Blog Post – Tech Director, Russell Henderson on Cybersecurity and Agile Working

It is predicted globally that companies will spend in excess of $137 billion in 2020 to protect against cyber threats.  However, whilst there are varying estimates and predictions of the global cost of cyber-attacks on businesses this year, the highly regarded technology research company Gartner predict it will be around $3.9 trillion!

Cyber-attacks are no longer conducted just by individuals sitting in bedrooms. State and political sponsored cyber-attacks shape global economies and political landscapes.  The skills behind the attacks are increasing, the rewards for those committing the tasks are increasing, which means it is reasonable to predict more volume and more complexity of attacks in future.

Of all the possible methods of ‘attack’, Ransomware is certainly making itself felt at the minute for businesses. This is when malware encrypts a victim’s environment and the attacker then demands a ransom from the victim to restore access to the data upon payment. We’ve seen a number of attacks in recent months.  In a number of cases, unpatched systems or a weak password in the environment were the initial exploit, these attacks appear more opportunistic than targeted.  Other ever-present threats including phishing and other fraud-based scams which are directed at immediately compromising financial or personal details.

With the countless threats out there to businesses, it is important to have a security-first mind-set in the leadership team. Companies’ focus is so often on time to market, base line product cost and profit margin or process turn-around time. Rarely do you hear “let’s slow down and factor in security throughout the build process or the delivery mechanism”. Speed can, and often does, lead to mistakes or gaps appearing in security, especially when operating over multiple cloud platforms, applications development platforms and open systems.

Business leaders must build in time and cost to account for security throughout their areas of responsibility.  This includes having experienced security specialists involved, whether they are internal people trained up or external consultants and accepting that component choice maybe more expensive for components with better quality security.  Accepting that time scales may lengthen or costs will increase to enhance security is needed.  Also accepting that despite our best efforts you will never be 100% secure, or remain 100% secure, technology and the threat landscape moves at vast speed and what was very secure today can often be exploited tomorrow, a mind-set of continual improvement towards security is also needed.

As working from home is likely to become more commonplace in future, it is vital to account for this when considering security. Home networks tend to be far more open, with devices – including smart speakers, internet enabled sound bars, games consoles, smart lights, three or four smart phones, smart TVs – potentially sharing a network and broadband with multiple work devices.  All of this increases the possibility of a piece of malware, or ransomware finding a weakness and exploiting it, potentially allowing it to find and spread in the local network. Remote workers need strong security and those systems need stringent monitoring to protect the business data users operate with.

Businesses need layers of protection.  No business can rely on a single product, platform or device to protect its data.  An basic example of a layered approach would be to use a latest generation firewall to protect office or home locations and a quality antivirus platform for user devices and servers running on corporate networks.  Additionally, mobile device control and internal network inspection services products are also reasonable steps to take to protect sensitive company, user and client data.

How, where and what data is stored, what service or who is accessing it and how, is a significant consideration.  Security patching, despite being a large, time consuming task, is also important, as is password management: Weak passwords, or passwords that never change are an easy target or an initial exploit to gain access to a company’s resources.

A platform to ingest, correlate and report on the millions of logs generated by these security platforms is also a requirement. Having protection but it being masked by so much data and alerts you can’t see the risks to make use of it is pointless, many businesses now already have or are investing in SoC and SIEM solutions.

These are just some of the challenges and protection measures that TruStack consults around. There are hundreds more products and platforms that need protection and numerous ways to protect, each providing its own benefits and drawbacks and associated costs.

The best “last chance” method of protection you can have is to invest in a robust backup and recovery solution that benefits from an airgap within the solution to protect your data at rest.  This is the very last line of defence and if you find yourself compromised this is often the solution business call upon to recover and cleanse their systems.  The quality of your backup solution will determine if your data is available for recovery and how quickly it can be recovered.

In today’s ever more connected world we need to share or access data ever more readily with more applications and services at greater speed. However, the more open we become, the less secure we become.

It is a common belief that data is now the most valuable of global commodities, be it our personal data or corporate data. Be it for good or for negative purposes, demand to access this data legitimately or illegitimately continues to grow. With data residing in so many different locations – including clouds, corporate networks, mobile and other smart devices, backup media and locations, co-location centres and removable media – it is up to businesses to make sure they have done all they can to protect this information.

It is up to businesses to ensure they have a ‘security-first’ mindset from bottom to top to give them the best chance possible of this happening.

