Complete I.T. Blog

Your Top IT & Cyber Security Questions Answered!

by | Jul 14, 2022 | IT Services

From what a VPN is to the importance of IT roadmaps and how to react in a Cyber Security emergency. We’ve answered some of your most frequently asked questions around IT and Cyber Security.
t

Why should I be concerned about Cyber Security?

Cyber threats and attacks are very real with Hiscox reporting that one small business is successfully hacked every 19 seconds in the UK. In order to protect your organisations’ information, it’s important that you have a multi-layered cyber security strategy in place as falling victim to an attack could result in huge fines, business downtime and reputational damage.

What is a VPN?

VPN = Virtual Private Network. A VPN allows teams to access their office data, no matter where they are working from. As long as the VPN is configured correctly, your data will be secure. Learn more about VPNs and why you should use them here.

What is the most common cyber threat right now?

Phishing emails tend to be the most prevalent, primarily because they work. People frequently fall for phishing attempts as they can sometimes be almost imperceptible from normal, legitimate emails. Implementing robust cyber security solutions and focusing on end user education is the key to helping keep your organisation secure.

Do I really need to update/upgrade my systems?

Keeping up to date with the latest software updates is essential. These updates are known as patches and they protect you from vulnerabilities in software that hackers exploit.

Upgrading your physical and cloud-based systems to newer products/services will often mean enhanced security but the biggest and most expensive systems, aren’t always the most effective for your organisation. Furthermore, at the point a product becomes end of life and updates are no longer being issued, it is crucial that you make the switch to an upgraded system.

At Complete I.T. our team will get to know your organisation inside and out and will be able to recommend the right products and services to help reach your organisation’s needs. We can also automate important security updates to ensure you are always using the most up to date software.

What is the importance of training my team on Cyber Security?

When it comes to cyber security, the people within an organisation are generally the weakest link. A research piece conducted by Datto showed that a lack of cyber security training was one of the most common causes of a ransomware breach. Training your team on what to look out for can bridge that cyber security gap your business may have!

I'm not sure that my IT team are staffed appropriately...

If you are concerned about your IT team not being adequately staffed due to your business expanding and long-term goals that you have, or if you have been struggling to find people to join your team, then you can look to outsource some of your IT to a Managed Support Provider (MSP) like ourselves. At Complete I.T. we pride ourselves on becoming an extension of your team and not a nameless third party.

What obligations does my organisation have regarding Cyber security and GDPR?

The General Data Protection Regulation (GDPR) is a legal requirement that means businesses must have robust technical and organisational measures in place to help prevent data from being leaked, stolen, disclosed or inappropriately accessed. When this occurs, it is a breach of the GDPR and can lead to not only financial penalties but reputational damage too. All businesses have the legal responsibility to protect not only your clients’ but your teams’ personal data. This can be achieved, in part, through a robust cyber security plan.

I just need IT Support, is a roadmap necessary?

There is no one-size fits all when it comes to IT needs. Having a bespoke roadmap created for you, aligning with your business requirements will mean that you have the appropriate IT Support in place to help you achieve your business goals. This should be reviewed regularly. At Complete I.T. you will have a dedicated Technical Consultant who will work closely with you to ensure your roadmap aligns to your business goals.

How should we respond in a cyber security emergency?

It’s crucial that you have a disaster recovery plan to refer to should the worst-case scenario arise. Whether you have lost data due to human error or a cyber attack, a disaster recovery plan gives you clear steps to follow in an emergency, helping to limit downtime and get your business back up and running.
~

What is the best way to protect my accounts?

The first step would be through creating a strong password using a combination of random words/letters (upper and lower case) numbers and symbols. Avoid using personal things such as your date of birth or your pet’s name – which are easily traced.

The next step would be enabling 2FA (Two-Factor Authentication) on all of your accounts. 2FA adds an extra layer of protection to your account by asking for additional verification after entering your password. This may be through a fingerprint scan, Google/Microsoft authenticator app or face recognition scan. So even if someone did manage to guess your password, it would be very difficult for them to get past the 2FA you have set up.

What does “security by design” mean?

Within the world of IT, when we talk about security by design, we’re talking about a product or service that has been built from the ground up with the user or companies security in mind – whether its primary use is security or not.

There should be no compromise when it comes to security. In the design phase of any system, product or service, security is always a consideration and a priority. This gives the assurance that the product or service is as secure as it can be.

Do we know where our data is and if it is safe?

Without the appropriate controls in place it is very easy to save your company data anywhere in the world; this makes keeping track of it increasingly difficult. In the event of a breach, it can be nigh-on impossible to know what data was stored where and therefore what has been put at risk. To help mitigate this threat, pick a couple of locations to store data, such as Microsoft SharePoint and OneDrive and make a formal record of what is stored in these locations.

The best way to do this is twofold:

  • Have an Information Asset Register which details where your data is stored and what security is applied to it.
  • Have a Record of Data Processing (also a legal requirement under GDPR) which details what data you have in each storage location and all the other legal aspects which are detailed in Article 30 of the GDPR.

Email us today if you would like more advice on IT Support/Cyber Security or would like to learn more about our service offering.

Find which Complete I.T. office is local to you here.