Connexion IT

Brook Henderson – Case Study

Tom Admin — Wed, 17 Apr 2024 11:09:49 +0000

In 2010 with a number of their IT servers reaching the end of life, together with a requirement to adjust to a new business structure the group IT service needed to rethink their Strategy. The business needed a new IT infrastructure that would achieve a number of goals.

Managing change

First it had to be flexible enough to support an ever changing portfolio of group companies in the most cost efficient manner. Secondly, it had to be robust and secure as the services delivered to customers depended on the continuous availability of IT.

This was especially true for those group businesses such as Asteral that provided strategically important support services into the NHS. In order for Asteral to continue providing services to these clients they had to demonstrate that they could comply with a stringent business continuity and disaster recovery regime.

Brook Henderson asked Connexion, their existing IT support partner, to help advise on both the technology and its implementation.

Neal Murphy, Group IT Manager commented

“We gave Connexion the challenge of finding us an appropriate infrastructure solution. We were impressed with their professional approach of ensuring that any solution design was aligned to our business objectives and then following this up with a systematic plan and implementation process.”

Customer Profile

Brook Henderson is a privately owned organisation with a proven track record in creating value within the UK health and energy sectors. As a holding company they have used their expertise in asset and finance related activities to invest and build in a diverse portfolio of highly successful service businesses. These organisations provide a diverse range of services from maintaining high-tech imaging equipment in hospitals to developing sustainable onshore wind farms across the UK.

The capability of these businesses to provide value to customers is underpinned by a sophisticated IT service that provides timely operations and financial information as well as supporting their ability to communicate with clients.

A new IT strategy

The implementation of this new infrastructure platform brought together several disparate server systems, one for each managed company, into one environment. Through using the latest virtualisation and SAN storage technology this new architecture was designed and built to withstand multiple points of failure and therefore to enable continuous operation.

The virtualisation ensured that processing capacity was shared amongst a number of servers so that if an individual server failed the others would absorb the load to provide a “non-stop” service. In addition, data from the office infrastructure is replicated to an offsite server and disk storage system to provide a full disaster recovery solution. One major benefit of this design is that disaster recovery testing can be undertaken offsite without affecting the main business systems.

The combination of a highly available office system backed up by secure offsite data replication ensures that IT can now better support the business objectives. It provides a more dependable and scalable service that is easier to manage at the same time as fulfilling the customers’ rigorous business continuity compliance requirements.

Managed service to maintain performance

Although the performance of the new infrastructure environment was significantly greater than the one replaced, Brook Henderson realised that they needed help to ensure that it stayed that way. As with all IT systems, constant management is required to ensure that performance is optimised and any problems spotted early to reduce unforeseen downtime.

Brook Henderson therefore commissioned Connexion to maintain their environment through a proactive managed service contract. This service provides a help desk to respond to any issues, as well as proactive prevention services such as systems monitoring and regular onsite health checks and maintenance. In addition Connexion collates all the information gained from this service to provide proactive advice on how to develop and improve the IT delivery for the future.

“As far as I am concerned Connexion are part of my team and they help me maintain a positive reputation with the group businesses, who are in effect my customers. In my experience there are lots of IT companies who can do reactive support, the difference with Connexion is that they take ownership for managing our infrastructure. This means identifying early the causes of possible future problems and fixing them; therefore reducing the reliance on fire fighting and reactive support. The outcome is that we have a dependable IT service that is aligned to our business objectives and supports our ability to serve our customers better.”

The post Brook Henderson – Case Study appeared first on Connexion IT.

Purley Park Trust – Case Study

Tom Admin — Wed, 17 Apr 2024 11:03:10 +0000

Purley Park Trust is a not-for-profit Charity that provides support for adults with learning disabilities.

They support 80 people in 80 different ways in Care Homes Services, Supported Living, Domiciliary Care and Day Care services. Purley Park Trust are committed to ensuring that each of the people they support get an excellent service from the trust – delivered in a way that works for them. Help and support is offered through a team of 110 employees providing services to customers within West Berkshire, Reading and the surrounding area.

Challenges

Like many other small dedicated charities, Purley Park Trust operates under a weight of compliance legislation and administrative bureaucracy. Often much of their valuable time is spent manually completing forms to demonstrate that they are compliant with their legal, regulatory and contractual duties. While they recognise the need for this work, it requires significant effort just to demonstrate compliance.

However, the Trust sees being compliant as a starting point rather than an end result though. For some time they have been thinking about how to maintain this as quickly and efficiently as possible so that as much time as possible can be devoted to ensuring that their customers get an excellent service – not just a compliant one.

At the beginning of 2012 this challenge was further compounded by an aging IT infrastructure that was dying on its feet and failing to support the organisation and its goals. Most IT related processes were hampered by extremely slow running and poor reliability. For example, HR and policy records would simply disappear or become corrupted meaning painstaking rewriting and archiving. As a consequence IT didn’t actually add any value to the running of the organisation and staff declined to use it.

Purley Park Trust was also concerned about potential risks posed by inadequate data storage and backup as well as security provision for items such as anti-virus and firewalls.

