Skip to the main content.

Our client portal provides all the tools you need to create, view or update your support requests. 

For urgent IT support during business hours, or if you suspect anything suspicious call  01314528444 for the fastest response.

If one of our team has asked you to start a remote control session on your computer, use the remote control menu option above.

cyber security.

robust and reliable advice and protection for small businesses

cyber-1-800
Kevin Leighley (Technical Lead)

is cyber security still an issue?

yes,  but it's a moving target. Your business is likely to be more secure than ever before, but new vulnerabilities are being targeted by criminals every day.

Historically,  security was physical with locks, and then alarms and cameras.  IT brought virus's, malware, spyware, phishing, and more and each time our defences have improved.  

As artificial intelligence (AI) becomes mainstream it will be a force for both good and evil. For example we'll see more advanced phishing attacks with really good grammar and spelling in the style of the person they are impersonating.  

My advice is don't be complacent about security, train your team well, instil best practice, deploy appropriate defences and have Insurance, just in case... 

Kevin Leightley (Technical Lead)

 

cyber security services with a difference

Sometimes the repeated warnings about cyber security feel like old news and sadly this can lead to complacency.  We want to spend our time helping you be more productive and profitable. You dont want to hear us preaching about the latest cyber thingy!  But you still need to stay secure without losing focus on what you do best.

So what's the difference we hear you ask? Well we don't actually sell cyber security on its own.  We treat it as an integral part of your managed IT support services and include all the essentials as standard.  No hard sell, you just leave it to us.

You can check out a summary of the essential defences and configuration that we provide in our all-in-one it support below together with advanced options if the are required.

Our advice is don't be complacent about security, train your team well, instil best practice, deploy appropriate defences and have Insurance, just in case... 

70
%

of medium businesses reported cyber security breaches or attacks

32
%

of UK charities reported cyber security breaches or attacks

£
17970

is the average cost of a data breach or cyber attack

69
%

have not done a cyber risk assessment

Official statistics for 2024 from the UK Government’s annual Cyber Security Survey 2024 (published 29th April 2024)

essential cyber security defences

(Included as standard with our all-in-one Managed IT Support services)

security training

security training

Your team are you most important asset.  But without the right training you can't expect them to perform.  It's the same for Cyber Awareness. Constant vigilance is critical.  You team need to know the tricks the the bad guys use, how to recognise phishing emails and how to stay safe when on the road or working from home.

patching and updates

patching and updates

You devices need to be kept up to date.  Manufacturers and software vendors are constantly releasing updates and patches to add functionality, improve performance and maintain security.  But be careful, older devices and software need to be replaced when support ends.  If you don't they could invalidate your IT support or insurance.

password manager

password manager

Account and password policies that enforce good strong passwords are a given.  But, unless you have a password manager or an incredible memory, there is no way you and you teams are going to remember the many passwords that they use every day.  A business Password Manager keep you in control of your organisations passwords. 

endpoint protection

endpoint protection

Endpoiint Detection and Response (EDR) is the minimum standard for protecting devices now.  Response being the critical component.  The faster you can block and remediate a threat the better.  Managed Detection and response takes this to the next level with experts in a 24/7 Security Operation Centre protecting your business.

essential cyber security configurations

(configured as standard with our all-in-one Managed IT Support services)

multi-factor authentication

multi-factor authentication

Multifactor (MFA) or two factor (2FA) authentication is the current best practice recommendation for securing accounts in addition to strong unique passwords.  Turning it on should be a must for every system that you use.  In fact you shouldn't use any system that dosn't have it.

Microsoft 365 security

Microsoft 365 security

Have you heard of Microsoft Secure Score?  Do you know that Microsoft has a raft of policies that govern virtually all aspects of Microsoft 365.  If your IT service provider is doing it's job properly you should score 80% or more, which means you have the most of the recommended security settings in place.

least privilege access

least privilege access

Least privilege and its cousin 'zero trust' are in simple terms the practice of only allowing the people you want access to the things they need, where and when they need it.  It's actually relatively complex, but as a start, no person should have system admin rights on their day-to-day account, and instead should have a secondary admin only account for system configuration.

logging and alerting

logging and alerting

Do you know who accessed your systems, when they logged in, where from and what they did? Well you probably should.  Not because you want to spy on them, but you need to know if an account was accessed in Scotland at 9PM and from China only 5 minutes later.  That would be impossible unless you are Superman or Dr Who.  Enabling and reviewing logs is essential.

57% of businesses don't have cyber insurance!

If this is you fix it today (please).

cyber security recommendations

(in addition to our essential defences and configurations)

 

firewalls

All PC's, Mac's, Servers, etc. should have a firewall enabled and properly configured.  We also recommend a next generation firewall with comprehensive security features, such as intrusion detection, application filtering, web filtering and logging at the internet gateway too. We offer a managed firewall service with monitoring and central management.

