IT Industry News | IT Blog | Small Business Blog

Axon IT News

How safe is your IT security?

Tuesday, April 21st, 2009

One of the largest challenges facing UK businesses is IT security. As a business becomes increasingly reliant on the data on its systems, it faces ever-increasing threats to the network and data integrity.

Everyone is aware of the issues in the media regarding internet usage and the security of our electronic data that we store or transmit to 3rd parties. These perceived issues are almost the same; it’s just the scale of the solution that differs and therefore the cost. So is it really an issue or are we just scare mongering?

The simple answer is both ‘yes’ and ‘no.’

Is my computer and its data at risk?
Yes it is if you don’t take reasonable steps to protect it. Would you leave your home unlocked? Of course not, but nevertheless this simple analogy holds true to computers and systems that are at risk if you ‘leave the door wide open’.

So how do I ‘shut the door’ to my PC network and lock it?
Some simple steps will effectively reduce the risk to an acceptable level – we must protect our data and limit the amount of risk, but without spending very large amounts of money. The solutions differ slightly between the home user and the business user but in this case I will focus on the business.

Using analogies again lets think of a bank. When it comes to protecting the money, banks place their highest security closest to the actual money – the bank vault door with complex alarms, together with the front of house security- a simple lockable door, a visual deterrent in the form of a security guard, some cameras and likely some toughened glass protecting the bank clerks.

This is referred to as a multi layered approach that allows and encourages normal people into the bank, but in turn discourages the robber with a difficult path to the money.

This analogy holds true to IT systems and the data they contain. IT security should be tiered with multiple levels of security from the front door to the bank vault.

So how does this really translate from IT speak into real world? Firstly email, we all use it, in fact in a recent Microsoft study it was determined that email was the number one use of a PC. So if email is important we needs to take steps to ensure the emails we receive are relevant to the business:

Spam
We need a device or a service from a provider that “cleans” our emails of spam, this device or service should also remove viruses at the same time, therefore ensuring what you receive in your inbox is relevant.

Now these systems aren’t 100% perfect, therefore any system implemented must be able to learn and needs to be simple to use/administer. We then need to extend this protection to the actual PC as another layer in the form of a suite of software that blocks and inhibits spyware, viruses, malware, spam etc.

This software needs to be adaptive to the threats and learn quickly, it also needs to talk to a central system with status information.

Our security doesn’t end there, we almost certainly have internet access at work, well if we can get out to the internet it is logical that the internet can get to us, so we must now also take steps to protect our computer network and its data from the outside electronic world:

Firewalls
Firewalls are as their name suggests are walls that stop fire/heat spreading throughout a building or vehicle. So in IT this device stops the Internet from getting inside your computer network. These devices vary considerably in features and price and one size does not fit all!

Best practise would dictate a relatively simple (fast) device is placed closest to the internet to undertake simple security blocking tasks (like the front door to the bank), then closer to the users you would place a more complex device (like the bank vault) that can undertake a very fine inspection of information flowing in.

These complex devices can also inspect/block what is going out from your network, which can be a useful productivity and security tool if your staff are surfing the Internet at potentially unsafe web sites that could contain spyware and viruses.

So these devices and ideas are the starting point of formulating an IT security plan and policy, each business is unique and each requirement and its solution is different from the next.

Are the risks real?
Yes they are. The use of professionally written, intelligent and well executed viral code is becoming widespread. These code writers use the same processes and procedures a professional application developer would use to ensure the highest quality virus.

Infections today are less openly destructive than they used to be as the writers now know that they can extract useful and valuable data that has a financial worth, like credit card details. Infected machines have allowed these people to undertake money laundering, remote access to internal database systems, allowed terrorism to be funded and other criminal activities.

These attacks are not just limited to small time ad-hoc efforts but they can be streamlined targeted affairs for a particular purpose. This type of criminal activity is rapidly becoming mainstream, the number of detected viruses over the past two years is almost equal to all the viruses detected since they started recording such information.

