10 steps to Cyber Security

The National Cyber Security Center have posted  their 10 Steps to Cyber Security which provides a good working baseline for all businesses:

1. Setup a Risk Management Regime relating to your IT systems supported at a senior level
2. Network Security - ensure your perimeter is secure
3. User education and awareness - don't assume; ensure that all your staff have the level of instruction and training required to keep them safe
4. Malware Prevention - ensure you have the required and up-to-date anti-malware installed on every device or a centralized system
5. Removable Media Controls - ensure that random USB flash drives and external hard drives are controlled and managed on your network
6. Secure Configuration - make sure that all software is patched and that a system inventory is maintained
7. Managing User Privileges - setup permissions and shares to only allow users access to what they need for their role and no more  
8. Incident Management - report incidents to the appropriate police authority - RCCU (Regional Cyber Crime Unit West Midlands) - and ensure internal reporting is carried out
9. Monitoring - establish procedures for the handling and management of incidents
10. Home and Mobile Working - develop procedures for this and enforce it. Protect data at rest and in transit.

If you are a business that uses and relies on IT then these 10 steps are the basics of what you should be putting in place or if you're not sure how to establish or implement then contact a reputable IT company such as ours to help, advise and carry out what you can't.

Office 365 security

I have been talking with potential customers this week over their requirements for future IT and it became obvious that a Cloud solution was what was needed - specifically Office 365.

One thing that has come up time and time again were the questions "how secure is it?" and "we work with clients who might not think this is secure enough - is it?".

So I have taken the time to research this and as you might think Microsoft has produced the most comprehensive and high quality information on this - so I have taken some of this from Microsoft and reproduced it here for people to have an overview of Office 365 security. You maybe sceptical about Microsoft telling you how great Microsoft Office 365 security is, but what they say here makes sense and is logical and relevant and I believe provides good detail and explanation to most security questions.



"With Office 365, it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service. The core tenets of our approach to earning and maintaining your trust are:

 Built-in Security :

Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.

Service-level security through defense-in-depth

Customer controls within the service

Security hardening and operational best practices

 Privacy by design :

When you entrust your data to Office 365 you remain the sole owner of the data: you retain the rights, title, and interest in the data you store in Office 365. It’s our policy to not mine your data for advertising purposes or use your data except for purposes consistent with providing you cloud productivity services.

Your data is not used for advertising

You have extensive privacy controls

You can take your data with you when you want

Continuous Compliance

Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography. Because regulations often share the same or similar controls, this makes it easier for Microsoft to meet the requirements of new regulations or those specific to your organization and industry.

In addition, Office 365 provides admin and user controls, including eDiscovery, legal hold, and data loss prevention, to help you meet internal compliance requirements. These require no additional on-premises infrastructure to use.

Proactive processes to meet your compliance needs

Customer controls for organizational compliance

Independently verified to meet evolving standards

Transparent Operations

Moving to a cloud service shouldn’t mean losing access to knowing what’s going on. With Office 365, it doesn’t. We aim to be transparent in our operations so you can monitor the state of your service, track issues, and have historical view of availability.

You know where your data resides and who has access

Visibility into availability and changes to the service

Financially backed guarantee of 99.9% uptime"

If you would like to read even more detail about the security that wraps Office 365 up then please go to https://products.office.com/en-us/business/office-365-trust-center-cloud-computing-security?tab=7d4bf5d5-8549-acb8-3852-a62cc997fb45

I hope this has reassured anybody who has previously had doubts about Office 365 Cloud security and now understands that a great deal has been done to make O365 a robust and secure product that can be used with safety and reassurance.

 

shop window and Internet webpage - analogy

Whilst working with a website builder to have a new website built I have realized that a website serves the function of a shop window. This is perhaps nothing startlingly new in terms of a concept but the analogy is so strong with me, as I work on my new shiny website that I thought I had to share this concept.

40 years ago the high street represented the current internet, with all those glowing, interesting shop windows showing off their wares and beckoning you into the shop to peruse and perhaps purchase. Now we have the same as we surf the internet, all those Homepages enticing and beckoning you to purchase their goods or services and if not then at least to enjoy the front page.

So I have used this as my driver, the definition of my website Homepage as a shop front and all the various hyperlinks and sub-sets, products and services that are available to the surfing potential customer who cares to open the door and step inside.

I keep this thought close to my heart when I decide on how my website looks and feels and operates; hopefully this is what encourages people.