Larry Grady, Chief Executive commented

“When I joined Purley Park in late 2011, it was clear that the IT system wasn’t fit for purpose. It was right at the top of the list of issues that our Operations Manager though we needed to deal with. It neither supported our day to day operations and record keeping, nor provided any help in developing our services for the future.”

Customer Profile

Customer: Purley Park Trust Ltd
Customer Size: 110
Country or Region: UK
Industry: Social Care Services
Partner: Connexion

Software and Services

Microsoft 365
Microsoft Office SharePoint Online

Solution

The Purley Park Trust management team were confronted with an issue; find a significant capital sum to replace the current set up or gradually return to paper based systems. Local IT service firm, Connexion, were invited in on the basis of quoting for a replacement IT server, however, they offered an alternative solution. This would provide a dramatically enhanced IT system at a much lower cost of ownership, as well as access to on-going support, advice and strategic leadership. Connexion suggested a hosted or “cloud” based service that would mean that Purley Park Trust could access all the services they needed without having to acquire and manage their own server. In addition they could replace their desktop and laptop pc’s with lower specification and cheaper internet enabled devices.

Connexion implemented Microsoft 365 and Terminal Server as the chosen technology which provided access to email, Microsoft Office, Sage accounting and payroll, MS Lync for internal messaging as well as the Microsoft collaboration tool and development platform SharePoint. Managed data storage, backup and security were also provided as part of the service.

Central to this was the implementation of high speed access to the internet through low cost fibre technology, and the linking of various properties to this access through wireless technology. In addition, Connexion provide a managed service for a flat fee that ensures continued availability of the system as well as on-going strategic advice that keeps IT development aligned to the overall organisational strategy.

Larry Grady commented

“Fom the start Connexion’s approach was very different from the other suppliers we talked to. Instead of taking the easy route of replacing what we had, they listened to what we needed as an organisation and suggested something more appropriate.
Not only that, but they invested a significant amount of time reassuring our whole team of the viability of the solution and demonstrating the effectiveness through pilot systems.”

“The internet access feels like it’s a thousand times faster. This has brought a whole raft of benefits such as enabling our customers in the residential homes to access services like internet shopping for the first time, which has had a positive impact on their lives through enabling more independence.”

Outcomes

In addition to internet access speed, Purley Park have also enjoyed a number of other benefits:

Reliability – the staff now have confidence in the system and as a consequence are investing time in improving communication using internal messaging and email.
Speed and data security – the cloud based solution allows fast access from any location and enterprise level backup.
Mobile and home working – Microsoft 365 enables the employees to securely access documents from offsite so enabling flexible working if required.
Low cost of ownership – there is no requirement to maintain an on-site server or provide complex pc support as the use of Terminal Server simplifies the pc setup. In addition the use of wireless technology to link buildings reduces external communications costs.
Improved Internal information sharing – policies and procedures are far more accessible for users and can be properly managed with version control and workflow.
Releasing time and resources – The business process management system will save time and make information more accessible to the whole organisation. As a consequence the organisation can spend more time on its core function i.e. ensuring that each of the people they support get an excellent service – delivered in a way that works for them.
Improved stakeholder management – by providing easy access to the information that the many Stakeholders require, Purley Park Trust is demonstrating openness and inspiring confidence.

Overall the new system has been transformational as Larry Grady suggests

“In just a few months, the implementation of this new system with Connexion has transformed our ability to focus on our customers and has released the time to enable us to plan and develop our services going forward.
Now that we have the right IT partner and the right tools, I am personally really excited about what IT can do for us to further enhance the support we provide to our customers and the community.”

The post Purley Park Trust – Case Study appeared first on Connexion IT.

Faulkners – Case Study

Tom Admin — Wed, 17 Apr 2024 10:57:46 +0000

Business Needs

Increasingly their commercial clients require their contractors to comply with a whole range of specifications and requirements. In recent years there has been an increasing need for clients to be able to access information regarding their contracts online. In addition suppliers need to provide the necessary assurance that their business has a robust information and record keeping capability i.e. IT system.

With these new client requirements and the overall growth of the business Faulkners new Financial Director, Mel Faulkner, was looking to upgrade the level of support they were receiving from their IT service provider. They had been receiving support services with the same provider for 10 years which had worked out well but Faulkners now wanted someone to offer more than support. They needed a managed service company to be responsible for ensuring the on-going availability and development of the IT service; to help maintain but also develop and improve the IT service.

Mel Faulkner commented,

We depend on IT for just about every element of our business; accounts admin, record keeping as well as onsite service support and information sharing with clients. However, IT is not a core competence we have within the business or want to develop, so we needed someone we could rely on, trust and take ownership for the day to day running of our systems as well as its future development.

Customer Profile

Faulkners Heating has been established for over 50 years providing plumbing and heating services to the local Reading area. Whilst they serve both domestic and commercial clients, the majority of their revenue is generated through long term contracts with local authorities and housing associations. For their commercial contracts Faulkners provide complete heating system refurbishment within a given set of properties as well as on-going maintenance and repair. In any given year they might install over 2,500 heating systems, through a team of over 70 staff and specialist subcontractors.

