Get A Quote

[contact-form-7 404 "Not Found"]

The Geek-Guru Blog

← Older posts

GDPR Part II - Basic Overview

Posted on July 16th, 2017 by

What does the GDPR cover?

The GDPR covers any information processed by your organisation in regard to a natural person or data subject. In plain English that’s any identifiable person that is still alive. The GDPR covers personally identifiable information (PII) and includes any set of information that can be used to identify a Data Subject including (but not limited to) names, addresses, email addresses and financial data.

Does it apply to my organisation?

Yes! It’s as simple as that – it applies to every organisation in the UK and Europe irrelevant of the outcome of Brexit talks.

What are the main principals of the GDPR?

The GDPR covers the collection, processing, storage and destruction of sensitive data. We’ll cover compliance in more detail in a future email but for now there are some very important principals:

  • Personal data must be processed lawfully, fairly and transparently.
  • Personal data can only be collected for specified purposes.
  • Personal data must be relevant and limited to what is necessary.
  • Personal data must be accurate and up to date.
  • Personal data must be kept in a form such that the data subject can be identified only as long as is necessary.
  • Personal data must be processed in a manner as to ensure its security.

In a nutshell – What does that really mean for my business?

It means you need to know your data in a way you have probably never considered before. You need to understand your entire data lifecycle and ensure you are compliant at each stage.

  • Collection – Have you gained consent to collect and process the data? Consent under the GDPR is very specific. If you require the data for four purposes you must gain consent explicitly for all four. Implied consent is not enough!
  • Processing – Is your use of data lawful and transparent? Is what you are doing with your data necessary and are data subjects aware of how you are utilising their information?
  • Storage – Where does your data reside – is it local or cloud based? Are appropriate controls in place to protect that data? Can you locate data about an individual if asked to provide it?
  • Transfer – If data is being transferred within and without your organisation, is it being done lawfully? Are you sure it is safe in transit and are you sure that the recipient of that data is also GDPR compliant?
  • Destruction – Are you retaining data only as long as is necessary? There is an in-built ‘right to be forgotten’ in the GDPR so destruction of data is as critical as its collection.

Where do I even start?

This can all seem a bit daunting and in truth, there is a lot of work to be done. However, it can be broken down in to manageable steps – the key is documentation! Businesses have until May 2018 to ensure compliance so there is absolutely no need to panic.

We’ve broken this down in to four concepts you need to consider:

People      –       Policies    –       Technology       –       Monitoring

The two most critical bits here are people and policies. There is no magic technological fix to the GDPR. Training, policies, procedures, and written contracts will always trump technical intervention. That’s not to say technical controls are superfluous. There are times when technology is absolutely the answer but technology should be implemented to address a specific risk that is not addressed by people and policies.

What can Geek-Guru do to help?

We are keen to stress that all of this can be done internally – it does not require external intervention to achieve compliance. That being said we also appreciate that many of our clients will not have the time or inclination to do this themselves. We have worked hard to ensure our team is up to the challenge of assisting our clients with GDPR. Just drop us a line to book a consultation!

Posted in: Data Privacy (EU-GDPR), It 4 business, IT Security

EU-GDPR is on the way

Posted on June 06th, 2017 by

As you may or may not be aware the data protection act is coming to an end. The data protection act was implemented two decades ago and the world of business IT has changed significantly in that time. The EU-GDPR (General Data Protection Regulation) is the replacement and in May 2018 this legislation will take effect in the UK (it will take effect irrelevant of Brexit outcomes)

This legislation is fairly significant. The data protection act left a great deal up to individual businesses as to how they went about protecting personal data. For most organisations data protection took a back seat over day-to-day business. The EU-GDPR is significantly more prescriptive and the fines for non-compliance are potentially very high (up to 4% of turnover or €20 million).

At Geek-Guru we have been preparing for the EU-GDPR for some time.

Whilst the EU-GDPR has now been formalised there is still some uncertainty about how the legislation will be formalised in UK law. The feeling is therefore that this will very much be an evolving subject with changes coming in as and when these laws are tested in court. The key term here is ‘tested in court’. This legislation gives a great deal of power to ‘data subjects’. These are the people for which you hold personal data. We do not want our clients to become test cases in what will be one of the most wide-reaching changes in IT legislation for decades.

