Managing Security With Remote Workers

Remote working is increasing rapidly. Staff who are travelling for business, working at home or commuting still want access to the same information they can receive while in their workplace. The increase of remote working undeniably helps organisations as well as assisting remote workers to stay in the loop and be efficient.

With remote working, staff can be more productive, there is a contingency plan in place and data can be shared with ease. However, with the increase in remote working comes an increased risk of security breaches. Those who are accessing work data inappropriately could be breaching the security and confidentiality of the business. For the organisation, particularly with GDPR in place, it is essential to manage and bolster security systems, so that remote working does not leave your business vulnerable.

Why is managing remote working important?

With employees that are keen to access work information outside of the workplace shows a commitment and conscientiousness to your organisation. However, many employees do not realise the risk they pose to the security of your business.

Recent studies have shown that almost a quarter of employees would use free WiFi hotspots to access their work emails. As well as this, 28% of employees will email work documents to and from their personal email address. Many employees do not realise that unsecured connections such as WiFi hotspots can pose a significant threat to cybersecurity, with cybercriminals being able to access information on low-security connections.

Fortunately, there are several ways that organisations can reduce the risk and help to manage security with remote workers.

How you can manage security with remote workers

Strong passwords

Having a secure password can give protection from hackers and more peace of mind if a device is lost or stolen. Organisations can implement password requirements such as having a minimum number of characters as well as asking for multi-characters. Organisations can also ask employees to have different passwords for different systems as well as imposing a two-step log-in process.

Create public WiFi guidelines

It is not always feasible for remote workers to connect to trusted networks, particularly when travelling or staying in a hotel. However, you can create a cybersecurity policy which explains how to use public WiFi with the most care. It is wise to define what systems they can access and which they need to refrain from when using a potentially unsecured network.

Mobile device management

As well as securing mobile devices with passwords, it is also essential to help boost your security if laptops or mobiles are lost or stolen. Utilising mobile device management software or applications can help your business to track lost or stolen devices as well as implementing additional security to protect business assets on the device.

Use the cloud

Hosted cloud desktop providers will use data encryption technology to transport data throughout the company intranet. If employees log in to your system using a cloud-based virtual desktop, there will be added encryption for confidential information between the remote worker and the business. Providers of cloud-based hosted desktops will typically have a range of security certification for additional peace of mind.

Monitoring

Your business can take advantage of 24/7 monitoring of your security systems which can help to quickly identify a threat and help you to prevent or reduce the issue rapidly. 24/7 monitoring will also help your business with future security planning as you can start to uncover common problems that your business faces. Using monitoring to protect your network will include analysing all remote workers as well as all of the mobile devices in your organisation.

Training

Many employees do not receive robust cybersecurity training that includes remote working. Staff should regularly receive cybersecurity training that helps them to understand the risk and how specific actions such as using public WiFi and public computers can threaten security. Using monitoring alongside training can help you to enforce your cybersecurity policies and make it easier to focus the training on specific issues that threaten your business.

Email encryption

As emails are one of the most popular technologies for remote workers, one of easiest ways to improve your organisation’s security is by using email encryption applications. Investing in the management of corporate email and using the safest technologies for email is essential for many businesses who use email without even thinking about its vulnerabilities.

If you need help securing your IT for remote workers, call us today so we can help you plan and implement a robust cybersecurity strategy.

Our Guide To IT Budgeting

Budgeting for your business is never easy. One of the hardest aspects to budget for is your IT strategy and requirements. Whether you base it on projects, annually or quarterly, it can seem impossible to know how to budget when you must manage costs and prepare for unexpected situations.

However, when IT budgeting is crafted correctly, it can serve as a useful and influential roadmap for the future of the business and the strategy you are taking. Your budget can not only be the plan of finances but can be how you communicate where you want your technology strategy to be and how it can help the organisation as a whole.

A good IT budget will not only help you to prepare for the costs of the project or year but will also help you to set your priorities, so you know what to aim for and what is vital for your business. Not only does the budget help the IT department, but it also helps line managers in other departments. They can see and input the activities that lie ahead and help your IT plans to be supported across the company.

So, how do you start to prepare your IT budget?