Solution

Connexion were awarded the contract and have for the past 3 years been providing a full managed service that both maintains and develops Faulkners IT. This service is delivered through a number of integrated services. These include:

a help desk providing a responsive support service
a regular system health programme involving monthly on-site visits and automated updates
a continually manned remote monitoring system that looks to spot problems early to prevent unexpected systems failure
a virtual CIO that helps plan and develop the IT service as well as providing regular reports and recommendations to the Faulkners management team

During the last few years Connexion have upgraded and replaced the main servers and some of the end user workstations. They also provide first level support for their key specialist applications such as their vital estimating software provided by Amtech, as well as enabled the deployment and connectivity of PDA’s to onsite service engineers.

Mel Faulkner:

“One common problem we had in the past was the conflict between our IT infrastructure support and key software applications providers where one blamed the other for problems. Now that Connexion take ownership for solving these issues we no longer need to be involved.”

“The Connexion managed service certainly has been a significant step up from where we were before. The proactive nature of the service means that we feel more confident that IT will support us and we see far less unscheduled downtime. In addition we often have to work late or at weekends to complete estimates on time, and the out of hours service has been a tremendous help in ensuring we meet deadlines.”

Benefits

One major development that is helping Faulkners share information both internally and with clients is the development of a web based information sharing system based on the Microsoft SharePoint platform. This enables clients to login securely into a self-service information system and access most of the information they need such as details on specific site configurations, service history and KPI’s. Connexion specified, planned, configured and implemented the new information system over a 6 month period.

“The development of the new internet information sharing system has been a significant bonus to our business. It not only improves our ability to deliver consistently through sharing standardised information within the organisation, it also helps us win more business through enhancing our competitive proposition with clients.”

In summary Mel Faulkner observes

“A robust IT system is fundamental to our business, however the bonus now is we don’t have to spend our valuable time managing it; we feel in control without the distraction. We now generate more value from IT in both supporting our business as well as enhancing the service we offer to our clients. We would strongly recommend Connexion to anyone that is looking to adopt a managed service approach.”

The post Faulkners – Case Study appeared first on Connexion IT.

People1st – Case Study

Tom Admin — Wed, 17 Apr 2024 10:50:57 +0000

People 1st is the sector skills council for hospitality, passenger transport, travel and tourism. As a government recognised, industry-focused body it supports the development of skills and training across 24 industries.

Together they contribute over £63 billion in GVA each year, and employ approximately 2.9 million people in more than 419,000 establishments.

Their aim is to engage with as many employers and employees as possible within each of these industries, making the case for skills and productivity. The organisation provides three key services; research, vocational learning and training.

Employing around 100 people across a number of locations in the UK, People 1st is both growing and changing on a significant scale. Taking on new services and partnering with other providers has created a constant need to change and adapt to grasp new opportunities.

IT provides a vital backbone to all the services that People 1st provides, enabling access to numerous applications to users across the UK.

IT Challenges

In 2011, with growth continuing at a pace, People 1st made a decision to bring in additional expertise to help develop the existing infrastructure and ensure it could continue to underpin the business growth. Connexion was engaged to provide a fully managed IT service and advice on IT strategy.

Connexion, through their usual approach of undertaking an initial audit, created a development plan which encompassed the existing network of 9 servers and end user PC’s. In addition, it covered areas such as backup and disaster recovery, software configurations, software licence compliance and infrastructure documentation.

The key challenge was finding a way to transition the infrastructure onto a platform that would enable a flexible approach to growth whilst improving the efficiency of use at the same time as retaining stability and dependability.

Customer Profile

Customer: People1st
Customer Size: 100
Country or Region: UK
Industry: Hospitality, passenger transport, travel and tourism
Partner: Connexion

IT Challenges

Solutions

Connexion deployed their Managed Service that provides the framework to introduce best practice, IT automation and a Virtual CIO Service to help advise and drive developments forward.

The changes that were suggested and implemented under this service were as follows:

Updating the core infrastructure

Over a period of 12 months all of the services provided on 9 old servers were migrated to a new scalable infrastructure using two virtual host servers. In addition, the backup and disaster recovery policies and procedures were improved to reduce recovery times in the event of disaster or failure.

Standardisation

The aim here was to standardise, and wherever possible, improve the user experience, to make the IT easier to manage and provide a flexible platform for growth. Standards were created for different departments so that processes, such as new starters and leavers, could be completed quickly and easily.

Complicated non-standard end user desktop configurations were replaced with standard thin client environments which enabled workers to log on from any point including remote and mobile working.

A standard service for mobile phones was introduced through the adoption of a Blackberry server and handsets which improved security, manageability and the user experience.

Software compliance

Connexion completed an audit of all the software in use on the network as well as the current software licensing and developed procedures to ensure that the business continued to be fully compliant as it grew.

Documentation

Full documentation was produced on both the infrastructure configuration and the IT procedures for areas such as change management and support. This ensured that knowledge on the configuration could be shared and the infrastructure maintained as part of a standard dependable process.

Asset Management

All the IT assets were reviewed to ensure they were fit for purpose and an asset management procedure was introduced to track assets and provide improved information to the finance department.

Proactive Monitoring and Helpdesk

As part of the managed service Connexion set up a dedicated monitoring facility to ensure that any issues on critical functions were identified and resolved thus preventing any negative impact on productivity.

