Cyber Security Risks You Need to Focus on in 2020

When you run a business nowadays it can seem you are continually battling the potential of malware threats and cyber attacks. It’s no longer enough to have standard virus software on your desktop – anyone with a digital presence needs to have a much more strategic approach to their company security.

That’s even more important now as, according to recent reports, the biggest challenges are yet to come. With cyberattacks becoming increasingly sophisticated, business of all sizes need to make sure they have the measures in place that protect them and strategies to facilitate recovery in the event of a breach.

Here we take a closer look at what you need to be thinking about when it comes to cyber security risks as we head into the next decade.

Ransomware remains a potent threat to businesses

Ransomware is a type of malware that stops your computer from working and issues a demand for money in order to free it up again. It’s normally delivered via a link in an email the user unwittingly clicks on and which then initiates the download of the malware.

According to the statistics, around 40% of businesses have been subject to some form of ransomware attack with more than 58% of these paying up to avoid damage to their operation and reputation. Only 4% of businesses that were asked in a recent survey were confident of dealing with a ransomware attack if it happened.

Our tip: Educate and train your staff about ransomware and how to recognise it, keep software up to date, and have a backup system or recovery process in place in the event of an attack.

Phishing set to become even more sophisticated

Phishing remains the easiest way for criminal actors to get access to our data. These are emails that purport to be from genuine sources that you may recognise, but attempt to coerce you into giving away vital information – such as your login credentials. While they are the most popular way of gaining access to privileged information, they can also be used to deliver ransomware, or hack systems.

Our tip: Always check who is really sending you an email before you click on any link. When in doubt, do not click.

Third-party IT that puts your business at risk

The biggest problem with today’s digital environment is that we’re all so well connected online. While this is great for better communication and productivity, it also presents problems when it comes to cyber security risks. Vendors may have information concerning your company and your customers or clients that can be at risk if they don’t have the right security measures in place. If they get attacked there could be a knock-on effect for your business.

Our tip: Be careful who you do business with and what information you share with vendors and third party suppliers. You need a process in place for handling liability and protecting sensitive data and ensuring that partners have a high level of cyber security in place.

The cyber security risks of cloud

There’s no doubt that using cloud-based services has added to the productivity and success of many businesses around the world. There are plenty of strengths here – you don’t have to worry about how to work remotely, your systems get updated without you having to do anything and you can tailor your IT provision to your needs.

But there are also cyber security risks that you need to understand here. Choose the wrong partner and you can find your company data at risk and your business subject to reputational damage.

Our tip: Make sure you partner with a reputable cloud service provider who has a good track record and protects your business while still being responsive to your needs.

The Hidden Threat of the Internet of Things

Almost everything with a digital footprint is beginning to get connected to everything else. Most of us own at least one smart device, whether that’s a mobile phone, smart TV or voice command box such as Alexa. Our heating can be connected up to our smartphone, we can even monitor home appliances while we’re on holiday, change the lighting remotely in the office or perform a host of other tasks.

The trouble is that the Internet of Things is designed for convenience rather than security. Many businesses that produce systems with an internet connection have found underlying flaws that may mean they are vulnerable to cyberattack.

Our tip: This is one to keep a close eye on, especially if you use a lot of smart technology in your office. Understand what you have and how it connects together and make sure you use strong passwords for the devices you own.

Expect to spend more on cyber security

While some business owners may baulk at the thought of paying more if you’re not properly protected it can have devastating consequences for if you are the victim of a cyber attack. It pays to make sure you have the right strategy in place and work with an IT service provider that delivers on your cyber security requirements.

According to research by the Department for Digital, Culture, Media and Sport:

  • The average cost to a UK business of a data breach is £4,180 (not including reputational damage).
  • Nearly 50% of businesses have identified a breach in the last year.
  • Only 31% of businesses have done a cyber security risk assessment in the last year.

Businesses need to be more focused on what cyber security measures they have in place. Yes, that may well lead to a bigger spend. This is especially true as attacks become increasingly sophisticated. But it’s worth it in the long run.

Our tip: Work closely with your IT service provider to ensure that you have the right measures in place but also formulate a cyber security budget and ensure this is invested in protecting your critical assets.

Data compliance means having a robust security strategy in place

Finally, with the introduction of the General Data Protection Regulation (GDPR), even more onus has been put on businesses to include operational measures that keep the personal data of their customers safe. While a breach will damage your reputation, it also puts you at risk of a substantial fine if you are on the wrong side of the current rules.

According to recent reports, many companies are still not compliant and are putting themselves at risk.

Our tip: Get together with your IT service provider to make sure that your company meets the current regulations and has the processes and strategic support in place to deal with a data breach or cyber attack.

If you are looking for an IT partner who can deliver on all your needs, contact the team at Cyan today.

What to Include in Your IT Strategy in 2020

It can be easy to focus almost exclusively on your business sales and how many customers you need to find over the next 12 to 18 months. One area that needs just as much attention is your IT strategy, in particular how it aligns and supports your business goals.

For a start, too many companies, especially small to medium size businesses, look at their IT support as a static part of their operation.

In fact, any IT strategy needs regular review and must move with the times and challenges to remain relevant. It’s not just about what cyber security measures you have in place either, but the whole integration and functioning of your digital infrastructure.

An effective IT strategy will deliver a number of different benefits:

  • Enhance the overall security posture for your business online.
  • Improve ROI and boosting sales.
  • Embrace new technologies to improve business processes.
  • Spend less time worrying about your IT and more time growing your business.

