Tag Archives: GDPR

Start your journey on the road to cyber resilience

Posted on by
Reply

In today’s rapidly shifting risk landscape, IT security professionals have to do more than just build up a wall of defensive solutions in the hopes that it will be sufficient to ward off a cyber attack.

They also have to face the possibility that a cyber attack might be unavoidable and figure out how to keep that from shutting down their organisation. That’s why an essential part of any cyber security strategy is building cyber resilience.

What is cyber resilience?

Cyber resilience is the ability of organisations to stay agile if they become the victim of a cyber attack. Weaving it into your cyber security strategy gives you an edge when you need to act fast.

By making smart choices when selecting defensive solutions, you don’t just gain protection against cyber attacks – you also gain valuable tools that empower your business to pivot as needed to minimise business disruption in the event of a successful cyber attack.

Why does it matter to my business?

If you think about what might happen to your business during a successful cyber attack scenario:

  1. Would your operations grind to a halt?
  2. How much money would you lose from the resulting downtime?

Today’s cyber attacks are more complex and more dangerous than ever before. Cyber security experts are innovating all the time, but so are the criminals – and they are just as motivated to damage your business as you are to defend it.

By building cyber resilience, organisations can ensure that they are agile and ready to act fast, deploying smart tools that maximise their defensive resources in case of trouble.

How can I boost my company’s cyber resilience?

A cyber resilient organisation has a variety of tools at their fingertips that can minimise business disruption in the event of a cyber attack. Build your cyber resilience by adding solutions with features that enable you to act fast in order to segment, block and stop damage. These solutions would include:

  • Email Security Gateway
  • DNS Security
  • Security Awareness Training
  • Simulated Phishing
  • Advanced Endpoint Protection
  • Mobile Threat Defence
  • Vulnerability and Patch Management
  • 24/7/365 Device Monitoring
  • Firewall Management
  • Technical Reviews
  • Privileged Access Management
  • Email Encryption
  • User Admin Privilege
  • Cloud Access Security Broker
  • Data Analysts
  • Network & Log Security Monitoring
  • Office365 Monitoring
  • Back Up and Disaster Recovery

In conclusion

Technical defensive tools alone aren’t enough to protect a business anymore. That’s why embracing cyber resilience is crucial if companies want to truly protect themselves against cyber crime. Cyber resilient organisations combine strong security solutions with active, people-based defences for flexibility of response during a cyber attack.

Need Help?

Save time, money and resource with our cost-effective managed cyber security services designed to keep your users safe, protect your core infrastructure, enhance your security and mitigate risk. By utilising our expertise and experience you’re leveraging an enhanced team who are constantly trained and certified in all specialist areas.

We work alongside industry-leading vendor partners and invest the time and resources, so you don’t have to.

Security Posture-as-a-Service 

*This article was originally published here.

If you’d like more information, please get in touch.

Security Posture-as-a-Service 

Posted on by
Reply

O365 and Antivirus can’t cover it all

When you are busy running a SME with 101+ things to manage, you could be forgiven for thinking all bases are covered with O365 native security features and an antivirus product.

But with cyber criminals innovating faster than entry-level security features can keep pace with, affordable managed security services protect your core infrastructure without taking up your time or resources to manage them.

Security Posture-as-a-Service Animation

Watch our short animation to see how Security Posture-as-a-Service allows you to enhance your security posture, while being free to run your business.

Need to improve your cyber security posture?

Whether you’re just starting out, or know you need to invest more in technology and resource, our handy calculator, featured on the MyRedFort community, offers a comparison between taking it in-house vs using a managed security service.

Security Debt and the SME 

Posted on by
Reply

Counting the cost of cyber security

Cyber security debt is a result of the perfect storm businesses face as they accelerate towards digital transformation. 

Expanding cyber attack surfaces, lack of investment in technology and skills are exposing SMEs to great risk.

A perfect storm 

Arguably, businesses have needed to focus on keeping their workforce productive and providing continuity in their performance for their customers. This has led to a large proportion of the workforce working outside the usual place of work, often using their own devices.

As a business leader, it also won’t have escaped your notice the reports across various media of the alarming rise in cyber attacks such as phishing scams and ransomware demands. This isn’t scaremongering, it’s fact. SMEs are now the main target of cyber criminals because they know they’re easier to breach than larger enterprises who have many more safeguards in place.

