Staying safe at home is still the order of the day, and as we have become physically isolated, we have become more digitally connected – to our workplaces, our data and each-other. This is undoubtedly a good thing in terms of keeping everything going, from personal relationships through to critical projects and day-to-day business, with some damage avoidance already done for those businesses with strong work-from-home or cloud-based elements to their processes. As we become more physically separate however, the number of security flaws begins to increase. With a physically disparate workforce, or a family where home visits are impossible, it is hard to ensure that everyone’s cyber security is up to a good, or even sufficient standard. 

As we come into the 8th week of lockdown, it’s a fact that there are now more cyber threats than when we entered, and for small businesses or families that don’t have a particularly rigorous approach to IT security this means that the threat of data theft or security breach is very real. As we are a Cyber Essentials accredited body, and we want everyone to be as safe as they can be right now, here are some top tips to getting yourself secured at home, from the team at Pearce IT. 

Protect devices with Antivirus software. 

We’ve all heard that Mac’s don’t get viruses (False) or that Windows Defender is the best AV solution out there (False), but in reality If you don’t run an AV solution, then you’re not really taking your security seriously. AV software now includes features such as real-time scanning for websites, as well as any files that you open or applications you run or download. We recommend ESET Internet Security as it has a fantastic range of features to secure your device from external threats. 

Update everything 

Cyber-criminals work very hard to exploit vulnerabilities in operating systems and software. They realise that people’s willingness to run outdated software is their quickest route into your device. Similarly, application and OS developers work even harder to ensure that the latest versions of programs have these vulnerabilities patched. It’s vital to update the OS and all critical software installed on any device that you use at home, especially if it’s currently being used for work. 

Secure your WiFi 

Protecting your devices will be of little help if an attacker connects to your Wi-Fi or takes up residence inside your router. Anyone who does that can intercept data, passwords, remote-access sessions, or work e-mail. You must lock your network down. 

Make sure that the WiFi access to your router is encrypted. If your Wi-Fi asks for a password, the connection is encrypted, but there is more than one method of encryption, and really you should be using WPA2. You can use the router settings to change the type of encryption — and your WiFi password while you are at it (remember to use a strong password) to make sure nobody that already has your credentials can continue to connect.  

While you’re there, change your default admin login and password to access your router settings. The default passwords for many routers are very weak leading to them being cracked, but many are also published on the web. System administrators and IT support personnel look these up all the time. These are often simply written into malware code — if they work, your router is captured. Intruders can check open devices on your network for files or spy on you. Remember - everything you do online passes through your router. We supply Draytek routers, which have great encryption and security options. 

Use a VPN if connecting to open or strange Wi-Fi networks 

If for some reason you are connected to someone else’s WiFi, or as an essential worker you are unavoidably on the move, then you should use a Virtual Private Network, or VPN. This encrypts the connection between your device and your target network, and between your device and the router you are currently connected to, so anyone else monitoring the connection will not be able to read it. 

Lock your device 

You should have password protection enabled on every device you use. It can still be stolen. Even if you’re working at home and outsiders can’t get to your devices, if you’re about to leave the device or the room, lock the screen. You probably don’t want your child to accidentally send a gibberish text to a customer, or your cat to wander across the keyboard and send half an email to the company directors.  

Make sure you use secure services 

You most likely have a set of IT services that you use for work, such as Microsoft Office 365. If you or your employees are using such a service, make sure that it is THE ONLY service that you or they use for storing or exchanging company data. Personal Google Drives and the like can send anonymised links that can potentially be picked up by search engines, so make sure everyone is set up correctly and using reliable and secure cloud storage and sharing apps. We recommend using Microsoft Office 365 which allows secure cloud storage using OneDrive and SharePoint, and messaging, videoconferencing and sharing via Teams. We can even ensure these services are backed up. 

Be vigilant 

Phishing mails can be highly convincing, and spoofing attacks can send mails which appear to originate from within your organisation, from a customer or a loved one. Sometimes, these can bypass even the most sophisticated SPAM and email filtering services. As the amount of digital communications has increased sharply with teleworking, so you should read all messages carefully and don’t rush to reply. If someone urgently needs an important data or a demand for payment of an invoice, double-check the sender is who they claim to be. Call the other party for clarification if needed. Check links on documents especially; best to check them by hovering your mouse over them first. If it’s a random URL, then best to ignore it. If a link takes you to sign-in page for any service, be VERY suspicious indeed. It is always better to get clarification on links and linked files from someone else or the supposed sender. 

Be comfortable 

Finally, don’t neglect your wellbeing. Lounging around on the sofa might seem like a great idea whilst working on the laptop, but you’ll end up being uncomfortable in the long run, Find yourself a desk and a comfortable chair, preferably in a well-lit room to your productivity and concentration levels high, don’t forget to periodically stretch  your legs, drink water, and don’t skip meals. When our concentration levels are low, that is when we are most vulnerable. 

