The End of Life for Windows 7

Windows 7 end of life

On 14th January 2020, Microsoft will officially ‘end the life’ of support for Windows 7 and Windows Server 2008 (including 2008 R2); a change that will pose a significant challenge for many businesses throughout the UK.

Not only does 2020 mark the beginning of a new decade, but it also commemorates the end of an era for Windows 7 and Server 2008. Not so long ago, these trusted operating systems were one of Microsoft’s most popular, so much so, that many businesses still use them on a daily basis.

But what exactly does end of life mean for small and medium-sized enterprises (SMEs)? Well, if you continue to use these operating systems after support has ended, your systems will still work, but will become considerably more vulnerable to security risks and viruses. As SMEs represent 99% of all businesses in the UK, there’s potential for a significant number of companies to be effected.

Assessing the Risks

In a nutshell, this rather significant operating system end of life means no more bug-fixes, security patches or new functionality. In addition, Microsoft customer service will no longer be available to provide technical support and related services will also be discontinued over time.

This considerable change, therefore, may cause concern for existing users as the risk of running systems beyond 14th January means that computers and data can become vulnerable to exploitation, hackers and bugs, to name but a few.

Vulnerabilities can be very dangerous as attackers can more easily comprise unpatched systems. Once compromised, the attacker can gain control of the system to steal information and potentially launch further attacks on other IT systems within an organisation’s network.

When an operating system becomes end of life, the vendor will no longer release security updates or patches to remediate any discovered vulnerabilities. This leaves systems at serious risk of being compromised.

Is Your Company at Risk?

It’s vital to assess the risks to business before deciding what action needs to be taken – and, in this case, both the likelihood and impact need to be determined. To achieve this it’s essential to consider the following:

  • Does the system contain business-critical and/or confidential data?
  • Does the system contain any sensitive data such as personally identifiable information?
  • Does the system support a business-critical process?
  • Will running an end of life operating system be in non-compliance of:
    • GDPR
    • PCI
    • Supply chain agreements
    • Insurance policies
  • What would the cost be to the business if the system was compromised?
  • Would the reputation of the business be damaged if the system was compromised?
  • Is the system exposed to the internet, if so, can this be limited or removed completely?
  • Has the user(s) of the system received adequate security awareness training?
  • Do we have the capabilities, including the skills and knowledge to manage the risk?

Once the likelihood and impact have been determined, it’s then about calculating the risk. If the risk is low, it should then be recorded in a risk register and treated to reduce the likelihood of it occurring.

Managing the Risks

At CYAN, we believe that the best option and one that should always be considered before anything else is to terminate all risks by upgrading operating systems to a supported operating system before the end of life date. Which in this case, is 14th January.

However, in some cases, it may be necessary to run a system with an operating system beyond its end of life date. This could be due to several reasons, from budget constraints to a dependency on a legacy application that requires a specific version of an operating system version in order to work. If this is the case, the risk should be assessed and treated to reduce the likelihood of the system being compromised.

But it’s important to note that this should only be a short-term measure while measures are put in place to upgrade to an updated operating system. We know that business survival during a huge change such as this requires having a strong IT security strategy in place.

Effectively Treating Risks

At CYAN, we balance our intricate knowledge of IT with a personal approach to understanding the businesses and people that use it every day. And so, to reduce the likelihood of the risk occurring when Windows 7 or Server 2008 reach end of life, multiple techniques and controls can be applied to treat the risk. There are a number of ways in which this can be done:

Reducing the Attack Surface

Removing all unnecessary applications from the system and only allowing signed and trusted applications to run can effectively reduce the risk. Additionally, isolating the system to a tightly controlled security zone and limiting exposure to the internet can also help to decrease the attack surface.

Applying Patches

First of all, it’s important to know what patches are in the IT realm. A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. So, by applying the final update and security patch from Microsoft, as well as continually keeping all required applications up to date, can significantly treat risks.

Implementing Strong Technical Controls

Use a comprehensive endpoint security solution to protect against malware and unauthorised access and harden the system by disabling unrequired services and system features. Not sure where to start? Speak to us for expert help and advice.

Control Access

You can also prevent access by removing unused accounts and restricting access on a need to know basis. Using strong passwords and multi-factor authentication can also be highly effectively when it comes to watertight access control.

Backup and Event Logging

Regularly performing backups as well as enabling event logging to a safe, secure and restricted location is vital to contain, eradicate and recover from a security breach.

Security User Awareness Training

Within a business, it’s vital to practice safe clicking and carry out regular security awareness training and measure its effectiveness with all members of the team. This is of the utmost importance when it comes to the end of life of operating systems such as Windows 7.

The Next Steps…

While end of life operating systems will continue to work after their end date and additional techniques and controls can be applied to reduce the likelihood of the system being compromised, it’s best practice to terminate the risk by upgrading the system to a supported operating system before the end of life date.

This means the end of regular security updates which puts any system running Microsoft Windows 7 or Server 2008 beyond 14th January 2020 at serious risk. Businesses that use these systems and that have failed to update to newer systems are at risk of severe and very dangerous security breaches.

Skill and Knowledge for The Steps Ahead

It’s worth noting that to manage the risks involved in such a drastic change will require skilled resources and additional time and effort, which isn’t always something that can be carried out within a small or medium sized business. And much like any massive business change, the cost of managing the risk should be weighed up against terminating the risk by upgrading the system to the next available operating system. You might just find that it’s more cost-effective, and ultimately, will be far safer for the business to simply upgrade the operating system.

At CYAN, we have seen security threats from outdated operating systems, unpatched vulnerabilities, and various other security breaches. The longer your company waits to update systems, the bigger the risk becomes of a potentially costly and nasty attack. Please don’t wait any longer, get in touch to find out more about how we can help you with a safe and speedy upgrade.