Solutions

In March 2012 Robert Morley joined People 1st as Corporate Services Director, with a remit covering IT. He undertook an immediate evaluation of the IT Infrastructure together with Connexion and their services.

“The Virtual CIO service that Connexion provides is both responsive to issues and proactive. Their support people don’t wait for problems to arise they are constantly monitoring and analysing systems performance to look for potential failure points. The effect of this service is that we have gone from three IT people to one, at the same time as having much better visibility of the operational health of our IT capability.”

Having established an IT platform that would enable flexible growth Connexion are now helping People 1st to take on new business challenges. For example, the recent acquisition of two organisations has required the assimilation of their systems into the existing People 1st infrastructure. Connexion has been providing the advice and technical skill to enable this to happen.

Robert Morley concludes:

“IT is fundamental to our business. IT supports and underpins every element of what we do from Finance and CRM to email, office tools, information portals and websites; so we need it to be dependable and stable. However, we are also a rapidly growing and changing organisation so we also need IT to be flexible and capable of adapting to change.
Marrying these two elements of dependability and flexibility can often be a challenge but with Connexion’s help we are managing this successfully and providing an IT service that supports business growth.”

The post People1st – Case Study appeared first on Connexion IT.

Velosi – Case Study

Tom Admin — Wed, 17 Apr 2024 10:41:29 +0000

The VELOSI Group, founded in 1982, provides Asset Integrity, Health, Safety and Environment (HSE), Quality Assurance, Quality Control and Engineering services to a number of leading national and multinational oil and gas companies, including BP, Shell, ExxonMobil, ADNOC, PETRONAS, PetroBras, ONGC, and Chevron.

The Velosi Group operates globally through five regional headquarters in the USA, the UK, Malaysia, South Africa, and the UAE and has 63 offices in 36 countries worldwide.

Velosi is a fast-growing engineering company with 63 offices in 36 countries. They were rapidly outgrowing their in-house email and intranet servers, which were struggling to cope with a growing headcount. They also needed to support a worldwide workforce and, of course, keep costs under control.

Velosi worked with Connexion, a Microsoft Gold Certified Partner, to implement a solution using Microsoft Exchange Online and Microsoft SharePoint Online.

The new system has proved easier to manage with fewer IT staff. It provides easy, reliable access for staff around the world, including smartphone support. Above all, it has helped Velosi to cope with rapid growth while, at the same time, cutting costs compared with the in-house alternative.

Customer Profile

Customer: Velosi PLC
Customer Size: 1200
Country or Region: UK
Industry: Engineering
Partner: Connexion

Software and Services

Microsoft Exchange Online
Microsoft Office SharePoint Online

Business Needs

Velosi is a 700-person, global engineering company that focuses on quality assurance, mainly in the oil, gas and utilities. For example, if an oil company buys a large piece of equipment for an oilrig, they hire Velosi to inspect it and make sure it will work as advertised.

The company started in the early 1980s and has grown very rapidly since then. To tame its “higgledy-piggledy IT systems,” Martin Coles, Velosi’s Technical Development Director, consolidated its IT systems, including Microsoft Exchange and SharePoint servers, so that they ran from a UK data centre rather than dozens of different systems in different countries. While this approach worked well for around 150 users, by the time they reached 300 employees, “we realised that our servers just weren’t coping and that it was time to change.”

The company was experiencing poor performance and outages. The servers were reaching the end of their service lives and they had been scaled to serve a much smaller workforce. The result? Instability, unreliability and increasing costs.

To replace such as a system, Velosi needed something new that would guarantee uptime, reliability and worldwide access without performance hiccups and slowdowns. Coles also looked for something that was simple and easy to manage in order to keep the IT overhead costs as low as possible.

Solution

Velosi approached Connexion, Connexion is a Microsoft Gold Certified Partner based in Reading, near their UK regional head office. Connexion proposed Microsoft Exchange Online and Microsoft SharePoint online and as well as a fully managed migration service for users and existing SharePoint sites. This would give Velosi the latest versions of tools that they were already using but without the cost and management overhead of hosting the servers themselves (or paying someone else to co-locate them in a share data centre).

Cost was an important factor in the decision. Coles:

“We looked at the capital cost of buying new hardware in-house and the rapidly increasing cost of staff to maintain it and our projections for future growth.”

They didn’t like what they saw.

On the one hand, there was the risk of underprovisioning and buying less hardware than they might need if they grew faster than expected. After all, this had happened once already. On the other hand, there was the expensive risk of overprovisioning and buying too much stuff ‘just in case’. Taking a five-year view, one approach looked risky, the other expensive.

The Microsoft cloud alternative began to look more and more attractive. Costs would rise in direct proportion to headcount and there was, effectively, no limit to growth. It also promised to be cheaper than buying hardware in-house. Finally, thanks to Microsoft’s global presence, service level agreements, and multi-national data centres, it promised better availability and performance than a system located in one data centre in one country.

Benefits

Ultimately, the choice was easy and Velosi selected Exchange Online for email and SharePoint Online for collaboration and document management. Connexion migrated all their users’ Exchange accounts and their SharePoint sites, while also upgrading them to the latest version of SharePoint.

