The Growing Menace

Cyber attacks are more prevalent than ever. Despite growing awareness, many organisations neglect simple, effective solutions. This oversight is costly and fuels a booming cybercrime industry.

Cyber attacks happen daily, targeting businesses, governments, and individuals. Most attacks are basic and exploit well-known vulnerabilities. Yet, many organisations fail to implement simple security measures, leaving themselves exposed.

The Cost of Neglect

Cyber attacks are financially devastating. By 2028, the global cost is expected to reach $13.8 trillion USD. The biggest cost of all is when company owners are forced to pay criminals the ransom demand. Without proper safeguarding measures, this situation becomes unavoidable. Other costs include breach fines from the ICO and indirect costs caused by reputational damage and lost business.

Ironically, many attacks could be prevented with straightforward security practices. Exact data on ransom payments is hard to find because most companies prefer to keep these breaches quiet for obvious reasons. However, there’s plenty of evidence that shows $100s of millions worth of ransom payments.

Convenience Over Security

Many neglect basic cyber security for convenience. In a fast-paced world, ease of use often trumps robust security. Passwords are reused, updates postponed, and warnings ignored, creating opportunities for cybercriminals.

The Rise of the Cybercrime Industry

Neglecting basic security has fostered a thriving cybercrime industry. Hackers are organised and professional, brazenly advertising their services on the dark web. They provide ransomware packages with support and updates, operating like legitimate businesses. This professionalisation makes combating cybercrime even harder.

The Simple Solutions

Fortunately, many cyber threats can be mitigated with simple measures. Examples include using strong, unique passwords, enabling multi-factor authentication, updating software regularly, and educating employees about phishing. However, these are just a few examples. It’s also crucial to develop a robust set of policies and processes to ensure staff are fully engaged with the entire security process. These steps are not complicated and are cost-effective but often overlooked.

The Role of Education and Awareness

Education and awareness is crucial. Many are unaware of the risks or how to protect themselves. Cyber security training should be integral to any organisation’s strategy. Public awareness campaigns can also educate the broader community.

How Remson Can Help

At Remson, we offer a range of Cyber Security services to help companies achieve Cyber Essentials. Our new subscription service provides inclusive consultancy and ongoing support to maintain Cyber Essentials standards. We partner with you to enhance your cyber security, ensuring continuous protection and compliance.

Ready to secure your business? Contact Remson today to learn more about our comprehensive cyber security solutions.

Devaluation of Cyber Essentials

As cyber crime continues to rise, the importance of robust cyber security measures cannot be overstated. One of the foundational steps many organisations take to secure their systems is obtaining Cyber Essentials certification. This certification, governed by IASME, is designed to help businesses protect themselves against common online cyber threats. However, there is a growing concern that some organisations are not maintaining the standards required to achieve this certification, undermining its value and credibility.

The Problem with Misrepresentation

Several large organisations, despite holding Cyber Essentials certification, do not adhere to the necessary standards. This misrepresentation often stems from dishonest self-assessments. Even more troubling is the fact that some consultancy services, which are supposed to guide businesses through the certification process, knowingly allow their clients to lie on these assessments. This practice not only discredits the Cyber Essentials certification but also jeopardises the security of the organisations involved.

Why Cyber Essentials is So Important

Without adopting the standards set by Cyber Essentials, organisations leave themselves vulnerable to very basic cyber attacks. These attacks, which account for around 86% of cyber crime and are often carried out by relatively unskilled individuals and can have devastating consequences for businesses. Implementing Cyber Essentials helps organisations protect against these common threats, providing a solid foundation for a comprehensive cyber security strategy.
Moreover, if a large organisation is considering more advanced Managed Security Services, including Security Operations Centre (SOC) and Security Information and Event Management (SIEM) services, any reputable provider will insist on Cyber Essentials as a prerequisite. At Remson IT & Cyber Security Services, we partner with such a company that shares our commitment to ethics and values, ensuring that our clients receive the highest standard of security services.

The True Value of Cyber Essentials

When implemented correctly and honestly, Cyber Essentials provides a robust foundation for a comprehensive cyber security strategy. It helps organisations identify and mitigate common vulnerabilities, ensuring a higher level of protection against cyber threats. The certification process, when conducted with integrity, can significantly enhance an organisation’s security posture and build trust with clients and stakeholders.

