Grant McGregor Ltd

The UK has a well-documented technology skills gap. Indeed, tech skills are in demand and under provisioned on a global basis. How can UK organisations mitigate this dearth of the right technology skills? We consider some of the options.

A recent Microsoft study has revealed that 82 percent of UK jobs already require digital skills, and that 69 percent of leaders feel their organisation suffers from a digital skills gap.

The good news is that the same survey found that 59 percent of employees believe in the importance of developing their digital skills – employers are pushing at an open door when it comes to developing tech competencies internally.

#1. Skill up your existing workforce

How many businesses have you heard say something along the lines of “we’re no longer an X company, we’re a technology company that specialises in X”? 

The phrase might be a little hackneyed, but the sentiment is real. We’re all tech workers now. It isn’t only your IT team who need tech skills. Offering training, workshops, lunchtime tech courses, online learning subscriptions, etc is part staff benefit, part necessary investment.

#2. Address technology’s diversity crisis

As well as a skills crisis, the tech sector has a well-documented diversity crisis. Widening recruitment practices and reaching out to underrepresented communities is an essential part of redressing this balance. It’s also an opportunity to bring diverse viewpoints to the team, draw on fresh ideas and, ultimately, strengthen performance. As we noted in Pride month, all organisations should be implementing measures to improve diversity and inclusion with a special focus on technology skills and roles.

#3. Make use of the available free online certifications

The big cloud providers offer a great deal of training content and resources on their websites. Not only can your existing cloud engineers and tech staff find the answers they need to particular problems, these resources can form the basis of an upskilling initiative.

For example, Microsoft’s Enterprise Skills Framework is available for certain public sector and enterprise customers. If eligible, you have free access to a raft of online learning resources and certifications.

#4. Adopt low-code and no-code solutions

Tech skills aren’t all about programming.

New solutions, such as Microsoft Power Platform, offer the opportunity to develop bespoke applications and automations for your business users without needing to write a line of code. It’s a great way to put application and automation development into the hands of business users who might not have extensive tech skills – and inspire them to develop new tech competencies!

Of course, you may need additional support in the early days of using solutions like Microsoft Power Platform, setting up the necessary infrastructure, security, governance and establishing a centre of excellence which can guide development, promote best practice and ensure duplication of effort, apps or automations is avoided. Which brings us on to point five…

#5. Work with trusted tech partners

For project work especially, bringing in external expertise as and when you need it isn’t only about meeting your immediate tech ambitions or requirements. It’s also an opportunity to learn and transfer skills. Choose partners who understand this and are willing to share knowledge and develop your internal team’s expertise during delivery.

What next?

If you’d like support developing digital skills in your business or would like to work with a partner who can help you bridge short-term tech skills gaps, please reach out to Grant McGregor. Our team is on hand to support you.
 

Call us: 0808 164 4142
 

Message us: https://www.grantmcgregor.co.uk/contact-us 

As we continue to track the impact of the data breaches at UK outsourcing firm Capita, workers at some of the UK’s largest companies are being warned that their personal data has been compromised.

What can we learn from this latest data breach?

On Monday 5 June, several British companies announced that they had been affected by a cyberattack by Russian-based hackers. 

The attack was a result of a vulnerability in a third-party supplier to the companies’ payroll provider Zellis. Zellis uses a file transfer system called MOVEit, also used widely in the public sector, and this was the source of the vulnerability. 

Personal data exfiltrated in the attack 

It is understood that eight companies in the UK and Ireland which use Zellis for payroll have been impacted. British Airways, Boots and the BBC are amongst those affected. Reports suggest that compromised data includes staff personal data – including names, employee numbers, dates of birth, email addresses, home addresses and national insurance numbers.

Microsoft’s threat intelligence team has attributed the attacks on MOVEit to a group called Lace Tempest. It reported that the group was known for conducting ransomware operations. It runs an extortion site which carries data extracted during the attacks, favouring the Clop ransomware.

Security experts have suggested they are affiliated with the group that developed the Clop ransomware, which has links to Russia. Experts expect the stolen personal data to end up published on the Clop website. 

The international scope of ransomware activity

The attack on MOVEit was attributed to the Russian-based Clop group. Security researchers have warned that the Russian group has changed its tactics lately, favouring a pure extortion approach.

Earlier this year, the US Cybersecurity and Infrastructure Security Agency published an advisory about another ransomware developer, deployer, and data extortion cybercriminal group called , BianLian. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. 

BianLian group actors then extort money by threatening to release data if payment is not made. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data. However, around January 2023, they shifted to primarily exfiltration-based extortion.

Another ransomware strain that has been targeted at accounting, investment and construction sectors, especially in Spanish-speaking users in the Americas, has been used the steal sensitive information and compromise email accounts to launch phishing attacks. Because of the scope of the Horobot attacks, security researchers believe the group managing it is based in Brazil.

How to mitigate the effects of a ransomware attack

The UK’s National Cyber Security Centre (NCSC) recommends that the best way to protect your organisation from ransomware attacks is to make regular backups. Keep your backups in a separate location so that they cannot be included within the scope of the attack. Always scan your backups for malware before you restore files.

The NCSC also makes a number of other suggestions:

•    Block websites that are known to be suspicious,

•    Configure network services to prevent malware being delivered, e.g. by inspecting content, intercepting proxies, deploy internet security gateways, etc.

•    Use mail filtering,

•    Disable remote desktop protocol if it’s not needed,

•    Use multi-factor authentication with a system of least privilege, 

•    Manage devices centrally to prevent malware running on them, 

•    Keep anti-malware and antivirus products (and the software definition files) up to date,

•    Invest in awareness training for your people, so they recognise how to spot phishing attempts and malware,

•    Install security updates as soon as they become available, enabling automatic updates where possible, 

•    Prepare for an incident, including by keeping incident management playbooks, supporting resources and communication strategies available offline.

What next?

If you think you might be subject to the MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362), you can find more information here, including the appropriate patch. 

If you’d like specific help about responding to the incident, protecting your organisation from malware or malicious cyberattacks, or would like help developing an incident response plan, our team can assist. 

Get in touch:

Call us on 0808 164 4142.

Or message us at https://www.grantmcgregor.co.uk/contact-us.

Are you tired of wasting precious time in meetings, only to leave feeling confused and disorganised?

Do you struggle to keep track of all the action items and follow-up tasks that come out of these meetings?

Microsoft Teams has launched a new feature which could solve your problems and boost productivity.

Meeting Recap is an AI-based intelligent meeting recap feature, available exclusively to Teams Premium subscribers. This innovative feature harnesses the latest in artificial intelligence technology to generate comprehensive summaries of your meetings.

That means no more tedious recaps… but hello to accurate and efficient summaries that capture all the key points from your meetings.

The Meeting Recap feature doesn't stop there. It automatically identifies action items and follow-up tasks, assigns them to team members, and even sets deadlines for completion. This means that everyone involved in the meeting knows exactly what they need to do and when it needs to be done. A great way to improve communication and collaboration within your team.

But it's not just about efficiency. The meeting recap feature also offers customisable options to tailor the feature to your specific needs. Choose what information is included in the summary to ensure that you receive the most relevant and useful information possible.

If you’re not a Teams Premium subscriber, are there benefits of investing in this new feature?

Yes! For starters, it streamlines your workflow, saving you both time and money.

You don’t have to waste hours trying to decipher meeting notes and action items. Instead, you'll have access to a clear and concise summary that you can refer back to any time.

Additionally, it improves organisation and accountability within your team. With assigned action items and deadlines, everyone knows exactly what is expected of them.

Don't underestimate the power of this new Meeting Recap – it's a game-changer for businesses that want to increase productivity.

Don’t wait. If you need help upgrading to Teams Premium, we’re here for you. Get in touch.

How many times a day do you respond to an email without really thinking about its contents?  

Maybe it's a request for some information. Perhaps it’s asking you to pay an invoice. All mundane stuff. But no sooner than you’ve hit send, you've fallen victim to a Business Email Compromise (BEC) attack.

A BEC attack occurs when a cyber criminal gains access to your business email account and uses it to trick your employees, customers, or partners into sending them money or sensitive information. They do this by impersonating someone senior, and abusing their position of trust. 

It might sound like something that only happens to big corporations, but that's not the case. 

According to the FBI, small and medium-sized businesses are just as vulnerable to BEC attacks as larger ones. In fact, these attacks have cost businesses more than £20 billion over the past few years.

And Microsoft brings more bad news, with its recent findings showing that they’re getting both more destructive and harder to detect.

So, what can you do to protect your business from BEC attacks?

Here’s our advice:

1.    Educate your employees: They are the first line of defence against BEC attacks. They need to know how to spot phishing emails, suspicious requests, and fake invoices. Train them regularly on cyber security best practice, like strong passwords, multi-factor authentication, and secure file sharing.

2.    Use advanced email security solutions: Basic email protections like antispam and antivirus software are no longer enough to block BEC attacks. You need more advanced solutions that use artificial intelligence and machine learning to detect and prevent these attacks in real-time. Look for email security providers that offer features like domain-based message authentication, reporting, and conformance (DMARC), sender policy framework (SPF), and DomainKeys Identified Mail (DKIM).

3.    Set up transaction verification procedures: Before transferring funds or sensitive information, establish a verification process that confirms the authenticity of the request. This could include a phone call, video conference, or face-to-face meeting. Don't rely on email alone to confirm these types of requests.

4.    Monitor your email traffic: Regularly monitor your email traffic for anomalies and unusual patterns. Look for signs like unknown senders, unusual login locations, changes to email settings or forwarding rules, and unexpected emails. Make sure you have a clear protocol in place for reporting and responding to any suspicious activity.

5.    Keep your software up to date: Ensure that you're always running the latest version of your operating system, email software, and other software applications. These updates often include vital security patches that address known vulnerabilities.

BEC attacks are becoming more common and more sophisticated, but with the right awareness, training, and security solutions, you can protect your business.

Don't wait until it's too late – take action today to keep your business safe.

If you want to know more about how to protect your business from cyber threats, our team is always ready to help you. Give us a call. 

We’re delighted to announce that Grant McGregor has attained seventh spot in the annual Channel Futures awards, which ranks managed service providers across EMEA. Read on to discover more about the accolade and what it means.

We were proud to be awarded #7 in the ranking of most outstanding MSPs in Europe, the Middle East and Africa (EMEA) as part of the Channel Futures MSP 501 list. Placing in the top ten is a highly sought-after achievement. We’re thrilled to make the list again.