Undertake an IT & business goal audit

Before you can put together a realistic IT strategy, you need to understand where your business currently sits. A needs assessment or audit is designed to highlight the areas where you may have shortcomings or might want to update or evolve your systems. It can also show where your IT is working well.

This can be a lengthy process depending on the size of your company but will give you a firm basis from which to develop future plans.

What you need at the same time, however, is to align your future IT strategy with your business goals. The more you understand the synergy between your business goals and your future IT strategy, the better equipped you will be to grow and succeed for the future.

Your IT audit should cover a number of areas:

  • What is the purpose of your IT strategy? How long does it cover and who are the important stakeholders involved in its implementation?
  • Look at what current technology you use, assess its life expectancy and create a clear inventory.
  • Look at what technical solutions you ideally need in place to support your business goals over the next few years. For example, if your aim is to reduce office costs and include more remote workers, you may want to look at file sharing and collaboration cloud-based software for your business.
  • You will need to allocate a realistic budget for the existing provision and any changes you need to make to provide your IT support.
  • There are going to be limitations on what you can do depending on that budget and you should also understand how to work within these.
  • If you are introducing new IT systems, one key factor is going to be how you implement them – What disruption is there going to be? How long is it going to take? What training do staff need?
  • It’s important to build a framework where everything comes together including timelines for implementation and how you measure success. The better your metrics are here, the more efficiently you should be able to implement any changes or improvements to existing IT infrastructure.

Cyber security considerations

One area you will certainly need to be focused on in 2020 is cyber security. There’s no doubt the challenges are increasing in this area and keeping up to date is vitally important. Smaller businesses tend to assume they are less at risk from cyber security attacks than large corporations. Nothing could be further from the truth – SMEs are seen as a prime target because they are often less protected.

You need to include a review of your current cyber security measures in your IT strategy and look at how these can be strengthened. With advances in cloud services and AI you also need a service that is flexible and easily updated.

  • How do you defend your systems from cyber security risks?
  • What systems do you currently have in place and are these fit for purpose?
  • What processes do you have in place for training staff on potential cyber security threats?
  • How do you deal with third party suppliers and the security threat they may pose?

At the very least, your IT strategy needs to include a comprehensive examination of cyber security risks and how you intend to deal with them in 2020. That’s even more important in light of the new General Data Protection Regulation and legal requirements all businesses have to meet.

Opting for on-demand services

Things have changed when it comes to IT and many businesses nowadays opt for third party on-demand solutions. These can include everything from cyber security to cloud computing and digital storage.

What this brings is the ability to tailor your provision and budget better in running your business. Most services are eminently scalable so if you suddenly see a surge in growth you will have systems in place that can react efficiently and appropriately.

If you are searching for flexibility, scalability and efficiency in your IT strategy, switching to a subscription-based solution is going to make a huge difference.

Automation and AI can make life easier

It’s the general point of IT to make it easier for a business to operate. Putting aside the cyber security support you might hope to achieve, your infrastructure needs to take advantage of the various digital transformations that are taking place at the moment.

Key to this is the growing inclusion of automation and AI in digital processes. This is particularly important for smaller businesses that want to compete with bigger companies but lack the resources to do so. AI can help, for example, with delivering a great customer service experience. Automation can mean your business doesn’t have to rely on staff to do often menial but important tasks and can even replace roles completely.

Your IT strategy for 2020 should be exploring all potential avenues and matching them to your current business goals. Put the right processes in place and they should help to move your business forward faster than you think.

Working with a great IT support service

An IT strategy can be complex and demanding to put together. That’s why it’s important to work with an IT service provider that understands business and can help you implement the core changes that are going to make a significant difference to your performance over the next 12 months.

At Cyan, we have a track record of helping businesses of all sizes match their goals for growth with their IT strategy. Contact us today to find out more.

10 Questions to Ask About Your IT Service Provider in 2020

Whether you’re a small business or a large one, how you spend your budget with the help of your IT service provider is important.

Not only do you want value for money, you also need to cover the bases when it comes to security as well general and specialist IT support, including cloud services.

Ideally, you want an IT service provider that is looking ahead with you and has a plan for your business as you move towards 2020.

Here are 10 important questions to ask your current provider:

1. Can your IT service provider meet your 2020 business needs?

IT budgeting of any kind doesn’t work unless you have a road map ahead; a plan of what you want to achieve and how you’re going to get there.

While your business might have a clear idea of what it wants to do in 2020, it also needs to do this against a backdrop of IT that can deliver against business objectives, and strong cyber security. You’re IT service provider should have an implicit understanding of your business goals and have in place a strategy that tailors with your needs.

2. Is some of your technology holding your business back?

Most businesses that have adequate technology in place will tend to hang onto it until the last possible moment. That’s largely because they have invested significant time in training their staff and spent money to implement the system in the first place.

There comes a moment, however, when that legacy system is going to start holding your business back and may even contribute to a failure to reach future goals. Your IT service provider should have a clear understanding of what function your systems perform and be able to offer solutions should you need to change or upgrade.

3. What tech will your business need to replace or upgrade as you head into 2020?

This is a key IT budgeting theme for businesses that are looking to grow. They must look at the cost of moving to a new system as well as the impact of any delay in delivering their services while it beds in and the time and effort involved in training staff.

It means being sure you are making changes that are needed and will be profitable rather than jumping onto the latest tech trend or investing in systems purely to solve an operational pain without fully understanding the wider business impact.