The approach above is typically through email or web sites but we haven’t mentioned direct attacks i.e. “Hacking”. Here people try and exploit security weaknesses in your Firewall, computers or even people, they could attack your network via a home worker whose PC is unchecked and insecure (this method was used many years ago to illegally access Microsoft’s network). They can also use a “blended” attack where they use a virus to allow backdoor access through your firewall and then use a Trojan Horse type of attack from within. There must be many security hurdles in place to thwart a determined hacker from gaining access to your network or as the military would say defence in depth.

Security is large subject matter, but to put matters in to perspective it is all about risk, what risk is your business willing to accept and there will always be some. This answer alongside your business type and what you do for a business will help determine the solution.

By Graham Fern
Director, Axon IT

Posted: Telegraph Business Club

Tags: best practise, budget, data at risk, Economy, Finance, firewalls, IT Security, Money, Network, Operations, People, sales, Spam, Staff, Strategy, Telegraph Business Club
Posted in IT Industry News | IT Blog | Small Business Blog, IT Security, Spam | 1 Comment »

PAT Testing – Electrical Safety Testing

Tuesday, April 7th, 2009

Health and Safety at work I think is on most people’s minds these days, making sure we hold on to the handrail as we go the downstairs, having a second person to hold a ladder but what about all the electrical devices we constantly have around us, who checks these out to make sure we are working in a safe environment at work.

I had to take this photo of some plugs that had been taken out of a public building recently. You instantly can see that the plugs tops are smaller than normal but the worst is, they do not have any fuses in them. 34 of these leads had escaped the attention of the people who work there and it wasn’t until their annual PAT testing (which they saw as a chore) that they were discovered.

Once they realised the consequences these leads could have had PAT testing suddenly wasn’t a chore anymore. It has also been reported recently that insurance companies are voiding claims if claimants PAT testing are not up to date.

My question is to you can any company afford to take these risks?

Don’t be fooled by the adverts you see offering testing for pence per item. Remember a single desktop PC tested properly is 4 separate tests (the tower, the monitor, and the two IEC leads). These companies also tend to charge extra for repairs to plug tops and fitting correct size fuses etc. Suddenly your cheap quote is much more expensive than you were led to believe.

If you have any queries or would like to talk in more detail about PAT Testing, please call the office and talk to Andrea.

Tags: electrical safety, Electrical Safety Testing, electrical testing macclesfield, health, inspection, landlords, machinery testing, PAT Testing, Portable Appliance Testing, property PAT testing, risk assesment, safety, safety regulations, testing services
Posted in IT Industry News | IT Blog | Small Business Blog | No Comments »

Is your IT software right for your firm?

Tuesday, April 7th, 2009

Ensuring that your company’s IT is up to date is absolutely essential, says Graham Fern, director of specialist outsourced IT provider axon-IT

For any small business ensuring that their company’s IT is up to date is absolutely essential – but in today’s economic climate it is equally important to get value for money.

Factors to consider when purchasing IT systems:

Budget – It is surprising how many businesses have no IT budget in place, working on the ‘when it’s broken I’ll replace it’ philosophy; this approach isn’t cost effective if it means waiting days for the new equipment to arrive, meaning staff can’t be productive·

At the time of purchase buy the best you can afford – this is proven over a typical 5 year period to save you money. Ignore this and the total spend could be greater than paying for a well-specified system.

Keeping up to date – An IT managed service will ensure your IT software remains current, protecting your business against security vulnerabilities and software enhancements.

Ensure your IT meets your business needs – ensure the business need, ‘drives the IT need’. If you’re IT dependant you’ll need to have sound budget planning in place to meet these needs, whereas if your business can operate with minimal IT requirements you should carefully examine your IT expenditure.

Currently 75% of IT budgets are spent on maintaining an IT infrastructure, leaving only 25% for investing in new solutions. This poses issues- how do we change the balance? A large proportion of the 75% is wasted by poor implementation/understanding of equipment and software. IT outsourcing with managed services, will cut down on staffing costs while maintaining skills levels with a team of IT staff. Most IT systems, if monitored and maintained, will run reliably with minimal human interference!

How to finance it:

Delayed payment – Buy now and pay in 12 months – just the same as with other products.

