IT consultancy - Awareness

Reducing cyber-risk through External Penetration Testing

Without PEN Testing, hackers can exploit unidentified weaknesses in your network security Today, maintaining network security is increasingly complex, with more organisations than ever being heavily reliant on a varied range of systems to operate. Gone are the days of a simple PC with a hard drive, amongst many businesses there is a move towards combining flexible and agile mobile devices and tablets with Cloud technologies for; network access, sharing, collaboration and storage. While these developments may transform how your business operates, they create a complicated mix of assets that can leave you susceptible to the ever-increasing risk of cyber-attack. With Vulnerability Monitoring, you can check how secure your network really is, and most importantly, you are enabled to keep your data safe. Why is the risk of cyber-threat increasing? The working landscape of a typical business has changed, and the threat of attack from cyber criminals is increasing as a result. Employees can now work from home, work on the move and work from hot desks for some or all the time. Work devices may be used, which have a level of security installed, but workers’ own devices with less security may also be used to access your network, send and receive emails and files, or search the Internet. The nature of your business may also mean guests have access to your network, and all of this creates the opportunity for hackers to attack in diverse ways. Unfortunately, too many businesses have focused on the benefits of the new technologies and have not paid as much attention to the security implications. Left unchecked weaknesses can be exploited, leaving critical data vulnerable to the spread of a paralysing virus that could result in it being irrevocably damaged or lost. What is the value of External Penetration Testing (PEN Testing)? Understanding how exposed your network is to attack, is key to reducing risk. External Penetration Testing can help to keep your network secure by making visible any of its problem areas and vulnerabilities. It does this by simulating an attack, which is then used to assess your weakest points and/or assess a specific area of interest to your business. PEN Testing offers: continuous network monitoring reports on exposure levels of different resources alerts as to where the most immediate risk is remedial approaches to secure the weaknesses. The value of PEN Testing is in its ability to demonstrate where your system is vulnerable, and whether any of your critical data can be accessed from an outside source. Weaknesses are revealed by attacking your infrastructure in the same way a cyber-criminal would, but without facing the same level of threat. Once any holes in your existing defences have been identified, you then have the opportunity to seal them to maintain the integrity and confidentiality of your data. Reducing your exposure with ASL’s Pen Testing services Trying to defend yourself from attack, when you don’t know when or where it is likely to come from or what form it will take, can lead a business to either ignore the problem altogether or spend much more money than necessary. Many take an uninformed approach and make the mistake of investing in a range of security tools they hope will solve the perceived problem. This may actually increase your exposure as the wise course of action would be to seek expert advice. At ASL, we are highly experienced in protecting businesses from all types of disasters. We offer PEN Testing services in partnership with Tenable.io, who are specialists in identifying and securing against cyber-exposure. Our service does more than address misconfigurations and bugs in your system – it also includes: hacking/virus detection and prevention footprinting and system fingerprinting port scanning service testing/probing password strength testing DNS analysis. In addition, we also offer advice on how to manage your IT security vulnerabilities moving forward. For further information on how ASL can help you to protect your network security from cyber-attacks, call our Sales team on 0345 862 0350.

Why should your Business have a proxy URL filtering service?