4. What new technology is on the horizon and will it benefit your business?

There’s no doubt that the rate of development in IT services has grown considerably over the last few years. Picking the right one for your business is a major challenge.

These systems will need to be integrated to work across all areas of your business and that will take time and planning. Your IT service provider should have a handle on all the options available, what it takes to implement each and the impact on your business.

5. What is the cost of migrating to the cloud for your business?

One of the biggest changes in recent years is the availability and power of cloud services. These have offered digital transformation on a grand scale for many businesses – employees can work on the move, collaborate remotely and have instant access to updates. In addition, sales teams can get hold of vital data on their laptops or smartphones, working from home with access to the right tools is not only viable but desirable as overall productivity will improve.

But swapping to the cloud and migrating all your services takes time and money to achieve. Your IT service provider should be able to recommend a range of options to ensure the best fit for your needs at a cost you can afford.

6. Are your disaster recovery solutions fit for purpose?

No business likes to think that their systems will crash, or data might be lost. In our highly technological world, however, it remains a real risk. The disaster recovery solutions that your IT service provider has in place may not be required right now but they are an imperative part of your business you cannot afford to ignore.

You need to be confident, however, that your IT company has all the right processes in place and can get your business back up and running quickly if something happens. Your business continuity plan should be tested regularly and your IT service provider should evidence this.

7. What cyber security risks will businesses face in 2020?

That brings us to one of the incontrovertible challenges of our digital age. Any business that operates online faces numerous cyber security risks. It’s important your IT service provider has a solid finger on the pulse of cyber security and understands the threats businesses face as we go into the next decade.

One common risk is ransomware, malware that can take over your IT system and then be used to extort money from your business. Your IT service provider should be able to work with you to make sure that you have the best cyber security policies, procedures and software in place.

8. Do you have access to a cyber security expert who can tailor solutions for your business?

Cyber security for businesses is not a one size fits all solution and many different sectors have their own particular challenges. Your IT service provider needs to have the expertise on board that can deliver real solutions that protect your business. If they do not, your systems and data may be at risk.

9. Where does your IT service provider source its top talent?

There is currently a tech talent shortage and finding the top performers that will support your business is challenging. It’s important to look at how your IT service provider sources its employees, what training they provide and what sort of staff turnover they have.

One way to do this is to explore their culture and how they treat their staff. It’s a general rule that when employees feel valued and are paid appropriately, have a decent work-life balance and opportunity to progress, they are more likely to stick around than go work for someone else. Ultimately you need confidence in the team supporting your IT, and if members of that team change frequently, this will have a detrimental impact on support.

10. What other technology will help drive your business forward in 2020?

Technology takes many forms and your business will need to integrate many types into your growth model as time progresses. It could be something as simple as:

  • Moving to new, high tech premises if you are a software company.
  • Implementing a brand new sales app that employees can use on the move if you have a large sales force that is out on the road.
  • Bringing third-party suppliers in from outside and working with their technology and processes.

Your IT service provider should fully understand your current provision and objectives before they can suggest ways to help improve business processes or develop and integrate robust solutions when you need to adapt.

All these factors should help you determine how you will spend your IT budget in 2020 and what your priorities are going to be. Your IT service provider should be able to work with you to produce a road map and help you implement the changes that may be needed to achieve your goals. It’s important to ask the right questions though.

If you’re not 100% confident you’re partnered with the right IT service provider to take you in to 2020, it’s not too late to change. Contact the team at Cyan Solutions today for an informal chat about your needs.

What Does Digital Transformation Mean for Your Business in 2020?

There’s no doubt that the world of business has changed dramatically over the last twenty years. Our reliance on the digital platforms from websites and apps to pay per click advertising and social media, means that marketing to the general public is now a much more complicated affair.

Businesses have ready access to cloud IT, productivity software and a range of communication tools that, just a few years ago, would have been inconceivable to many.

What is digital transformation?

When a new digital technology comes along, you have the choice of ignoring it or using it to improve your company processes. Digital transformation generally causes some form of disruption.

Cloud services, for example, have reduced the burden of having in-house IT infrastructure. It’s given on-the-move access to important software and communication tools – staff can work remotely and have everything they need because their smart device holds the latest tools.

The disruption this form of digital transformation creates can be seen in the way many businesses are now confident employing remote/home workers to save on traditional office costs.

What does digital transformation mean for your business?

The challenge and potential of digital transformation is not so much about new software and upcoming innovations, however. It’s how your business incorporates them into its procedure, how it chooses the right tools at the right moment and how it ensures that this is all fit for purpose at both a strategic and implementation level.

Get it right and digital transformation has a number of distinct advantages:

  1. Staying Competitive
    The vast majority of businesses do not exist in a vacuum. A new technology that comes to market and makes processes more efficient may be taken up by your nearest competitor giving them a big advantage. If they are using AI to keep customers informed and happy, for example, and you are not, they’re stealing a march because their reputation is being enhanced.
  2. Becoming more productive
    One of the key reasons for undergoing a digital transformation is to make your business more productive. There is no advantage in reinventing the wheel but if that wheel is longer-lasting, improves fuel efficiency, and comfort, then it’s worth focusing on.Software like Office 365, online file-sharing and collaboration apps, and bespoke CRM’s are all examples that highlight how digital transformation has streamlined work processes and allowed businesses of all types, including start-ups, to become highly efficient and competitive in the market place.In many businesses nowadays, for example, the workforce is not contained within one office but spread throughout an area, with employees operating remotely – saving on hardware and staffing costs.
  3. Increased revenue
    At the root of all digital transformation is increased revenue for the company concerned. Whether that’s from making processes efficient and reducing staffing costs or through improving marketing communications with customers to boost sales, the single biggest factor in making a change is that all-important bottom line.
  4. Better customer relations
    Developments in AI in recent times have allowed businesses to reach out and communicate with existing and potential customers in new and innovative way. This is one area that will continue in the next few years. Another digital transformation is the variety of ways in which those customers can pay for products or services.

