Author name: admin

Easy to hack passwords banned in the UK by Helen C.                                                                                                                                                                                                                               May 2024 Passwords are the frontline of defence for most people when protecting their data online and there is now a new law in the UK which bans people from having certain easy to hack passwords. New laws came into effect this week in a significant step to protect consumers from the soaring number of cyber-attacks that are affecting both businesses and individuals. It is now mandated that internet connected smart devices must meet minimum-security requirements which are set out in the new laws. What do passwords do?   Passwords can be thought of as house keys. The password being the key and the information being our house. The key lets you in and is unique to your house – it won’t let you in next door’s house, just like a password does. If you give your key to someone or you lose it, then your house is not secure and other people can gain access. Passwords are the gatekeepers to our information, and it is vital that they are strong. All a hacker needs to get in is your account name and a password. Now your account name is usually an email address or your name, so it is vital that your password is secure enough to protect your data. When a data breach happens in a business, often what’s stolen is a huge list of email addresses, which means that cyber criminals are one step closer to your information and that is one of the reasons the government have changed the legislation. The 5 most common passwords used by businesses in the UK   NordPass have been keeping track of the password habits of business executives across several levels of management, revealing that the top 5 passwords are: 1: 123456 2: password 3: 12345 4: 123456789 5: qwerty Alarmingly, these passwords can often take hackers less than a minute to crack. Is your password on the list? The need for this legislation is clear, and the government has pledged £2.6 billion as part of the wider National Cyber Strategy, which aims to protect and promote UK national interests in cyberspace and online. In today’s world where Smart devices are owned by nearly 99% of UK adults and the average UK home has 9 connected smart devices this legislation is a crucial step forward in cyber security. Speaking about the impact of the new law, Minister for Cyber, Viscount Camrose said: “From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world first laws that will make sure their personal privacy, data and finances are safe.” A world-first   The UK is the first country in the world to these laws which mean that all internet enabled devices, including phones, games consoles and even fridges, must meet legally required standards to protect consumers from hacking and cyber-attacks. Data and Digital Infrastructure Minister Julia Lopez said: “Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.” In a recent Which? investigation they found that a home filled with smart devices could be facing over 12,000 hacking attacks in just one week. They also discovered that across just five devices in 1 week, 2,684 attempts were made to guess weak and default passwords. This means that the average UK home faces 4,697 password hacking attempts to guess weak and default passwords a week. That is 20,409 attempts in a year. Strong passwords should form an integral part of any cyber security strategy and the changes made on Monday not only recognise this but have brought into law the need for strong passwords. Hopefully this will highlight the importance of strong passwords across all devices, whether mandated in law or not. It is essential that strong passwords are always used to keep your data secure. What makes a strong password?   Lots is written on this and there is a lot of guidance floating around the web about what makes a strong password, so let’s keep it simple: Your password should be unguessable and random, with no identifiable information used that could be found easily on the web or guessed after a quick glance at a social media page. We recommend a minimum of 20 characters, using upper and lower case letters, symbols and numbers, but the longer and more random the more secure it will be. Aim to have something that does not read like standard English and that you wouldn’t find in a dictionary. Good password example: P9*joo&Ghj^rdf£40slE3JH Bad password example: Panda Always create a new password for each site you use. Lots of random unique passwords, like the example of a good password above, are essential. Never re-use the same password across multiple sites. Change your password frequently, more frequently when you are using a site which contains more sensitive or personal data, such as a bank. Never keep your password on a piece of paper or somewhere where it can be easily accessed by others and don’t share it. These steps will help you to create a strong password, but we recommend a multi-faceted approach to using passwords to keep your data safe and