Remson IT & Cyber Security Services: A Commitment to Integrity

At Remson IT & Cyber Security Services, we believe in the true value of the Cyber Essentials certification. Our consultancy services are built on a foundation of integrity and ethical values. We ensure that the certification process is carried out honestly and transparently, providing our clients with the genuine security benefits that Cyber Essentials is designed to offer. Take a look HERE at how we implement our Cyber Essentials service.
We understand the importance of maintaining high standards and are committed to helping our clients achieve and uphold these standards. By choosing Remson, you can be confident that your Cyber Essentials certification will be earned through a rigorous and honest process, reflecting your organisation’s genuine commitment to cyber security.

Final Thoughts

The integrity of the Cyber Essentials certification is crucial for its effectiveness and credibility. At Remson IT & Cyber Security Services, we are dedicated to upholding these standards and ensuring that our clients receive the full benefits of a properly conducted certification process. Trust in our commitment to honesty and transparency and let us help you build a solid foundation for your cyber security strategy.

FREE Assessment

At Remson IT & Cyber Security Services, we are committed to upholding the highest ethical standards. To demonstrate our dedication to integrity and transparency, we offer a completely FREE, no-obligation assessment of your current cyber security state. This assessment will help verify the integrity of your Cyber Essentials certification and identify any areas that may need improvement. Our goal is to ensure that your organisation truly benefits from the robust security measures that Cyber Essentials provides, without any hidden costs or obligations. Trust in our commitment to honesty and let us help you achieve genuine cyber security excellence.

Game Changer

If you’re a registered charity, you could qualify for free Microsoft 365 Business Premium licences through Microsoft’s Tech for Social Impact initiative! This offer includes 10 Business Premium licences and 300 Business Basic licences at no cost—potentially saving you over £4600 per year.

With these savings, charities can reinvest in enhancing their IT infrastructure with Remson’s first-class subscription services, such as Managed IT Support, Managed Cyber Security, Managed GRC (Governance, Risk, and Compliance), Secure Web Hosting, and more. As an MSP committed to supporting nonprofits, Remson IT & Security Services is ready to help you take advantage of this opportunity and get the most out of your Microsoft 365 environment.

Why is a Game-Changer for Charities

Microsoft 365 Business Premium offers advanced tools that empower teams to work smarter and stay secure. Most small businesses don’t use Premium due to its higher cost, putting your charity ahead of the game. Here’s how Premium stands out from Basic and Standard plans:

  • Advanced Security Features: Premium equips you with configurable options to protect against cyber threats like phishing and ransomware. It also includes conditional access policies and identity protection, helping you prevent unauthorised access and keep sensitive data secure, so your organisation can operate with confidence.
  • Intune for Device Management and Compliance: Premium includes Microsoft Intune, a comprehensive platform that helps you keep all devices with company data and resources compliant. Intune enables you to enforce security policies and maintain control across laptops, mobile phones, and tablets—especially valuable for flexible or remote work environments.
  • Secure Score and Compliance Score: Microsoft’s Secure Score and Compliance Score tools give you insights into your security and compliance posture, along with actionable recommendations to improve data protection and meet regulatory standards. With Business Premium, you can unlock a broader range of configurations, allowing you to achieve a much higher Secure Score compared to Basic or Standard licences.

The Importance of Our Ethical Client Base

At Remson, we prioritise building an ethical client base as a core part of our values and practices. Guided by our Client Charter, we carefully select clients who share our vision of integrity and positive impact, working exclusively with those committed to ethical practices and purposeful, secure IT services.

This commitment is especially meaningful in our work with charities and nonprofits. We recognise the vital role these organisations play in supporting communities, addressing social needs, and driving positive change. To empower charities in their missions, we offer special nonprofit rates, removing high IT costs as a barrier. Our goal at Remson is to help you maximise your impact with secure, efficient, and affordable technology.

Partnering with Remson for Nonprofit Success

We know all this might seem complicated, which is why Remson is here to support you. As a trusted Microsoft Cloud Service Provider with decades of hands-on experience in Microsoft products and cyber security, we’ll guide you through every step. Here’s what our services include:

  • Microsoft Nonprofit Registration: We handle the Nonprofit status application for you, requiring only minor interaction with your registered chairperson.
  • Domain Registration and Management: We can register your domain or transfer it to our secure platform, managing all renewals on your behalf.
  • Microsoft 365 Tenant Setup and Migration: Whether you’re starting from scratch or migrating from another provider, we’ll configure your systems securely and optimise them for your team’s needs.
  • Ethical and Nonprofit-Exclusive Rates: We proudly offer special rates for nonprofit clients, empowering charities to maximise their resources.