Wherever your organisation goes after Windows 7, upgrading should be done in a measured and controlled way, and certainly not rushed at the last moment without careful consideration of the impact to business.

What is Cyber Essentials and Why is it Great For Your Business?

The vast majority of cyber attacks can be classified into a few different types that businesses can protect themselves against.

Understanding what your cyber security risks are and how to mitigate them is not just something you should be worried about because of the potential damage to your systems. You have a legal duty of care to protect data pertaining to the customers you provide products or services for.

Small and medium-size businesses on strict budgets are just as much at risk as larger organisations when it comes to cyber crime. Initiatives such as Cyber Essentials are integral in ensuring that these companies are able to put in place real solutions that help reduce the risk of a security breach.

What is Cyber Essentials?

Cyber Essentials is a UK government-backed initiative that has been in place since 2014. The scheme outlines the basic steps your business can take to mitigate up to 80% of the risks that it might face from external and internal malicious influences.

It’s a recognised scheme that has been designed specifically with small and medium-size businesses in mind and is a relatively low-cost IT security framework that any company can employ.

The Benefits of Cyber Essentials

It’s not just businesses that are concerned about cyber security. Consumers are worried too and they are more likely to choose a business that can demonstrate it’s taken precautions to protect data rather than one which hasn’t. Cyber Essentials certification gives you an easy way to show what your business is doing to keep your customers’ data safe.

If you are a B2B organisation, in particular, one seeking to bid for government projects, Cyber Essentials certification is the evidence that proves you are serious about mitigating cyber security risks in your company.

5 Ways to Improve Your Cyber Security through Cyber Essentials

The five main ways to improve your cyber security means having these important controls in place:

1. Secure your Internet connection

You should protect your Internet connection with a firewall to create a secure buffer between your company network and devices and external networks and the Internet. This allows you to have more control over remote access to internal systems and data, as well as outbound access to the Internet.

Most businesses will have a boundary firewall on their router and a personal firewall on devices, but few understand how they work or how to configure them to better protect data and software. The Cyber Essentials scheme is designed to give businesses more control and greater knowledge in this area.

2. Secure your devices and software

Most new devices will come bundled with pre-installed software applications, have auto-run features enabled, or even have a manufacturer default password. All of which give hackers an opportunity to exploit common settings.

By removing any unnecessary software applications, disabling unused features and changing default passwords to something secure you will make the device far more secure. Where applicable, using two-factor authentication will increase security further.

3. Control access to your data and services

Another important part of security is understanding what data and sensitive information relates to your business and who has access to it. To minimise the damage if a user account were to be misused or stolen, staff should only be given permissions to access the data they need to do their job. This goes for senior managers and directors too, as giving full access rights to this type of account will make them a prime target and will cause the most damage if they are breached.

4. Protect from viruses and other malware

Malware can come in many forms and you need to make sure that your computers and devices are protected by suitable anti-virus software.

Infection can come from Internet worms and viruses, hacked websites, ransomware, botnets and spyware and each of these present their own challenges. Modern day malware attacks are designed to deceive computer users and bypass common methods of protection. Often, a multi-layered approach to securing your systems is more effective. Cyber Essentials will help you to choose the appropriate protection for your business.

5. Keep your devices and software up to date

It’s surprising the number of businesses that don’t download updates and patches for operating systems when they are available. This often happens when older systems are being used in the company.

These software updates are vital in combating cyber-attacks and businesses need to ensure that systems download and install at the earliest opportunity. The easiest way to do this in most cases is to initiate automatic downloads.

If a manufacturer no longer supports hardware or software, new updates are not available. In this case you should consider replacing the hardware.

What Should You Do Next?

Once you have taken the time to investigate your security needs and have put these five basic controls in place, you will put your organisation on the path to better cyber security. Cyber Essentials Certification should be your next target, but you can work towards that goal at a pace which suits you.

Improving your online security by obtaining Cyber Essentials certification won’t guarantee you will never be the victim of an attack but it should help mitigate about 80% of the risks at a relatively low cost to your business.

Cyan Solutions can guide you through the process and work with you to deliver a more secure future for your company or organisation. Contact our expert team today to find out more.

The Cyber Security Basics You Should be Covering Now

Achieving full protection when it comes to cyber security risks can seem daunting for even the smallest of businesses. Even if you can’t access the huge budgets that big corporations have at their disposal, there are some basic solutions you can put in place to protect your business.

5 Cyber Security Basics You Can Implement Relatively Cheaply

Even if you are a small or medium-size business with a very limited budget, there are a number of solutions which need to be implemented with relative immediacy.

1. Understand What Assets Are At Risk

We use a wide range of devices to access software and the internet nowadays. You might use a desktop in the office, a laptop at a local café or a smartphone or tablet while on the move. Software and data is no longer placed on a protected server within the organisation but can be accessed from anywhere in the world via the cloud.

Our assets when it comes to cyber security are more wide-ranging and, in some cases, can seem quite nebulous, than ever before. They are all, however, vital to daily operations and need to be protected. It’s important to know what you use and how it might affect your online security.

That means carrying out a regular inventory:

  • What hardware such as desktops, laptops and smartphones do you have?
  • If you use remote workers to support your business, how are you connecting to them and protecting data?
  • What remote or local servers are you using?
  • What cloud services are you and your staff employing?
  • What virtual machines are you using? What software?

This inventory gives you the basis for understanding your cyber security risks and needs. For example, you may allow BYOD in your business which can present specific challenges when you incorporate your software and data sharing onto someone’s private device.

