Kevin James - The IT Control Specialists

    Ransomware: to pay or not to pay…

    First, don’t get caught out by ransomware! That is by far the most important message in this post. It is not difficult to avoid in real terms. If you follow these simple steps you will avoid having to make this critical decision:

    1. Keep software up-to-date and keep daily off-site backups.
    2. Use active Anti-virus (preferably with Zero-day protection).
    3. Don’t open dodgy emails or click links in strange communications.
    4. Always ask your IT department to check out any strange emails or messages.

    Depending on the size of the company and its reliance on computers, you may want to have a business continuity plan in place: this may be reverting to paper processes temporarily, having backup systems not connected to the core network or have a cloud setup in place that negates core system exposure.

     

    However, if the worst does happen… should you pay the ransom demand?

    Put simply: No… Unless you have no alternative… then yes.

    It has been confirmed that people who paid the ransom in the Wannacry attack did get their files back. This is not to say that any previously infected machines are now free and clear – they may still contain hidden malware code that has a release trigger (such as a date / time). After paying any ransom, you MUST reimage (wipe and factory reset) any machine which was infected to ensure you are not the target of a follow-up attack.

    We are NOT advocating paying a ransom – we are simply saying that in some circumstances this may be the only option. Additionally, considering the cost to business and cost of services required to decrypt files on a single machine it may be worth it in the long run. That said, when dealing with criminals there are no guarantees – this should be factored into any decision.

    The lesson here is to make sure your machine is protected from the risks which exist out there. With a few simple steps you can prepare any machine, and any business, so that even if attacks do occur you are prepared and able to resolve the problem as quickly as possible.

    Again… Ransomware and the decision to pay a ransom is not the problem, people not taking active steps to give themselves a resolution is the problem. Much like you would not head into the Amazonian jungle alone, unprepared to face the dangers which exist there (or else you will end up in big trouble) similarly you MUST PREPARE for the dangers which your business WILL FACE in the coming weeks, months and years.

     

    What should you do if you get a virus? (When you are at work)

    [Once] the breach has occurred, there are four important elements to any breach management plan: 1. Containment and recovery 2. Assessment of ongoing risk 3. Notification of breach 4. Evaluation and response

    – ICO – Guidance on data security breach management

    1. Disconnect and isolate. As soon as you realise that a machine has been infected, disconnect that machine, and all connected machines, from the network (beginning with the infected machine). Inform your Manager so they can take the proper steps to protect the business.

    It may be a good idea to have an email ready to send to a contact list holding everyone in the business – with a title (and a step-by-step guide) along the lines of:

    URGENT: Immediately leave the business network and disconnect your machine from the internet.

    Doing this will drastically reduce the time required to ensure all machines within the business are protected from further infiltration. It will also allow any IT managers to focus on recovering the infected machines in the shortest possible time.

    TIP: A sure-fire way to protect your business is to prepare for the worst. This may mean simulating a cyber-attack in the same way as you would simulate a fire or other emergency to ensure an efficient and effective response. Doing this will ensure all staff are aware of their roles and will respond accordingly.

    1. Assess ongoing risk. Communicate important details. Write down information such as the exact time of infection and the number of machines which have been infected to the best of your knowledge – then give these details to your IT management Team (or individual).

    Ensure the person who reports the problem to your IT team does so concisely and does not ramble. This person will likely be given important instructions to protect your business – ENSURE THEY ARE IT LITERATE. This will shorten the time required to recover.

    1. Evaluate and Respond. Have a temporary way to work setup and ready.

    You should have some form of EAP (Emergency Action Plan) or Business Continuity plan in place to ensure staff are able to keep working with limited reliance on IT. This includes informing customers of any problems. This often means having customer records available offline in a SECURE location.

    It may also mean setting up a simple website used only for customer communications in emergencies. Twitter and Facebook are also valid ways to communicate updates to customers effectively.

    A possible alternative is to setup a customer notification tool with a third party company. This can inform them of any issues and send out updates as required. Communication companies around the world are able to perform this service.

    1. Notify the correct persons of the breach.

    In most cases a security breach will remain internal. There are two exceptions to this rule:

    Service providers (eg telecoms providers or internet service providers) must safeguard the security of that service.

    Network providers (organisations that operate and maintain the underlying network) must comply with any reasonable security requests made by the service provider.

    – ICO – The Privacy and Electronic Communications Regulations (PECR) Guidelines

    Current UK law states explicitly that if you are a network or service provider and you do not inform customers of any identified security risks or communicate breaches, you may be in direct contravention of the law and therefore exposed to large fines.

    If personal data has been taken, while there is no time based obligation for UK companies to inform their customers, it will come to light eventually. Either the data will surface on the dark web or the attack will be tracked by security services.

    It is better to inform your customers in the first instance rather than be discovered a different way. While notification may lead to a breach of trust, customers finding out they have been hacked by other means is a sure-fire way to lose the confidence of a customer entirely.

    For a full breakdown of the ICO’s recommendations in protecting your business from being exposed to security risks and future Malware attacks, please contact us to setup a security meeting or see the ICO’s guidelines below.


    You may also want to read:

    The Power of Data Protection (GDPR)

    What is a virus attack vector? (…and why should I care?)


    Sources:

    https://ico.org.uk/media/1562/guidance_on_data_security_breach_management.pdf

    https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-of-services/

    https://ico.org.uk/for-organisations/guide-to-pecr/introduction/what-are-pecr/

    https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/

    In 2017 is it worth having more than one domain name for a website?

    It’s amazing how often we will take over website management for a business, only to find that they have previously gone out and purchased every domain name under the sun which could possibly relate to their business.

    Often they have not only purchased a raft of different extensions (such as .info .biz .net and .org), but they have also included their location in the domain or what product / service they sell too (eg. www.mybusinessessex.com or www.mybusinesspostcards.com) because they think their Google ranking will be higher with these terms in the URL. This comes from a fundamental misinterpretation of how Google works and what using these domain names will do.

    Before we get into that though – there are two and ONLY TWO sets of valid reasons for purchasing more than one domain name for a single site.

    1. Your company name has changed and you want to redirect people towards your new website.  Using separate URL’s is not advised (for reasons we will cover later) but in the majority of cases is a perfectly valid reason for having more than one URL pointing to a single website.
    2. You are concerned that competitors may try to copy your domain (or a similar name). Alternatively you want to reduce the chance of users mis-spelling. Google, for instance, also own www.gooogle.com, google.net,  google.org etc. In SOME circumstances this is a wise move that can be used to protect your business.