The benefits were immediate and substantial:

Easier to manage

“We’ve reduced the number of people working on email,” says Coles. This has allowed them to defer hiring new IT staff and reassign existing staff to more interesting and useful roles.

Global access

With 63 offices in 36 countries, employees can now access the email and documents from Microsoft’s servers over the internet rather than using a congested VPN connection to Velosi’s data centre. “It’s also a security benefit,” says Coles, “Because we have fewer holes in our firewall now.”

Smartphone support

Exchange Online supports popular smartphones, including Blackberry and Apple iPhone, without any additional hardware or software and it is very easy for users to set up their phones.

Reliability

“We doubled the number of mailboxes and nobody blinks,” says Coles. Exchange Online can scale up easily and copes hundreds of mailboxes as easily as it manages a handful.

Cost savings

Replacing the three original servers would have cost Velosi approximately £80,000 with licensing. Compared with the three-year cost of deploying Exchange Online and SharePoint Online for the number of users they had then, the company saved £10,000. But when you add in the savings in support, maintenance, staff and everything else, it could be much more. For example, Coles thinks that he has been able to save the cost of a full-time IT person at about £30,000 a year for three years

“We made an immediate £10k saving but when you add the savings in support, maintenance, staff and everything else it adds up to much more: probably the cost of a full-time IT guy at about 30k a year for three years.”

Ultimately, though, the biggest benefit is that Microsoft hosted services has given Velosi tremendous flexibility. For example, in the year since Velosi switched to Exchange and SharePoint Online, they have doubled in size – two years ahead of plan.

“If we had bought in-house servers we’d already be in trouble. But because we went cloud-based, all we did was buy more licenses. From our perspective, [Microsoft’s services] are just phenomenal. They save us so much grief.”

The original Microsoft Case Study can be viewed at http://www.microsoft.com/ Canada/ casestudies/ Case_Study_Detail.aspx? casestudyid=4000010243 or you can download it as a Word document from http://www.microsoft.com/ Canada/ casestudies/ ServeFileResource.aspx? 4000021869

The post Velosi – Case Study appeared first on Connexion IT.

Legal Rights Partnership – Case Study

Tom Admin — Wed, 17 Apr 2024 10:28:14 +0000

Legal Rights Partnership (LRP) is a specialist immigration law practice that provides expert legal advice on all aspects of UK immigration, nationality, asylum and human rights law.

Based in Reading they are one of very few specialist immigration law solicitors’ practices outside London supporting both individual and business immigration needs.

In 2010, the practise opened its new office in Reading and required a complete IT infrastructure solution to support the business and ensure it met the guidelines laid down by the Solicitors Regulation Agency (SRA).

Solange de Carvalho, Partner at Legal Rights Partnership commented

“Of course it is essential for us to have a robust IT system within the practise; as with most businesses, everything from email, to accounts and record keeping is dependent on our IT. However, we also have to meet the growing requirements of the SRA in terms of data protection; ensuring the security of our client data is critical. We are now responsible for self-reporting to the SRA any potential breaches of our security from the outside, requiring both a robust IT security system and an ability to spot any infringements. In addition we also need a robust back-up and recovery system for business continuity.”

Connexion were chosen to first advise and then implement the initial infrastructure. Of particular importance was the ongoing support, the maintenance of their email and the protection of all their data.

Solange added, “We chose Connexion because they clearly understood the challenges we faced in relation to SRA regulations, in particular data security. They were able to guide us through the available options in a way we could understand and they gave us the confidence that we were installing a cost effective and secure solution”

Remote working was also a key requirement with all fee earners needing the facility to work remotely whilst maintaining appropriate levels of security to satisfy SRA regulations.

Solange added, “Email has become a very critical tool and central to our ability to communicate with the court, barristers and clients. We therefore needed to ensure we had a well-managed and secure private email service to ensure the continuity of this line of communication.”

Having successfully implemented the IT infrastructure, Connexion have supported the practise through their managed service. Via continuous remote monitoring and other proactive managed services Connexion ensure that their email is always optimised and their data fully protected.

The managed service is delivered through a number of integrated services. These include:

a help desk providing a responsive support service
a continually manned remote monitoring system that looks to spot problems early to prevent unexpected systems failure
a virtual CIO that helps plan and develop the IT service as well as provide regular reports and recommendations for improvements to the partner management team.

“Connexion’s managed service works in the background ensuring our system is available and secure. So for instance, if we forget to do a daily backup, they call us to remind us to do one. They also run a weekly back-up remotely to provide additional cover.”

“In the last two and half years we have never had a problem. In comparison with all the other work challenges that we face day to day, we have never had to worry about our IT. We can therefore dedicate all our time and effort on helping our clients.”

As the practise expands the partners are looking to expand and upgrade their IT capability further and Connexion are helping them with both potential infrastructure upgrade considerations taking into account the needs of specialist legal systems such as Quill.

The post Legal Rights Partnership – Case Study appeared first on Connexion IT.

Global Brands Need Consistent Global Cyber Security… But How?

