February 2020

Google’s users in the UK will no longer be protected by Europe’s strict GDPR Google is planning to move its British users’ accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead, sources said. The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement. The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction. Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation. Google has decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data, the people said. So, what could this mean for UK Google users? If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations. The United States has among the weakest privacy protections of any major economy, with no broad law despite years of advocacy by consumer protection groups. In a nutshell, Privacy for UK google users is a great concern following this news Anito Lauriello Managing Director of Cirrus Technology solutions says “Google stores more personal and business data than anyone else on the planet! We are leaving the EEC but we have fully adopted all the Eu laws into British laws even after we leave and they all still apply UNTIL the UK chooses to start removing or altering them! It would be wise for the UK government to fully establish GDPR and to state fully that its still applies to all UK citizens and Google cannot circumvent that.” ​ Lauriello goes on to say ” What concerns me is that there are many businesses out there that probably keep confidential documents on Google Drive, some describing products or services that could be competitive to Google. Would Google misuse this change in data protection to access that data covertly under the pretence of social good/crime fighting etc, even if there was no such threat? My opinion is that Google taking this action is almost certainly based on grabbing more data” On the plus side UK/EU business would likely move to Microsoft in order to protect their data! If you would like to discuss your Data Storage options, then drop us an email hello@thinkcirrus.co.uk Google’s users in the UK will no longer be protected by Europe’s strict GDPR

With Storm Ciara and Storm Dennis having caused widespread damage to many homes and businesses, it really is so important to have a disaster recovery and data back up in place. We are very aware of the ongoing issues that extreme weather is having an effect on Business. Let’s talk about top tips for disaster recovery planning. Disaster recovery sounds deadly serious and scary, but it’s simple really. The key to Disaster Recovery success is having a set of objectives that are realistic and just right for your business.  Essentially, you need to think about three things – planning, preparation and technology. I know it might sound simple, but a Disaster Recovery plan needs to represent all functional areas within I.T. and across your business before, during, and after a disaster. It needs to include applications, networks, servers & storage. Contingencies, such as “what-if” scenarios should be considered as part of planning process. Decisions need to be made regarding levels of disruption that will constitute a disaster, downtime and loss tolerances. This plan needs to be written down and accessible. Analyse impact, understand risks and prioritise recoverability. Here are some top tips to follow to help with your disaster recovery planning: Disaster Recovery is an INVESTMENT – not a cost Data protection and recovery requirements may seem too expensive and Disaster Recovery is considered a particularly heavy expense, one that most organisations have a great deal of difficulty absorbing. However, think about it – being able to address the I.T. cost for Disaster Recovery is an issue of integrating Disaster Recovery into standard operations as much as possible. Ideally, the Disaster Recovery resources and equipment are not viewed as technologies that are sitting idle. Ultimately, this comes down to making an informed decision of either spending money or accepting risk. Newer technologies are emerging that make this more cost effective. Regardless, Disaster Recovery needs to be treated as an investment. It is an insurance policy. Realistic Disaster Recovery Objectives Prioritise your Disaster Recovery policy. Business continuity is important for any company, no matter how big or how small. However, in fact, some small business may feel it more because they don’t have the man power or infrastructure in place to be able to deal with an emergency. So, lets looks at the Disaster Recovery capabilities and resources of your business.  Are your goals attainable? If something goes down, how long do you expect it to take to be up and running again? Depending on the size of your business you might already know this, but for the novices out there it is important to set realistic Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). Question. When does the clock start ticking and what tolerance is permissible for an outage? Those are Recovery Point Objectives to consider.  