You can read more about our Cybersecurity solutions here or about our Agile Working solutions here.

Or please get in touch with one of the team on [email protected] or 0191 250 3011.

Agile Working Trends E-Book

Whether you call it agile working, remote working or flexible working, it’s changed the game for all businesses.

A well rounded agile working solution should include many or all of the aspects mentioned in the e-book. From Cybersecurity solutions including multi-factor authentication to Disaster Recovery solutions should the worst happen.

In May 2020 we decided to contact our customers to ask them about their ‘new normal’ working practices throughout the pandemic of Covid-19 and if there was anything they would have done differently if they could have.

You can download the e-book created by filling in the form below. You can also read what Commercial Director, Phil Cambers had to say about the findings by clicking here.

Agile Working E-Book Download

  • This field is for validation purposes and should be left unchanged.

Survey Shows Working From Home and Agile Working To Be More Common After Covid Crisis

A forward-thinking IT company which has helped more than 200 North East companies work from home is predicting that ‘agile working’ will become increasingly common in future.


TruStack, based in Cramlington, provides end-to-end IT services and has specialist teams covering areas including cybersecurity, Unified Communications and agile working.


Two months into lockdown, TruStack surveyed its clients to discover the impact of agile working and whether businesses are likely to encourage more employees to work away from the office in the months and years to come.


Seventy five percent of those surveyed said they expected employees to carry out more agile working in the future, while 100% said they had a more positive view of agile working as a result of Covid-19.


TruStack’s Commercial Director Phil Cambers said the survey, which was sent to businesses from a variety of industries in the private and public sectors, could help understand changing working practices for the foreseeable future across different industries.


Mr Cambers said: “We wanted to carry out this survey of our customers’ experience of agile working to ensure we can continue to provide solutions to meet their requirements.


“I would say the survey is representative of workplaces in general. It seems that many people have discovered that they can work just as well from home as they can from an office.


“Moving forward, I firmly believe many more organisations will be encouraging more agile working, and we will see a real shift in future working trends across different industries.”

The survey included responses from a broad spectrum of businesses from manufacturing, engineering, travel and tourism companies to housing associations and legal practices.


Among other products and services, TruStack has enabled its customers to work from home by providing hardware such as laptops, software, enhanced security and unified communications.


TruStack, which was formed following a merger of three IT companies in 2019, has been taking its own advice by encouraging staff to undertake agile working both before, and since, lockdown.


The company has taken on two new apprentices, as well as an engineer and salesperson since lockdown began in March, with all interviews and hiring done online.


Mr Cambers added: “We have encouraged agile working for years – I have always said that work is something you do not somewhere you go.
“We have taken on several new staff since the Covid-19 crisis began, all of which has been made possible by using the technology that we sell.

“It goes to show how the world of work is changing, and we are there to help businesses across the country to enable their agile workforce and maintain the same levels of productivity from anywhere.”

TruStack has a branch office at the Evolve Business Centre, Houghton le Spring, and its head office on the Northumberland Business Park, Cramlington.


Amongst its clients are many of the North East’s Top 200 companies – including Muckle LLP and Collingwood Business Solutions – as well as big names across the UK like the Natural History Museum and Vertu Motors.


For more information on TruStack go to www.trustack.co.uk or call 0191 250 3000 or visit our Agile Working page here.

Thales 2020 Data Threat Report

Did you know that 46% of data generated by European organisations is stored within the cloud?

Click on the link below to download the Thales 2020 Data Threat report. This edition produced by the IDC runs through how organisations are securing their multi-cloud environment in 2020.

Get the report now to learn:

  • How digital transformation complicates security
  • Adoption rates of encryption for cloud data
  • Security recommendations and best practices

Data Owner vs Data Processor – Why You Need to Protect Your Own Data

There’s a common misconception among Software as a Service (SaaS) users that backup isn’t necessary for their data because it exists in the cloud – and that provider will backup and secure your data, right? Unfortunately, this is untrue. SaaS applications such as Microsoft 365 unfortunately are just as vulnerable to data loss as on-premise apps.

Why? Because the number 1 cause of data loss is human error. Staff members accidentally deleting files, opening phishing emails, accidentally downloading malware and more. 
Some scenarios where customers could lose data include:

  • Malicious deletion by a disgruntled employee or outside entity
  • Malware damage or ransomware attacks
  • Operational errors such as accidental data overwrites
  • Lost data due to cancelled app licenses

SaaS providers like Office 365 offer a convenient service to provide access to e-mail services, data storage, and collaboration tools. These features were traditionally offered from an on-premises infrastructure with services like Exchange server and SharePoint server, where the data processor and data owners tend to be the same thing.