Tom Admin — Fri, 27 Oct 2023 08:33:25 +0000

Consistency underwrites the value proposition. Your customers might first come to you for any number of reasons, but they stay because you deliver what you have promised. You don’t have to be the cheapest or the fastest or the best. But you do need to be consistent and reliable.

Anything which interferes with consistency transforms brand promises into unfulfilled aspirations, or worse, outright lies. It might not even be your fault. And it can happen with astonishing swiftness as we all saw with Covid.

Notwithstanding conspiracy theories, Covid was entirely accidental. Yet it was the most powerful disruptive force since America’s Great Depression of 1929. In April 2021 the Wallstreet Journal reported that the pandemic caused the permanent closure of roughly 200,000 US businesses (above and beyond the usual rate) during the first year alone. 

When Covid ripped through Europe, EuroStat recorded that around 397,000 people in the European Union lost their jobs in the month of April 2020 alone. In truth, no country was untouched and, initially, there was no defence, very little mitigation and a whole heap of uncertainty. 

Enough about Covid. My point is that the world endured a period of damaging uncertainty which no one had predicted or planned for. Today we face a man-made threat which is not only destructive but is almost inevitable. I’m referring to cyber-attacks – the bane of every global business.

Almost inevitable? Well, certainly more likely than not. In a survey of 5,600 businesses commissioned by Sophos, research agency Vanson Bourne reported that 66% of respondents had been hit by ransomware in 2021 – an increase of 76% over the previous year.

The rapid growth is helped along by the ‘Ransomware as a Service’ model which makes it easy for non-technical actors to launch crippling attacks. And that’s never going to go away.
It gets worse. In July last year, research firm Gartner went on record predicting that: ‘By 2025, cyber attackers will have weaponized operational technology (OT) environments to successfully harm or kill humans.’ 

There are various responses to a successful attack: pay the ransom; claim on insurance; rely on backups and in-house expertise; bring your carefully rehearsed emergency plan into play; cover it up and do nothing, which are beyond the scope of this article. None of them are great. But what if you can take the initiative?

Brand is king

Let’s start with a basic truth. Your brand reputation is everything. People in local countries are buying from you because you are a global brand, which delivers the same service, the same quality of product and the same responsiveness wherever they are in the world. They want you to be reliable, predictable. Consistent. That’s especially true if your customers are running a Just in Time model. 

Riding right along on that journey, that experience, is cyber security. Because cyber has to be consistent as well. You can’t have a situation where your operation in Asia is very cyber secure, but your operation in North America isn’t. Your customers expect you to have the same levels of cyber security throughout your organisation. 

That’s a challenge, but there is a way forward and you don’t have to be a cyber expert to make a start. In fact, as a Covid survivor you already know what needs to be done.

 Decide what’s critical

Not long ago I was talking to the board of a multinational which was reviewing its cyber stance. The business has operations in more than 20 countries and the local workforces speak at least 15 languages. Some territories had excellent cyber security, other less so. 

The requirement was for an international team, which can immediately react to any cyber incident, in the country of the attack, in person.  Multiple teams, multiple countries, multiple languages – and all to a very high degree of capability. That’s a big ask. Is it even possible?

Well, yes. It is possible to protect everything, everywhere, all of the time. It’s just hugely expensive and resource hungry. A more realistic and cost-efficient approach is to start by deciding what is critical to your business. What are the things which will hurt you most if they were shut down? Focus on those first. If a major production line was put out of action for a couple of weeks, for instance, could you recover?

But what about if it was only your web site that was compromised? Or your CRM platform? It would be annoying for sure, and perhaps a little embarrassing, but eminently survivable. No one ever died from embarrassment.

So, focus on your operational technology first. OT is generally an easier, more spectacular and rewarding target. That’s where hackers make the news; that’s how they enhance their reputations. 

Remember the attack on the Colonial Pipeline? It made headlines all over the world. It was a ransomware attack which earned the hackers $4.4 million, which was paid in a few hours. It is believed that the hackers also stole around 100Gb of data prior to the attack. 

For hackers, OT is the gift which keeps on giving.

Local, global or both?

When your OT is attacked your response must be swift and certain. This isn’t the time to book flights for a cyber response team to fly out to you the next day. And you can’t allow time zones and language barriers to complicate things. 

News Source

The post Global Brands Need Consistent Global Cyber Security… But How? appeared first on Connexion IT.

Updates to the Cyber Essentials Scheme

Tom Admin — Fri, 27 Oct 2023 08:05:09 +0000

The Government has updated its policy on the cyber security controls that it requires suppliers of certain public contracts to have in place. Procurement Policy Note 09/23 updates and replaces PPN 09/14 and applies to all central government departments, their executive agencies, non-departmental public bodies and NHS bodies (in-scope organisations). It must be implemented in new procurements by in-scope organisations by the end of December 2023.

The PPN is also of wider interest to other public sector bodies who may wish to apply the guidance in the PPN to contracts which have a high cyber security risk.

Background

PPN 09/14 originally introduced a requirement for suppliers bidding for certain types of public contracts to hold Cyber Essentials or Cyber Essentials Plus certification. Cyber Essentials is a government backed certification scheme which helps businesses to protect themselves against cyber attacks and demonstrate their commitment to cyber security (the scheme).