As for the Recovery Time Objectives, ask yourself how current is the data prior to the disaster? These are the key matrix items that need to be determined and supported. It is important to examine whether the infrastructure can support the goals. Keep the Disaster Recovery Plan Current Disaster Recovery planning needs to be part of the day-to-day operations of the I.T. environment and even though it is an exception, it should always be at the forefront of people’s minds. Once the Disaster Recovery plan is created, it needs to be maintained and updated every time anything changes within the I.T. environment. The dynamic nature of I.T. and technology ensures that the Disaster Recovery plan will fail if the management of the plan is not part of change management. Test The Disaster Recovery Plan! The Disaster Recovery plan needs to be tested regularly to ensure the business can recover the operation successfully and in a timely fashion. Disaster Recovery testing is a major challenge for most IT departments, but if recovery has not been tested all the way to the application level, it is very likely that problems will occur. Even though a Disaster Recovery test is a major operational disruption it shouldn’t be treated as a pro forma exercise but needs to include true end-to-end testing all the way to production. The focus needs to be on recovering applications rather than servers since with today’s complex applications, client server and web-based multi-tier applications, the components reside on multiple servers thus there are interdependencies between these. If disaster recovery has not been tested all the way to the application level, it is very likely that problems will occur. The philosophy for Disaster Recovery testing needs to change. Basically the approach used for software quality testing should be adopted, where finding bugs is a positive thing. Finding problems in Disaster Recovery is equally positive as long as these issues are resolved to eliminate problems during a real disaster. Disaster Recovery Risk The Disaster Recovery plan needs to address the right risks. Disaster recovery is essentially an insurance policy. How much and what kind of insurance is needed? What sort of risks is the organisation willing to take? The definition of what constitutes a disaster that is covered by the plan has to be considered. Many recent disasters were floods but various kinds of other weather activity and fires need to be considered as well. There are elements within the organisation’s environment that need to be considered from the standpoint of what constitutes a disaster. A site outage, application outage, or even a server outage could constitute a disaster for an organisation. Disaster Recovery BACKUPS What happens when the backups don’t work? For many, tape backup is still the primary medium for disaster recovery, certainly for off-site disaster recovery. Who uses tapes anymore?  As an alternative, replication across a WAN is growing, but it might be too costly an option for some businesses. Application recover-ability must be validated through the recovery of backups to the application level. Get in touch today to discuss how Cirrus can assist you with your Disaster Recovery Plan (DRP) and give you peace of mind.

Is your IT stressing you out?… Think Cirrus Technology Solutions Is your IT stressing you out? Think Cirrus Technology Solutions. Stressed out of not having enough resources to set up a modern IT department? Well, you can outsource your tasks to a managed IT service provider! Managed IT service is a phrase that keeps cropping up in the business world, but what does it mean? What are the benefits of going this route? Let’s look into these and more in detail. What Managed IT Services Means In a business world driven by technology, you need tech to keep you running smoothly. A tech team will diagnose your systems and solve problems in both hardware and software. But what if you can’t afford to have an in-house tech support team? That’s where managed IT services come in. For a flat-rate monthly or yearly fee, you can get that tech support your business is craving without having to spend too much. Let’s look at some common managed IT services for businesses. Common Managed IT Services for Businesses 24-hour maintenance  Every business yearns for smooth operations, regardless of whether it is purely online or has physical offices. If you have never been at peace where IT-related tasks are concerned, consider a managed IT service. You are bound to get a team of experts who can handle all IT-related chores such as updating the software, troubleshooting, removing bugs, installing new programs, and maintaining data security, etc. That said, make sure that you only work with one of the most reputable managed service providers around. Working with the right managed IT service provider will lead to smoother operations in your business Network monitoring  Communication is vital for a seamless flow of business activities. However, when there are undetected and unresolved network issues, you are likely to frustrate customers and even lose some. Skilled IT support teams know about the essence of network communication in business.  They monitor networks all the time and are swift to recognize issues even before they affect your processes. But they don’t just identify the problems; they also fix the issues to prevent costly complications.  Data backup  Think about the one time you lost a phone or an important document. How was the experience? Now imagine losing all the business data you have strived so hard to store. That would be a huge blow that you probably don’t even want to imagine. If you have not backed up the data, it is synonymous with waiting for the incident. You ought to make smart choices with your business data. The best way is to sign-up with the right managed IT services provider for help if you don’t have the expertise to handle data in-house. Unified communication channels  A managed IT service firm can also help you set up and maintain a unified communication channel. This means that instead of juggling between your office phone, instant messenger, emails, and voicemails, you will have one platform where you can access all the contacts. Besides, you will be able to contact your team using the desired channels. It’s a nice way to save a lot of time and energy. Customer Support A managed IT services provider firm can also take over all the customer support tasks in your business. The service can help support daily tasks in the same way you would have if you had your in-house team. For example, if you have IT queries from clients, the external team should be able to act on them quickly, with your company’s ethos in mind.  