    There is one more potentially valid reason which we will cover later but for 99.9% of cases these two are the only valid reasons for wanting to own more than one domain name for a single site.

    INVALID REASONS INCLUDE: ‘It will help my SEO’, ‘It will give me more than one listing on Google’, ‘It will make me easier to find’. In many cases owning more than one domain name will not help these factors – this will be covered in the next section.

    A quick lesson on Google and Domain names

    Google is a big database of websites – that’s all. When you run a search, you are asking the Google database to provide for a list of results that match what you are asking for.

    The results it provides are then sorted by Google’s own filter (otherwise known as an algorithm) and this is what gives the user the response. Improving your websites position (based on this sorting method) is better known as ‘SEO’ or Search Engine Optimisation.

    NOTE: Google works this way independently as a business – it does not recognise different active domain names under single sites, but rather registers each domain name as a completely different website in normal circumstances.

    Lets keep it simple – what does Google actually do when it looks at a website?

    Each name (website) in Google’s database has a indexing score or QUALITY SCORE based on set criteria such as mobile responsiveness, data security and the domain name’s age (creation date). It also has a record of any minus or exclusion factors such as bounce rate (if people don’t stay on your website), complaints about advertising spam, malpractice blacklisting or content duplication (copying and pasting text or stealing images from other websites).

    Google also has a dynamic value known as a robots.txt indexing score or SERP (Search Engine Results Page) score. This is the element many people know about. It is calculated by a matrix of items such as website traffic, referrals from other websites, the number of keywords on that page, whether a keyword is in the URL and whether the word is in the page’s description. This is the bit that SEO companies focus on. A SERP changes DAILY, based on regular Google updates – for instance they may introduce a penalty for using a keyword more than 5 times in one paragraph. This makes it very difficult and time consuming to manage.

    NOTE: On the 25th of March this year, Google added a penalty (reduction in SERP score) for companies which try to manipulate Google search by using specific keywords within the URL. To make it clear, having the name of a product or service in a URL will no longer improve the ranking for that product or service. Google has been moving in this direction for some time. It should also be noted, however, that while it no longer boosts the score, Google ranking is not actively reduced by containing the keyword – it just no longer offers the advantages that it used to previously.

     

    So what will having more than one domain name do for me?

    If you have more than one domain name, you will primarily be achieving two things :

    1. Splitting up your website traffic between however many different domain names you have. This will hurt your SERP scores – making your sites less likely to appear at the top of Google because they will appear less popular.
    2. Creating dummy websites which do not rank on Google because they have duplicate data. This factor will kill your quality score – users will simply not be able to find any websites which use duplicate data unless they type in the url manually.
    3. Paying for hosting of domain names and hosting (typically without using them).
    4. Possibly being inconsistent with your marketing materials – sending people to different locations. While this may not directly affect sales, it may appear confusing or unprofessional for customers.

     

    What is best practice for domain names?

    The best idea is to have only one true domain name for your business. This will make sure your website ranks as highly as possible on Google and that there is no confusion on the part of customers. It will also reduce your ongoing domain host costs, remove administrative need for managing multiple domains and ensure best practice for Google – who may penalise multiple domain forwarding in the future.

    If you are based in different countries, then we recommend having different websites for each country. This is because Google tries to offer websites which are in the same language and are local to the user. If you have different locations or parts of the business, then you may want to consider a Child site (eg. Companyname.com/business1 and Companyname.com/business2) to overcome and difficulties you may face.

    “For many, the best plan is to simply host all of the sites on one domain, with sensible use of second-level domains and sub-directories. For the offline business using the web as part of it’s marketing efforts it is rarely worthwhile to register more than one domain name, except perhaps registering local and global .com suffixes.” – Choosing the Right Domain Name: A Marketing Perspective, Alan Charlesworth

    What if I want to keep my domain names?

    If you don’t like the idea of getting rid of them, or you don’t want to go back and change a bunch of links which may have been setup previously (perhaps on social media or from other websites) then there is a simple solution that will not affect your Google ranking. To do this, you just need to do a permanent HTTP redirect (otherwise known as a 301 redirect) to your main URL. This is different to a CNAME redirect which just changes the URL name that you see at the top of the screen.

    A 301 redirect will tell Google that you are pointing that domain to another site – that essentially it is empty. You should note that the URL for these domains will have NO BEARING on the SEO of that website. For instance, mycompany.co.uk with a 301 redirect to mycompany.com will not receive a geolocation bonus for its URL if the user is from the UK – only a separate site or subdirectry will get this gain.

    Choosing the best domain name for my business
    I mentioned earlier that there may be another reason for wanting to have more than one domain. This reason is marketing!

    There is a wide difference of opinion when it comes to what you should call your website URL. Some people say that strong branding is best, because it limits any competition. Facebook.com, Google.com and Twitter.com are good examples.

    Others say that keywords are the best, because there can be no confusion about what the business does. Others still would say that funny or quirky names are far more memorable and are unlikely to be misspelt. Blogs often employ this technique. B&Q use www.diy.com, Author: http://allgroanup.com/

    In real terms this decision rests with the owner of that business. Matt Cutts – Former Head of the Web Spam Team at Google, now Director of Engineering at the United States Digital Service – gives his advice:


    Sources:

    Keyword Exact Match Penalty: https://www.shoutmeloud.com/exact-match-domain-penalty-added-to-google-algo.html

    Choosing the Right Domain Name: https://books.google.co.uk/books?id=qpJNAgAAQBAJ

    Ransomware: Why IT Accountability matters

    Last week’s Wannacry or Wcry Crypto Virus attack was a wake-up call for a lot of companies. The world is not a safe place while IT systems are not properly managed, and systems cannot be properly managed while investment in data protection is at an all time low.

    This is a quandary with only two long term solutions: a) Create a full Disaster Recovery and Business Continuity plan, or B) outsource your IT to a hosting company which invests highly in factors such as cyber security and spends time ensuring consistency for IT systems…. Or preferably both.

    Disaster Recovery and Business Continuity is about expecting the worst and putting measures in place to ensure you can get back up and running ASAP. This involves multi-off-site backups and reimaging software.

    IT Outsourcing often involves Disaster Recovery as standard and often houses data in the most secure environments. To ensure the fastest and most secure environments we use UKFast for the majority of our hosting. They were unaffected by the attacks due to their hardware being properly maintained and software exploits properly closed.

    The most important things to note about Malware and Ransomware are: a) they take time to create, and thus often exploit older versions of software and b) they rely on improper management of IT systems to infect machines. If these two factors are taken into consideration, your IT environments will become far more secure. It’s that simple.

