Is Your Business Taking Care of Client Data?

Is Your Business Taking Care of Client Data?We’re all used to receiving dubious emails about obscure lottery wins, and thankfully, most of us are wise to the scams. But occasionally, these phishing emails slip through the net, and employees get caught out.

Scammers are using a range of tactics to try to capture payment and login details, and it’s up to you to ensure your employees know about the latest attacks. If you work in professional services, and you handle client data, you’ve got a responsibility to protect the security of that data as well as your own.

Types of Scams

Phishing scams have been used to dupe unwitting users for more than 20 years. The premise is simple: send people an email that looks legitimate, but embed a bogus link. When the user clicks through, they are tricked into entering their credit card information or login details, which are transmitted to the scammers and used to commit fraud.

Now, there’s a new type of scamming, called vishing – or ‘voice phishing – that involves telephone calls that sound legitimate. The scammer makes a call and poses as a member of staff at a bank, or a large IT company. They convince the user that there’s a problem with their account or computer, and tell them they have to provide their card details to proceed. Vishing has been in the media recently because large numbers of people have been conned out of money.

Businesses may also have noticed an increasing number of fake invoices and payment demands that are appearing in Inboxes and Spam folders. These emails are sent to trick new employees into paying non-existent clients. While most businesses will cross-reference payment demands with client accounts, a few of these bogus demands will inevitably slip through the net.

What You Can Do

In any organisation, the IT system needs to be robust enough to filter out threats. At Cloud4, we include free virus and spam filtering to capture as many dangerous emails as we can.

On top of the automated checks we offer, we recommend that you invest in staff training. You must educate your users so they recognise these scam attempts and act accordingly. Security training needs to be part of your induction program for all new employees, with a focus on front line staff that may be handling payments or login details in their role. Additionally, you should schedule refresher courses to communicate new scammer tactics as they arise.

Protecting Your Data

Scammers are looking for login details, passwords and access to your corporate network. A file on your computer could be a source of valuable information, or could unlock intellectual property that can be misused.

Keeping data safe is a joint effort between your business and its IT service providers. At Cloud4, we always do our bit to protect the valuable data assets your company depends on, ensuring your clients and employees are less likely to be hit by a phishing or vishing scam. Get in touch to find out more about the security and spam filters we provide.

What is ISO 27001, and Why Does it Matter?

JPEG image-8F3E09CED782-1Many businesses fear security breaches and the consequences of hacks. And it’s true to say that small businesses are never immune from this threat. Cloud adoption has long been stalled by security-conscious businesses that see the cloud as a potential threat to their information.

In 2009, 68 per cent of European CIOs surveyed said that security fears were preventing cloud adoption. In 2015, security was still thought to be the single biggest barrier that was stopping businesses migrating to the cloud.

But some of these fears are based on misconceptions. In the financial services industry, and a lot of problems can be solved using risk assessments. 71 per cent of businesses now use some kind of cloud technology; the key is to be smart in the way you plan your migration and choose your provider.

Why ISO 27001 matters

ISO 27001 is an information security standard. Its sets out the minimum requirements for an organisation’s Information Security Management System (ITSM) to make sure that the organisation has a formal commitment in place. ISO 27001 covers the operation, monitoring and maintenance of information security management, ensuring staff and policies are committed to safeguarding data.

Data centres that are awarded ISO 27001 accreditation have been externally and independently audited to ensure they comply with these stringent rules. The key thing to remember is that an ISO 27001 facility has assessed risk, and put measures in place to manage it. For example, there’s a risk in storing data in the cloud, but the organisation will have evaluated this and put measures in place to manage that risk.

When you look for a cloud provider, you should ascertain whether its data centre is ISO 27001 certified, and you should check out its security policy carefully. But there’s more to check before you sign up.

What about data centre location?

The great thing about the cloud is that it’s geographically diverse; data is stored in more than one location. For businesses, this poses a new question. If data is stored in different countries, which country’s laws will protect my assets?

A few years ago, there was a great deal of fuss about the Patriot Act, a US law that allows US authorities to comb through any data within its geographical boundaries. In truth, many governments have similar laws, and data cannot be completely ring fenced, but there’s still some confusion among businesses who aren’t sure where their data should be stored. The EU has its own set of problems, with security protocols being jumbled and difficult to understand.