So, what can you do?

There are several aspects to this. Some are technical – such as IT security provision. Some are policy and procedures – such as incident management. However, the majority of your obligations will come down to data itself. How data is identified, how data is stored, how data is processed and how data is protected. The key provision in the legislation is ‘data protection by design and by default’. For this to happen you will need to understand your data in a way that you’ve probably never had to think about before.

Over the coming weeks we will be putting together info for our clients on what you will need to do, who you will need to speak to, and what you will need to look at to ensure you are compliant. In the short term, we feel that it would be good if clients start thinking about where their data is stored, what applications are used to store personal data, and how are they accessed. If these are big named software houses like Sage and Microsoft then the changes should be possible with limited fuss and expense.  If these are custom applications, or older legacy applications, then now may be the time to start a dialogue with your software provider about what they have planned for EU-GDPR compliance. This absolutely should not be left until the last minute!

What can Geek-Guru help with?

Within a few months we will have the following certifications and specialisms on board:

CIPP – Certified Information Privacy Professional/Europe

https://iapp.org/certify/cippe/

CISSP – Certified Information Systems Security Professional

https://www.isc2.org/cissp/default.aspx

CND – certified network defender

https://www.eccouncil.org/programs/certified-network-defender-cnd/

ECES – Certified Encryption Specialist

https://www.eccouncil.org/programs/ec-council-certified-encryption-specialist-eces/

As I’m sure you can appreciate this is huge investment in regard to engineer training and recruitment. However, it is the only way we feel that we can provide the level of expertise that will be required of us going forward.

We will be putting together some consultancy packages to help clients with the transition. This will include help with policies and procedures and also with technical measures that will be required to achieve compliance. We’re also on hand for any questions or advice you may need.

Posted in: Data Privacy (EU-GDPR), It 4 business, IT Security

Ransomware and the NHS attack

Posted on May 16th, 2017 by

Ransomware is not a new phenomenon. However it takes something like the NHS hack to really highlight quite how damaging it can be. If an organisation as large and security obsessed as the NHS can be hit then how do smaller organisations protect themselves?

“More than 4,000 ransomware attacks have occurred every day since the beginning of 2016.” – CCIPS

There is no doubt that these types of viruses can be damaging to businesses of all size. There are however a number of steps that businesses can take to both protect themselves in the first place and minimise the impact of any infection.

“54% of UK companies hit” – Malwarebytes

Policies

Policies and training make up the backbone of an IT security program. It would be foolish to think that technology alone is enough to prevent infections or data breaches. There is no magic button you can press that will instantly prevent anything nasty happening to your network. Security comes down to careful planning, preparation, and planning and these things take time and commitment. A clear and concise IT policy is a great start. It can help clarify a company’s position on security, help inform staff on what is and is not expected of them and ensure that risks are clearly communicated to users of the network.

  • Have an IT policy that defines what is and is not an acceptable use of the IT system.
  • Ensure that staff receive training on security issues and have read and understand the policies.
  • Ensure that policies are followed at all times with no exceptions – even by management. Management often have the greatest access to data and yet take security the least seriously. It sets a bad example if management flaunt the rules and staff will quickly determine security is not as much of an issue as has been made out.
  • Ensure that if something does happen, and a breach does occur, that staff know how to react quickly and appropriately.

Perimeter

 The perimeter of your network can be seen as the external fortification of your IT system. It is what separates your internal network (your servers and computers) from the wider internet. In days gone by the perimeter of your network was more clearly defined. Computers and servers lay within the perimeter; everything else outside. With smart-phones, bring your own device, remote workers and cloud computing the perimeter has become significantly more amorphous. The perimeter is however, still a critically important concept.

  • Ensure you have a firewall in place and ideally a full UTM device (unified threat management) such as a WatchGuard. This will actively filter traffic as it passes through it rather than just allowing it or blocking it. A UTM will also look for signs of an attack and inform the appropriate people.
  • Ensure you have a spam filter in place to identify and remove malicious emails before they reach users. No filter is 100% effective but they can significantly reduce the number of malicious emails that make it through to users inboxes.

