recovery plan will not survive when a major disaster strikes.

Six Things Your IT Disaster Recovery Plan Should Cover

Disasters can strike at any time - cyber-attack, human error, natural disaster, flood or fire, storms etc. When disaster strikes, it is necessary to have a plan to protect your IT systems from its impact. It’s no wonder, therefore, that having a strategically designed and tested IT disaster recovery plan will improve an SME's ability to return to normal business operations as quickly as possible.

When putting a recovery plan together, it is best to work with a Managed Service Provider with experience in IT disaster recovery planning. MSPs offer strategic services to help businesses review their current IT systems, evaluate and redefine processes and then actually implement the new IT disaster recovery plan. Consider the below six things when your business plans to create an IT disaster recovery plan, or are reviewing the one you already have:

1. Threat Modelling & Response of potential disasters: The disaster recovery plan should include a wide spectrum of all possible technological, environmental, political and business incidents, with a response/recovery plan for each scenario.
2. Business operation impact analysis: Business operation impact analysis will simulate the consequences of disruption of a business process and collect information needed to develop disaster recovery strategies. The business operation impact analysis inspects three security objectives: integrity, confidentiality, and availability.
3. Identify business-critical systems and information: Not all information is of equal importance. Identify the most critical systems and data which should be protected at all costs and protect it!
4. Crisis Management: Identify the right management and technical staff (or support providers) to support the business through a crisis. The recovery plan should include a crisis response team to handle the disaster effectively.
5. Regularly updating disaster recovery plans: Update disaster recovery plans whenever internal IT systems are changed or updated. Updating is important as the recovery plan will be successful only if it takes into consideration all the IT systems and applications currently in use – which are forever changing.
6. Test your IT disaster recovery plan: Testing recovery plans is critical – after all, when you need them – they must work first time!  Loopholes, snags, changes and unforeseen technical problems always arise during testing and these must be worked through and corrected before the plan is put into production and disaster strikes. Since IT systems are continually changing and upgrading, testing recovery plans also assist in ensuring the recovery plan is current.

Do you have questions about disaster recovery planning? Contact m3Networks. You'll be connected with a disaster recovery expert who can address your specific challenges and problems.

Did you know that your employee identity or customer details can be illegally sold on the dark web for as little as £7 to £10?

Businesses may or may not have heard the phrase "dark web", and even if they have, it may be difficult to understand what the dark web is and what it can mean to their business. In today’s digital world, online interactions have increased tenfold with digital payment systems, online databases with sensitive information, personal identities and digital corporate information. It has led to an explosion of digital crime with hackers stealing sensitive data and selling them on the dark web.

The three levels of the Internet:

Level 1 – Surface Web: The surface web is accessible by all and is what we all know as the internet. The surface web represents about 4% of the internet. Surface web is also known as the public web which is anything that can be indexed by a search engine like Google, Bing, etc. Online shopping, sharing posts in social media, searching for information, etc. are all part of the surface web.

Level 2 – Deep Web: Deep occupies around 93% of the internet. Internal company sites, intranets, databases, members-only websites are examples of the deep web. These sites are not indexed in search engines, i.e. they won’t show up in searches unless either you are connected to your company’s network or you know the web address and have access to it.

Level 3 – Dark Web: 3% of the internet belongs to the dark web. The Dark Web is intentionally hidden and is inaccessible through regular web browsers. Multiple layers of encryption and security help the dark web in maintaining its anonymity. The dark web is the go-to place for large scale illegal activities and online crimes.

Why should SMEs be Wary about Dark Web?

Criminal activities on the dark web can directly affect your business. For example, your customer data, employee information or other sensitive information can be stolen and sold on the dark web. 

Recently security specialists at m3 Networks recently uncovered alarming results from research investigating more than 600 businesses which are members of Dundee and Angus Chamber of Commerce. Almost 24,000 security breaches with an average of 39 per company were found on the dark web – over 57% of all these businesses appeared on the dark web with breached credentials.

How can SME’s Protect themselves from the Dark Web?

