Is Your Business Taking Care of Client Data?

Is Your Business Taking Care of Client Data?We’re all used to receiving dubious emails about obscure lottery wins, and thankfully, most of us are wise to the scams. But occasionally, these phishing emails slip through the net, and employees get caught out.

Scammers are using a range of tactics to try to capture payment and login details, and it’s up to you to ensure your employees know about the latest attacks. If you work in professional services, and you handle client data, you’ve got a responsibility to protect the security of that data as well as your own.

Types of Scams

Phishing scams have been used to dupe unwitting users for more than 20 years. The premise is simple: send people an email that looks legitimate, but embed a bogus link. When the user clicks through, they are tricked into entering their credit card information or login details, which are transmitted to the scammers and used to commit fraud.

Now, there’s a new type of scamming, called vishing – or ‘voice phishing – that involves telephone calls that sound legitimate. The scammer makes a call and poses as a member of staff at a bank, or a large IT company. They convince the user that there’s a problem with their account or computer, and tell them they have to provide their card details to proceed. Vishing has been in the media recently because large numbers of people have been conned out of money.

Businesses may also have noticed an increasing number of fake invoices and payment demands that are appearing in Inboxes and Spam folders. These emails are sent to trick new employees into paying non-existent clients. While most businesses will cross-reference payment demands with client accounts, a few of these bogus demands will inevitably slip through the net.

What You Can Do

In any organisation, the IT system needs to be robust enough to filter out threats. At Cloud4, we include free virus and spam filtering to capture as many dangerous emails as we can.

On top of the automated checks we offer, we recommend that you invest in staff training. You must educate your users so they recognise these scam attempts and act accordingly. Security training needs to be part of your induction program for all new employees, with a focus on front line staff that may be handling payments or login details in their role. Additionally, you should schedule refresher courses to communicate new scammer tactics as they arise.

Protecting Your Data

Scammers are looking for login details, passwords and access to your corporate network. A file on your computer could be a source of valuable information, or could unlock intellectual property that can be misused.

Keeping data safe is a joint effort between your business and its IT service providers. At Cloud4, we always do our bit to protect the valuable data assets your company depends on, ensuring your clients and employees are less likely to be hit by a phishing or vishing scam. Get in touch to find out more about the security and spam filters we provide.

What is ISO 27001, and Why Does it Matter?

JPEG image-8F3E09CED782-1Many businesses fear security breaches and the consequences of hacks. And it’s true to say that small businesses are never immune from this threat. Cloud adoption has long been stalled by security-conscious businesses that see the cloud as a potential threat to their information.

In 2009, 68 per cent of European CIOs surveyed said that security fears were preventing cloud adoption. In 2015, security was still thought to be the single biggest barrier that was stopping businesses migrating to the cloud.

But some of these fears are based on misconceptions. In the financial services industry, and a lot of problems can be solved using risk assessments. 71 per cent of businesses now use some kind of cloud technology; the key is to be smart in the way you plan your migration and choose your provider.

Why ISO 27001 matters

ISO 27001 is an information security standard. Its sets out the minimum requirements for an organisation’s Information Security Management System (ITSM) to make sure that the organisation has a formal commitment in place. ISO 27001 covers the operation, monitoring and maintenance of information security management, ensuring staff and policies are committed to safeguarding data.

Data centres that are awarded ISO 27001 accreditation have been externally and independently audited to ensure they comply with these stringent rules. The key thing to remember is that an ISO 27001 facility has assessed risk, and put measures in place to manage it. For example, there’s a risk in storing data in the cloud, but the organisation will have evaluated this and put measures in place to manage that risk.

When you look for a cloud provider, you should ascertain whether its data centre is ISO 27001 certified, and you should check out its security policy carefully. But there’s more to check before you sign up.

What about data centre location?

The great thing about the cloud is that it’s geographically diverse; data is stored in more than one location. For businesses, this poses a new question. If data is stored in different countries, which country’s laws will protect my assets?

A few years ago, there was a great deal of fuss about the Patriot Act, a US law that allows US authorities to comb through any data within its geographical boundaries. In truth, many governments have similar laws, and data cannot be completely ring fenced, but there’s still some confusion among businesses who aren’t sure where their data should be stored. The EU has its own set of problems, with security protocols being jumbled and difficult to understand.

The safest approach is to select a provider with a data centre in the UK. You must make sure that all of your data stays in the UK, and the business does not have any operations in the USA, to avoid the potential complication of US involvement. By selecting a provider with a UK data centre, and ISO 27001 accreditation, you can move to the cloud with confidence and keep your data completely secure.

Just How Secure is Your Cloud Data?

When we think about IT security, we tend to assume that anything private should be stored on our own computer. The idea of putting a private document onto someone else’s machine seems like madness, particularly in an ever-connected world.

This instinctual reluctance to move data around has made some companies wary of the cloud. But the truth is that many cloud services are more secure than the on premise solutions we’ve used in the past.

So what goes in to securing your data in the cloud?

