Application Control

In my last article I wrote about malware-free attacks…

This time I wanted to mention something you probably already have, but just don’t know. And that can help with those types of attacks.

I work with a lot of customers who have Sophos Central. Amazing product, with so much more to it than most people realise.

Application control is one of these features that I rarely see used. Why, because initially it can cause some issues. Suddenly Jill in Marketing cannot use Adobe Illustrator anymore. And Sam in IT has 10 scripts that can no longer run. Quite often, yes there is a need for a 10-minute conversation, but maybe they really shouldn’t be using that software, or there is a better way of doing things. There can always be exceptions made if it is a tool needed for their role.

How it works; you can block all sorts of day to day programs. Or, allow applications but still detect them. As the screenshot below shows, having blocked those encryption applications would make it a little trickier for Mr Bad Guy to run an encryption program on your server. And if the software isn’t on there that you want to block, it can be added quite simply, ask us at Planet IT if you need assistance.

If you would like any further information, please get in touch. If you want to go over features that you probably aren’t using but should be please contact SecurityServices@Planet-IT.net

MEET THE PLANET HERO’S – AGA ULANOWSKA, PLANET OFFICE MANAGER

I don’t even want to imagine a Planet without Aga!

If you want something done… ask Aga… it gets done.

In the 2nd Meet The Planet Hero’s feature, we talk with Aga Ulanowska, our HQ Office manager. Aga has been with us for 5 years and has seen lots of changes and exciting growth in that time. It’s scary how much work Aga takes care of, and it has become even more evident in recent months with everything going on around us.

Today we find out a little bit more about Aga. Why she enjoys being part of the Planet Family. What makes her tick, why change in business is a good thing and discover her secret passion for gardening…

 

You’re not from these shores. What brought you here?

That’s right, I come from a city in south-eastern Poland called Zamość.

It’s a beautiful place, but since I graduated and got the degree in English, I knew what to do next.

After months of planning, I took a big leap of faith and moved to UK.

It was the most difficult, but the best decision I made in my life. I lived in gorgeous Edinburgh for few months, then moved to Oxfordshire where I found Planet IT, or shall I say Planet IT found me?

Planet found you?

Yes, it was actually Planet IT that reached out to me.

It’s still a bit of a mystery, as I hadn’t even applied for the job ?

One day I received a call asking if I’m interested in a temporary position and that was it – I started the next day.

It was only meant to be for a few months and here I am 5 years later!

 

The business has changed so much in your time here. What do you think has driven those changes?

Looking back to when I first joined Planet IT, it’s undeniable that things have changed.

What I’ve learnt within those 5 years so far, is that you can never stand still, especially in the IT industry.

Changes are good if done for the right reasons and Planet IT did just that.

Every aspect of the business has improved and the drive to be better and more efficient with improved work processes etc. was the key to successfully make it happen.

What has been your favourite Planet memory?

I have so many great memories with Planet – it’s impossible to choose only one.

Some of the best memories was cruising on a snowmobile in the middle of the Icelandic glacier on Planet IT Christmas party, team-building 10-kilometre Tough Mudder runs that break us all every time!

and how can I forget receiving my first “MVP of the year” award! ?

Hopefully many more great memories still yet to come.

 

If I ask about your favourite parts, I have to ask about the opposite side too – what challenges do you face in your role?

I think every job comes with its challenges and my role is no different.

Certain tasks involve more thought and time investment, but it’s important not to shy away from it and take these tasks head on with a positive and “can do” attitude.

 

If you want something done… ask Aga… it gets done.

 

In your role, you talk to and deal with lots of businesses outside Planet IT, during this time of Covid – what business habits have you seen emerge? What has impressed you? What has shocked you?

That’s true, the initial weeks of the lockdown had a significant impact on most UK businesses. Customers and vendors I’m taking to are telling us that the connectivity and technology are absolutely vital to them at this time. It’s always been important, but who would have thought it would be this critical to keep businesses functioning at this time.

What shocked me is that we are also seeing a noticeable increase in malicious behaviour, as scammers and hackers try to take advantage of people working from home.

What advice would you have for businesses right now?

My advice would be to focus on what you can control and set yourself reasonable expectations.

We’re in this together and throughout this crisis people are doing the most amazing things to help each other, so stay connected.

 

 

Outside Planet IT – what makes you tick?

I don’t want to sound like a pensioner, but I really enjoy gardening! Especially now, it’s been my little escape from what’s currently happening in the world.

On a flipside believe it or not, I enjoy a bit of online gaming! It’s a great way of spending some time with my friends, especially those that are far away.

Dog person or Cat person?

100% dog person.

We’ve always kept dogs in my family and I’m planning to keep the tradition here in UK.

However, as small dogs are out of the question, I might need a bigger house first… ?

 

What’s your guilty pleasure?

Chocolate and coffee, definitely.

There’s no way I can start a day without a nice cup of coffee, although I must be going though litres a day…?