Cyber Essentials assesses how an organisation has implemented technical controls in order to protect itself from cyber attacks. It is a self assessment process where suppliers complete a questionnaire which is then verified by an independent certification body in order to obtain certification. Cyber Essentials Plus comprises remote and on-site vulnerability testing in addition to assessing the same technical controls as Cyber Essentials. The testing checks whether a supplier’s security controls actually provide a defence against hacking and phishing attacks. Cyber Essentials Plus certification requires a more rigorous assessment so should only be used where there is a higher cyber security risk.

What are the updated requirements?

PPN 09/23 appears to move away from a one-size-fits-all approach of mandating that suppliers hold Cyber Essentials or Cyber Essentials Plus certification when delivering certain higher-risk contracts. Instead, In-Scope Organisations must first and foremost ensure that effective and proportionate cyber security controls are applied to such contracts in order to mitigate supply chain risks. There is no change to the types of contracts for which such cyber security controls need to be applied: these are described as contracts that have certain characteristics, such as:

Where personal information of citizens and/or government employees, ministers and special advisers are handled by a supplier;
Where ICT systems and services are supplied which are designed to store/process data at the OFFICIAL level; or
Where contracts deal with information related to the day-to-day business of government, service delivery and public finances.

PPN 09/23 states that for such contracts, the quickest and most effective means of mitigating cyber security risks are for the technical requirements to include either Cyber Essentials or Cyber Essentials Plus certification (or equivalent). Suppliers must review any Cyber Essentials certification annually for the duration of the contract, so In-Scope Organisations should monitor the supplier’s certification on an annual basis.

PPN 09/23 also outlines some of the limitations to the Cyber Essentials Scheme for certain contracts, highlighting that a more considered and nuanced approach to technical requirements to mitigate cyber security risks may now need to be undertaken by In-Scope Organisations. These include:

The Scheme does not assure specific products or services being supplied. Where specific assurance of products or services is required, further standards should be applied;
The Cyber Essentials certification may not be enough to mitigate the risks if the contract is particularly high risk. In this case additional security controls should be put in place in order to mitigate the risk;
The Scheme is not designed to negate risk in respect of more advanced and targeted attacks. These types of risks will require more sophisticated measures;
The Scheme should not be applied as a blanket approach to all contracts; and
Security controls put in place must be relevant and proportionate to the contract being procured so as to not deter or overburden SMEs or VCSEs who may wish to bid for the contract.

In-scope organisations should note that where they are accessing Cloud services through the Crown Commercial Service G-Cloud Commercial Agreements framework, suppliers on these Agreements are required to demonstrate that they comply with the Government’s cloud security principles as opposed to cyber essentials, although suppliers are still encouraged to state their cyber essentials certification if they have it.

For further information please see the full PPN here.

News Source

The post Updates to the Cyber Essentials Scheme appeared first on Connexion IT.

How do you know if your data is secure?

Tom Admin — Wed, 03 Feb 2021 00:00:00 +0000

Unless your business has somehow escaped the digital revolution during the last 10 years, and I don’t know any organisations that have, then ‘Data Protection’ whilst to many, far from exciting, is probably now one of the most critical issues.

It’s frightening how many business people in small and medium sized organisations believe their IT security is up to scratch, simply because they employ an IT support company with the assumption that they are doing what needs to be done. My experience has shown this is rarely the case. Often its only when the security is scrutinised by a potential customer, an insurer, or a hacker that issues are discovered.

Cyber threats are constantly evolving, so to keep pace, IT security isn’t a one-off endeavour. It must be regularly checked. Often IT companies focus on day to day support and don’t proactively manage security. The bottom line is, that in the eyes of the law, your data is your responsibility, so you need to partner with an IT provider who is proactive.GDPR states that business leaders are legally responsible for ensuring their companies data is adequately protected. Furthermore, those working with sensitive information, are required to comply with even more rigerous data protection regulations. The risks and consequences of Cyber Crime are now so very severe that any sensible business needs to make sure it’s data is properly protected.

Unfortunately, organisations only discover that they aren’t secure when they experience a data breach or a cyber-attack – then of course, it’s too late. In some cases, Companies are not aware of a data breach until long after the event. Data is made public weeks, months or even years later. An issue under GDPR, which requires data breaches are notified to the ICO within 72 hours.

So how can a non-IT business ensure their data is protected?

It’s quite simple, get it certified by an independent body:

This carries weight with your customers and insurers.
It demonstrates your organisation takes its data protection seriously.
Certification puts your IT support companies work to the test.
It provides the tangible evidence of your business required for GDPR.
Demonstrating you’ve assessed your IT security vulnerabilities and where necessary done something about it.

The good news:

There is a relatively simple and low-cost Government backed standard called ‘Cyber Essentials’ that’s ideal for achieving this.

Cyber Essentials is available in a basic self-certified form. Or
Cyber Essentials Plus which requires an independent audit.

The great thing about Cyber Essentials is that it offers every business a practical and recognised framework for managing data protection. Even if your business decides not to go the certification route, Cyber Essentials provides a valuable set of controls that you can use to improve your data security.

A great approach is to get an audit and use Cyber Essentials as the basis for performing a business IT security risk assessment. You can identify where you are weak and incorporate improvements into your IT strategy and budgets to ensure you are working towards compliance in the future.

