How to Keep Your IT Available, Safe And Up To Date

Written by Guest Blogger
12 June, 2019 -

Today we hear from Neil McCracken Managing Director of ITSD who shares some of his key knowledge on keeping your tech safe.

This week we have collaborated with companies that we work with and provide a home to here at the Business Design Centre, who work within and alongside the tech sector. To celebrate London Tech Week we have a blog each day this week, featuring a member of our community and their view of the industry. Today we hear from Neil McCracken Managing Director of ITSD who shares some of his key knowledge on keeping your tech safe…

“Tech week is an exciting time packed with wonderful events and lots of innovation and I am honoured to contribute. We have been working with the Business Design Centre since 2003 and have built a strong working partnership and mutual respect in that time. ITSD forms an integral part of the business working at a strategic level with the board and providing helpdesk server support and a number of other IT services to the venue.

I’m mindful that technology for many business owners can be a daunting subject. Software and hardware are an almost endless cycle of added features and functionality which can leave even tech-savvy business owners feeling lost. So I think it’s timely that during tech week I share some insights which will help you get the best from your technology and keep your business running smoothly.

BACKUP YOUR SYSTEMS

Most of us are aware we need to back up our data but often it is performed as a manual process and it is so easy to forget so having an automatic backup is crucial.

Have a minimum of two backups. One stored locally for fast data recovery and the other to a geographically different location at least 5 miles away so that if the worst were to happen such as your building burnt down or your server and backup drive were stolen your systems and data can still be recovered.

The cloud is perfect for your remote backup this puts your business systems and data out of danger from physical disaster and still retrievable when needed. You will generally have to pay a monthly fee but think of it as part of your insurance and business continuity.

Whatever backup solution you choose it’s crucial you check every day that they work and that they backup everything they are supposed to – if an employee has deleted half your data technically the backup will still succeed but you would end up with only half a backup!

VIRUS PROTECTION

It is essential that Anti-Virus Software is installed and up to date on all your computers and there are no exceptions to this.

There is a common misconception that Apple computers do not need Anti-Virus software this is untrue and has never been claimed or agreed by Apple.

Without protection ALL computers are vulnerable to virus attacks of all sorts the most malicious of which encrypt company data destroy or steal information.

Whilst Anti-Virus software is vital we need to be equally aware that it does not stop everything it provides one part of your IT systems defenses not all of it.

SOFTWARE UPDATES

Software manufacturers provide regular updates for their supported products. The updates fix issues with software and security vulnerabilities. There have been a number of high-profile examples of outdated software being the cause of system vulnerabilities such as the well-documented WannaCry attack on the NHS in 2017. I can’t emphasise enough the importance of regular updates.

Keeping software updated by promptly installing the manufacturer updates should increase reliability security and aid compatibility with Anti-Virus software where relevant.

It is not always essential to have the latest version as long as your software is under manufacturer support and does what you need an upgrade can be planned for a later date and or version.

PEOPLE ARE A KEY PART OF THE BEST FIREWALL

Even if you take all the precautions outlined here the sad fact is that you’re still not 100% safe.

No matter how good your systems are hackers and virus creators are constantly finding ways around them.

One of the most common ways for a virus to get in to your business is by email clicking a link or opening an attachment can instantly make your business vulnerable to attack.

Ensure your staff are trained to be vigilant and think before acting:

Do you know the sender?
Check the full email address not just the sender name is it correct?
Is the email / attachment expected?
Is the spelling / grammar a little off (often a clear sign something is amiss)

If your staff are in any doubt alert IT support do not click links or open any attachment.

Financial instructions such as changing bank details or transferring money should not be processed from an e-mail always check verbally first even when the e-mail is internal.

Email accounts are regularly hacked then monitored for the ideal e-mail chain the hacker will then insert their own e-mail requesting a change such as a new bank account. The email will come from the sender’s e-mail address and so appear very genuine.

Phone scams are also something to be aware of Microsoft do not monitor your computer neither does anybody else other than possibly your company’s IT Support. Do not under any circumstances follow any instructions they give for your computer refer them to IT support.

Obviously your own IT support is an exception to this but if you are unsure ask to call them back they will not mind. Never ask them for the phone number if you don’t have it look it up.

Vigilance is our friend it may take a little longer but recovering from a virus can take days worse still imagine recovering from a cleaned-out bank account.

If you are in ANY doubt contact your IT support trust me they would much rather spend a few minutes investigating an e-mail than days under pressure trying to recover your company’s IT.

