How Often Should You Audit Your Business Cybersecurity?

For many businesses, cybersecurity tends to sit in the background. It’s something we often seem to have a lot of confidence in without really fully understanding it. The only time we pay attention and question its suitability is when something goes wrong.

As it is one of the more important parts of running a modern company or organisation, it pays to step back and have a review of your cybersecurity processes, software and hardware on a regular basis.

According to Forbes recently, cyberattacks are only like to get smarter over the next few years and we all need to be on guard to prevent breaches.

Why You Need Regular Cyber Security Audits

The first thing to note is that you can’t say whether your business cybersecurity is performing as expected unless you carry out an audit. Most IT services will advise that this needs to be done on a regular basis, either monthly, quarterly or even just twice a year as a bear minimum.

A lot will depend on the size of your organisation or business, of course, and how many different departments you have. It’s much easier to keep track of a company that has ten employees than one which has thousands. Another factor is the amount of confidential data you handle and the sector you operate in.

What is a Cybersecurity Audit?

A regular audit is something that can be carried out fairly easily and, in some cases, remotely. It’s a service that many outsourced IT support companies provide nowadays. If there has been an incident or issue with your IT infrastructure, however, it pays to have a more in-depth audit that considers a wider range of parameters.

This kind of audit tends to use more advanced technology and will not only look at the software installed but the practices that you employ in your business.

You may have had a security breach or data loss, for example. It’s important to discover how this occurred and what processes you need to put in place to improve security. Or you may have updated or put in a new system, in which case, you’ll want to ensure your cybersecurity is working well with it.

There can be plenty of other reasons to carry out a more intensive audit. For example, if the compliance laws change for your business (as happened for many companies with the new GDPR). Perhaps you’ve merged with another business and want to ensure IT services across the board are uniform.

Outsourcing Your Business Cybersecurity Audit

It’s important to work with a partner that is able to deliver the kind of audit you are looking for. There are off-the-shelf auditing packages available but these may not be entirely suitable, especially if your company has specific cybersecurity needs.

Outsourcing your business cybersecurity audit to a third party is the most popular route and has a number of advantages, not least that you have access to the appropriate level of expertise. It’s not easy to find suitable companies that have a track record of delivering security testing within a range of organisations.

You should be looking for one that has a deep knowledge of operating platforms and understands how your business security fits into these and other IT deliverables. The other thing you will want is an IT audit service that will give you clear reports which you can then act on. Good communication is key.

While you may be able to undertake at least some of this internally, for a deeper audit most companies will lack the appropriately qualified staff. Even using the latest auditing software, it can be difficult to decipher the results and come up with appropriate recommendations if you do not have expertise in this area.

A competent audit team will be able to:

  • Interpret the data from your audit and understand how to action any changes to your systems.
  • Prioritise which are the most important factors and what steps you need to follow to improve your business cybersecurity.
  • Understand if information is missing and what other software and scans need to be applied to provide a full picture of your current cybersecurity.
  • Set benchmarks so that you have a baseline for future audits and a clear understanding of what you need to achieve.

At Cyan Solutions, we work with a wide range of businesses across different sectors. We understand that each company has its own set of requirements when it comes to fulfilling strong cybersecurity. Our team works closely with all stakeholders to ensure that we deliver a robust audit that keeps your business safe.

Contact us today to find out more.

Managing Cybersecurity Solutions for SMEs

Small and medium size businesses have particular challenges when it comes to cybersecurity solutions. Size doesn’t always equate to vulnerability but the fact that SMEs have lower budgets can be a major issue when it comes to protection.

Making the right choices when managing your cybersecurity needs, therefore, is important and the most recent statistic back this up.

In a 2018 survey by Ipsos Mori, two out of five small businesses identified a cybersecurity breach in the previous year. In 17% of these cases, the breach prevented the company from operating properly for at least a day. The more troubling statistic, however, is that only 58% of small businesses are likely to have sought out information or advice about cybersecurity.

Cybersecurity and GDPR

One major change your small business needs to understand is the General Data Protection Regulation. This was brought in last year and basically means that any business that holds data (which means the majority of companies or organisations) has a duty of care to protect it. That includes having the appropriate cybersecurity solutions in place, including what to do if there is a breach.

The problem is that hackers and malware developers generally unleash their nefarious activities indiscriminately and smaller, less protected businesses are a target. It’s not unusual for a hacker to specifically target a certain corporation or larger organisation but it’s rarer than the millions of attack attempts that take place on small and medium size businesses as a whole around the world.