2. Fill in the Gaps

Once you do an inventory, the likelihood is that you will spot areas where your security isn’t covering your business as you might like. This can happen for a variety of different reasons:

  • You may not have implemented a cyber security solution in the first place.
  • There might have been a solution, but it was turned off by someone using the software.
  • You might already have been the victim of a malware attack that turned the security measure off.

Once you know where the problems lie, you have the chance to put things right and repair your system so that it works more effectively.

The more assets that you use in your business, the more complicated it can be to address all the issues, especially if you are short of time. That may mean outsourcing your IT to a third party who can ensure the gaps are plugged, allowing you and your teams to focus on the business. The key here is that plugging the gaps in your security should be a priority.

3. Auditing Permissions

Who has access to the vital parts of your business? Most companies will limit permissions depending on what job someone does and their position within the organisational structure. These are often not monitored closely enough which means that the potential for a cyber security breach increases. For instance, if someone gives another person their password to access important information, it is putting your business at risk.

It’s also important to check things like user passwords and how these are managed:

  • Are they robust and are they changed at regular intervals?
  • Do some people have access to more areas in your business than they really need?
  • Are there old accounts still operational even though staff have left the business?

Checking permissions on a regular basis is important and will ensure that everyone has the right access and security is kept intact.

4. Developing a Cyber Security Policy and Implementing It

It’s important also to have a cyber security policy for your business, even if you are an SME. The purpose of this is to provide the framework on which all your company security works.

It should include clear guidelines on how employees should behave online, how they use your data and software, who is responsible for ensuring compliance, and what you need to do in the event of a breach.

Even if you do have a cyber security policy in place, it’s vital to ensure that this is being implemented properly. That means having a regular audit to check processes are being adhered to and any changes that need to be made are actually being made and recorded.

For example:

  • You may have run a training session to make staff aware of your cyber security policy and what is expected of them. But have you onboarded new employees properly? Do you need to provide a refresher session?
  • Is the person who is responsible for implementing certain parts of your cyber security policy doing it properly? Do they need further training, or do you need to change personnel?
  • Are there things that need to be added to your cyber security policy following changes in the operation of your business?

5. Embrace Automation

Finally, it’s important as much as possible that you don’t leave your cyber security at the mercy of human error. That includes making sure you have automatic updates and patch downloads for devices rather than waiting for employees to do it themselves. Automation not only reduces human error it can save time and money as well.

When you undertake your audit, do it with a mind of looking for areas where you can include automation.

Cyber security is most certainly a big challenge to businesses, particularly SMEs. These small steps should help tighten up and streamline your current posture and keep you safer online.

If you’d like to find out how a fully managed, tailored IT support service can benefit your business, contact the team at Cyan Solutions today.

How to Create a Cyber Security Policy for Your Business

Whether you are a new start-up, an existing small or medium size business or a large corporation, dealing with cyber security risks is vital in the modern commercial environment.

According to the Government’s Cyber Security Breaches Survey 2019:

  • Nearly a third of businesses have identified cyber security breaches or attacks in the last 12 months.
  • This resulted in a negative outcome, such as a loss of data or assets, in 30% of cases.
  • Only 33% of companies have a cyber security policy in place.

This last statistic is astounding when you consider the threat from cyber criminals that we face at the moment. While a cyber security policy can’t fully guarantee you won’t become a victim of cybercrime, it greatly improves your chances of avoiding a breach and gives you the tools to respond if one does occur.

What is a Cyber Security Policy?

All businesses have certain assets, including data and software, that they need to protect. A cyber security policy is a formal document that can be used by a whole range of stakeholders to understand their responsibilities and what measures are in place to protect the technology and assets of the business.

Most importantly, it is not a document that is set in stone. It needs to be reviewed regularly and updated to respond to current and future cyber security threats.

Who Should Be Involved in Creating Your Cyber Security Policy?

A cyber security policy is not simply put together by your IT service provider. It involves input from a wide range of individuals. That includes management and leaders within your organisation, HR departments that may need to enforce dissemination of the policy to employees, and even a legal team who may need to input on the wording of the document.

Main Elements of a Cyber Security Policy

The core part of your cyber security policy should outline the risks that your business faces and why the measures you are taking are important. It should also outline who is accountable for implementing the policy and the processes that need to be followed in respect of a breach, including following current GDPR guidelines.

Obviously, the complexity of the cyber security policy will depend on the size of the business and the number of different departments that may be affected.

From the perspective of employees, providing guidelines on the daily use of technology within the business is also important. It should include guidance on:

  • Password control: including how to store passwords, how to create robust passwords and how often these must be updated.
  • Email protocol: including how to spot potential phishing emails, not opening links or attachments from dubious sources, deleting suspicious communications and methods for blocking spam, scam or junk emails.
  • Dealing with sensitive data: including how data such as customer details are stored, how they are used and who has access to them, as well as measures for deleting data that is no longer needed or legally required.
  • Using removable devices: including the safe use of USB/flash sticks and preventing malware attacks by scanning before opening removable devices.
  • Using technology and hardware: including using BYOD and accessing hardware such as laptops outside of the business environment.
  • Social media and accessing the internet: including protocols for what is appropriate information about the business to share on social media and guidelines on which sites are allowed to be accessed during work hours.
  • Managing cyber security breaches: including who takes the lead and has responsibility, who needs to be informed, and what action must be taken.

The last point is an important one for all businesses nowadays, especially in light of the introduction of the General Data Protection Regulation in 2018. Businesses that don’t have the appropriate measures in place and fail to follow the current guidelines not only face damaging their own reputation they can be liable for huge fines or prosecution.

Auditing Your Cyber Security Policy

As we said at the beginning, your cyber security policy should be a live document that is regularly updated. There should be regular times where the policy is reviewed and assessed in line with current business goals and cyber security threats. This should include:

  • How the current cyber security policy is working in the real world.
  • The exposure of your business to both internal and external threats.