     

    Ransomware is not just about users.

    Yes, in many cases ransomware often involves a user opening an email or visiting a website and clicking a link. At least for today this is the primary Vector (or route) for a virus entering a network. Malicious emails and links are designed with the sole purpose of getting users to take an action, much like news stories with enticing headlines.

    We are, after all, human. This means that sometimes we are led into making mistakes. From here, only unprotected machines are at risk. With the correct anti-virus and software management, Malware or Ransomware should not affect the machine or spread across the network.

    Of course the user should never get this far. We recommend Virus scanning for emails (We use Symantec Cloud) and Dynamic web-page management (We use Smoothwall) to ensure that the user is never presented with the harmful link or email in the first instance. This combination of both preventative and active detection is what real cyber security is all about. Note that all of these measures do not really involve the user – who should never be put at able to put the company at risk.

     

    Applications and BYOD are the next threat

    As the trend of unsecured devices connecting to networks grows, and mobile applications gain more access to device functions, it seems increasingly likely that many companies will be caught unaware by attacks as they occur in this arena.

    Taking active steps now and leading decision making is the only real way to decide how companies are going to critical factors such as:

    What applications are safe for use within a business environment? What permissions should be allowed on Mobile devices? What policies should be put in place to make sure BYOD no longer a threat?

    Today, there is a difference of opinion. Some companies are going down the high security route, with walled-off systems. Others are creating wireless networks for private devices and their customers, sharing hardware environments with their company. There are even some who are less concerned by these new risks, and just let anyone connect to their wireless networks. For the most part there is almost no control over application useage or policies, which is a slightly worrying trend.

    Many companies may not know there are special programs which exist to limit these exact risks by ensuring all devices on a network are managed with proper protections, such as software version control, anti-virus requirements, set update schedules, IT policies. This is typically controlled through Endpoint Management (we use Centrastage). While investment in network management tools has seen growth, it seems that this area will see massive growth if attacks of this nature become more common.

     

    You might wannacry, but don’t – do something now instead!

    The problem is that with all of these methods, there need to be measures put in place to ensure they do not hinder operations or expose companies to new risks. In many cases cyber security measures, software updating and data protection choices are a reflex decision rather than a measured long term solution to halt future problems. Indeed many future problems are simply unknowable, such as those which can be hidden within applications which have not yet been invented.

    Perhaps more worrying is the idea that Hackers often do not create viruses and exploits from scratch – they use known backdoors which are exploited by national security agencies such as the NSA and GCHQ. It has now been proven that Wcry or Wannacry, the recent Ransomware attack, was based on a known NSA exploit called EternalBlue. (It seems that information within the Wikileaks documents may have played some role, though this has not yet been confirmed and unlikely that Wikileaks the organisation were involved). This trend, having found success, may well continue while security agencies still operate under the cover of shadows.

     

    Scary Ideas, Real Consequences

    Imagine if Facebook was hacked tomorrow. It currently has 1.65 Billion users, nearly all of which have access to company IT networks if they use the application at work. If the application were to send code across the network and infect servers directly in a co-ordinated attack, the consequences would not just be a global panic, it could quite easily cause a worldwide crash of unknown and unknowable proportions.

    These big ideas are no longer in the realm of science fiction. Various bluechip brand names including Google, Microsoft, Apple and Samsung have been shown to have exploits via Edward Snowden’s Prism leak in 2013. This leak shows that, using backdoors to popular company systems, security agencies are able to do a number of things – for instance take items held on devices, to send messages from devices, steal login information as well as use the camera and microphone.

    Additionally there have been a number of applications which create a hidden vulnerability within that device. Even when deleted, the devices are still infected. These vulnerabilities are undetectable until they are activated – by which time the hacker can insert whatever code they like into the machine. This can range from pranks to disrupt wireless networks right through to an SQL Injection attack – whereby the device seeks to spread itself and corrupt any data it finds.

     

    Talk to KJL. We can help.

    We don’t have all of the answers, but we do have the answers which matter. We can help you ensure users are protected in real-time against any malicious code. We can also make sure companies have an effective and tested Business Continuity and Disaster Recovery plan in case of unknown threats. We can even run security tests on servers to ensure they are hacker-proof, and that companies are fully compliant with data protection regulations.

    Don’t hesitate, just talk to us today and we can ease any IT security fears you may have. We pride ourselves on knowing the things which count, and offering the protection companies need to keep on working. Call now on 01268 627111.


    Sources:

    PRISM: https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data

    Facebook Stats: http://www.businessofapps.com/facebook-app-statistics/

    Mobile App Risks: https://www.owasp.org/images/9/94/MobileTopTen.pdf

    Mobile App Code Exploit Example: http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/

    Apple Store Market Fraud (Banking Apps): http://www.theinquirer.net/inquirer/news/1585716/fraud-hits-android-apps-market

    Wannacry and the NSA: https://www.ft.com/content/e96924f0-3722-11e7-99bd-13beb0903fa3

    http://www.telegraph.co.uk/news/2017/05/12/russian-linked-cyber-gang-shadow-brokers-blamed-nhs-computer/

    EternalBlue: https://en.wikipedia.org/wiki/EternalBlue

     

    The Future of Mobile Technology

    Of all the advancements over the past decade, none has been more noticeable than the ever-growing mobile market. The complete domination of the media industry and a new generation of on-the move consumers demand increasingly high standards from companies and ever more intelligent software to make their life easier.

    More than that, this brave new mobile focused world demands websites to be not just useable for mobiles, but MADE for mobiles. This means doing things in one click. It means watching rather than reading. It means that the world of ‘do-it-yourself’ IT is gone, and the world of ‘do-it-for-me’ IT is beginning.

     

    Show me. Tell me. Know me.

    People complain about data security, they get creeped out when they get offered suggestions of things they might like, and yet when you ask them what the future of technology will be like, there is only one answer: Integration. In one way or another technology will be bound with our lives and our ability to navigate the world we live in more effectively.

    From AI which directs human attention to where it is needed, through to intelligent homes and vehicles which limit human errors or take over control, we are moving towards a time where we will expect our machines to intervene: to stop us making errors.

    This ability to stop us making bad decisions depends entirely on three things. The ability for technology to demonstrate the best way of doing things, to interpret context, and to understand how certain factors might relate to that individual. This is not necessarily a difficult concept, but not one which has been perfected yet – we still have to input information, manage context ourselves and make particular decisions based on our preferences.