Staying on top of digital transformation in 2020

The challenge that all businesses have had is when and how to implement any relevant digital transformations. In 2020, this is set to remain a hugely important factor and one which will become increasingly difficult as technology evolves. Working closely with your IT service provider is going to be imperative and choosing the right moment to expand and implement will be vital.

Here are just a few of the ways digital transformation is going to have an impact in 2020:

  • The potential of 5G
    5G is finally rolling out and will take us to the next level when it comes to connectivity. Users will see faster download speeds, up to 20 times 4G. This is likely to revolutionise remote working and make it increasingly important for businesses that are trying to keep down their operational costs.5G will also feed into areas such as AI and the Internet of Things but the full impact may not be seen in business for a few more years. What you should see, however, is an increasing number of options, so keeping up with the latest tech developments is going to be vital.
  • AI and customer service
    Chatbots have had mixed reviews over the past few years and not everyone is keen on them. Businesses have found, however, that a reliable AI help service will deliver answers on the most asked questions for customers and can be a powerful time-saving tool.According to Gartner, nearly half of businesses will start to invest more in AI to streamline processes and provide a better service to customers in 2020. The good news is that those customers are also on board – we’re more focused on getting the answer we want than worrying whether we’re talking to a bot or not.
  • Analytics and staying competitive
    Analysing how your business is performing is key to success nowadays, especially online. One area where digital transformation has improved things over the last decade or so is with the various analytics packages available that provide telling insights into content performance and customer behaviour.We are now in the age of big data and the information that this provides can be seriously transformational if your business is able to leverage it effectively.
  • Security, privacy and transparency – your customers want it all!
    With the implementation of GDPR, there is a lot more pressure on businesses to ensure they have the right security measures in place. Cyber attacks are on the increase and customers expect the companies they do business with on a daily basis to protect their data.But customers also want your business to be open and transparent about what you do with that data. The challenges facing even small businesses nowadays means that a comprehensive cyber security and data protection policy is not simply something on a wishlist but an urgent necessity and one that is legally required.

Putting digital transformation at the heart of your business

Digital transformations are exciting and full of potential. But how do you know if the next innovation is right for your business? Is it best to implement something straight away and steal a march on your competitors or wait and see what the impact and advantages are?

It’s not easy for businesses to forge ahead with changes of this kind. Digital transformation generally needs money and time to implement, staff have to be trained, the effectiveness measured and changes made to adapt conditions to the needs of the business.

From IT transformation consultancy to robust cyber security, Cyan Solutions have the team in place who can provide a tailored approach to your next digital transformation challenge. Contact us today to find out more.

Virtual CIO Services

What is a Virtual CIO?

A Chief Information Officer (CIO) is the most senior technology executive inside an organisation. The role of the CIO is to oversee IT strategy and align the people, processes and technologies that support business objectives and goals. From information security to customer experience, the CIO will look to mitigate risks and drive business growth.

This is a leadership role, so the CIO is someone who focuses on vision and insight rather than someone you’ll find in the server room. Although they possess expert technical knowledge, it’s not uncommon for CIOs to have more of a business background, and this is essential when aligning strategy to operational needs.

The CIO is seen as the ships navigator, carefully planning the route ahead and steering the business safely through the seas of internal and external technology change. They will work closely with other C-level executives, senior managers and business departments to establish buy-in and drive that change.

Today especially, CIOs will have a focus on digital transformation and what that means for an organisation – both now and in the future.

The Virtual CIO (vCIO)

As the CIO has many business-critical responsibilities, the risks are consequently vast. They are often tasked with heading up crucial IT projects that are essential to the strategic and operational objectives of an organization. Failure can result in serious detrimental impact to business – and can even damage reputation. It’s therefore crucial the person responsible for making these key decisions has the relevant skills, knowledge and experience. This, however, comes at a price.

The average salary for a CIO is circa £96k per year (source: payscale.com July 2018). This is beyond the budget of most small and medium sized businesses. The result is that key IT strategic decisions are shared across senior management teams and often become the responsibility of staff who do not possess the relevant skills, or experience, to oversee these decisions. This, in turn, forces companies into making short-term tactical IT choices based on a specific pain or need, without considering the long-term impact to business.

Introducing the Cyan Virtual CIO (vCIO) service

The Cyan vCIO service will help you to make impactful, important technical decisions, overcome the challenges and pitfalls, and design a roadmap for the future. You will know what your business needs to take it to the next level, we will build and execute the plan to ensure the technology supports this growth. All within a comprehensive service, tailored and priced to your needs and budget.
Popular areas in which our vCIO service can take responsibility include:
  • Data security and privacy, cyber protection, business continuity and risk management
  • Regulatory control and management of any governance environment (eg GDPR)
  • Business-critical system integration and/or development – such as finance systems, CRM, ERP, Web Applications
  • Defining the useful life expectancy of your existing technology
  • Formulating IT budget to ensure that your technology meets all your company’s needs, even as it evolves
  • Aligning your business and people with the rapid technology changes occurring around it/them
  • Ensuring operational efficiencies
The service is delivered as a simple monthly subscription, or ad-hoc as and when required.