Using filtering technology to enhance security Employing a Web proxy URL filtering service can deliver many positive benefits for both organisations and end-users that go far beyond the basic implementation of preventing access to named websites or particular types of websites. Filtering technology is predominantly a security tool, one that provides an essential layer of centralised, server-side protection from security threats before they manifest on client devices. Despite its importance, many businesses underestimate the need to have proper web browsing security and leave themselves susceptible to underperformance, risk and liability. What is URL filtering? The internet contains many threats with an increasing number of previously unseen, zero-day vulnerabilities being exploited every day. This mostly occurs when visiting a website or opening an email that contains an unknown URL. Proxy URL filtering or web browsing security is an effective way of protecting your business and maintaining high levels of security. It does this by: creating website allow/block lists controlling data sent to sites or via web-based services detecting and blocking of internet-based threats. Either by using predefined templates or a service that is customisable, allow/block lists can be created according to one or a combination of values, such as user, time of day, URL category, etc. Customisable services allow you to tailor your list in accordance with your business requirements. The scanning and controlling of data sent to sites can help to eliminate the distribution of personal or proprietary data or otherwise unsuitable information. Plus, effective filtering helps detect and block Internet-based threats before they reach your network and pose a much more serious problem. Why URL filtering is necessary Increased security. If you don’t employ a URL filtering policy, you could be giving your users open access to malicious websites that will attempt to disrupt your infrastructure or network, steal sensitive information or infiltrate your entire system to corrupt it or use it to launch an attack elsewhere. This is done either by tricking the user into installing malware e.g. clicking on a disguised link or by drive-by download where the website will attempt an automatic malware installation, which bypasses the need for consent. Liability risk. There is an increased risk of liability if your users are allowed access to sites that display offensive or illegal content, such as hate, drugs, pornography or violence. Improved productivity. The lack of web filtering could mean your users are distracted by social media and instant messaging, leading to time wasting. URL filtering can be used to focus the attention of your workforce where it’s needed most. Improved reporting. Information that could be valuable to your organisation relating to web usage that could impact sales or add value by increasing efficiency, could be lost without URL filtering. Reports and logs can be generated that help to determine how separate areas of the business are performing by highlighting the most visited URL categories. How can Awareness help with your web and data security? ASL can help protect your business from compromised websites and malicious downloads and allows you to control and enforce “Acceptable User Policies “whether the user is in the office or working offsite. The benefits of our antivirus web filtering include: allowing, blocking, reporting or logging of categorised web searches file content analysis (uploaded to cloud-based applications or contained in email) blocking of inappropriate posts preventing the distribution of password-protected content preventing the download of business information to personal email and much more. At ASL, we have more than 20 years of experience assisting businesses to detect and contain hostile attempts to disrupt business operations. Data security is our priority. We believe we can offer you a powerful and flexible way to create custom web filtering policies that serve your business both in terms of performance and security. Contact us on 0345 862 0350 to discuss how our antivirus web filtering services can secure and protect your business.

The importance of a comprehensive email security solution

Why you shouldn’t rely on generic cloud-based email security to protect your organisation An increasing number of internet-based threats are being deployed via email, which is why it is imperative for your business to have a comprehensive security service in place. It is much easier to stop threats before they become full-blown attacks on your network or infrastructure. Prevention, by means of the detection and blocking of threats, is preferable for the business continuity of any enterprise. Dealing with the fallout of the avoidable and damaging consequences of a lack of security can be extremely complex as well as costly. So, what steps can you take to ensure your email system is secure? Understand the threats Internet-based threats are constantly evolving and are a challenge to detect when sent under cover of an innocent-looking email. Sophisticated methods of camouflage are employed to mask the presence of malicious URLs; for instance, emails can be embedded with: spyware bait for the purposes of phishing DoSA (Denial of Service Attack) spam disguised URLs (containing redirects and/or time delays) zero-day attacks (exploiting undiscovered email security vulnerabilities). Any of these can result in damage to your operating system or applications and may also lead to the corruption or loss of sensitive data. Learn how email security works Internet-level defences identify and eliminate spam and viruses before they have an opportunity to enter your network, and web-borne viruses, phishing threats and spyware are detected and controlled with URL filtering. Email content and attachments, either sent or received, are scanned, monitored and managed according to your own defined policies, driven by your business requirements. Appreciate the risks of low-level protection A cloud-based email security service is provided at a basic level with Microsoft Office 365 and Google Apps, etc. However, your business should not be reliant on this limited level of protection as it is not sophisticated enough to neutralise more than the simplest form of malware. Ignoring the need to detect and block an ever-increasing number of complex internet-based threats could make your business vulnerable to exploitation. Having a service that provides a wide-ranging level of email security could mean the difference between you averting a cyber disaster or finding yourself recovering from one. How Awareness can help ASL can offer an all-inclusive level of security for your email system that: protects critical data from the threat of spam and virus blocks spear phishing campaigns restricts web access (customisable, according to your requirements) filters URLs assists administrator controls protects and supports roaming users. Our service also offers the central management of your security requirements without the need for additional hardware or software by providing a web-based console. For more than two decades, we have supported small to publicly-listed UK corporations with their growing needs for reliable email and an effective security solution that maintains network and infrastructure integrity. Our comprehensive email antivirus service detects and blocks threats before they become a serious issue. To discuss how to enhance your email security, call our Sales team on 0345 862 0345 and find out how we can help you and your business safe online.