     

    Deciding the Goals of Tomorrow

    Right now, we live in a moment which is filled with trial and error. We live in a period where not only is the technology not capable of helping us live a more fulfilling existence, but is actually draining our attention from what matters most: living a purposeful and meaningful life. Instead, we are stuck trying to convince ourselves that technology has the answers to questions such as ‘How should I spend my time’ or ‘What should my goals be’.

    The goal of mobile technology, and of technology in general, is to offer incredible advantages while becoming more and more invisible – to be more effective and reliable, without input from the user. Nobody would live with a car that doesn’t start, a phone that doesn’t call or a plane that doesn’t fly. These things now work because they are tried and tested – they fulfil their purpose.

    The primary problem is while we know the multifaceted nature of technology offers many benefits, it does not have one overarching purpose. Until then, while we believe our technology to be advanced, in many senses we will still be using a primitive or basic methods to achieve our goals.

     

    The near future of mobile technology

    When we consider these things in the future – how consumers will interact with the software around them and the breadth of possibility that will available, software developers will have tools that enable them to enhance experiences in new and exciting ways. It is human reaction to these tools and the imagination of businesses in offering these services in ways that improve their customers lives that will decide the true fate of mobile technology.

    The internet has demonstrated its power for sharing and communicating, enabling use of readily available software that can improve the quality of life for people. The coming years are likely to be radically different, most especially concerning websites. While many companies are willing to bury their heads in the sand, the move towards ‘Show me. Tell me. Know me.’ Is coming. This means that soon, they will have to fundamentally rethink how they offer and deliver services to their customers.

    As for exactly how; adaptation from singular services into a more cohesive network is perhaps inevitable. Cloud based services will more than likely be commoditised and more traditional legacy software will be phased out entirely as consumers demand ever more in terms of flexibility and functionality from their mobile devices.

    Making Government Hacking and IT Security less scary

    For many people, the IT world is a strange and difficult place to comprehend. Indeed its a landscape filled with people who have all sorts of obscure technical know-how, dark aspirations and a magical ability to go largely unnoticed by society.

    The news media at large would have you believe that they live on something called ‘The Dark Web’ – a place where even Google does not dare venture. IT security companies may try to make you believe that the odd inhabitants of this netherworld are not only interested in your company’s data, but are looking for ways to try and break the very foundations on which our world lives. Even governments convince its citizens that other nations are actively working to conspire against them, and that cyber threats are only rivalled by other extreme violent crimes.

    Even today, the BBC published an article entitled ‘GCHQ warns politicians about Russian hacking threat’. There seems to be a consensus that hackers and people within the cyber espionage community have extraordinary powers that threaten the very fabric of society.

    The trouble is, for the most part, all this rhetoric is either flat-out not true or at the very least impossible to know for sure. I say this not as an opinion, but rather as an obvious fact. Even Boris Johnson, long-time bumbler and inciter to all sorts of outlandish views, had to concede on Sunday that there is ‘no evidence that the Russians are actually involved in trying to undermine our democratic processes at the moment.’

    And yet, these stories appear. At a fundamental level we have to question why this is, but at a more base level it should be consciously said that there is no way that we could really know who is responsible. It may be more easy for a hacker to frame a particular individual, for instance, than to make themselves totally anonymous. The first problem is that clear accountability is a rare luxury in this particular world. Of course this does not necessarily make the problem easier to understand, or the situation less scary, but it does somewhat make the doom and gloom on the news have a little less impact when you realise it is largely speculation.

    Like it or not, hackers, crackers, coders and trolls live among us, found in every sector of society from the rich to the poor. Anonymity, or the ability to hide identity, is the main reason that we do not know who these people are, even though we recognise that, statistically speaking, we must know them. Thinking logically then – either you retain your anonymity, and are not stopped from these practices, or you lose your anonymity, and are either arrested, or targeted by the intelligence community and stopped from committing further crimes.

    So, the only people who are able to hack effectively are those people who are not known to the intelligence community and therefore cannot be identified. While it may be possible to narrow down a cyber attack to a particular region, in some cases, or identify the tools used as connected with a particular group, there is no way to assign any kind of responsibility without a degree of guesswork. Their tracks are too well covered.

     

    Considering Cyber Espionage and how it actually works

    Last year we did a full examination of the type of cyber attacks which are used across the world. These fall into four separate categories: Cyber Espionage, Cyber Warfare, Hacktivism and Cyber Crime. (To read more about the full spectrum of attacks click here.) For this article, we are only discussing cyber espionage relating to governments, because there is lots of confusion around this topic. Corporate espionage is similar but both the methods and motivations tend to differ.

    “One of the most difficult problems regarding cyber warfare is defining cyber espionage. Many nations and international bodies have created their own definitions but it has been difficult to narrow it down to a single consensus. Factors like the extent and nature of the damage caused by the attack, the identity of the attacks, and how the stolen information is used all influence how cyber espionage is perceived.

    One set of guidelines for nation-state cyber warfare, the Tallinn Manual, attempts to provide definitions, procedures, and rules governing international cyber operations. This manual, published in 2013 as a result of a conference hosted by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia, defines cyber espionage as “an act undertaken clandestinely or under false pretenses that uses cyber capabilities to gather (or attempt to gather) information with the intention of communicating it to the opposing party” [Schmitt].

    “Although most people would characterize cyber espionage as specifically targeting secret information for malicious purposes, this definition does not address the intent of the attack or the nature of the information stolen. This may seem unnecessarily vague but for the purpose of international law this definition is appropriate.”- Nation State Cyber Espionage and its Impacts, D Rubenstein, Professor Raj Jain

    It’s the necessity for such a loose and woolly definition which seems to be causing all of the problems. It shares so many of its characteristics with whistleblowing – a morally virtuous and acceptable way of pointing out illegalities and malpractice within industries and governments.

     

    What are the motivations of Cyber Espionage?

    From CNN January 3, 2017: “According to statements from the White House and the Treasury Department, the government has sanctioned nine entities and individuals over their alleged interference in the election: the GRU and the FSB, which are two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s operations.

    The US also separately sanctioned two Russian individuals, Evgeniy Mikhailovich Bogachev and Alexey Belan, for using cyber-enabled means to allegedly cause misappropriation of funds and personal identifying information.”

    Cyber Espionage, as opposed to cyber warfare, is all about information. In other words it is about exposing information which can be damaging to governments. Or, in plain terms, it is about exposing government lies or horrific acts.

    Sometimes governments must make impossible choices, and other times politicians, being human, succumb to pressure, make errors in judgement and even make bad choices. Being accountable to an electorate, these three areas mean that those politicians are a liability to the running of government.