What is Security Debt?​

Security debt is the continuing accumulation of security vulnerabilities in your software that compound to make it harder (read: impossible) to deploy enough remediation to secure your data and people from attacks. Unlike technical debt, which may get in the way of releasing new features for the needs of the business, the growing pile of security vulnerabilities puts your organisation at an increased risk from cyber attacks. 

How do I know if I have security debt? 

Unless you live and breathe your own technology environment the likelihood is, things are getting missed.  Whether you’re aware of it or not, it’s likely you already have some security debt. This is because the threat landscape is continually shifting and the number of technologies available on the market to fix problems are vast. Throwing individual technologies at specific cyber issues isn’t the answer.  

For example, many businesses think Microsoft 365 and their Antivirus has their needs covered – this simply isn’t the case. As a business grows it’s exposed to greater and greater risk as security controls don’t keep ahead of the complexities and gaps when a patchwork cyber security strategy is in place. Cyber security debt accumulates as a result of failing to implement the right security controls and cyber security strategy.

I can’t see or feel the debt, why should I care? 

The cost of reducing or eliminating security debt is far less than the potential cost of a data breach in terms of incident response, fines, loss of customer and investor trust, and possibly litigation. In many ways, it should be considered an investment – an insurance policy, if you like.

Be smarter, more is not more 

No business has unlimited budget or skills within their business to throw at their security posture, nor should it be required.  Some businesses buy way too much security software because they think more is more.   

The key is understanding what you need to protect and applying the right resource to it. 

Start the conversation 

Talk to your employees – Tell them how to look after your data and behave online. 

Talk to your board – Get them to understand the importance of prioritising cyber security and the implications for business continuity if it’s not . 

Talk to us – Even implementing basic security best practices or managing a limited amount of cyber security technology can be a big task without any, or the right, staff. We know our stuff and are happy to take time to understand what your business needs.

Discover a boardroom case for cyber security as a managed service!

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/security-debt-and-the-sme

A Boardroom Case 

Posted on by
Reply

For cyber security as a managed service

Cyber attacks on British businesses are becoming more frequent and more sophisticated – that’s a dangerous combination. Although an attack remains statistically unlikely, the chances are increasing almost daily.

Despite these trends, too many firms are still adopting passive, reactive policies, only reacting after an attack has happened. The question to ask yourself and your board of directors is whether you would be happy to leave the contents of your home uninsured, and only react if you had a burglary.

Think of your cyber security strategy as an insurance policy. While the best tools used to be affordable only to large enterprises, they are now much more accessible to SMEs. Given this, the challenge becomes how to bring it onto your management team’s agenda.

IT needs to be an innovator

As a highly digital economy, it is vital to be at the top of your game in the UK market. Whether your customers are B2B or B2C, evolving customer demands, operational efficiency, and the need to differentiate your products or services means IT needs to be at the centre of everything you do.

To do so, the limited IT resources you have cannot be consumed by tactical activities such as cyber security defences. Bailing water out of a leaking boat is a guaranteed way to ensure you never have the time or focus to drive new digital products or experiences for your customers.

By outsourcing “keeping the lights on” IT tasks such as cyber security, internal IT teams can be put to much more strategic use to innovate, create and develop. In the digital age, the reality is that every business initiative is an IT initiative – or at the very least needs involvement from IT.

Communicate the cost of an incident

Although the most common link is with paying a ransom demand, there are many ancillary costs associated to a cyber security incident – so much so that the response to the incident often proves much more expensive than preventing them in the first place.

And that assessment does not factor in the great intangible of reputational damage – the loss of public trust. In short, if your customers lose trust in you, they will leave.

Not only that, but it is estimated that only 35% of SMBs could remain profitable for more than three months without access to vital data.

To compound the issue, there is a recognised cyber security skills shortage in the UK. This makes it difficult to hire in specialist cyber security professionals, and as a result it can mean IT generalists without specific cyber skills trying to plug the gap.

Protecting the core of your business

More than 90% of successful hacks and data breaches start with phishing scams. By focusing on this threat and eliminating it, you can significantly reduce the cyber security risk factor.

By adopting cyber security as a managed service, you can focus on what matters to your without worrying about managing the burden of day-to-day IT infrastructure. With NetUtils managed services, you gain access to their highly trained, certified and experienced technical team who will manage, review and maintain your critical infrastructure so you don’t have to.

