Category Archives for "Security"

Why You Should Plan to Fail… by Building an IT Disaster Recovery Plan

Irrespective of industry, IT system failures can have a devastating effect on small and mid-sized businesses. IT disruption for even a few hours can bring business operations to a standstill resulting in significant financial loses. Crises’ such as server or internet failure, cyber-attack, fire, flood or even a natural disaster could takeout your IT infrastructure and cripple your business. SMEs, therefore, must have a disaster recovery plan in case of such a catastrophe. Not having a plan to fail can put your enterprise at risk of financial loss, brand damage and most importantly risk of losing customers.

Consequences if you Fail to Plan (for failure)

Despite all the awareness and precautionary tales surrounding these events, there are still a large number of SMEs that choose not to develop a disaster recovery plan until it’s too late. Below are a few compelling facts which highlight just how important it is to prioritize a disaster recovery plan.

  • Downtime: SMEs on average experience over three downtime incidents each year due to some form of disaster.
  • Power cut and connectivity failures:
    • Around 77% of UK businesses (approximately 4 million) experience connectivity failures.
    • Businesses on average suffer 4-5 outages in a year with a six-hour waiting period for the services to be restored.
  • Security breach: Last year almost 43% of UK businesses suffered a cyber-attack resulting in variable amounts of downtime.
  • Financial and productivity loss: Per a report by Daisy Group, UK SMEs on average experience 45 minutes of downtime each week which is approximately £500 per employee, per year, in lost productivity.
  • Data loss: Per a report by IDC, 40% of SMEs in the UK do not have a data backup plan in place and if they do, then around 50% of the data backups are only partially recoverable.
  • Enterprises failing to recover: According to a report by Deloitte, almost 90% of businesses without an IT disaster recovery plan will not survive when a major disaster strikes.

Six Things Your IT Disaster Recovery Plan Should Cover

Disasters can strike at any time - cyber-attack, human error, natural disaster, flood or fire, storms etc. When disaster strikes, it is necessary to have a plan to protect your IT systems from its impact. It’s no wonder, therefore, that having a strategically designed and tested IT disaster recovery plan will improve an SME's ability to return to normal business operations as quickly as possible.

When putting a recovery plan together, it is best to work with a Managed Service Provider with experience in IT disaster recovery planning. MSPs offer strategic services to help businesses review their current IT systems, evaluate and redefine processes and then actually implement the new IT disaster recovery plan. Consider the below six things when your business plans to create an IT disaster recovery plan, or are reviewing the one you already have:

  1. Threat Modelling & Response of potential disasters: The disaster recovery plan should include a wide spectrum of all possible technological, environmental, political and business incidents, with a response/recovery plan for each scenario.
  2. Business operation impact analysis: Business operation impact analysis will simulate the consequences of disruption of a business process and collect information needed to develop disaster recovery strategies. The business operation impact analysis inspects three security objectives: integrity, confidentiality, and availability.
  3. Identify business-critical systems and information: Not all information is of equal importance. Identify the most critical systems and data which should be protected at all costs and protect it!
  4. Crisis Management: Identify the right management and technical staff (or support providers) to support the business through a crisis. The recovery plan should include a crisis response team to handle the disaster effectively.
  5. Regularly updating disaster recovery plans: Update disaster recovery plans whenever internal IT systems are changed or updated. Updating is important as the recovery plan will be successful only if it takes into consideration all the IT systems and applications currently in use – which are forever changing.
  6. Test your IT disaster recovery plan: Testing recovery plans is critical – after all, when you need them – they must work first time!  Loopholes, snags, changes and unforeseen technical problems always arise during testing and these must be worked through and corrected before the plan is put into production and disaster strikes. Since IT systems are continually changing and upgrading, testing recovery plans also assist in ensuring the recovery plan is current.

Do you have questions about disaster recovery planning? Contact m3Networks. You'll be connected with a disaster recovery expert who can address your specific challenges and problems.

Advantages of Outsourcing your Cyber Security Services

“Almost half of businesses in the UK including SMEs (43%) suffered a cyber-attack in the last twelve months.” - Department for Digital, Culture, Media and Sport

Reasons for outsourcing cyber security services

Current Scenario

Advantages of Managed Service Provider (MSP)

Breadth of cyber security knowledge

In the UK:

- 43% of micro firms,

- 41% of small firms,

- 39% of mid-sized firms

don’t know the reasons which lead to a cyber-attack.

- Lack of proper knowledge on the contributing factors and sources for most of the disruptive breaches makes SMEs vulnerable to cyber-attacks. 

- As such its best to outsource cyber security to a Managed Security Service Provider (MSSP). Experience and knowledge of managed cyber security service providers will reduce the chances of a cyber-attack considerably.

- Also, a managed security service provider will be able to educate employees through cyber security awareness training programs and monitor your organisations exposure on the dark web, amongst other things

Fixed monthly or yearly cost

- 34% of SMEs in the UK find it challenging to invest in IT security as the cost has historically been high

- 30% of SMEs spend less than 3% of their overall budget on cyber security.

- Managed Security Service Providers (MSSP) offer cyber security services at a very affordable and fixed cost.

- Majority of MSSPs offer their services to SMEs on a monthly subscription fee, but some may charge it annually.