    Take 2016 as an example. Supposedly the Russian government (or hackers linked with Russia) were influencing the American elections. Firstly, there were numerous American hacker groups, such as Anonymous, who were constantly leaking information about both Clinton and Donald Trump to the press – who, incidentally, were the ones actually publicising all of the information.

    Second, all of the allegations were true, and were part of ongoing investigations throughout the campaign, backed up by sources from Wiki Leaks. If the allegations were false that would have been easy to prove. What the political system rallied against was vulnerability and the idea that the flow of information out into the public domain had been compromised.

    Third, Donald Trump is a hacker.

    The term ‘hack’ in more recent terms means to subvert an obstacle by using a new method or non-standard technique to solve the problem. The news media has always been an obstacle to politics, and so in subverting the dominance of the news media by using other more open outlets such as Twitter, he solves the problem of controlling how information is delivered by making it open to anyone. This is the essence of cyber espionage.

    Just because the septuagenarian doesn’t know how to use a computer (and often can’t correct his spelling of 140 characters) does not mean that his motivations aren’t the same. Essentially the argument against government hacking is the argument against freedom of information, especially in regards to elections.

     

    The Landscape of Cyber Espionage (and why you don’t need to worry)

    In any nation, there is fear of the unknown. This is clearly evidenced by the cold war and the distrust of the Russian regime. This is a narrative which has continued for the past seventy years, and an angle which is most adaptable to the current narrative surrounding the Russian political system.

    In real terms, for instance, the evidence shows that the Chinese have significantly more power when considering cyber espionage capabilities. ‘Golden Shield Project’ was first conceived in 1998. It encompasses a wide array of technological developments including facial recognition and defensive capabilities which are simply not possible anywhere else in the world because of the Chinese governments unique stranglehold over ISP’s (Internet Service providers).

    In China the internet infrastructure is effectively run by the government, and any device attached to the network is not only monitored but has the potential to be weaponised to attack any individual or website which compromises national security. That said, these powers in in the hands of a police force, and not criminals. They are not allowed to exercise their power at will, but are regulated in their approach.

    It seems then that the largest risk of cyber espionage is not from country to country, but rather a government spying on its own people – and that’s nothing to be worried about, we have known that is the case for years…. As we have been told a thousand times, if you have nothing to hide then you have nothing to fear…. Unless of course you are a politician with some skeletons in your closet. Then… good luck, the world is probably quite a scary place.

     

    Thinking about IT Security? Talk to us now!

    Call KJL today, we would love to help. We guide companies through the steps to make their IT environments fully protected from corporate hacking and compliant with ICO and other government regulatory bodies.

    Check our our IT security options

    We are always willing to have a chat about IT systems, so why not give us a non-formal call on 01268627111 and we can always send you some more information. Alternatively, just click here to contact us.


    http://www.kjltd.co.uk/2016/08/19/exposing-it-security-risks/

    http://edition.cnn.com/2016/12/29/politics/russia-sanctions-announced-by-white-house/

    http://www.bbc.co.uk/news/uk-39248879

    http://www.zdnet.com/article/beyond-cyber-espionage-lies-cyber-sabotage-and-cyber-disinformation/

    https://www.infosecurity-magazine.com/opinions/the-cyber-cold-war-political/

    http://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/

    https://blog.barracuda.com/2016/07/29/cyberespionage-is-now-a-major-political-and-corporate-security-issue/

    KJL - Effective Support for Business through Change and Growth

    KJL – Supporting Businesses through Growth

    Sales, growth and expansion are the cornerstone of business, but while they often bring increases to profit and greater scope for continued investment, a period of growth can also bring challenges. Many of these challenges are unexpected and hard to manage unless you have a competent and knowledgeable team driving the change and assuring that all the relevant checks and balances are in place.

    Depending on the circumstances, a company may bring in a dedicated Change Manager to oversee the switch, acting as a single contact for all issues, questions and suggestions. In other situations, this role may not have properly facilitated, meaning Managers or Directors who already have very important and demanding roles are drafted in to make sure things run smoothly. Unfortunately while these individuals often have great experience within their role, there are many areas of this particular task which extend beyond it. One of these areas is IT Management.

    KJL - Effective Support for Business through Change and Growth

    I should explain that there are three main times that a company grows. Depending on what type of growth a company is going through, their specific technology needs may vary.

    1. Start-up and investment. Rapid scaling required with low CAP EX.
    2. Large client acquisition or competitor takeover. High operational demand.
    3. New offices (UK and worldwide). Legal, operational and cross-border data control.

    What are the IT issues associated with growth?

    What’s interesting about this question, and the reason we are having a conversation about it, is that often things which seem the most important are the ones most easily solved. There are also obscure issues which seem simple to manage but can be a nightmare if not considered correctly from day one.

    Considering IT alone, these factors vary greatly depending on the needs created by the specific type of growth, but they can roughly be drawn into three categories: On-premise security, hardware and networks (including Cloud networks); Security Management and Infrastructure Protection / Updates; and Consistency of IT approach.

    KJL - Effective Support for Business through Change and Growth

    Once these three areas are properly outlined, the process of moving through the necessary steps becomes more easily managed.

    Making life simple: A rough outline of how to successfully grow your IT

    The first things to consider are always practical. The key technologies required to do business must always take precedence over any projects that focus on enhancements. Of course, if this step has already been comprehensively managed, then it can be effectively skipped – but in almost all cases, there are a reasonable number of changes to the way operations happen which mean that practical changes must occur.

    For example: When considering a takeover, contracts may need renegotiating with providers. While this is not always the case, many aspects of business, including internet, phone lines, power, software licences, backups, encryption and data tunnel validation must be rebuilt from scratch. Depending on the size of the organisation, gathering quotes and coming to a deal can take time which you don’t have.

    How KJL can here here: As a business, KJL create partnerships with companies who offer great products and services negotiated to the lowest possible price per user, so that when companies need any of the fundamental technologies, we are able to set everything up fast without compromising on quality or price. This is a clear advantage a business like ours has over doing things in house or bringing in a Change Manager.

    Second to consider is Security. By far the biggest risk to any business which is going through a period of change is their exposure to new security risks. From physical assets and their auditing, right through to designing an effective security setup and removing or mitigating any network weaknesses. This also includes the rollout of IT policies for any new staff.

    Any company that is opening new offices abroad needs to appreciate and understand the importance of that country’s data protection laws and any steps they must take to be compliant when trading. Without doubt, the management of Global IT security can get out of hand very quickly if not properly defined and administered by people who fully understand ongoing requirements.

