Blog : GDPR

Protecting your computers and your future too

Protecting your computers and your future too

For 14 years we’ve worked harder than the competition to offer I.T. support that not only keeps all of your I.T. infrastructure working and working well, but to also offer that piece of mind that comes from knowing we’re on your side.

We build relationships that mean we both get the most out of working together. We can’t thrive as a businesses without our clients thriving as a business.

This is as important now as it ever has been, as more and more of our day to day business is done via computers and the internet and convergent disruption changing the business landscape beyond all recognition. Now more than ever modern businesses need to trade on the internet as their primary platform and those that don’t will get lost in the noise. We see a lot of businesses recognising they need a platform on the internet but in actual fact just end up adding to the noise with many switching potential buyers off.

They realise they need to have a presence on platforms like LinkedIn, Twitter, Instagram and Facebook but have no idea how to separate themselves from the pack and thereby end up adding to the already crowded middle.

The key we have found is to offer great free advice, doing this without de valuing your time or giving away hard earnt trade secrets can be difficult.

But in truth the issue goes deeper than just getting a message out there that’s a little different to the rest. It’s creating that different message and creating a different service for your clients and with that different service delivering different results. From start to finish being different, being better than the competition.

We’ve done this for over 14 years and so are as well placed as anyone to work closely to make sure your technology delivers not only for you and your team but for your prospects and clients too. Who ever we work with on whatever level we deliver not only amazing I.T. support services but future results for your business. We look constantly to make sure the systems you use are creating the desired results for you and those you support with your products and services.

Our traditional I.T. support contracts offer system monitoring (among many other amazing business benefits) so each month we’ll look to see how improvements can be made to your systems, improving productivity and team efficiency thereby creating amazing experiences for your clients and prospects.

And our Growth partnership services provide a working platform for us once a month or every quarter to sit down and spend time going through results with a fine tooth comb and producing better more amazing results after each meeting.

 

To find out more about either of these services please give us a call on 01937 586888 or click on the relevant link below.

I.T. Hardware and Infrastructure Support

Business Growth Partnership

Should you be worried about GDPR?

Should you be worried about GDPR?

As I am sure you’re well aware GDPR is going to be enforced from May this year. There’s plenty of cashing in on GDPR from many sectors, some of them truly mind boggling in terms of what they can offer towards Data law policy. But fear is easy to sell.

So how worried should we all be about GDPR? The short answer is not at all, all the worry in all the world won’t make you GDPR compliant so you’re wasting your time there.

I’ve heard all sorts of worries such as “we’ve been told we should destroy all our records and start from scratch” to “we’ve got 3 filing cabinets of info that would cause me a huge headache if I have to digitise it all”.

The key to both of these concerns is to start with the end in mind, the data you hold on your clients needs to adhere to the core principles of GDPR. Portability, Erasure, Consent to hold, security and notification of breaches. So there is not a “need” to digitise paper files if you can organise these files to adhere to the above, the truth of the matter is it’d probably be easier to digitise your data despite the man hours. However it’s not required.

Also the ICO who are tasked with enforcing GDPR are already busy people, and GDPR isn’t even being properly enforced yet, the truth of the matter is they are probably going to have to pick their battles when it comes to keeping companies in check. Chances are as long as you’re not a repeat offender or making zero effort to comply with the GDPR rules you’ll probably be fine.

Now.. I’m not telling you to wing it or ignore GDPR, in fact the opposite, protect yourselves, make sure you’re ready, register with the ICO, get cyber insurance, a DPO if the budget permits and an I.T. partner to help you get and stay compliant.

Not only will you benefit from increased efficiency but you’ll also have the peace of mind of knowing how to react if there’s a data issue in the coming years.

If you’d like to have a chat about how Aurora Tech Support can help your company get and stay compliant, get in touch.

I.T. Hardware and Infrastructure Support

The importance of Encrypting your data

The importance of Encrypting your data

Data breaches are on the increase, in fact data breaches are the hackers new preferred way of making money from the information they find and can use to extort you. And to fan the flames the Information Commissioner has formed the view that in future, where such losses occur and where encryption software has not been used to protect the data, regulatory action may be pursued.

Therefore it is worth seriously considering encrypting any sensitive data to best protect yourself from 1. breaches of your data and 2. regulatory action from the ICO.

The basics

  • Encryption protects information stored on devices and in transmission.
  • It is a way of safeguarding against unauthorised or unlawful processing of data.
  • Organisations should consider encryption alongside other technical and organisational measures, such as Endpoint protection on all devices and servers.

What the Data Protection Act says

Principle 7 of the Data Protection Act states:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

What is encryption?

Encryption is a mathematical function using a secret value — the key — which encodes data so that only users with access to that key can read the information.
In many cases encryption can provide an appropriate safeguard against the unauthorised or unlawful processing of personal data, especially in cases where it is not possible to implement alternative measures.

Example

An organisation issues laptops to employees for remote working together with secure storage lockers for use at home and locking devices for use outside the home. However there is still the risk of loss or theft of the devices (eg whilst being used outside of the office).

Therefore the data controller requires that all data stored on laptops is encrypted. This significantly reduces the chance of unauthorised or unlawful processing of the data in the event of loss or theft.

Encryption in practice

Information is encrypted and decrypted using a secret key (some algorithms use a different key for encryption and decryption). Without the key the information cannot be accessed and is therefore protected from unauthorised or unlawful processing.