Fundamentals of Security   This article is about the Fundamentals of Security for SME’s.  Small Business Owners often downplay or ignore  threats to their business with a common belief they would not be targeted and too small.  In 2023 38% of Small Business suffered a Cyber Attack of some kind. Cyber Guidance for SME We don’t want to scare you into action.  But most of the steps to help protection your business are simple, some of them free and mostly inexpensive.  Below are a few common steps you can take to protection your business from threats.  This isn’t exhaustive, you don’t necessarily need all of the steps, but if you take some you will be going in the right direction. So what are these Fundamentals of Security?   So before we dip into the specifics lets talk about a couple of overriding principles worth bearing in mind. Security is created through a number of layered solutions.  It’s not just about (for example) having Antivirus (AV). AV is important but it needs to be thought of as a component and one of a number of solutions Policy based application of the tools you use to.  There is no point having AV if you are going to allow users to disable or uninstall it.  A policy based solution will ensure these changes cannot take place OR that you are at the very least notified to take action. Access Control Passwords, Single Sign On (SSO), Password Managers & Multi-Factor Authentication (MFA) and Bio-metrics. As a simple place to start you should always have 2 of these as a minimum.  Password + MFA or Bio metrics + MFA are good examples.  Depending on your environment, the applications you use, how they are accessed, by whom and from where might lend weight to some of the other options.  At Cirrus we use ALL of these for different systems, different reasons and situations.   We mandate strong passwords + MFA, these are selections we insist our team subscribe to.  In addition to this we use SSO in all situations where an application allows us. SSO for Starters & Leavers The attached article from Gartner Advantages vs Disadvantages talks about client experience in deploying SSO.  Like everything else on the topic, SSO is not a silver bullet but a useful and practical approach to Access and Security.  SSO also simplifies administration for starters & leavers as you will have less to setup and less to remove.  The fact users have to remember, manage and set fewer passwords also improves the experience and removes the more hard to ignore prompts for passwords. Password Managers In situations where passwords are less avoidable, password managers provide a great way to store and generate SECURE passwords.  Password Managers coupled with MFA provide really robust access and decrease the need to have regular password changes.  If the password for a system is secure and the password it self is 20 Characters, has upper and lower case letters, contains numbers and special characters breaching the password itself requires a very different act Disk Encryption If you are running Windows 10 or 11 in your business environment Disk Encryption is built and FREE to use.  Depending on settings it may need to be enabled but it’s a no-brainier of a step to take.  If you are running MacOS, all versions support Encryption too.  Disk Encryption protects in the event of the equipment being stolen Patch Management Most high profile data breaches of the last few years;  BA, NHS & Talk Talk are largely attributed to exploiting a vulnerability that had been previously addressed but not deployed to devices .  Patching applications, Operating Systems & Hardware all need to form part your defense strategy.  A policy based solution can ensure updates happen outside of core working hours and  do not interrupt productivity. AntiVirus An Antivirus solution should certainly be part of your strategy.  The subject of Antivirus is a commonly understood aspect of security so we won’t dig too deep into the merits of this.   Having a solution that is policy based, that does not allow users to disable it and , importantly, report/ alert when malicious content has been detected should be a must and be something you look for.  All vendors have this management capability Mail Scanning Mail is a huge part of any business and as a result e-mail is the number one vehicle for transmitting threats and attempting to exploit your organisation. ViPRE Security Report highlights the volume and scale of this issue with criminals evolving fast in terms of the volume of messages but also the types of threats.  Mail threats often appear genuine or familiar.  Increasingly they contains links to external sites, attach documents or ask you to call a number.   Considerations Our Fundamentals of Security are not the only aspects for consideration.  Backing  up your data is also important as are network policies and having a robust firewall.  Clients also look toward Cyber Essentials certifications or full Information Security as part of their strategies to bolster security but also raise awareness with employees.  All of these are valid and as as a minimum should be discussed Conclusion It’s a big topic.  We understand.  But broken into a number of workable action items everyone can take some basic steps to protect their business from on-line threats.  Cyber criminals are not targeting your SME, they are targeting everyone’s SME. For more information contact us : hello@thinkcirrus.co.uk T: 03303 130966 #cybersecurity #manageditservices #cheshirebusiness

Fundamentals of Security   This article is about the Fundamentals of Security for SME’s.  Small Business Owners often downplay or ignore  threats to their business with a common belief they would not be targeted and too small.  In 2023 38% of Small Business suffered a Cyber Attack of some kind. Cyber Guidance for SME We don’t want to scare you into action.  But most of the steps to help protection your business are simple, some of them free and mostly inexpensive.  Below are a few common steps you can take to protection your business from threats.  This isn’t exhaustive, you don’t necessarily need all of the steps, but if you take some you will be going in the right direction. So what are these Fundamentals of Security?   So before we dip into the specifics lets talk about a couple of overriding principles worth bearing in mind. Security is created through a number of layered solutions.  It’s not just about (for example) having Antivirus (AV). AV is important but it needs to be thought of as a component and one of a number of solutions Policy based application of the tools you use to.  There is no point having AV if you are going to allow users to disable or uninstall it.  