The safest approach is to select a provider with a data centre in the UK. You must make sure that all of your data stays in the UK, and the business does not have any operations in the USA, to avoid the potential complication of US involvement. By selecting a provider with a UK data centre, and ISO 27001 accreditation, you can move to the cloud with confidence and keep your data completely secure.

4 Ways to Ensure Your Data is Secure in the Cloud

Cloud ComputingGoogle+ is Google’s social network, and anyone with a Gmail address has a profile.  Officially, Google+ has more than 2.5 billion users, although not all of them are active. But Google+ holds some form of user data about every one of those people, and many of them have never checked their settings.

Head to your account, and you’ll be able to review Google’s data sharing defaults. A few settings will surprise you. Did you know that Google can use your public photos as background images on someone else’s TV? Or that your geographical photo metadata is shared when you send a link to a photo, by default? Granted, they’re not sinister settings, but it offers a hint as to why some people are reluctant to trust their data with the cloud.

Here are 4 simple ways to ensure your data is secure.

1. Choose a reputable business cloud provider

Getting the right provider is key to a successful cloud rollout. Look for a company with a proven track record in serving business clients. While many employees will default to using consumer products like Dropbox, this should be discouraged, since they are not designed to offer the robust SLAs that businesses require, and expect.

2 Ensure your data stays in the UK

Corporate cloud users should ensure that their data is stored in the UK. Once the data crosses a geographical boundary, such as being mirrored in another continent, legal rights and security requirements are less clear than they are if you ‘play safe’. Even within the EU, it’s difficult to ascertain exactly which laws would apply if you wanted to hold the provider liable for something. If in doubt, don’t export your data – choose a provider that stores it all within your geographical boundary.

3 Check the encryption

Cloud4’s customers benefit from the same grade of encryption that is used by British banks. When your data is at rest in our cloud storage service, we use a 128-bit encryption key, which would take 1,440,000,000 years to crack in a brute force attempt. That’s just an example; we use different types of encryption to keep your data secure in transit and at rest.

4.  Train employees to work securely

No matter how good your encryption, and your local laws on privacy, your security is only ever as good as the policies you have in the workplace. If your employees are using weak passwords, or logging on with infected mobile devices, security issues are always going to be a lingering threat. Make sure employees know how to use two-factor authentication, and make password training part of each employee’s induction phase.

Proactive data security

Cloud technology can be compliant. It can ensure privacy and security of data. Often, cloud technology is more secure than on-premise solutions it replaces, because you have the invaluable backing of a third party provider who adheres to the latest security standards. To find out more about the ways we protect your data, call Cloud4 for a chat today.

We’re ready to take your call on 0161 850 1264.

How Cloud Computing Can Save Your Company From Downtime and Disaster

If there’s one thing that can cripple a business, it’s downtime. Web hosts sell their services with uptime guarantees for a reason. Every business critical service needs to be online when people are working; increasingly, that means it must be up 24/7/365.

Achieving 100 per cent uptime is extremely difficult; so called ‘Acts of God’ can take out racks of server in a flash. Yet despite its reliance on off-premise data centres, the cloud is your best bet for keeping essential services online, and ensuring constant access to the services and information you need.

Cloud redundancy

Cloud platforms are inherently robust. In fact, they were designed to withstand catastrophe. Instead of storing data in one place, software distributes cloned copies among a group, or farm, of servers. If one server goes down, the others are able to step in and cover for it, creating a seamless experience for your business.

There are rare examples of cloud downtime, but these are unusual enough to hit the headlines. All cloud providers invest in constant system monitoring to keep the chance of downtime to an absolute minimum. Cloud redundancy is still exceptionally good, particularly when you consider the cost of obtaining anywhere near the same uptime figures in the pre-cloud era.

Protecting your profits

Occasionally, your users will encounter issues with internal infrastructure. The power goes out, the phones go down, or the heating system fails completely. Prior to cloud migration, these kinds of catastrophes would have forced a complete business shutdown. Now, the cloud allows us to come up with workarounds.

If you have hosted desktops, your employees can work elsewhere, irrespective of whether their main PC is functional. If you use cloud backup for files, those files are synced to multiple devices, so you can access them from home in a pinch. In a disaster, you can keep working, avoid losing touch with customers, and keep the emails flowing using your reliable hosted Exchange service.

The Cost of Downtime and Disaster

Different businesses have different concepts of downtime, so it’s difficult to measure the cost of critical systems going offline. However, industry estimates give us some idea of the compounding effect of unavailable services.