Grant McGregor’s commitment to continual improvement

In 2022, Grant McGregor was ranked ninth in the UK by Channel Futures. This year’s ranking in the seventh-place spot shows a further improvement in our status as one of the region’s top managed service providers. Improving our ranking is a reflection of our team’s commitment to continual improvement.

Placing at number seven in EMEA posits us at number one in Scotland for the second year in a row. In fact, we’re the only Scottish MSP to make the top ten.

Grant McGregor Founder David Lawrence said, “We’re delighted to improve our ranking in 2023 and achieve the number seven spot. The team works very hard to support our customers and awards like this are an acknowledgement of all their hard work. We’re really pleased to rank number seven in the UK and to retain our status as the number one MSP in Scotland.”

About the Channel Futures awards

The Channel Futures MSP 501 list is the largest and most comprehensive ranking of managed service providers worldwide. The rankings are compiled by the Channel Futures team and take into account factors including: employees, productivity, profitability and top-line growth.

As well as compiling the top 501 list for the EMEA region, Channel Futures also ranks MSPs in a global list. The highest-ranking MSP in EMEA was placed at number 23 in the global list. Grant McGregor’s spot as seventh placing on the EMEA list made us number 146 on the global rankings – another achievement of which we’re incredibly proud.

We’d like to take this opportunity to say thank you and congratulations to all our colleagues and partners who made this achievement possible. And a big thank you also goes to our customers – we’d be nothing without you. 

Get in touch with Grant McGregor

Find out more about our managed service provision by getting in touch with our team.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us 

When you replace old computers or external drives, do you delete data and then just… get rid of them?

You could be putting your sensitive data at risk. 

A new study by a data recovery specialist shows that millions of deleted files can be recovered from improperly wiped hard drives that are sold online.

It’s not just buyers who can access your old files. Cyber criminals often buy used hard drives and attempt to recover data from them. This could include anything from confidential business information to client details.

It’s easy to forget about old data when you’re excited about shiny new technology. However, it’s important to consider what’s on that old drive before selling it or disposing of it.

Even if the drive is encrypted, it’s still possible for data to be recovered. And if the drive is damaged, there’s a chance that some of the data is still salvageable. It’s better to be safe than sorry when it comes to sensitive information.

Think about it this way: Would you leave important documents lying around for anyone to see? Of course not! Your digital information deserves the same level of protection.

So what can you do to protect yourself? 

Don’t let your old hard drives become a liability. Take the time to have them properly wiped or destroyed before disposal. If you’re upgrading hardware, consider hiring a professional to handle the data transfer and ensure that your old devices are wiped clean.

This isn’t just about protecting yourself. It’s about protecting your employees, clients, and anyone else whose personal information you may have stored on that old drive. 

It’s a small investment to make for the peace of mind that comes with knowing your data is safe from prying eyes.

Don’t take chances with your data – take action to protect it:

•    Properly wipe or destroy old hard drives
•    Bring in a professional for your hardware upgrades
•    Upgrade your overall security practices

If you need help with that, get in touch.

Over the past few months, we’ve all heard a lot about ChatGPT and how AI technologies like it will revolutionise the way we work and live. But what risks exist behind the hype? And what should organisations be doing to mitigate those risks?

When Microsoft announced the third phase of its long-term partnership with OpenAI in March 2023, it outlined for the multiyear, multibillion dollar investment to accelerate AI breakthroughs with the goal of ensuring these benefits are broadly shared with the world.

Since 2016, Microsoft has committed to building Azure into an AI supercomputer for the world, announcing its first top-5 supercomputer in 2020, and subsequently constructing multiple AI supercomputing systems at massive scale. OpenAI has used this infrastructure to train its breakthrough models, which are now deployed in Azure to power category-defining AI products like GitHub Copilot, DALL·E 2 and ChatGPT. 

However, the launch of the new ChatGPT-powered Bing chatbot saw some highly publicised and creepy conversations being held with users. Bing also served up some incorrect answers at the launch.

Yet the attention around the launch was so fervid, it was swiftly followed by an announcement by Google of the rollout of its rival Bard AI service – the hastened nature of which led some to describe it as “rushed” and “botched.” Bigger concerns are also being raised. Turing Prize winner Dr. Geoffrey Hinton – known as the "Godfather of AI" – has walked away from Google and can now be heard desperately ringing AI alarm bells.

The press attention has been massive, but it is difficult for the average organisation to determine where the truth lies. Is the development of these technologies a worrying development with not nearly enough oversight, governance or understanding of the risks? Or should we be jumping on the bandwagon to ensure our organisations are at the forefront of sharing the benefits of these AI breakthroughs with the world?

What are the risks associated with LLMs?

The UK’s National Cyber Security Centre (NCSC) issued advice for all organisations in order to help them understand the risks and decide for themselves (as far as is possible). 

The NCSC explains, “An LLM is where an algorithm has been trained on a large amount of text-based data, typically scraped from the open internet, and so covers web pages and – depending on the LLM – other sources such as scientific research, books or social media posts. This covers such a large volume of data that it’s not possible to filter all offensive or inaccurate content at ingest, and so 'controversial' content is likely to be included in its model.”

It lists the following LLM risks:

•    they can get things wrong and “hallucinate” incorrect facts.

•    they can be biased, are often gullible (in responding to leading questions, for example).

•    they require huge compute resources and vast data to train from scratch.

•    they can be coaxed into creating toxic content and are prone to injection attacks.

Most worryingly, it’s not always clear when the AI has been compromised like this – and an explanation for why it behaves as it does is not always evident either. 

When its AI model developed a skill it wasn’t supposed to have, Google CEO Sundar Pichai explained, “There is an aspect of this which we call … a ‘black box’. You don’t fully understand. And you can’t quite tell why it said this.” When interviewer CBS’s Scott Pelley then questioned the reasoning for opening to the public a system that its own developers don’t fully understand, Pichai responded, “I don’t think we fully understand how a human mind works either.”

This glib justification highlights another risk associated with LLMs: that in the rush to lead the field, we allow the guardrails to fly off. That’s why it’s more important than ever for governments, regulators, organisations and individuals to educate themselves about these technologies and the risk associated with them. 

Risk #1: Misuse

Dr. Geoffrey Hinton has expressed grave concerns about the rapid expansion of AI, saying "it is hard to see how you can prevent the bad actors from using it for bad things.”

Indeed, Alberto Domingo, Technical Director of Cyberspace at NATO Allied Command Transformation, said recently, “AI is a critical threat. The number of attacks is increasing exponentially all the time.”

The NCSC warns that the concern specifically around LLMs is that they might help someone with malicious intent (but insufficient skills) to create tools they would not otherwise be able to deploy. Furthermore, criminals could use LLMs to help with cyberattacks beyond their current capabilities – for example, once an attacker has accessed a network if they are struggling to escalate privileges or find data, they might ask an LLM and receive an answer that's not unlike a search engine result, but with more context. 

Risk #2: Misinformation

We looked at the problems of bias in AI tools in a previous blog – and there are certainly wide-ranging and valid concerns about this. The NCSC warns, “Even when we trust the data provenance, it can be difficult to protect whether the features, intricacies and biases in the dataset could affect your model’s behaviour in a way in which you hadn’t considered.”

Business leaders need to be careful to ensure that they are aware of the limitations of the datasets used to train their AI models, work to mitigate any issues and ensure that their AI solutions are deployed and used responsibly. 

Risk #3: Misinterpretation

Beyond the problem of bias, we have the problem of AI “hallucinations”. This strange term refers to the even stranger phenomenon of the output of the AI being entirely inexplicable based on the data on which it has been trained. 

There have been some startling examples of this. This includes the “Crungus” – a snarling, naked, ogre-like figure conjured by the AI-powered image-creation tool Dall-E mini. The Guardian explained, that it “exists, in this case, within the underexplored terrain of the AI’s imagination. And this is about as clear an answer as we can get at this point, due to our limited understanding of how the system works. We can’t peer inside its decision-making processes because the way these neural networks ‘think’ is inherently inhuman. It is the product of an incredibly complex, mathematical ordering of the world, as opposed to the historical, emotional way in which humans order their thinking.

The Crungus is a dream emerging from the AI’s model of the world, composited from billions of references that have escaped their origins and coalesced into a mythological figure untethered from human experience. Which is fine, even amazing – but it does make one ask, whose dreams are being drawn upon here? What composite of human culture, what perspective on it, produced this nightmare?”

In another recent example, Chat GPT was asked about including non-human creatures in political decision-making. It recommended four books – only one of which actually existed. Further, its arguments drew on concepts lifted from right-wing propaganda. Why did this failure happen? Having been trained by reading most of the Internet, argues the Guardian, ChatGPT is inherently stupid. It’s a clear example of the old IT and data scientist adage: garbage in, garbage out.

The implications for the widespread use of LLM answers in our decision-making (especially without human oversight) is especially frightening. 

Risk #4: Information security

The way to get better answers out is, of course, to put better quality data in. But this raises further concerns – most particularly in the area of information security. 

The Guardian reported on the case of a digital artist based in San Francisco using a tool called “Have I been trained” to see if their work was being used to train AI image generation models. The artist was shown an image of her own face, taken as part of clinical documentation when she was undergoing treatment. She commented, “It’s the digital equivalent of receiving stolen property. Someone stole the image from my deceased doctor’s files and it ended up somewhere online, and then it was scraped into this dataset. It’s bad enough to have a photo leaked, but now it’s part of a product. And this goes for anyone’s photos, medical record or not. And the future abuse potential is really high.”

This type of experience has led the NCSC to warn that “In some cases, training data can be inferred or reconstructed through simple queries to a deployed model. If a model was trained on sensitive data, then this data may be leaked. Not good.”

There’s also an issue about data privacy and information security when it comes to using the LLMs. Although the NCSC recognises that “an LLM does not (as of writing) automatically add information from queries to its model for others to query” so that “including information in a query will not result in that data being incorporated into the LLM”, “the query will be visible to the organisation providing the LLM (so in the case of ChatGPT, to OpenAI), so those queries are stored and will almost certainly be used for developing the LLM service or model at some point.”

It's one of the reasons that Microsoft has been at pains to point out that while its ChatGPT-based automation Microsoft Copilot can help to discover, organise and present information held across your Microsoft 365 tenancy, Copilot is not trained on data in your tenant. 

As a result, the NCSC recommends:

•    not to include sensitive information in queries to public LLMs.

•    not to submit queries to public LLMs that would lead to issues were they made public.

It acknowledges that organisations must be able to allow their staff to experiment with LLMs if they wish to but emphasises that this must be done in a way that does not put organisational data at risk. 

This means taking care about inputs (including queries), securing your infrastructure and working with supply chain partners so they do the same.