Managed cyber security versus in-house

Four ways managed cyber security services trump in-house recruitment:

  1. Remove the pain and cost of recruitment: The cyber security skills shortage in the UK makes it difficult and expensive to recruit in-house
  2. Short term-ism: The average tenure of senior security leaders is less than 3 years
  3. Fills knowledge gaps: Only 6% of companies have a CISO on the board of directors, with the result being a lack of focus on security strategy
  4. Lack of skills: The number of technologies needed in a comprehensive security strategy make it hard to acquire those skills in-house

Find out more

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/the-boardroom-case-for-cyber-security-as-a-managed-service/

Cyber Security Check-In

Posted on by
Reply

How is 2022 going so far? 

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, the senior management team at NetUtils offer their observations on how businesses are adapting to the evolving working landscape.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer, NetUtils

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations are now looking at the often-temporary measures rushed out to support home workers that are now becoming standard.

Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Although Ransomware isn’t new, the last year has seen its meteoric rise in the public consciousness and indications show this year is, unfortunately, more of the same.
Malcolm Orekoya, Chief Technology Officer, NetUtils

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022.

The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies  that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread.

The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that this will gain a great deal more attention from enterprises.

Tighter regulatory oversight for the public sector.
Ashok Thomas, CEO, NetUtils

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier.

If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. I’d expect these requirements to spread to anybody that supplies into the public sector.

The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory.

These are just some of the issues faced by organisations big and small, public or private sector. SMEs are often particularly vulnerable if they lack the skills and resources to adapt at the pace required.

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/cyber-security-check-in/

[Blog] NetUtils’ 3 Top Cyber Security Predictions for 2022

Posted on by
Reply

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, read all about it from our senior management team as they weigh in on their thoughts for 2022.

Looking at 2022, and it seems clear that there will be tighter regulatory oversight for the public sector. 

Steve Nicholls, Commercial Director

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier. If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. And I would expect these requirements to spread to anybody that supplies into the public sector. The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory. 

Although Ransomware is certainly not new, the last year has seen its meteoric rise in the public consciousness and the coming year will unfortunately be more of the same.

Malcolm Orekoya, Chief Technology Officer

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022. The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread. The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that 2022 will be a year where its starts to get a lot more attention from enterprises.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations must now look at the often-temporary measures rushed out to support home workers that are now becoming standard. Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Knowing where to start with your organisations cyber security can be confusing. Have you considered a dedicated cyber security platform to help reduce the risk of a cyber incident?

Discover the NetUtils Cyber Security Platform here >

Webinar: Supporting your journey to compliance and beyond

Posted on by
Reply

The financial implications of not being compliant are enormous let alone the reputational damage that comes with a data breach! Data moves throughout your organisation at an alarming rate and data privacy will affect all parts of your business.

We can provide you with practical, pragmatic advice on meeting and maintaining regulations such as GDPR and the incoming ePrivacy regulation enabling organisations like yours to meet regulatory obligations and business goals.

Watch our on demand webinar and get some key questions answered:

  • Will there be a grace period?
  • Who owns the risk when it comes to data in your organisation?
  • What is data portability?
  • What is a data protection officer?
  • Is it mandatory to have a data protection officer?
  • How and when do you obtain consent?
  • Will you need a Privacy Impact Assessment?
  • What actions should you take next?

Register here to join our next webinar in the series on the 12th September – Network Utilities Managed Security Services.

Network Utilities and EfficientIP partner to help customers become GDPR compliant

Posted on by
Reply

In July 2016 Network Utilities and EfficientIP announced their partnership agreement to provide UK based customers with EfficientIP DDI solutions and draw on Network Utilities’ recognised expertise in the market and expand EfficientIP’s existing partner network in the UK region. Both company’s solutions will help organisations in a variety of public and private industries – particularly telecom – to protect their critical applications from growing threats, as well as integrate advanced network infrastructure.

With new legislation coming into effect in May 2018, this is a critical time for all organisations to focus on the strength, resiliency, and intelligence of their networks to avoid data breaches and ensure GDPR compliance. Now is the time to start building a GDPR-compliant infrastructure and providing sufficient security at the DNS level can save companies huge amounts of money and help avoid unnecessary GDPR proceedings.

David Silsby, Network Utilities Sales Director, believes this continued partnership will be beneficial to prospects and customers: “This new GDPR legislation puts the responsibility on companies to make sure their networks are as secure as possible, which will mean much more than just protecting the companies data it means protecting the whole infrastructure. No one can afford to ignore GDPR and working together with EfficientIP, Network Utilities will be able to offer customers a more enhanced security offering.”