This incredible offer, combined with Remson’s tailored services, presents a tremendous opportunity for registered charities to modernise their operations, collaborate effectively, and protect sensitive information without the burden of additional licensing costs.

The Challenge

There’s no escaping the fact that cyber threats are growing and housing associations are increasingly finding themselves in the crosshairs. Over the past couple of years, about a quarter of UK housing associations have experienced cyber attacks, and the problem shows no signs of slowing down. Some high-profile cases, like Clarion Housing’s major data breach, causing long-lasting financial and reputational damage, have raised concerns across the sector. Why? Well, it’s partly down to the reliance on outdated IT systems and the fast-paced digital transformation happening in housing services.

Housing associations are now using more online platforms for managing tenant data and services, but without the proper security measures, this shift makes them a prime target for cyber criminals. On top of that, human error—like falling for phishing scams—still plays a huge role, accounting for about 95% of successful attacks. So, it’s clear that cyber security needs to be taken seriously, especially when housing providers are responsible for safeguarding sensitive tenant information.

In this blog, we’ll walk you through why a solid cybersecurity foundation is crucial, and how conducting a Gap Analysis Assessment, followed by Cyber Essentials certification, can help housing associations get ahead of potential threats. Before diving into advanced stuff like SIEM or a Managed SOC, it’s crucial to get the basics right. At the end of the day, every organisation is made up of people, and they can either be your biggest weakness or your biggest strength. Cyber Essentials helps tackle this head-on, turning your team into a real asset when it comes to security.

All good cyber security strategies are broken into 3 key focus areas: People, Process and Technology.

People

One of the most critical aspects of any cyber security strategy is your people. Even the best technology can be undermined by human error, which is why staff engagement and clear responsibilities are at the heart of a solid cyber security foundation.

It’s essential that your team understands the role they play in keeping your organisation secure. Engaged staff are far more likely to follow best practices, spot potential threats, and avoid risky behaviours. Regular training sessions, phishing simulations, and updates on security policies can keep cyber security at the forefront of everyone’s mind. When your team is engaged, they move from being potential weak spots to active defenders of your organisation’s security.

Every member of staff, from the front desk to the IT department, needs to know their specific responsibilities when it comes to cyber security. This isn’t just about having policies in place—it’s about making sure those policies are clear, understandable, and actionable. Who reports a potential phishing attempt? What should someone do if they notice unusual activity on their device? Having these responsibilities clearly defined ensures that when issues arise, everyone knows how to respond quickly and effectively.

By focusing on people and ensuring they are properly engaged and responsible, you lay the groundwork for a strong cyber security culture.

Process

Strong processes are the backbone of a successful cyber security strategy. Without well-defined procedures in place, even the most engaged staff and advanced technology can fall short. It’s vital to establish key processes like Joiners, Movers, Leavers, which are essential for controlling who has access to your systems and data at any given time. New staff (Joiners) need to be properly onboarded with the right access rights from day one. Similarly, when staff change roles (Movers) or leave the organisation (Leavers), their access needs to be updated or revoked quickly to avoid any security gaps. These procedures ensure that only the right people have the right access, and nothing slips through the cracks.

Change management is another vital process, ensuring that all changes to IT-based systems follow a rigorous checklist, involving all relevant stakeholders before going live.

Technology

When it comes to cyber security, technology plays a crucial role in safeguarding your systems and data. It’s essential to ensure that your technology is configured securely and is frequently updated. Cyber attackers often exploit known vulnerabilities in outdated software, which is why it’s essential to apply patches and updates as soon as they become available.

It’s crucial to know how to set up your systems as securely as possible and to ensure that any future investments in technology include enhanced security features. Regular audits of system configurations can help identify and fix any weaknesses before they can be exploited by cyber criminals.

A common misconception about laying a solid cyber security strategy is that it’s a costly exercise involving investment in complex security measures, but it’s more about ensuring that the existing technology is secured optimally and that maximum security be a kept in mind for all future investments.

Remediation

Once the audit has been conducted, the next step is to develop a solid remediation plan. This plan serves as a roadmap to address the vulnerabilities and gaps identified during the audit process.

The remediation plan breaks down into a series of tasks. Each task is assigned a user, given a due date and scored for complexity.

Systematically addressing vulnerabilities with a well-structured remediation plan, can significantly enhance your organisation’s cyber security posture. This proactive approach not only helps to protect sensitive tenant information but also fosters a culture of security awareness throughout the organisation.