How to Manage Your Cybersecurity Solutions

A data breach or cyberattack can happen to any business and the consequences is not just loss of customer information but damage to reputation. It can take a long time to recover. That’s why your business needs to have certain building blocks in place to help combat any potential online attack.

Here are the vital components that you need to have for your business to mitigate the risk of cyber-attack.

  • Patch management: While they might be slightly annoying on older devices, patches are there to make sure your operating system is up to date and properly protected. You’d be amazed at the number of businesses that turn automatic updating off and leave their systems open to hacking and virus attacks.
  • Regular back-ups: Another mistake that SMEs make is not backing up their data regularly. This is relatively easy to do nowadays and there’s really no excuse for not doing it. If your system crashes or your data is stolen or infected with malware, back-up allows you to recover everything and get back up and running.
  • Data encryption: This should be standard for any business, whatever it’s size. It ensures that any information in transit is kept protected, particularly when it comes to financial data.
  • Firewalls, anti-malware and anti-phishing tools: The tools that we use for our home computers are not necessarily the same that we should be using for a business that has a lot of data. Working with your IT supplier is vital to ensure that you have the appropriate software to suit your industry.
  • Mobile device management: With so many of us using our own smartphones and tablets nowadays, your business needs to understand the risks that this involves. You should have a clear, set policy for staff who use BYOD and regularly make checks to ensure this is being complied with.
  • Two factor authentication: This is where an additional authentication such as an SMS text is used above and beyond the standard password to ensure the identity of the individual looking to gain access to your data. It’s now the industry standard when it comes to logging in to accounts.
  • Secure collaboration tools: Many SMEs make use of a range of collaborative tools including Office 365, Google Docs, Dropbox and the like. Mitigating the risks of using these tools is vital in maintaining the security of your company.
  • Incident response: How you respond to an incident such as a data breach is almost as important as having the processes in place to prevent it happening. Especially since the introduction of GDPR, small businesses have a duty of a care and obligation to have the appropriate steps in place.

How to Review Your Cybersecurity Solutions

It can be pretty easy to pay less attention than you should to your IT and cybersecurity. As a small business, you probably have a lot more to worry about. Failure to spot issues or make sure your security is up to date can, however, have catastrophic consequences.

If you would like to review your current cybersecurity practices, contact the team at Cyan Solutions today to see how we can help.

Tips for Finding the Best IT Consulting Solutions

It can be difficult staying up-to-date with the latest advances in technology or understanding how these can benefit your business if they are implemented. Most business owners don’t completely understand what a managed IT solution can provide or how it fits in with the way their company currently runs.

There are also plenty of companies offering IT consulting solutions ‘tailored’ to your needs out there, each promising the earth. But which one should you chose? How do you separate the worthwhile IT consultants from the ones that are likely to hold your business back?

Your IT partner can make a huge difference to the success or failure of your business and how competitive it is. Here are our tips for finding the right company:

1. Understand What You Need

You need to be able to match the services on offer to complement your business activities. Take a look at your short and long term goals and then find out what IT consulting solutions are going to benefit these.

You might want high levels of security because of the kind of data you handle, or services that constantly monitor your threat status and automatically provide solutions. You may want to introduce new cloud services so that your staff are able to perform more productively.

2. Take Your Time

Finding the best IT consultant to work with can take time. There are lots of options online and you shouldn’t rush, or allow yourself to be rushed, into picking this company or that company. It’s better to take some extra time, including having a cooling off period before you finally decide, to ensure you get the best partner for the future development of your business.

3. Look for Expertise

The best IT consulting solutions are the ones that have a range of expertise available. You rarely get this from one person businesses – they can be stretched for time and certainly won’t have the level of knowledge you are looking for. You should check not only the number of staff they have on board but what their specialisations are.

It’s important to interview your prospective IT consultancy and find out all you can about them. Check for online reviews and ask for referrals.

4. Does It Fit Your Needs

If you’ve made a list of what you are looking for as a business, done your due diligence and matched up the various services you require, the final thing you need to decide is whether the IT service meets your needs and ticks all the right boxes. Some extra areas to consider are how long they have been operating and whether they are able to respond to your changing needs.

IT Consulting Solutions: Why Choose Cyan?

At Cyan we pride ourselves in being a flexible, high tech solution for today’s modern businesses. We offer a range of different services that can be tailored to your needs. If you want to start small and cover just a few areas of IT support, we can certainly help with that. The good news is that our provision is scalable – which means, as your requirements change, so can our service.