 

vulnerability assessments

A regular vulnerability scan with remediation is recommended to identify hardware and software that needs reconfigured, updated, or patched in order to resolve known vulnerabilities. We offer one time security audits and also regular vulnerability assessments linked to Cyber Essentials.

 

pen testing

Penetration testing is often confused with vulnerability assessments.  The two are related and there is often crossover, but they are not the same.  Pen testing sets out to deliberately try to circumvent protections and to this extent will use known vulnerabilities and exploits to determine the the extent to which systems and data can be accessed as a result.

 

VPN & SASE

A VPN creates a secure encrypted tunnel between your device and a remote device (server/firewall) so that information can pass between the two securely.  Secure Access Service Edge is a variation on this using an internmediate cloud gateway to control access to your applications and and secure data in transit.

 

 

SIEM

SEIM stands for Security Information and Event Management. In simple terms is gathers data from all of you systems, logs it, and looks for potential security issues. Its impossible for a person to do this so it has to be automated.  There are two key benefits of SIEM.  1. Predictive alerts based established patterns. 2. Historical analysis and to determine the source of issues. If you dont already have SIEM then you should ask yourself why.

 

cyber essentials

Have you adopted a cyber security framework yet such as Cyber Essentials, ISO27001, NIST or CIS? If not we recommend starting with Cyber Essentials.  These 5 key tactics of the NIST framework are easy to understand and apply to your business: Identify risks, Protect, Defend, Respond, Recover. We offer UK Cyber Essentials Plus compliance as a managed service.

So how should you protect your business and your data?

1

training

It might not be cool or particularly fun but educating people about how to work online safely is the single most impactful action you can take.

Nearly 90% of successful cyber attacks are the result of human error

Staff who know how to avoid the traps laid by criminals are your best defence.

We wrote a whole blog about why people need to receive regular courses, and not just one off, or even annual training. Studies have shown that training staff once, or even once a year isn't effective. People forget what they've learned after about 6 months.

That is why we provide all our supported customers with free regular cyber awareness training. We deliver courses directly to their inbox to provide a constant reminder of the things your staff need to remember to keep your business safe.

2

testing

Testing your protection is incredibly important. Whether that is delivering pretend phishing emails to staff, or having the good guys try to hack your company to look for any weaknesses, testing helps identify areas where you need to shore up your defence.

Our Business Essentials customers get regular simulated phishing emails to make sure that everyone is alert. If anyone clicks on the link in the email, they'll receive the cyber awareness courses about phishing again to help build up their skills.

We work with third-party specialists to provide penetration testing services.

It's not just your defences that need tested however, you also need to test your disaster recovery procedures too. There are so many questions that you need to ask and then test to be confident that if the worst should happen you'll be ok:

  • Are your backups working?
  • Are they complete?
  • Are they occurring regularly enough?
  • Can you recover quickly enough from them?
  • Do you have cyber insurance?
  • Who do you call first if you find yourself the victim of a ransomware attack?
  • Do you have backup paper systems to allow you to keep working if your IT is down?

All these questions need asked, answered and then tested on a regular basis.

3

firewalls

We've talked about endpoint protection which scans your device for evidence of trouble but you also need firewalls.

All windows computers come with built-in software firewalls these days. They provide a barrier that is designed to help block unauthorised traffic (bad guys) from accessing your device. They do a pretty good job of stopping criminals just wandering onto your device without you opening the door (by clicking a link in a phishing email for example).

Hardware firewalls provide an extra layer of protection and provide much more control over what is, and isn't, allowed to pass into your network. We recommend hardware firewalls for all businesses with a reasonable number of staff, and they are an absolute essential if you have a physical server.

4

strong passwords

Passwords may be slowly being phased out in favour of the more secure Passkey which uses biometric data locked to a particular device to secure your accounts but while they are still around it is imperative that unique and strong passwords are used for every service.

We advocate the use of password managers. They let staff create and store strong passwords for each service without having to remember any of them. Password managers are generally very secure with several layers of encryption and protection keeping your passwords protected.

Where staff do need to make a password (the password manager itself will need one for example) they should use the Three Random words method that we go into depth about here.

What is cyber security?

Cyber security everything relating to how you defend yourself against threats online. It is a very wide topic and is probably one of the one of the most important considerations for any business today. Regardless of size, all organisations are potential targets for cybercriminals and they often go after smaller business who they see as easy prey due to smaller budgets and a lack of expertise.

So how should you protect your business and your data?

There are plenty of precatuions you can take to keep your business safe. We include them all in our IT support because we consider them to be essentials for any modern business.

Endpoint protection

Endpoint protection is the evolution of antivirus.

It is software that monitors your devices for viruses and other malicious apps that can try to steal data, block access to your computers or even monitor your every movement.