With clear tasks and accountability in place, you’ll be well on your way to building a robust cyber security framework that stands up to the ever-evolving landscape of threats.

What Next?

Housing associations often have complex IT needs, given the wide range of systems they rely on to manage day-to-day operations. With large teams needing continuous support and IT departments already stretched thin, keeping up with the demands of these systems can be overwhelming. We understand these challenges and offer tailored solutions to alleviate the pressure. Our expertise spans everything from conducting Gap Analysis Assessments to helping with the remediation tasks, to achieve the required Cyber Essentials standard. We also carry out Secure Score and Compliance Score audit and remediation, to further boost your Microsoft 365 tenant’s security. We like to take a hands-on approach, doing a lot of the heavy lifting, so your IT team can focus on the critical tasks that keep your organisation running smoothly.

We have extensive experience in helping organisations navigate the complexities of cyber security. Our managed service plans are designed to support you in several key areas, including ongoing remediation support, policy and process development, staff training, Cyber Essentials assessment support, vulnerability assessments, phishing simulations, and assistance in achieving Cyber Essentials Plus.

Don’t leave your cyber security to chance. Reach out to us today to learn how we can help you strengthen your security posture and protect your organisation from evolving threats. Let’s work together to build a secure future for your housing association.

Choose Secure Web Hosting for Optimal Performance and Protection

In today’s digital era, establishing a robust online presence is essential for businesses to thrive. However, when it comes to web hosting, not all solutions are created equal. While basic off-the-shelf hosting options may seem tempting due to their lower cost, investing in a secure web hosting package offers unparalleled benefits that can elevate your website’s performance, security, and overall success.

At Remson, we understand the critical importance of providing our clients with top-notch hosting solutions that prioritise security, reliability, and performance. That’s why we’ve developed a comprehensive secure web hosting package designed to meet the unique needs of businesses seeking a competitive edge in the digital landscape.

The question should not be “Are you paying too much for website hosting”, but “are you getting value for money from your web hosting provider?”

Enhanced Security Features

One of the primary reasons why companies should choose our secure web hosting package over basic off-the-shelf alternatives is the unparalleled level of security we provide. Unlike generic hosting solutions, our servers have undergone extensive security assessments and remediation to ensure maximum protection against cyber threats, malware, and unauthorised access. With our robust security measures in place, you can rest assured that your website and sensitive data are safeguarded around the clock.

See below some examples of our enhanced security features:

  • We use Cyber Essentials as a baseline standard on our servers and daily operations
  • Advanced firewall protection, blocking cyber threats and hiding the WP Admin page
  • Bruteforce protection is in place as standard
  • 2FA access as standard

Domain Management via Cloudflare

In addition to advanced security features, our secure web hosting package includes domain management via Cloudflare, a leading provider of content delivery network (CDN) and DNS services. With Cloudflare integration, you’ll benefit from lightning-fast website performance, improved uptime, and enhanced reliability. Cloudflare’s global network ensures that your website loads quickly for users worldwide, providing an exceptional browsing experience that drives engagement and boosts conversions.

UK-Based Expert Support

We understand that navigating the intricacies of web hosting can be daunting, especially for businesses with limited technical expertise. That’s why our secure web hosting package comes with UK-based expert support to assist you every step of the way. Our team of experienced professionals is available around the clock to address your inquiries, resolve issues promptly, and provide proactive guidance on optimizing your hosting environment for maximum performance and security.

The Imperative of Cyber Essentials Certification for Solicitors in England and Wales under Lexcel Standards

Introduction

In an era dominated by digital transformation, the legal profession is not immune to the escalating threats of cyber crime. Solicitors in England and Wales find themselves at the intersection of legal practice and technological advancements, making it crucial to fortify their cyber security defences. This blog explores the significance of obtaining Cyber Essentials certification, particularly in light of the regulatory framework established by Lexcel, the Law Society’s legal practice quality mark.

The Evolving Landscape of Cyber Threats

The legal sector is increasingly becoming a prime target for cyber attacks due to the sensitive and confidential nature of the information it handles. From client data to case details, solicitors deal with a wealth of information that, if compromised, can have severe consequences for both clients and practitioners. The rising sophistication of cyber threats necessitates a proactive approach to cyber security.

Understanding Cyber Essentials Certification

Cyber Essentials is a government-backed certification scheme designed to help organisations safeguard against common cyber threats. By implementing fundamental cyber security measures, solicitors can create a robust defence against cyber attacks. The certification covers areas such as secure configuration, access control, malware protection, and patch management, providing a comprehensive framework for bolstering cyber security defences.