We work closely with our customers to identify the areas where they need support. Here are just some of the things we can help your business with:

Managed IT Support: For many businesses, IT can take up much more time than they have to offer internally. A managed IT solution basically takes the weight off your shoulders and provides the full service and maintenance you need at a cost you can afford.

Cyber Security: Safety of data is probably the biggest worry that businesses have nowadays. Your success depends on having a secure eco-system, protecting your from both financial and reputational damage. At Cyan, our expert team helps put in all the processes that protect your business, including managed firewalls and anti-virus software that is fit for purpose.

Cloud Services: More and more businesses are using the cloud to deliver flexibility and agility for their employees. Our subscription-based services mean that you can keep control of the costs and give your staff the tools they need to achieve your goals.

Virtual CIO Consultancy Services: Most businesses don’t have the finances to employ a Chief Information Officer on site. Our virtual service means that you can access the latest advice and technology to drive your business forward at a fraction of the cost.

IT consulting solutions can be complicated and are challenging to get right. If your business is looking for a partner that can deliver tailored services and grow and scale as you develop, contact the team at Cyan today.

Digital Transformation Of Social Housing – Top Five Trends

It is necessary for every business in every industry to adapt and change their business model to accommodate their customer’s changing behaviours and expectations, and housing associations are no exception. Digital technology is not only about conversions, transactions and growing revenue; it is vital for streamlining processes, optimisation and improving the customer experience.

As digital technologies take the world by storm, embracing these is vital for a housing association to grow and thrive. Some have already begun to tackle this challenge by transforming their IT infrastructures to keep up the high demands of today’s digital world.

Social housing is a rapidly changing industry with many housing associations struggling because of funding cuts, rent freezes and reduced investments. When it comes digitalisation, the social housing sector is not as far advanced as other industries, with many housing associations sceptical of investing in a digital transformation or not having the budget to do so.

However, this is slowly beginning to change as more and more housing associations are starting to see the benefits of going digital. Here are the top five trends we expect to see a rise with the digital transformation of social housing:

Five Digital Trends For Social Housing

 

1. A Remote Workforce

With the rise of cloud technologies, it is now possible for housing association teams to work remotely, allowing them to focus their time and energy on being out among their tenants. Having a digitally enabled and mobile workforce reduces the need for physical office locations within neighbourhoods.

Remote working allows workers to be more connected with those that need help the most. Less time will be spent on the mundane transactions, and more focus can be made on what really matters; enabling the organisation to become more human with greater face to face interactions.

2. Online Processes

Embracing advances in technology can reduce the amount of paperwork and manual processes required. Customer applications can be moved online which will not only provide a seamless and easy experience for customers but also reduce costs and response times compared with manual, offline applications.

Removing paperwork will free up resources for employees to focus their time and effort on other areas of the business. Moving transaction processes online also offers excellent cost savings for housing associations, with online payments being 20 times cheaper than phone transactions and an incredible 50 times cheaper than face to face.

3. Better Connected

The Internet of Things (IoT), connected devices and smart metres offer a great opportunity for housing associations to diversify their offerings. Embracing these innovative technologies within social housing can detect how people are using their accommodation and allow providers to alter services, such as heating, in real-time.

When used effectively, this technology can help housing associations to anticipate and handle issues faster, as well as be more proactive and strategic in commissioning repairs or replacements quicker in order to minimise costs and disruption.

4. Enhanced Customer Service

One of the most significant benefits that digitalisation has in the social housing sector is that customers will receive a better all-round service. Advice and help can be made available 24 hours a day, seven days a week with the help of a knowledge base and online account information that is always accessible.

The digital transformation of the housing industry will allow most actions to be completed online, meaning customers have no restrictions on when they can resolve their issues or speak with the correct department. Housing association workers will also be able to provide a better service to customers by spending more time out in their neighbourhoods offering a face to face service as opposed to stuck behind their computer screens.

5. Data Analysis and Record Keeping

In a world of GDPR, there are some real benefits to those within the social housing sector making a move to keep all customer data and records online as opposed to offline. A well planned online infrastructure can provide greater security for keeping online records safe and secure.

Utilising digital technologies for customer data is also an excellent opportunity for better data analysis and upkeep. Maintaining customer records online allows them to access and edit them as required, providing housing associations with current information that is easy and simple to manage.

How to embrace these digital trends

Embracing the digital transformation of social housing will bring significant efficiencies, financial stability and customer engagement. Currently, the social housing sector is being squeezed by reduced investments, funding cuts and rent freezes. At the same time, there is a growing demand from increasingly vulnerable and diverse citizens. Those housing associations that want to thrive rather than simply survive should be utilising and embracing digital solutions to transform their organisation for the better.