A policy based solution will ensure these changes cannot take place OR that you are at the very least notified to take action. Access Control Passwords, Single Sign On (SSO), Password Managers & Multi-Factor Authentication (MFA) and Bio-metrics. As a simple place to start you should always have 2 of these as a minimum.  Password + MFA or Bio metrics + MFA are good examples.  Depending on your environment, the applications you use, how they are accessed, by whom and from where might lend weight to some of the other options.  At Cirrus we use ALL of these for different systems, different reasons and situations.   We mandate strong passwords + MFA, these are selections we insist our team subscribe to.  In addition to this we use SSO in all situations where an application allows us. SSO for Starters & Leavers The attached article from Gartner Advantages vs Disadvantages talks about client experience in deploying SSO.  Like everything else on the topic, SSO is not a silver bullet but a useful and practical approach to Access and Security.  SSO also simplifies administration for starters & leavers as you will have less to setup and less to remove.  The fact users have to remember, manage and set fewer passwords also improves the experience and removes the more hard to ignore prompts for passwords. Password Managers In situations where passwords are less avoidable, password managers provide a great way to store and generate SECURE passwords.  Password Managers coupled with MFA provide really robust access and decrease the need to have regular password changes.  If the password for a system is secure and the password it self is 20 Characters, has upper and lower case letters, contains numbers and special characters breaching the password itself requires a very different act Disk Encryption If you are running Windows 10 or 11 in your business environment Disk Encryption is built and FREE to use.  Depending on settings it may need to be enabled but it’s a no-brainier of a step to take.  If you are running MacOS, all versions support Encryption too.  Disk Encryption protects in the event of the equipment being stolen Patch Management Most high profile data breaches of the last few years;  BA, NHS & Talk Talk are largely attributed to exploiting a vulnerability that had been previously addressed but not deployed to devices .  Patching applications, Operating Systems & Hardware all need to form part your defense strategy.  A policy based solution can ensure updates happen outside of core working hours and  do not interrupt productivity. AntiVirus An Antivirus solution should certainly be part of your strategy.  The subject of Antivirus is a commonly understood aspect of security so we won’t dig too deep into the merits of this.   Having a solution that is policy based, that does not allow users to disable it and , importantly, report/ alert when malicious content has been detected should be a must and be something you look for.  All vendors have this management capability Mail Scanning Mail is a huge part of any business and as a result e-mail is the number one vehicle for transmitting threats and attempting to exploit your organisation. ViPRE Security Report highlights the volume and scale of this issue with criminals evolving fast in terms of the volume of messages but also the types of threats.  Mail threats often appear genuine or familiar.  Increasingly they contains links to external sites, attach documents or ask you to call a number.   Considerations Our Fundamentals of Security are not the only aspects for consideration.  Backing  up your data is also important as are network policies and having a robust firewall.  Clients also look toward Cyber Essentials certifications or full Information Security as part of their strategies to bolster security but also raise awareness with employees.  All of these are valid and as as a minimum should be discussed Conclusion It’s a big topic.  We understand.  But broken into a number of workable action items everyone can take some basic steps to protect their business from on-line threats.  Cyber criminals are not targeting your SME, they are targeting everyone’s SME. For more information contact us : hello@thinkcirrus.co.uk T: 03303 130966 #cybersecurity #manageditservices #cheshirebusiness

Why You Might Need a Technology Partner?   As a business owner, director or head of a department, you probably want to focus on your core duties and for technology to just work.  Like any business the word technology has come to mean a lot of things.  From internet connections or WiFi to applications working or just the phone on your desk allowing you to make or receive calls.  Whose job it is to make these systems work? You probably have neither the time nor inclination to manage either.  If this is you, maybe it’s time to think about a technology partner. Our Business   Our business is to look after your business, specifically the technology you use or maybe need.  We have a framework to take all of the daily pains away, centralise and organise them into your IT function.  A single home, a single point of accountability.  You let us know the the problem and we’ll manage it and when done report back.  No tearing your hair out, frustration or hours on the phone being passed from pillar to post. It’s worth at this juncture talking a little about our capabilities and breadth of services.  Lets explain briefly about what we do and how we operate. We operate a service desk from our offices in Ellesmere Port near Chester 7 days a week.  From here we take calls and resolve client issues.  We also have our monitoring systems that are checking the health of YOUR systems 24×7 7 days per week.  This allows us to take proactive steps to ensure you stay working while we head off issues before they affect you.  In addition all of YOUR systems are patched with updates and have maintenance routines run on a regular basis.  Our services are backed by service levels and a reporting system to ensure expectations are managed and you are up to date on both routine activities but also more high severity incidents.  