GDPR is looming – is your business ready?

It is reported that many small businesses are still either unaware of or unready for the new data protection regime, GDPR, that comes into force in May this year.

Businesses will have to ensure that any information they keep on their customers is stored securely, and this applies to both online and paper-based records.

They must also be able to remove any personal information if the customer requests it.

If any services are outsourced to another provider, they too must be GDPR compliant, and both will need to appoint a data operations manager to be responsible for security and compliance.

The new regulations will apply to even the smallest businesses if they keep customer records and there is plenty of advice on what they need to do on the ICO (Information Commissioners Office) website.  This is the best source for information as the ICO will be regulating compliance and has the power to issue fines for non-compliance.

Two particularly helpful guides are the 12 steps to take now downloadable PDF and the checklists on the website, one for data controllers and the other for data processors, available here

At Colchester IT, we can assure our customers that we have already put systems in place to ensure everything is secure.

All websites are stored on third party software to ensure security and all data is now held on a separate server, not accessible to outsiders nor wifi enabled. Everything is also password protected.

In any event we only hold on to data for a maximum of 30 days.

We have also taken steps to ensure that any third party suppliers we use are GDPR compliant and of course, we ask for permission before we send customers any e-newsletters and updates.

We also ensure paper-based records are regularly shredded.


Time to ditch the TomTom?

We have quickly come to rely on sat-navs, rather than physical maps, to help us get from place to place and nowadays we can use direction finders on our mobile phones instead of buying a special gadget.

But how many people have, and still use, that first well-known sat-nav, the TomTom?

Well that may not be an option for much longer, especially if you still have one of the older versions.

In late January this year TomTom announced that it was no longer be providing updated maps for some of the devices.

A spokesman for the company said: “It has become clear that some of our older generation navigation devices do not have sufficient resources to run the newest maps and software.”

TomTom will still be updating some models – “for their useful life”, and owners are warned that they should not assume map updates will continue indefinitely. It said active subscriptions to map updates will continue until subscriptions run out, but customers will not be able to renew maps or receive new software updates.

There is a list of those devices which will no longer receive updates on the TomTom website.


Intel chip vulnerabilities

Intel computer chip vulnerabilities the story so far

Anyone who relies on a Mac or PC for work, which is most of us nowadays, will have been horrified when news broke early in January that Intel had discovered a flaw in the chips it manufactures.

Potentially, this meant that every machine fitted with an Intel chip for the last 20 years or more could have had security vulnerabilities, although there is no evidence that anyone has so far tried to exploit them.

Nevertheless, the fact that this became known, will have worried users, not least because they were likely to be affecting nearly every operating systems and device. Apple, for example, confirmed that the issue affected all its products from Macs to iPhones and iPads.

Toshiba, Dell and HP, Microsoft, Apple started to rush out patches, and some had apparently been working on patches for operating systems at least six months before the news of the problem broke.

But then other problems began to emerge when users installed them.

They were implicated in spontaneous and unexpected machine reboots, and also in slowing machines down, sometimes by as much as 20%.

Most recently, on January 23, Intel issued a statement advising people to no longer apply the patches.

According to a BBC news online report “Intel spokesman Navin Shenoy said it had been investigating why the earlier patches caused “higher-than-expected reboots and other unpredictable system behaviour”.

It added that Intel said it now knew what caused these problems and was developing fresh patches that would work better. The company’s own investigations showed computers slowing down between 2% and 25%.

Technology specialists doubted that there would be a new, improved patch anytime soon, so it’s definitely a case of “watch this space” for developments and hold off from installing the currently-available patches.


Is Apple losing its edge?

Apple laptops and desktops are often the favourite hardware for businesses, partly for quality and partly because they have always been seen as largely hack-proof.

But a recent problem has caused some technical writers to question whether the “big A” is beginning to lose its edge.

A flaw was discovered in the most recent version of MacOS High Sierra, that enabled anyone to enter the machine without a password.

The bug was discovered in late November by a Turkish developer, who discovered that entering the username “root” and leaving the password field blank, hitting “enter” a few times, he could gain access to the machine.