Why You Should Consider Managed IT Services Save Money An outsourced IT service comes in handy when you can’t afford an IT department to handle the service. The plans for a managed IT service provider are often flexible, meaning you will be able to budget beforehand and work within your budget. Grow Your Business IT is very much the core of business these days. In other words, the right managed IT service streamlines your business, a feat that translates to growth. Yes, you will essentially be leaving the IT tasks to pros who will handle it better at lower costs. The managed IT service team also focuses on your short and long-term goals, which is far more advantageous than hiring a professional IT expert for a periodic gig. Final Thoughts: In a nutshell, managed IT services are here to stay as more businesses try to cut on costs while improving on the quality of services. It’s a great way to let you focus on what your business does best and leave IT tasks to the pros! Is your IT stressing you out? Think Cirrus Technology Solutions

How to stay SAFE online How can we help you to stay safe online? The internet has revolutionised the way that we work, but can sometimes seem like a daunting place. With the rise in cyber attacks, malware and malicious activity, users need to be aware of potential threats to their online safety. The increase in the use of Internet of Things (IoT) devices in the home can affect network security, as some devices are not secure by design and use default usernames and passwords. Any device that connects to the internet needs to be secure and users should follow the same security procedures as they would with a PC or laptop. We’ve put together some internet security tips – we all know the basics, but a reminder didn’t hurt anyone! Keep up-to-date: It is vital to keep all software up-to-date so that you have the latest security patches and updates. Hackers often take advantage of bugs and flaws in outdated software, so turn on automatic updates. Passwords: People tend to choose passwords that are easy to remember and use them for multiple accounts. Create strong, unique passwords mixing letters, numbers and special characters, or use a password manager such as LastPass. Use a firewall: A firewall is a barrier that blocks unauthorised access to your computers and devices. Using a firewall will ensure that all of the devices connected to your network are secured. This is important because many IoT devices are not secured, giving hackers access to your entire network. Antivirus: Antivirus software will help to protect your computer from viruses, worms, Trojan horses and other unwanted activity that can put your computer at risk. These viruses can perform malicious acts once installed on a computer such as deleting files, accessing personal data, or using your computer to attack others. 2 Factor Authentication: 2FA provides an additional layer of security, helping to avoid the vulnerabilities of a standard password-only approach. The most common form is a code that is sent via SMS message to authenticate. This approach prevents your log-in information from being so easily compromised and personal data stolen. Use a Virtual Private Network (VPN): A VPN allows you to create a secure connection to another network over the internet. VPNs can be used to shield browsing activity from hackers who may be watching the network. When using public Wi-Fi, it is especially important to use a VPN. Use secure sites: Before entering payment or personal details into a website, check that the site is secure. Check for the small padlock in the address bar and that the beginning of the web address is https:// – the ‘s’ stands for secure. Be aware: Many cybercriminals use phishing techniques to get hold of personal information. Using emails that appear to be from trustworthy sources, they request sensitive information to use for fraudulent purposes. Never click links or open attachments in emails that you are not expecting to receive. Backup your data: Have your data backed up in an external location. If a problem was to occur, your data would be kept secure and you would be able to recover it. Multiple layers of protection: Follow all of the above tips to stay safe online on all of your devices! How do you stay safe online? Let us know in the comments or tweet us at @Thinkcirrus