Now let’s think about what this means in a SaaS environment, the data processing task has moved to a cloud service where you don’t need to worry about it anymore, however you are still the data owner. This means that you are still responsible for how the data is protected.

In this example, Microsoft’s responsibility as a data processor is bound by the Service Level Agreement, they operate to which guarantees that the service they offer will be available. As of Q1 2020, O365 has a 99.98% up time, or to put that into perspective, an average of 17 seconds downtime per day. Microsoft operates a resilient infrastructure, which meets stringent security qualifications such as Cyber Essentials PLUS and hardware-level resilience by operating its services from multiple data centres in dedicated regions around the world.

All of this is great for providing a service, but it doesn’t protect the data within those services that you as the data owner are responsible for. Let’s assume you have a business requirement to maintain 7 years’ worth of email data when that data lived on-premises, that requirement doesn’t suddenly go away when you move the data to the cloud. Equally, if e-mails were deleted or were subject to some kind of ransomware attack, you would rely on a backup to recover the data. The same thing still applies when the data is running in a SaaS service like O365.

This is where products like Datto SaaS Protection comes into play. For more information on how we can help or a free demo, send us an email on [email protected] or call us on 0191 2503000

Why You Need Multi-Factor Authentication and Thales

Hopefully you will have been on our multi-factor authentication webinar with Thales last week, just in case you missed it, Pre-Sales Technical Consultant Ian Sanderson gives his view on why you need MFA, and in particular, why Thales.

When choosing our multifactor authentication product, it is important to understand our thought process when evaluating the marketplace for a product and more importantly why we were looking.

In the last few years, we have seen a massive swing when it comes to business priorities in IT. You will often find that IT directors and managers mark security as their number one focus on IT spending, and with good reason. Each day we create more and more data which is the lifeblood of many organisations. I would go as far as to say that many businesses would struggle to recover if they lost all their data.

Multi-factor authentication is an important part of a multi-layered approach to securing business assets. A common attack vector is credential theft. Think about what a malicious actor could do if they had access to a corporate Office 365 account or similar. Multi-factor authentication means that even if a user does fall victim to credential theft, it would be near impossible for the malicious actor to use those credentials as each login request would require a unique one-time passcode to login with.

With that in mind, we set out to find a solution that met a set of criteria. Something easy to use, has a rich set of features, is SaaS-based, and offers value for money.

We looked at offerings from Microsoft, DUO, and others which all have their good points, but none of them offered everything we wanted, apart from Thales.

Microsoft is great if you are only interested in securing your Microsoft Ecosystem. DUO was easy to use but required installing various applications on-premises to provide the full functionality of the product.

Thales Safenet Trusted Access allows you to secure many popular cloud workloads such as Office 365 as well as on-premises workloads such as VMware Horizon View and popular VPN solutions. All of this is managed and maintained from Thales SaaS SafeNet Trusted Access platform. No need to install radius or authentication proxy servers.

If you have not heard of Thales before, part of their organisation is the business they acquired when they bought Gemalto in 2019. What you will see here today is part of that Gemalto suite. The name Gemalto may sound familiar, they make products like Passports with the RFID chips, card readers for online banking systems, and importantly, they make One Time Passcode tokens. Those little devices that pop up with 6 digits on that allow you to log in somewhere.

Because Thales make those devices, they can bundle them in with the MFA service, typically at no additional cost. Other vendors we looked at; this was a line item cost. It is important to understand why we think this is a differentiator. Many organisations that would like to roll out MFA may not want users’ personal devices enrolled as an MFA token, or indeed the user may say they do not want any corporate software on their personal device. Having the option to hand out a physical token for those use cases, without incurring an additional charge represents excellent value in our minds.

If you would like more information on MFA, you can watch our on-demand webinar, or drop us an email at [email protected] for your free 30 day trial.

Handy Hints For Agile Working – Office 365

  • Did you know with Office 365 you can access all of your business applications by going to https://portal.office.com? From there you can access everything that you need for the ability to work agile, including Word online, Outlook web access, Excel online etc.

    IT Admins should still be aware that multi-factor authentication should be in place when accessing any apps online.