Protecting your corporate WiFi

How secure is your network? Modern businesses that require different forms of connectivity and functionality, could be exposing their wireless network to unnecessary risk without proper firewall configuration. Firewalls protect your hardware and networks from unwanted data or viruses trying to get in, or unauthorised systems traffic trying to get out. A systems functionality and security are provided by configuring your firewall with VLAN’s so that network access can be controlled and risks eliminated. Defending your wireless network security with the correct firewall configuration Defending your network security successfully involves the proper configuration of your firewall. The firewall maintains your enterprise’s security by preventing access either to or from a specified network. This is done by implementing firewall rules that define the level of access authorised users have; for instance: corporate WiFi – an open rule to the local LAN and internet staff WiFi – a restricted rule to Remote Desktop and a rule to the internet guest WiFi – a restricted rule to the internet. Secure firewall configuration eliminates unauthorised access to your sensitive data. In turn, this prevents it from being corrupted or leaked, either accidentally or maliciously. This is vital if you have BYOD users who use different devices, including tablets and smartphones. The variation in devices used can make defining who has access to what data very complex. Correct firewall configuration allows for authorised BYOD users to remotely access your private networks securely, using logins and authentication certificates. This is essential to establish and uphold BYOD security and best practice for your enterprise, which maintains the integrity of your networks and data. The role of VLAN’s in network security A Virtual Local Area Network (VLAN) is a way of creating network groups and segregating them from each other. This is done without the need for additional hardware or rewiring of your building. Access is provided to groups, such as corporate users, staff and guests, without exposing your network to any unnecessary risks. VLAN’s are essential to achieve this and: are configured on enterprise-class devices such as switches and firewalls they simplify your network design and deployment allow different networks to share the same hardware whilst being completely segregated. The correct configuration of the switch means that wireless access points can be connected to any of its ports. As long as those ports are configured to the appropriate VLAN traffic, all networks can pass over the same switch without interfering with one another. This means that issues such as broadcast storms, which may arise due to the use of poor equipment or configuration, can be detected and isolated without the other networks being impacted. Why choose Awareness to secure your network? With more than 20 years’ of experience in the industry, ASL design infrastructure solutions for clients utilising enterprise-class hardware. The hardware we supply (switches, firewalls) are fully managed layer 3 devices, that gives us the ability to: define access levels segregate logical networks detect and control network issues such as broadcast storms fully meet your network security requirements. For further information on how ASL can help uphold your network security with Firewall and VLAN configuration, speak to us on 0345 862 0350.

WiFi/Wireless Security Best Practices

Protect your enterprise or face serious consequences There are many advantages for your enterprise working wirelessly, but unless you are adhering to wireless security best practices, you could be running unnecessary risks that threaten your network and data. This is especially true if your business grants access to your LAN to BYOD users and guests. The consequences of ignoring your WIFI/wireless network vulnerabilities are serious and could have damaging consequences to your business. Advantages of WiFi technology Wireless access points are cost effective, easy to install and provide instant access to your enterprise’s LAN to anyone who is in range and has the password, including guests. WiFi technology also enables: mobility BYOD scalability. Mobility – Total mobility is permitted as co-workers and guests can connect to a server from anywhere on premises via WiFi. This allows for information to be accessed and shared, which facilitates collaboration and contributes to productivity. BYOD – Enterprises can gain from Bring Your Own Device as co-workers and guests use their own smartphones and laptops for work purposes. WiFi throughout the premises enables users to work on the LAN with their own equipment. As well as being convenient, BYOD represents an opportunity for your enterprise to save money at the same time as increasing productivity levels. However, while implementing BOYD has many benefits, there are risks that need to be considered such as data security implications – find out more. Scalability – New and guest users can be accommodated very easily with a wireless network as it usually involves the issuing of a password and making a corresponding server update. Users can be removed just as easily too, making the entire system cost-effective and flexible. Threats and vulnerabilities posed by WAP technology Mobility, BYOD, and scalability are significant advantages but they can also increase the risk of network security threats. BYOD users’ devices may already have malicious code embedded in them that could wreak havoc the minute they gain entry to your network. If not properly secured and monitored, WiFi can leave you exposed to menace, malicious or accidental, from both internal and external sources. This is because unsecured wireless access points can be easily recorded and information such as logins and passwords picked up. Network security threats can also come in the form of: broadcast storms man-in-the-middle attacks using rogue APs stealing sensitive data and/or bandwidth spam attacks or wireless packet floods data modification/loss/leakage/corruption attacks being launched from your network. The cost of downtime to your bottom line and reputation as a result of exposure to one or more of these threats can be much more significant than the investment it takes to obtain the necessary protection in the first place. 5 WiFi security best practices If you are not sure how to take advantage of wireless technology at the same time as reducing network vulnerability, below are five practices to implement as soon as possible. 1. Seek expert advice from professionals in wireless network security. 2. Identify which of your business assets need protection and why. 3. Define access requirements and create separate networks using firewalls and VLANs for: corporate users staff users guest users. 4. Carry out a site survey to identify areas of vulnerability. 5. Implement continuous network monitoring to identify unusual traffic. To protect your network against security threats and vulnerabilities, consult with Awareness. Our high level of skill has been gained over a period of more than two decades – assisting our clients with their network security requirements. To discuss WiFi security in more detail or to book a site visit, call Awareness on 0345 862 0350.

