keyboard_arrow_left See all news

Recent News

Dasiy Communications / 15 Mar 2020
With the UK's biggest providers offering unlimited data plans, we answer your questions about the new tariffs.
Visit us at Stand 646 at the Northern Business Expo and get 20% off our unlimited tariff...
NX Comms / 14 Mar 2020
Dongles Are Dead!
It’s unlikely that you’ll ever be in an area without a signal. If one network has a ...
Northern Business Expo / 13 Mar 2020
How to write engaging content for social media
Putting all of this together is hard, especially with the sheer volume of content that u...
Northern Business Expo / 12 Mar 2020
Ultimate guide to a successful marketing plan
Follow this initial guide to make sure you get the most you can from your marketing stra...
Atlas Business Group / 12 Mar 2020
Server Colocation could have more benefits than you think.
explore co-locating your server
Northern Business Expo / 11 Mar 2020
Google My Business listings. What, How and Why.
Google My Business (GMB) is one of the best ways to get local rankings and improve your ...
Northern Business Expo / 10 Mar 2020
Social Media 101
As good as social media can be, it isn’t as easy as putting an ad in the local newspap...
Atlas Business Group / 10 Mar 2020
It is no longer a matter of “if” but “when” a real world threat will compromise your business data.  Will you be ready
What happens when disaster strikes your business!
Northern Business Expo / 09 Mar 2020
Content marketing strategy – what, how and why
The best way to describe it is that it is your overall vision that guides the content de...
Nxcomms / 08 Mar 2020
Are you ready for full fibre broadband?
Are you ready for full fibre broadband?
Atlas Business Group / 08 Mar 2020
Say goodbye to large telephone bills and go all inclusive
Tomorrows telecom
Nxcomms / 07 Mar 2020
What’s a Private APN and why should I care?
That’s where a Private APN comes in. This type of connection gives you your very own p...
Huthwaite International / 06 Mar 2020
Decisions, decisions – map out your decision-making unit to sell more effectively
You may assume the most senior person is the ultimate decision maker but that may not be...
Dasiy Communications / 05 Mar 2020
Upgrade to VoIP and discover the benefits
You might have heard the words Voice over Internet Protocol (VoIP) being spoken about ov...
Nxcomms / 04 Mar 2020
Could Your Internet Connection Be Endangering Your Business?
If you sit there and do nothing about your internet, you’re courting disaster. Don’t...
Daisy Communications / 03 Mar 2020
How a VoIP phone system could save you time, money and resources
By getting rid of their premise-based phone systems, companies are discovering new, stre...
Northern Business Expo / 03 Mar 2020
Top tips for entrepreneurs
You’re an entrepreneur with a business idea, ready to get cracking. It’s an exciting...
Huthwaite International / 02 Mar 2020
 Fact or Fiction: The top 10 myths in sales strategy
Learn which actions lead to sales success and how to avoid those that don’t. Understan...
YorCyberSec / 01 Mar 2020
Shopping and email safety online
Doing these things will not guarantee that payment information cannot be taken but it hi...
Dasiy Communications / 29 Feb 2020
Why your legacy phone system is costing you more than you think
Why your legacy phone system is costing you more than you think
Northern Business Expo / 28 Feb 2020
12 ways to push your small business to new heights
Take a step back from your everyday tasks and consider how many of these points apply to...
Dasiy Communications / 27 Feb 2020
Answers To Your Questions About the PSTN 2025 Switch Off
Answers To Your Questions About the PSTN 2025 Switch Off
Fiscale Ltd - R&D Tax Credits / 26 Feb 2020
How to maximise your R&D Tax Credits claim
How to get maximum value from your R&D! In our humble opinion there are still far too ma...
Daisy Communications / 25 Feb 2020
Unpacking the new Samsung Galaxy S20 Range
Explore and save on the new Samsung S20 Range
Northern Business Expo / 24 Feb 2020
11 steps to get the most out of visiting an expo or trade show
Events and trade shows are great for many reasons, no more so than in this digital age. ...
Huthwaite International / 23 Feb 2020
SPIN® SELLING – stop talking and start listening
Sellers must take care not to get caught up in the excitement of talking about the bells...
Northern Business Expo / 22 Feb 2020
The 7 building blocks for a prosperous consultancy career
Whether you’re unsure how to begin your consulting career, or you’ve already started...
Northern Business Expo / 22 Feb 2020
5 books every small business owner and entrepreneur needs
Here is a list of our top 5 books that every small business owner and entrepreneur shoul...
Northern Business Expo / 21 Feb 2020
How to keep your mind healthy whilst running a small business
One in six people who work in the UK have anxiety, depression or similar every year, and...
Northern Business Expo / 20 Feb 2020
Invoice scams targeting SME's - how to stay safe
Scammers today are not the same as 5 or 10 years ago. It’s so important to stay vigila...
YorCyberSec / 20 Feb, 2020
keyboard_arrow_left See all news

IT Support is NOT Information Security

With the many pressures facing smaller businesses, trying to reduce expenditure is always at the forefront of the company mind, but sometimes this leads to taking a shortcut that can have drastic consequences.

I typically see this when companies start to think that information security begins and ends with IT, and believe that their third-party IT support company who looks after the purchasing of devices, setting up email addresses and installing anti-virus, can equally well assist with preventing, investigating and recovering from a data breach. 

While there are some support companies that can do this, there is a reason most cyber security companies do not offer IT support as a service. If a breach occurred, they would be marking their own homework, and would they really hold their hands up and say ‘that was our fault’? Of course not! It would be easier to blame someone else, and get more money thrown at it. In most cases this will be done incorrectly, with bad advice and poor, expensive outcomes due to not having suitably qualified professionals engaged. 

Add to that the fact that an IT company doesn’t have the experience in dealing with the complex legal, regulatory, and contractual issues that information security often has to navigate, and it’s clear that depending on IT support to perform this vital function is the wrong way to go. 

A couple of accounts of breaches I have heard over the past few weeks cement my opinion that having a dedicated information security function or partner is becoming more integral to mitigating, investigating and responding to a data breach. 

One business suffered a data breach where the attacker gained full control of the company’s email accounts, trying to get multiple fake invoices paid after sending a successful phishing email. It was only caught when the person in accounts wanted to check they were paying with the correct card. The IT support company who assisted with this suggested the breached company change their email passwords, utilise multi-factor authentication on all email accounts, let the staff know what had happened and inform the ICO. To be fair all is this is technically correct, but just the tip of the breach response iceberg. 

I asked if the breached account used the same username and password combination anywhere else, shock shock they did but no asking of this by the IT support company; I asked if their customers and suppliers had been notified since full access to all emails and contacts was gained by the attacker, again it was a no; the final question I asked was apart from what their IT support did, were there any other updates or suggestions to policies, procedures, solutions or training by IT support? Long silence followed by a slightly worried no. 

IT support is NOT information security!! 

If you are unable to afford a dedicated internal resource, I would suggest utilising the skills and expertise of a security professional in the role of virtual CISO / CIO / ISO. This service could be as little as annual meetings with senior managers, alongside quarterly reviews and phone assistance when required. Having this resource means a company should be able to have an up to date and understood incident response plan, improve the level of security, both with regards to systems and personnel, and have a trusted expert they can call upon with confidence. 

For small businesses this is the most efficient and cost-effective way to increase security maturity. 

If you want to discuss any points above in more detail just pop by our stand 860 at the Northern Business Expo on 17th/18th March at Manchester Central. It's free to visit, and it's now the biggest business event in the North of England - get your free ticket online now!

 
Processing. Please wait.
Loading...