The vulnerability, which fortunately could not be used remotely, could give someone with root access more powers than a normal user, for example to read and write files to other accounts.

More seriously a superuser with root access and with malicious intent could have deleted crucial system files, rendering the computer useless – or install malware that might be undetectable to typical security software.

Apple issued a temporary workaround by allowing users to set a root password while it fixed the problem.

The instructions are here

However, according to the tech publication WIRED, there were more problems when Apple rushed out a patch, within 18 hours, and users discovered that the “root” bug returned if they updated to the 10.13.1, version.  The machine had to be re-booted for the patch to work, but Apple had not included this in the instructions.


Broadband speeds are not what they’re claimed to be?

Broadband speeds are not what they’re claimed to be

A new survey by Which? has found that more than half of internet users are getting broadband speeds that are up to 62% slower than their providers claim.

The Which? figures taken from more than 700,000 consumer speed checker tests and compared with information collected in 2016 by Ofcom, found that in in 52% of local authority areas, people are recording median speeds that are at least 10 per cent slower than the median speeds estimated by providers.

Moreover in 35% of areas speeds are up to 20% slower.

The list of regions with broadband slower than the recommended 10Mpbs includes Ryedale, Purbeck, West Devon and Powys. While, along with Tamworth, Reading, Luton and Enfield get some of the quickest speeds.

Which? MD of home services said that in some locations “there can be a big gap between what people may expect versus what they actually experience in their homes”.

He questioned whether customers were really getting the service they were paying for.

It is timely, then, that Ofcom has recently announced that customers are to be automatically compensated by providers for delays in fixing problems with landlines and broadband, including for slow repairs, missed appointments and delayed installations.

Under its new scheme, to be introduced in 2019, customers will automatically get £8 for every calendar day on which the service is not repaired, after two full working days. They will also get £25 for an engineer missing an appointment or cancelling with less than 24 hours’ notice, and £5 for each calendar day without service after the day they were promised a provider would start that service.

Although the compensation does not cover slow broadband speeds, the Ofcom ruling is a welcome step in getting providers to improve their services to customers.

High Sierra before you update

Before updating to High Sierra, what to know

Apple’s new OS system

Many businesses will use Apple computers believing that the technology is far superior and less vulnerable to hacking and viruses.

However, reviewers of the latest version of the operating system, MacOS High Sierra, warn Mac users to wait a while before installing it and to make sure they do an external back-up before they begin.

According to The Independent tech reviewer Andrew Griffin, in late September, there are two main reasons to wait a few days before installing: “the risks are much higher and the rewards are much less interesting.”

The danger is that in installation, he says, cherished pictures and other data could be lost, and this will be a catastrophe if the installation is on the owner’s main computer.

The High Sierra system has completely revamped the way files are stored with the intention of speeding up some computer tasks. But the question is whether the new system is quite glitch-free.

MacWorld’s Dominic Preston has compared the High Sierra Version with the previous Sierra version and concluded that it isn’t “the most exciting” MacOS upgrade.

On the subject of the revamped file system MacWorld’s review says:

“First of all, copying files and finding the size of files and folders should now be near-instantaneous, the sort of small improvement that will add up over long-term use.

It also helps keep files safe thanks to built-in encryption, data protection for power outages and system crashes, and simplified data backup. It’s also compatible with HFS drives and data so you shouldn’t lost anything during the upgrade – though we’d still always recommend a backup first.”

There have been tweaks to Safari to prevent auto-playing videos and include tracking prevention. There have also been tweaks to mail and messages.

Preston’s conclusion is that there is little reason to not upgrade to High Sierra, but he, too recommends a back-up just in case.


Do you need faster broadband?

How crucial to your business is a faster download speed?

It may be in the interests of Internet service providers to increase their revenue by encouraging you to upgrade to a service that gives you faster connectivity and download speeds, but it is wise to do the research before committing.

Firstly, it’s about bandwidth, expressed as Megabits per second (Mbps).  The larger the bandwidth, the more and faster data can be moved.