To help your housing organisation transform, speak to our IT specialists at Cyan Solutions. We can help your team to implement a digital strategy that can cut costs and increase the service experience.

Top 5 Ways To Avoid Phishing Emails

Five top ways to prevent phishing attacks

Cyber attacks are on the increase, and it is vital to protect yourself and your business against the rising security threats. For most companies, the employees are the weakest security link, leaving the company open to potential attacks and breaches. Over 90% of cyber attacks start with a phishing email, and recent studies suggest that the fastest growing security threat to businesses is no longer malware but impersonation email attacks.

The reason employees are often the weakest link in your security is due to human error, and cyber attackers have learnt it is easier to trick someone into revealing secure information such as logins and passwords, rather than trying to exploit a secure system. The number of impersonation email attacks sent has increased by 50% quarter-over-quarter compared with malware and harmful files being sent rising by 15%. This means your business is seven times more likely to be subject to an impersonation email attack than a malware attack.

The figures are staggering, and even still there are thousands of companies out there who are not doing everything they can to protect themselves against phishing emails. The most common type of phishing emails is spear phishing; a highly targeted scam email that is sent to a business or individual. If the cybercriminal does enough research into an individual or business, spear phishing can be very effective, and research has shown that 97% of individuals can be tricked by a spear phishing email attack. Here are some of the top 5 ways to avoid phishing emails and protect your business.

Invest In Your Systems

One of the best ways to protect your business from phishing emails is to prevent them from getting through to your employees in the first place. There are many technological approaches to avoid phishing attacks, such as powerful filters and protection systems. Implementing a smart security system can help to identify phishing emails and block them from being received by your employees.

This is a great place to start when it comes to avoiding phishing emails, but even the best technology can’t detect every single phishing email. There will always be some that slip through the filters, so it is vital to have other precautions in place as well.

Educate Your Employees

As personnel are often the biggest downfall for a company’s security, it is essential that they are provided with appropriate training and knowledge to protect themselves against phishing emails. While many phishing emails are poorly written and easy to detect, there are often highly sophisticated attacks that are much more difficult to spot.

To properly protect your business against phishing emails you should develop an effective security education programme to raise awareness among staff of the growing cyber threats.

Go Phishing

One very effective method to identify the weak links in your security and determine where further training is required is to send phishing emails to your employees. Craft an email based on the kind of ones that your employees do receive and then measure for these main four metrics: clicking on the link, opening attachments, reporting the email and response time.

After the ‘attack’, discuss the results of the tests with your employees; it is usually best to keep results anonymous or break them down by department or team to avoid employees feeling like they are being individually called out. Your goal with this exercise should be to raise awareness and educate your employees, not to embarrass them.

Develop A Strict Protocol

Ensure you have a strict and well thought out protocol in place for phishing attacks. Encourage all employees to report all attacks or potential attacks immediately so that they can be dealt with effectively and quickly.

Make it clear that every employee can ask for help if they think they might have been a victim of a phishing email attack and be sure never to punish staff if they do get caught out; it will only discourage your employees from reporting the attacks in future. Once an attack has been reported, take steps to scan the affected devices for malware and change all passwords as soon as possible.

Review Your Digital Footprint

Cybercriminals will use information that is publicly available about your business and employees to make phishing emails more convincing. This information can be found on your website and social media accounts and is known as your digital footprint. Carefully consider what information is necessary for your website visitors and what could be used by potential attackers.

It is also vital to offer support and training to your employees on how to best manage their digital footprint; you should not expect them to remove themselves from the internet entirely but help them understand what information isn’t necessary to share.

Increase your phishing protection with Cyan Solutions

At Cyan Solutions we can develop robust IT security to reduce the risk and prevent cyber attacks. If you would like friendly advice on how to increase your IT security, talk to our experts now.

Key Technology Trends Impacting the Energy Sector

The energy sector has been evolving rapidly in recent years thanks to new and upcoming technologies. 2018 is looking to be a milestone year for the energy industry, with the introduction of many new technology trends that are set to be revolutionary in the sector.

The rise of digital has affected many businesses over the years, and the electricity industry is no exception. With everything from artificial intelligence through to increased technological demands in the home, there are a number of technology trends set to impact the energy sector over the coming months and years.

Growing Cybercrime Threat

Cyber-attacks are increasing in every industry across the globe, and the energy sector is no different. Earlier this year the United States Department of Energy announced it was planning on setting up its own Office of Cybersecurity, Energy Security and Emergency Response to tackle the upcoming security challenges. There is also evidence that hackers have been targeting the energy and nuclear facilities for the last couple of years.