Could your BYOD policy be risking your data security?

The implications for disaster recovery when staff use their own devices at work BYOD (Bring Your Own Device) is a popular trend among UK SMEs, which without a proper policy in place to govern its usage, might be harmful to your data security. When staff access sensitive business information using their own laptops, phones and tablets, there is a corresponding increase in the risk of a disaster happening. Typically, an individual’s own devices are set up with less security and virus protection. Why businesses like BYOD Savings can be made when employees use their own devices for work purposes. Their laptops, tablets and phones are often more up to date and advanced as well as being lighter, more portable, with bigger screens and wider capabilities than your existing company hardware. Productivity increases because of the level of familiarity with your own device. People work better and your business benefits as a result. However, it is important to consider how you could be impacted if you are employing BYOD. You could be making yourself more vulnerable to data breaches and loss and suffer legal consequences as a result. So, what risks should you consider? The associated risks of BYOD Lack of security Disaster is more likely in the form of accidental leakage and data loss, viruses and cyber-attacks when your staff use their own devices. Their device could be easily compromised, lost or stolen, which could give a third-party easy access to sensitive data. The consequence could be extremely serious or possibly fatal for your business. Management of different operating systems Devices are being updated and upgraded all the time, meaning the operating systems are too. The number of different versions make it very complex for a business to manage and support and this can lead to security breaches occurring. Your disaster recovery plan should include an effective solution that addresses this management issue. Having no BYOD policy Arguably the biggest risk of a disaster happening at all is failing to have a company BYOD policy. As well as weakened data security, there are also legal implications. BOYD legal implications and responsibilities Depending on the nature of your business, you may have to comply with legal requirements to do with the Data Protection Act, the Official Secrets Act or the Freedom of Information Act, etc. Your BYOD policy should address who is responsible for the protection of personal information and the implications of non-compliance with legal obligations. BYOD policy planning – what to include Apart from having a legal compliance strategy, other considerations are: network security data encryption local data storage prevention protection controls and limiting access tracking and deploying of applications establishing secure app-to-app workflows. Communicating your policy fully to your employees means they will be aware of what their responsibilities are when it comes to safeguarding your sensitive information. It will also help to reduce the risk of a disaster being caused internally. ASL can help you to successfully benefit from BYOD by performing a full assessment of the risk involved on all devices that access your company data. We can offer qualified advice on the security implications of jailbreaking and sandboxing, as well as assessing encryption methods and the use of passcodes to protect sensitive areas. For further details on creating a BYOD policy for your business that reduces the risk of a disaster, contact ASL on 0345 862 0350.