Aligning with Lexcel Standards

Lexcel, as the leading quality mark for legal practices in England and Wales, places a significant emphasis on maintaining the highest standards of practice management. In recent years, Lexcel has adapted to the evolving digital landscape by integrating cyber security measures into its criteria. Obtaining Cyber Essentials certification aligns seamlessly with Lexcel‘s requirements, ensuring that solicitors meet not only legal but also technological standards.

Regulatory Compliance and Client Trust

Compliance with Lexcel standards and Cyber Essentials certification not only demonstrates a commitment to legal excellence but also builds trust with clients. In an era where data breaches can tarnish reputations, clients are increasingly vigilant about the security practices of their legal representatives. Solicitors equipped with Cyber Essentials certification can assure clients that their data is handled with the utmost care and security.

Mitigating Legal and Reputational Risks

Failure to protect client information not only exposes solicitors to legal repercussions but also poses a severe threat to their professional reputation. Lexcel‘s emphasis on cyber security recognises the potential risks associated with inadequate data protection measures. By obtaining Cyber Essentials certification, solicitors proactively mitigate these risks, safeguarding their practice against legal and reputational damage.

Conclusion

As the legal landscape continues to evolve in the digital age, solicitors in England and Wales must prioritise cyber security to protect client information and uphold professional standards. Cyber Essentials certification emerges as a pivotal tool in achieving this goal, complementing Lexcel‘s regulatory framework. By embracing cyber security best practices, solicitors not only meet regulatory requirements but also reinforce their commitment to legal excellence in an era dominated by technological advancements.

For legal practices seeking to achieve or re-certify Cyber Essentials, Remson IT & Security Services stand as a trusted partner. With a wealth of experience in guiding a range of organisations through the certification process, Remson offers a free initial assessment to review your current cyber security posture against the Cyber Essentials criteria. Moreover, their comprehensive suite of services ensures that legal practices can navigate the entire process seamlessly, from assessment to certification.

In a landscape where cyber security is paramount, collaborating with Remson provides the assurance that your legal practice is not only compliant but also well-equipped to defend against the evolving threats of cybercrime. Take the first step towards a fortified cybersecurity stance – partner with Remson and safeguard the integrity of your legal practice.

Laying the Foundation

In today’s digital landscape, where cyber threats continue to grow in sophistication and frequency, organisations face an increasingly challenging task of protecting their sensitive data and information systems. Cyber security has become a critical priority for businesses across all sectors, and one of the key elements that lays a solid foundation for robust cyber security practice is compliance.  Even if you spend thousands on sophisticated security solutions, you’re wasting your time and money if you don’t have a good set of policies and processes in place.

Having well-defined IT policies and processes is a crucial component of an organisation’s cyber security framework. However, the significance of these policies extends beyond their mere existence on paper. It is equally important to ensure that staff members understand and actively maintain these policies on a daily basis. I would like to explore the importance of not only having IT policies and processes but also empowering employees to comprehend and uphold them consistently.

Awareness and Understanding

By helping staff members understand IT policies and processes, organisations foster awareness and knowledge about cyber security best practice. When employees comprehend the rationale behind these policies, they are more likely to adhere to them consistently. Educating staff about the potential risks, consequences of non-compliance, and the overall importance of IT policies creates a shared responsibility towards maintaining a secure environment.

Mitigating Human Error

Human error remains a significant factor in security breaches and incidents. Employees who are aware of and familiar with IT policies and processes are better equipped to make informed decisions and avoid common pitfalls. Regular training sessions, workshops, and awareness campaigns can significantly reduce the likelihood of accidental data leaks, phishing attacks, or falling victim to social engineering tactics.

Consistent Implementation

When staff members understand IT policies and processes, they are more likely to implement them consistently in their daily routines. Consistency is key to maintaining a secure environment. Whether it is following password complexity guidelines, using company equipment appropriately, or reporting suspicious activities, employees who have a solid understanding of policies will integrate security practices seamlessly into their workflow.

Enhanced Incident Response

In the event of a security incident, the effectiveness of the response is directly influenced by how well staff members understand and follow established protocols. If employees are familiar with incident response procedures, they can act swiftly and appropriately, minimising the impact of the incident. Regular training and practice drills enable staff to be prepared for various scenarios and respond effectively, reducing downtime and potential damage.