Using Your Cyber Security Policy Properly

It happens in a number of businesses that the cyber security policy is developed and covers all the bases required. Unfortunately, it is not disseminated properly to those who need to know. If you have a policy that is stuck on the equivalent of a shelf gathering dust, it’s not going to be much use.

Included in the policy and implemented by your business in the real world is how this information is going to be conveyed to relevant stakeholders, including employees. That can involve, for example, training new and existing staff to spot phishing emails, regularly updating the current security threats facing the business and ensuring that robust passwords are used for accessing data and software.

How Cyan Solutions Can Help

There’s no doubt that cyber security is a serious concern for businesses across the UK, whatever their size. It’s also a huge challenge to get all the pieces in place that deliver the protection individual businesses are looking for.

Creating a cyber security policy is a vital process in setting up the infrastructure to keep your business safe online. You cannot entirely trust, for example, that all your employees will follow the right protocols all the time. But you at least need to have a formal document that outlines and reinforces what their responsibilities are.

At Cyan Solutions, we’ve got a great track record of helping small and medium-size businesses put the right cyber security measures in place. We can work with you to develop a strong cyber security policy document that will act as a protective umbrella for your business. We can also help audit and review any policy that you may already have in place to ensure that it is fit for purpose. Contact our expert team today to find out more.

3 Reasons Businesses Are Still Getting Their Cyber Security Wrong

Cyber security is one of the biggest challenges faced in the business world today. How do you protect your online services, including the sensitive data of your customers, effectively while still being able to function productively?

The list of recent high profile cyber security breaches highlights how difficult a challenge this really is. The 2018 attack affecting 500 million customers of Marriott Hotels and the more recent 2019 breach of Facebook user records that exposed 540 million accounts are just two examples.

Data breaches and cyber security attacks are not solely a problem for large corporations and big business. Small and medium-size commercial enterprises are just as vulnerable. The truth is, businesses are still failing to implement the strong security measures that are needed in the 21st century.

Here, we identify three major issues that business cyber security faces today. These are areas where many are failing to implement the right policies and procedures or having difficulty keeping up with the latest technological advances through lack of time and lack of budget.

1. Prioritising Cyber Security Risk Management Across the Business

Many companies we speak to say they have difficulty managing cyber security risks across their whole enterprise. There’s no doubt that the security landscape has become increasingly complicated over the past decade, so this isn’t a surprise.

Where having a solid virus and firewall protection in place was the basic requirement in years gone by, businesses now face a whole host of different threats. This highlights the importance of not only having a full cyber security policy in place that is adaptable to future threats and changes but ensuring it is communicated properly across the business.

One important issue is the huge increase in companies that operate a “bring-your-own-device” (BYOD) policy where existing hardware is boosted by employees using their own smartphones, tablets and laptops. While these add a certain level of convenience, they also increase security concerns and challenges.

Simple processes such as updating and patching software when necessary can become a hit and miss affair with many businesses when there is not a concerted attempt to prioritise cyber security risk management.

Certain parts of the business may be protected adequately but others can still be vulnerable. In addition to this, many businesses, particularly small to medium-size enterprises, may be entirely unaware that they are vulnerable through lack of knowledge.

2. The Need for Prioritising at Management Level

We also find that executive-level managers and leaders are often most focused on creating growth and moving their business forward. An issue like cyber security does not bring in money and it can be an expensive undertaking simply to keep up with the basic requirements.

Without the input and engagement of C-suite business executives, it can’t be expected that the rest of the workforce take their responsibility seriously. When you consider that 2018 was the biggest so far for data breaches, this represents a real dereliction of duty for leadership teams and priorities are not being aligned to address the real threat of cybercrime.

3. Shortfalls in Business Cyber Security Budgets

The final, significant issue that stops businesses developing the correct IT security posture is budget. In some cases, this can be because there simply isn’t the money to develop adequate systems and processes. In others, it comes down to managers and executives prioritising budgets for other ‘more important’ projects, usually focussed on growth and business development.

This latter point is also undoubtedly influenced by a lack of understanding of the role that cyber security plays in the business environment. With this being an increasingly complicated landscape, it is difficult to keep up with the current developments without having the appropriate IT staff on board at executive level who can provide clear and meaningful advice.

For small and medium-sized businesses, employing someone directly to provide IT services is often prohibitive and can drain a significant part of the cyber security budget before any measures are even put in place.

Improving Your Business Cyber Security

The challenges facing companies of all sizes cannot be underestimated. The first step in making sure that your organisation is on top of its cyber security measures is to stop treating this issue as a purely technical problem. Businesses also trust their IT professional to ‘do the right thing’ far too often and don’t delve too deeply into the different aspects of cyber security and what it means to their operation.

In most cases:

  • Businesses want to hand over responsibility to someone else or an external third party without putting in the hard yards to understand the issues and find solutions in a more collaborative way.
  • A business can also fall into a false sense of security – nothing has happened so far, the cyber security must be working well.
  • A business may have certain areas covered but not be aware, through lack of knowledge or even lack of interest, that there are vulnerabilities elsewhere that are just as threatening.

Cyber security takes place in a broad ecosystem where each individual component has the potential to impact on its neighbour. It’s important to work with a partner that understands the current challenges in cyber security and is focused on getting to know your business and working with executives to deliver an adaptable solution that protects the entire ecosystem rather than a few small parts.

A business cyber security breach could expose your client data, stop your systems working and cause untold damage not just to your ability to function but your reputation in the wider commercial world.

At Cyan Solutions, we provide a full cyber security management and support service that protects your business, adapting to current and future threats and ensuring you receive a tailored solution that meets your needs. Contact us today to find out more.