Cloud Based Services for Business

Expert Cloud Computing for Your Business

The way people need to work is changing fast. Businesses want more flexibility, more agility, and the ability to work from anywhere. All without compromising security or giving end users a muddled or fragmented experience.

Fewer and fewer companies are choosing to buy traditional onsite hardware. Instead, they are embracing a modern approach to working that removes the upfront expenditure and burden of onsite IT whilst empowering staff to work more efficiently. And, because every aspect of maintenance and management is handled by the same team of experts, we’ll always be on the lookout for new ways to improve your technology. So, we won’t just keep your IT working – we’ll do everything we can to make it work even harder.

Tailored Cloud Solutions

A tailored Cyan cloud solution leverages many industry-leading technologies to bring a seamless user experience. We’ll enable your teams to continue using the familiar software applications and interfaces they’re accustomed to, but in new and exciting ways. You’ll get the performance and reliability of enterprise-grade infrastructure without the associated costs or management overheads. We’ll also significantly reduce your cyber risk by protecting key business assets in high security UK data centres.

Subscription Based Service

Our team of experts will design and build your cloud service on the industry’s best platforms from key partners, including Microsoft. Our hybrid approach to design ensures that all areas of your business are considered – this is very important as some applications or data may not be suitable for the cloud. The entire service, including full management and support, is delivered as a subscription – so you only pay for what you need and use.

What’s included with Cyan’s Cloud Computing Services:

Virtual Private Cloud (VPC)

VPC brings all the benefits and advantages of public cloud but ensures your data and assets remain private and secure in trusted UK datacentre on resources dedicated to your business. We create a VPC network in the cloud that closely resembles the network you use in your office. Your servers, firewalls, desktop applications, and databases are virtualised and moved to a scalable, high-performance cloud infrastructure along with your data and files. We guarantee the maximum levels of protection and effectively ring-fence your business assets in a safe environment that can be securely accessed anytime, from any place. Your end users continue to work seamlessly as both cloud and local resources (such as printing) are fully integrated.

Microsoft Office 365

We’re long-term Microsoft partners and Microsoft cloud specialists and have a wealth of in-house knowledge and expertise when it comes to Office 365. In fact, we’ve migrated and support well over 1500 users. Whether your business is just starting to consider the benefits of using Office 365, or if you’re already established and working in the Microsoft cloud, we can help you get the most from your investment. We offer a complete Microsoft Office 365 service that includes full management, end user support, best practice deployments and user adoption training. We also learn how you want to use Office 365 to ensure you don’t over-pay for licence plans you may not require.

Cloud Security

we manage cybersecurity across your entire service and will ensure that data and users are protected. Microsoft Azure Active Directory (Azure AD) helps us manage user identities across your devices, data, apps and infrastructure, and lets us create intelligence-driven access policies to secure your resources, whether in the cloud, on mobile or on-premises. We can also deploy and manage Multi-Factor Authentication (MFA), that requires users to enter a one-time passcode at logon, which further enhances access security. Learn more about Cyan’s Cyber Security Services.

Cloud Backup and Disaster Recovery-as-a-Service (DRaaS)

Moving data and applications to the cloud does not remove the need for backup. Although a cloud service significantly reduces risk, it does not guarantee that users won’t accidentally delete files of folders. There is also the risk from cyber-attack to consider. We safeguard your business against human error, ransomware, and even site failure, by automating and managing the entire backup process. We ensure your data, applications and databases are protected and out of harm’s way. Cyan DRaaS extends this further by continuously replicating systems to a secondary cloud infrastructure in a geographically diverse data centre.

Cyber Security Services

Cyan’s entire cyber security ecosystem, including full management and support, is delivered as a subscription – so you only pay for what you need.

Cyber security breaches disrupt business and can cause considerable financial and reputational damage. If you suffer a cyber-attack, you not only stand to lose business, you may also face regulatory fines and litigation. All this on top of the costs of remediation.

Most cyber-attacks are automated and indiscriminate. Rather than targeting specific organisations, cyber criminals prefer to exploit the low hanging fruit and attack known vulnerabilities or points of weakness. Your business is always under threat, even though you may not even be aware. On average, each UK business with an internet connection will experience over 500 attempts a day to breach their corporate firewalls. Yet only half of these firms have applied even the most basic cyber security controls.

The most effective way to protect your business and minimise the risk of a cyber-attack is to reduce the surface area that is open to exploitation and educate staff how to recognise and act on threats. This cannot be achieved with a single product or service. In fact, the most effective cyber security strategies comprise of multiple products and services, each intended to address specific threats.

In partnership with some of the world’s leading and best-in-class cyber security vendors, our team of experts will help you plan and implement a cyber security strategy that’s tailored to your needs. Our approach to IT security ensures that all areas of your business are carefully considered – this is essential as threat protection cannot be one-size-fits-all. Gaps quickly appear if, for example, you have remote workers, or if you use cloud services.

Cyan offers the following Cyber Security Services:

Managed Anti-Virus/Malware

To successfully protect against known viruses and emerging malware and ransomware threats, you need an antivirus solution that not only uses traditional signature-based protection, but that also uses sophisticated heuristic checks and behavioural scanning to protect against previously unknown threats.

Our expert security team will help prevent the unexpected with full, real-time proactive monitoring of your systems to provide continuous data and hardware protection from viruses, malware and ransomware. We’ll ensure everything is kept up-to-date and we’ll even handle security alerts as they happen.