- The fixed cost helps SMEs to plan their cyber security investment efficiently.

24/7 peace of mind

On average it takes around 3 days to neutralise the effect of a cyber-attack, leading to lost staff time and deviation of focus from the core business.

- Managed security service providers will perform around-the-clock monitoring.

- Continuous monitoring is an essential aspect of security as an enterprise can come under a cyber-attack at any time of the day.

- With 24/7 monitoring and security support, SMEs can enjoy peace of mind to focus on their core business operations and revenue generating activities

Availability of cyber security professionals

According to industry experts, there will be a shortfall of 100,000 cyber security professionals in the UK by 2022.

- Outsourcing cyber security is the best option for businesses these days, and it is especially crucial for SMEs that have limited budget or employees. 

- SMEs often have trouble attracting and retaining top security professionals.

- Some do not have the time or resource to deal with routine maintenance, which will ultimately lead to an inefficient security system.

Better Security Management

The cost of cyber attacks

- for small enterprises amounted to around £894

- while for medium-sized enterprises it was around £8,180

- Managed security service providers (MSSP) use a suite of detection and prevention tools and robust backup protocols to try and prevent cyber-attacks and shorten recovery time.

- Outsourcing cyber security services to MSSPs will reduce and mitigate cyber threats.

- MSSPs maintain cutting-edge security technologies to provide endpoint protection, web and dark web monitoring, security awareness training, penetration testing, vulnerability scans, firewall management and much more.

5 ways Cyber Essentials can Improve your Business

“1 in 6 UK small and mid-sized enterprises fell victim to a cyber attack in the last 12-month duration. Of the enterprises affected, more than one-fifth stated that it cost the company more than £10,000, and 1 in 10 mentioned that it cost more than £50,000.” - Zurich SME Risk Index

The Cyber Essentials scheme is backed by the government to help companies protect themselves against cyber threats. Cyber Essentials helps organisations guard against the most common cyber threats by implementing cyber security best practices. Following are five clear benefits of Cyber Essentials.

Protection against cyber threats

According to a report by NIG, almost 80% of data breaches can be prevented by implementing Cyber Essentials which are simple security practices. Daily, hackers are trying to steal data, money or cause severe disruption to SMEs and mid-market companies. Following the Cyber Essentials scheme is the best way for businesses to approach cyber threats. The Cyber Essentials scheme includes highly effective precautions such as using stronger passwords, updating software regularly, limiting access to sensitive information, background checks of employees, among others.

Improves existing and potential customers’ trust

Per a report by KPMG, almost 60% of UK consumers would be willing to stop doing business with a breached enterprise. Enterprises rigorously following the Cyber Essentials scheme have a competitive advantage in comparison to competitors without accreditation. Cyber Essentials certified enterprises show its commitment to security, demonstrating to customers, investors, suppliers, and regulators that it takes cyber security very seriously. Cyber Essentials accreditation becomes even more critical for enterprises using and storing personal data like medical records, financial information and other sensitive data to build trust.

Cyber Essentials an essential step towards preparation for GDPR

GDPR is the new data privacy regulation which aims to give protection and control to the EU populace over personal data. Typically, the law will affect how businesses can collect and use personal data. By so doing, companies will be required to be more transparent when it comes to collecting and utilising data from customers. Cyber Essentials is a significant first step in preparation for GDPR as violators will have to pay a potential fine of up to €20 million or up to 4% of a company’s annual turnover.

Improves business efficiency

Without a coherent and consistent plan, a great extent of time, money and resources are spent on patching IT infrastructure and security as and when they arise. There is an inevitable loss in staff time during the restoration of services, particularly for IT staff. Implementing Cyber Security Essentials will allow both technical and non-technical staff to remain as productive and efficient as possible by focusing on core business without the need to fix bits and pieces of the company’s IT infrastructure.

Better chance of winning government contracts

The government is using the Cyber Essentials scheme as a step towards reducing the levels of cyber security risk in its supply chain. Since October 2014, the UK Government requires all enterprises bidding for contracts which require handling of sensitive and personal data or the provision of technical products and services to be Cyber Essentials certified.

World Backup Day 2018

World Backup Day is an event on the technology calendar setup to raise awareness and to remind us all about the importance of backing up our data. Everyone of us knows why we need to backup. The reality is that many businesses do not have a reliable backup system in place that is sufficient to be able to recover their data in a disaster.

What would you do if you lost everything?

Continue reading

5 Steps to Email Compliance

Your email is NOT secure.

For most businesses, email is a vital method of communication. Many organisations rely on email to send confidential information within and outside the business. The widespread use of email for confidential information makes it highly vulnerable to exploitation. In fact, email accounts for 35% of all data loss incidents, a recent study found. So with huge potential to cause harm to your business, there is a need to secure, control and track email messages and attachments wherever you send them.

Continue reading

Why you should change your passwords right now

Think your password is strong enough?

We’ve all been guilty of using weak passwords. But doing so makes you vulnerable to having your online accounts hacked. We all know we should use stronger passwords, so why don’t we?

Well, humans are creatures of habit. We like to repeat; it makes things easier to remember. We also find it difficult to remember complex patterns, so we use passwords that are easy to memorise, such as your house name, or date of birth.

Continue reading