Secondly, it is about the purposes for which you use the internet – whether it is downloading movies, using VOIP to make conference calls between different parts of your business and with customers, or simple email communication and internet browsing.  Does your business have to regularly upload large files?

For example, it can be a problem if VOIP calls are constantly breaking up or interrupted when the participants are in the midst of an important discussion or negotiation.

Having defined the purposes for which your business uses the internet the next step is to check on what bandwidth your internet service provider (ISP) is offering, in theory and in practice.

Why might you want to check your bandwidth?

It may be that you think, or suspect, that you are not getting the bandwidth you’re paying for, either on purpose or because something is wrong. Signs may be web pages taking a long time to load or the VOIP example mentioned earlier.

Perhaps, also, you want to check that the internet speed is adequate for a service you are considering buying.

While there are plenty of online free services to test your download speed, it is a good idea to use the test offered by your ISP.  You should do several tests over the course of a day and take screenshots of each, identified with date and time.

This will give you the evidence you need if the service you are paying for is not as good as you have been promised and you want to challenge your ISP.

However, there are other variables that it is worth bearing in mind that can affect internet speed. This is why ISPs always promise speeds of “up to” stated Mbps. The service is being shared with other households and businesses in the neighbourhood and the factors that will affect it include how may users are online at a given time and, within a company where there will be multiple users, how many people are using the system, and for what operations, at the same time.

Only once a business has gathered all the information, defined its internet needs and done the checks will it be in a position to decide whether paying for faster speeds is going to be viable and necessary.


How to avoid email phishing scams

According to the security software provider Malwarebytes 33% of businesses have suffered a ransomware attack in the last 12 months.

Their research also revealed that 20% of UK businesses feel they’d have no chance in stopping a ransomware attack.

But actually, there is a lot that a business can do to protect itself, especially since the majority of approaches designed to either get the recipient to share their personal bank details or to install malicious software that locks the machine until a ransom is paid.

Emails that appear to come from a bank, from HMRC (HM Revenue and Customs) or from well-known companies, even social media accounts like Facebook, often either alert you to a problem, such as a suspended account, or to your being due a refund.  The giveaway is that invariably the message will include an invitation to click on a link in the email.

The main thing to be aware of, apart from the obvious one that you may not in fact have ever used that particular organisation’s services, is that in general neither banks nor HMRC will contact you via email with such information.

Unless you have specifically set up e-mail communication with the bank or other organisation an obvious giveaway of a fake is that it will not detail account numbers but also full names and may also contain spelling mistakes or grammar oddities.

Firstly, businesses should make sure every employee is alert to the possibility of emails being fake, regardless of how authentic the branding may look, and make sure they never click on any links contained in a suspect email.

If you have any doubts, the first thing to do is to hover the cursor over the alleged sender’s email address without clicking on or tapping it.  It should reveal the detailed address, and that will usually be enough to make you suspicious.

Your can do the same with any link in the email you are invited to open. If you are still unsure, log on to the organisation’s website from elsewhere, NOT via the email and check what it says about communications security and any specific alerts mentioned in the email.

Alternatively, if an email appears to come from an organisation with which you do have dealings it is always worth a phone call to check whether it is authentic.

Finally, report or flag the email either to your email provider or the organisation named in the email and alert them to the attempted scam.


What your website developer needs to know

Potential clients or customers generally expect a business to have a website and when they are looking for a product or service it is likely to be their first port of call.

Not only that, but these days, particularly in the UK, they are likely to be viewing it on a mobile phone or tablet, rather than a laptop or PC.

So, a website needs to be constructed and designed to be responsive (easily viewable) across all these. These days, website developers and designers will almost certainly build a site with this in mind.

Similarly, to be acceptable to browsers such as Google and Firefox, a website needs to be secure, as in https: not http.  Again, developers should know this and will need to buy a SSL (Secure Sockets Layer) certificate from an authorised supplier to make the website safety compliant.  The SSL provides secure communication over a computer network.

You should also clarify who owns the copyright of your website design to prevent any problems later and ensure that a cookie policy as well as a proper privacy statement are included, both legal requirements, especially if you are going to ask people to sign up to get access to information.