How to prepare your IT budget

Firstly, the organisation needs to decide how best to allocate the IT budget. Some organisations want to assign an IT budget to each department and use a chargeback system. For some businesses, this can work, for others, it can be too complicated and challenging to instigate and work effectively. Either way, the IT department itself will need its own budget for day-to-day maintenance.

It is essential to begin your budget so that it provides a level of detail that builds a substantial case for approval but also doesn’t require micro-management. It needs to be flexible but still be a driving force behind your technology plan.

Secondly, you need to include the vital aspects of your IT budget.

Eight essentials to include in your IT budget

1. Upgrades

It is likely that you will need to upgrade outdated software and hardware and it is best to be prepared for the cost of this.

2. Staffing

While some IT staff costs may be covered through the HR budget, you may need to incorporate staff into your IT budget whether you are expanding the team, promoting, increasing training or purchasing new equipment for the team to use.

3. Software

Software can sometimes seem like an unnecessary expense, but software can help to make staff more efficient and productive, which can, therefore, cut costs and boosts profits for the overall organisation. Regarding software budgeting, always run a cost/benefit analysis. Remember, you don’t have to spend your entire budget just because you have allocated a cost.

4. Cloud

The use of cloud technology continues to increase, and your business needs to prepare for it. Whether you expand into more cloud-based solutions, require more storage or need to strengthen your cloud security systems, this will take a chunk of your budget.

5. Mobile technology

Handsets quickly become outdated, and data plans increase rapidly. You need to account for increasing spend whether this is for new employees, upgrades for all staff or incidents when devices are lost, stolen or broken. As well the devices and data, you may need to also account for applications that enhance security such as mobile device management.

6. Training

The IT department has considerable responsibility for maintaining cybersecurity across the whole organisation. As well as strengthening systems internally, the IT department will need to deliver regular training to ensure staff remain complaint with IT policies and do all they can to support cybersecurity for the business.

7. Backup

Your budget will need to account for a backup solution, whether you need data back-up to a variety of locations or upgrading your own backup hardware. Within this you may also need a back-up for internet connection should your chosen solution fail, and you need to get everyone back online quickly.

8. Disaster

Every IT budget should declare a proportion of the budget for disaster planning. There could be many aspects that go wrong, from broken hardware to data compromises or server issues. Whatever aspects that you manage within the IT department make sure to dedicate a proportion to covering any disasters that may occur.

Flexible planning

While it can be stressful to make sure every pound is allocated correctly, it is important to remember that fluctuations will happen, and you need to prepare to be flexible. Always consider your budget as a work in progress and try to tweak it where you need to so that your strategy remains on track.

If you need advice on IT budgeting or are looking to upgrade your technology solutions for cost-saving, security and efficiency, then get in touch with Cyan Solutions to find out how we can help.

Plan. Create. Maintain for GDPR compliance 

With the deadline for GDPR compliance drawing ever closer, it is becoming critical for businesses to not only plan for compliance but evaluate their strategy for effective GDPR-compliant maintenance for the future. As enforcement begins on the 25th May 2018, the firms who are not compliant will soon become apparent when fines up to 4% of global turnover or €20 million start being issued.  

With failure for compliance coming with significant risk for businesses, now is the time to implement a strategy for effective GDPR compliance. From employing Data Protection Officers or enlisting the support of a virtual CIO, organisations need to plan for compliance, create a strategy and ensure ongoing maintenance with effective results.  

So, how does your business prepare for GDPR? 

Plan: How to prepare for GDPR compliance 

Conduct a data audit 

An audit can help you to determine all of the points where data is collected and held. From there, you can map where data is collected, how it is processed and the channels that information is shared. It is important to analyse all data relationships to make sure you cover every single process.  

At Cyan Solutions, we work closely with all our customers to conduct comprehensive reviews to help create a detailed insight. Through this process, we can integrate our strategic thinking as part of your team. With auditing and our expertise in GDPR compliance, we can help to create an actionable plan to cover all of the points that you need to review and can improve. 

Questions in an audit include; 

  • How long do you keep personal data? 
  • What mechanisms are in place to safeguard data? 
  • Who do we transfer data to and is this process safe? 
  • Who has access to sensitive data? 
  • Do third parties share the data we provide? 