And who can resist a lovely bar of chocolate!

This is all about Planet Heros – if you were a real life superhero, what would your superpower be?

Good question…?

I think I would like to have the ability to control time. Life moves way too fast and to be able to slow it down, pause or even go back in time would be amazing!

 

If you were to give advice to a 14 year old you – what would it be?

I would say to believe in yourself more and ignore people’s opinions. The only opinions that really matter are that of your family’s.

Also, don’t stop playing piano just because you didn’t get to the music school. You will later regret it.

 

If you were to give advice to a young person looking ahead at a career like yours  – what would it be?

Just make sure you do something you enjoy doing.

Also, keep learning new skills, you will never know when it might come in useful.

 

Aga Ulanowska is our office manager here at Planet IT. If you’re one of our clients, you’ve probably spoken with Aga a few times! She is typical of the personality and work ethic of our team. If you’d like to work with Planet IT or think you need one of our services, then give the team a call on 01235 433900 or email enquiries@planet-it.net

MEET THE PLANET HERO’S – MICHAEL DAVEY, BACKUP & DISASTER RECOVERY SERVICES MANAGER

Meet Our IT Hero’s – Michael Davey, Backup & Disaster Recovery Services Manager

We have a saying here at Planet – “In Davey We Trust!

Welcome to the first of our Meet The Planet Hero’s features! We always talk about our people being our greatest strength. We have a huge team of experts here at Planet and we’re great at talking abut their technical ability. But what makes them tick? Why do they do what they do? What’s important to them other than their key roles at Planet IT?

First up in our series is Michael Davey. One of the big characters in our office (or on Microsoft Teams right now I suppose). Mike has been part of the Planet Family longer than most and today heads up our Backup & Disaster team. He’s a key member of the technical team but outside Planet he’s a family man, grows a great beard and has one hell of a guitar collection… but we’ll come to that…

 

Firstly Mike, Why IT and then why Back-UP & DR?

To tell the truth, I was looking for a stable career industry having recently started a family at the time. Regardless of the organisation, everyone has some level of IT infrastructure and that is only going to grow. I had similar motivations when it came to specialising in Backup & Disaster Recovery, it’s something that every organisation needs to have and there is a great sense of assurance and comfort in knowing that you’re a part of that safeguarding process.

 

What’s your favourite Back-up tool or hack?

It’s no secret that I really like Veeam. As a tool it has multiple points of entry depending on your skill level and has a very simple and intuitive model in comparison to other solutions I’ve worked with. With regards to hacks? Mapping your user profile folders into a cloud enabled service like OneDrive is really handy. It makes moving around on devices a lot easier.

 

What emerging technologies most excite you?

I am really excited to see more mixed reality concepts come to life in the commercial market. With so many smart assistants and virtual reality products now in the market, the ability to combine those in a tangible real world environment (through personal devices) is a very cool and exciting area for me.

What current tech can’t you wait to see improved or made redundant?

I think we are truly blessed with the tech that is available right now throughout the world. Honestly, the rate of improvement in almost all areas is already staggering, I would however really like to see these technological improvements be made more widely available so their benefits and “smart” functions can help everyone. When it comes to redundancy, it has to be physical connectivity. Having to manage 4-5 different (and often proprietary) connections for powering, connecting and extending devices can be annoying. A better adoption of industry standard alternatives (USB-C being a great example) would be nice.

 

During this time of COVID – what business habits have you seen emerge? What has impressed you? What has shocked you?

I’ve noticed a considerable rise in software as a service options. Removing the need for on-premise solutions and VPN connections with cloud services has been a very big deal. I’m impressed I’ve stayed sane working from home with 3 kids running around! Equally, I am shocked my Fiancé hasn’t tried to kill me in my sleep yet!

 

In Davey We Trust

 

What advice would you have for businesses right now?

Make sure your backups are working properly, especially for cloud services like Office 365, AWS and Azure. Times are hard enough already without having to deal with a Disaster Recovery nightmare. Office spaces and server rooms aren’t necessarily getting the same wear and attention right now, and I hate to say it, but malicious exploits are only getting higher as people take advantage of the many vulnerabilities people are dealing with. Always have a plan B – and don’t neglect it!

Planet IT – what’s it like to work there?

Planet IT is like a family. I don’t think I have ever met a more hard working team with such pride in the work they do. I’ve been with Planet IT for over 7 years now and I couldn’t be more thankful to everyone I’ve worked with. Some of the best experiences of my life have only been possible thanks to Planet IT. We set the bar high across the board and everyone is looked after. I am very very lucky to be a part of this family.

Outside Planet IT – what makes Mike tick?

My biggest motivation is my family of course. My 3 sons keep me going no matter what and are far and away the best source of comedy in my life. For myself? I love music, I love video games and I love food! That’s my trinity right there. If I have a guitar, a controller or a spatula in my hands, I’ll be smiling! Oh also my cat, I love my cat, she’s a total weirdo and hates the world but she’s the best.