The Ponemon institute estimates that unplanned downtime cost US businesses $5,600 per minute. For the world’s largest companies, it could be double that amount. While your business may be operating on a smaller scale, there is always a financial penalty when critical services are unavailable, and you will lose revenue if you don’t act fast.

Trust Cloud4

Cloud4 offers SLAs you can rely on, and we provide round the clock support so that your calls never go unanswered. Whatever the scale of your business, we’re here to assist you in keeping business critical services online. To find out more, contact our friendly team today, and have a chat about cloud migration. It could cost less than you think, and prevent huge unexpected cost if the worst does happen.

cloud-blog-contact-button

 

 

Have You Got a Disaster Recovery Plan?

Enterprise level clients have disaster recovery procedures as a matter of course. When you have thousands of clients, and the pressure of regulatory compliance, it would be unthinkable to operate IT systems without some kind of ‘plan B’ in place. For the smaller business, disaster recovery features less prominently in the IT strategy; many don’t have a plan at all.

In fact, SMEs are more vulnerable when outages occur, since it doesn’t take much to wipe out critical systems. If your computer updates itself and the result isn’t pretty, could you feasibly continue – ‘business as usual’ – the next day?

The Bare Necessities

Your idea of essential services will vary from your peers’, but there are a few systems which every business needs to be up and running. Remove any of these tomorrow, and the whole house of cards would come crashing down:

– Email

– Telephone systems

– CRM systems

– Desktop operating systems

– Vital infrastructure (such as the internet connection that links you to the outside world)

You might assume that you have a fairly good handle on things, given that you oversee and run all of these systems yourself. Unfortunately, this can leave you wide open to unexpected disruption, and your competitors will not fail to take advantage if your customers are forced to look elsewhere.

Affordable Disaster Recovery

For small businesses, running your IT as lean as possible is key to managing cost. While it would be nice to have spare servers, internet connections and computers lying around, that isn’t practical for the vast majority.

Cloud computing has made disaster recovery much more accessible, and that’s mainly because of the huge economy of scale. If you use hosted services, you can purchase a tiny share of overall capacity, but benefit from the same comprehensive disaster recovery plans as bigger clients. The secondary benefit is that someone else handles the technical side for you.

Take email for example: it’s probably the most crucial system in a business’ lifecycle. Let’s say your mailbox is corrupted. If that mailbox is located on your local server, you own the problem, and your email won’t work until it’s resolved. If you use a service like hosted Exchange, your mailbox is stored remotely on your service provider’s server; they are responsible for its uptime.

The hosted Exchange provider continually monitors and scans that mailbox for viruses. It’s less likely to experience a problem because it’s proactively managed and secured. But if the worst happens, the host’s cloud-based infrastructure means it can bring another copy online. You didn’t have to pay for another server, or find an out-of-hours engineer to sort it out.

There are other good examples of cloud infrastructure providing disaster recovery. The hosted desktop is a good one. Unlike your local desktop, the hosted desktop is stored remotely, backed up several times, and can be replaced with a clone if the worst does happen.

Take Action

Small businesses know that disaster recovery plans are expensive. That’s no reason to ignore the threat and hope it goes away. By moving towards a cloud-based infrastructure, you can automatically protect yourself against the risk of DR, ensuring continuity in the services that matter most.

Cloud4 helps thousands of businesses reach their full potential with affordable, innovative cloud services. If you don’t have a disaster recovery plan, don’t wait until the worst happens. Contact us today, and we’ll talk you through the options.

 

Just How Secure is Your Cloud Data?

When we think about IT security, we tend to assume that anything private should be stored on our own computer. The idea of putting a private document onto someone else’s machine seems like madness, particularly in an ever-connected world.

This instinctual reluctance to move data around has made some companies wary of the cloud. But the truth is that many cloud services are more secure than the on premise solutions we’ve used in the past.

So what goes in to securing your data in the cloud?

ISO/IEC 27001 Compliance

ISO/IEC 27001 is the international standard for security management, and it’s a standard that we comply with. Using this framework, we ensure that third party data and sensitive information is handled appropriately.

Compliance with ISO/IEC 27001 is not guaranteed among cloud service providers. But we believe that it’s an essential part of keeping your data secure. When you compare us with the competition, check to see if they have certification.

Super Encryption

When we store your data on our servers, we encrypt it. Using a special key – a string of characters – an algorithm scrambles the data, and the key is required to restore it. By protecting the key, we prevent unauthorised access.

