TruStack Focus On… Cybersecurity

Working from home, or ‘agile working’ as we term it at TruStack, has become increasingly common over the past few months as companies adapt their working practices to cope with the impact of Covid-19. From the results of businesses we have surveyed (agile working report here), we believe agile working will only increase in future, and so businesses must be well-prepared to deal with the issues this will bring. Arguably the most important of these is security.

It is predicted globally that companies will spend in excess of $137 billion in 2020 to protect against cyber threats, with the highly regarded technology research company Gartner predicting the global cost of security attacks on businesses will be around $3.9 trillion!

Cyber-attacks are no longer conducted just by individuals sitting in bedrooms. State and political sponsored cyber-attacks shape global economies and political landscapes. The skills behind the attacks are increasing, the rewards for those committing the tasks are increasing, which means it is reasonable to predict more volume and more complexity of attacks in future. It is vital businesses protect themselves by ensuring their rolling out of agile working does not compromise their data, which many believe is the most valuable of global commodities.

Home networks tend to be far more open, with so many devices – e.g. smart speakers, internet enabled sound bars, games consoles, smart lights, smart phones, smart TVs – potentially sharing a network and broadband with multiple work devices. All of this increases the possibility of a piece of malware, or ransomware, finding a weakness and exploiting it, potentially allowing it to find and spread in the local network. Remote workers need strong security and those systems need stringent monitoring to protect the business data users operate with.

Businesses need layers of protection – no business can rely on a single product, platform or device to protect its data. There are, however, some key steps to take to give your business the best chance of protecting against cyber-attacks. These include having a quality firewall, implementing a quality antivirus platform for user devices like our Worry Free service, carrying out security patching, having a multi-factor authentication process such as Thales and investing in a robust backup and recovery solution whether that be Veeam, Datto or a service out of our Data Centre.

These are just some of the protection measures that TruStack consults around. Ultimately, businesses must have a security-first mindset, from bottom to top, where protection of data is an absolute priority, as we transition towards a largely agile workforce.

For any questions or queries please contact us on [email protected] or 0191 250 3011

We’re Hiring!

At TruStack our vision is to build a sustainable and socially responsible organisation that is trusted by our staff, our customers and our vendors to provide outstanding customer service and innovative solutions.

After a period of rapid growth, team TruStack are hiring for a number of roles!

Are you enthusiastic about telephony or networking and being part of an experienced team of industry specialists? If yes, we may be the perfect fit for each other!

If you are passionate about delivering exceptional customer service, solving complex problems and full of ideas then you might be the person we are looking for to join us at TruStack.

We have the following two roles available for immediate start;

  • Telecoms and UC Engineer
  • Systems and Networking Engineer

In return we will commit to a full on boarding schedule, a competitive remuneration package and access to ongoing personal development.

For more information and a full job specification, please email [email protected]

Please note we are not accepting applications from recruitment agencies at this time.

Blog Post – Tech Director, Russell Henderson on Cybersecurity and Agile Working

It is predicted globally that companies will spend in excess of $137 billion in 2020 to protect against cyber threats.  However, whilst there are varying estimates and predictions of the global cost of cyber-attacks on businesses this year, the highly regarded technology research company Gartner predict it will be around $3.9 trillion!

Cyber-attacks are no longer conducted just by individuals sitting in bedrooms. State and political sponsored cyber-attacks shape global economies and political landscapes.  The skills behind the attacks are increasing, the rewards for those committing the tasks are increasing, which means it is reasonable to predict more volume and more complexity of attacks in future.

Of all the possible methods of ‘attack’, Ransomware is certainly making itself felt at the minute for businesses. This is when malware encrypts a victim’s environment and the attacker then demands a ransom from the victim to restore access to the data upon payment. We’ve seen a number of attacks in recent months.  In a number of cases, unpatched systems or a weak password in the environment were the initial exploit, these attacks appear more opportunistic than targeted.  Other ever-present threats including phishing and other fraud-based scams which are directed at immediately compromising financial or personal details.