“In 2016 40% of all spam email had ransomware” – IBM

  • Ensure that there is an enforced policy on how USB storage devices are used. Do not allow staff to use their own devices or attach unauthorised devices to the network.
  • Consider web-filtering if users do not need to access the entire internet to perform their job function. Do not allow personal use of the internet – even at lunch. Users invariably have smart-phones they can use for that and if needed a guest WIFI or guest computers should be provided.
  • Closely monitor the use of remote access to those that require it and ensure that access is granted only to those systems that are needed at the time.

Internal Protection

 Internal protection measures are those measures you should take within your network. These either help to prevent infection in the first place or limit the spread of an infection should the worst happen.

It would be foolish to assume that perimeter security is always going to be completely effective. By operating a layered approach to security you make life as difficult as possible for would be hackers and give yourself extra time to deal with the results of an infection.

“Attacks expected to double in 2017” – Beazley via SC Magazine

  • Ensure that machines are updated with Windows updates but also software updates such as Java and Adobe.
  • Ensure machines are running up to date anti-virus software.
  • Ensure your anti-virus software is monitored so infections are spotted quickly.
  • Older machines running operating systems that are beyond their support window (such as Windows XP) should be considered an immediate threat that CANNOT be secured.
  • Consider running all machines without local admin rights for day-to-day users.
  • Servers should be set up such that files are only accessible by those that absolutely need access to them. This minimises the risk should a user’s machine become infected.

Backup

Lastly, even companies with huge IT security budgets can still pick up infections. The final bastion against any hack or infection is a good backup. Backup is critically important – we cannot say this enough. Without a decent backup of data paying the ransom may be the only viable option for recovery of data. With a decent backup, a ransomware infection becomes an inconvenience rather than a complete disaster.

“70% of businesses paid the ransom” – IBM

  • Ensure you have a backup of ALL your critical data – be that data stored on your server or individual PCs.
  • Ensure your backup is rotated regularly and that one copy is always offline. A backup to a networked device, such as a NAS, is a nice part of a layered backup strategy but should not be considered fool proof. If a virus can infect your server it can also infect any networked devices.
  • If swapping of backups is problematic, or unlikely to occur regularly,  consider an automated cloud backup system.
  • Ideally have multiple layered backups. This maximises your chance of a successful backup and ensures that different data types are dealt with in an appropriate manner.
  • Ensure that backups are monitored so if there is an issue it is picked up early and remedied.
  • Consider how long you could be without your IT system and choose your backup appropriately. If 24-48 hours is too long then you need to consider a backup system that has a business continuity function.

“Most businesses face at least 2 days of downtime” – Intermedia and Aberdeen Group

Remember IT security does not just happen. Equally, IT security is not the job of just one or two individuals. IT security is the job of the entire organisation!

Posted in: It 4 business, IT Security

IT Security: UK Security Breaches Survey 2017

Posted on April 25th, 2017 by

The UK government performs a cyber security survey each year and the latest report has just been published. For those that are interested, the full report can be found by following the link below. However, we have summarised some of the salient points for our readers:

(Gov.uk: Cyber Security Breaches Survey 2017)

In 2016 / 2017, 46% of UK businesses suffered one or more security breaches. Medium and large businesses accounting for a greater proportion than smaller businesses. The severity and scale of breaches is not always measured financially. However, of those that did calculate it, the average cost to the business over the year was £1,570 with larger businesses showing higher losses at £19,600.

The average time taken to recover from a breach was 1.2 days. For some breaches this could be a minor consideration (for example if a single machine is infected by a virus and taken out of action). In other cases a breach could be much more damaging with multiple systems or employees affected. A business reliant on their website for sales could notice a significant impact from 1.2 days of downtime.

There are a number of graphs in the report and we have identified four that are of particular interest. These are the type of breach, the result of breaches, the outcomes from a breach and the actions taken afterwards.

Types of security breaches

By far the most significant attack vector continues to be fraudulent emails. Whilst filters and anti-spam systems can reduce the incidents of bogus emails, no system is 100% effective. Staff training in how to spot fraudulent emails continues to be our recommendation.