1. Ban employees from using TOR: Don’t allow employees to access the TOR network; they can easily expose your business to malware. TOR is the most common software client used to access the dark web. Provide clear and strict employee guidance on how to cleanly use the internet.
2. Train employees on security protocols: Cybersecurity experts always advise that employee error plays a major role in a successful cyber-attack. The fact that most SMEs are unaware of the dark web is argument enough that additional training on IT security is essential. This will help increase employee awareness about cybersecurity measures and compliance so that they follow your businesses security protocols.
3. Treat passwords carefully: Don’t use the same password for multiple accounts. Creating a strong password is best practice as well as storing these with a reputable password manager such as LastPass or OnePass – but this is not a guarantee. You could have the strongest password but if your business does not protect it in a secure format then it could be stolen. Knowing your password has been breached as soon as possible is critical so you can change it in all the locations it has been used. Or it WILL be used against you.
4. Limit employee access to sensitive information: Many SMEs cannot differentiate between sensitive data and publicly accessible information thereby offering a much larger possible attack surface. Limiting employee access to sensitive data can limit a cybercrime incident. Therefore, it is advisable to restrict access to sensitive data on a need to know basis.
5. Take help from dark web monitoring experts: At m3 Networks, we offer dark web monitoring services to alert when a business has been compromised so that passwords can be changed quickly. We have tools that can trawl more than 600,000 forums and websites on the dark web. 

We also offer a suite of other security services such as security awareness training, penetration testing,  real-time network and security event monitoring, incident response and virtual CISO services, amongst others

Our technical director Mark Lamb recently gave an interview on the dark web to The Courier “Personal details of thousands of workers from Tayside firms being sold on dark web”. Follow the link to learn more about our investigation and what Mark Lamb’s recommendations are for enterprises.

Managed IT support and service providers are an excellent choice for SMEs looking to improve their business efficiency.  IT service providers not only offer affordable IT services but also provide business owners with peace of mind knowing that their IT is in capable hands.

However, not all IT service providers are competent enough to offer your enterprise with industry best practice services. Below are 6 factors to consider when selecting your preferred IT service provider.

“Almost half of businesses in the UK including SMEs (43%) suffered a cyber-attack in the last twelve months.” - Department for Digital, Culture, Media and Sport

Cloud computing has the potential to help SMEs address significant technology challenges. Implementation of cloud services helps SMEs procure the latest technology without massive capital investment, enabling IT infrastructure to progress with market changes. Implementing cloud computing either in a public, private or hybrid cloud scenario will help SMEs save time and money, positively impact operational efficiency, productivity and security. Below are five positive things SMEs should know about cloud computing:

Security – Enterprise grade security at cost effective prices

When considering cloud computing, security may at first be a big concern as SMEs would expect a higher security level when using its own servers. However, the truth is that many SMEs cannot afford or justify the overwhelming cost of enterprise grade security systems when they must purchase them for their onsite infrastructure. With cloud computing, the cloud provider has already made this investment, so you can tap in to as much of this technology as you want whilst paying a relatively modest cost in comparison.

Affordable – Access to high-end software at a manageable monthly cost

Migrating to the cloud provides SMEs with access to technologies which earlier were only available to large corporates with significant cash flow. High-end software like SFA (sales force automation), CRM (customer relationship management) along with the latest hardware is costly making it difficult for SMEs to afford. Most cloud computing services come with the option to lease these software services on a monthly payment basis without any lock-in periods or upfront fees. By moving to the cloud, SMEs can enjoy all the facilities at a fraction of the cost of developing the same technology infrastructure in-house.

Remotely accessibility and Globally distributed

Compared to large enterprises, SMEs are far more agile. Cloud-computing offers the autonomy to access business applications anytime, anywhere and on any smart device. Business owners and executives are often travelling and need to work on the go which makes cloud-computing the best option. For businesses who are geographically dispersed, cloud offer the flexibility of extending the corporate IT infrastructure to regional datacentres which brings a whole host of security, flexibility and contingency benefits.

Scalability – Ability to scale based on business requirement

A combination of competitive business environments and an unpredictable economy makes it critical for SMEs to remain flexible and adaptable, so they can react to market changes. Cloud computing offers SMEs the liberty to scale based on their requirement. SMEs can get the right amount of IT resources like increasing or decreasing compute power, storage and bandwidth based on raw demand – negating the need to overbuy in advance.

Reliability – Protect business from downtime

Cloud resources offer extensive capabilities for protecting SMEs’ from business disruption and loss through Business Continuity and Disaster Recovery (BCDR) systems. Not only can businesses rapidly recover to traditional server outages by spinning up another server, their entire infrastructure can fail over and be running within a datacentre in a completely different part of the world within a matter of minutes. Even better, it can be designed this way from the outset by being globally distributed and protected from these types of eventualities, creating a scenario where your business could conceivably never be down.