Cyber Security Risks You Need to Focus on in 2020

When you run a business nowadays it can seem you are continually battling the potential of malware threats and cyber attacks. It’s no longer enough to have standard virus software on your desktop – anyone with a digital presence needs to have a much more strategic approach to their company security.

That’s even more important now as, according to recent reports, the biggest challenges are yet to come. With cyberattacks becoming increasingly sophisticated, business of all sizes need to make sure they have the measures in place that protect them and strategies to facilitate recovery in the event of a breach.

Here we take a closer look at what you need to be thinking about when it comes to cyber security risks as we head into the next decade.

Ransomware remains a potent threat to businesses

Ransomware is a type of malware that stops your computer from working and issues a demand for money in order to free it up again. It’s normally delivered via a link in an email the user unwittingly clicks on and which then initiates the download of the malware.

According to the statistics, around 40% of businesses have been subject to some form of ransomware attack with more than 58% of these paying up to avoid damage to their operation and reputation. Only 4% of businesses that were asked in a recent survey were confident of dealing with a ransomware attack if it happened.

Our tip: Educate and train your staff about ransomware and how to recognise it, keep software up to date, and have a backup system or recovery process in place in the event of an attack.

Phishing set to become even more sophisticated

Phishing remains the easiest way for criminal actors to get access to our data. These are emails that purport to be from genuine sources that you may recognise, but attempt to coerce you into giving away vital information – such as your login credentials. While they are the most popular way of gaining access to privileged information, they can also be used to deliver ransomware, or hack systems.

Our tip: Always check who is really sending you an email before you click on any link. When in doubt, do not click.

Third-party IT that puts your business at risk

The biggest problem with today’s digital environment is that we’re all so well connected online. While this is great for better communication and productivity, it also presents problems when it comes to cyber security risks. Vendors may have information concerning your company and your customers or clients that can be at risk if they don’t have the right security measures in place. If they get attacked there could be a knock-on effect for your business.

Our tip: Be careful who you do business with and what information you share with vendors and third party suppliers. You need a process in place for handling liability and protecting sensitive data and ensuring that partners have a high level of cyber security in place.

The cyber security risks of cloud

There’s no doubt that using cloud-based services has added to the productivity and success of many businesses around the world. There are plenty of strengths here – you don’t have to worry about how to work remotely, your systems get updated without you having to do anything and you can tailor your IT provision to your needs.

But there are also cyber security risks that you need to understand here. Choose the wrong partner and you can find your company data at risk and your business subject to reputational damage.

Our tip: Make sure you partner with a reputable cloud service provider who has a good track record and protects your business while still being responsive to your needs.

The Hidden Threat of the Internet of Things

Almost everything with a digital footprint is beginning to get connected to everything else. Most of us own at least one smart device, whether that’s a mobile phone, smart TV or voice command box such as Alexa. Our heating can be connected up to our smartphone, we can even monitor home appliances while we’re on holiday, change the lighting remotely in the office or perform a host of other tasks.

The trouble is that the Internet of Things is designed for convenience rather than security. Many businesses that produce systems with an internet connection have found underlying flaws that may mean they are vulnerable to cyberattack.

Our tip: This is one to keep a close eye on, especially if you use a lot of smart technology in your office. Understand what you have and how it connects together and make sure you use strong passwords for the devices you own.

Expect to spend more on cyber security

While some business owners may baulk at the thought of paying more if you’re not properly protected it can have devastating consequences for if you are the victim of a cyber attack. It pays to make sure you have the right strategy in place and work with an IT service provider that delivers on your cyber security requirements.

According to research by the Department for Digital, Culture, Media and Sport:

  • The average cost to a UK business of a data breach is £4,180 (not including reputational damage).
  • Nearly 50% of businesses have identified a breach in the last year.
  • Only 31% of businesses have done a cyber security risk assessment in the last year.

Businesses need to be more focused on what cyber security measures they have in place. Yes, that may well lead to a bigger spend. This is especially true as attacks become increasingly sophisticated. But it’s worth it in the long run.

Our tip: Work closely with your IT service provider to ensure that you have the right measures in place but also formulate a cyber security budget and ensure this is invested in protecting your critical assets.

Data compliance means having a robust security strategy in place

Finally, with the introduction of the General Data Protection Regulation (GDPR), even more onus has been put on businesses to include operational measures that keep the personal data of their customers safe. While a breach will damage your reputation, it also puts you at risk of a substantial fine if you are on the wrong side of the current rules.

According to recent reports, many companies are still not compliant and are putting themselves at risk.

Our tip: Get together with your IT service provider to make sure that your company meets the current regulations and has the processes and strategic support in place to deal with a data breach or cyber attack.

If you are looking for an IT partner who can deliver on all your needs, contact the team at Cyan today.

What to Include in Your IT Strategy in 2020

It can be easy to focus almost exclusively on your business sales and how many customers you need to find over the next 12 to 18 months. One area that needs just as much attention is your IT strategy, in particular how it aligns and supports your business goals.

For a start, too many companies, especially small to medium size businesses, look at their IT support as a static part of their operation.

In fact, any IT strategy needs regular review and must move with the times and challenges to remain relevant. It’s not just about what cyber security measures you have in place either, but the whole integration and functioning of your digital infrastructure.

An effective IT strategy will deliver a number of different benefits:

  • Enhance the overall security posture for your business online.
  • Improve ROI and boosting sales.
  • Embrace new technologies to improve business processes.
  • Spend less time worrying about your IT and more time growing your business.