PASSWORDS IT’S ALL ABOUT LENGTH THESE DAYS

First the basics:

Do not write your password down (unless you really have too)
Never keep your password near or with your system
Make sure your password is not obvious or easily guessed
Avoid using family partner or sport team names on their own
Change your password at least every six months

Ideally passwords should never be shared but it happens. They should be changed immediately afterwards especially when known by for example an ex-employee.

I’m sure you’ll have experienced being forced to use a combination of uppercase and lowercase letters numbers and special characters in passwords however thinking has recently changed on this and its good news for users.

Modern hacking software cycles through every character as it builds your password. It is only a matter of time until it is cracked.

An 8-digit password will be cracked within 6 hours regardless of the characters used. However adding just 4 more digits to your password will increase that time to 200 years.

If the system allows why not use a password that is easier for you to remember just remember to make it at least 10 characters ideally 12 or more.

Password = $!d@12*8 – would be cracked within 6 Hours

Password = springislovely – would be cracked within 200 years

When security REALLY matters use Two-factor authentication (also known as 2FA). This is an additional one-time password created by the system and normally sent to the user’s registered mobile or e-mail address to confirm their identity before giving access. This is a bit tedious but makes hacking pretty much impossible and is particularly worthwhile for banking applications in my opinion.

PROTECT YOUR DIGITAL SELF

When a hack is successful it’s inevitable that any compromised usernames and passwords will soon be sold on – making your systems potentially more vulnerable to a second attack.

Worse still if you have used the same username and password elsewhere the hacker and anybody that buys the list will have access to your account on those systems too.

Ideally use different passwords for every system you access this is especially important for anything financial and your work.

Remembering lots of passwords is pretty much impossible. Using a password protected spreadsheet is one way of keeping tabs of them securely (as long you have a backup).

If this is impractical I recommend memorising at least four each very different from the others and spread them across the following types of system: – Work Financial Paid for Free. That way if one password does fall into the wrong hands damage will at least be limited.

PROTECT YOUR SYSTEMS AND DATA

Outside of viruses and spyware the most common incidents of hacking come from the inside normally committed by a disgruntled previous or current employee.

In the hands of a competitor or malicious person exposure of private or valuable company information can be devastating. But again there are ways to mitigate against this:

Make sure IT support are informed when an employee is leaving so that system access can be removed at the appropriate time.
Control access to confidential information restricting it only to people authorised to see it.
Ensure confidential documents and spreadsheets are password protected.

WHAT TO DO IF YOU THINK YOU ARE BEING HACKED OR HAVE A VIRUS

Stay calm and act fast:

Close the internet (internet explorer Edge Chrome etc.)
Shut down the Computer
Call your IT Support

Modern virus attacks are generally very clever and people make mistakes. Train your staff so that ~~should the worst happen they avoid further damage and do the above straight away.~~

IT support will understand that you might be embarrassed I assure you they will be very grateful for your fast reaction. Never try to fix the situation yourself or hide it.

You won’t always know you have a virus but if you think you may have clicked something suspicious have a threatening message on your screen or notice file names changing act fast.

SUPPORT AND INVEST IN IT

Great IT empowers your business and your employees poor IT does the opposite and invariably increases the risk of your business being affected by many of the issues outlined in this blog.

To minimise these risks create an IT strategy aligned to the needs of your business. Ensure IT policies are defined for all areas that use IT paying special attention to cyber security. Finally the strategy should ensure appropriate levels of investment are always made in IT for supporting maintaining and improving your IT.

IT support forms a vital part of any IT strategy ensure you have the right team and / or partner to provide the expertise needed to keep your IT systems properly maintained and available.”

Neil McCracken is Managing Director of ITSD an enterprise level IT Support and Service provider for business customers.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_12144120_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 3 months	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
AnalyticsSyncHistory	1 month	No description
at-rand	never	No description available.
CLID	1 year	No description
dap-ses	1 month	No description
DEVICE_INFO	5 months 27 days	No description
email	never	No description available.
IVVY_REGION	session	No description
li_gc	2 years	No description
loglevel	never	No description available.
MID	past	No description
ppwp_wp_session	30 minutes	No description
SID	session	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.
token	never	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wwhmid	1 month 25 days 1 hour	No description
xtc	1 year 1 month	No description

Keeping Your IT Available, Safe And Up To Date

Today we hear from Neil McCracken Managing Director of ITSD who shares some of his key knowledge on keeping your tech safe.

Latest Insights

Restoration by Design, Sustainability in Action

Sustainability, B-Corp and the Angel Business Community

Discover Your Ideal Creative Office Space at the BDC