Many use AI to look for suspicious behaviour on your device, looking at everything that is happening and flagging up if they see a series of actions that don't normally happen. 

We currently provide our support customers with software called Managed Detection & Response that takes protection to another level with a specialist team working in a Security Operations Centre (SOC) that monitor everything 24 hours a day, 7 days a week. if a device flags something suspicious this item of experts can review the report and raise the alarm that urgent action is needed. 

Not all antimalware is created equal. The old adage of you get what you pay for works to an extent. Free software is nowhere near as good at spotting and resolving issues as most paid offerings and is not suitable for businesses. There are however differences between even the business grade platforms with the top performing software accolade changing regularly in tests. developers are in a constant battle with cyber criminals which means their products are constantly evolving.

We don't advertise any one product which gives us the flexibility to swap to other providers if a better product emerges which means our customers always get the best protection.

Training

It might not be cool or particularly fun but educating people about how to work online safely is the single most impactful action you can take.

Nearly 90% of successful cyber attacks are the result of human error.

Staff who know how to avoid the traps laid by criminals are your best defence.

We wrote a whole blog about why people need to receive regular courses, and not just one off, or even annual training. Studies have shown that training staff once, or even once a year isn't effective. People forget what they've learned after about 6 months.

That is why we provide all our supported customers with free regular cyber awareness training. We deliver courses directly to their inbox to provide a constant reminder of the things your staff need to remember to keep your business safe.

Testing

Testing your protection is incredibly important. Whether that is delivering pretend phishing emails to staff, or having the good guys try to hack your company to look for any weaknesses, testing helps identify areas where you need to shore up your defence.

Our Business Essentials customers get regular simulated phishing emails to make sure that everyone is alert. If anyone clicks on the link in the email, they'll receive the cyber awareness courses about phishing again to help build up their skills.

We work with third-party specialists to provide penetration testing services.

It's not just your defences that need tested however, you also need to test your disaster recovery procedures too. There are so many questions that you need to ask and then test to be confident that if the worst should happen you'll be ok:

  • Are your backups working?
  • Are they complete?
  • Are they occurring regularly enough?
  • Can you recover quickly enough from them?
  • Do you have cyber insurance?
  • Who do you call first if you find yourself the victim of a ransomware attack?
  • Do you have backup paper systems to allow you to keep working if your IT is down?

All these questions need asked, answered and then tested on a regular basis.

Firewalls

We've talked about endpoint protection which scans your device for evidence of trouble but you also need firewalls.

All windows computers come with built-in software firewalls these days. They provide a barrier that is designed to help block unauthorised traffic (bad guys) from accessing your device. They do a pretty good job of stopping criminals just wandering onto your device without you opening the door (by clicking a link in a phishing email for example).

Hardware firewalls provide an extra layer of protection and provide much more control over what is, and isn't, allowed to pass into your network. We recommend hardware firewalls for all businesses with a reasonable number of staff, and they are an absolute essential if you have a physical server.

Strong passwords

Passwords may be slowly being phased out in favour of the more secure Passkey which uses biometric data locked to a particular device to secure your accounts but while they are still around it is imperative that unique and strong passwords are used for every service.

We advocate the use of password managers. They let staff create and store strong passwords for each service without having to remember any of them. Password managers are generally very secure with several layers of encryption and protection keeping your passwords protected.

Where staff do need to make a password (the password manager itself will need one for example) they should use the Three Random words method that we go into depth about here.

How can IT Foundations help your business?

IT Foundations offer start to finish security support for all systems within an organisation. Specialists work with your hardware and software. Beginning with an initial cyber security risk assessment of current practices through to implementing new measures and tracking success. 

The team at IT Foundations will take the time to understand your business fully, and identify the unique security needs. Allowing us to choose the best products and software systems to apply in each case.

securing with endpoint protection

team_member_joinus

Endpoint protection is the evolution of antivirus.

It is software that monitors your devices for viruses and other malicious apps that can try to steal data, block access to your computers or even monitor your every movement.

Many use AI to look for suspicious behaviour on your device, looking at everything that is happening and flagging up if they see a series of actions that don't normally happen. 

We currently provide our support customers with software called Managed Detection & Response that takes protection to another level with a specialist team working in a Security Operations Centre (SOC) that monitor everything 24 hours a day, 7 days a week. if a device flags something suspicious this item of experts can review the report and raise the alarm that urgent action is needed. 

Not all antimalware is created equal. The old adage of you get what you pay for works to an extent. Free software is nowhere near as good at spotting and resolving issues as most paid offerings and is not suitable for businesses. There are however differences between even the business grade platforms with the top performing software accolade changing regularly in tests. developers are in a constant battle with cyber criminals which means their products are constantly evolving.

We don't advertise any one product which gives us the flexibility to swap to other providers if a better product emerges which means our customers always get the best protection.

let us help keep your business safe

work with us