ISO/IEC 27001 Compliance

ISO/IEC 27001 is the international standard for security management, and it’s a standard that we comply with. Using this framework, we ensure that third party data and sensitive information is handled appropriately.

Compliance with ISO/IEC 27001 is not guaranteed among cloud service providers. But we believe that it’s an essential part of keeping your data secure. When you compare us with the competition, check to see if they have certification.

Super Encryption

When we store your data on our servers, we encrypt it. Using a special key – a string of characters – an algorithm scrambles the data, and the key is required to restore it. By protecting the key, we prevent unauthorised access.

Encryption keys are incredibly secure. A 128-bit encryption key would take millions of years to break, even if you used a computer. Consider this: our online backup uses 256-bit encryption, and our Hosted Lync and MyOwnCloud services use 2048-bit encryption. You’d need billions of years to crack either.

Location of Data

All Cloud4 customers benefit from UK-based storage for their data. This is critical, since laws on data access vary around the world. When your data is kept in the UK, you benefit from the very best in speeds, but also know that your data is stored according to local laws.

Our datacentres are located in Manchester and London, and we access is completely locked down. Only authorised security staff and technical teams can ever get into the building without a vetted escort, and we have state of the art fire suppression systems ready to kick in if there’s a disaster.

Our support team is all located in the UK, too, and we’re available 24/7/365. If you have any security concerns, we’re always here to help you.

Email and Desktop Security

To prevent system infection, and ensure your data never gets compromised, our hosted products use all of the security software you’d expect. That includes anti-virus software, anti-malware scanners, firewalls and identity verification. We do all this while allowing convenient access to your data from any location. If you use the cloud to share and collaborate, you won’t be prevented from doing anything you need to do, yet any unauthorised users will be locked out firmly and permanently.

Test Drive the Cloud

High profile hacks always grab headlines, but the cloud is inherently very secure. We don’t use weak passwords, and we don’t leave your data in the hands of fate. Instead, we used tried and tested, military grade security using the very latest technology and techniques.

5 Things to Look For in a Hosted Desktop Provider

cloud computingVirtualisation is a driving force behind efficiency and productivity, and hosted

desktops are great for any employee that works in the field. They can access their desktop computer from a range of devices, and pick up where they left off no matter where they are.

Your hosted desktop provider is responsible for storing your desktop images and making them available to your staff around the clock. There are lots of providers, so what should you look for in a quality desktop-as-a-service (DaaS) host?

1. Security

Security concerns can present a barrier to cloud migration. Businesses often feel wary about putting data into a cloud environment. But with the right security, there is no need to be concerned. The key is to control access effectively, exercise common sense and increase security where you need to be sure of compliance.

For critical environments, look for two-factor authentication. With this enabled, users must provide a password and another token (such as a code sent via SMS) before they’ll be logged on. Also, make sure your hosted desktops have full virus and malware protection from the moment they’re deployed.

2. Choice

If you’re still migrating from Windows XP, you might be wondering which operating system to adopt. There are pros and cons with Windows 7 and Windows 8; technically, the former is now a discontinued product, but it’s potentially friendlier than the hybrid interface in Windows 8.

For best results, we recommend a provider that offers you more than one operating system so you can deploy a mixture of desktops for different purposes. Let users choose their OS, or assign Windows 7 for legacy use only.

3. Support

Cloud uptime is known for being much better than with a traditional infrastructure, and your hosted desktops should be available 24/7/365. Naturally, not every problem can be planned for. If there’s a fire, flood or other catastrophe, you’ll need quick support. And sometimes, it’s good just to have the reassurance that the support is there.

Look for a provider with two key provisions: support in your own language, and support in a relevant time zone. If your teams are working remotely, they might need hosted desktop support outside office hours. Factor that in.

4. Printing

Logging on from anywhere is convenient for all staff, but what happens when they need access to a printer? You need to ensure your team can quickly print out a document in the office, even if they’re in the airport waiting to board a flight.

Most good cloud providers offer some kind of remote printing, where documents are spooled through the virtual infrastructure, giving them always-on access to the printer back at work.

5. Backups

Data loss is always catastrophic when there are no backups to rely on. Don’t assume that your provider is taking care of it. Make sure your company’s file repositories are being backed up frequently, including files used collaboratively and personally.

With cloud backup, there should be multiple instances of your backups to ensure complete coverage should one host fail.

More Information

When choosing your cloud services portfolio, it’s important to assess providers in detail. There are many companies competing for your attention, but not all of them offer a five-star service. Look for the features your users need, coupled with robust security and protection against downtime. This will ensure your users get the best from DaaS.

 

Do not use Internet Explorer until the bug is fixed!

Security tech
Looking out for security

In late April 2014, a major vulnerability was found in Microsoft’s Internet Explorer effecting versions 6 through to 11. Known as “Use-after-free”, the bug allows unauthorised access to computer systems through the application.

Continue reading Do not use Internet Explorer until the bug is fixed!