Ownership and Accountability

Helping staff understand IT policies cultivates a sense of ownership and accountability for maintaining a secure environment. When employees feel responsible for cyber security, they actively participate in identifying vulnerabilities, reporting incidents, and proposing improvements. This engagement leads to a proactive approach to security, where individuals become stakeholders in safeguarding organisational assets and sensitive data.

Adaptability to Changing Threats

Cyber security threats evolve rapidly, requiring organisations to stay agile and adaptive. By ensuring that staff members understand IT policies, these organisations can empower the staff to recognise and respond to emerging threats effectively. Regular training and communication channels can keep employees informed about the latest security trends, new attack vectors, and evolving best practices. This adaptability strengthens the overall security posture of the organisation.

Collective Responsibility

While having well-documented IT policies and processes is essential, their effectiveness depends on staff members understanding and maintaining them on a daily basis. By fostering awareness, understanding, and ownership among employees, organisations can create a culture of IT compliance. This culture promotes consistent implementation of policies, mitigates human error, enhances incident response capabilities, and adapts to evolving threats. Empowering staff members with the necessary knowledge and skills not only strengthens the organisation’s security but also instills a collective responsibility towards safeguarding critical assets and data in the digital landscape.

Where to Start

Arranging an IT audit with Remson IT is an excellent starting point on your journey towards IT compliance. As specialists in IT compliance and IT security, we can conduct a thorough IT audit, which focuses on 3 key elements – Security, Reliability and Value. The audit covers the whole organisation’s hardware, software, processes, and policies to identify any gaps or vulnerabilities. By engaging our expertise, you gain valuable insights into areas that require improvement, enabling you to proactively address compliance issues.

During the IT audit, we will assess your organisation’s adherence to relevant regulations and industry best practices. We will review your data protection measures, network security, access controls, incident response plans, and other crucial aspects of IT compliance. Through our comprehensive evaluation, we will help you understand your current compliance posture and provide recommendations to strengthen your security posture.

Furthermore, an IT audit with Remson IT offers the opportunity to enhance your overall IT governance. By evaluating your existing processes and controls, we can identify areas where you can optimise efficiency and effectiveness. This holistic approach ensures that your IT infrastructure is not only compliant but also aligned with your business objectives, leading to improved operational resilience and risk management.

During a recent conversation with a client, the subject of cyber security came up. I was talking about the recent spike in cyber-crime. After sharing some fairly shocking statistics about the increasing frequency of successful cyber-attacks on websites, he said “My site has never been hacked, touch wood!” This got me thinking about the fact that, considering the relatively simple nature of the majority of these attacks, most website owners are using “Touch wood” as their cyber security strategy! Perhaps there’s a reason why I’m not a gambling man; I don’t have much faith in Old Lady Luck.

The Ransomware Pandemic

2023 has been deemed The Year of the Ransomware. In March alone there were 459 incidents measured by cybersecurity analysts; up 91% from the month before! The reason for this massive rise in incidents is due to a vulnerability found in Forta’s GoAnywhere MFT secure file transfer tool, exploited by the Clop ransomware gang, where data was stolen from 130 companies within 10 days. The Clop gang boasts an impressive repertoire of successful attacks against some of the biggest companies in the world, such as Morgan Stanley and the oil giant, Shell.

Is there any wonder that this alarming phenomenon is on the rise when cyber criminals are advertising their services on the Dark Web. You can now purchase Ransomware as a Service to use for nefarious gains against ordinary business owners, schools, health boards and anyone else with a network or website. I guess as long as there’s a piece of wood handy, there’s nothing to worry about, right?

Ransomware as a Service

Given the accessibility of these resources and the average Joe’s propensity for the “Touch Wood” security strategy, earning big bucks from villainous means has never been easier. The wide availability of these tools means that non-technical criminals are able to earn generous booties as easily as their super-technical predecessors. We all need to stop using pure luck and start taking cyber security seriously. The percentage of successful common online cyber threats (non-complicated hacks) is in the high eighties in comparison to the lower percentage of targeted attacks. One bet I’d be happy to take is that the non-technical criminals fall into the easier, more successful bracket. I mean, why wouldn’t they! We’ve made it that easy.

Prevention is a Lot Cheaper than Recovery

If we start applying a common-sense approach to security and stop relying on luck, these criminals will eventually give up and find some other, more complicated way of ripping off businesses.