 

 

Just for you, we need to ask about guitars – Just start jamming and tell us why you play?

Haha! Well I’ve always loved music. My parents always had great music playing when I was a kid, be it Led Zeppelin, Genesis, Pink Floyd, The Beatles, The Bluetones (I could go on here….) and my Uncle is a fantastic singer and guitarist so I used to always watch him play. He taught me how to play guitar when I was about 13 and the rest as they say is history. At the minute I am relishing every moment I get to play my vintage 1978 Sierra Sunburst Fender Telecaster, my first guitar (A Yamaha F-310 gifted from my Uncle) will always be my favourite, but this Telecaster is something else!

 

If you were to give advice to a 14 year old you – what would it be?

1. Buy some bitcoin around 2009/10 and hold onto it until around December 2017!

2. That bald patch will get bigger, but it’s ok, you grow a beard and shave your head so it’s fine.

3. Do more things that scare you. They’re always the most fun.

 

If you were to give advice to a young person thinking of entering the world of IT – what would it be?

Push yourself. The industry is huge and it’s unlikely anyone will have a real understanding of their ability and/or preference areas from the get go. Just find a good employer with a good team and push yourself every day to learn or try something new, ideally somewhere just outside of your comfort zone. I firmly believe that the more you know, the more fun you can have and the more doors you can open. So push yourself and grow as much as you can.

 

Michael Davey is our Backup & Disaster Recovery Services Manager and an expert in Veeam, VMWARE, Microsoft Azure, Zerto, Microsoft 365 and many more. He and his team will simply blow you away for the level of detail and care they will show for your backups giving you the peace of mind it is taken care of. If you’re interested in talking about any of his services, he loves a chat – give him a call directly on 01235 425219 or email michael.davey@planet-it.net

How to spot Phishing and prevent being a victim

The Coronavirus pandemic and the resulting changes in the way we now work and live has lead to a feeding frenzy among Cybercriminals.

Phishing attacks have ramped-up by over 667% in March alone and scammers are finding more and more creative ways to prey on vulnerable victims.

In the UK, we have all received a text from the NHS or government, urging us to follow the guidelines, stay home and stay safe. Many of us have also received a very similar text or email, telling us exactly the same, but with a suspicious link promising a monetary rebate or extra tips on how to stay protected. If you’re reading this, you already know what I’m going to tell you – this is a scam and somewhere there’s a hacker attempting to steal from you.

But how do you spot these threats? How can you be sure what is genuine or what is a scam?

I’ve put together some pointers for you to help spot the warning signs.

1. If there is ANY uncertainty, don’t open. 

If it’s that urgent, they will chase you. If it’s genuine, you will either be expecting the email or message to arrive. You’ll also get a reminder or a phone call from the real person or organisation when they don’t hear from you. If you don’t, and you still think it might be genuine. Go to their website, find their contact phone number and call to ask

2. Sounds too good to be true, it probably is.

Come on… be real… nobody wants to just give you free money. And you didn’t enter a competition to win a Ferrari, so why would you think that you’ve won one? Be sensible and think if it could be someone trying to take advantage you.

3. Looks legitimate? Check the details

Look at the senders name, their e-mail address and any links. It’s easy to change a letter to a number. My email address for example; Kelly.Ilbery@planet-it.net could be changed to Kelly.Ilbery@p1anet-it.net (1 instead of l).

Is the email addressed to you? e.g. “Dear Kelly”. Or is it addressed “Dear Client”. If you are a customer, they’ll know your name. If it’s a scam sent to thousands of people, they may use client or customer in place of your name.

Here’s a real world example that’s very relevant at the moment and one that has been received by thousands in the UK over the last few weeks. Many people have had their working circumstances change recently. People are on furlough, small business owners are due grants and many are unlucky enough to find themselves unemployed. There’s a lot of change and it’s confusing to know exactly what you might be due and when. A text like this might be exactly what you’re waiting for.

However, look at the link. Genuine texts from the government come from gov.uk. And their official website for the crisis is: https://www.gov.uk/coronavirus. This text tries to mimic that in some way with https://uk.covid-19.

However they are using this as a subdomain of webdirect.org – not an official website. If you clicked on the link, you would have been redirected to a website that even looks like an official gov.uk website asking for details. This is exactly the thing they do and what you need to look out for. As you become more vigilant, you will get better and better at spotting this.

In general terms, big organisations, banks or the government tend not to include links because they’re told that it’s exactly what hackers will do. They’re more likely to tell you to log into your account, encouraging you to separately go to their website, not linking form an email or text. so if you get an email from your back asking for details and not encouraging you to “Log-on to your online account”, it’s probably a phishing attack.