#5: Attack

LLMs are also vulnerable to attack. Data and queries stored online could be hacked, leaked or accidentally made publicly accessible.

What’s more, the NCSC explains that some attackers seek to exploit the fact that, since it’s often challenging or impossible to understand why a model is doing what its doing, such systems don’t have the same level of scrutiny as standard systems. Attacks which seek to exploit these inherent characteristics of machine learning systems re known as “adversarial machine learning” or AML. 

Further, attackers can also launch injection attacks to compromise the system. As the NCSC explains, “Continual learning can be great, allowing model performance to be maintained as circumstances change. However, by incorporating data from users, you effectively allow them to change the internal logic of your system.”

If your LLM is publicly facing, considerable damage could result from such an attack – especially brand and reputational damage. To avoid this, says the NCSC, “Security must then be reassessed every time a new version of a model is produced, which in some applications could be multiple times a day.”

What can we do to minimise the risk of LLM use?

In addition to the advice included in this article, the NCSC has released new machine learning security principles to help you formulate good security and governance around your use of LLMs and other AI models. 

Responsible AI use should be aligned with your corporate values and operationalised across all aspects of your organisation, recommends the Boston Consulting Group. This means embedded responsible practices in all AI governance, processes, tools and culture.

What next?

If you’d like to discuss any of the technologies or issues raised in this blog post with our team of experts, please reach out.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us 

Malicious cyber activity can take many guises. One attack vector that the UK’s National Cyber Security Centre warns against is a watering hole attack.

But what is a watering hole attack? And how can you protect your organisation from them?

A watering hole attack is named after an approach used by predators in the natural world. Knowing that their prey will, at some point, gather around a watering hole to drink, the predator lurks nearby ready to take advantage when their prey’s guard is down.

In the cyber world, attackers sometimes use a similar approach. The watering hole attack targets websites which cyber criminals know their targets will visit. By compromising these websites with malicious code, they are able to trick their targets into downloading malware or viruses to their computers unknowingly.

How do watering hole attacks work?

Watering hole attacks are a kind of social engineering attack vector. That’s because the would-be attackers profile their intended targets to identify the websites where they are most likely to congregate. Typically, the attackers will pick a website that has relatively low security or known vulnerabilities they can exploit.

The attackers compromise the website, usually by injecting malicious code into the site. This is often in the form of JavaScript or HTML. Sometimes the malicious payload is downloaded automatically on visiting the site. Other times, the code may generate a bogus prompt encouraging the website visitor to take additional action that will trigger the download of the malicious code. For example, clicking on a link which redirects to a spoof website or downloading an infected document from the website. 

The victim thinks nothing of downloading the document or clicking on the link because they are on a trusted website used by many of their colleagues and peers. As a result, the effects of a watering hole attack may go undetected for a long time.

Once the malicious payload has been downloaded to the victim’s computer, the attackers are free to continue their attack. 

This can take different forms, including:

•    Install a remote access trojan (RAT) to gain remote access to the target’s computer
•    Steal data from that computer,
•    Use the compromised computer to access other assets on the corporate network,
•    Use the victim’s computer as part of a bot network,
•    Cyber espionage, such as the VOHO attack targeting local government in Washington DC and Boston,
•    State-sponsored disruption or terrorism, such as in 2017 when Ukrainian government websites were compromised to spread the ExPetr malware,
•    Spread ransomware or wiperware.

Sometimes the attackers simply want to steal data that they can sell online. In these instances, they may target consumers and compromise popular consumer websites. The 2015 attack on the Forbes magazine website had this kind of scope.

 
However, watering hole attacks are often targeted at a particular industry sector or business. For example, financial services, defence or the public sector. In these instances, the attackers often target public message boards, event or conference websites or other poorly defended targets.

Because they depend on a victim visiting the website, this makes watering hole attacks very opportunistic and almost scatter gun in nature. 

To attack particular victims in a more targeted fashion, the attackers may combine the watering hole attack with other forms of attack. For example, Proofpoint warns that some attackers combine watering hole attacks with directed phishing attacks. These phishing emails direct the recipients to the specific, compromised parts of the website. By inviting profiled users to visit the compromised website, the attackers have a greater chance of compromising their desired targets. 

Watering hole attacks are very hard to guard against. For one, defending websites against watering hole attacks can be challenging for the organisations. Websites can be infected for months or even years before the attack is detected. And, because users have trust in the sites they are visiting, they are not on the look out for potential attacks.  

How can you defend against watering hole attacks?

There are a number of ways to protect yourself against watering hole attacks. 

The starting point should be to educate your people to ensure they understand the risks of watering hole attacks. Training that deters them from clicking on suspicious links – however trustworthy the website – and not to bypass security warnings is useful.

Scan and monitor Internet traffic. Block access to websites not used for work. Web Gateways can defend against drive-by downloads that match a known threat signature or bad reputation. Monitor for common exploits and use weblogging to detect suspicious activity.

Computer hardening and following best practices around device management is the best way to limit contagion and prevent the attack from spreading. All devices should have up-to-date anti-malware solutions.

Protect your own organisational website(s) to ensure it isn’t the launchpad for a watering hole attack. Patch all known vulnerabilities as soon as possible and ensure software and operating systems are kept up to date. 

A combination of these approaches strengthens your defence. 

What next?

For help to protect your organisation from being victim to watering hole style attacks, the Grant McGregor team can assist. 

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us 

As 2022 draws to an end, whether from a business or personal perspective, most of us will reflect back on the challenges faced, the achievements and changes, and the memories made. 

Over the weekend our awesome team got together to celebrate the festivities. It was a great chance to catch up with colleagues outside of work, and let our hair down a little!

We would like to take this opportunity to thank you for reading and engaging in our weekly newsletters, blogs & videos. And a big thanks as always to our customers, old and new, for your continued custom.

 
However you spend the holiday season, we hope you have a wonderful Christmas and wish you all the best for 2023.
 
Best regards,
 

The whole team at Grant McGregor.

There’s much hype about the Internet of Things (IoT) and the endless possibilities of a hyperconnected future. However, 2016 saw a number of DDoS attacks in which attackers exploited inherent security vulnerabilities in IoT devices to take down big name websites such as Twitter, Netflix and Spotify.

The range of ordinary devices which are now being internet-enabled is growing. Whether these devices are contained within homes or businesses is largely irrelevant to the security risk they pose to businesses, since the growing trend of flexible working is now exposing business data and networks to potential threats in employees’ homes as well as public places.

In this post, we explain the growing importance of IoT security and offer some top tips for keeping your business safe.

Understanding the growing need for IoT Security

Gartner has predicted that over twenty billion devices worldwide will be connected to networks by 2020. IoT promises a not-so-distant future in which our lives will be enriched even further by the convenience and efficiency that technology brings.

Think fridges that remind us to order groceries, coffee machines that have a nice warm drink waiting for us when we arrive home from work and smart traffic lights that don’t leave us waiting when there are no vehicles coming the other way. The possibilities are endless.

The trouble with so many devices being connected to the internet, however, is that it creates more opportunities for hackers to exploit vulnerabilities.

Unfortunately, security is often low down on the list of priorities for manufacturers of these devices, with security patches few and far between. Users, too, are often at fault. Many don’t realise that these devices potentially pose a security risk and, with more and more web-enabled devices available, it’s easy to forget that things are even connected to a network.

Not to mention the widespread failure to change default factory passwords!!

Last year, we saw numerous DDoS attacks on big-name websites such as Netflix, Twitter, Reddit and Spotify, which prevented millions of users from connecting. The culprit for this was thousands of IoT devices such as web cams, routers, cameras and coffee machines, which were compromised by the bad guys to unleash a flood of traffic that took down the sites.

Each IoT device, which contains wireless sensors that allow it to connect to the internet, provides a potential entry point for attackers. If attackers can use these to bring down big websites, as seen in the recent DDoS attacks, you can be sure that they also present a security risk to every business network exposed to them.

As such, it’s important that businesses view every web-enabled device as a potential stepping-stone onto the company’s network.

Top tips for IoT security

1. Use strong passwords

When setting up new devices, always change the default passwords as these tend to be generic and, therefore, easy for hackers to guess, or use simple software to crack. Never use easy-to-guess passwords such as memorable words (like ‘password’) or names. Make sure any passwords are kept secure and not written down and left in full view for anyone to see. Find out how to create a strong password here…

2. Software updates

Always make sure that the software or firmware for all your devices is kept up-to-date.

Remember, it’s not just PCs and laptops that need updating, but all devices including routers, servers, network switches and anything else that is connected to your network. Make sure that manufacturer security updates are either installed automatically, or as soon as possible once they become available.

3. Protect your business from home networks

If your employees connect work devices to their home networks, then your business data could be at greater risk. Home networks are often poorly protected and this provides an easy way onto a business network for hackers. Make sure that your employees are adequately trained in cyber security best practice and that you take precautions to limit exposure to unsafe networks and protect company devices and data. You can find out more about this here.

4. Wi-Fi security

Some wireless security methods are much less secure than others. WPS (Wi-Fi Protected Setup) is known to be insecure, so be sure to disable this. WPA2 (Wi-Fi Protected Access 2) is the recommended standard when setting up wireless devices.

5. Data backup

Regular and routine data backups are an essential precaution. A thorough data backup and restore strategy is a worthwhile investment that will ensure business continuity and damage limitation in the event of a disaster.

6. Invest in DDoS protection

If your website is critical to your business, consider extra steps to protect it against Distributed Denial of Service (DDoS )attacks. Whether your website is targeted specifically or is taken down as a result of an attack on your ISP, your business could lose a lot of money from downtime. Some web hosting companies specialise in DDoS mitigation, but this won’t come cheap so it’s worth doing a risk-benefit analysis. At the very least, it’s worth doing some research to find out which ISPs have the best protections in place.

7. Limit IoT devices

Check which devices are connected to your company network and consider whether they are necessary. Only purchase IoT devices for which there’s a genuine need, or those that will bring a significant benefit to your workplace. Disconnect devices that you no longer use or need.

8. Employ IT expertise

Cyber attackers profit from ignorance. If you don’t already have dedicated IT staff with security expertise, then this is something to consider. If you can’t afford or don’t want to maintain an in-house IT team, consider outsourcing to a specialist IT support company. Perhaps consider having an audit of your current security infrastructure with expert advice and tailored solutions for your business. Would you meet baseline standards for security?

9. Invest in staff training

Many security breaches result from human error somewhere down the line. It’s vital to offer cyber security training to your employees so that they know the risks and best practices to protect your company. The cyber security landscape is ever-changing, so make sure that training is kept up-to-date if you want to protect your business against the latest threats.