    Learn more about Thales by clicking HERE

  • Don’t think of Office 365 as just your day to day applications limited to your computer, you can use Office 365 on up to 5 devices licence dependent, for example your tablet or smart phone. You can use OneDrive or SharePoint as a central point to store, share and access information from any device and any location. 

    Remember to keep in mind that Microsoft doesn’t back-up any of your files or data and you will need another solution such as Datto to help protect against loss of information should anything happen.

    Learn more about Datto by clicking HERE

Struggling with Office 365 or Agile Working? You can contact us by clicking HERE!

Handy Hints For Agile Working – Microsoft Teams

Use tech to stay connected – sometimes you can feel cut off from what’s happening in the office when working remotely. By using video calls and instant messaging you can catch up with your coworkers, request information and bounce ideas around the team helping you to feel connected.

1. Did you know that you can send out Team’s conference call details from either within the Teams App or  from Outlook for a handy free of charge conference? You can also upgrade to audio conferencing licencing to include global dial in details.
2. User beware – do you have external contacts within your Teams in Office 365? Be careful when adding attachments that are for internal viewing only!

3. Did you know when on a video conference you can blur your background. You may have confidential information in view of those on your call! You can also use covers for your webcam to ensure you are ready before going live.

4. Double check your audio before starting a Teams call! Do you have your laptop connected to other home devices such as your Echo Dot?!

5. Be careful what you are sharing! Only share the screen that you want to share, you could be sharing important emails, customers details or confidential information.

6. Use of applications – did you know there is a whole host of applications you can add into your Teams, applications such as Trello, Flow, Yammer ect.

7. Did you know that you can record all of your Teams meetings for future playback? Just make sure that you tell the team before you do this!

Struggling with Teams or any other aspect of Agile Working? Why not contacts us? We would be happy to help!

Networking Series – Explainer Videos!

Watch our 2nd and 3rd videos created in the ‘Networking Series’ by Senior Consultant, Ross Phillps.

Ross will take you through the basics of Network Access Control and the Cisco Umbrella product. Both videos will take you through the subject in 3 minutes!

North East IT Company celebrates landmark 50th employee

Technology business experts at TruStack are celebrating a milestone moment after taking on their 50th employee.

TruStack was formed when three businesses – SITS Group, PCI Services and Pivotal Networks – joined forces in September 2019, creating a joint portfolio of more than 250 clients and turnover of £10m.

The new merged business continues to provide IT services to clients across the North East and beyond.

Services include cloud computing, infrastructure design and implementation, data centre services, managed services, unified communications, Cybersecurity solutions and managed desktop services.

TruStack had 40 employees at the time of the merger, but has since increased its staff numbers by 25% to 50 in less than a year, much to the delight of its directors.

Commercial Director Phil Cambers said: “Whether you are celebrating a 50th birthday, 50 years of marriage or a 50th employee, getting to this number is always a huge milestone.

“Being able to reach this landmark moment is testament to the hard work of everyone in the business.

“It makes me very proud that we have built a successful business that can sustain this number of people and has the portfolio of clients that we do.”

Mr Cambers added that despite the economic uncertainty with Covid-19, the TruStack team is working from home to continue providing customers with the services and support they are used to in normal times.

To help support its project scheduling and business administration departments, TruStack has hired two new apprentice trainees from Access Training in Gateshead.

He said: “When you are running a business it is always a fine balance between having higher running costs with more staff, and having too few to provide the level of service expected.

“We feel like we have the balance just right now. It is all about bringing people in at the right time and we feel we have done that.

“In amongst all of the uncertainty at the moment we continue to provide the high level of service our customers expect.

“In order to help support us in this we have employed two fantastic apprentices. We are really pleased to be able to support these young people and give them a start in an exciting career within our industry.”

Services Director Joe Olabode said: “I am very proud of what this business has achieved and will continue to achieve well into the future.

“We have five directors that know and trust each other driving the business forward with a substantial and talented workforce.”

“I am very excited about what the coming years will bring.”

TruStack has a branch office at the Evolve Business Centre, Houghton le Spring, and its head office on the Northumberland Business Park, Cramlington.

Amongst its clients are many of the North East’s Top 200 companies – including Muckle LLP and Collingwood Business Solutions – as well as big names across the UK like the Natural History Museum and Vertu Motors.

For more information on TruStack go to www.trustack.co.uk or call 0191 250 3000.