cyber security.

robust and reliable advice and protection for small businesses

is cyber security still an issue?

yes, but it's a moving target. Your business is likely to be more secure than ever before, but new vulnerabilities are being targeted by criminals every day.

Historically, security was physical with locks, and then alarms and cameras. IT brought virus's, malware, spyware, phishing, and more and each time our defences have improved.

As artificial intelligence (AI) becomes mainstream it will be a force for both good and evil. For example we'll see more advanced phishing attacks with really good grammar and spelling in the style of the person they are impersonating.

My advice is don't be complacent about security, train your team well, instil best practice, deploy appropriate defences and have Insurance, just in case...

Kevin Leightley (Technical Lead)

of medium businesses reported cyber security breaches or attacks

of UK charities reported cyber security breaches or attacks

17970

is the average cost of a data breach or cyber attack

have not done a cyber risk assessment

essential cyber security defences

(Included as standard with our all-in-one Managed IT Support services)

security training

Your team are you most important asset. But without the right training you can't expect them to perform. It's the same for Cyber Awareness. Constant vigilance is critical. You team need to know the tricks the the bad guys use, how to recognise phishing emails and how to stay safe when on the road or working from home.

patching and updates

You devices need to be kept up to date. Manufacturers and software vendors are constantly releasing updates and patches to add functionality, improve performance and maintain security. But be careful, older devices and software need to be replaced when support ends. If you don't they could invalidate your IT support or insurance.

password manager

Account and password policies that enforce good strong passwords are a given. But, unless you have a password manager or an incredible memory, there is no way you and you teams are going to remember the many passwords that they use every day. A business Password Manager keep you in control of your organisations passwords.

endpoint protection

Endpoiint Detection and Response (EDR) is the minimum standard for protecting devices now. Response being the critical component. The faster you can block and remediate a threat the better. Managed Detection and response takes this to the next level with experts in a 24/7 Security Operation Centre protecting your business.

essential cyber security configurations

(configured as standard with our all-in-one Managed IT Support services)

multi-factor authentication

Multifactor (MFA) or two factor (2FA) authentication is the current best practice recommendation for securing accounts in addition to strong unique passwords. Turning it on should be a must for every system that you use. In fact you shouldn't use any system that dosn't have it.

Microsoft 365 security

Have you heard of Microsoft Secure Score? Do you know that Microsoft has a raft of policies that govern virtually all aspects of Microsoft 365. If your IT service provider is doing it's job properly you should score 80% or more, which means you have the most of the recommended security settings in place.

least privilege access

Least privilege and its cousin 'zero trust' are in simple terms the practice of only allowing the people you want access to the things they need, where and when they need it. It's actually relatively complex, but as a start, no person should have system admin rights on their day-to-day account, and instead should have a secondary admin only account for system configuration.

logging and alerting

Do you know who accessed your systems, when they logged in, where from and what they did? Well you probably should. Not because you want to spy on them, but you need to know if an account was accessed in Scotland at 9PM and from China only 5 minutes later. That would be impossible unless you are Superman or Dr Who. Enabling and reviewing logs is essential.

cyber security recommendations

(in addition to our essential defences and configurations)

firewalls

All PC's, Mac's, Servers, etc. should have a firewall enabled and properly configured. We also recommend a next generation firewall with comprehensive security features, such as intrusion detection, application filtering, web filtering and logging at the internet gateway too. We offer a managed firewall service with monitoring and central management.

vulnerability assessments

A regular vulnerability scan with remediation is recommended to identify hardware and software that needs reconfigured, updated, or patched in order to resolve known vulnerabilities. We offer one time security audits and also regular vulnerability assessments linked to Cyber Essentials.

pen testing

Penetration testing is often confused with vulnerability assessments. The two are related and there is often crossover, but they are not the same. Pen testing sets out to deliberately try to circumvent protections and to this extent will use known vulnerabilities and exploits to determine the the extent to which systems and data can be accessed as a result.

VPN & SASE

A VPN creates a secure encrypted tunnel between your device and a remote device (server/firewall) so that information can pass between the two securely. Secure Access Service Edge is a variation on this using an internmediate cloud gateway to control access to your applications and and secure data in transit.

SIEM

SEIM stands for Security Information and Event Management. In simple terms is gathers data from all of you systems, logs it, and looks for potential security issues. Its impossible for a person to do this so it has to be automated. There are two key benefits of SIEM. 1. Predictive alerts based established patterns. 2. Historical analysis and to determine the source of issues. If you dont already have SIEM then you should ask yourself why.

cyber essentials

Have you adopted a cyber security framework yet such as Cyber Essentials, ISO27001, NIST or CIS? If not we recommend starting with Cyber Essentials. These 5 key tactics of the NIST framework are easy to understand and apply to your business: Identify risks, Protect, Defend, Respond, Recover. We offer UK Cyber Essentials Plus compliance as a managed service.

We've been consistently impressed with IT Foundations' service. We wholeheartedly recommend them to businesses in need of top-notch IT support.

Green Bioactives

IT Foundations are a great forwarding thinking team to work with. They're always on hand, and ensure tickets are dealt with in a speedy manner. The service they provide is truly exceptional.

Square & Crescent

We recently started to work with IT Foundations. Onboarding was seamless; the whole process was faultless. Unambiguous, clear advice from real people at the end of the line - wish we'd made the move earlier!

Castle Crown Properties Ltd

No hesitation in recommending IT Foundations services. We have recently moved to them from an existing support company and have found their level of service, knowledge and platform second to none.

Clancy's Solicitors & Estate Agents

We have worked with IT Foundations now since 2018. The service from them over the years has been consistently outstanding and I would have no hesitation in recommending them.

Mansley Serviced Apartments

IT Foundations are a pleasure to work with, providing excellent service. I would have no hesitation in recommending them. They are a pleasure to work with!

Drummond Laurie Chartered Accountants

IT Foundations proved they could deliver the solution. They have provided a first-class service and we at Albyn Housing Society would highly recommend them.

Albyn Housing Association

IT Foundations have provided consultancy, development, and support services to us for over 10 years. We are delighted to endorse this fantastic team for their skills, professionalism and dedication to customer service.

Phoenix Group