Whilst it’s important to be cautious when it comes to IT security, there’s no reason to let fear paralyse your business.

IoT offers many benefits for businesses and, with the right protections in place, the risk can be significantly reduced. It’s not all about smart coffee machines and fridges; many companies are benefiting from gains in efficiency, productivity and profits by boosting connectivity in their workplace.

The hyperconnected future has a lot to offer and, for those that want to remain competitive, the transition cannot be held off forever. But, in today’s world, it’s vital that business owners keep up with cybersecurity developments and take steps to protect their networks.

In a recent post, one of Microsoft’s Worldwide divisions stated that its Windows 7 operating system is outdated and no longer fit for business use.

Despite the fact that regular security updates will continue to be provided until 2020, the company claims that Windows 7 lacks the kind of security features that are necessary to counter modern threats. The operating system, which will have been released eight years ago this summer, quickly proved to be popular with users when it provided a simpler and more efficient alternative to Windows Vista. It retained its popularity beyond the release of its successor, Windows 8, which provided a tablet user interface that lacked appeal for many.

Even though 400 million devices now run Windows’ latest operating system, Windows 10, the ever-popular Windows 7 is still being run on 48.34% of laptop and desktop devices – double that of Windows 10.

Microsoft ended basic support for Windows 7 two years ago. Since this time, the OS has suffered from higher running costs, a reduction in support for newer hardware accessories and downtime because of malware. The post suggests that there are dangers for business customers, in particular, that are still using Windows 7 because it is based on ‘long-outdated security architectures’.

Although security updates will continue to be issued for another three years, the post argues that this will not provide sufficient protection to keep up with the increasing security requirements we face today. As such, the post suggests that it is now time for businesses to move on from the much-loved Windows 7 operating system.

Many will probably be wondering whether this is little more than fear-mongering in attempt to accelerate Windows 10 adoption amongst businesses.

It is dubious that the post fails to acknowledge the fact that businesses typically invest a significant amount of time and money in layered security and standard operating environments, which together enhance the security of the operating system in use. But this is not to say that businesses shouldn’t be concerned.

One of the main reasons why many companies are yet to migrate to Windows 10, of course, pertains to the difficulty for so many in undertaking such a project.

Whilst there are a small number of companies that are now looking for alternative platforms, most are too heavily invested in Windows to drop its OS entirely and its Office software remains extremely popular with business and individual users alike. And whilst Windows 8 was unpopular with many, Windows 10 offers similar functionality and layout to Windows 7, making it much more appealing than its predecessor.

The main barrier to Windows 10 migration, then, is the scale of such a project. Moving to a new operating system is a lengthy and costly project for many companies. A major IT initiative such as this can be daunting for businesses, requiring substantial investment and pre-planning.

Internal business software compatibility remains a significant issue for many. And, due to its age, legacy infrastructure can cause critical compatibility issues which complicate the process of OS migration.

Significant effort is required, too, in moving legacy applications. In addition to these concerns, the cost of staff training must also be factored in. Whilst migration to Windows 10 will be easier, from an end-user perspective, for Windows 7 users than perhaps it would be for those migrating from Windows 8, there are likely to be enough differences to necessitate some form of staff training in most companies.

From our experience, there are occasions where Applications that are supported on Windows 7 are not necessarily supported on Windows 10.  Application developers are now using this to encourage companies to move to cloud based solutions.  You will need to check with Application Tech Support to ensure full Windows 10 compatibility before upgrading.

For those with a comprehensive security architecture in place, these latest assertions that Windows 7 is no longer fit for business use might seem a little overstated.

Three years may still seem a long way off. But, given the complicated nature of the process for many, now is arguably a good time to start putting plans in place for migration to a newer operating system. It is not unusual for the process to take a year and a half, and support for Windows 7 will end in January 2020. You only have to do the math to realise that the clock is ticking.

According to Microsoft, Windows 10 boasts a suit of security features that make it safer than older operating systems, including Windows Defender Advanced Threat Protection and the biometric security system, Windows Hello.

There is evidence to support the claim that Windows 10 is better equipped to protect against modern cyber threats. Just recently, it was revealed that two new zero-day exploits that Microsoft had to patch in November for its older operating systems were ineffective on machines running the Anniversary Update of Windows 10.

There’s no denying that cyber threats are rapidly evolving. As such, sticking with an outdated operating system undoubtedly adds an unnecessary element of risk.

Businesses still running Windows 7 should begin the planning stages of migration soon, to ensure that their systems and sensitive data will be safe when support for the operating system ends in three years’ time.

With our range of IT support and consultancy services, Grant McGregor can take the hassle out of major IT projects. If you need advice or assistance with migration to a newer operating system, contact us today

Many businesses consider cyber threats as external forces, attempting to penetrate their defences from the outside in. In truth, however, threats often originate from within.

The insider threat refers to data being compromised from within an organisation – whether knowingly or unknowingly – by employees.

This article will look at the different types of insider threat and what businesses can do to protect themselves.

In order to combat the insider threat, organisations must first gain an understanding of what these threats are and how they manifest themselves within the workplace.

Broadly speaking, there are three distinct types of insider threats: accidental, negligent and malicious.

The ‘accidental’ threat

When employees lack an understanding of cybersecurity issues and best practice for combatting threats, they can unknowingly behave in ways that compromise the organisation’s security. This type of threat is deemed ‘accidental’ because it arises simply due to lack of knowledge, rather than malicious intent or a conscious disregard for company policy.

For example, an accidental threat might arise because an employee, having had no cyber security training, opens a phishing email or clicks on a malicious link. The Verizon 2016 Data Breach Incident Report indicated that accidents contributed to nearly a third of security incidents in the previous year.

Cyber criminals are ready and waiting to exploit security holes within organisations. The accidental threat need not account for so many security breaches. The antidote is simple: provide regular, up-to-date cyber security training to every single employee. We can help you do this.

The ‘negligent’ threat

When an employee deliberately acts against the policies that their employer has put in place to protect the company networks, but for reasons that are not malicious in nature, the negligent threat arises.

Usually, the motives for negligent behaviours come from a desire to seek shortcuts or better accommodate preferred working methods of the individual or team.

For example, an organisation may have strict file sharing policies in place to protect company data, but these are not adhered to by some employees who, instead, decide to share work on public cloud applications to make it easier for them to continue their work when they’re away from the office. Despite there being no malicious intent in such acts, they inevitably create unintended security vulnerabilities.

When the negligent threat is present within an organisation, it can be a sign that the security policies and training strategies are not serving their purpose effectively and, therefore, need to be reviewed.

Simply implementing some form of security training and policy is often not enough. Information not only needs to be given, but also understood and taken fully on board.

Sometimes, the issue is that a company’s security policy is not accessible enough. Other times, it can be too invasive or restrictive for employees.

Whatever the problem, the key is to engage with employees to find out what the issues are and involve them in the process of creating and reviewing policies. When people feel involved in the process, they are more likely to take ownership and act responsibly.

The ‘malicious’ threat

Malicious threats arise when an individual within an organisation deliberately compromises security, with intent to cause harm to the systems, reputation or finances of the company. The motivation behind such acts is very often financial gain, but can sometimes also be revenge or espionage.

For example, an individual within an organisation may be approached, and enticed by financial reward, to assist hackers from the inside. Or, perhaps, an individual with malicious intent may seek employment with a specific organisation.

Sometimes, malicious threats arise from disgruntled employees who decide to compromise the data of their employer upon leaving the company, perhaps viewing it as an act of revenge for perceived mistreatment.

The potential for this type of threat is often overlooked by businesses, which tend to prefer viewing malicious intent as an external threat. However, the malicious insider is a growing threat and, as such, organisations would be unwise not to account and prepare for it in their cyber security strategies.

How to combat the insider threat

The human element is central to the insider treat. Keeping this in mind, organisations need to develop an insider threat strategy which places a strong emphasis on educating employees on best practices to mitigate risks. The development of a robust risk management plan is crucial and this should have its primary focus on mission-critical data.

Technology usage policies should be created and made accessible for all employees. These policies should clearly state how technology – such as file sharing systems and mobile devices – should be used within the company.

One fairly simple, yet effective, way of mitigating risk is by limiting user access according to assigned roles within the organisation. Access to sensitive data and systems should be permitted only for the maximum number of individuals for whom it is essential to carry out their job roles within the company. This also makes things easier when it comes to monitoring for suspicious activity.

Once robust insider threat strategies have been implemented, regular auditing and continual monitoring is essential. The security needs of an organisation will change over time and new threats will emerge, so it’s important to ensure security strategies are regularly reviewed and revised if necessary.

Technology provides useful tools for monitoring and combatting insider threats. For example, the deployment of database activity monitoring solutions can assist organisations in keeping track of changes or suspicious activity that may point towards a potential security breach.

Technologies are also available for monitoring network traffic for suspicious activities and flagging potential insider threats, such as a rapid surge in connections to file sharing sites, for example.

Data loss prevention software is useful in the implementation of data handling policies and also ensures that data is being handled securely by employees at the endpoint. These types of solutions can also automate data loss prevention processes, by monitoring outbound emails and automatically blocking emails that may contain sensitive data, for example.

The insider threat is a serious and unavoidable reality in business today. It is, therefore, crucial that businesses assess the specific risks within their organisation and develop robust strategies to combat the threat. Key to this process is, first, understanding where sensitive data resides and, subsequently, assessing the risks, restricting and monitoring daily employee activity whilst also investing in ongoing cyber security training and testing.

Are you looking for help or advice to improve your IT security policies, practices or technologies? Get in touch today to discuss the kind of help you need… 0131 603 7910.

Technology moves on quickly these days. The start of a new year is a great time to reassess how you use technology within your business, what can be changed for improved results and what is available that’s not currently being utilised, but may be beneficial.

This article will look at different ways in which businesses can utilise technology to improve their office connectivity, with the aim of improving business processes and boosting productivity.

1. Increase Secure Remote Access

The modern workforce is characterised by increasing mobility.

Organisations now largely recognise the benefits of offering flexible working conditions, which include streamlined processes and a happier, more productive workforce.  Increasing remote access is a great way to improve your office connectivity this year, enabling employees to work from home and on-the-go.

However, businesses must ensure that remote access is secure if they want to reduce the additional risks that inevitably come with this way of working.

One of the best things businesses can implement to ensure secure remote access is multi-factor authentication, or two-step verification processes.