    We help businesses tackle these challenges by using a black and white approach (ie. an approach which considers best practice and law) which also takes into account the bigger picture. From planning ahead to future-proof business operations, right through to applying the right measures to stay ahead of compliance, while there is no magic bullet – there are methods which actively work to protect business interests and allow things to move smoothly from one stage to the next.

    KJL - Effective Support for Business through Change and Growth

    Finally, and most importantly, a consistent approach to IT Management is the single most important factor when pursuing growth. The most critical step is the rollout of IT-based HR policies and informing users of any immediate actions they need to take, or ensure they take in the future, as well as defining clear responsibility for each aspect of IT management (primarily so that users can contact the correct support teams in case of issues).

    Consistent IT means ensuring all equipment is standardised, is setup according to best practices and managed within a structure that best fits the organisation. The foundations of an IT setup are critical to the strength of the end structure. Not only does this approach make total sense and allow any well-trained engineer to solve any problem, but also greatly reduces the time required to do anything IT related within the business.

    We think of this approach as the pivotal difference between IT experts and companies who manage changes on the fly. In short, we work to create the structure that best fits the need of the organisation and meet any needs effectively, rather than rushing a change without considering the shortcomings or increased spending required for setups which are not suitable or fit for purpose.

    There is also another clear advantage to this approach: Automation

    Pushing Automation forwards

    KJL - Effective Support for Business through Change and Growth

    The past few years have seen subtle but important changes within the world of technology. One of these changes is the increase in automation in order to improve consistency of approach within a business. For instance: Rather than have to setup devices, install programs and run tests on individual machines, there are now programs which automate these processes to drastically reduce time requirements whilst ensuring total consistency of approach.

    In many ways this has given many in the IT world pause for thought – especially considering many administrative tasks will more than likely succumb to automation in the future. For today though, automated processes give IT companies the ability to go above and beyond their previous limitations. They allow IT setups to be tailored far more closely, and for networks to become totally watertight. This is just one of the ways KJL help our customers rapidly create a powerful IT setup that works for them when moving through growth. While this period will never be entirely without stress, our services ensure that operations continue unimpeded, at a cost that is well controlled and ensuring an outcome that is second to none.

    Thinking about growth and change?

    Call KJL today, we would love to help. We support thousands of end users every day and have customers who trust us completely to make sure everything runs smoothly. We guide companies through the steps to make growing pains disappear and fresh opportunities the focus of changes.

    In any case we are always willing to have a chat about IT systems, so why not give us a non-formal call on 01268627111 and we can always send you some more information.

    The Power of Data Protection (GDPR)

    I remember when I first learnt about Data Protection….

    Back then the technology was different. It was slow and limited, with a relatively small group of people capable of exploiting IT systems and affecting users and their data. Today, the world is a changed place, with technology now at the cutting-edge of all areas of business.

    The Data Protection Act, first developed in 1984, then updated in 1995 and 1998, was the first real piece of impacting legislation for the IT community. These two acts had explicit rules introduced – not because of a concern, but rather a precaution to limit the exposure to new risks brought by technological change.

    Little did those lawmakers know it would form the backbone of an entirely new branch of law and become the main form of governance over a vast array of bold new ideas over the coming years. Nor did they know that it would become the single most important law to guide a new generation of IT literate adolescents known as ‘digital natives’. Soon, digital natives will have a new piece of legistlation to ensure they are protected for another generation, called the GDPR.

    To go directly to the GDPR section – CLICK HERE

    Going Native – A brief history of Data Protection

    Skinput-arm-The-Digital-Dive-Podcast-Native-Ads-and-Wearable-Technology

    The next big law following the Data Protection Act came in the form of The Privacy and Electronic Communications (EC Directive) Regulations 2003.

    This law came following many high profile court cases including Napster (in 2001), a spate of computer ‘worms’ and internet-based viruses, and the birth of new type of attack called a Trojan Horse – a computer virus masquerading as something else – in most cases as an email or digital advert.

    In January of that year, following a single worm attack, it was reported that over a quarter of a million computers were infected in a single day. This was quickly followed by the realisation that an attack could potentially turn infected computers into portals for sending out unwanted email advertising.

    This prompted many senior figures within the IT industry to take note, with researchers at John’s Hopkins University and AT&T Labs demonstrating that it would be possible to automatically enter a victim’s name and address into thousands of online forms across the internet to bombard them with an avalanche of junk mail.

    This directive, however well intentioned, has had little impact on many businesses since its development. The regulation prohibits all electronic communication without an ‘opt-in’ process, including text alerts, emails and automated phonecalls.

    In principle this idea is a good one, but the sheer number of companies communicating with one another have made it extremely difficult to single-out and prosecute individuals. This has led to the law becoming largely unenforceable and therefore ineffective at slowing the quantity of spam communications.

     

    Jump forward to 2008

    45903427 - business secret concept. business woman working on a laptop making hush sign, isolated over white

    To combat real threats to their business and customers which were emerging, companies took matters into their own hands. Card companies worked together to create a new basic standard for insuring card payments. This was called PCI / DSS compliance and had the practical approach of protecting data used for web-based payments and setting standards for places where these transactions were stored.

    This new approach, required by all card vendors, forced companies to take responsibility for six key areas where customer data was involved: Building and Maintaining a Secure Network, Protecting Cardholder Data, Maintaining a Vulnerability Management Program, Implementing Strong Access Control Measures, Regularly Monitoring and Testing Networks and Maintaining an Information Security Policy.

    The only actual change in digital legislation came from a single update to the Criminal Justice and Immigration Act of 2008 (originally designed to ease prison populations in the UK) which introduced harsher penalties for serious contraventions of data protection principles.

    Now though, after thirty-three long years since the original legislation in 1984, it was announced that there were updates coming to the antiquated Data Protection Act. Finally we would see shift from a world of kilobytes, megabytes and floppy disks, to Gigabytes, Terabytes and HD streaming.

    This new Data Protection Act even came with a new, important sounding, name: The General Data Protection Regulation (GDPR). It would be created following a consolidated approach to modern times with directives and mandates to enforce new regulations right across Europe.

    Say Hello to the GDPR!

    GDPR

    The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the European Council and the European Commission intended to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

    Following years of debate, procrastination, filibustering and compromise, the EU has been somewhat lacklustre in its approach to enforcing real change in the arena of data protection. This new regulation marks a change to this approach.

    This new set of regulations not only sends an important message to those looking to exploit newer technologies, but also brings harsher regulatory control over a significant geographical area.

    What’s included?