4. And if you still really want to click it, go directly to the web address instead. 

If it’s a link that states it will take you to the WHO website, and you’re interested in seeing what the WHO are saying, go to it yourself by googling WHO, don’t use the link! If it’s important enough for them to email or text, then you’ll be able to find details on their website. Can’t find the details on their website and you still think it’s real – call them using the number on the website.

5. Ask

If all else fails, and you’re still not sure – just ask. My team and I are on the side of the good guys (Yeah I know the bad guys might say that too!). Our careers are based on fighting scammers and helping protect people from being tricked. So if you’re in doubt, or if you think you might already be a victim, give us a call and we’d be more than happy to guide you in the right direction – 01235 433 900 or email SecurityServices@Planet-IT.net

The 6 Tech Trends of COVID-19

Since the start of lockdown in March, the business landscape has dramatically changed, the pull to virtual spaces, new technologies and accelerated upgrade plans. As an IT service provider we have been inundated with requests, projects and new developments, and it now seems the time to look at these changes and talk about the top trends that COVID-19 has brought upon the business world.

1) The office is dead. Long live the virtual space!

February this year feels like a long time ago and for most businesses it was unimaginable that less that 6 months later nearly all businesses would be working from home, with flexible working relying so much on virtual meeting technologies like Zoom, Microsoft Teams and Cisco WebEx – and not to only operate but to socialise, keep in touch and continue to build that company ethos. For some businesses this was a challenge. For others they have adapted and grown with the change. One thing is certain for many senior managers and business owners however: the future looks like one where less people visit the office and more are working from home.

2) Do I really want my servers in my office?

With the trend of moving over to virtual spaces another question that has seen itself thrust into the forefront of IT management is server locales. Previously IT managers and senior management would strive to keep their data close to them, with spaces from corners of offices, cupboards and full-blown data center rooms being constructed, powered and cooled with-in businesses existing spaces. However, when the tables turned and staff where out of the office connecting back to critical data via VPN technology, it became very clear that this set up may not be optimum. As such we have seen a huge increase in business interest for private cloud datacenters like our PlanetCloud service, or customers looking at public cloud or even a hybrid solution. The main driver being to remove that single point of failure and connectivity and drive performance and the ability to work anywhere.

3) The device refresh is here and we need it now. 

Just as many businesses where not prepared for the move to virtual working, many where sitting on legacy IT equipment which was either due a refresh this year or the business was trying to extend into 2021, however with the need for equipment that can support your users while working at home it has become critical that they are working on fast, safe and secure devices. As such we have seen many business moving forward their device refreshes opting for Device as a Service offerings which allow them to spread the cost over the term of the product and turns CapEX into OpEX expenditure.

4) Cyber criminals don’t care about pandemics 

One thing this pandemic has taught us is that cyber criminals have no morals and they will use any situation to manipulate and scam you. This has never been more apparent. During this crisis phishing attacks have gone up 400% and all of these attacks in some way link back to COVID-19, either posing as HMRC, the WHO or informing you that you have COVID-19 and to ring a premium rate number. The level of villainy and lack of humanity these criminals have never ceases to amaze me and my colleagues in the cyber security world.

This also raises the question of how we protect against these attacks and the honest answer is training. No product will be 100% perfect every time but if you invest in your human firewall then you can overcome the ever changing threat of these criminals and protect your business.

5) Broadband is key, but why is my home wifi so slow? 

If like me you have been working from home while your family consume Netflix, Amazon Prime and Disney + . You will have no doubt been dealing with slow connections, overload and sometimes even calls dropping out on Teams, Zoom etc. Well this is for a good reason, aside from the fact the whole broadband infrastructure has been heavily loaded, home broadband circuits are not designed with the same level of protected overhead as business lines. This is in part due to the contention ratios that are allowed on home circuits vs the guaranteed head room on business lines. With this we have seen a number of business purchasing broadband for their staff and having them put into their homes as dedicated business lines, the cost is low and the service is guaranteed. This allowing your family to stream away without effecting your meetings.

6) Board room procrastination has to stop, and businesses need to upgrade, adapt and move forward now. 

From experience I know that the boardroom is often where IT projects go to die. Long have the powers that be, procrastinated on an upgrade for it to never see the light of day. This was a common theme in businesses across the U.K with senior management favoring investments elsewhere to IT for their perceived value. In the last 4 months this has changed dramatically with the focus being more on IT now than ever before.

With companies choosing to invest now and heavily, knowing that it iss IT that has kept them operating over the last few months. Directors now realize that technology is critical to the business long term success. We have worked with a number of business who have revived, accelerated or even created IT projects that were previously on the long finger but now urgently brought into a 2020 timeframe on the request of the board.

With all of this said, it is important to remember the positives that we have gained from this experience and the level of transformation this has forced upon businesses, it is by no coincidence that many attribute COVID-19 as the biggest driver of change in their business over, IT managers, CTO and Technical Directors.

The reason for this is simple, businesses have been forced to adapt or disappear from the business world. The importance now is to ride the tsunami of change and not be washed away by it. If you continue to drive forward and innovate you won’t be left behind and you won’t be left vulnerable to cyber criminals and technology weakness that comes from standing still.