Become familiar with legal basis 

With individual control being at the heart of GDPR, it is essential to ascertain the legal basis for each of the data processing activities. By understanding the legal requirements, you can start to plan to refine your data collection and processing technique. For example, businesses must demonstrate that they do not collect any personal data beyond the minimum necessary for each specific processing activity.  

An activity to complete at this planning stage is a Privacy Impact Assessment. This describes the data processing activity, an assessment of its necessity and use in processing purposes and how a data protection officer is involved. Through conducting this type of review, you can understand the areas you need to streamline and refine to be compliant.  

Create: Implement a GDPR solution 

Tailor a platform 

To ensure the business is fully compliant across all teams and departments, there needs to be a cohesive system in place. With a familiar interface that helps people to carry out their normal work activities while remaining GDPR compliant and having specific access controls, staff can have an efficient platform that ensures GDPR is taken care of.  

At Cyan Solutions, we use technical architecture to tailor a platform that is specific to your business needs. We not only design a compliant and easy to use solution but also implement the strategy to make it easy for your business to migrate to a familiar system but with added flexibility, accessibility and security.  

Maintain: Track changes with analytics 

Using technical software, it is possible to monitor all changes to data throughout its lifecycle. With this, you can highlight any areas of concern for GDPR compliance. Furthermore, you can compare data to highlight any potential threats and data breaches to ensure your system remains robust and your organisation retains its GDPR compliance.  

Systems can also help you to catalogue and search for personal data across data stores. Applications such as this can help you to delete and remove data after its specific use or required time period. At Cyan Solutions, we remove the burden of maintenance by monitoring your GDPR compliance through proactive managed IT services.  

Our helpdesk is available to answer any queries and concerns while you can trust our team to safely manage your IT systems with the necessary security and back-up to maximise productivity and reduce downtime. Working with your business, we can help your IT do the hard work for you by maintaining your GDPR compliance with a proactive response and reducing the time spent reviewing compliance activities and implementing new strategies.  

Plan, create and maintain with Cyan Solutions 

If you want to find out more about how Cyan Solutions can help you to plan, create and maintain an IT system that is ready for GDPR compliance, get in touch by calling our friendly IT experts on 02392 333 365.  

Things to consider before choosing a cloud platform

Cloud based working has become the norm for many business over the past few years for a number of reasons. The implications for simplicity, enhanced productivity and accessibility are a given. But with such a range of providers and services, deciding on where to invest is no mean feat.

Opting to move your business operations to the cloud can do wonders for an organisation. It can help significantly reduce costs, remove the need for in-house IT experts and substantial hardware, and improve security. It can also dramatically enhance workflow due to better accessibility and collaboration between teams..

There is also the added benefit that it actually compliments remote working. In an era when geographical flexibility is become more and more feasible (and attractive), technology that facilitates it is a must. Cloud-based technology empowers remote workers. Cloud platforms allow for remote accessibility of key information and helps enable collaboration.

Why use a Cloud platform?

What makes cloud platforms so attractive for medium sized businesses is that they work to enable growth within an organisation by eliminating the need to focus on time consuming and potentially stressful concerns such as security, maintenance and backup. Cloud computing means that professionals can rest easy and concentrate on what matters, knowing that  IT support is ready and on hand when it is needed.

If you’re in the market for a cloud platform, there are a few things you should consider before investing:

Which cloud services are you likely to require in the long term?

Understanding which types of cloud services that they provide will obviously be important. But you shouldn’t just look at these services from the point of view of what you need right now. Consider what services you are likely to need further down the line when growth permits. You may be able to find a provider who offers these services as add-ons. For example, basic data storage is great but is there a chance you may require cloud computing services such as virtual networking infrastructure in the future?

How easy is setup for your needs and what level of customer service can be expected?

An easy setup process should be desirable for any cloud service. The ability to easily configure your account for your organisation is essential. Customer support should be first rate as you will be trusting a substantial amount of your data with the platform. Be sure to understand and acknowledge the level of technical support alongside the average response time for customer service.

Do they have a poor history of downtime?

Cloud outages are not only disruptive but they can also be very expensive. Cloud providers that repeatedly experience periods of inaccessibility should be avoided, so be sure you know the downtime history of each cloud provider you consider.

