IT 4 Offices

Call us - 0333 332 6600

Pro-Active Support

At IT 4 Offices we use a state of the art monitoring software to ensure your systems are running and kept running, preventing downtime where possible and ensuring you are in running your company using your IT systems effectively and not allowing your IT to prevent you working.

Pro-Active IT

IT Migration

Whenever a system change is required within a business, a migration process is used to ensure that important company and client data is kept secure and accessible.
Including: Cloud, Virtualisation or Mergers/Buyouts

Migration

Email Security

Are you fed up with adding senders to junk lists.   Many of our clients using our spam filters now have the time to work without interruption from constant adverts and unimportant spam emails, as well as having the peace of mind that they are protected by multi-layered virus protection.

Email Security

Network Design

IT 4 Offices have developed a solutions portfolio that enables the provision of full end-to-end infrastructure solutions.
This range enables us to provide our clients with both a tailored and integrated solution to their entire infrastructure networking needs.

Network Design

Cyber security for SMEs

In September 2012, UK Government department of Business Innovation and Skills (BIS) and the Cabinet Office and CESG (the information security department of GCHQ) published guidance on 10 steps to cyber security.  The steps can substantially reduce the risks by helping to prevent or deter the majority of types of attacks.  

10 Steps to Cyber Security

The full article:  https://www.ncsc.gov.uk/guidance/10-steps-cyber-security 

 

The UK government introduced a Cyber Essentials and Cyber Essentials plus standard in order to provide a good-practice certification that companies can use to show other companies that they are achieving the required standards.

The Cyber Essentials covers 5 key step areas:

  • Secure Configuration
  • Boundary firewalls and internet gateways
  • Access control and administrative privilege management
  • Patch management
  • Malware protection

Depending upon the assessment board you select, you may also have an external vulnerability scan.  

For Cyber Essentials plus, both an external and internal vulnerability scans are required.  

 

10 Steps:

1. Protect your Network - network security

  • Locate the device which connects your company to the Internet - this is generally the router provided by your Internet Service Provider (ISP) and check that it has a firewall built in to provide a layer of protection.  Regularly check/install if there are firmware/software updates.
  • If you are using mobile devices ensure they have firewalls enabled.  
  • Quite often your operating system will have a built in firewall as well as a basic antivirus software, ensure these are enabled and up to date.

2. User Education

  • When a member of staff joins your company, ensure they know your company policy in regards to computer usage.  
  • Remind staff regularly about good security practices, such as changing passwords.  If your policy changes ensure everyone has understood the changes.
  • Make sure they know not to click on website/email links unless they know the source or not to open attachments if they are not expecting them.  

 3. Manage User Access

  • Implement Usernames and passwords to control log on.  Good passwords contain upper and lower case characters, numbers and symbols, minimum number of characters is 8 but as the speed of processors improve, use of bio-security and two-factor authentication will improve protection.
  • Don't write down passwords or have shared users.
  • Only give users enough permissions for their roles.  Keep data separated

4. Secure configuration 

  • Document your IT assets including hardware, software and key IT staff
  • Install current software and patches or firmware immediately they are issued.  Ensure your software is fully licensed.  
  • check for technical weakness regularly (vulnerability or pen testing).  Regularly can mean annually, or after a change of hardware or software.

5. Removable media

  • If you transfer critical data via DVD, USB or Flash drive, only permit business issued devices are used or devices controlled by the business. 
  • Keep a log of the data and who has it and any software installed.
  • All removable media should be encrypted or password protected and scanned for malware upon use.

6. Home and Mobile working

  • Mobile devices should be approved and maintained so that the software such as anti-malware and operating systems update automatically on a daily basis.
  • Users should authenticate to access the PC and over VPN.
  • Devices should be encrypted when possible.
  • Devices should be remotely tracked and wiped.
  • Staff should inform management if the device is lost or stolen immediately so they can be wiped. 

7. Malware Protection

  • Use anti-malware or security package from mainstream suppliers and use across the whole business.
  • Ensure that regular scans are completed daily and updates are enforced.
  • Follow manufacturers best practice for software features

8. Information Risk Management

  • Decide who is responsible for management of the risk and how much you wish to take.
  • Identify your most valuable information in the company and if appropriate mark as "confidential" or similar
  • Create a Security Policy describing what you want to do to manage the risk and include any steps.  Distribute the policy to all staff.
  • Allocate security responsibility clearly to ensure staff understand.

9. Monitoring

  • Monitoring can detect potential hardware faults and unusual activity on your network or internet connection.  Some anti-malware or anti-virus suites will include some monitoring or notification service.
  • If your business has a large network, use a network management tool to detect unusual activity.  This could include monitoring traffic or IP usage.
  • Ensure that your staff report unusual activity and that you have sufficient plans and expertise to react quickly.

10.  Incident Management

  • Any attacks should be flagged by the firewall or security packages.
  • Log anything that interferes with the business as an incident
  • Decide what to do and who does it in the event of an incident.  
  • Get expertise to deal with your incidents.  This may include having an IT support agreement with an outsourced company even if you have in-house expertise, or having the a warranty details for the manufacturers support team.

 

This article highlights a number of key areas for SMEs would need to address before they can attain the Cyber Essentials certification.  

Should your company need assistance with any part of this process please contact us.

 

 

 

 

SMB IT Support

If you are a business owner/manager and would like to discuss outsourcing your IT support, give us a call and speak to one of our team

SMB IT Support   Ad-hoc Support

IT Supply

If you have a hardware or software requirement or have a project you would like to discuss, give our team a call

Hardware   Software   Hosting

Partnerships

At IT 4 Offices, we have formed strong relationships with industry recognised businesses to provide our clients with the best systems that they require to run their daily business tasks.

Microsoft Registered Partner | Dell Partner | HP Partner
 
 
 HP Cisco
Draytek Synology

Contact Us

Call on 0333 332 6600

52 Halcyon Close
Witham,
Essex. CM8 1GY

follow us on twitter follow us on google+ view our youtube channel like you facebook