Cybersecurity concerns are one of the most pressing issues within the energy sector, and as companies introduce more complex technology systems, the risk and potential for an attack are increased. Many utilities are upgrading systems to provide a higher level of grid intelligence and better communication with customers devices, opening themselves up to more potential security threats.

The Rise in Artificial Intelligence

Artificial Intelligence (AI) has evolved rapidly in recent years and provided the energy sector with a variety of new capabilities such as machine learning, cognitive analytics, deep learning and robotics process automation. These advances in technology have led to powerful systems that can automate increasingly complex workloads and develop cognitive agents that can simulate human thinking and engagement.

AI can be used in the energy sector to streamline, automate and eliminate processes within customer interactions, taking customer experience to the next level. As well as customer service benefits, AI can also be an excellent tool for customer engagement by giving companies the ability to compute a customer’s smart metre data to develop invaluable insights into their consumption habits.

Blockchain

Blockchain has been on the cards for quite some time and is slowly growing in popularity across a variety of industries. While it is currently limited within the energy sector, the potential of this technology should definitely not be ruled out, in fact, it may end up being invaluable in the industry in coming years.

Blockchain offers a permanent and transparent solution that is entirely digital making it really easy to work with. Within the energy sector, blockchain could potentially be used for easily recording transactions and contacts in a transparent and searchable form. The energy sector involves a considerable amount of customer paperwork and blockchain could provide some significant operational benefits such as easily locating records, detecting fraud and clarifying bill disputes.

3D Printing and Smart Materials

In recent years there have been significant steps forward in 3D printing, particularly with print metals becoming significantly cheaper. This will likely be used widely in the energy sector for the creation and maintaining of equipment and systems.

An increased use of smart materials would also have a significant impact on the energy market, and the use of materials that can self-heal could potentially change the industry altogether.

Digital Transformation in Homes

It is no surprise that there is an increased demand for energy in homes across the world. With technology coming on in leaps and bounds in recent years, the amount of electricity being consumed today is very different from that of a few years ago. The introduction of smart technologies such as smart lightbulbs and smart metres has transformed the way consumers use their energy within their homes, and this is only set to become more complex and readily available in the coming years.

The uptake of smart energy products by consumers has been relatively minimal so far, and according to recent research, 72% of people are unlikely to introduce any form of smart home technology in the next five years. However, the individuals who already make use of smart devices have noticed a significant impact on the day to day running of their homes. Many believe the uptake has been slow as consumers are still sceptical of smart energy products, but the market is expected to accelerate rapidly once the popularity of the technology increases.

The energy sector is set for a rapid transformation for the rest of 2018 and the following years, and those within the industry should be preparing themselves or the upcoming changes and opportunities that these technology trends are sure to bring. Not embracing these new technologies will leave your business at risk of being left behind the curve. At Cyan we have experience of providing transformational technology infrastructures for growing businesses the energy sector. Talk to us today to see how we can help your business.

Essential Data Back-Up & Disaster Recovery Tips

Even the most careful and cautious business in the world is at risk of natural and human-made disasters that could bring down essential infrastructures and systems. No matter what industry you are in or what size your business is, a foolproof data back up and disaster recovery plan is vital to protecting your company and avoiding a crisis should the worst happen.

Getting back-ups correct is no easy task, and disaster recovery is even more difficult to implement effectively. Ever changing and growing technology such as cloud solutions adds yet another layer of complexity to IT systems and is just another aspect that needs a reliable back up plan. As well as this, strict data laws such as GDPR put even more pressure on companies to protect their customer’s data and avoid security breaches.

The terms data back-up and disaster recovery are often misunderstood and misused; it is essential to understand that having a back-up plan is different from having a disaster recovery strategy and that you may need both!

What is data back up?

A data back-up is a copy of your businesses data stored on another device in a different location to your originals. Often data back-ups are in the form of a separate drive or storage device within a data centre or stored in a completely different location to everything else.

In most cases, back-ups are created on a daily basis, so your back-up file is always up to date and relevant. Cloud technology provides an automatic and remote solution for creating daily back-ups. However, some businesses still operate with a physical drive that is backed up regularly by an individual.

These data back-ups give you the ability to restore your data back to the original source should anything go wrong. When running a business, it is essential to have a back-up plan in place to protect your data from the worst-case scenario. Creating a back-up plan requires deciding what needs to be backed up, how often it needs backing up and how long it should be kept for.