As opposed to traditional passwords, these technologies use a layered approach to authentication, which include multiple verification methods for gaining access to systems, data and applications. This may include a combination of passwords, biometrics and one-time authentication codes sent to a separate, trusted device such as the user’s mobile phone.
Multi-factor authentication presents a significant challenge for attackers because it prevents them from being able to access a network simply by learning the password.

2. Collaboration Tools & Technologies

Thanks, in large part, to cloud technology, businesses now have access to a wide range of collaboration tools and technologies which are designed to improve team working capabilities, boost productivity and facilitate new ways of working.

By investing in these technologies, which tend to be relatively inexpensive, businesses can improve office connectivity and integrate employees – wherever they may be physically located – for more efficient and productive collaboration on projects.

A great example of a collaboration tool that’s designed to boost productivity and improve team working capabilities is Microsoft’s SharePoint.

SharePoint allows businesses to create websites, team sites and portals for employees to create, share, discover and collaborate on content with colleagues in real time on any device. Tools like SharePoint can significantly reduce the time currently spent on tasks, whilst also providing intelligent features and insights to improve working processes and allow for new, more efficient ways of getting jobs done.

3. Update Hardware

In order to reap the maximum benefits of a fully connected office, it may be time to invest in new hardware with improved capabilities.

You may have older hardware that has stood the test of time and still functions, but outdated technology could be hindering productivity within your organisation. Technology is constantly improving, becoming faster and more efficient. Businesses that invest in technology upgrades can, therefore, also become more efficient.

As well as the performance-enhancing benefits of modern technology, businesses can also benefit from improved security features. The latest servers, for example, are much better equipped to protect against modern cyber threats than older models. They provide businesses with new capabilities which help to detect suspicious activity and prevent attacks.

You may want to consider investing in additional company devices, such as mobiles, laptops and smartphones for employee use. This will enable employees to work remotely, whilst providing the advantage of company ownership which allows greater control and device management compared with Bring Your Own Device (BYOD) devices.

Additional considerations

There are many benefits to improved office connectivity including the facilitation of mobile and remote working as well as enhanced efficiency, productivity and collaboration. Ultimately, these things make businesses more competitive and profitable.

However, companies should exercise caution when seeking to improve connectivity in their organisations. Whilst it is a worthwhile endeavour, it also inevitably brings additional concerns. But, these can be mitigated with careful consideration and planning as well as the implementation of effective controls.

Security is the major issue to consider when increasing connectivity. It’s important to ensure that access to your company network is always secure, including when users are connecting from remote locations.

When selecting tools and applications for connectivity and collaboration, be sure to choose products and services that offer business-grade security features and protections.

Additional things to consider include the provision of staff training for any new technologies and processes as well as the revision or creation of any relevant company policies relating to usage.

If you’re keen to improve your office connectivity in 2017, but are unsure where to start, perhaps consider an appraisal audit of your current IT infrastructure.

This will help you to determine what is working effectively as well as potential areas for improvement. You may even discover that significant business savings could be made by switching to newer technologies.

There are many things you can do in order to give your business the best chance of success. Creating great products and services, using the right software and marketing your business in a strategic way are all great things to do.

However, the most vital part of success for businesses is hiring the right people.

In order to get the most talented people working for your business, you have to know how to attract them in the first place. Below are some of the best ways to do this.

Social media recruitment

Social media is so prevalent now that it’s used for almost every type of interaction imaginable. Something that many employers don’t consider is using social media to recruit talent to their business. A key part of using social media to attract talent to your business is using the right platforms.

LinkedIn is an excellent platform for finding talent within your industry since the main focus is on business. Although LinkedIn is the obvious choice you can also use less obvious platforms such as Facebook, Twitter and Instagram. For example, if you’re advertising for a new position then you can use the strengths of different platforms to your advantage.

Targeted advertising

When you’re advertising for a particular position within your company, you want to be sure that you reach people who are suitable and who have the right skills. Thankfully targeted advertising is now with the likes for Facebook business ads, that enable you to target your ads at the right audience using criteria such as age, location, interests and behaviours.

Invest in recruitment tools

In addition to social media platforms, such as LinkedIn, there are plenty of excellent recruitment tools that make it easier to attract to the best people to your business. The interviewing process can be time-consuming so an excellent way to narrow candidates down before the interviewing begins is to use psychometric and skills testing software. There are very affordable options available for both types of these software now.

Improve your employer brand

Improving their employer brand is something that a lot of businesses neglect but it’s one of the best ways to attract the best talent to your business. You can improve your business’ employer brand in a number of ways. Embracing social media fully and creating an impression of what it’s like to work at your business and what values it holds is a great way. You should also think about what impression people have when they walk into your offices. Is it the type of environment that inspires creativity and teamwork?

Things to avoid…

Below are some things to avoid when you want to recruit the best talent.

Hiring on instinct

Hiring based on first impressions or instinct is usually not a good idea. Although first impressions are definitely valuable when interviewing candidates, you should always have a more rounded approach and take everything into consideration, including their background, experience, qualifications and enthusiasm for the role.

Trying to create a false impression of what your business is like

Your employer brand is extremely important when trying to attract the best talent to your business but you should ensure that any candidates you’re interviewing for a position have a clear and realistic idea of what it’s like to work at your company and what their role will be. Job satisfaction is something that is extremely valuable to people so you should be upfront from the start to ensure you retain any new employees in the long run.

Focussing solely on skills and ignoring attitude

Although skills are certainly important when hiring for a particular role, you shouldn’t focus on that alone. The attitude of the candidates you interview in incredibly important too. You want to be sure that if you hire somebody, they’re not only going to be able to do the job well but also got on with your other employees and not create problems within the office.

Hopefully you found the tips above useful and will incorporate them when you’re next hiring. Make sure to keep checking back here for more news and advice related to IT, marketing and business security.

This time last year, we were contemplating 2015 as the year of the data breach. We were taking stock and trying to learn the lessons so that we could better protect ourselves and our businesses from the growing threat of hackers. And then 2016 happened.

Little could have prepared us for what has been an intense year, with cyber security becoming a critical issue with a high media and political profile.

In this article, we will explore the top cybersecurity stories of 2016, consider what can be learned from them and make recommendations for how SMEs can and MUST improve their cybersecurity practices in 2017.

First, let’s take a look back at the big cybersecurity stories and themes of 2016 and the lessons they taught us…

1. The Rise of Ransomware

The rise of ransomware was the big cybersecurity story of the year.

Ransomware is, as we all should know by now, a particularly pernicious form of malware that is used by cybercriminals to extort money from businesses by locking them out of their critical files, services or even entire networks.

Once the files have been locked down, a ransom payment is demanded for the decryption key. Of course, there is never any guarantee that the files will be decrypted once payment has been made.

Businesses, universities and hospitals have all been targeted by ransomware attacks in the past year, some of which have paid thousands to regain control of their data. Shockingly, given the extent of media coverage in recent times, a recent survey by AVG indicated that a third of small businesses still had never heard of the term ransomware.

A ransomware attack can literally bring a business to a halt.

The rise in ransomware has taught us not only that we need to increase the strength of our cybersecurity defences, but also of the importance of having effective backup and recovery solutions in place to prevent total loss of critical data and ensure business continuity.

2. The end of the password, as we know it?

Over the past year, we have had a general shift away from traditional passwords, towards more secure login procedures.

Big names, such as Apple and Google, rolled out improved multi-factor authorisation and verification procedures, which utilise multiple security steps for the approval of certain actions and transactions. Additionally, we have seen the financial sector begin testing of biometric verification with the aim of reducing fraud. It’s clear that the old-fashioned username and password may soon be a thing of the past.

What we should take from this is an awareness that the fight against cybercrime needs to be a collective effort, led by companies and organisations but involving good practice by employees and customers also.

In 2017, businesses should be considering how they can create more secure pathways to access account information and encouraging employees, customers and associates to apply best practice in the use of these.

3. The Insider Threat

Previously, cybersecurity news was typically centred around hackers, whether they be criminal groups, individuals or even entire nations. However, with many data breaches involving somebody from inside the business, 2016 taught us how prevalent the insider threat now is.

Not all insider threats result from malicious intent, but some certainly do so this is something to be vigilant about.

More worrying, perhaps, is the threat that arises from ignorance or carelessness. Many data breaches can be traced back to the loss or theft of company devices, careless data sharing practices or employees falling prey to phishing scams.

It’s vital that employees have a good understanding of security risks and are kept up to date on best practice with regular training.

Businesses must also ensure that strict procedures are in place to reduce the chances of confidential data being leaked. An example of such practices would be the restriction of access to the minimum necessary number of employees. Unless it is absolutely necessary for an employee to have access to certain systems and files in order to carry out their job, it should be restricted.

We’ll have more about ‘The Insider Threat’ later this month…

4. The Rise of Encryption

2016 saw a very public debate about the issue of security and privacy, with encryption front and centre.

The clash between the FBI and Apple over access to one of the San Bernardino bombers’ iPhone data was one of the biggest tech stories of the year. We also saw WhatsApp implement end-to-end encryption to its instant messenger service, which has put pressure on providers of similar services to follow suit. With cybercriminals becoming ever more sophisticated in their methods, encryption is increasingly being viewed as a necessary security step.

As well as seriously considering the need to encrypt their most sensitive files, businesses should be looking to stories such as these as a means of gaining an understanding about the ways in which data is being shared both inside and outside of their organisations. Knowledge is crucial in the fight against cybercrime.

5. No one is immune from cybercrime

Perhaps the most important lesson to take away from 2016 is that no one is immune from cybercrime.

2016 followed on from the previous year’s theme of big names being brought into the spotlight, having suffered data breaches that collectively affected millions of user accounts.

Cybersecurity was also a major theme in the US presidential elections, with issues around email security and claims that foreign hackers were trying to influence the outcome of the election.

But it’s not just the big companies and high-profile targets that need to be concerned about cybersecurity. Research carried out by the Federation of Small Businesses found that two thirds of small businesses had fallen victim to cybercrime in the past two years.

We have learned that cybercriminals are increasingly turning their attentions to smaller companies, both because they tend to have weaker security defences and they can be used as a stepping stone to the networks of the larger companies they are associated with.

It is for these reasons and the fact that, according to the FSB, the financial costs of a cyber-attack faced by small businesses are disproportionately greater than those of larger companies, that SMEs must be vigilant and take all necessary steps to protect their networks.

Moving forward: How SMEs Can Improve Their Cybersecurity Practices in 2017

Knowledge is one of the most important aspects in the prevention of cybercrime.
SMEs must understand that they are not immune from attacks and ensure that they keep up to date with cybersecurity news, developments and expert recommendations for best practice.