Whether you are looking to migrate your email to Office 365, move your file storage and applications to the Cloud or become almost bullet-proof with your business continuity and geographical reach, we can help. We are specialists in Microsoft Azure, Amazon Web Services and Office 365 and can create tailored Cloud infrastructure solutions for your business.

To learn more about cloud computing, get in touch with an expert at m3 Networks.

Organisations across the world are undergoing an extraordinary transformation. A new generation of technology is changing the way businesses maintain security, customises a product, enhances the customer experience, markets their products and more. In time, and possibly in a short period, the entire way UK companies engage with their customers will be different, or rather will be very customised. Driving this change is the rise of new technologies. UK companies which combine this with the right IT budget (which can be tricky at times) can seize this opportunity.

Type of IT Cost

IT budget is a combination of total information costs which include IT spending and salaries of all IT users. Information costs include buying of services from service providers, advertising agencies, consultants, and accountants to support the information workforce.

Why fixing IT costs is important

Effective IT spending plan: IT cost allocation is a complicated process even for large organisations. Budget constraints and limited IT expertise often keep SMEs from making effective IT spending decisions. Better visibility into the type of IT costs can help SMEs come up with a definite IT spending plan based on their business requirements.

Cushion against surprise cost: A better knowledge of hidden hardware and software costs can help enterprises reduce unnecessary costs and reallocate resources to more critical business operations. Before investing in new IT equipment, it is essential to evaluate an enterprise’s spending history and implement best practices that will improve the bottom line.

Balance cost among hardware, software, and services: Fixing IT cost will balance the spending among hardware, software and services. Strong systems management is the key to overall cost reduction, per a report by Gartner. The more budget allocated for direct IT expenses, like operations, training, support and services, the less budget will be wasted on lost productivity and downtime.

Reduce total cost of ownership (TCO): Enterprises when planning for IT cost, should factor in the total cost of ownership (TCO). IT systems need to be upgraded and maintained continuously. Constant costs related to IT security, software updates, labour, repair and tech support are unavoidable. However, simplifying the IT infrastructure and management processes will increase productivity, efficiency and reduce TCO to a great extent.

“For IT, total cost of ownership (TCO) includes hardware and software acquisition, management and support, communications, end-user expenses and the opportunity cost of downtime, training and other productivity losses.” - Gartner

How fixing IT cost can benefit an enterprise

Managing annual IT expenses will help in understanding the actual IT implementation cost and how to avoid costly and ineffective solutions. Estimating IT infrastructure cost over a period of time helps enterprises make better buying decisions when deciding which solution provides the best possible ROI.

SMEs have aggressively followed technology to stay competitive. In the process, they have invested significant resources in building IT infrastructure and services. Managing these IT services is costly and has become a burden for many enterprises, draining essential resources from strategic planning and delivery. As per a report by Gartner, 70% of IT support services for infrastructure services can be managed from a remote location which can reduce labour costs from 10% to 50%, depending on the delivery location resulting in 5% to 30% overall net savings.

In a rapidly changing technology landscape, managed service providers can help enterprises remain agile, control costs, quickly respond to competitive opportunities and align IT with evolving business objectives. Here are the top five benefits of how outsourcing managed IT services can impact a company’s business goals and the bottom line.

Affordability and Fixed Monthly Cost

Outsourcing IT services to a managed service provider is extremely cost-effective. With managed services, enterprises can reduce operational costs, preserve capital budget and lower their IT operating expenses. Per a Capgemini study, 34% of SMEs in the UK find it challenging to invest in IT as the cost is always high, while 30% of SMEs spend less than 3% of their overall funds on cyber security. So, outsourcing IT support and services to a reputed managed service provider is the best option as MSPs offer comprehensive solutions at a very affordable and predictable monthly cost. Also, MSPs mainly operate on a subscription-based model where enterprises pay annual or monthly fees for services, which allows them to foresee if it is viable to remain within the target budget.

Improved Cyber Security

According to Statista, the cost of cyber-attacks on micro/small enterprises amounted to an average of £894 while for medium-sized enterprises it amounted to an average of £8,180 during the last 12 months. Enterprises have sensitive data and information worth stealing and attackers often take over one system as a platform to launch a cyber-attack on another system to cover their tracks. Per a report by Department for Digital, Culture, Media and Sport, almost half of UK businesses including SMEs (43%) suffered a cyber-attack in 2017-18. Managed service providers (MSP) use remote network monitoring and clean backup protocols to prevent an attack and shorten the recovery time. Reputed MSPs provide cyber security services to help reduce and mitigate various forms of cyber threats by continuously monitoring dark web, offering end-user security awareness training, penetration testing and SIEM, among others.