You will also need to consider how and where this data will be backed up. There is a range of back-up data solutions out there and to properly understand which is right for you and your business; you first need to understand your back-up requirements fully.

What is disaster recovery?

Disaster recovery is much more in-depth than a data back up and includes having a full plan and technical solution to keep your business running should a disaster strike. To establish an effective disaster recovery plan, you first need to identify which systems are required to keep your business functioning should an incident occur and how long your business can run with each various system being offline.

Disaster recovery solutions come in many different forms; some will automatically take over from the primary system if the connection is lost, while others involve restoring the system from back-ups.

Top tips to keep your business protected

Many businesses will require both a back-up data plan and disaster recovery strategy to protect themselves from a crisis adequately. There are a few best practices that every business should follow to ensure their data and systems are effectively protected in the event of a disaster:

Plan

The most important practice for any business is to make sure you have both a back-up data plan and a disaster recovery strategy in place to protect yourself. If your data doesn’t exist in at least two different places, then it might as well not exist at all; the same can be said for your systems and workloads. Computers and the data within them make up your organisation, and if you choose not to protect them properly you could end up with nothing.

Cloud

Use the cloud to make reliable and automated back-ups. Cloud-based back-ups will back up your data over the internet and can be restored from anywhere in the world as long as you have an internet connection. Data is stored off-site and often protected from physical natural disasters such as flooding or fires. Back-ups can be arranged to complete automatically in the background, meaning you don’t have to worry about remembering to do them on a weekly or monthly basis.

Organise

Organisation is key. For a functional and reliable back up, ensure your files are organised into a sensible system. This way you will easily be able to locate your lost data should the worst happen.

Audit

When it comes to establishing an effective disaster recovery strategy, start by reviewing the basics. Audit all your internal back-up plans and determine where the areas of weaknesses are. Even the best disaster recovery plan in the world can’t recover data that hasn’t been properly backed up.

Update

Keep your disaster recovery plan current. A disaster recovery plan cannot simply be set up and then left to its own devices until it is required, it needs to be maintained and updated as the business grows and evolves. It should always be at the forefront of your mind, and whenever a system or process within your business is changed, your disaster recovery plan needs to reflect that.

To review your back-up and disaster recovery strategy, get in touch with the experts at Cyan  – we are ready to help to ensure your success.

How to Make Sure Your Staff Don’t Breach Your Data Security

It may be the cyber attacks which make the headlines, but the most common breaches are the ones that occur internally in your organisation. In fact, around 90% of data breaches are caused by human error. Staff are often responsible for data breaches, from losing a memory stick to sending the wrong file or even emailing the wrong person.

With GDPR coming to effect very soon, many companies are focusing on the technical aspects of data encryption and systems analysis to ensure compliance. However, staff training and awareness is also essential to maintain data protection compliance and reduce the risk of a breach which could cause a hefty fine under the GDPR.

So, how can your organisation manage the biggest risk of data breaches?

Five top tips to ensure staff do not breach your data security

1. Have a GDPR staff meeting

It is vital that every member of staff understand what GDPR is and how they are directly affected as a result. Explaining the risks of a €20 million or 4% of your global annual turnover fine can help staff to understand how critical data compliance is. In this meeting, you can also explain your own policies and procedures regarding data compliance. If staff understand that data breaches can lead to dismissal and disciplinary action, it can help to highlight the importance of being data aware.

2. Create a personal information training checklist

A simple checklist that can be signed by the trainer and staff member can help to make sure that staff understand data from a personal point of view. It is also an easy addition to induction training to make sure every member of the team understands your data policy. The checklist can include aspects such as;

  • Knowledge of secure passwords
  • How to lock/logoff computers when away from their desk
  • Secure shredding policy
  • Visitor area restrictions and clearance policy
  • Personal information encryption
  • Back-up and storage of data
  • Clear desk policy
  • Not opening links, downloading unknown files or opening foreign USB sticks

3. Make training relatable

Instead of an off the shelf training course, a relevant training course that covers the activities of your business will be much more interesting and engage your employees. GDPR and data protection can affect organisations in different ways. By understanding your specific risks and activities, you can make sure the training applies to the situations that your staff face.

As well as making the training bespoke to your business, it is well worth opening discussion after training to make sure employees have the chance to ask questions for any aspects they do not understand and raise ideas that can help your business from their perspective. After all, there may have been a vital process that could have been missed.