Ransomware makes it’s first appearance in the list in 2017. Ransomware is a specific type of malware that makes a company files inaccessible in some way. The fraudsters then attempt to extort money to restore access. This type of malware has been on the rise for several years. It represents a significant threat to businesses of all sizes. Our recommendation is to ensure that anti-virus software is regularly updated, consider a perimeter anti-malware system (such as a WatchGuard router) and ensure backups are working and complete.

Types of breach - bar graph. IT security survey

Result of security breaches

The results of security breaches are probably no surprise; most businesses reporting temporary loss of access or other ‘recoverable’ issues. The cost of these to business is therefore measured in loss of productivity. Some businesses may be able to continue operating during downtime but for others it may have significant ramifications.

Perhaps more immediately concerning are the 7% of businesses that report permanent loss of data and 6% of business reporting stolen money. These represent a ‘non-recoverable’ outcome – a lost which may be irreplaceable.

Result of breach - bar graph. IT security survey

 

 

Outcomes of security breach

Outcomes include loss of productivity, additional costs to repair damage and prevent future breaches. They also include reputational damages. These include loss of goodwill, complaints from customers and changes to business activity.

The important point to realise is that a breach can result in damages that can take a long time to recover from. Goodwill, reputation and share value may have been earned over many years. In extreme cases these may never get back to pre-breach levels.

 

Actions following security breach

Lastly, the survey looked at what businesses were doing to prevent future breaches. By far the most prevalent of these is staff training or communications. We continue to recommend policy, training and communications as the thing that every business should be looking at if they don’t already have these in place.

Anti-virus software, firewalls and system updates are almost a given. They should not be neglected, but equally they should not be considered as a perfect solution. They are a part of the security puzzle that must be maintained alongside other solutions.

Actions following breach - bar graph. IT security survey

 

Posted in: It 4 business, IT Security

Berwick Care Equipment

Posted on February 20th, 2017 by

I don’t usually write reviews but on this occasion I feel there needs to be recognition for such a great IT support company.

I speak to all of the Geek-Guru staff on a regular basis, whether it be a faulty printer, problematic software, or issues with our server. Unlike any other IT support company, they are always more than happy to help at the first point of contact. Anyone who answers the phone has vast IT knowledge, no matter what time of day they log on to our system and never leave an issue unresolved. Even when external issues occur (not relating to Geek-Guru hardware or software) they are still more than happy to help, even to the point an IT technician coming out to site.

Thank you to the whole team at Geek Guru. Any of the staff at Berwick Care would be happy to give you positive feedback.

Posted in: Testimonials
Signatures - Exclaimer Logo

Looking to standardise your business signatures?

Posted on May 12th, 2016 by

Your signature is more than just a way to avoid typing ‘regards’ each time you send an email. It’s your way to reach out to prospective clients with each e-mail sent from your business. What does your signature say about your business? Perhaps you have a carefully crated message that is in keeping with your brand identity. Can you guarantee that everyone else in your organisation is using the same template or even using a signature at all? By leaving signatures up to individual users you lose control over this important marketing channel.

What is Exclaimer

Exclaimer lets you control signatures centrally. It lets you enforce a specific template, or multiple templates for different business units or departments. By using Exclaimer you avoid the pitfalls of letting users manage their own signatures. Inconstant messages, typos and ‘off brand’ messages become and thing of the past.

Have you ever wished that your signature was the same when you sent email from your mobile? Ever sent an e-mail from a different PC just to find your carefully crafted message disappeared? With Exclaimer your signature is added by the server on each and every email. That includes emails from your mobile, webmail, Outlook and even automated emailed such as invoices.

What can we do

Geek-Guru are Exclaimer partners. We offer our clients discounted rates on Exclaimer licenses. We can set up systems for both on-site and O365 Exchange servers and can help plan, design and implement templates to maximise your impact with every email.

 

Posted in: Latest News

Computer Support in Birmingham

Posted on September 24th, 2015 by

How Do You Know Who To Trust?

Whether you operate a traditional bricks and mortar business or stay at the cutting edge of your industry via an online venture, selecting a computer support partner in Birmingham that you can trust is a must. There are after all thousands of tech support companies out there promoting all-encompassing solutions, but how can you ultimately find one that you can rely on?