Encryption keys are incredibly secure. A 128-bit encryption key would take millions of years to break, even if you used a computer. Consider this: our online backup uses 256-bit encryption, and our Hosted Lync and MyOwnCloud services use 2048-bit encryption. You’d need billions of years to crack either.

Location of Data

All Cloud4 customers benefit from UK-based storage for their data. This is critical, since laws on data access vary around the world. When your data is kept in the UK, you benefit from the very best in speeds, but also know that your data is stored according to local laws.

Our datacentres are located in Manchester and London, and we access is completely locked down. Only authorised security staff and technical teams can ever get into the building without a vetted escort, and we have state of the art fire suppression systems ready to kick in if there’s a disaster.

Our support team is all located in the UK, too, and we’re available 24/7/365. If you have any security concerns, we’re always here to help you.

Email and Desktop Security

To prevent system infection, and ensure your data never gets compromised, our hosted products use all of the security software you’d expect. That includes anti-virus software, anti-malware scanners, firewalls and identity verification. We do all this while allowing convenient access to your data from any location. If you use the cloud to share and collaborate, you won’t be prevented from doing anything you need to do, yet any unauthorised users will be locked out firmly and permanently.

Test Drive the Cloud

High profile hacks always grab headlines, but the cloud is inherently very secure. We don’t use weak passwords, and we don’t leave your data in the hands of fate. Instead, we used tried and tested, military grade security using the very latest technology and techniques.

Where is Your Data Resting Right Now?

Small businesses have been quick to adopt cloud computing. For the nimble sole trader, or the agile start-up, the cloud presents obvious advantages. It’s affordable, and it can be deployed instantly. It scales without effort. And there’s no need to assign the airing cupboard as a makeshift server room.

For larger businesses, adoption can be fraught with problems, mainly because of compliance and governance. The cloud is not an inherently risky technology, yet many gatekeepers fear handing control to a third party.

Risk mitigation is all about knowing where data is stored, and understanding the means by which that data can be accessed. Cloud storage is not a compliance risk, but you should understand where your data is resting.

Boundaries and Laws

As many medium and enterprise clients ponder the finer points of cloud adoption, they often miss the bigger picture: where the data is stored. This problem was highlighted with the US Patriot Act, a piece of legislation that as arguably slowed growth in the US cloud market.

The Patriot Act was brought in to scupper terrorist communications in 2001, and it effectively gives the US government free reign over data that crosses its boundaries. This is quite an odd concept, since data is often thought of as being transmitted in a fairly random way, and without any regard to date lines, borders or continents.

In essence, the US government can intercept any data transmitted on a US network. It can also intercept data held by a US company. It’s effectively a very broad digital search warrant, and it affects the cloud because of the way cloud data is distributed.

Is It Risky?

In the US, some see the Patriot Act as being unconstitutional, but that argument is out of scope here. The real issue for internet users is access.

If you use a US cloud provider, your data will cross the boundary into US territory. For businesses, this could be seen as an unacceptable risk. If your IP is viewed by a third party, this could violate legal agreements, non disclosure agreements and contracts you’ve got with suppliers.

The US government has, in the past, demanded access to data stored in Europe because of the company’s links with the US. Microsoft was one target, in April 2014; its Irish data centre was subject to a federal court judgement.

Like With Like

Every country has privacy laws, terrorism laws, and ‘snoopers charters’. The Patriot Act is not unusual, and there are very good reasons for governments to access data in some cases.

However, if you’re in the UK, and you only do business here, it’s safest to stick with UK cloud providers. At the very least, you should try to keep your data within the EU, if only so that you know who can see it.

If government agencies have good reason for asking to see data, responsible providers will oblige. Naturally, that’s the way it should be. But it makes sense to choose only the most appropriate locations to store data, geographically speaking. And it pays to research the law before choosing your next cloud provider.

Could Your Server Bring Down Your Data Centre?

Businesses spend millions of pounds on data centre security, and for good reason. Data is one of the most valuable assets we have, along with the hardware and software that manages it. It’s rare to find a data centre that isn’t equipped with state of the art security; biometric locks, backup generators and comprehensive fire suppression.

When all this effort goes in to protecting business assets, it seems unlikely that the biggest threat to security could already be inside the data centre. Yet out of date, unpatched software is one of the things hackers look for when they prowl the internet, and your Windows server could be the invitation they’ve been waiting for.

The Problem With Windows

Windows Server is, generally, an excellent server solution. It’s built for enterprise performance, and its security is second to none – providing it’s kept updated. Microsoft’s update services for Windows Server keep software up to date automatically, at least while the product is current.