Windows 8.1 - what's new?

 For all you Office Managers out there who have responsibility for a Windows 8 estate or who are considering an upgrade of your business devices Microsoft Technet have published what changes we can expect to see in the new upgarde to Windows 8, due late 2013 which won't be Service Pack 1 but rather Windows 8.1.


"What's New in Windows 8.1
We built Windows 8 to bring a modern computing experience to businesses and to help professionals stay connected to their colleagues and clients from anywhere, anytime. Windows 8.1 advances this vision and introduces new manageability, mobility, security, user experience and networking capabilities that will be available later this year – with the goal of offering customers the best business tablets and versatile modern business PCs driven by the most powerful operating system designed for today’s modern businesses.

Below is a list of some of the new and updated features that we invite to you test out when the Windows 8.1 experience becomes available later this month.

Bring Your Own Device (BYOD) Enhancements
Workplace Join
A Windows 8 PC was either domain joined or not.  If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms.  This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources.  If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device.

Work Folders
Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system.  Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares.  Syncing could be done with third-party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.

Open MDM
While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch.

Mobile Device Management
When a user enrolls their device, they are joining the device to the Windows Intune management service.  They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices.  This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have deeper policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having deploy a full management client.

Web Application Proxy
The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using resources, and enforce multi-factor authentication as well as verify the device being used before access is granted.

RDS Enhancements
Enhanced Virtual Desktop Infrastructure (VDI) in Windows Server 2012 R2 with improvements in management, value, and user experience. Session Shadowing allows administrators to view and remotely control active user sessions in an RDSH server. Disk dedupe and storage tiering allow for lower cost storage options. User experience for RemoteApps, network connectivity and multiple displays has been improved. Administrators can now easily support users with session desktops to provide helpdesk style support. Administrators now have even more flexible storage options to support a VDI environment without expensive SAN investments. End users will find RemoteApp behavior is more like local apps, and the experience in low-bandwidth is better, with faster reconnects and improved compression, and support for multiple monitors.

NFC Tap-to-pair Printing
Tap your Windows 8.1 device against an enterprise NFC-enabled printer and you’re all set to print. No more hunting on your network for the correct printer and no need to buy a special printer to take advantage of this functionality. Simply attach an NFC tag to your existing printers to enable this functionality.

Wi-Fi Direct Printing
Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and the printer.

Native Miracast Wireless Display
Present your work wirelessly with no connection cords needed; just pair with a Miracast-enabled projector via NFC and Miracast will use Wi-Fi to let you project wire-free.

Mobility Enhancements
VPN
We have added support for a wider range of VPN clients in both Windows and Windows RT devices. We have also added the ability to have an app automatically trigger VPN connections.

Mobile Broadband
At Windows 8 launch, the devices had embedded radios that were separate components within the devices.  Windows 8.1 supports embedded wireless radio, which gives you increased power savings, longer battery life, also enables thinner form factors and lower cost devices.

Windows To Go
With Windows To Go in Windows 8.1, the Windows Store is enabled by default. Windows To Go users may roam to any number of machines and access the Windows Store and use Windows Store apps.

Broadband Tethering
Turn your Windows 8.1 mobile broadband-enabled PC or tablet into a personal Wi-Fi hotspot, allowing other devices to connect and access the internet.

Auto-triggered VPN
When you select an app or resource that needs access through the inbox VPN – like a company’s intranet site – Windows 8.1 will automatically prompt you to sign in with one click. This feature will be available with Microsoft and third-party inbox VPN clients.

Security Enhancements
Remote Business Data Removal
Corporations now have more control over corporate content which can be marked as corporate, encrypted, and then be wiped when the relationship between the corporation and user has ended. Corporate data can now be identified as corporate vs. user, encrypted, and wiped on command using EAS or EAS + OMA-DM protocol. This capability is requires implementation in the client application and in the server application (Mail + Exchange Server). The client application determines if the wipe simply makes the data inaccessible or actually deletes it.

Improved Biometrics
All SKUs will include end to end biometric capabilities that enable authenticating with your biometric identity anywhere in Windows (Windows sign-in, remote access, User Account Control, etc.). Windows 8.1 will also be optimized for fingerprint based biometrics and will include a common fingerprint enrollment experience that will work with a variety of readers (touch, swipe). Modern readers are touch based rather than swipe and include liveliness detection that prevents spoofing (e.g.: silicon emulated fingerprints). Access to Windows Store Apps, functions within them, and certificate release can be gated based on verification of a user’s biometric identity.