If you would like to discuss with myself or any of the 60 IT experts here at Planet IT about how you can better protect your business, should that be with new technology, strategies or even better backups, you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email: james.dell@planet-it.net

Call 01235 433900 or Email: enquires@planet-it.net

Our Top Tips To Be Secure When Using Public Wifi Hotspots

The popularity of working in public locations like coffee shops, hotels and co-working spaces has exploded in recent years.

Stronger wireless internet signals are now common place in public spaces and we are all grateful when we see a ‘Free Wi-Fi’ sign, when looking for a spot to catch up on some work while out of the office.

Many people connect to a public wi-fi wireless network without giving it much thought. But with cyber security threats consistently increasing in volume and complexity are we safe using public wi-fi?

The short answer is no. But there are some steps you can take to minimise your risk.

There will always be risks associated with connecting a device to any form of public network. It is difficult to establish whether the relevant security principles required to maintain protection levels have been maintained by the wi-fi provider.

At Planet IT our technicians have dealt with cases for clients of devices being hacked and infections spread from public wi-fi. Such cases usually stem back to the user connecting to a wireless network named something like “FREE WIFI” or “The Cloud”.

here are two common ways in which a hacker can use this to their advantage. The first is to simply connect to the network as well and if the provider has not secured the local connection scan and attack any devices connected to the wireless network

The second and more sophisticated method is commonly called ‘The Man in The Middle Attack. In simple terms the attacker impersonates the wireless network with a device they bring with them and you connect to the network and use it. In the background they can then intercept all of you traffic and pass it on.

Developers have started making changes to their systems to protect against the second type of attack. The threat has been reduced by moving from http to https connections, which means traffic sent is encrypted. However, with the right knowledge and technology hackers can still obtain information.

The first type of attack is more common and continues to pose a risk. However, if you need to use public wi-fi, there are a few simple steps you can take to reduce your risk to exposure of being hacked.

1. Connect to a secured public network whenever possible. If you’re unable to connect to a secured network, using an unsecured network would be permissible if the connection requires a login or registration.

2. Have up to date anti-virus and anti-malware software installed on your devices – if you have the latest updated antivirus on your laptop it will prevent any inbound attacks getting onto your device and spreading.

3. Have your firewall turned on – on both Windows and MacOS there is a built-in software firewall designed to stop inbound traffic from unwanted sources reaching your devices, ensure this is turned on and only the ports you need open are open.

4. Never use internet banking, send business critical e-mails or access systems including financial information, intellectual property or sensitive information while connected to pubic wi-fi. If you would be at risk if the data was lost, stolen or leaked then don’t access, send or receive any sensitive data while connected to public wi-fi, to reduce your risk.

5. If you have access to a Remote Desktop connection or Citrix then use them instead of public wi-fi. This will be able to shield you from interception.

6. Monitor your Bluetooth connectivity. Leaving Bluetooth on while in public places can pose a huge risk to your cybersecurity. Bluetooth connectivity allows various devices to communicate with each other, and a hacker can source open Bluetooth signals to gain access to your devices. It is advisable to keep this function on your devices switched off when you leave your office, or home.

If you need advice on how to keep your data safe and how best to apply cyber security best practice to your business, then you can contact one of our security specialists on 01235 433 900.

Planet IT Awarded Sophos Partner of the Year for Mid-Market Business at 2018 London Partner Conference

May, 2018 – Planet IT has won the award for Sophos Partner of the Year for UK at the 2018 Sophos Discover Partner Conference in London.

The annual conference celebrates the successes of Sophos partners throughout the UK and delivers the company’s strategies and innovations that will help partners take advantage of opportunities within the fast-moving IT security marketplace.

Planet IT won their award for their outstanding performance in the past year and their commitment and dedication to selling Sophos.

 

James Vyvyan, Regional VP at Sophos, said:

“It is always a great pleasure to be able to meet our partners face to face at these events as they play a crucial role in our success as a business. It’s a fantastic opportunity to gather feedback, to hear our partners’ validation of our strategy across the endpoint and network and to see it helping to make their businesses a success. I am delighted Planet IT has won the award for Sophos Partner of the Year for medium business. They have had a fantastic year and it’s very well deserved.”

Planet IT have shown what’s possible with great focus, great products, a great team and a great partnership.

Gavin Jones & Sean Smith, Managing Directors and owners of Planet IT have commented:

“Planet IT have shown what’s possible with great focus, great products a great team and a great partnership. Having worked with Sophos for over 10 years and worked our way from Silver, to gold to Platinum partner status is something we are tremendously proud of. Having expert sales people and technical engineers who get fully accredited with not just the online course, but the technical architect certification at Sophos Labs has been a key driver for us and has helped push our business in the MSP (Managed Services Provider) space which gives our clients greater flexibility as to how they can control their IT.”