However, businesses can only count on Windows if it’s well maintained and up to date, and that’s where things get tricky. If Microsoft puts a product into an End of Life (EoL) phase, it’s a sign they need to take action fast.

In July, Windows 2003 is going to completely drop off Microsoft’s support schedule. There will be no patches, and no protection against new threats. If businesses are complacent about the potential consequences, they could find themselves with an expensive mess to clear up when hackers discover their old, unpatched server. And there is consequences way beyond data loss.

Compliance and Risk

Some industries attract much bigger compliance worries than others. While a small start-up need only protect a few hundred customer records, a large bank or insurance company has a much larger client base to protect.

It’s not just about usernames and passwords, either. There are myriad complex regulations covering consumer data, particularly in finance and medicine.

If any business is still using Windows 2003 after July 2015, and there’s an attack on the server, they’re vulnerable, and they only have themselves to blame. If the breach reaches the Information Commissioner’s office, there will be huge fines to pay, and the likelihood of negative media attention.

Worryingly, few businesses seem to have registered how serious this could be. According to research by Foxall, the End of Life for Server 2003 has attracted just 5 per cent of the publicity that Windows XP’s EoL attracted.

Cloud Solutions

Replacing servers can be an expensive and time-consuming process. Time is fast running out. If you haven’t taken action to retire your Windows 2003 server, you need to act fast to mitigate the risk, and we can provide a customised service that will help you meet the July deadline.

Cloud4 can set you up with hosted cloud servers – managed machines that slot directly into your existing data centre infrastructure. We can offer off-the-shelf solutions, or bespoke configurations especially for your business. Whether you’re already cloud-based or you’re yet to migrate, a cloud server is the ideal solution.

Do You Know Where Your Hosted Desktop Image is Stored?

All businesses have to comply with certain regulations and laws. In some industries – and continents – unmanaged compliance quickly becomes a burden on profitability. If the business doesn’t take its responsibilities seriously, it can end up paying fines and losing its hard-earned reputation.

If your business has its offices in the EU, you need to be careful about data storage. Cloud computing means your data could be stored literally anywhere if you don’t keep a close eye on the services you’re using.

What’s Special About Europe?

Globally, all businesses must meet compliance and governance requirements, and this has been a barrier to cloud adoption for many businesses. It’s not that compliance changes when you use the cloud – but the nature of the services you choose can affect its impact.

In Europe, there’s a law, the Data Protection Directive, which prevents the transmission of personal data to non-EU countries unless it’s dealt with in a compliant manner. There are 11 approved non-EU countries that are considered to be compliant; all others require special care.

Choosing a Provider Overseas

When storing data in the cloud, the business is responsible for that data. It cannot pass the buck to the cloud storage provider. You need to carry out due diligence and ensure your services are fit for purpose.

If you use a US provider, you need to make sure they are Safe Harbor members and regulated by the Federal Trade Commission. US and EU law actually conflicts in some areas, too. Don’t assume that the US is vetted and allowed for data protection compliance: it isn’t.

There’s the added complication of the Patriot Act: the law that lets US authorities gain access to any data held by a US company if they have good reason to do so. It doesn’t matter if the data was generated by a UK company, or is owned by a UK company. The fact is that it’s stored in US locations, so the Patriot Act is applicable.

The issue of compliance could fill a white paper, or even a book, but one thing is clear: it’s immensely complicated. While public cloud and private cloud services sound simple on paper, storing corporate data can be problematic… and storing your clients’ data very risky indeed.

Often, if you use a very large provider, your data may be stored in multiple locations without your knowledge. That makes it impossible for a UK business to know the risk.

Safe Options

As the data controller responsible for security and personal data, you are ultimately in charge of compliance. The fact that your provider does things you don’t know about is no excuse.

For UK companies, by far the safest option is to host data within the UK. This is a simple way to make sure your data is stored according to the laws applicable to you, so you have complete peace of mind. With your data in UK storage, your risk is mitigated and there are fewer fines to worry about too.

How to move on from Microsoft Exchange server 2003

Access your email from anywhere

On the 8th of April 2014, Microsoft ended support for one of their longest running operating systems – Windows XP. In addition, they also ended support for a flurry of other products such as Office 2003 and Exchange server 2003 – which is what we’ll be looking at in this article. Continue reading How to move on from Microsoft Exchange server 2003