Pervasive Device Encryption
Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on the Pro and Enterprise SKUs. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily take add additional BitLocker protection options and manageability to these devices. 

Improved Internet Explorer
Internet Explorer 11 improvements include faster page load times, side-by-side browsing of your sites, enhanced pinned site notifications, and app settings like favorites, tabs and settings sync across all your Windows 8.1 PCs. Internet Explorer 11 now includes capability that enables an antimalware solution to scan the input for a binary extension before it’s passed onto the extension for execution

Malware Resistance
Windows Defender, Microsoft’s free antivirus solution in Windows 8, will include network behavior monitoring to help detect and stop the execution of known and unknown malware. Internet Explorer will scan binary extensions (e.g. ActiveX) using the antimalware solution before potentially harmful code is executed.

Device Lockdown
With Assigned Access, a new feature offered in Windows 8.1 RT, Windows 8.1 Pro, and Windows 8.1 Enterprise, you can enable a single Windows Store application experience on the device. This can be things like a learning application for kids in an educational setting or a customer service application at a boutique, Assigned Access can ensure the device is delivering the intended experience. In our Windows Embedded 8.1 industry product, we deliver additional lockdown capabilities to meet the needs of industry devices like point of sale systems, ATMs, and digital signs.

Modern UI experience
Variable, Continuous Size of Snap Views
You have more ways to see multiple apps on the screen at once. You can resize apps to nearly infinite sized windows, share the screen between two apps, or have up to three apps on each monitor.

Boot to Desktop
We have made configuration options available which will allow you to boot directly to the desktop in Windows 8.1.

Desktop and Start Screen
Improvements have been made to better support users who prefer a mouse and keyboard experience to access applications.

These are just some of the key features available in Windows 8.1 We encourage you to test out and try these features when you evaluate Windows 8.1 for use both in your work environment as well as at home in your personal life. Please note that Windows Server 2012 R2 may be required in order for some of these features to be available."

Is your business ready for Windows 8 with The PC Support Group

Say hello to Windows 8.

Everything you want. Everything you need.

Do everything faster and easier with a new Windows built for today’s devices:

·         Windows has been reimagined: From the beautifully fast and fluid Start Screen, apps are a touch away. It just feels natural.

·         Apps at its core: Apps are at the heart of Windows 8. The things you need are built in and work together to make each other better.

·         Stay in the Cloud: Sign in to your Microsoft account on any device and instantly get connected to the things you care about most. Access files anywhere with Skydrive and pick up where you left off.

·         Get more at the Windows Store: Free and paid-for apps bring Windows 8 to life. When apps are bought or downloaded, they can immediately be used on up to 5 Windows 8 devices.

·         Experience browsing freedom: With a minimalist design and fast performance, IE10 is more web and less browser. We’ve also made it more secure and private for safer surfing.

·         Be productive everywhere: Take the office anywhere, access work files on the go while staying secure.

·         Use any device: From tablets to laptops to all in ones, get the same personal, immersive experience on any form factor.

·         Rock solid foundations: Familiar Windows 7 apps and devices will run with the full power of Windows 8.

Open a wider world with Windows 8.

Cloud Computing

Flexible and cost effective cloud based solutions.

Cloud computing is one of the important trends shaping technology for the business market today. Cloud solutions enable you to manage your IT requirements using resources via the internet rather than through a local computer or server.
Cloud computing can:

• increase flexibility – add and reduce computer resources as required
• greater accessibility – access systems from anywhere using PCs, laptops or mobile devices
• reduce capital expenditure – no requirement to invest in expensive server hardware and software
• lower support costs – cloud based systems often require less support as the infrastructure provider takes care of some of this as part of the service

The PC Support Group understands that one size does not fit all and every business is different. We are committed to providing our customers with unrivalled support by offering a range of cloud solutions to suit every need. Whether your focus is cost, security, flexibility or functionality we can provide you with the right solution for your business.

Why choose cloud computing with The PC Support Group?

• Personalised solutions to fit your needs
• Partnerships with leading companies including Rackspace, Microsoft and Google allow us to offer a wide range of value-added solutions
• Support is key to well managed infrastructure… even when it’s in the cloud. Our team takes pride in our speed and quality of response.

What can we do for you?