 

At the 2018 Discover conference in London, members of the Sophos executive leadership team delivered keynote sessions on Sophos strategy, its partner commitments and the broader future of the IT security industry in front of more than 150 attendees at the Sophos sales and partner event.

Partners also attended a packed agenda of breakout sessions delivered by key business, product, technical and sales experts.

What can your IT Projects learn from the TSB “IT Meltdown” ?

If you have been keeping an eye on the news over the last couple of weeks, you won’t have missed the major story that broke on Monday 23rd April 2018. TSB, one of the UK’s major high-street banks, was taking major steps to separate its IT systems from Lloyds Banking group systems after they split in 2013. As part of this process, TSB had scheduled downtime from 16.00 on Friday 20th May until 18.00 the following Sunday.

 

As the headlines broke it was clear that this “smooth process” had been anything but. With customers still unable to access vital services and systems still not running correctly a week on, this blog post explores the lessons that your IT project delivery can learn from the mistakes made by TSB.

 

The cardinal sin of this whole process was transparency. TSB failed to acknowledge that customers were reporting issues even after they had issued a statement claiming the project was a complete success. With customers taking to social media about their ongoing problems, it took the business over 2 days to remove the notice of ‘successful migration’ and inform all customers that there were still issues. In this day and age, it is detrimental to a business’ success if they hide the truth from their customers. Businesses must be seen to be upfront be honest in accepting their mistakes, it’s better to admit your shortcomings than mislead your customer base.

 

The cardinal sin of this whole process was transparency – it is detrimental to a business’ success if they hide the truth from their customers.

Alongside this mistake, it was clear that the business had no rollback plan. All projects should follow a clear methodology as soon as you encounter an issue you ask the delivery team the question “Can we resolve this or is this a major issue?”. If any part of the delivery team believes it could be a major issue, then the business should revert back to its previous state and then return to testing and plan stages to resolve the found flaw before attempting to roll the project forward.

 

Time management is critical when running any project IT related or not, if you’re not working with enough time to complete a task then your project is doomed to fail. It’s always better to over-estimate and deliver ahead of time, than it is to promise a deadline and fail to reach it. Which is exactly what TSB have done in this instance.

 

One of the most critical lessons to learn from this process is that in this social and digital era – how your customers engage and perceive your services to be online, is just as important as how much money is in the bank.

 

“In a world where reputation is everything, trust is the new currency” -Rachel Botsman

 

When looking to deliver IT projects why not lean on our in-house expertise at Planet IT, our team of qualified project engineers and project managers are here to help your business deliver its IT projects.

 

Get in contact:  enquiries@planet-it.net | +44 (0)1235 433 900

Our dedicated and knowledgeable business development managers are here to help with all your IT business needs.

Data Protection Officer (DPO) – a new role now required for all public bodies & schools under GDPR legislation.

As of the 25th of May 2018 your school regardless of it’s status (state-run, academy or private) will be required to appoint a data protection officer (DPO). This role can either be an internal appointment or outsourced, however the fundamentals are the same, this person must be “qualified” to complete the role.

 

The DPO role in schools is mandatory because GDPR states that all Public bodies must appoint a DPO and anyone who’s core business activities involve the “regular and systematic monitoring of data subjects of a large scale”, which is a core part of the education system.

 

A critical factor for appointing a DPO in any organisation, especially in schools, is that the individual must be free from any conflict of interest, must be able to carry out their duties as DPO without fear for their employment, and they must have a direct route of communication to both senior management and to school governors (should the need arise).

 

Any person who is appointed to the role of DPO must be able to carry out the following responsibilities;

 

• Educating all staff on important compliance requirements

• Training staff involved in any form of data processing

• Conducting audits to ensure compliance and to address potential issues proactively

• Serving as the point of contact between the school and GDPR Supervisory Authorities

• Maintaining comprehensive records of all data processing activities

• Delivering and maintaining the schools GDPR compliance project.

All public bodies must appoint a DPO and any business who has regular and systematic monitoring of data subjects of a large scale

These are just some of the responsibilities of a DPO in schools, there are many more and we can provide a full job description to support you school.

 

Alongside the long list of responsibilities is the requirement for the person to be trained and qualified to complete the role. There is no formal list of required qualifications but a good starting point would be the ED GDPR Foundation course. Your appointed DPO is expected to have “expert knowledge of data protection law and practices.”

 

With all this said, who is your school going to appoint as their DPO? Can they fulfil the required role? Do you need more guidance?

 

At Planet IT we are focused on supporting schools in their GDPR compliance projects. Contact one of our GDPR specialists today for more advice and to see how we can help you.