This is an ongoing process as new threats appear all the time. Employees must also be given the knowledge to help them take steps to protect the companies they work for and ensure that they aren’t inadvertently putting their employer’s networks and data at risk. Regular staff training is a must.

A good place for SMEs to start is with the government-backed Cyber Essentials scheme, which is an industry supported scheme that helps SMEs gain knowledge and protect themselves against the most common cyber security threats. More information about the scheme can be found here, but the main controls recommended are:

• Boundary firewalls & internet gateways

• Secure configuration of computers & network devices

• Control & restriction of user access to applications, computers & networks

• Keeping software up-to-date with the latest security patches

• Using malware protection software

Cyber Essentials documents provide organisations with advice and information on how to implement basic cyber security controls. Businesses can also apply for a Cyber Essentials certificate, which provides them independent assurance that they have the necessary protections correctly in place.

As well as the obvious benefit of peace of mind in knowing you are protected against many cyber threats, additional benefits of certification include being able to bid for government contracts (for which the certificate is compulsory) as well as being able to demonstrate to other organisations and customers that you take cyber security seriously.

Grant McGregor Ltd is currently undertaking Cyber Essentials training to become an Accredited Assessor for this certification scheme, We’ll update you about this very soon!

It is now generally agreed that cyber security is not simply a technical problem, but has become a business-critical issue.

Without proper defences in place, businesses risk compromised data, damaged reputations, lost contracts, substantial costs and loss of business. The smaller the business, the greater the risk that cyber threats pose to the survival of the company.

No one is immune. It’s vital that all SMEs look to improve their cybersecurity practices in 2017.

If you’d like some professional help with your cyber security planning, defences, education or assurance then contact our team at Grant McGregor today!

Is your IT Company slow responding to problems, unable to cope with your demands, recommending software you don’t really need or overcharging you? If so, maybe it’s time to look for a new IT company this year!

Rather than continuing to feel unsatisfied with the services provided by your current IT Company, why not simply take your business elsewhere? Staying with a poor IT company is risky for your business, especially if your operations depend heavily on your IT systems and software.

Here we’ve explained some of the benefits of leaving your old provider behind and using Grant McGregor’s IT services instead.

IT support

We understand that changing IT support companies can be very daunting but it’s most definitely worth taking the step if it means a brighter future for your business in 2017!

To help you feel more confident about your decision to swap to your IT support services, we will provide you with an IT Service Guarantee.

Whether you are a small business with a limited number of users or a larger business with hundreds of users, our experienced IT team will take full responsibility of your IT support needs and we will use our expert knowledge to provide you with solutions that exceed your expectations.

Our aim is to enable you to run your business more smoothly and the way we achieve that is by finding out what you need from us. We take a people-centred approach to IT support, which involves listening to you and providing tailored solutions to meet the needs and requirements of your business.

When set up properly, technology requires little support, it is actually the people using the technology that need dedicated support, which is exactly what Grant McGregor will offer.

IT consultancy

Have you received poor recommendations from IT companies in the past? We understand that it can be difficult knowing whose advice you can trust. If you are looking to update your IT systems, improve productivity or achieve higher levels of IT security, we will help you deliver the results you need.

We call ourselves a people-friendly company and part of our ethos involves talking in plain English. We won’t confuse you with tech-related jargon or recommend services you don’t really need to earn extra money. Instead, we choose to provide you with genuine, objective and appropriate advice that is tailored to the needs of you, your people and your business as a whole.

IT software and solutions

Are you tired of IT sales people pushing products at you that you don’t really have any use for or even know how to use?

Here at Grant McGregor we take a completely different approach to IT software and solutions. Instead of palming you off with any old piece of software, our specialist experts will take the time to get to know your business and its operations. Working closely with you and your team, we will identify the best solutions for your business and at the end of the day, the choice will be yours.

Grant McGregor has been awarded Gold Partner Status by many of our software vendors, but this isn’t because of our ability to meet sales quotas, it’s because we have excellent product knowledge and use our skills to find the right solutions for the right companies, providing a good fit.

New Year, New IT Company

Don’t put up with an IT company that isn’t fully meeting your needs and requirements. If you like the sound of any of the IT services outlined here and want to know more, give us a call today on 0131 603 7910.

NEW YEAR OFFER – 50% OFF AN INITIAL IT AUDIT

To kick start a positive change in the effectiveness of your IT systems, an initial IT assessment audit is an essential step in the process.

We’re offering the first 3 companies that apply and qualify with us a saving of up to £250 on this initial outlay. We are prepared to meet the entire cost to ease the burden to you and encourage you to take this first, vital step to make sure your IT runs smoothly and effectively in 2017!

This special offer is strictly for a limited number of potential customers so please apply here to take full advantage while you can!

First come, first served so don’t delay to avoid disappointment!

Being aware of the latest trends in social media is a must no matter what type of business you run.

Even if your business itself doesn’t rely heavily on social media, it’s still incredibly useful to be aware of what consumers and potential business customers are craving when it comes to online content and services.

With this in mind, below are some of the biggest social media trends to look out for in 2017.

1. Virtual/augmented reality video

There’s already been a strong trend towards more visual content over the last few years, with an explosion in popularity of visual social media platforms, including Instagram and Pinterest.

More established platforms such as Facebook and Twitter have also become much more visual. This appetite for visual content means that more focus is going to be put on more novel experiences, including virtual and augmented reality on social media.

2016 has been called the year of VR, with the release of both the Oculus Rift and the PlayStation VR headsets respectively. As VR and augmented reality become more mainstream, the technology will become easier to use and will be implemented more in social experiences, including on social media platforms.

2. Increase in live video streaming

Live video streaming services such as Periscope saw a huge surge in popularity in 2016 and that trend is set to continue. More content providers are realising the appetite their audience has for something immediate and as a result are making use of services such as YouTube Live and Facebook Live.

Live video can be a truly excellent way for brands to connect with their audience. It is different from other forms of social media content in that it’s immediate and unfiltered and therefore provides another way to connect with your followers.

3. Chatbots

If you haven’t heard of chatbots already then you will soon. They have gained a lot of popularity in the last 12 months, in no small part due to the incorporation of chatbots in Facebook Messenger. In April, Facebook CEO Mark Zuckerberg announced that third parties would be able to take advantage of Facebook’s messenger platform in order to create their own chatbots.

Chatbots are particularly useful at improving real-time engagement with customers. Many businesses currently use a combination of live chat, email and phone support in order to assist their customers. As chatbots improve and their use becomes more widespread, it’s likely that a lot, if not the majority of customer issues will be dealt with through them. The ability to intelligently deal with customer issues in real time without the need for human intervention is just round the corner.

4. More difficult to get organic traffic through social media

The fact that social media is so popular is a double-edged sword.

Yes, there a huge amount of people on the various social media platforms at any given time but that also means that there’s an abundance of content with too little space for it. This has caused major social media platforms such as Facebook and Instagram to remove chronological timeline updates, meaning content providers must pay in order to gain visibility.

For businesses and online marketers, this means that a multi-channel approach will be best from now on. Instead of putting all your efforts into social media marketing, it’s better to focus on a mixture of content marketing, organic SEO and email marketing.

5. More automation

The fact that there are so many ways to market a business nowadays, combined with the growing number of social media platforms means that automation is a must for businesses that want to market in an effective way.

Not taking advantage of some of the excellent marketing automation applications that exist could end up costing your business a lot. It’s been shown that marketing automation helps businesses to boost revenue significantly and a growing number of business owners are now making automation a key part of their overall marketing strategy.

These are just some of the trends likely to be seen in 2017 where social media is concerned.

Be sure to keep checking back to the blog for more IT news and tips.

Enjoy Christmas and our very best wishes to you all for the forthcoming New Year. A healthy & prosperous 2017!

Security is a huge issue for businesses in the digital age. With more businesses now switching to the cloud than ever before, there is a greater need to protect data and ensure that it doesn’t fall into the wrong hands.

Even the government have taken steps to help SMBs improve business security through their Cyber Essentials Scheme. Businesses that have Cyber Essentials are protected against the most common cyber security threats and displaying the badge is great a way to show customers that your business takes data security seriously.

To help you determine if your business is secure enough, below are 5 of the biggest signs that the security in your business needs to be improved.

1. No protocols for data access

Not having any clear protocols for data access is a very common mistake that many organisations make. If anyone can simply access data without there being any protocol to follow, then it could pose a serious risk to your data and systems. For this reason, many businesses are now putting ground level security in place to prevent data loss and theft.

The basic idea of putting access control measures in place is to restrict the number of people who have access to sensitive and important data to as few as possible. If employees in one part of your organisation do not need access to a particular database, then there’s no reason for them to be able to access it since it only puts your data at unnecessary risk.

2. Old and insecure passwords are still in use

Password security is hugely important for SMBs but many don’t have any system in place to ensure that passwords are regularly updated; or that secure enough passwords are being used in the first place. The most secure passwords are those that include a combination of upper and lowercase letters as well as numbers and symbols. The trouble with these types of passwords is that they’re hard to memorise and this alone can put employees off using them.

One obvious solution to this problem might be to use a password manager. A password manager will enable you and your staff to easily store log in credentials for each service in a convenient and secure way. Of course the password manager itself will require a secure password but it’s much easier to remember one secure password than dozens.

3. Physical storage devices are used for data sharing

Relying on physical storage devices to share data is a bad security practice that’s still surprisingly common. Many business managers believe storing data locally is a good idea since it cuts out the risk of it being hacked. Although there is some validity to this, the risk of a storage device such as a USB drive falling into the wrong hands or getting lost is substantial. Not only that but there are now an abundance of excellent cloud storage services specifically for businesses that are very secure and convenient, so storing data on physical devices simply isn’t necessary.

4. Inadequate staff training

It may be surprising to learn that the biggest risk to the security of your company doesn’t come from outside but from your own employees. This is often because of a lack of good training and not due to malicious intent. Simple things such as training your staff how to use software properly and informing them of the importance of changing passwords regularly are easy to neglect but can cost your business a lot in the long run.

5. Infrequent or unreliable backups

No matter how secure the data storage service you use might be, it’s always vital that your data is backed up regularly. A number of cloud storage services can back up your data automatically so it’s not something you have to worry about. If your data is being stored locally though, then backing it up yourself on a regular basis is extremely important since the risk of data loss or corruption is significant.

If you’d like to find out more about how Grant McGregor can help to improve the security of your business, then get in touch and we can explain the benefits of the services and solutions we offer to SMBs.

Get our free 15 Point Security Checklist HERE!