Here are just a few common business requirements that can more cheaply and easily fulfilled by our cloud solutions:

• File sharing – systems that enable you to share files and folders seamlessly in real time, no matter where you are, and without the need for an expensive server adding to your support costs and IT headaches.
   
• Email/Calendar – in just the same way as servers have provided for many years, it’s now possible to have access to emails, calendars and contacts on any device at any time in any place thanks to the cloud. You and your staff can instantly share, check and set up appointments, wherever they are, all without the need for a server and its associated costs.
   
• Remote desktops – how would you like your staff to be able to access and work on their desktop wherever they are in the world from any PC or mobile device? There is no longer a need to be in a specific location to get on with your job. Maximum flexibility, minimum cost.
   
• Virtualisation – for those that still need servers, cloud solutions can offer greater flexibility and reduced risk. By virtualising your servers we can remove your single point of failure, and therefore the risk to your business of a server letting you down. Your servers will sit on your own private cloud, either at your premises or hosted in a secure data-centre with engineers on-hand 24/7. Your business will carry on even if one of your physical servers lets you down.
   
• Software as a Service (SaaS) – software that can be used on demand for a monthly fee. No high upfront costs, no more complex installations and no more licensing headaches. Imagine logging onto any web browser and having your fully functional software available to you instantly. Totally flexible software, when and where you need it.
   
• Flexible Printing – print any time anywhere. We can set you up so that you can hit print on your iPhone, or other mobile device and your document will print straight out at your office, ready for you on your return… Even if your printer is in York whilst you’re in New York.

PC versus Mac or Microsoft versus Apple

As the Director of a busy IT support company I deal with PCs, laptops and Macs on a daily basis. I am constantly asked by both businesses and home users which device is the best. This question is like asking which car is the best, and just like that analogy is as subjective. “Best” begs the question, in what terms and to who is anything the best, but in this article I will attempt to put both sides of the argument as it currently stands and aim to pre-empt those questions that are regularly asked of me. I am not setting out to write a didactic piece of techno-babble aimed at having you rushing out to swap your computer for one or the other of these devices, but rather a reasoned and balanced set of discussion pieces, so that you dear reader can at least have the benefit of some of my knowledge and experience, which you can judge for yourself how useful it is in the quest to decide which is the “best”.

In my opinion there are 7 key aspects that differentiate the two products and these fall into the rough category of: cost, looks, security, likeability & usability, interface, compatibility and support. 

In terms of cost there is no doubt an obvious and very large difference between Mac products and PC products. However, it must be said that to buy a MacBook Pro equivalent in a PC laptop in terms of components fitted would bring the obvious price differential much closer if indeed it did not overtake it. So, the issue here is that Apple does not sell cheaper end models with low end processors and memory whereas there is a plethora of PC manufacturers all vying for the market share, so causing market forces to push the prices down. The obvious maxim here would appear to be that generally you get what you pay for, but that if all you need is a basic machine to do e-mails and a bit of web surfing then you may ask do you need that performance offered by Mac for that price tag.

As far as look’s go, PCs both laptop and desktop have caught up in recent years forgoing their traditional boring design, now offering some very attractive product ranges and also featuring the monobloc design, always offered by Apple with the base unit and monitor integrated for that refined and minimalistic look. Again, what we have here is personal taste as to what you like to see and feel when you are working or perhaps what looks good in your lounge, although most people when presented with an Apple Mac in stores are always attracted to the Apple look and feel – perhaps most readily drawn by the Apple design philosophy i.e. single aluminium block bodies for their laptops, separate and lighted keys on the keypad and bright glossy LED glass displays. 

Nearly all internet security companies would agree that both Macs and PCs are just as much at risk from an internet security perspective, particularly from phishing attacks, but here is the big difference, the number of viruses and malware written for PCs far outweighs the number for Macs. Based on the most recent statistics Windows dominates the world’s operating systems market with a 91% share of that market, Apple having only 5% and the other 4% being owned by other operating systems. This bare fact alone, discounting the many and varied discussions about how robust the actual operating systems are, Windows or Mac OSX, just the sheer target scope for Windows to be attacked make them a far easier opportunity and although Mac OSX is intrinsically no more secure than Windows Vista or Windows 7 they have far fewer attacks as there are far fewer people writing hacks for them. What defines the security is that for either product if good anti-virus and malware software is run and updated regularly and all patches are downloaded from the relevant OS vendor then – in the main – all should be as well with one as the other providing the user is cautious.