How is security monitored and measured?

Clearly security should be top priority for you, as it should also be for the cloud provider. Be sure you know where the data centre is and how safe and protected it is. Take time to read and understand the supplier’s security standards for customer access and privacy.

How do the company address potential data losses?

This is a worst case scenario, but you need to know how the issue of data losses will be rectified. What systems/agreements do they have in place that mitigate the risks of data loss and how would they compensate for data losses? Ensure you ask questions about what provisions are in place to mitigate against potential data loss as this has major implications for the ability of your business to continue trading should such a loss be incurred.

Just how secure is the cloud? (Spoiler: Very.)

One of the most important considerations for all businesses is security of information and networks. With the revolution in cloud technologies and services, there has been much discussion about security in comparison to traditional IT networks and server technology.

Cloud based technologies have had their share of press particularly in relation to security aspects. What is important is to weigh up the facts and fiction relating to security. Maybe some concerns in the past have been justified. But as cloud technology has developed many of these issues have been rectified.

It would now seem that data and apps held in the cloud could actually be more secure than traditional local server and network technology. Security and privacy issues have always been a major concern for many organisations. They’re also the greatest worries blocking cloud technology adoption. Many organisations feel that if they do not control their data and tech themselves it leaves their systems open to security breaches.

Read on to see if these fears are still well founded and find out why the cloud is actually more secure now than ever!

Data storage and security

Security wise, the physical location of where data is stored is much less important than how it is accessed. The same principle applies to cloud based and traditional storage systems. Whilst web application attacks are targeted at both Cloud and on-site environments, the on-site systems have been shown to suffer far more incidents and attacks than the cloud. So the argument that these systems leads to security breaches because you don’t own them is simply a myth.

Cloud based platforms actually perform better in avoiding attacks.  They are constructed to be more robust and secure to ensue they work effectively and securely for their clients.  Traditional systems don’t have that same focus. They are likely to be administered by network technicians who have less knowledge, expertise and up to date resources. On-site systems are simply not as secure and are therefore more vulnerable to more frequent and more catastrophic attacks.

Attackers exploit weaknesses

It has been well reported that attackers know and will exploit the systems with the weakest security. On site environments serving one organisation are less likely to upgrade their firewall security or invest in the latest technology. However, cloud providers must do so for all their clients as they serve a wider number of businesses and operate vastly larger systems.

How can you ensure cloud security for your business?

You should really focus less on the geographical location of data and systems and more on how easy it is to access them. You need to know what data and systems could be vulnerable and the level of security required to safeguard them.

Cloud based computing is often more secure than traditional systems. You should still ensure you understand how a system works in relation to location and data access prior to investing. However, cloud based systems do provide additional security layers against attacks and vulnerabilities than traditional local based technology.

Cloud computing terms – what do they even mean?

Cloud computing has become the mantra in businesses worldwide. It has revolutionised data storage and access. It has also improved the ability of organisations to work remotely, network and collaborate. However, many organisations don’t know some of the terms. If you want to brush up on cloud computing jargon read on!

Cloud computing is here to stay so it’s time to get to grips with a few buzzwords. Whilst lots of us can use it, we might not know the professional terms or what they mean. So to talk the talk about the cloud here’s a guide!

Storage-as-a-service

This is probably the most used aspect of the cloud – storing data and files remotely. It’s the foundation of what cloud computing can do for us to make remote working commonplace. Storage as a service gives a flexible way to increase storage and scale your business upwards when you need to. It’s also offers foolproof backup and recovery should disaster happen so you can have a full mirror image of your files restored. Great for businesses of all sizes as it takes care of your core working and lets staff collaborate remotely and easily.

Database-as-a-service

With Database-as-a-service you can tap and use a remotely hosted database even if you neither own nor host it. DbaaS saves on hardware, installation time and software configuration as well as maintenance costs. The database will function as though it is locally stored, allowing you to do everything from setting up tables, adding, extracting and deleting data. It has higher performance than a locally stored database and is easy to scale, removing worries about backups and recovery.

Application-as-a-service/Software-as-a-service

Commonly known as SaaS, Application-as-a-service is an application which is delivered via the internet direct to end users, primarily through a browser. These are often the most common cloud-computing services used by enterprise today, and include services such as Google Docs and Salesforce CRM.