Forward thinking is part of what we do. This is because we know that the landscape that we work in is constantly changing and as a result of this, new threats and challenges are constantly emerging. We deal with these as they appear, and as they evolve, our solutions evolve with them. It is a dance, a war of attrition, an unspoken agreement that the job is never really done as long as technology keeps marching forward.

Now we know all this already- it’s a baked-in feature of working in the tech sector, but how do we explain these truths to a potential client, or an existing one for that matter? After all, if a client has just bought a bunch of brand-new laptops from you, they’re not going to want to buy NEW laptops in three years’ time, are they? Do they think their staff should be able to work anywhere? Why should they; they’ve just shelled out on an office refurb and three new parking spaces! Cloud storage? But they bought a NAS only two years ago, and there’s loads of space left!

It’s easy to see how customers can look at forward thinking IT strategies and dismiss them as unnecessary expenditure at best, and frivolous or a ‘Hard-Sell’ at worst, but it’s become very evident with the recent responses to lockdown and requirements to furlough staff or take appropriate steps to allow them to work from home that many businesses were a long way behind the curve in terms of their readiness for unforeseen events, and those with well-planned policies encompassing ‘Business Resilience’ have seen minimal disruption to workflow.

It's become almost a meme that, when it comes to provisioning effective IT Business Resilience strategy, clients have to suffer a disaster before they will invest in resilience tech and disaster recovery; Implementing a backup solution after that server array broke, finally putting a password policy in place after that data breach, and putting in Work From Home solutions after the office toaster fire got out of hand… not having this stuff provisioned in the first place means down-time, or as time is money; down-money.

The sad truth is that whilst many of the remote working technologies and protocols we rely on for business resilience, or allowing our employees to access vital resources on our business networks from home have been reliable in the past, they are now creaking and showing vulnerabilities. Direct RDP intercepts and hacks are becoming more and more prevalent, and even VPN’s, such as those based on L2TP protocols, have been getting attention of late for all the wrong reasons.

Any good IT strategy should incorporate a good degree of the three R’s – Redundancy, Resilience and Responsiveness; this is to say, systems in everyday use should have a backup portal or interface, not be easily taken offline, and should be able to be brought to bear in the event of a business critical issue with minimal downtime and fuss. In this age of hugely powerful mobile devices, fantastic cellular data service coverage, Cloud productivity suites and VOIP, and with many of these coming from the same suppliers or MSP’s, it’s difficult to see how some companies are still behind the curve.

If there is one thing that this current situation has taught us, it’s that not planning for a disaster is a disaster in itself.

If you haven’t already invested in a Business Resilience strategy, give us a call. We’ll help you make the right decisions about your IT, giving you piece of mind and the ability to weather any storm. Get in contact to talk about our VOIP and cloud productivity solutions.

If you’ve built it up piece by piece over many years, or are using old IT equipment without vital software updates and reliable backups, there’s a good chance that you are!

But have you thought about how you’d cope if disaster struck - of whatever kind - and your systems suddenly couldn’t be used?

If the thought strikes you with dread, you need managed IT support.  And when you choose Pearce IT of Gloucester, you can get it without paying over the odds.

Business owner Liam Pearce set up his business after working with a number of leading companies across many sectors including insurance, finance, port authorities and IT security companies.

“I found that I really enjoyed the nitty-gritty of pinpointing the source of a problem and using the expertise and products available to me to come up with a permanent solution to them” Liam says.

 “For example, I recently took a call from a business whose system was originally installed by someone who had since sadly died - and there was no one else in the business who’d assumed the responsibility for managing the technology they used, and relied on”.

That’s a typical scenario - all the experience of installing systems and keeping them up-to-date is in the hands of just one person, and especially in the light of the obligations placed on them by GDPR to keep track of their data, at some stage, most businesses are going to have to ask themselves “how do we start to properly manage our IT?”.

The easy and cost-effective answer is with a managed service package from Pearce IT.

Why use a manged IT service?

 There are several compelling reasons:

 - You get comprehensive help, with 24-hour support access, from a team of knowledgeable, helpful experts.

 - You can think of a managed IT service package as being an insurance policy which you can call on to keep the systems at the heart of your business running.

 - Most problems can be solved without a site visit, which means that Pearce IT can protect your business, no matter where in the UK you’re based, or your work takes you to.

 - You and your business get IT solutions which have been fully tested and proven.

 - And with Pearce IT, you’re dealing with a business which understands what it means to rely totally on your computer - you won’t be just another ‘support ticket’.

Pearce IT is a Microsoft Silver Partner, and an accredited member of the Government-backed Cyber Essentials scheme.  This is a key part of the government’s IT security strategy, involving bringing together a network of businesses and individuals with the expertise to ensure that their clients’ systems are properly protected from hacking and other forms of attack.

“We’re also undergoing constant refresher training to keep abreast of the latest IT security issues and threats,” added Liam.

 “The main benefit of this is that you get a solution for your IT requirement or problem which will last, because we stake our reputation on being able to get, and keep, our systems running smoothly – it’s in our own interest to get it right, first time,” concluded Liam.