The human error factor in disaster recovery

Ensure business continuity and avoid data loss caused by an internal mistake A key part of any business continuity plan is having a disaster recovery strategy in place that ensures the protection of your most valuable asset: your data. While you may have already planned for threats posed by a potential cyber-attack or a natural event, the biggest threat to the security of your data may be the one right under your nose. The threat posed by the likelihood of mistakes made by your own staff which could result in the catastrophic loss of all your crucial data. This scenario may not only affect you but also the sensitive data you may be holding about your clients. If this happens, you must ask yourself what contingency you have in place to ensure your business survives. The underestimated threat posed by human error According to information received from the Information Commissioner’s Office in the UK, more than 60% of all recently reported data breaches came as a result of human error, compared to not even 10% coming from hacking and inadequate webpage security. If, therefore, the greatest risk to your critical data is an internal one, what can you do to mitigate it? Risk-reducing strategies There are a number of strategies to consider when you are planning for business continuity and disaster recovery; these include: off-site verification/restoration of data automation of data backups storage replication WAN Acceleration to max backup/replication efficiency encryption solutions backing up to Cloud. The off-site verification and restoration of data is regarded as one of the most effective methods of averting data loss caused by human error. This, together with having the right automatic backup solutions in place, significantly reduces the risk if someone pushes the wrong button or unplugs something they shouldn’t. The risks can be reduced even further by adhering to best practice. Recommended best practices for any UK Business The backup of data to an offsite data centre is critical to safeguarding the integrity of your information and is highly recommended as a best practice for any UK organisation. Making sure that your staff are as well trained as possible is another best practice, as they themselves have a deeper understanding of what’s at stake. However, even though your staff may be well-trained data is backed-up to an off-site location and you’ve automated and encrypted as much as possible, the risk posed by human error remains. So, what else can be done? Final considerations Include a strategy that addresses human error in your business continuity planning. If you are not sure how to go about this, our experts at ASL can help you to identify a solution that works for you. Adhering to defined processes is something else to address. ASL can also help define what these should be for your company and how they should be carried out in a way that reduces risk as much as possible. Having the right technology can do much to reduce the risk of data loss occurring due to human intervention. ASL can advise you on the most suitable hardware/software for your business, no matter what size, taking your specific objectives into account. To err may be an inevitable part of being human, but losing data that is critical to your business is avoidable with the right precautions in place. For further information and to discuss how ASL can help you with your DR and BC requirements, call us today on 0345 862 0350.

Using network and systems monitoring to protect against UPS failure.

Ensuring your business doesn’t get caught out by UPS outage. The need for effective network and systems monitoring was recently highlighted by the May outage suffered by BA. Their systems failure not only caused days of travel chaos for customers, it also led to BA suffering significant financial loss and major damage to its reputation. The failure was blamed on a datacentre UPS system failure, however this is unlikely to be the whole story as the secondary disaster recovery facility was also affected by the outage. What really happened is still unclear, but the fact is, having the right monitoring solution in place can help you to avoid a similar catastrophe. Why is a UPS so important? Having your data replicated to a datacentre means your files will be protected against loss or corruption in the event of a disaster. To maintain the integrity of your data as well as ensuring your ability to access it, you must remain online. A continuous supply of power is essential for this to happen, which can be achieved with a UPS. If properly configured, a UPS can have two functions in the event of an outage. The primary function is to keep your systems running until mains power is resumed, eliminating any downtime that could interrupt the normal operation of your business. The secondary function is to smooth out any spikes in electrical current, which could cause a power source to blow. Smoothing out these surges helps protect your hardware and its components from damage. Having the correct monitoring software solution in place means that your UPS resilience can be ensured, and problems caused by power surges can be immediately identified, smoothed and reported. Safeguarding your data in the event of an outage. After making sure your system is fault-tolerant, there are three other things to consider when safe-guarding your critical data: SAN (Storage Area Network) Maintaining the integrity of your critical data can also be done by separating it from the server using a SAN (Storage Area Network). The intelligent controlling of dual power supplies should also be implemented to ensure continuous protection. Disaster Recovery With a good disaster recovery solution, a replication server is dedicated solely to the roles of backup and export. All servers that are in a DR mode can be exported out in a clean and consistent manner to ensure data integrity so that it cannot be influenced by a failure at the primary site. Disaster Recovery testing Constantly testing your DR solution means that you can be secure in the knowledge that should an unplanned event happen your contingency will work when you really need it to. Avoiding a high level of disruption to your business due to a UPS failure could save you and your customers days of frustration and hassle. Outsourcing your network monitoring to ASL makes sense. At ASL, we can provide you with effective network and systems monitoring that protects your critical data. This includes safeguarding the resilience of your UPS, and the implementation and testing of a comprehensive disaster recovery solution that’s tailored to your needs. To find out more about our networking and systems monitoring solutions, ask your Sales manager or call us on 0345 862 0350.