We understand that how we manage key issues is every bit as important as the solution itself. To support this we also have 60 field engineers who cover the UK that can be with you quickly where the need arises. It’s not just about fixing the issues either   As a technology partner we also design and install systems.  Whether it’s hardware or software we can design and deliver services which then go under management and business as usual.  Internet Connectivity, Wi-Fi, Structured Cabling, Network Equipment, Security, Hosting, Door Entry, CCTV, Software Licensing & Application Development are some of the many things we can provide. Consult, Design, Deploy & Manage.  Way more than IT Support.  A true partner. Want someone to look after the mundane?  ThinkCirrus Looking for strategic advice? ThinkCirrus Need help with expansion? ThinkCirrus Keen to ensure your technology is keeping pace with the business? ThinkCirrus If this resonates and you would like to know more you can arrange an intro meeting here On-line Meeting with Cirrus if you’d prefer face to face drop us an e-mail to hello@thinkcirrus.co.uk or call 03303 130966, we’d be more than happy meet you in person  

Why You Might Need a Technology Partner?   As a business owner, director or head of a department, you probably want to focus on your core duties and for technology to just work.  Like any business the word technology has come to mean a lot of things.  From internet connections or WiFi to applications working or just the phone on your desk allowing you to make or receive calls.  Whose job it is to make these systems work? You probably have neither the time nor inclination to manage either.  If this is you, maybe it’s time to think about a technology partner. Our Business   Our business is to look after your business, specifically the technology you use or maybe need.  We have a framework to take all of the daily pains away, centralise and organise them into your IT function.  A single home, a single point of accountability.  You let us know the the problem and we’ll manage it and when done report back.  No tearing your hair out, frustration or hours on the phone being passed from pillar to post. It’s worth at this juncture talking a little about our capabilities and breadth of services.  Lets explain briefly about what we do and how we operate. We operate a service desk from our offices in Ellesmere Port near Chester 7 days a week.  From here we take calls and resolve client issues.  We also have our monitoring systems that are checking the health of YOUR systems 24×7 7 days per week.  This allows us to take proactive steps to ensure you stay working while we head off issues before they affect you.  In addition all of YOUR systems are patched with updates and have maintenance routines run on a regular basis.  Our services are backed by service levels and a reporting system to ensure expectations are managed and you are up to date on both routine activities but also more high severity incidents.  We understand that how we manage key issues is every bit as important as the solution itself. To support this we also have 60 field engineers who cover the UK that can be with you quickly where the need arises. It’s not just about fixing the issues either   As a technology partner we also design and install systems.  Whether it’s hardware or software we can design and deliver services which then go under management and business as usual.  Internet Connectivity, Wi-Fi, Structured Cabling, Network Equipment, Security, Hosting, Door Entry, CCTV, Software Licensing & Application Development are some of the many things we can provide. Consult, Design, Deploy & Manage.  Way more than IT Support.  A true partner. Want someone to look after the mundane?  ThinkCirrus Looking for strategic advice? ThinkCirrus Need help with expansion? ThinkCirrus Keen to ensure your technology is keeping pace with the business? ThinkCirrus If this resonates and you would like to know more you can arrange an intro meeting here On-line Meeting with Cirrus if you’d prefer face to face drop us an e-mail to hello@thinkcirrus.co.uk or call 03303 130966, we’d be more than happy meet you in person  

Our CSAT results are in for March and quite honestly we’re over the moon with 100% positive feedback. CSAT is an abbreviation for Customer Satisfaction, it’s a way of asking clients to provide feedback based on their experience and overall satisfaction having raised a support query with us. In March 2023 we achieved 100% positive replies. We’re a technology business, we provide, manage, support and maintain IT infrastructures for clients across the entire UK. We are also very much a people business and if you look to our website it says People First, Technology Second. How our clients feel about the work we do is every bit as important as any metric you’d choose in a relationship. But we work with and help people, this is the foremost aspect we consider when training our teams. 100% CSAT for a month is exceptional and we’re not under the illusion it will stay this way every month. But it is what we strive for. In the 8 months we’ve been doing CSAT our lowest score was 89.4% and this compares to an industry average of 77% https://www.fullview.io/blog/csat-benchmarks-by-industry so being well above average is a great place to be. Positive feedback is wonderful, but naturally you learn more from the situations that don’t always go to plan. For this reason any feedback we receive that is less than positive we put a phone call into the person to understand why they scored the way they did and what we could have done in that instance to improve. From a service management perspective https://en.wikipedia.org/wiki/ITIL CSI (Continual Service Improvement) is a key behavior of any managed service that we strive for and review on a regular basis. Thinking about IT Services, #ThinkCirrus For more information please call 03303 130966 or e-mail hello@thinkcirrus.co.uk https://thinkcirrus.co.uk