Undertake an IT & business goal audit

Before you can put together a realistic IT strategy, you need to understand where your business currently sits. A needs assessment or audit is designed to highlight the areas where you may have shortcomings or might want to update or evolve your systems. It can also show where your IT is working well.

This can be a lengthy process depending on the size of your company but will give you a firm basis from which to develop future plans.

What you need at the same time, however, is to align your future IT strategy with your business goals. The more you understand the synergy between your business goals and your future IT strategy, the better equipped you will be to grow and succeed for the future.

Your IT audit should cover a number of areas:

  • What is the purpose of your IT strategy? How long does it cover and who are the important stakeholders involved in its implementation?
  • Look at what current technology you use, assess its life expectancy and create a clear inventory.
  • Look at what technical solutions you ideally need in place to support your business goals over the next few years. For example, if your aim is to reduce office costs and include more remote workers, you may want to look at file sharing and collaboration cloud-based software for your business.
  • You will need to allocate a realistic budget for the existing provision and any changes you need to make to provide your IT support.
  • There are going to be limitations on what you can do depending on that budget and you should also understand how to work within these.
  • If you are introducing new IT systems, one key factor is going to be how you implement them – What disruption is there going to be? How long is it going to take? What training do staff need?
  • It’s important to build a framework where everything comes together including timelines for implementation and how you measure success. The better your metrics are here, the more efficiently you should be able to implement any changes or improvements to existing IT infrastructure.

Cyber security considerations

One area you will certainly need to be focused on in 2020 is cyber security. There’s no doubt the challenges are increasing in this area and keeping up to date is vitally important. Smaller businesses tend to assume they are less at risk from cyber security attacks than large corporations. Nothing could be further from the truth – SMEs are seen as a prime target because they are often less protected.

You need to include a review of your current cyber security measures in your IT strategy and look at how these can be strengthened. With advances in cloud services and AI you also need a service that is flexible and easily updated.

  • How do you defend your systems from cyber security risks?
  • What systems do you currently have in place and are these fit for purpose?
  • What processes do you have in place for training staff on potential cyber security threats?
  • How do you deal with third party suppliers and the security threat they may pose?

At the very least, your IT strategy needs to include a comprehensive examination of cyber security risks and how you intend to deal with them in 2020. That’s even more important in light of the new General Data Protection Regulation and legal requirements all businesses have to meet.

Opting for on-demand services

Things have changed when it comes to IT and many businesses nowadays opt for third party on-demand solutions. These can include everything from cyber security to cloud computing and digital storage.

What this brings is the ability to tailor your provision and budget better in running your business. Most services are eminently scalable so if you suddenly see a surge in growth you will have systems in place that can react efficiently and appropriately.

If you are searching for flexibility, scalability and efficiency in your IT strategy, switching to a subscription-based solution is going to make a huge difference.

Automation and AI can make life easier

It’s the general point of IT to make it easier for a business to operate. Putting aside the cyber security support you might hope to achieve, your infrastructure needs to take advantage of the various digital transformations that are taking place at the moment.

Key to this is the growing inclusion of automation and AI in digital processes. This is particularly important for smaller businesses that want to compete with bigger companies but lack the resources to do so. AI can help, for example, with delivering a great customer service experience. Automation can mean your business doesn’t have to rely on staff to do often menial but important tasks and can even replace roles completely.

Your IT strategy for 2020 should be exploring all potential avenues and matching them to your current business goals. Put the right processes in place and they should help to move your business forward faster than you think.

Working with a great IT support service

An IT strategy can be complex and demanding to put together. That’s why it’s important to work with an IT service provider that understands business and can help you implement the core changes that are going to make a significant difference to your performance over the next 12 months.

At Cyan, we have a track record of helping businesses of all sizes match their goals for growth with their IT strategy. Contact us today to find out more.

10 Questions to Ask About Your IT Service Provider in 2020

Whether you’re a small business or a large one, how you spend your budget with the help of your IT service provider is important.

Not only do you want value for money, you also need to cover the bases when it comes to security as well general and specialist IT support, including cloud services.

Ideally, you want an IT service provider that is looking ahead with you and has a plan for your business as you move towards 2020.

Here are 10 important questions to ask your current provider:

1. Can your IT service provider meet your 2020 business needs?

IT budgeting of any kind doesn’t work unless you have a road map ahead; a plan of what you want to achieve and how you’re going to get there.

While your business might have a clear idea of what it wants to do in 2020, it also needs to do this against a backdrop of IT that can deliver against business objectives, and strong cyber security. You’re IT service provider should have an implicit understanding of your business goals and have in place a strategy that tailors with your needs.

2. Is some of your technology holding your business back?

Most businesses that have adequate technology in place will tend to hang onto it until the last possible moment. That’s largely because they have invested significant time in training their staff and spent money to implement the system in the first place.

There comes a moment, however, when that legacy system is going to start holding your business back and may even contribute to a failure to reach future goals. Your IT service provider should have a clear understanding of what function your systems perform and be able to offer solutions should you need to change or upgrade.

3. What tech will your business need to replace or upgrade as you head into 2020?

This is a key IT budgeting theme for businesses that are looking to grow. They must look at the cost of moving to a new system as well as the impact of any delay in delivering their services while it beds in and the time and effort involved in training staff.

It means being sure you are making changes that are needed and will be profitable rather than jumping onto the latest tech trend or investing in systems purely to solve an operational pain without fully understanding the wider business impact.

4. What new technology is on the horizon and will it benefit your business?

There’s no doubt that the rate of development in IT services has grown considerably over the last few years. Picking the right one for your business is a major challenge.

These systems will need to be integrated to work across all areas of your business and that will take time and planning. Your IT service provider should have a handle on all the options available, what it takes to implement each and the impact on your business.