Users of computers - in a very wide sweeping generalisation – appear to fall into two main categories; the mainstream and the uber-cool individualistic type, and as you may guess PCs and Macs appear to fit in that order. In terms of likeability people who don’t care about the general opinion tend to go for Apple whereas a lot of people like the large scale presence of PCs. There are lots of reasons for people’s choice here, but some of it may be down to being comfortable with Windows or not wanting to convert and having to learn a new operating system all over. Some of this is driven by the difference between a known – for many – OS such as Windows and a different way of working which is the Mac OSX. The interface is intrinsically similar but different enough in many key ways to cause many to pause in their choice, particularly driven by what they use at work or having already owned PCs or having children who use PCs. Traditionally the feedback from users in terms of usability of Macs is always extremely positive, with nearly all users asserting an extremely positive user experience, quoting simplicity, and productivity i.e. “my Mac just does it” also people like the look and feel of the Mac OSX, whereas there are many tales of frustration from PC users, although again the market balance means that there are countless more happy users and with Windows 7 this seems to be on the increase.

Some of the most strident voices against Macs as opposed to PCs are raised in the area of compatibility. This is a fact that is hard to argue on both sides, as again with Windows having the 91% market share nearly all software is developed and written with Windows in mind and all hardware is developed to connect and work with PCs first and perhaps Macs second. That is not to say that there is not always a way of finding something that will do the job from an alternate supplier, with a bit of searching, but frustration levels can be high when software and hardware bought and then taken home and installed or connected fails to operate correctly.

Finally, there is the support issue, once you have purchased your choice of computer, for fixing problems and faults that arise or maybe an upgrade is required or wanted. The sad fact is that there is minimal good quality IT support for Macs around and when you do find a good support company they will undoubtedly reflect the fact of their scarcity in their pricing.  PC support is widespread and there are many companies to be found that can carry out any fix, support or upgrade required. The last issue of upgrades is also tempered by the inability, on the whole, to upgrade Macs whereas PCs are easily upgradeable with new components if this is your choice or requirement; if you don’t have the skills or the interest but do have the need again there is a good company around the corner. Apple would say that once purchased it is extremely unlikely – due to the quality of the product – that you will need to upgrade your Mac.

Therefore, in conclusion the decision is as before one of very personal choice, driven by your personal requirements and ultimately what you want to pay and what you like the look and feel of and whether you are willing to go for the unique or happy to be mainstream. In essence the choice is how you feel the device of your choice will match your life and work and pocket. I hope I have at least clarified some of the areas around the choice.

PC Support Group advice - how to choose an ISP

	How to choose an Internet Service Provider (ISP) An Internet Service Provider (ISP) is a company that provides its customers with access to the Internet. They also often provide email accounts and some space for hosting a web site too. In the UK there are hundreds of ISP’s from relatively small companies to large well known names such as BT and Tiscali. So how do you choose the right ISP for your business? There are so many ISPs out there that it can be difficult to know which one is best. The truth is that there is no single perfect provider so you have to find the one that is right for you. In order to figure which one that is, there are some things you should consider… Check the package. The bandwidth advertised doesn’t necessarily mean that you’re always guaranteed that bandwidth. What upload and download speeds are guaranteed for the package in question. How many of your neighbours are you likely to be sharing your connection with (known as the contention ratio)? Is there a maximum data download per month? And what happens when you reach this limit? If you need web hosting, email or spam services then does the package provide these and if so, are they adequate for your requirements? Research service levels. Access to knowledgeable, helpful and responsive support is essential for any business. See what testimonials or awards they won for customer service. If possible ask other users about their experiences, read reviews and speak to an expert. And perhaps most importantly, find out whether they provide telephone support and in what time you can expect a call to be answered. It has been known for customers to wait for hours on a support line and eventually give up with frustration. Read the small print. Contracts vary enormously and the devil is often in the detail. Look particularly for the clauses around cancellation – how and when can you cancel? Are there any penalties? Price. You will obviously want to consider price but you will ultimately pay more in time and lost business if you don’t ensure the package is right. Given the general pricing of ISP packages in the UK, it’s our opinion that businesses should focus on their requirements and the level of customer service above price. The saving of £10 or £20 per month compared to lost time and business through a bad service simply doesn’t make economic sense. The best ISP is the one that works the best for you and your business. Take your time and investigate all of the above. Think about the needs of your business and match them up with the offerings.