It may be worth checking with your developer that these features are part of their service, but the developer will also need input from you to do a decent job.

Before you talk to a developer

If you want a design that stands out rather than looking like those of your competitors it is a good idea to do some preparation work before you talk to the designer/developer. This will help you give them the information they will be looking for when they visit your website.

Firstly, you should have a customer profile – a description of your ideal client, their tastes and preferences, their ages, lifestyle, professional level and so on.

Everything should be written from the website visitor’s point of view, defining their problem first before showing how your business can solve it. Work with a professional content writer if this sounds like too much to do on your own.

What your developer needs from you

Either you, or your marketing/content writer should put together a design brief, which will detail your budget, how many pages the site needs and their titles, whether you will supply pictures (always better than stock pictures), perhaps also including examples of websites that you like (and dislike). You will also need to provide images of your company logo and details of your corporate colours.

Do you want to be able to add to and update the site yourself?  In that case you will need a CMS (Content Management System) and guidance on how to use it.

Website developers will generally expect you to supply the words. They will also want guidance on the pictures, preferably original ones that you own rather than stock pictures.  That way you keep copyright of the information but it also helps you to define what pages will be needed, covering what subject matter. A basic website generally includes home, about us. Services/products, testimonials, blog/news and contact pages.

Remember, the clearer you are about what you want your website to look like and contain the easier it is not only to get comparable quotes but also for the website builder to discuss with you what is possible within your budget and to provide you with something that fits your needs.

Before choosing between developers, look at examples of their work and remember, cheapest is not always best. Once you have chosen the developer and agreed terms it is always best to get these details agreed and confirmed in writing.

The first decision is whether you intend to update your website yourself, write and load your own blogs or products.  If so, you will need the website to be built with a CMS (Content management system).  Does the developer provide either an instruction document or training to help you get familiar with it?

Most developers will offer some sort of support or aftercare package, which includes hosting, taking care of security updates, perhaps ongoing SEO work and may also include adding new content or changing existing words.  They will charge a monthly fee for this.  You need to know what services are included and whether there are options, such as a basic package (eg hosting and security) and a higher level package.  You also need assurance that if your developer is going to be adding content for you they will do so promptly.

Other questions to ask

Copyright – some website owners have found when they want to move to a new developer or host that the original developer is blocking them, claiming that they own the copyright to your website.  You must clarify this when negotiating the initial contract.

Cookie policy, these days legally websites must contain information about whether they use “cookies” which are pieces of code to gather information about visitor activity and must offer an option to opt out. Make sure you discuss this with your developer.


Online security is a must for businesses

Businesses should be much more aware of online security after last month’s WannaCry ransomware cyber-attack attacked 200,000 computers in 150 countries, causing chaos for the UK’s NHS.

So many businesses these days rely on their IT systems for record keeping and for communications that it makes sense to do everything possible to keep them both secure and running. Ransomware attacks can take over a machine and lock the owner out until they pay a fee to the hacker.

It is estimated that such incidents have increased by 50% in the last 12 months.

The first thing to do is to ensure that the operating system is up to date, and that any security patches issued by the provider are installed promptly.

Also make sure to protect the system with a reputable anti-virus protection programme.

Remember that as Microsoft rolls out new operating systems, sooner or later it will withdraw support for older ones. This was part of the problem with the NHS meltdown, where some of its system was still using Windows XP, long after Microsoft withdrew support.

The second thing to do is to ensure that all data crucial to the business’ operation is backed up elsewhere, either in the cloud or on an external hard drive, preferably both.

Thirdly, all staff should be trained to be on the alert for suspicious e-mails and above all to never click on any links they contain.  Often such emails will appear to come from a reputable organisation, such as HMRC.

If in doubt about a link, hover the mouse over the link and the complete URL will pop up.  That is often a good indication that it is suspicious. Further checks could be done by either calling the sender or checking its website via a search engine not via any links in an email.

Remote monitoring by your IT support company is another option.  We offer remote monitoring and back-up options via AVG.  Better to be safe than sorry when your livelihood is at stake.