Research reveals UK industry sectors most vulnerable to cyber-attacks A new research report reveals how technology decision makers at UK Businesses are prioritising cyber security to ensure business continuity and growth. A new research report reveals how technology decision makers at UK Businesses are prioritising cyber security to ensure business continuity and growth. The report also highlights newer technologies such as robotics and AI that businesses plan to adopt, how they are using technology to power remote workforces and what technologies they are adopting for growth. The vast majority of UK Businesses (81%) confirmed that they had suffered a data breach or cyber-attack, with a considerable two in five (37%) admitting they had suffered multiple breaches. Industry verticals had a significant bearing here, with the hospitality, healthcare, and legal industries topping the list of those suffering multiple attacks. The top six verticals where respondents had more than one breach, by vertical: One respondent said their Business suffered at least eight attacks. Reasons to attack key industries Hospitality The hospitality industry is becoming increasingly prone to cyber-attacks because it holds a host of personal and financial information on its guests, as well as other sensitive data, such as payment card information. Internal audits have an important role to play by critically evaluating the cyber footprint of their organisations.With a hotel Wi-Fi being a public access network and with staff computers allowing access to the cloud database, the concerns about cyber safety in the hospitality industry are definitely not something to take for granted. In the high-profile Marriott cyber-attack, nearly 400 million customer records were breached. These include 9.1 million encrypted credit card numbers, over 23 million encrypted and unencrypted passport numbers, together with names, addresses, phone numbers and emails. Marriott failed to protect its customers’ data. This has resulted in the company being faced with the cost of restoring its systems, being subject to regulatory fines and class-action litigation. Perhaps most damaging of all is the substantial damage to hotels brand reputation. Healthcare Public sector healthcare providers are particularly susceptible to supply chain attacks that exploit the chain of trust, targeting the valuable personal data which healthcare providers store and process. Suppliers can be seen as more vulnerable and an easier route for attackers to gain access to a more lucrative target. Hospitals store an incredible amount of valuable, confidential patient data which hackers can sell on easily – making any supplier to the industry a target. Legal  The legal sector is particularly vulnerable to cyber-attacks due to the volume of data, sensitive information, financial responsibility and authority held. If a law firm specialises in corporate or property law, they are at increased risk, as the potential for financial gain is greater. Although the main reason law firms are targeted is for financial gain, there is also a growth in bad actors using cyber-attacks to achieve political, economic or ideological goals. HR & Recruitment Payroll fraud, recruitment scams, corporate espionage – cyber-attackers have found numerous routes into organisations via HR. Any identifiable information is valuable to criminals, and payroll and other HR systems are a treasure trove of names, addresses and bank details. If this is compromised, not only can it affect individual employees, it also gives attackers more ammunition with which to increase the likelihood of a successful attack on other parts of the business. Additionally, recruitment agencies are prime targets for malware. If hit by a data breach, employment agreements and sensitive documents such as passport scans and visa details are all left exposed. Manufacturing  The manufacturing sector, which includes automotive, electronics, and pharmaceutical companies, has always been a vulnerable industry when it comes to cyber-crime and security breaches. This is because intellectual property is incredibly valuable, and often manufacturing firms rely on highly specific software packages that are difficult to patch against recent exploits, making them highly vulnerable to attack. Financial  The threats facing organisations working directly and indirectly with the finance sector go far beyond simple theft. Cyber threats facing banks, insurance companies, asset managers and similar organisations range from basic consumer-grade malware all the way up to highly targeted attacks from organised criminals and state-sponsored actors. Financial service providers are a hacker’s favourite, given the nature of the private information held by those organisations. Managing Director of Cirrus Technology Solutions, Anito Lauriello “Most SME’s do not understand what a Cyber Attack is let alone appreciate it’s potential consequences for their business.  The terrible truth is small businesses believe it won’t happen to them and as a result they make no effort to understand the issues or put measures in place to prevent an attack.  Also remember  most attacks originate from within the company meaning most of the time prevention is completely within their control” In the unfortunate event of a cyber intrusion, it is important that you know what steps to take in order to fix the current issue, and make sure that it doesn’t happen again. In these instances, how you respond to the problem can mean life or death to your company. When secure information becomes accessible to others online, it can create long-term issues for both financial and information security. Cirrus Technology Solutions help not only avoid malware attacks, but they can also help solve issues that have occurred because of malware attacks. IT services have access to programs and technology that will expose the threat and find the best timely response to ensure that your company’s safety is the top priority. Sometimes despite your best efforts to hire qualified staff, they just cannot compare to the efficiency that an IT managed service can provide. Having not just one, but a team of professionals to ensure your company’s security is an added benefit of IT services that no single employee can substitute.