Complete solution package – This means you buy IT hardware, engineering time, project management and ongoing support for the entire solution, including the end users. Basically everything is covered in one monthly cost over a 3 -5 year period. Should you wish to add to your system/upgrade during the term, then the term extends to cover the change, with the monthly cost remaining unchanged. This is similar to lease purchasing a car with maintenance.

Capital expenditure cost – This is money straight from the business. As with all the options above the money needs to be spent wisely with good advice. Expect any company money invested in IT to be spent on hardware that will last five years, but it should be accounted for and paid off over three years – allowing for a two year budget window for future expenditure.

For more information visit-http://www.axon-it.com

Post Date: March 12th, 2009 in New business

Tags: business advice, business startups, I.T. Advice, it software, starting a business
Posted in IT Industry News | IT Blog | Small Business Blog, Software | No Comments »

Organisations must take steps to guard data

Wednesday, April 1st, 2009

As recent media scrutiny of Facebook’s breach of privacy has highlighted, the biggest challenge facing UK businesses today is IT security, writes Graham Fern, MD of www.axon-it.com.

As a business becomes increasingly reliant on the data on its systems, it faces ever-increasing threats to the network and data integrity, and this will continue to rise as long as the need for more efficient technology rises also.

We all pick up on issues in the media regarding internet usage and the security of our electronic data that we store or transmit to third parties, and these perceived issues are almost the same, it’s just the scale of the solution that differs and therefore the cost.

It seems today many users are complacent about their computer security needs, as they become too reliant on the services and advancements of the technology world to protect their data.

Computers and data will always be at risk if you don’t take reasonable steps to protect it. Would you leave the front door to your house open or unlocked whilst you were out for the day? Of course not, but this simple analogy holds true to computers and systems at risk if you leave the door wide open.

Some simple steps will effectively reduce the risk to an acceptable level. However, a committed burglar will gain entry in to your house despite what measures you take, unless you spend an extraordinary amount of money on your security systems and even then there are no guarantees. So to protect our data, we must accept a small amount of risk without spending very large amounts of money, and unfortunately the risks are quite real.

The use of professionally written, intelligent, extremely powerful and well-executed viral code is becoming widespread. Infections today are less openly destructive than they used to be as the writers now know that they can extract useful and valuable data that has financial worth, like credit card details. Infected machines have allowed these unscrupulous people to undertake money laundering, fund terrorism and other criminal activities. These attacks are not just limited to small time ad-hoc efforts but they can be streamlined targeted affairs for a particular purpose.

As an example, during the recent American presidential elections, unsolicited e-mails with convincing subject matters where directed at party members involved in the campaign in an attempt to quietly infect the users computers and capture all their e-mail traffic and data contained within the PC. One can only imagine what that type of data could be worth to the highest bidder. So this type of criminal activity is rapidly becoming mainstream, the number of detected viruses over the past two years is almost equal to all the viruses detected since they started recording such information.

It doesn’t stop there. Mobile devices like phones are the latest target. Infected phones can be controlled without the owner knowing. This can include turning on the microphone remotely to listen in to conversations in a board meeting, turning on GPS and tracking every movement and reading text and e-mail messages.

Published in Computer Weekly 18th March 2009

Tags: computerweekly.co.uk, guard data, internet security, news uk, technology, valuable data
Posted in IT Industry News | IT Blog | Small Business Blog | No Comments »

Red Nose Day

Friday, March 13th, 2009

axon would like to thank everyone that supported us in aid of Red Nose Day, and to everyone that got the chance to pop into the office for coffee and cakes. Also a big thanks to Claire for all the homemade cakes. Yummmmm!

Special thanks to;

• Isabel and Andrew from Acorn Occupational Health
• Tim Halman from Gascoigne Halman
• All the girls from Caterforce Ltd
• Mark and Tim from Intelligent Networks
• Steve Ryan from 3 Counties Electrical
• Tim from QFS
• Claire from axon-it

Take a look at the photos.

updated post 01.04.09 the winner of the Red Nose who’s up for a laugh competition was won by Charlotte of Caterforce Ltd. many thanks to everyone who took part and well done to Charlotte.

Tags: axon red nose, occupational health, Red nose day
Posted in Humour, IT Industry News | IT Blog | Small Business Blog | No Comments »