    This new regulation contains clear guidelines for large businesses, such as reporting data transmission between countries (with a new Privacy Impact Assessment (PIA) process), creating a data breach response plan and assigning a Data Protection Officer (who is now a protected employee). There are some minor changes to data collection, with cookie acceptance now a requirement, opt-ins must now be actively selected (rather than being auto-selected). There is also a new right for consumers to object to profiling (collecting sensitive data which is not being used for the purposes of consumer testing).

    Companies must also abide by their own countries compliance regulations (rather than the company they are trading in) and will have one point of contact who will manage all their global compliance needs (rather than separate ones in each country).

    The largest and most important change is the increase in penalties for being found negligent during a data breach (now with fines upto €20 Million or 4% of annual global turnover). 

     

    What isn’t included?

    What was not really present in the new regulations, however, is any thought to consumer protection, focus on issues such as countering Ransomware or thought towards the technology of tomorrow – especially with big data now a huge issue.

    The subject of employee devices in the workplace (BYOD) was also not addressed, nor the impact of Mobile technology or mobile app security, which are red hot topics right now. In short, this new set of regulations brings with it plenty of red tape and quite an old fashioned approach to data protection in the grande scheme. 

    When does it take effect, and what about Brexit?

    brexit-referendum-uk-1468255044bIX

    There are two key changes which take effect on May 25th 2018 which businesses and consumers need to be aware of. Please note that if you trade internationally, there are changes to the requirements for data protection in an attempt to normalise within the EU region, rather than exclude because of trade out of those regions. Brexit and the UK’s move away from the European has no effect on the GDPR: companies in the UK must adhere to the new compliance standards set out in the GDPR or risk significant fines if they breach any of the new rules.

    1. The Right to Object to Profiling.

    Under the new regulations, consumers gain new rights to stop companies using their data. Profiling is broadly defined and includes most forms of online tracking and behavioural advertising. New regulations require: a. The fact of profiling must be made aware to the consumer and b. to track user data, a PIA is required.

    1. Mandatory Privacy Impact Assessments (PIA)

    Businesses will be required to perform data protection impact assessments (PIAs) before carrying out any processing that uses new technologies (and taking into account the nature, scope, context and purposes of the processing) that is likely to result in a high risk to data subjects.

    In particular, PIAs will be required for: A systematic and extensive evaluation of personal aspects by automated processing, including profiling, and on which decisions are based that produce legal effects concerning the data subject or significantly affect the data subject; Processing of special categories of personal data or data relating to criminal convictions and offences on a large scale; A systematic monitoring of a publicly accessible area on a large scale.

    The NDPA will publish a list of the kind of processing operations that require a PIA. Data controllers can carry out a single assessment to address a similar set of similar processing operations that present similar high risks.

    For the full list of changes introduced by the GDPR click here

    A Word on the Future of Data Protection

    44439789 - woman hand pulling open sunny sky cityscape curtain covering stormy city.

    In 2017, the world is an exciting place – full of change, hope, opportunity and potential risks. It is also full of IT companies who are taking over management of IT environments. With outsourcing now a viable option with the majority of services delivered via the Cloud, it will likely fall to the outsourcing companies to protect their customers from harm.

    In many respects this means working proactively to protect the business market and having measures in place to ensure total resilience against different types of threats – both those with exist now and those which will emerge in the future.

    This change is critical when considering how companies manage their IT environments. Where companies used to be responsible for their own servers, backups, anti-virus and internet protection, now experts are setting up these environments with the explicit aim of making them impenetrable. Technology is shifting from a luxury which is self-managed to a necessity which is delivered as a service.

    In the future it seems that the effectiveness of a data protection approach will rest on the level of business investment. From a consumer standpoint, the world will be a shaky place – full of grey areas and bad ideas, but as sharper controls hit the business world, consumers may see some uplift in their protection, with the number of active criminals decreasing in the cyber world.

    It’s easy to be all doom and gloom, and the likelihood is that this problem will solve itself in the long term, but in the short-term it will be an ongoing issue. While this new regulation will probably not change the world, it may prompt private companies to take matters into their own hands.

     

    Why not learn more about IT Outsourcing and the Protection it provides?

    Visit our outsourcing page here or call us on 01268 627111 to learn more.

    KJL Comms Room Refit Service

    KJL have always supported businesses when taking on new challenges. This often means managing the implementation of software solutions and purchasing new hardware, but in many cases in means elevating their existing hardware and IT management practices to a high industry standard. This is done to reduce the hardships that can come with using old and ineffective technology which is holding them back.

    As a business, we specialise in reducing the difficult moments often associated with change. What many people may not know about our business however is the other side of the coin – the time and energy we put into helping our customers operate more effectively day-to-day. One of the services we provide is a cleanup of IT infrastructure and server environments including a migration to new comms cabinets. This not only helps with organisation and labelling of different components, but reduces on-site support time and makes moving technology around the business an easy process.

    Newer server cabinets also provide a stable environment for infrastructure. The KJL Comms refit service ensures systems are clean, properly cooled and installed correctly, meaning components last longer and require less maintenance in the long term.

    We spend a great amount of time maintaining the high standards we set for ourselves. If a new customer joins us, they may need help in reaching the level required to ensure their IT systems and networks are able to operate efficiently.



    To talk to us about updating your server room today or having a general cleanup of IT environments in your business, call us today on 01268 627111.

    Beware the Race to the Bottom in IT

    You know those phrases that show up, but you don’t really know what they mean? For me, it was the phrase ‘Race to the Bottom’. No matter what the context, or the person using it, the phrase never made sense. It just seemed to be something that people said for effect, which, ironically, only had the effect of making me more and more angry.

    It was not until recently, when I learnt about Oblique Marketing (which I will come to in a moment), that this phrase actually seemed to hit home, to take real shape. Suddenly my eyes were open to a whole new area of understanding which made other things simple to appreciate and understand.

    It also showed me that companies face a huge risk when looking at IT companies in the future.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Perhaps I’m not a naturally economically minded person. Perhaps, for most people, the phrase is just a basic principle, but then again, perhaps not.

    What is a Race to the Bottom?

    A race to the bottom is the idea that in a market where people compete directly (but only focus only on one single metric such as price per unit), then the only way to ‘win’ is to drop that metric to a lower value than competitors. This leads to a situation where costs and profit are always being squeezed and the customer is always assumed to desire the lowest possible price.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Many people believe the notion of price competition is the basis for capitalism and strong business, but let’s take a step back for a moment. There are instances where pricing becomes, if not irrelevant, then certainly far less relevant in the decision making process. The most obvious diversion from price competitiveness is the idea of branding.

    Off on a tangent: Just what IS a brand exactly?