David Williamson, EfficientIP CEO, is also looking forward to a continued partnership: “The addition of Network Utilities to our partner group is key to bringing new adaptive security solutions to their customers. The past two years have seen a dramatic increase in cyber security attacks, and DNS has been confirmed as being a weak point of the network infrastructure. We have the solution for this in our 360° DNS Security, and Network Utilities has the expertise to apply it as part of their offering.”

Network Utilities will be hosting a webinar with Martin Wellsted from EfficientIP on the 3rd May.  Register here and find out more about DNS exfiltration and how to prevent the unauthorised transfer of data from your organization.

EfficientIP webinar Twitter v2

 

Webinar – GDPR It’s coming, and it will impact your business

Posted on by
Reply

Are you confident in how to use and process your customer information in the light of GDPR?

  • Will your data processing involve the collection of new information about individuals?
  • Will your data processing compel individuals to provide information about themselves?
  • Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
  • Will the processing require you to contact individuals in ways, which they may find intrusive?

If you answered YES to any of the above questions then you should take the time to watch our on demand webinar and find out about your obligations and how GDPR will affect you and your organisation.

Register your interest to attend our GDPR workshop – If you would like to join our GDPR workshop on the 19th April, please fill in your details below to register your interest and I will be in touch with an invitation and full agenda.

Thank you
Kara

Securing Your Network & Keeping You Compliant in 2017

Posted on by
Reply

Happy New YearWishing you a very Happy New Year and a warm welcome back to the office after the Christmas break.

We’ve been working hard to continue to make sure that we offer you the best IT networking & security solutions the industry has to offer. This short update will give you links to valuable resources you may find useful at the start of this year to help you keep your networks secure, fast & compliant. So please take a look and sign up for (and share!) the webinars & events coming up over the next few weeks some of the topics include; cloud security, AI and machine learning, endpoint security, threat prevention and the GDPR.

Cato Networks logo

Security in the Cloud – Are you ready to join the revolution?
Webinar – 25th January

We are delighted to announce our partnership with Cato Networks. Cato Networks is rethinking network security from the ground up and bringing it into the Cloud. Cato connects your branch locations, mobile users, physical and Cloud infrastructure into a secure and optimised global network in the Cloud. Intrigued? Join our webinar on the 25th January to find out more.

Register here for the Cato Networks webinar.

Blackfoot UK logo

GDPR – What you need to do NOW to make sure you are compliant in 2018
Webinar – 22nd February

One of our best attended webinars at the end of last year was around GDPR, so here’s another chance for you to get up to speed. Your customers are more and more aware of their entitlements around data protection; they want privacy rights and strong protections. But are you confident in how to process your customer information in the light of GDPR? Join our webinar for invaluable hints and tips on how to get GDPR compliant NOW.

Register here to attend our GDPR webinar.

Palo Alto Networks logo

Threat Prevention & Advanced Endpoint Protection
Workshop – 8th March

We continue our strong partnership with Palo Alto Networks in 2017 and are pleased to announce our first Ultimate Test Drive workshops for 2017 will be taking place on Wednesday 8th March at Palo Alto Networks, 140 Leadenhall Street, London, EC3V 4Q.

We will be running 2 free sessions on this day, you are welcome to register for one or both sessions.

Session 1: 09.30 – 13:30
Threat Prevention, Ultimate Test Drive

Session 2: 14:00 – 16:00
Advanced Endpoint Protection, Ultimate Test Drive

Register here to attend one or both Ultimate Test Drive sessions.

Cylance logo

Know the Truth
Workshop – 23rd March

Another partnership we are keen to announce is with Cylance. Cylance protects your endpoints against advanced malware with the world’s first antivirus built on artificial intelligence and machine learning. It’s AI and machine learning-based tools prevent threat execution, before the damage is done. It doesn’t simply protect against known threats, it identifies and defuses never-before-seen attacks.  Join our ‘Know the Truth’ workshop on Thursday 23rd March 2017 in central London to find out more.

Register here to join our Cylance endpoint protection workshop.

That’s it for now. If you would like further information on any of the above – and you just can’t WAIT until the dates listed – please get in touch. We’ll be on the case.

Happy January,
Network Utilities Team