Here at Geek Guru, we specialise in delivering a range of computer support services throughout Birmingham and beyond. In this blog entry we provide our top tips for selecting a support partner that can provide the help you need and set your IT infrastructure on the right path…

  • Where to start your search – opting for a service that is local to you is an excellent option. Not only will it be more cost effective, but the wide ranging and local knowledge provided by a computer support specialist in Birmingham can keep you and your business ahead of the game
  • What to look for – when selecting your IT support partner, look closely at their experience and testimonials to discover how reliable and professional their service really is.
  • Which services are worthwhile – choose a complete service like the one provided by Geek Guru. We provide IT support as well as server solutions, networking, IT consultancy, security and communications help.

If you are looking for a reliable computer support in Birmingham, do not hesitate to drop us an email at info@Geek-Guru.co.uk.

 

Posted in: It 4 business

Microsoft Office 365 Solutions from Geek Guru

Posted on September 04th, 2015 by

Microsoft Office 365 has been an essential part of business technology since it was introduced. The subscription plan provides vital access to a number of applications to ensure companies across all sectors can enjoy Word, Excel, PowerPoint, OneNote, Outlook, Publisher, Access and much more across a range of devices.

Our IT support team in Coventry understand just how essential Microsoft Office 365 is, that’s why we provide advice and assistance as a primary or secondary response. But what Microsoft Office IT support solutions can you expect for your Coventry business? And is our service really right for your company?

Our services

The Geek Guru team provide IT support in Coventry for all Microsoft products including Office 365. In addition to providing specialist support as a Microsoft certified partner, we also deliver server solutions to ensure technical excellence throughout your company.

Your business

Whether you require a fully managed solution or a second tier package, our Microsoft Office 365 IT support is a cost effective and efficient option for Coventry based companies big and small. Our custom second line support options are perfect for businesses looking to guarantee temporary cover for in-house IT staff.

Whatever your requirements, please contact Geek Guru today on 0845 2340 580 to find out more about our Microsoft Office 365 solutions.

Posted in: It 4 business

IT Support & Consultancy Coventry

Posted on August 11th, 2015 by

There are many factors that make businesses of all shapes and sizes a roaring success in their target markets, and with the growing importance of technology across all sectors, accessing IT support in Coventry is an essential step for all organisations. Many IT support and consultancy companies claim to offer the best service at the best possible price, but what can the Geek Guru team do for you?

The proactive approach

Taking a proactive stance is the most efficient and effective way to maintain your IT infrastructure, whatever role technology plays within your company. As a leading provider of IT support in Coventry our technicians work around the clock to provide invaluable support behind the scenes so your business can continue to do what it does best.

A complete service

For small to medium sized enterprises in particular, managing your IT infrastructure internally relies heavily on budget, and with funds already stretched outsourcing your IT support in Coventry may be the best solution. However, as well as offering the best value for money, the range of services available can far surpass the capabilities of any in-house IT team.

We offer assistance across all areas, including server, desktop, laptop, smartphone, network, hardware, printer and broadband, for companies looking for IT support in Coventry.

Posted in: It 4 business

What Should Your IT Agreement Cover?

Posted on July 30th, 2015 by

Accessing computer services in Birmingham via a third party provider has become THE way to get the support you need to successfully manage your infrastructure without breaking the bank. But if you are planning to outsource the maintenance and management of this vital part of your company to another organisation then setting up an agreement or IT support contract with your chosen provider is important.
Here we take a closer look at the items that should be covered in any agreement when enlisting computer services in Birmingham.

Response times

An integral part of computer services in Birmingham is IT support on demand. Disaster can after all strike at any time but knowing where to turn to is essential. Your IT agreement should specify how fast your chosen provider should respond to a reported issue, as well as what timescales should be worked towards to resolve the problem.

The support process

Every IT support provider will have its own systems in place to ensure enquiries from clients are dealt with as efficiently as possible, a process that should be fully explained in the IT agreement.

Other factors to consider

There are many more aspects that should be communicated in your IT agreement, including activity outlines, exclusions, excess charges and hours of operation.
Contact us today to find out more about our computer services in Birmingham.

Posted in: Latest News
← Older posts