Why is it vital to have an effective PRTG network monitoring solution?

Has moving your network to the Cloud put your data at risk? The rising popularity of expanding networks to the Cloud, coupled with the increased threat of serious cyber-attack, means that effective systems network monitoring is more important than ever. As more businesses move to using a mix of public and/or private cloud services, network management needs have become more complex. However, regardless of this fact, many businesses still fail to seek expert advice from a specialist provider, and instead bury their head in the sand and take a ‘hope for the best’ attitude towards both cloud and security. Cloud-based hosting. Why can network monitoring be more complicated with cloud-based hosting? Expanding your system to public and/or private cloud hosting options means that your workforce can use their mobile devices to access your system, enabling them to work at any time and in any location. Although the advantages are obvious – including improvements in speed, availability and application, the downside is the loss of systems visibility. A lack of visibility means an inability to accurately track the performance and behaviour of your system’s workload. Left unchecked, this could lead to downtime, negatively impacting your bottom line as well as your brand’s reputation. Cyber-attack – how can network monitoring reduce the system’s security threats? It is not only large organisations such as TalkTalk, Reddit and Twitter that are at risk of being targeted by cyber-criminals, smaller businesses are under threat too. However, this threat can be significantly reduced by using an effective system monitoring tool that not only alerts you to system malfunctions but also to any unusual activity, which could mean you’ve been hacked. Becoming aware of this at the earliest opportunity allows you to investigate and respond appropriately, minimising the risk of disruption. The benefits of PRTG network monitoring Having the right network monitoring solution is imperative to maintain your system’s levels of reliability, PRTG network monitoring offers: increased uptime – problems identified before they become an issue increased network performance – improvements identified and made increased application performance – performance issues detected and diagnosed enhanced security – potential threats detected and flagged Contact ASL and solve your network monitoring issues. ASL are specialists in network monitoring and are a PRTG service provider. Our solutions can give you insights into Cloud infrastructure and effectively monitor your environment. We offer a transparent approach to cloud-based hosting and offer peace of mind with no-fuss contracts that don’t tie you in legal knots. Our terms include an initial contract of one year, which becomes a 90-day rolling contract thereafter. At ASL, we deliver simple PRTG network monitoring solutions, to discuss your requirements in more detail call us on 0345 862 0350.

ASL industry leading IT support services across Manchester, Cheshire and the UK

Wide-ranging IT support available on your doorstep. As a Manchester based IT service support provider, we are perfectly positioned to deliver industry-leading, managed IT support services to businesses around the UK. We have years of experience helping small, medium and large corporations with their IT issues, and offer an extensive range of services that deliver flexibility and value, that can be easily scaled up or down according to your business needs. 6 reasons to choose ASL Fully trained locally based IT experts – we offer first-line IT support services to businesses based anywhere in the UK by phone and email. Wide-ranging IT experience – we deliver industry-leading IT support. We are specialists in Microsoft Technologies, Microsoft Dynamics, Cloud and High Availability Systems. We offer advanced support covering a wide range of hardware and software products – including SAN’s, printers, firewalls, PCs, and SQL servers. We can help you, whatever your requirements and deliver affordable IT support so that you don’t have to pay to hire, train and manage your own IT department. Easy access to disaster recovery – outsourcing your backup and disaster recovery to us ensures your business quickly gets back up and running after a disaster, whether that’s a malicious ransomware attack, human error, power outage or weather-related disruption. With our help, you can remain operational. Onsite Surveys – we provide onsite surveys to give you the opportunity to discuss your business IT support requirements. Cost control – recruiting and training your own in-house IT support team, and keeping them up to speed with every development, can be very expensive. We constantly update our skill set, provide training and keep up to date with developments in the marketplace, so you don’t have to. Stay competitive – because your resources are not being stretched by maintaining your own IT department, you can direct your finances and expertise towards developing your business. To discuss your IT support needs, call us at ASL on 0345 862 0350.

Find out how our knowledge can grow your business.