As well as reputational damage, the financial impact of these attacks can be astronomical. When your servers have been encrypted, by allowing malicious software to be installed on them, there are two options – pay the ransom or rebuild the servers. Ransoms have ranged from $10K to $70M. Rebuilding servers takes time and time costs money, even if you have reliable backups. Prevention is a lot cheaper and easier than recovery. It’s time to start factoring in the comparatively low cost of securing your network and website because nobody factors a £5M clean-up operation into their annual budget.

Help is at Hand

Remson is a IT Support and Services Company based in Cardiff, Wales. We specialise in Cyber Security and offer a Cyber Essentials Audit and Remediation Service. You can use our FREE Cyber Essentials Readiness Tool, which will produce a comprehensive report of your current Cyber Security posture.

Cyber Essentials Audit and Remediation

Cyber Essentials is a great place to start. Every organisation should use as this as a minimum standard, offering protection against most common online cyber-attacks. It focuses on 5 key areas:

  • Firewall
  • Secure Configuration
  • Patch Management
  • User Access Control
  • Malware Protection

We will get your IT estate to the required standard for Cyber Essentials, giving you protection against the vast majority of cyber threats.

Website Vulnerability Assessments

We can also assess your website for the latest known vulnerabilities. WordPress is by far the most popular tool for building websites, but it’s also known for its vulnerabilities. This is due to its availability and ease of use. We can provide you with a comprehensive report, which will identify those vulnerabilities and a remediation plan to get them fixed.

Security and Data Compliance with Microsoft 365

As a Microsoft Partner, we offer Microsoft 365 installation and migration. Microsoft 365 has a range of useful security and compliance tools, aimed at securing your data. These useful tools are a big help with maintaining the Cyber Essentials standard; all at a very reasonable price.

I was recently shocked to read a post from a senior Cyber Security professional stating that Cyber Essentials is a test which captures a moment in time. The implication being – that it doesn’t hold much value as an ongoing security strategy. This should never be the case. Even though, it is wise to upscale the complexity of your cyber security in line with the growth in complexity of your organisation, Cyber Essentials should form a solid base to that strategy.

Successful cyber-attacks are on the rise and will continue to rise unless we start adopting the common sense approach that Cyber Essentials teaches us. As an IT consultant, who provides advice and support to organisations on a daily basis, the motivation for attaining Cyber Essentials certification is often part of a box ticking exercise during a tender process for government contract and not as part of a due diligence exercise to improve their cyber security posture.

Displaying your Cyber Essentials badge on your website or email signature should mean that you are maintaining the standards that you’ve alluded to during the assessment. Does passing your driving test mean that you should ignore the Highway Code after the day of the test? Saying that it captures only a moment in time, suggests that either that the candidate answered the questions dishonestly or that the controls that were in place at the time of the successful assessment are later changed to a non-compliant state. With the right guidance and support from the consultant, both scenarios seem unlikely.

Gaining a Cyber Essentials certificate should be a proud moment. Proof that you have achieved an important and well recognised standard. A clear demonstration to your clients that you take data security seriously. Remson’s future clients should expect an education during the entire process. We will ensure that you fully understand the reasons for the adoption of the technical controls, access management, policies and processes before even thinking about taking the assessment. More importantly, it will be made abundantly clear that the standard should be maintained henceforth and that failing to maintain the standard could have dire consequences.

I recently spoke to a senior sales executive from a UK-based car retail partner with around 50 dealerships around the UK. They were hit by a ransomware attack, which encrypted 3 significant servers in their head office, disabling access to every laptop, desktop and IP phone across the 50-odd sites. The system was down for 9 days. Loss of income from sales was estimated at just over £1,000,000 and the server recovery process cost around £3,900,000. The root cause of the attack was attributed to a malicious link being clicked in a phishing email. One click caused nearly £5,000,000 worth of damage! The story doesn’t end there. After the remedial work was completed, the inevitable compliance and security training began! As part of the post-incident training, the company underwent phishing attack simulations to test the newly educated staff. 12% of them clicked the link! This says more about the ever-increasing complexity of this type of attack than the gullibility of the unsuspecting 12%.

This is a horror story, and did irreparable damage to that particular company. No matter how successful your company is, paying out nearly £5,000,000 on a cyber cleanup operation is not likely to be factored into your budget. They had no Cyber Essentials certificate. If they had attained the certificate and adopted its standard, the attack is not likely to have been successful. Simple access controls required to pass Cyber Essentials restrict executables from being run on client devices.