4. Create an information request policy

Frontline staff may come into contact with customers requesting knowledge of the personal information that you hold about them. As part of GDPR, individuals have the right to know what personal information that your business owns. Your staff will need to be aware how to handle an access request and ensure that no data breaches take place by fraud.

Staff will need to know that there is a maximum £10 fee for requesting information and that your team needs to respond within 40 days to any customer information request. This means that communication must be checked regularly and processed with appropriate urgency.

An essential aspect of the information request policy is when other people’s information is contained within the response given to a customer. This is a common area where a data breach can occur.

5. Keep staff aware

Data compliance is not a one-off training event; your organisation will always need to keep data compliance at the forefront of their work actions. Using incentive, games and rewards, you can help to keep GDPR and data protection relevant and prominent in the workplace.

From e-learning, customised training and checklists, you have a wealth of tools to help highlight the importance of data compliance at regular intervals. Make sure training and catch up sessions are routine and if you make any modifications to your data policy, keep the team informed and use techniques to ensure your new processes are fully understood.

It may be worth conducting mystery shopping and random testing to make sure all your staff are fully compliant, while incentives can ensure they remain enthusiastic and keen to comply.

Discover more top tips from Cyan Solutions

If you need any help in securing your company and reducing the threat of data breaches, then Cyan Solutions can help. At Cyan Solutions, our IT experts can help to assess all the internal threats that your business faces. Furthermore, we can use our experience and expertise to give you our top tips to ensure your staff are ready and prepared for data compliance changes and GDPR.

 

Monitoring The Dark Web To Stop Security Breaches Fast

We are all aware that the internet is incomprehensively massive. We know about YouTube, Google, Facebook and eBay, but what many of us often don’t realise is how much deeper the internet goes beyond those respectable and user-friendly websites. The elusive dark web is something we often hear about, but very few people properly understand what it is or how dangerous it can be.

What is the dark web?

In simple terms, the dark web is content on the world wide web that exists on ‘darknets’; these are overlay networks that require specific authorisation to access them. It forms part of the deep web, which is a part of the internet that cannot be found or indexed by search engines. Research has found that as little as 4% of the internet is available to the general public, meaning a vast 96% of the internet is made up of the dark web.

The dark web provides a hidden area where cybercriminals can act with full anonymity thanks to the heavy encryption involved. This shady corner of the internet offers several layers of secrecy by encrypting all IP addresses that work within it or even access it. It is this level of confidentiality that makes the dark web a hub for cyber attacks and underground marketplaces which trade not only your personal data but also that of your customers.

Although the dark web is buzzing with illegal activity such as cyber attacks and data breaches, it is not actually illegal to access and can be accessed by anyone who wishes too. Accessing the dark web and using it legally can surprisingly provide a fantastic resource for businesses. It gives us the opportunity to monitor the dark web’s content and ensure customer data is not being circulated and traded by cybercriminals.

Data concerns

All kinds of personal data and information on individuals can be found on the dark web and are often traded between cybercriminals and used for fraud and online attacks. Just last year it was reported that a database of around 1.4 billion account login details were published online. This included account details such as usernames, passwords and email addresses from a considerable number of well-known websites such as PayPal, Netflix and Gmail.

Once hackers get their hands on these details, they are able to automate account hijacking and take over customers’ accounts easily. Many individuals will reuse passwords across all their online accounts, meaning hackers can access a terrifying amount of data.

Why you need to protect your data

Personal data on individuals is very valuable to hackers on the dark web, and it is vital to ensure you, and your company is adequately protected against any kind of data breach. There are a huge number of ways that data can be leaked from an organisation, from accidental data spills or database misconfigurations to highly sophisticated attacks that infect systems with malicious code. With such a vast number of these data breaches happening on a daily basis across all kinds of companies and organisations it is imperative that you protect your business from potential issues.

While traditional methods of having strong security to protect your database and customer information are still essential to protecting against cyber attacks, there are new approaches that are becoming increasingly popular. Recently, we have seen a trend of more and more companies adopting a risk-management mindset, where you make the assumption that sensitive data will eventually be breached and plan accordingly.

Monitoring the dark web

The dark web can be used a powerful tool in data protection; it can often provide early insights into potential vulnerabilities in your network. By monitoring the dark web, we can often detect unknown weaknesses such as misconfigured databases and malicious insiders that are leaking your customer data. By detecting these leaks as soon as they appear on the dark web you have an early warning of vulnerabilities within your network, giving you the opportunity to resolve them before a larger and more dangerous breach occurs.