5. What is the cost of migrating to the cloud for your business?

One of the biggest changes in recent years is the availability and power of cloud services. These have offered digital transformation on a grand scale for many businesses – employees can work on the move, collaborate remotely and have instant access to updates. In addition, sales teams can get hold of vital data on their laptops or smartphones, working from home with access to the right tools is not only viable but desirable as overall productivity will improve.

But swapping to the cloud and migrating all your services takes time and money to achieve. Your IT service provider should be able to recommend a range of options to ensure the best fit for your needs at a cost you can afford.

6. Are your disaster recovery solutions fit for purpose?

No business likes to think that their systems will crash, or data might be lost. In our highly technological world, however, it remains a real risk. The disaster recovery solutions that your IT service provider has in place may not be required right now but they are an imperative part of your business you cannot afford to ignore.

You need to be confident, however, that your IT company has all the right processes in place and can get your business back up and running quickly if something happens. Your business continuity plan should be tested regularly and your IT service provider should evidence this.

7. What cyber security risks will businesses face in 2020?

That brings us to one of the incontrovertible challenges of our digital age. Any business that operates online faces numerous cyber security risks. It’s important your IT service provider has a solid finger on the pulse of cyber security and understands the threats businesses face as we go into the next decade.

One common risk is ransomware, malware that can take over your IT system and then be used to extort money from your business. Your IT service provider should be able to work with you to make sure that you have the best cyber security policies, procedures and software in place.

8. Do you have access to a cyber security expert who can tailor solutions for your business?

Cyber security for businesses is not a one size fits all solution and many different sectors have their own particular challenges. Your IT service provider needs to have the expertise on board that can deliver real solutions that protect your business. If they do not, your systems and data may be at risk.

9. Where does your IT service provider source its top talent?

There is currently a tech talent shortage and finding the top performers that will support your business is challenging. It’s important to look at how your IT service provider sources its employees, what training they provide and what sort of staff turnover they have.

One way to do this is to explore their culture and how they treat their staff. It’s a general rule that when employees feel valued and are paid appropriately, have a decent work-life balance and opportunity to progress, they are more likely to stick around than go work for someone else. Ultimately you need confidence in the team supporting your IT, and if members of that team change frequently, this will have a detrimental impact on support.

10. What other technology will help drive your business forward in 2020?

Technology takes many forms and your business will need to integrate many types into your growth model as time progresses. It could be something as simple as:

  • Moving to new, high tech premises if you are a software company.
  • Implementing a brand new sales app that employees can use on the move if you have a large sales force that is out on the road.
  • Bringing third-party suppliers in from outside and working with their technology and processes.

Your IT service provider should fully understand your current provision and objectives before they can suggest ways to help improve business processes or develop and integrate robust solutions when you need to adapt.

All these factors should help you determine how you will spend your IT budget in 2020 and what your priorities are going to be. Your IT service provider should be able to work with you to produce a road map and help you implement the changes that may be needed to achieve your goals. It’s important to ask the right questions though.

If you’re not 100% confident you’re partnered with the right IT service provider to take you in to 2020, it’s not too late to change. Contact the team at Cyan Solutions today for an informal chat about your needs.

What Does Digital Transformation Mean for Your Business in 2020?

There’s no doubt that the world of business has changed dramatically over the last twenty years. Our reliance on the digital platforms from websites and apps to pay per click advertising and social media, means that marketing to the general public is now a much more complicated affair.

Businesses have ready access to cloud IT, productivity software and a range of communication tools that, just a few years ago, would have been inconceivable to many.

What is digital transformation?

When a new digital technology comes along, you have the choice of ignoring it or using it to improve your company processes. Digital transformation generally causes some form of disruption.

Cloud services, for example, have reduced the burden of having in-house IT infrastructure. It’s given on-the-move access to important software and communication tools – staff can work remotely and have everything they need because their smart device holds the latest tools.

The disruption this form of digital transformation creates can be seen in the way many businesses are now confident employing remote/home workers to save on traditional office costs.

What does digital transformation mean for your business?

The challenge and potential of digital transformation is not so much about new software and upcoming innovations, however. It’s how your business incorporates them into its procedure, how it chooses the right tools at the right moment and how it ensures that this is all fit for purpose at both a strategic and implementation level.

Get it right and digital transformation has a number of distinct advantages:

  1. Staying Competitive
    The vast majority of businesses do not exist in a vacuum. A new technology that comes to market and makes processes more efficient may be taken up by your nearest competitor giving them a big advantage. If they are using AI to keep customers informed and happy, for example, and you are not, they’re stealing a march because their reputation is being enhanced.
  2. Becoming more productive
    One of the key reasons for undergoing a digital transformation is to make your business more productive. There is no advantage in reinventing the wheel but if that wheel is longer-lasting, improves fuel efficiency, and comfort, then it’s worth focusing on.Software like Office 365, online file-sharing and collaboration apps, and bespoke CRM’s are all examples that highlight how digital transformation has streamlined work processes and allowed businesses of all types, including start-ups, to become highly efficient and competitive in the market place.In many businesses nowadays, for example, the workforce is not contained within one office but spread throughout an area, with employees operating remotely – saving on hardware and staffing costs.
  3. Increased revenue
    At the root of all digital transformation is increased revenue for the company concerned. Whether that’s from making processes efficient and reducing staffing costs or through improving marketing communications with customers to boost sales, the single biggest factor in making a change is that all-important bottom line.
  4. Better customer relations
    Developments in AI in recent times have allowed businesses to reach out and communicate with existing and potential customers in new and innovative way. This is one area that will continue in the next few years. Another digital transformation is the variety of ways in which those customers can pay for products or services.