Remson is proud of the standard set during all its advice, support and installations. A well configured email management system is likely to have flagged the phishing email as suspicious. As a Microsoft partner, we have access to specialist advice and support to ensure that our Microsoft 365 implementations are done to the highest standard and always with security best practice in mind. We will also build a solid remediation plan with guidance and documentation provided throughout the whole process in all our Cyber Essentials support packages, arming you with the skills and knowledge to fend off common online cyber threats.

It’s not your laptop

Welcome to the age of bonuses, benefits and rewards for mediocrity! We have come to expect a lot from our employer. Consequently, as well as expecting a hefty bonus, most candidates expect a new laptop as part of a a job package. The truth of the matter is that your company laptop really doesn’t belong to you at all. Even the most laid-back boss should realise that your laptop is just a tool to carry out your daily duties. Given the average staff turnover,  companies wouldn’t survive if every new member of staff was given a brand new laptop. And, what would you do with the old ones!

This sense of entitlement extends into the realm of local access control. Most employees think it’s their right to install software and make unsanctioned changes on their corporate owned device. As the IT guy in numerous organisations, I’ve witnessed the look of utter disgust at even the remote suggestion of removing local admin privileges from users that simply don’t need it. To remove an employee’s access rights is the ultimate insult; a slap in the face by an untrusting boss! A pragmatist would surely disagree? How often do you really need to invoke those privileges? Do you really need to install additional software to carry out your job effectively? When you consider these questions, surely you would conclude that you don’t need elevated privileges at all. On the rare occasion new software is needed, a formal request would achieve this without any real disruption.

Why would you need additional software?

There are some genuine circumstances where you would need additional software. You may have additional learning needs and require some specialist software to carry out daily tasks effectively. Also, there may be a piece of software, which will increase productivity or streamline certain processes. In these instances, a formal request should be made to the appropriate authority. The decision for the adopting new software should follow a strict control process, where certain criteria is met. Is it secure? Is it compatible with the IT system. Will it be cost effective. Are there any known issues with the software, etc. Installing additional software should be treated as a project and therefore, not simply installed without due consideration.

Do you really need access?

Therefore, considering the facts there is no justified business need to have local admin access on your device. In fact, for day-to-day tasks nobody should be logged on as a local administrator; not even the authorised individual.

What is least privilege access?

The way least privilege access works is for all users to have a standard user account with no local user admin privileges at all. Authorised users would be given a second user account with local user admin privileges. The second admin user account would be used purely for authenticating administrative tasks and not to log on.

How does it work?

It’s a very simple concept. If a hacker does manage to gain access to your device, they will be limited by the same user access level as the current logged on user. This prevents them from making configuration changes and installing malicious software on your device. Similarly, an accidental click on a malicious link in an email will get no further than a login prompt and render the underlying executable file useless.

Make a difference

It is time that we all start adopting simple techniques such as this, along with some accompanying policies and processes. To support your company in this strategy, change your mindset from thinking that your company laptop is yours and realise that it is purely a tool to carry out your job. Therefore, you should never need to make unsanctioned changes to it. Be the pragmatist and don’t take offence!

You could save thousands!

This is one of many techniques available to help prevent the most basic cyber crime. It accounts for a large percentage of the overall number of successful cyber attacks in the UK. According to the Cyber Security Breaches Survey 2022, 39% of UK businesses identified a cyber attack within a 12-month period. It also suggests that less cyber mature organisations are underreporting, meaning that the statistics are likely to be underestimated. In addition to the obvious damage to reputation (another reason for underreporting), the approximate cost to small organisations is £4200. This figure is close to £20k for medium to large businesses.

Lead by example

Provided that you stick to the rules simple techniques, such as least privilege access could actually prevent expensive data loss. Your laid-back boss might change tack when faced with costs of thousands of pounds just to avoid an awkward conversation. Every organisation should have policies in place to help mitigate risks and User Access Control should be no exception. Having the rules, that each person should abide by, clearly laid out in a policy should prevent awkward conversations. The boss and indeed the authorised IT staff should lead by example. It’s much easier to explain and minimise distrust if everyone’s involved.

Cyber Essentials Certification

Gaining Cyber Essentials certification is an excellent way to ensure that you’re adopting these techniques and preventing a high percentage of cyber-attacks. Remson IT Support and Security Services offers a comprehensive audit and remediation service to help you gain Cyber Essentials Certification. You will be better placed to defend yourself against common online cyber threats and cement your trust with your clients. You’ll have a positive effect on the cyber-crime statistics and help eradicate common online threats once and for all.