Platform-as-a-service

Platform-as-a-service or PaaS is a category of cloud computing services that provides a full-service platform for users to develop, run and manage applications. The advantage of PaaS is that users can develop and test apps remotely without having to build and maintain the infrastructure associated with app and software development. It’s a virtual go-to shop for users who build and deploy apps and is great for remote collaboration.

Security-as-a-service

Security-as-a-service (SECaaS) refers to systems that enable delivery of core security services via the internet. This can be anything from business continuity disaster recovery right through to email security, encryption, identity and access management and data loss prevention. As a service, it has the potential to prevent a lot of headaches and downtime for business and will cut costs of a multitude of other security solutions.

Testing-as-a-service

Testing-as-a-service (TaaS) gives users the power to test local or cloud-delivered systems using remotely hosted software and services. It allows for applications to be tested without having to purchase test servers or testing software. A great way to cut costs and solve your testing problems efficiently. There are also a range of testing services under this umbrella including mobile testing as a service, and security testing as a service to name a couple.

Infrastructure-as-a-service

Infrastructure-as-a-service model means that a third party hosts all your infrastructure for your organisation. This means that hardware, software, servers, storage and other infrastructure constituents are hosted on behalf of the organisation. Using the IaaS model enables  businesses to be more scalable as demands grow or reduce. There is a big advantage in terms of saving on time for maintenance, backup, security monitoring, and reduced capital costs.

Essential time-saving apps for SMEs

Running a medium-sized business efficiently can be a daunting task, especially where your position means you have to take on many different roles. Luckily there are vast numbers of productivity apps devoted to helping SME professionals optimise their time resource. If you’re struggling to co-ordinate your business tasks and would like some inside information about which time saving apps are best, read on!

Managing a business can be a very time-consuming commitment. It requires a lot of time and energy to ensure that crucial tasks are not forgotten. Being able to prioritise is not an easy ask when the buck stops with you and you have to deal with all the little details of running your business. Knowing the right tools to keep track of your work, tasks and finances can make a world of difference.

There are many productivity apps that can help here. The irony is that you probably don’t have the time to try them all out for yourself. So to make it easier, here is our run-down of essential time-saving apps for SMEs.

Asana

Developed by Facebook co-founder Dustin Moskovitz and ex-engineer Justin Rosenstein this app focuses in on improving employee productivity using social networks.  Asana is a web and mobile application which allows teams to keep track their own tasks and those of their colleagues. At its heart is collaboration, allowing teams to create a custom workspace for different projects, each with separate tasks and due dates as well as a tick box function where users can follow, comment, tag and upload attachments and other resources.

Trello

Trello is a project management app that allows you to keep track team workflows. It uses “cards” which represent different tasks and shows their status. You can add users, attachments, comments, due dates and checklists as well as resources to these cards. It’s great for managers who want to manage but don’t want to pester their teams.

My Minutes

My Minutes is a real eye opener. This is a really simple app which brings transparency to what you do with your time and how you waste it. It helps you to take control of the amount of time you waste on other tasks when you should be focussed on something else. You can set simple, achievable goals in the shape of time-constraints, e.g. “research new prospecting techniques for 30 minutes”. A great tool for remote workers and freelancers who work alone and get distracted by tv or facebook!

Slack

Slack is the professional instant messaging platform that is used by teams across the globe. It is the ideal way to encourage communication between team members within your organisation, and allows you to organise conversations on certain points into public channels in one space. It also makes it much easier for team members to share files and images quickly and avoids having to check a load of other different apps and platforms for updates. Great for teams and remote workers alike.  Slack is one thing it’s not!

Pushover

Pushover is a great app for medium sized businesses who have multiple phones and devices to keep track of. It sends push notifications to a chosen smartphone that organises messages and notifications into one specific place. Great for those who are hotdesking and aren’t always in the office to keep in the loop.

RescueTime

RescueTime is ideal for SME professionals who find themselves getting distracted easily. It breaks down where you spend your overall time across applications and websites and holds you accountable. You can the set productivity goals and limits to the amount of time you spend on each of these. It’s great for remote workers and anyone who wants to get out the door at 4 as opposed to 5.30!