An IT Support Blog from London

IT security is one of those business risks that can go under the radar until the worst happens. Businesses that do not operate in the technology arena are especially vulnerable to the consequences of the lack of IT risk assessment. Fortunately, these existential risks can be completely avoided.

What does an IT security assessment do?

In essence, IT security assessments are the actions and procedures that determine, evaluate, and then eliminate a range of vulnerabilities in technology systems and the business processes linked to those systems.

Password security is a major issue that no business or enterprise can ignore. Countless hacking attempts succeed due to inadequate password security. However, remembering all those strong and (hopefully) unique passwords can be tedious, to say the least. Are password managers an alternative? Let’s take a look.

Data breaches can result in dire financial repercussions for any organisation that has to deal with sensitive data, whether that be personally identifiable information (PII), personal health information (PHI), payment details, or other similar data. Depending on the number of records compromised, the costs range anywhere from tens of thousands to hundreds of millions of dollars.

The latest Ponemon study, sponsored by IBM and released in July 2018, calculates the full cost of “mega breaches” (involving more than 1 million lost records) to be $350 million. This figure takes into account the more evident cyber incident expenses such as those for technical investigation, customer breach notification and credit monitoring, regulatory fines and litigation services, among many others. The organisation would also have to cover the cost of investing additional resources into network security improvements.

In this blog, we’ve covered many of the ins and outs of BYOD (bring your own device), including the pros and cons. In reality, much of the discussion is no longer about whether employees should be allowed to connect to company networks with their own devices, BYOD is simply becoming the standard way of operating.

A study published in 2016 suggested that 59% of businesses allow BYOD, and things have certainly moved along in the intervening years. The only remaining point of discussion is BYOD cybersecurity. In this post, we give you eight top tips to help ensure BYOD does not pose a threat to your business.

A new IT security threat is infecting computers across the globe, and it could be wreaking havoc on your organisation’s devices as you read this post. This malware threat uses a computer’s processing power to mine cryptocurrency, without the knowledge or consent of the owner.

Unauthorised cryptocurrency mining–or cryptojacking, as it is commonly called, is spreading like wildfire. This is not surprising, given how simple it is for cryptojacking scripts to infiltrate a computer. Hackers can initiate it using one of two methods:

The year 2017 was a dismal year for IT security, particularly in the arena of ransomware.

Less than 12 months ago, the ransomware worm WannaCry wreaked havoc across the globe, placing large organisations – including NHS trusts in England and Scotland, at the forefront of one of the most prolific cyber attacks in history. Then followed NotPetya (initially believed to be the Petya malware of 2016) in June, which also spread quickly and, even without the aid of human intervention, managed to harm multinational companies.

Yet more ransomware attacks compromised the data of individuals and organisations, but they were not nearly as high profile as the aforementioned attacks, and this prompted many people to believe that ransomware is no longer the threat that it was twelve months ago. But is this really the case?

It is easy to follow the mistaken belief that beefing up security at your business involves buying expensive hardware and software or hiring a top-rated security consultant to step in and make major changes. In fact, it is possible to make solid security progress by simply following good practice, and by tightening protection where needed.

Making these essential improvements is important for businesses of all sizes. In 2016, the Federation of Small Businesses found that the UK’s small businesses are collectively attacked over 7 million times a year, costing up to £5.26 billion. In this article, we cover some of the most effective ways to improve resilience against these attacks without spending an arm and a leg.

DDoS attacks are typically designed to inundate servers and entire networks by consuming computing resources through large volumes of traffic, connections, or requests. And so, because cloud infrastructures are assumed to be backed by a large assemblage of such resources, many people believe their servers are less susceptible to these types of attacks if they’re hosted in the cloud. But that’s not entirely true.

If your servers are hosted in a multitenant environment along with a bunch of other servers belonging to other organisations (which is usually the case in a public cloud), your servers could be at risk of collateral damage. If those other servers (note: not yours) are bombarded by a DDoS attack and your cloud service provider (CSP) attempts to absorb the attack, your own servers, which share the same underlying infrastructure with those other servers, could also suffer.

Web content filtering is typically supplied as part of broader cybersecurity measures, with most internet security appliances offering the option to enable filtering, and many default configurations enabling it from the outset. Yet as with many topics in information security IT personnel should never assume that content filtering features are active or optimised. In this article, we outline key reasons why content filtering is still so important, and briefly describe how to enable content filtering for your organisation.

HTL Support's Business Briefing event on 23 February was a resounding success and offered delegates real insight into the EU General Data Protection Regulation legislation and its likely effects on the IT sector. Demand for the event was far in excess of available places and is an indication of just how relevant the impact of GDPR is to anyone working in IT.