Staying on top of digital transformation in 2020

The challenge that all businesses have had is when and how to implement any relevant digital transformations. In 2020, this is set to remain a hugely important factor and one which will become increasingly difficult as technology evolves. Working closely with your IT service provider is going to be imperative and choosing the right moment to expand and implement will be vital.

Here are just a few of the ways digital transformation is going to have an impact in 2020:

  • The potential of 5G
    5G is finally rolling out and will take us to the next level when it comes to connectivity. Users will see faster download speeds, up to 20 times 4G. This is likely to revolutionise remote working and make it increasingly important for businesses that are trying to keep down their operational costs.5G will also feed into areas such as AI and the Internet of Things but the full impact may not be seen in business for a few more years. What you should see, however, is an increasing number of options, so keeping up with the latest tech developments is going to be vital.
  • AI and customer service
    Chatbots have had mixed reviews over the past few years and not everyone is keen on them. Businesses have found, however, that a reliable AI help service will deliver answers on the most asked questions for customers and can be a powerful time-saving tool.According to Gartner, nearly half of businesses will start to invest more in AI to streamline processes and provide a better service to customers in 2020. The good news is that those customers are also on board – we’re more focused on getting the answer we want than worrying whether we’re talking to a bot or not.
  • Analytics and staying competitive
    Analysing how your business is performing is key to success nowadays, especially online. One area where digital transformation has improved things over the last decade or so is with the various analytics packages available that provide telling insights into content performance and customer behaviour.We are now in the age of big data and the information that this provides can be seriously transformational if your business is able to leverage it effectively.
  • Security, privacy and transparency – your customers want it all!
    With the implementation of GDPR, there is a lot more pressure on businesses to ensure they have the right security measures in place. Cyber attacks are on the increase and customers expect the companies they do business with on a daily basis to protect their data.But customers also want your business to be open and transparent about what you do with that data. The challenges facing even small businesses nowadays means that a comprehensive cyber security and data protection policy is not simply something on a wishlist but an urgent necessity and one that is legally required.

Putting digital transformation at the heart of your business

Digital transformations are exciting and full of potential. But how do you know if the next innovation is right for your business? Is it best to implement something straight away and steal a march on your competitors or wait and see what the impact and advantages are?

It’s not easy for businesses to forge ahead with changes of this kind. Digital transformation generally needs money and time to implement, staff have to be trained, the effectiveness measured and changes made to adapt conditions to the needs of the business.

From IT transformation consultancy to robust cyber security, Cyan Solutions have the team in place who can provide a tailored approach to your next digital transformation challenge. Contact us today to find out more.

IT Security Strategy: What You Need to Know

Most businesses are critically dependent on the internet. Survival means having a strong IT security strategy in place. The hacking of telecommunications giant Talk Talk in 2015 reminds us that it’s not just smaller businesses that are at risk either.

The Government has taken steps to build a national cybersecurity strategy and this acknowledges that threats can come from many different sources: foreign governments or state sponsored actors, terrorists, hackers, hacktivists concerned about a particular issue, and even insiders, people who work for a company and who have a grievance of some sort.

Protecting your business has never been more important or more challenging. Having the right tools and processes in place is key if you want to stay safe.

How to Develop an IT Security Strategy

The digital landscape has become increasingly complicated over the last couple of decades. Businesses will not only operate online through portals and third-party sites but use tools such as social media to market their services and products. On top of that, they will have key IT requirements within their office environment that need solutions. Many will use remote working and promote collaboration and better communication through cloud-based services.

All this means that there is no clearly defined, one-size-fits-all IT security strategy for modern businesses.

1. Understand What You Have

The first major step to developing the appropriate IT security strategy is defining what you are trying to protect in the first place. Yes, you may have lots of customer and employee data but what about documents relating to your business such as your plan for the future or a new product you are intending to bring onto the market?

To make sense of everything, you need to understand what each asset is and clearly define its value to your business.

2. IT Security Risk Assessment

The next part of the process is to look at the current state of your IT security in relation to these assets and whether it fulfils its purpose. A risk assessment looks at a range of different aspects of your business, including the software you have in place, who has access to data, what they do with it when they are using it, and what protocols other than digital that you have in place to ensure security.

3. Elements of Strong Cybersecurity

The Government has produced a useful infographic (download here) relating to IT security which includes 10 steps all businesses and organisations should be taking:

  1. You need to implement a risk management regime that allows you to regularly review your cybersecurity processes.
  2. You must protect your network from attacks using anti-virus software and other technological solutions.
  3. You need a process in place to educate users and build awareness through activities such as staff training and the production of easy to follow practices (such as having a definitive password policy for your business).
  4. You need to establish anti-malware practices and defences to protect your business like having the appropriate software and educating staff on threats such as phishing emails.
  5. You need to limit or control the use of removable media such as flash sticks which can hold malware.
  6. You need to update your systems when a new patch or update is available and ensure they are configured properly across your whole business.
  7. You should carefully manage user privileges particularly for parts of your network that have access to sensitive data.
  8. Your business should have a process in place for handling any breach incidents or disaster recovery and be able to test these plans. If you lose data for whatever reason, being able to get up and running again may be vital to the survival of your business.
  9. Your business also needs to have in place a system or protocol for monitoring your IT and cybersecurity, producing reports and understanding if you are at risk of attack.
  10. You need to develop a policy for home and mobile working especially if you advocate using BYOD. Your company needs to create a secure baseline for all devices and build this into its cybersecurity activity.

While many businesses will be able to implement some of these measures, it can be challenging to get them all in place. That’s why it’s important to work with an IT and cybersecurity specialist to make sure all the bases are covered.

At Cyan Solutions, we have the teams in place who will be able to help you develop a robust IT security strategy that will safeguard your business now and in the future. Contact us today to find out more.