With the countless threats out there to businesses, it is important to have a security-first mind-set in the leadership team. Companies’ focus is so often on time to market, base line product cost and profit margin or process turn-around time. Rarely do you hear “let’s slow down and factor in security throughout the build process or the delivery mechanism”. Speed can, and often does, lead to mistakes or gaps appearing in security, especially when operating over multiple cloud platforms, applications development platforms and open systems.

Business leaders must build in time and cost to account for security throughout their areas of responsibility.  This includes having experienced security specialists involved, whether they are internal people trained up or external consultants and accepting that component choice maybe more expensive for components with better quality security.  Accepting that time scales may lengthen or costs will increase to enhance security is needed.  Also accepting that despite our best efforts you will never be 100% secure, or remain 100% secure, technology and the threat landscape moves at vast speed and what was very secure today can often be exploited tomorrow, a mind-set of continual improvement towards security is also needed.

As working from home is likely to become more commonplace in future, it is vital to account for this when considering security. Home networks tend to be far more open, with devices – including smart speakers, internet enabled sound bars, games consoles, smart lights, three or four smart phones, smart TVs – potentially sharing a network and broadband with multiple work devices.  All of this increases the possibility of a piece of malware, or ransomware finding a weakness and exploiting it, potentially allowing it to find and spread in the local network. Remote workers need strong security and those systems need stringent monitoring to protect the business data users operate with.

Businesses need layers of protection.  No business can rely on a single product, platform or device to protect its data.  An basic example of a layered approach would be to use a latest generation firewall to protect office or home locations and a quality antivirus platform for user devices and servers running on corporate networks.  Additionally, mobile device control and internal network inspection services products are also reasonable steps to take to protect sensitive company, user and client data.

How, where and what data is stored, what service or who is accessing it and how, is a significant consideration.  Security patching, despite being a large, time consuming task, is also important, as is password management: Weak passwords, or passwords that never change are an easy target or an initial exploit to gain access to a company’s resources.

A platform to ingest, correlate and report on the millions of logs generated by these security platforms is also a requirement. Having protection but it being masked by so much data and alerts you can’t see the risks to make use of it is pointless, many businesses now already have or are investing in SoC and SIEM solutions.

These are just some of the challenges and protection measures that TruStack consults around. There are hundreds more products and platforms that need protection and numerous ways to protect, each providing its own benefits and drawbacks and associated costs.

The best “last chance” method of protection you can have is to invest in a robust backup and recovery solution that benefits from an airgap within the solution to protect your data at rest.  This is the very last line of defence and if you find yourself compromised this is often the solution business call upon to recover and cleanse their systems.  The quality of your backup solution will determine if your data is available for recovery and how quickly it can be recovered.

In today’s ever more connected world we need to share or access data ever more readily with more applications and services at greater speed. However, the more open we become, the less secure we become.

It is a common belief that data is now the most valuable of global commodities, be it our personal data or corporate data. Be it for good or for negative purposes, demand to access this data legitimately or illegitimately continues to grow. With data residing in so many different locations – including clouds, corporate networks, mobile and other smart devices, backup media and locations, co-location centres and removable media – it is up to businesses to make sure they have done all they can to protect this information.

It is up to businesses to ensure they have a ‘security-first’ mindset from bottom to top to give them the best chance possible of this happening.

You can read more about our Cybersecurity solutions here or about our Agile Working solutions here.

Or please get in touch with one of the team on [email protected] or 0191 250 3011.

Agile Working Trends E-Book

Whether you call it agile working, remote working or flexible working, it’s changed the game for all businesses.

A well rounded agile working solution should include many or all of the aspects mentioned in the e-book. From Cybersecurity solutions including multi-factor authentication to Disaster Recovery solutions should the worst happen.

In May 2020 we decided to contact our customers to ask them about their ‘new normal’ working practices throughout the pandemic of Covid-19 and if there was anything they would have done differently if they could have.

You can download the e-book created by filling in the form below. You can also read what Commercial Director, Phil Cambers had to say about the findings by clicking here.

Agile Working E-Book Download

  • This field is for validation purposes and should be left unchanged.