Access to trained, qualified and certified experts

A painful fact for many small and mid-sized enterprises is the shortage of skilled IT professionals. The UK alone is estimated to have a shortfall of around 100,00 experienced IT security experts by 2022. When recruiting for an in-house IT role, they likely cannot differentiate a good applicant from a bad one and when in the post, it is challenging to assess their productivity due to the complex nature of IT services. But, with a managed service provider, even small enterprises can access highly qualified IT personnel without doing the tedious work of recruiting them. MSPs usually possess deep expertise in the field of IT, therefore giving enterprises the best services.

Disaster Recovery

When everything goes wrong, enterprises need confidence that data is backed up safely and securely.  Disasters may strike in different forms, but whatever event takes a customer’s site down, managed service providers are well-placed to help prepare for emergencies. Whether it’s a physical disaster such as a storm, fire or flood, or a deliberate one, like a ransomware attack, MSP plan carefully to help clients come out shining on the other side.

Per a report by Daisy Group, on average UK's SMEs experience 45 minutes of downtime each week which is approximately £500 per employee, per year, in lost productivity. Also, according to a study by IDC, 40% of small and mid-sized enterprises in the UK do not have a data backup infrastructure in place and if they do then around 50% of the backups are only partially recoverable.

Part of the reason to outsource services to a managed service provider is to prepare for those costly downtimes. An off-site managed service provider can provide remote backup and offer both local and cloud-based backup solutions to support business-critical operations during a disaster.

Access to latest state-of-the-art technology

Reputed Managed Service Providers (MSPs) use the latest technologies and equipment to deliver services. IT services are updated regularly with no additional cost to enterprises. MSPs bring the advantage of quickly implementing new technology into client’s businesses thus eliminating the risk of obsolete IT infrastructure.

“1 in 6 UK small and mid-sized enterprises fell victim to a cyber attack in the last 12-month duration. Of the enterprises affected, more than one-fifth stated that it cost the company more than £10,000, and 1 in 10 mentioned that it cost more than £50,000.” - Zurich SME Risk Index

The Cyber Essentials scheme is backed by the government to help companies protect themselves against cyber threats. Cyber Essentials helps organisations guard against the most common cyber threats by implementing cyber security best practices. Following are five clear benefits of Cyber Essentials.

Protection against cyber threats

According to a report by NIG, almost 80% of data breaches can be prevented by implementing Cyber Essentials which are simple security practices. Daily, hackers are trying to steal data, money or cause severe disruption to SMEs and mid-market companies. Following the Cyber Essentials scheme is the best way for businesses to approach cyber threats. The Cyber Essentials scheme includes highly effective precautions such as using stronger passwords, updating software regularly, limiting access to sensitive information, background checks of employees, among others.

Improves existing and potential customers’ trust

Per a report by KPMG, almost 60% of UK consumers would be willing to stop doing business with a breached enterprise. Enterprises rigorously following the Cyber Essentials scheme have a competitive advantage in comparison to competitors without accreditation. Cyber Essentials certified enterprises show its commitment to security, demonstrating to customers, investors, suppliers, and regulators that it takes cyber security very seriously. Cyber Essentials accreditation becomes even more critical for enterprises using and storing personal data like medical records, financial information and other sensitive data to build trust.

Cyber Essentials an essential step towards preparation for GDPR

GDPR is the new data privacy regulation which aims to give protection and control to the EU populace over personal data. Typically, the law will affect how businesses can collect and use personal data. By so doing, companies will be required to be more transparent when it comes to collecting and utilising data from customers. Cyber Essentials is a significant first step in preparation for GDPR as violators will have to pay a potential fine of up to €20 million or up to 4% of a company’s annual turnover.

Improves business efficiency

Without a coherent and consistent plan, a great extent of time, money and resources are spent on patching IT infrastructure and security as and when they arise. There is an inevitable loss in staff time during the restoration of services, particularly for IT staff. Implementing Cyber Security Essentials will allow both technical and non-technical staff to remain as productive and efficient as possible by focusing on core business without the need to fix bits and pieces of the company’s IT infrastructure.

Better chance of winning government contracts

The government is using the Cyber Essentials scheme as a step towards reducing the levels of cyber security risk in its supply chain. Since October 2014, the UK Government requires all enterprises bidding for contracts which require handling of sensitive and personal data or the provision of technical products and services to be Cyber Essentials certified.