The process of monitoring the dark web for potential security threats can seem extremely overwhelming for small businesses, especially to those who are not so tech-savvy. The dark web lingers on deep and difficult to locate corners of the world wide web, so even just knowing how and where to start can be a challenge.

Protect your data with Cyan Solutions

At Cyan Solutions, we take the challenge of monitoring the dark web away. We can help you to manage your online security and use our own monitoring tools to keep track of the dark web for your business. We work in partnership with you to our services so we meet your every need.

Our tools provide us with the knowledge and assets to help prevent or limit the damage of cyber attacks by alerting you to any potential security breaches. Get in touch with our professional team of experts today to book your audit and get started on protecting yourself against the dark web’s cybercriminals.

 

The biggest risk for data breaches is your employees

In a world where technology is evolving so fast, handling data became a challenge, especially when it comes to businesses. Cyber security improved, and so did attackers. During the past few years, thousands of data breaches exposed records and personal information. The possibility of being a victim of fraud or identity theft stirred panic among people, executives included. There is no wonder why people became so protective of their personal information.

Data breaches are the most feared event that a company can encounter. The consequences can be devastating, and neither business owners or employees are accurately informed about this topic. This represents the main reason why knowing the potential causes of a data breach – along with several methods to prevent them – is essential.

Even though the clear majority of business owners consider data breaches a result of external malicious activity, the primary originators of such unfortunate events are employees. They represent the targets soon-to-be lured on by attackers, a sure method to compromise the whole company.

Nearly all business owners became aware of the implications of a data breach and started taking several measurements to prevent them from happening. Since insider threats are frequently responsible for data loss, the first step to a safer future would be imposing a strict adherence to the General Data Protection Regulation (GDPR). Most employees are not familiar with the existent rules for protecting data in a company or the severe consequences of a data breach, with GDPR in place; it is your chance to make the change and lower your risk.

Why do employees represent the biggest risk?

Data breaches can be either inadvertent or deliberate. Excluding external data leak threats such as malware, hacking, viruses, trojans and social engineering, the attention should focus on insider threats. Inadvertent data breaches are usually caused by accidental events, configuration errors, improper encryption or privilege abuse. Intentional insider threats include cyber espionage and sabotage. These are all results of either human mistakes or malicious/neglectful users or infiltrators.

By comparing the number of possible threats, any business owner can tell that employees should be feared the most. The root of insider threats is the lack of employee training. As long as they are not aware of the implications mentioned in GDPR, the exposedness to data breaches is definitely accentuated.

Training shortcomings – the aftermath

Still not convinced that raising awareness about GDPR is compulsory? 55% of cyber attacks in 2016 were as the result of insiders. Furthermore, insider threats are the most difficult to detect. Once a data breach takes place, a company’s primary goal would be finding the cause and remove it. When employees are the prime movers of a data breach, detection is a lengthy process that involves spending a lot of resources. Considering the fact that insider threats can go undetected, malicious employees can cover their tracks making the consequences even more expensive and long-drawn-out than before.

If the data breach included loss of customer personal data, the remediation costs could lead to bankruptcy, taking into account the fines and fees involved. Also, the reputation of a business which went through a data leakage is thoroughly affected. The aftermath is going to be reflected in profitability. The company will not be perceived as trustworthy any longer, leading to a decrease in client retention and a visible eroding of morale.

GDPR compliance and other training approaches

Training is the only unquestionable way to make sure that employees are acquainted with GDPR and the consequences of their actions. Through such training, business owners can highlight the importance of understanding high-risk apps, security bypassing, the inappropriate use of technology and other issues that may be encountered by an employee. By helping them comprehend;

  • How data sharing protection works
  • What they should and should not do at work
  • How to apply the lawful basis of GDPR
  • Spotting signs of malicious activity.

With this, a business owner drastically reduces the risks of encountering an internal data breach.

Proper training should be set in motion to prevent unpleasant events from the very beginning. At Cyan Solutions, we specialise in GDPR compliance preparation, creating and implementing cyber security solutions and eventually tracking existent changes through analytics. Well-conducted Data Protection Impact Assessment (DPIA) is one process that we recommend our clients should undergo to assess the possible risks of data leakage better.

Reduce the threat with Cyan Solutions

Minimising negligence and possible risks by bringing GDPR to light became a leading-edge necessity. This is no longer an option, but a requirement for any company that desires to remain out of harm’s way. At Cyan Solutions, we can help your business to mitigate the risk and make sure that all internal data risks have been analysed, maintained and reviewed. If you want to protect your firm from the risk of data breaches, speak to the team of experts at Cyan Solutions to find out how we can help.