Stand Up to Cryptojacking – in partnership with Sophos

Cryptojacking has recently erupted onto the cybercrime scene, thanks to the surge in value during 2017 of cryptocurrencies such as Bitcoin, Monero, and Ethereum. Crooks are aggressively targeting laptops, desktops, servers, and even mobile devices. From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, or while using, other people’s computers. Simply put, you do the work, pay for the electricity and hardware, and they pocket the rewards. Read this paper to learn how to fight back! We’ll explore the differences between legitimate mining and cryptojacking; how cryptojacking works; the costs of cryptojacking to today’s organizations; and practical steps you can take to avoid being a victim of cryptojacking.

Setting the stage

Cryptomining and cryptojacking are two terms that are commonly used when discussing this topic. Let’s start by quickly distinguishing between the two. Cryptomining is the act of doing all the necessary – and quite frankly very complex – effort required to generate and work with cryptocurrency. It can be both legitimate or malicious, which is determined by several factors, most significantly whether you consciously agree to it. Cryptojacking is malicious cryptomining.

The crooks get code onto your devices without your permission to mine for cryptocurrency using your equipment and your resources. They keep all the proceeds themselves while you get nothing for your hard work. A common misconception is that the sole purpose of miners is to generate cryptocurrency. It’s true, this is part of the job.

However, they also have another role that is at least equally as important: validating transactions on the blockchain. To explain blockchains, let’s use banks as an analogy as cryptocurrency is attempting to replace traditional currency. Usually, banks are in charge of keeping accurate records of transactions. In cooperation with governments, banks ensure that money isn’t created out of thin air, and that people don’t cheat and spend their money more than once.

Blockchains are responsible for the same duties, but also introduce a new way of record-keeping. With a blockchain the entire network, rather than an intermediary or individual, verifies transactions and adds them to the public ledger. Although a ‘trustless’ or ‘trust-minimizing’ monetary system is one of the goals for cryptocurrency, the financial records need to be secured, and the system must ensuring that no one cheats.

The miners who work on the blockchain come to a consensus about the transaction history while preventing fraud, notably the double spending of cryptocurrency. All of this sounds quite complex, and it is. However, there are some basic principles that, once understood, provides you with the ability to understand why cryptojacking has exploded as a trend.

Let’s start by looking at what it takes to perform legitimate mining and later learn the differences between legitimate and malicious mining.

 

How to be a cryptominer in four easy steps

Before you can start being a miner for a cryptocurrency, there are a few things you need to consider:

Hardware. Regardless of whether you are a casual miner or you’re making mining your full-time profession, your objective is to make money. To mine you need hardware, which clearly has an associated cost. For the casual miner, you may choose to use your gaming or personal machine as it is not being used most of the time. If you’re more serious, you can spend a considerable amount of money on customized cryptomining hardware. If you’re not buying dedicated hardware for mining, the next most efficient way of mining is by chaining together multiple graphics processing units (GPU).

This is your traditional graphics card, and miners prefer the high-end kind and they are not cheap. Why a GPU? Because GPUs are efficient at performing the mathematical calculations that are necessary to work on the blockchain. The market has already reached the point that it is almost impossible for gamers (not miners) to buy high-end graphics cards because the miners are eating up the supply as soon as it is available. Nvidia has already taken the unprecedented step of asking retailers to stop selling their cards to miners and focus on selling to gamers*.

The big question is, if mining is all about making money, how long is it going to take you to recoup your initial investment?

Ongoing investment. Over time all computer equipment gets faster and more efficient. The older your hardware, the slower it becomes in comparison to new hardware. Also, the bigger the hardware, the more electricity it will consume. Ongoing costs associated with running and maintaining your hardware will apply just like in a traditional business, but with cryptomining they can be considerable. The old statement “you need to spend money to make money” is very true here.

Pools. As a single casual miner working on your own you would need to be incredibly lucky to successfully mine just one unit of cryptocurrency. Your chances are slim to none. So, what’s the answer? Pool your resources with those from other devices to create a “pool” with the computational power of all combined resources. The chances of successfully mining cryptocurrency increases with the size and computational power of the pool.

Pools are an important concept to understand for both legitimate and malicious mining operations. When you are running a mining application, are you a member of a legitimate or malicious pool? Obviously, both want their pools to be as big as possible as it increases computational power and the chances of successfully mining cryptocurrency. The big difference is how it pays out. While the legitimate pools will have an agreed method for splitting the proceeds amongst all members, the malicious pools usually only provide the proceeds to a single entity (namely the crook). Different pools have different payment structures and many will payout proportionally compared to how much you worked.

Now that you’ve got your hardware and a basic understanding of pools, you can begin mining. And legitimate mining is really just like working any other kind of job. There are four basic steps to make money from mining cryptocurrencies:

Step 1: Find a job!

This is known as joining a pool. You find a pool that is going to pay you a decent return for what you invest in time, computational power, and ongoing running costs. It’s essentially finding out what people are going to pay you for your work.

Step 2: Create a wallet.

After you have a job, you obviously want to be paid. Any proceeds you receive from mining need to go into a wallet. A wallet can be on an exchange, in software (i.e. a file on your device) or secured in hardware. The hardware option is the most secure and recommended option as it is harder to steal.