Managed Firewall

As the first line of defence for your network, firewalls are a critical layer of threat protection that should form the foundations of your security, compliance and risk posture. To be effective, firewalls require continuous monitoring and management to ensure your network stays online and malicious attacks are prevented at the gateway.

Our team of certified SonicWall experts install and configure next-generation firewalls for maximum security and provide ongoing administration, monitoring and response to security events. We take care of everything and make sure your network is protected against known vulnerabilities and exploits that could be used to attack your business.

Managed Web and Email Threat Intelligence

The vast majority of cyber threats attempt to exploit the weakest link – your end users – and what often looks like an innocent email containing a harmless web link can quickly turn into a data breach or full-blown ransomware attack. All it takes is one click of a mouse. This type of attack will often evade traditional anti-virus protection by coercing end-users into giving away credentials or browsing to infected websites.

Our advanced protection for web and email is designed to shield your end-users from both known and emerging cyber security threats. This is a 100% cloud-delivered service designed to protect users from zero-day malware, ransomware, spam, botnets and phishing. Instantly block access to malicious websites, quickly identify and remove inbound and outbound email threats. Sandboxing provides real-time analysis of suspicious files and links in email traffic before they reach your teams. We can also enforce web usage policies and monitor web usage across your organisation.

Managed Security Information and Event Management (SIEM)

Cyber-attacks increasingly use mutation to reduce the chances of being successfully detected. In fact, the global average time it takes for companies to identify a data breach is as a staggering 6 months.

The Cyan Managed SIEM service is a 24/7 proactive monitoring and threat detection/response platform designed to give instant visibility into unexpected security events. We monitor your entire IT estate for anomalies and suspicious network activities and can respond instantly to remediate, block, or terminate harmful threats or hackers.

This is a powerful tool that significantly reduces your exposure to the risk of a cyber breach. Real-time processing and correlation gives us a complete picture of what’s new or changed. From failed login attempts to a system-wide configuration change, a new mailbox added to Microsoft Office 365 to company files being moved to removable media (eg a USB drive) – we can analyse, categorise and respond to these events instantly.

Managed Password Security

Establishing an effective password policy is critically important. Attackers are commonly looking for easy ways to access data using valid, trusted credentials – and weak passwords are an easy attack vector. Cracking simple and even moderately complex passwords is no longer a difficult task and powerful password hacking tools are now freely available to download. On top of this, leaked credentials from data breaches yielding billions of user accounts and passwords are giving cybercriminals the upper hand. Implementing secure a password policy is absolutely essential, however, relying on your staff to remember strong or complex passwords can be a burden on productivity.

The Cyan Managed Password Security service removes this burden while ensuring that company-wide secure password policies can be set and implemented effectively. Your staff are automatically guided through the process to ensure all password security recommendations are met. If at any time they forget their password, or need to change it, they have access to a secure 24/7 service that will walk them through the process. The dictionary feature adds further protection by blocking the use of weak passwords, or passwords that have made it on to breached lists.

Managed Multi-Factor Authentication (MFA)

Managing IT risk is complex, especially with the dynamic nature of today’s business world. Users have the flexibility to work from anywhere on any device and often connect to company data and email from outside the network perimeter. Establishing strong password policies is vital but securing access to privileged information needs more than just good password management. If a hacker breaches security using stolen login credentials they will gain access to a company network undetected. They could even pose as an employee and send email, or worse, manipulate payment transactions.

Adding a second factor or layer to your authentication workflow is the most effective way to minimise this risk. MFA asks the user to verify their identity by requesting an additional step be taken during the login process. This could be a PIN code, a push notification to a mobile app, or even a phone call.

Penetration Testing

Sustained and continued adoption of new and emerging technologies has made it difficult to discover and remove all of an organisations’ vulnerabilities and successfully defend against cyber-attacks. Missing a simple software application update, or not applying firmware upgrades to key network infrastructure can leave your business and assets worryingly exposed. Without appropriate testing, there is no way of ensuring that other cyber defences provide adequate protection against cyber-attack.

Vulnerability Scanning for PCI DSS Compliance ​

66% of customers say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen (source: Verizon 2017 Payment Security Report). Firewalls must leave certain ports open for the operation of web, mail, FTP and other Internet-based services, leaving you vulnerable to exploitation.

The PCI-DSS standard is the result of collaboration between some of the major credit card brands and was developed to encourage and enhance cardholder data security, and to facilitate the broad adoption of consistent data security measures involved in payment card processing. To comply with PCI DSS, merchants and service providers must conduct and pass a quarterly vulnerability test (meaning one scan every 90 days, or 4 scans per year). This service provides the PCI scan certification necessary to demonstrate quarterly compliance.

Cyber Security Essentials

Any organisation with an Internet presence is at risk from automated cyber-attacks, but not all organisations have equal resources to deal with them. Cyber Essentials offers a sound foundation of cybersecurity hygiene measures that any business can implement and build upon. In fact, implementing these measures could significantly reduce your exposure to vulnerabilities.

The Cyber Essentials scheme provides five security controls, which, according to the government, could prevent around 80% of cyber-attacks. There are two levels of certification – Cyber Essentials or Cyber Essentials Plus. Each will enhance your business’s reputation by proving to customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks. Working in partnership with a CREST-accredited certification body our team of experts will manage the entire certification process for you and oversee all assessments and vulnerability scans to ensure that the security controls you implement are effective.