Security is a huge issue for businesses in the digital age. With more businesses now switching to the cloud than ever before, there is a greater need to protect data and ensure that it doesn’t fall into the wrong hands.

Even the government have taken steps to help SMBs improve business security through their Cyber Essentials Scheme. Businesses that have Cyber Essentials are protected against the most common cyber security threats and displaying the badge is great a way to show customers that your business takes data security seriously.

To help you determine if your business is secure enough, below are 5 of the biggest signs that the security in your business needs to be improved.

1. No protocols for data access

Not having any clear protocols for data access is a very common mistake that many organisations make. If anyone can simply access data without there being any protocol to follow, then it could pose a serious risk to your data and systems. For this reason, many businesses are now putting ground level security in place to prevent data loss and theft.

The basic idea of putting access control measures in place is to restrict the number of people who have access to sensitive and important data to as few as possible. If employees in one part of your organisation do not need access to a particular database, then there’s no reason for them to be able to access it since it only puts your data at unnecessary risk.

2. Old and insecure passwords are still in use

Password security is hugely important for SMBs but many don’t have any system in place to ensure that passwords are regularly updated; or that secure enough passwords are being used in the first place. The most secure passwords are those that include a combination of upper and lowercase letters as well as numbers and symbols. The trouble with these types of passwords is that they’re hard to memorise and this alone can put employees off using them.

One obvious solution to this problem might be to use a password manager. A password manager will enable you and your staff to easily store log in credentials for each service in a convenient and secure way. Of course the password manager itself will require a secure password but it’s much easier to remember one secure password than dozens.

3. Physical storage devices are used for data sharing

Relying on physical storage devices to share data is a bad security practice that’s still surprisingly common. Many business managers believe storing data locally is a good idea since it cuts out the risk of it being hacked. Although there is some validity to this, the risk of a storage device such as a USB drive falling into the wrong hands or getting lost is substantial. Not only that but there are now an abundance of excellent cloud storage services specifically for businesses that are very secure and convenient, so storing data on physical devices simply isn’t necessary.

4. Inadequate staff training

It may be surprising to learn that the biggest risk to the security of your company doesn’t come from outside but from your own employees. This is often because of a lack of good training and not due to malicious intent. Simple things such as training your staff how to use software properly and informing them of the importance of changing passwords regularly are easy to neglect but can cost your business a lot in the long run.

5. Infrequent or unreliable backups

No matter how secure the data storage service you use might be, it’s always vital that your data is backed up regularly. A number of cloud storage services can back up your data automatically so it’s not something you have to worry about. If your data is being stored locally though, then backing it up yourself on a regular basis is extremely important since the risk of data loss or corruption is significant.

If you’d like to find out more about how Grant McGregor can help to improve the security of your business, then get in touch and we can explain the benefits of the services and solutions we offer to SMBs.

Get our free 15 Point Security Checklist HERE!

The times they are a-changing, and fast.

We’re all plugged into the internet almost 24/7 via our mobile devices and anxiety sets in if we’re separated from them. We are immersed in technology and, whilst we are drowning in ever more emails, mobile apps are delightfully making our leisure and work time more enjoyable and productive. So can new tech make us smarter and the cities we live in healthier, ultimately helping us to enjoy a longer life?

Web summit 2.0 in Dublin 2016 saw the great, great, grandson of Ford General motors founder William Clay Ford Jr. chart his vision for the future of smart transport. Bill Clay Ford (as he prefers to be known), waxed lyrical about his vision not for more car sales, but for cleaner, driverless cars which will revolutionise transport. “We want to have an even greater impact in the next 100 years than we did in the first 100 years”. Greener, smarter traffic beyond gridlock is Ford’s new vision which he hopes will enable Ford “to try to make people’s lives better”.  A worthy epithet no doubt but is it achievable in the next 30 – 50 years?

Since the mid 1990s we’ve had European Healthy Cities driving new health programs in inner cities in an attempt to improve access to health and exercise. We’ve seen motivation programmes created to inspire ordinary people to dramatically improve their health in straightforward ways such as giving up smoking and reducing alcohol consumption.

Infrastructure

With better infrastructure in terms of roads, rail, public walkways, cycle greenways and city paths, there are huge opportunities to harness the power of social media, apps and technology to create smart healthy citizen networks which help communities to function at their optimum health levels in tune with their environment.

The internet was primarily developed to drive ecommerce. Our lives have been transformed by new ways of shopping and social interaction. We now bank online, book holidays and flights, access public services and communicate with our friends using an array of private social networks such as Instagram and Facebook.

Technology oils the wheels of our everyday lives saving us valuable time and inspiring us to experiment with new ways of leisure interaction. Internet technology has positively disrupted business and our everyday lives.

Weather & Air Quality Monitoring

Cheap energy efficient sensors are being used to collect data and harness it to produce a range of useful information. Using variables such as temperature, air quality, pressure and humidity statistics, these data feed into artificial intelligence systems and help us decide what activities and tasks we should carry out when. For example, how many cars should be allowed into the city limits at what time or whether we should go running or walking at certain times of the day when air quality and weather conditions are not at their optimum levels.

Drones to manage major incidents

Add to this mix the use of drones which can be used to monitor traffic, deliver medication or even medical care. This can include diagnosis of medical conditions and providing the ability to assess major incidents and enable clinicians to provide emergency triage advice on how best to treat major incident victims who may be otherwise difficult to access.

Transport apps

Mobility apps will notify us when our neighbours are going shopping and will enable us to car share enabling us to split car fees and reduce traffic and ultimately pollutants. Delivery costs will be dramatically reduced via the use of crowd sourcing apps which will maximise timely deliveries to our locale.

Shopbots

The internet already enables us to harness the power of Shopbots and Geographical Information Systems intelligence apps to reduce the cost of products. Just like we plug in our mobiles when we drive to ensure they are charging on the go, we may also plug ourselves in to our cars to monitor our stress and blood pressure levels and prompt cars to move to autopilot if we are tired or not performing at our optimum levels.

Artificial intelligence networks

The power of mobile apps will enable citizens to turn themselves into smart apps and feed their data into artificial intelligence networks to analyse movement, exercise, and other key variables including diet. This will enable doctors to monitor calorie intake, exercise output and variables such as blood pressure, blood oxygen and sugar levels. Medical professionals can then provide recommendations of when and how we should exercise, rest or sleep for maximum benefit in managing pre-existing conditions such as diabetes, high blood pressure and heart conditions.

Interconnectivity

One thing is certain, the possibilities to create smart interconnected cities which serve their citizens are endless, but will require buy-in and a shift of consciousness for every member of our communities. We must be proactively involved if we are to harness technologies and build cities and businesses to organically serve our citizens. We must be our own visionaries and take ownership of our cities and technology to improve our cities for the good of all humanity.

Technology is changing rapidly. If you would like to harness the best of today’s exciting technologies to benefit your business and competitiveness now, then you don’t have to wait for the future.

The first step to this new world is to let us know what help you’re looking for. What do you want to achieve and why? If you can articulate these aims to the team at Grant McGregor Ltd then we’ll do our best to help or to guide you to the best sources of help. And we’ll be very human about it.

Grant McGregor are proud to have received another fantastic award and IT industry accolade. This first of only three Partner of the Year Awards was given to Grant McGregor from SolarWinds MSP for Community Partner of the Year.

At the beginning of November, three of the GM team; Jon, David L & Paul attended the SolarWinds conference in Edinburgh. And at the very start of the day they were pleasantly surprised to be asked to pick up this prestigious honour as Community Partner of the Year.

Grant McGregor have long been a partner of SolarWinds MSP (under their previous guises) for over 10 years and we very much value the great relationship with them so we feel honoured to have received this award.

“This demonstrates the close working relationships we’ve forged with out partner SolarWinds MSP in employing their technologies to defend and protect our clients’ IT systems from threats and disasters. Not only have we built great knowledge of how best to employ such Managed IT Services, but we can readily tap into SolarWinds MSP’s wealth of experience and insights to help our clients to develop their IT appropriately. It’s great to have this recognition of our successes together.” said Jon Towers, Director of Grant McGregor Ltd.

Here’s what Dave Sobel, Director of Partner Community and Field Marketing at SolarWinds had to say:

“Grant McGregor exemplifies the kind of partner the community values.  With an openness to share information, collaborate with other solution providers, and assist us as a vendor with valuable insights, the team at Grant McGregor has embraced the collaborative nature of success we strive for.  It’s a pleasure to work with the team, and we are excited to award them with Community Partner of the Year.”

Are you one of the many people who still store their important data and documents locally on your computer as opposed to on a central server?

You’re not alone, millions of people do.

But have you got a disaster recovery plan in place should the very worst happen? What happens if your hard drive fails or your laptop is stolen? What would you do if Ransomware encrypted all of your precious personal and work related data rendering it inaccessible and unusable?

Risks of local data storage

If your data gets destroyed, stolen lost or damaged and the data is stored on a central server then you can breathe a sigh of relief, you’re covered and any deleted data can be recovered. However, if your data is saved on your desktop, or My Documents then you run the risk of being unable to restore it.

How devastated would you be to lose pictures of your children, parents and other family members and events that will never be replaced? How devastating would it be to your business if you lost business data, accounting information, customer, employee or supplier records?

Could you live without the family photos, personal and business data on your home laptop or device if disaster struck or theft occurred?

Impact of loss of data

Have you ever actually taken time to sat down and consider the cost of losing your business data and the impact that would have for you and your clients? Aside from confidentiality issues, the impact of losing business sensitive information could lose you clients and ultimately have a massive adverse effect on your business and your job. Make no mistake, loss of data can be catastrophic in many ways.

Avoiding data loss

It’s all so avoidable and it can be so easy to take steps on a regular basis to set in motion a regular and automated backup plan. One of the most fool-proof ways of backing up is to use a centralised cloud based system where you can automatically back up your data as and when it is created. Using a central online storage system will provide a seamless back up of your computer’s storage so that in the event of any catastrophic hard drive failure you will be able to recover an image of your computer’s hard drive and restore it immediately.

Easy collaboration & version control

Putting a backup plan in place means you’ll have no more sleepless nights wondering what if, and you’ll be able to work safe in the knowledge that your personal or business data is safe and can be recovered in the event of an external hacking attacking, virus infection, or hard drive failure.

Compliance with Data Protection Legislation

Backing up to a third party central storage system will also help you avoid any issues relating to Data Protection legislation. It’s important to be aware that if you fail to keep your data safe and protected you maybe unwittingly contravening the 1998 Data Protection Act which states that personal data must be held safely and securely.