Step 3: Start working…

Next step, you need to find the mining program of your choice. There are many different options available depending on the cryptocurrency you are mining, and the specific type of GPU in your device. Then you have to start it. Don’t bother sitting and watching it because it’s just a command line and you’ll grow bored very quickly. It is a “set and forget” type of operation.

Step 4. Get paid.

Now sit back, watch the power bill grow, hope your machine doesn’t overheat and cross your fingers that you’ve joined a legitimate pool and will get paid… Generally, pools have an agreed-upon payment period. Ongoing costs associated with running and maintaining your hardware will apply just like in a traditional business, but with cryptomining they can be considerable, just like a real job. At that point in time they will divide the proceeds from the pool amongst all members of the pool in the agreed-upon fashion.

Crooks will take every piece of computational power they can grab!

The many faces of cryptojacking

Malicious JavaScript miners Malicious JavaScript miners are the quick and easy way for crooks to enslave a large number of devices. The logic is pretty simple: what do most people do on a regular basis? They browse the web. By turning every browser that goes to a website into a worker the crooks can very quickly add lots of devices to a malicious mining pool.

If you’re a cryptojacker, it’s brilliant: someone else does the work, you use their resources, and you get all the proceeds for yourself. Now, ask yourself how many devices have a browser that can run JavaScript? It’s a mindbendingly large number. Every laptop, desktop, mobile device (phone and tablet), servers, and other devices are the potential victims. And as the crooks have access to a large number of compromised websites, the chances that they will get devices with a browser running the JavaScript miner are very high.

JavaScript miners are transient miners, as your browser may only perform the mining tasks for a short period of time. The mining stops when you close the browser or the tab that is viewing the infected website, so it is in theory easy to stop. However, how often do you actually close your browser, or is it always running the background?

When a user surfs to a site or page hosting a malicious JavaScript miner, they are not asked for permission to run the JavaScript miner – it just runs. Around this time the CPU on the device will increase to near maximum capacity and the device will slow to a crawl. The more a processor works, the more electricity it consumes, the hotter it gets.

Mobile devices can rise to “cooking temperatures” and mining can drain a battery quickly, even leading to battery expansion and device destruction. Some of these JavaScript miners are smart and have the ability to limit their CPU usage, enabling them to remain hidden for longer. The longer they can hide and execute, the more work they perform for the crooks and their malicious pool. Even though a mobile device is not the most efficient miner, the crooks will take every piece of computational power they can grab!

Some JavaScript miners are smart enough to know that they are on a mobile device and only really go into full blown mining when they are attached to power and stays relatively dormant when operating on the battery. That way the user doesn’t notice a suspiciously large drop in battery performance – again so they can remain unnoticed for longer. Also, most people don’t pay attention to their phones if they have them plugged in and charging. This works better on a mobile device because people don’t close the browser on their mobile device – they mainly have it in the background as they swap to different apps.

The business implications of cryptojacking

Cryptojacking might sounds relatively harmless at first – it doesn’t need to read your personal data, or even to access to your file system. However, the downsides are still very significant:

1. Unbudgeted operating expenses from powering computers to work for someone else.

2. Opportunity costs because legitimate works gets slowed down. You think your computer is slow now, wait until you get cryptomining software on it!

3. Security risks from who-knows-what untrusted programs and network connections.

4. Reputational and regulatory costs of reporting, investigating and explaining the cryptomining activity.

5. Ethical concerns of allowing employees to mine using your resources.

Those risks are real, and you need to decide if your business can afford to ignore these risks. Your business needs to form an opinion on what is your policy on cryptomining. While the view on cryptojacking is simple – it should never be allowed – the view on legitimate mining varies from business to business.

Some companies will allow legitimate mining on company resources. Others will not. Again, there is an ethical component of allowing employees to use company resources, including the hardware, electricity, and ongoing running costs to perform legitimate cryptomining.

You can also ask yourself: does this make the employee the bad guy?

Fighting back against cryptojacking

When it comes to stopping cryptojacking there is no silver bullet. Just like protecting yourself against ransomware, you need to take a layered approach to protection.

1. Block websites hosting JavaScript miners both at the gateway and the endpoints

2. Stop cryptomining malware at every point in the attack chain

3. Prevent cryptomining apps from running on your network

 

We also recommend that you:

– Keep your devices patched to minimize the risk of exploit-related attacks

– Use mobile management technology to ensure that native mobile apps aren’t present on your mobile phones nor tablets

 

– Educate your team:

• Cryptomining is not an acceptable use of company resources or power

• Explain traditional attack vectors of malware such as phishing and how they can protect themselves Ì Maintain a strong password policy

 

– Keep an eye out for the tell-tale signs that you’ve been cryptojacked:

• Slow network

• Soaring electricity bill

• Spike in CPU consumption

Looking for a technology partner?
Let’s talk