Staff Awareness Training

For most businesses, employees are still the weakest security link, leaving companies exposed to risk. Over 90% of cyber-attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to business is no longer malware but impersonation email attacks. To protect against this overwhelming threat, you need to develop an effective education programme to raise awareness among staff.

Cyan offer a range of user awareness courses that will demonstrate to staff why their organisation is a target for cyber criminals and how attackers will seek to target them. The short courses are delivered via an online E-learning portal and staff can study from their desk and around their existing workload. The courses use non-technical terminology, making it easier for staff to understand. Attendees will learn practical and simple tips to better protect themselves at work covering areas such as social engineering, password security and e-mail attacks. By giving staff an awareness of the cyber threat they face, it means they are more likely to detect and respond to suspicious activity, resulting in actual incidents being dealt with quicker and reducing the risk of potential damage.

Remote and Fully Managed IT Support Tailored To Your Needs

Cyan remove the burden of IT management and proactively monitor and maintain your technology to keep your systems online, your data secure, and your people productive.

From supporting end users to managing software licenses, monitoring backups to updating applications, it’s all taken care of. Plus, our helpdesk speedily resolves any queries or issues that do crop up, ensuring business continuity.

And, because every aspect of maintenance and management is handled by the same team of experts, we’ll always be on the lookout for new ways to improve your technology. So, we won’t just keep your IT working – we’ll do everything we can to make it work even harder.

 

Guaranteed Service Levels

For the long-term, we guarantee the highest service levels with a robust set of agreements. You can expect fast, responsive support from a team that’s always ready to help. And while more than 95% of calls handled are resolved within just 15 minutes, we’ll work with you to agree Key Performance Indicators and regularly provide performance reports. As a result, you’ll get exceptional service whenever you need it, as well as complete transparency on our performance.

End User and Computer IT Support

Our Helpdesk team delivers immediate assistance whenever needed. We offer support and guidance over the phone and can connect to computers remotely to fix problems, carry out maintenance work, or assist users whenever they have questions. Additionally, if we can’t resolve an issue remotely we will immediately despatch an engineer to your site.

Network and Server IT Support and Maintenance

Cyan engineers work around the clock to manage and monitor your IT infrastructure to ensure your business remains operational and secure. We make sure your network is protected and your systems are online and up-to-date. Whether in the cloud or onsite, we’ll manage your entire IT estate.

IT Security

Cyan manage cyber security across all systems and devices under our control and combine industry-leading tools to deliver a safe environment for your team to work. We protect email, web browsing and cloud applications, we secure Internet gateways from the threats of hacking and intrusion, and we shield your systems with award winning anti-virus and malware defence. Our team monitor security across all areas of your business and analyse and remove any potential threats as they occur.

Backup and Disaster Recovery

We safeguard your business against outages, fire, flood, theft, human error, ransomware, and even hardware failure, by automating and managing the entire backup process. We ensure your data, applications and databases are protected and out of harm’s way. From a single file, a failed server, or site loss, we have the tools to recover your business from complete disaster within hours.

Performance Monitoring

We proactively monitor your computers, servers, network and Cloud services and take immediate action to identify and fix smaller issues before they develop into bigger problems or downtime. More importantly, we can ensure that system performance is always optimal.

Reporting

Having insight and visibility in to your technology, with all its related statistics and performance measurements, is key to justifying future direction or making important business decisions. Our reporting tools are designed to extract valuable information about your systems, your users, IT efficiencies, productivity and security.

IT Purchasing and Digital Transformation

Having in-depth technical knowledge of your business puts us in the perfect position to make recommendations based on the true needs of your organisation. We deliver competitive advantage by helping you plan ahead and get the most out of technology. We can integrate Cloud platforms, design a more efficient network, or introduce better ways of working. Whatever the need, you can rest assured that the technology will be tailored to your needs, goals and budget.

IT Security Strategy: What You Need to Know

Most businesses are critically dependent on the internet. Survival means having a strong IT security strategy in place. The hacking of telecommunications giant Talk Talk in 2015 reminds us that it’s not just smaller businesses that are at risk either.

The Government has taken steps to build a national cybersecurity strategy and this acknowledges that threats can come from many different sources: foreign governments or state sponsored actors, terrorists, hackers, hacktivists concerned about a particular issue, and even insiders, people who work for a company and who have a grievance of some sort.

Protecting your business has never been more important or more challenging. Having the right tools and processes in place is key if you want to stay safe.

How to Develop an IT Security Strategy

The digital landscape has become increasingly complicated over the last couple of decades. Businesses will not only operate online through portals and third-party sites but use tools such as social media to market their services and products. On top of that, they will have key IT requirements within their office environment that need solutions. Many will use remote working and promote collaboration and better communication through cloud-based services.

All this means that there is no clearly defined, one-size-fits-all IT security strategy for modern businesses.

1. Understand What You Have

The first major step to developing the appropriate IT security strategy is defining what you are trying to protect in the first place. Yes, you may have lots of customer and employee data but what about documents relating to your business such as your plan for the future or a new product you are intending to bring onto the market?

To make sense of everything, you need to understand what each asset is and clearly define its value to your business.

2. IT Security Risk Assessment

The next part of the process is to look at the current state of your IT security in relation to these assets and whether it fulfils its purpose. A risk assessment looks at a range of different aspects of your business, including the software you have in place, who has access to data, what they do with it when they are using it, and what protocols other than digital that you have in place to ensure security.