    A brand is a signal to a consumer. Using a logo, clothing, particular colours and fonts, or other distinguishing and highly visible features, a company can create an association. This is done for a simple reason – to make a product or service more desirable to a particular group of people. This can be a particular ‘in-group’ who have a special need, a way to assure build quality or highlight a high level of service. In other words, a brand is a way for a customer to give an experience some context.

    Say, for instance, you take a flight with Emirates or British Airways – your experience exists within the context of that brand. You might note that the company has spent time and attention providing the latest films, the comfiest chairs and additional freebies for the journey.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Contrast this with a flight with Easyjet or Ryanair. Here, the experience is not judged on the same factors. The focus is on rather providing a basic service, rather than comfort and entertainment.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    The difference in the context of the ticket purchase is reflected in the price. They offer the same basic service, but the way that the company has chosen to deliver those services is contrasting. Again, the service is essentially the same – the end result is travelling from one place to another in probably the same type of aircraft, but the expectations created, and ensured by, the brand are totally different.

    Why does branding matter?

    Lets say that all four of those businesses wanted to make their focus the price, rather than considering other factors. The people who want more comfy seats, to watch the latest films (for free) and additional freebies on their journey would not have that option, and thus would not get to enjoy that service.

    Additionally, the four businesses would be inhabiting the same pool of users (or market) who are looking to secure the cheapest flights. This would force the companies to keep lowering their prices in order to stay ahead – or in other words, to compete in a race to the bottom [possible price].

     

    That’s all well and good – but what has that got to do with me?

    The short answer is: Everything.

    To explain, we need to return to the phrase we used earlier: Oblique Marketing. This is the idea that if you want to compete with someone, and you want winning to be a lucrative operation, often you don’t want to compete directly. There are other, often more effective, methods to achieve the same goal through understanding what is not yet available for a group of people who want it (even if they don’t know they want it yet). This is sometimes called niche targeting but in many cases it does not involve only niche markets, it just requires a thorough understanding of what could be possible and who may want it, primarily by leveraging psychology rather than just rationality.

    Looking at a market in this way is the ONLY defence against a race to the bottom and the inevitable squeezing of costs and profits. Ultimately, Oblique Marketing can help a business ensure they have the resources to meet a customer’s specific need by charging a premium. Sometimes this is thought of as a unique selling point for a product (USP) or an ‘Ethos’ for a service, but when this is considered business-wide these phrases fail entirely to capture the reasoning.

    A USP and Ethos exist only to meet the needs of an existing market where those qualities or features are required or demanded but are not yet satisfied by the price competition model.  Oblique Marketing exists to show that there is more than one way to achieve the same goal, if not in the exact same way.

    Oblique Marketing is a difficult concept, in the sense that it often ignores what is ‘normal’ in favour of being truly unique. This is often extremely difficult for those who have a love for financial planning and modelling, but at the same time is the only cure for stagnation and eventual decline.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    An example:  Around 15 years ago, a bunch of engineers were asked to improve the journey for the Eurostar. They spent six billion pounds shortening the travel time from London to Paris by 40 minutes.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Rory’s Sutherland (Of Ogilvy and Mather) was consulted and instead suggested that they install free Wi-Fi in the trains for about 0.01% of the cost. Additionally, they could hire all of the world’s top supermodels and pay them to walk down the train cars handing out free Chateau Petrus for the entire duration of the journey.

    His contention was that this change would not only make the journey far more enjoyable, and set a new important standard within the industry, but they would still have five billion pounds left to spend (or give to their shareholders!).

    There was one issue with this proposition though – now the customers would ask the trains to be slowed down!

    The point here is that focusing purely on the speed metric was an awful and extremely expensive proposition. By considering what people who use trains actually want (even if they don’t ask for it) you can achieve significantly better results at far less cost. The key point to remember is that intangible rewards like enjoyment might not be as measurable or visible, but they are just as important.39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Why does this matter in the world of IT?

    There are lots of IT companies. Some are undoubtedly better than others. The service they provide is very rarely the exactly the same and securing a clear price point can be a tricky business, primarily because of the sheer number of services, qualifications and equipment which are provided.

    Much like the example with airplane companies, the service they provide at a basic level the same, but there is a vital and important difference which just isn’t highlighted. The IT world is not standardised in the same way. Companies do not have to adhere to strict guidelines imposed on companies that are actively protecting people’s lives. Instead, all of the configuration, crisis management and contractual obligations are set internally.

    Imagine if tomorrow, Ryanair were released from their obligations to run the full schema of rigorous tests and checks before they took off. It would not be long before they decide that doing less checks and buying cheaper (and less reliable) equipment would benefit their bottom line and help them compete more effectively.

    In this case you would quite rightly say that this is not a good idea: That the risks which would arise would be too potentially dangerous to allow. This is the real and present danger you take by focusing on price alone in the world of IT. This is also a big risk moving forwards as companies start to look at how they can maximise their profits, while their customers become more and more reliant on the services they provide.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    Any IT company that respects their customers will have put robust measures in place to ensure that regardless of the circumstance, their customers are safe and secure. This includes working with partner companies who have gained a strong reputation for data protection and resilience, as well as services which are updated to provide real protection against every potential threat that exists. For us here at KJL, we recognise this as more important than almost any other factor in IT, and urge other IT companies to do the same.

     

    How can this issue be solved and your future protected?

    Easy! Communication. The hardest problem for an IT company is knowing when to invest money in providing something special for their customers. Often customers are resistant to increases in spending, even if the change will have significant impact on operations and quality of life. What is required is for a company to be receptive to new ways of achieving a goal, or at least learning what is possible with some flexibility.

    Here at Kevin James we value the power of discussion. We understand that price is not the only metric that matters with technology, and that while its our job to understand the benefits technology can bring, sometimes our customers need to be guided through changes which can have incredible impacts.

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

     

    39186970 - internet phishing, hacking login and password, internet security concept. flat design vector.

    What do we do?

    We help companies improve the way they operate by investing our time and money into the checks and balances which assure our customers (metaphorically) stay in the air. We know that profits are less important than providing a robust and resilient service that will never let our customers down. We achieve growth as a business through repeat business and greater uptake, meaning it is in our own interests to maximise the protection element for our customers and offer a service which is consistently high level.

    If you are interested in marketing and would like to learn more, we run short-courses throughout the year. Click here to learn more.

    If you would like to know a little more about KJL as a business, then why not check out our About Us page or give us a call directly. We would love to have a chat and help renew your confidence in your IT setup or Support Team. Just call now on 01268 627111.