Don’t bury your head in the sand and consider other tasks more important, it could and may happen to you that you could suffer a catastrophic data failure and lose all or most of your data. Why take that risk, when it is so easy to prevent?

It’s not too late to protect your data

Lots of people are now wishing they’d taken action to prevent their catastrophic loss of data. Some of these are private individuals who have suffered the incalculable loss of personal photographs.  It could happen to you too. We know too many individuals and small businesses to whom it has. People who’ve lost precious photographic memories, music or sensitive business data all of which can never be restored and is gone forever.

Losing data is also more traumatic when you don’t know exactly what you’ve lost.

Moreover, you can run the risk of your electronic “identity” being stolen and will face the trauma of having to change your security details to all your accounts to protect yourself.

To avoid a disaster involving your data, take action and give yourself peace of mind today.

For a simple cost-effective solution to ensure you can protect, back up and recover your data with ease contact Grant McGregor on 0131 603 7910.

Although, we still have to wait for the Brexit plans and our negotiations to be debated and clarified in Parliament, it can’t have escaped you that the summer’s referendum ‘Brexit’ vote is already having an upward effect on many prices.

Whether it’s Unilever’s uplift in the price of Marmite or Nestle considering the price of KitKats, it’s certainly affecting the UK Tech market too. Stories are not only dominating the IT press but also mainstream channels as so many well-known Tech companies have now announced significant price hikes ahead!

As a result of the heavy drop in value of UK sterling versus the euro and the dollar since the referendum vote, some big name vendors such as Dell and HP were first to make those “upward adjustments”. In the short term, other US vendors who trade in dollars had perhaps waited to see if the level of the pound would revive or because they had protected their level of pricing through forward currency hedging. Yet even they have now run out of options and are passing on the effects of these currency differences to us all.

Is this just jumping on a band-wagon or are there strategic and necessary reasons for it?

Well, currency hedges could only last for so long. Those vendors such as Apple that opted not to hike prices are having to follow Dell and HP and have lifted prices by around 20%. The currency drop for sterling was certainly one big part of it but the overall effect would also mean that in other markets in Europe, partners and end customers could be paying effectively 20% more for the same products than their counterparts in the UK. Great for the UK you might think but this sort of imbalance between European countries and their near neighbour in the UK could well have opened up a grey market as European customers sought to exploit the ‘savings’ available via the UK’s near 20% beneficial pricing.

If these vendors tried to stop European customers from purchasing their products and services from the UK, the Europeans would demand a hefty reduction in European prices to match UK price levels – or an increase in UK pricing to re-balance with the rest of Europe. A tough choice? Take a hit against prices across all European markets or impose a sharp increase in one? Generous they are not. Cynical the UK market is.

As well as Apple, one of the later high profile companies to announce substantial UK price rises was Microsoft. Until now. Microsoft has just announced price hikes of up to 22% in the UK to take account of the pound’s slump against the euro (and dollar) since the Brexit vote. This was not only covered by the UK IT Press  but also hit most of the mainstream press and news channels  especially as so many businesses have turned to cloud services such as Microsoft Office 365.

So from a business perspective, any users who pay for subscription services for Office 365, for system protection software or for other monthly services can expect price rises to take effect from January 2017. We’ll certainly have to pass on these direct costs and will be contacting clients to alert them to adjust relevant parts of their budgets.

For those looking to refresh their hardware or systems, some of those sizeable price hikes have already taken effect so the likes of new servers, PCs and Laptops will already cost more. Even after one hike back in the summer, some Technology manufacturers are already warning of additional rises as the pound falls further and uncertainty sets in. Given that so many Tech vendors are US-based or dollar-based, we can only expect the whole market to follow suit. Some customers may be able to fix in current prices by bringing forward purchasing decisions prior to the end of 2016 for applications and software licensing that offers a 12-month or longer licence term. Those businesses and organisations who have been holding cash for a rainy day may well be advised to invest it sooner rather than later before products they need are moved on to a higher pricing rate. And for those less cash-rich who need to invest, the option of leasing equipment, software and services over 3 years or more perhaps becomes much more attractive.

Unless of course, you believe those prices will come back down again. So the final question is perhaps, if the pound’s value rises again, will these vendors pass on the savings back to the UK market or will they instead enjoy the extra profits? Not sure that needs an answer!

If you have any questions or comments on these events in the UK technology market and its effect on your business or organisation, then don’t hesitate to get in touch on 0131 603 7910.

The volume of cyber-attacks on businesses is rising year on year. So, too, is the cost of dealing with cyber-security incidents. With more and more businesses being breached, despite having traditional defences in place, many are questioning the relevance and efficacy of antivirus software in today’s hostile environment.

Designed to detect and block malicious threats, antivirus software is a standard requirement when it comes to protecting business IT systems. The vast majority of businesses understand this and wouldn’t dream of operating without this kind of protection in place. But with so many companies still falling victim to cyber-attacks, it’s clear that these solutions are not failsafe.

The fact is, there isn’t a single antivirus solution available that is 100% effective at detecting and blocking malware.

The obvious question is: why aren’t these solutions completely effective, when their purpose is to protect our networks against malware?

The answer to this is fairly simple and relates to the phenomenal pace at which new threats are appearing. Every single day, new variants of malware are being created in their thousands. It takes some time for security technology specialists to discover new threats and counter them. Because of this, new forms of malware are not immediately detectable by antivirus programs.

Not only are cyber threats increasing, but they are also evolving at an alarming pace and this only serves to compound the problem.

Advances in technology over the years have made it much easier for attackers to create and distribute their malware online. Malware is big business, these days, often with extremely lucrative rewards for those profiting from it. This is driving malware writers and distributors to develop increasingly professional and sophisticated methods. Because it is their goal to evade detection for as long as possible, they must ensure that what they create is as unpredictable in nature as possible, in order to avoid being second-guessed by security experts.

So, if antivirus programs are not capable of detecting 100% of the threats we face, are they still a worthwhile investment?

The short answer to this is yes.

Although antivirus will not offer absolute protection, a good product will mitigate the risks considerably and lead to far better security outcomes compared with an unprotected network. As such, it remains an essential security measure.

And, new technologies are helping to speed up the process by which new threats are detected and responded to. Cloud-based antivirus solutions (or antivirus/antimalware provided as a service), for example, can offer enhanced protection for end-users because the technology allows for much faster discovery of new threats compared with traditional methods. The cloud also allows counter technology to be delivered rapidly to managed end-user devices.

But, there’s no denying that it’s an ongoing battle.

At the same time as new threats are being detected and subsequent updates are provided by security software vendors, many more new threats are being created. In a world of increasing cyber-attacks, antivirus alone does not afford businesses adequate protection. This technology does still have its place in the fight against malware, but it should be viewed as just one element of a more comprehensive security strategy and a layered defence approach.

In an increasingly digital environment, businesses that want to prosper need to take cyber security seriously and get the right approach.

Not only is it essential in the name of protecting company assets, but an effective cyber security approach can also help businesses to gain a competitive advantage, build trust in their brand and subsequently drive growth.

If you’re not sure whether your organisation is adequately protected, then get in touch with the team here at Grant McGregor on 0131 603 7910. We can have a no-obligation initial chat to understand your concerns and suggest some ways to assess and improve your defences.

Don’t wait until it’s too late, get in touch today.

One of the biggest advantages of technology is its ability to help us accomplish tasks more efficiently. This is especially useful for businesses since it frees up your staff and allows you to automate repetitive tasks without the need for human input.

The emergence of cloud technology and social media in the last decade has made it easier than ever for business owners to find ways to increase efficiency and communicate more freely with customers and those within their own organisation.

With this in mind, below are five of the best ways to use technology to increase efficiency in your business.

1. Automate as much as possible

The ability to automate repetitive tasks is one of the best ways to use technology to increase efficiency in your business. There’s a good chance that there are many day-to-day tasks that could easily be automated through the use of technology.

For example, if you’re a busy IT manager trying to keep systems online and protected you’ll have to keep a constant eye on new security updates and patches. These may be required for servers, PC operating systems, web browsers, various applications and tools in everyday use. Bu automatically scanning and updating your system regularly using a patch management service or tool, you can make this repetitive task easy and far less time-consuming than doing it manually when you have the time.

Alternatively, if your business uses social media for marketing purposes, then scheduling social media posts is one of the best ways to use automation to improve efficiency. Most social media services give you the ability to schedule posts and doing this is beneficial in a couple of ways. Firstly, it will enable you to write posts in batches and choose exactly when they’re posted. Secondly it will free up time further down the line since you already have a good backlog of posts scheduled.

There are also services such as CoSchedule, that make the process of automating social media posts even easier and give you a more complete overview of your social media activity.

2. Make use of cloud services

Cloud services, such as Office 365 can make a huge different when it comes to increasing efficiency. Giving your staff the ability to easily share and edit documents in the cloud not only improves efficiency but it also makes your data safer too, since it doesn’t need to but put on physical storages devices such as USB drives, which can easily get lost or fall into the wrong hands.

Another great use of the cloud is to use a cloud-based collaboration application or a project management program. Project management is made infinitely easier through the cloud and enables you to collaborate much more effectively and without the need for everyone to be in the same room at the same time.

3. Use mobile devices to your advantage

Mobile devices are often thought of as being an enemy of efficiency and productivity in the workplace but this doesn’t have to be the case.

Training your staff to use their mobile devices for tasks such as accessing and editing files, communicating and collaborating will certainly prove to be beneficial when implemented properly. Mobile apps will enable your staff to accomplish most, if not all of their tasks when away from the office.

If you implement any new software in your business, then it’s always a good idea to provide your employees with the necessary ability and training to use it on their mobile devices too.

4. Invest in CRM software

Customer Relationship Management (CRM) software can make a huge difference when it comes to increasing efficiency in your business. Good CRM software will enable your staff to easily access vital data such as customer records and has the ability to integrate with other software and programs, including marketing automation tools.

CRM software can also enable your staff to get the bigger picture when it comes to customer relationships and customer lifecycle. This type of information is typically very complex and difficult to be managed by just one person but CRM can give your entire staff that powerful capability.

5. Use technology to improve collaboration

Video conferencing is an excellent way to collaborate with different branches in your business in an extremely efficient way. Prior to this technology existing, if you wanted to schedule a meeting between different branches of your business then practical considerations such as travel and accommodation expenses could easily become an issue. Video conferencing can virtually eliminate this problem.

Using an interactive calendar is another excellent way to use technology to increase efficiency in your business. It enables you to set centralised appointments and goals that any of your staff can access from any device. You can even use it to manage business resources such as meeting rooms, vehicles and ‘pool’ items.