3. Elements of Strong Cybersecurity

The Government has produced a useful infographic (download here) relating to IT security which includes 10 steps all businesses and organisations should be taking:

  1. You need to implement a risk management regime that allows you to regularly review your cybersecurity processes.
  2. You must protect your network from attacks using anti-virus software and other technological solutions.
  3. You need a process in place to educate users and build awareness through activities such as staff training and the production of easy to follow practices (such as having a definitive password policy for your business).
  4. You need to establish anti-malware practices and defences to protect your business like having the appropriate software and educating staff on threats such as phishing emails.
  5. You need to limit or control the use of removable media such as flash sticks which can hold malware.
  6. You need to update your systems when a new patch or update is available and ensure they are configured properly across your whole business.
  7. You should carefully manage user privileges particularly for parts of your network that have access to sensitive data.
  8. Your business should have a process in place for handling any breach incidents or disaster recovery and be able to test these plans. If you lose data for whatever reason, being able to get up and running again may be vital to the survival of your business.
  9. Your business also needs to have in place a system or protocol for monitoring your IT and cybersecurity, producing reports and understanding if you are at risk of attack.
  10. You need to develop a policy for home and mobile working especially if you advocate using BYOD. Your company needs to create a secure baseline for all devices and build this into its cybersecurity activity.

While many businesses will be able to implement some of these measures, it can be challenging to get them all in place. That’s why it’s important to work with an IT and cybersecurity specialist to make sure all the bases are covered.

At Cyan Solutions, we have the teams in place who will be able to help you develop a robust IT security strategy that will safeguard your business now and in the future. Contact us today to find out more.

Essential Recommendations for Business IT Security

One of the key factors that effects almost every business with a digital profile is IT security. It’s a constant challenge to get right whether you are a small start-up or a large corporation.

Unfortunately, there are organised criminal gangs in this world who are fixed on trying to do us harm. It’s something that has been with us since the birth of the internet.

The biggest question we get asked at Cyan Solutions, is what best practice can be employed to ensure better business IT security.

Here’s a list of things you can do right now to help protect your business:

1. Don’t Assume It Won’t Happen to You

This is something we find with many SMEs. They think they’re too small for hackers to worry about. It’s simply not true.

Most attacks come through automated delivery such as Phishing email. The hackers and malware developers are looking for someone, anyone whose system they can get into. Whether you are just a one-person outfit or have many staff, treat cybersecurity with the same level of seriousness as you do other aspects of your business.

According to a recent report by Verizon, 71% of cyberattacks happen to smaller companies with less than 100 staff on the payroll. That is in part because there are more of them but the clear message is to be aware and have robust cybersecurity policies in place.

2. Use a Firewall

The first line of defence against cyberattacks is an effective business-grade firewall. Think of this as a barrier that repels common attacks and prevents malicious threats getting to your network. Companies often neglect to invest in this area as they don’t understand the importance of good perimeter security. They assume a generic router does the same job, it doesn’t. You need to improve network security measures if you want to remain safe online.

And, it’s not just external firewalls that are important – if you have sections of your network that contain sensitive data, for example, you may want to protect these with additional cybersecurity measures.

3. The Challenge of BYOD

Bring Your Own Device (BYOD) has largely been accepted in the business world over the last decade after some initial reticence by employers. It can often be easier for an employee to use their own smartphone or tablet or even laptop to do their work.

The trouble is that these are not generally as secure as the hardware and software that you have for your business. Staff can download the wrong apps or visit the wrong sites that open them (and your business) to potential cyberattack.

This is something that is unlikely to change in the future. BYOD offers too many benefits. The challenge is to make sure that mobile devices are updated with the right security and that staff understand their obligations.

4. Having Comprehensive Cybersecurity Policies

This brings us to the strategy for your cybersecurity protection. All businesses, whatever their size, need to have a robust set of policies that staff can adhere to. Many smaller companies do this in an ad-hoc manner which can mean their business IT security is missing vital core components. Ensure that you document your policies and make them readily available to all members of staff – including senior managers and executive teams.

5. Password Protection

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack. Passwords should ideally include upper- and lower-case letters, symbols and numbers. For more sensitive areas of your business, you also want to consider multi-factor identification.

It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack.

Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised access to systems. Always change the default password that comes with a new device.
If two-factor authentication is available, make sure it is enabled and use it. A common and effective example of this involves a code sent to your smartphone which you must enter in addition to your password.

6. Educating Staff

One failing, particularly for smaller businesses, is not educating their staff on the right IT security protocols. There’s plenty of evidence to suggest that, even if a company has a password policy in place, in the majority of cases it is not enforced.

You have to bring your staff into the loop and make sure they are well educated with regards to cybersecurity risks. For example, User Awareness Training is a great way to educate staff to the dangers of email threats, such as Phishing attacks, which are not always easy to identify.

7. Regularly Update Your Devices and Software

It’s quite worrying the number of small and midsize businesses that do not make the effort to patch their systems, devices and software. Manufacturers release regular updates which not only add new features, but also fix security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security.

8. The Right Level of Protection

Finally, the fight against cyberattacks is a never-ending battle and you should have the appropriate virus and anti-malware software in place which is regularly updated. One big mistake businesses make is to assume that standard anti-virus software alone is adequate protection for their needs. How security should be tailored to better protect your organisation is something you need to discuss with your IT provider. Understanding what threats are targeting and putting additional layers of security in place to protect against them is an essential part to any cybersecurity strategy.

At Cyan Solutions, we deliver cutting edge IT services and support. If you want access to the best cybersecurity expertise for your business, tailored to your needs, contact our team today.