Whilst it is possible to attempt decryption without the key (by trying every possible key in turn), in practical terms it will take such a long time to find the right key (ie many millions of years) that it becomes effectively impossible. However, as computing power increases, the length of time taken to try a large number of keys will reduce so it is important to keep algorithms and key sizes under consideration, normally by establishing a review period.

Encryption should be considered alongside a range of other technical and organisational security measures.

Organisations will need to ensure that use of encryption is effective against the risks they are trying to mitigate, as it cannot be used in every processing operation.

Organisations should consider the benefits that encryption will offer as well as the residual risks and whether there are other security measures that may be appropriate to put in place. A Privacy Impact Assessment will help document any decisions and the reasons for them. This can also ensure that the organisation is only using the minimum of personal data necessary for the purpose.

The importance of good key management should also not be underestimated. Organisations should ensure that they keep the keys secret in order for encryption to be effective.

Encryption can take many different forms. Whilst it is not the intention to review each of these in turn, it is important to recognise when and where encryption can provide protection to certain types of data processing activities.

Encryption is also governed by laws and regulations, which may differ by country. For example, in the UK data owners may be required to provide access to the key in the event they receive a court order to do so.

Not all processing activities can be completely protected from end to end using encryption. This is because at present information needs to exist in a plain text form whilst being ‘actively processed’. For example, data contained within a spreadsheet can be stored in an encrypted format but in order to be opened by the spreadsheet software and analysed by the user it must first be decrypted. The same is true for information sent over the internet – it can be encrypted whilst it is in transit but must be decrypted in order for the recipient to read the information.

When is encryption useful?

When processing data, there are a number of areas that can benefit from the use of encryption. The benefits and risks of using encryption at these different points in the lifecycle should be assessed separately. The two main purposes for which data controllers may wish to consider using encryption are data storage and data transfer. These two activities can also be referred to as data at rest and data in transit.

Recommendation

Data controllers should have a policy governing the use of encryption, including guidelines that enable staff to understand when they should and should not use it.

For example, there may be a guideline stating that any email containing sensitive personal data (either in the body or within an attachment) should be sent encrypted or that all mobile devices should be encrypted and secured with a password complying with a specific format.

Data controllers should also be aware of any industry or sector specific guidelines that may recommend a minimum standard for encrypting personal data.

I.T. Hardware and Infrastructure Support

Article adapted from ICO

Yahoo! Tripled it’s quota on what was already largest data breech in history.

Yahoo! Tripled it’s quota on what was already largest data breech in history.

This week Yahoo announced that what was already the largest data breech in history was in fact 300% bugger and that in fact all of it’s 3 billion users had their data obtained. Not the 1 billion it revealed late last year.

On Tuesday the company announced that the breach previously disclosed by the company in December was in fact much higher than originally expected. Yahoo claim that following its acquisition by Verizon in June, it obtained new intelligence while investigating the breach with help from outside forensic experts.

And believes the stolen customer information did not include passwords in clear text, payment card data or bank account information.

I have to say this seems to be the new normal, hackers are looking for information and poor security is the same as leaving the door open, we’re no doubt going to become a stuck record on this one but as well as amazing I.T. Support in the Leeds area we offer we work with over 150 companies to secure their data and protect their networks.

If you’d like a free no obligation chat to discuss your companies Security needs please get in touch.

Free Consultation

The cost of Noncompliance to your Business

The cost of Noncompliance to your Business

The cost of Noncompliance of regulatory frameworks, PCI DSS, HIPAA and SOX is fast becoming a very real concern for SMEs. Where previously it was assumed that only bigger organisations have to deal with the fall out of Security breaches data and security is fast becoming a very real concern for Businesses of all sizes, the data we hold and the growth in the data we hold has meant that even the smallest companies can create very real and costly problems for their clients, financial institutions and Governments.

These problems also will be the obvious direct consequences and not so foreseeable indirect consequences.

No matter how noncompliance is discovered whether by an audit, or as the result of a breach, the effect can be devastating for a business. When a breach occurs, its impact often extends well beyond the fines levied it can include the cost of finding the root cause of a breach, remedying it, and notifying anyone affected.

The cost multiplies when legal expenditures, business-related expenses, and loss of revenues from damaged brand reputation are factored in.

If you think you might not be protecting your Business and clients as we as you could or should please give us a call

01937 586888

 

 

GDPR and your Client Data

GDPR and your Client Data

Ah GDPR. Makes you want to go back to paper and pen, while a lot is being made of the impending Doom of GDPR being enforced from May 2018 onwards we might be freaking out a little.

Or we may not only time will tell.

Yesterday morning while meeting with my good friends and business associates at a weekly Business Breakfast I take part in we got to discussing GDPR, it’s impact on businesses in terms of how they hold their data, likelihood of penalties for SMEs and the impact to marketing activities. To skip to the end ; I decided to read up a little more on GDPR and how we could help companies make sure the data they hold is complaint with the rules.

It was clear there was a lot of uncertainty in the room regarding the changes and unease at how people would ensure they don’t fall foul. In short the guidance covers

  1. holding data in a secure and lawful way.
  2. acquiring and processing that data in a lawful way.

So in terms of how we (Aurora Tech Support) can help your business, we can make sure in our capacity as I.T. Support and Solutions provider that you and your business secure the data you hold and store within the law and the guidelines of GDPR.

If you’d like to discuss further please book a FREE consultation below

https://auroratechsupport.co.uk/freeconsultation.php