This is a smart investment because it will protect, and future proof your business, It is likely Cyber Essentials will become mandatory for all small and medium businesses in the future: it’s already mandatory if you are a supplier to the public sector, and it’s starting to be required for Cyber Insurance.

Don’t be misled into thinking that Cyber Essentials is too basic. I hear this objection and I think it’s a myth that’s been propagated by IT people who believe that a single ‘all singing all dancing’ piece of technology they sell is a panacea. I’ve known businesses spend large sums of money on expensive security solutions but miss important fundamentals like ensuring default passwords are changed on network devices.

The important thing to understand is that Cyber Essentials has been developed to mitigate known vulnerabilities and implementing it will protect you against over 80% of Cybercrime which is massive! Most businesses get hacked by unskilled opportunists that exploit poorly configured networks rather than hackers that cleverly crack your firewall.

If Cyber Essentials really is too basic and you already have all the controls in place then you should probably be looking at working toward ISO 27001 certification for information security, an altogether much bigger undertaking that spans all of your business’s information, not just digital data. Cyber Essentials is great pre-cursor to ISO 27001 though, so if you are not sure, Cyber Essentials is the place to start.

If this article has resonated with you and you would like to find out more or discuss your IT security strategy, then please do not hesitate me on 0118 920 9600 or email jstratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Connexion can help.

Established in 1994, Connexion Ltd provides Fantastic IT support for regulated companies,

The post How do you know if your data is secure? appeared first on Connexion IT.

The Cyber Crime Wave: 5 Practical Steps to Protect your regulated Firm

Tom Admin — Mon, 16 Mar 2020 00:00:00 +0000

Cyber-attacks are becoming ever more frequent and ever more costly, with estimated annual losses from cyber-crime now topping $400bn (£291bn), according to the Center for Strategic and International Studies.

And the effect of cyber-attacks on regulated firms is wide-ranging: disruption to the firm, the potential for large financial losses (the average cost of a cyber breach was $349,000 in 2017, according to NetDiligence, whose data is based on actual cyber insurance claims) and the reputational damage that a cyber-attack is likely to cause the firm. In addition, many cyber-attacks lead to a breach of personal data which in itself has major regulatory ramifications, both under the current Data Protection Act and the forthcoming GDPR.

On top of this regulated firms have the added complication of the impact an attack has on their SRA regulatory obligations.

It follows then that risk management around cyber-crime is now a major issue for all businesses. Regulated firms are particularly at risk given they are dealing with so much confidential material, ranging from personal data, to trade secrets, to large financial transactions, through to the personal affairs of high profile clients. As such, it is critical that cyber security is not just treated as an IT issue, and that there is ongoing Senior Partner involvement with establishing and maintaining an effective information risk management regime, which incorporates appropriate policies to match the firm's risk appetite.

Many firms are turning to cyber insurance as a way of mitigating the risks around cyber-crime, but the reality is that a cyber insurer will assess your business processes around cyber security in order to understand their own level of risk and make decisions over the acceptance and pricing of your policy accordingly. So whilst taking insurance may be a prudent step, it does not mitigate the requirement to implement suitable processes, controls and technologies around cyber security management.

This is where a highly structured and methodical approach to IT management becomes critical as it is easy to lose sight of the relentless attention to detail that is needed to manage a regulated firm’s risk around cyber security. There is so much more to cyber security management than technology. Yes a suite of technological solutions will be part of the solution (and these days that needs to be a lot more than some antivirus software and a firewall), but just as important are your firm’s processes and procedures surrounding cyber security. Some practical steps that I would recommend every regulated firm implements to lessen their risk of falling victim to cyber-crime are as follows:-

1. Implement an effective security patch management policy
Software vendors are releasing a regular stream of patches to mitigate newly discovered security flaws. Having a methodology to ensure every device on the network receive patches in a timely fashion is vital.

2. Get an INDEPENDENT vulnerability scan carried out to benchmark your cyber security defences
Because it’s very easy to be too close to a system and potentially overlook a security loophole, we frequently get called on to conduct independent security vulnerability scans, or fuller complete security audits for regulated firms. An independent security review by a third party who has no vested interest in the system is more likely to give objective, impartial feedback.

3. Implement a multi-layered data backup strategy
With ransomware now extremely prevalent, effective procedures around data backup are paramount.

4. Review and test your disaster recovery procedures
I see so many disaster recovery plans that, for a plethora of reasons, don’t work when used in anger. Testing is essential to prove all your data is being backed up successfully and that your entire system can be restored in a timescale that is acceptable to the business.

5. Consider Cyber Essentials Certification
The Cyber Essentials scheme is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. Whilst by no means protecting against every possible threat, the cyber essentials scheme does provide a framework for good practice around cyber security.

There’s no doubt that managing the risk around cyber-crime is not easy, and needs dedicated resources and strict procedures which are rigorously adhered to. I think that is probably why so many firms are now moving towards partnering with a specialist IT company to provide this function, someone who can monitor their system from a security perspective at all times and is not distracted by the day-to-day operations of the firm. This is certainly the trend we’re seeing here at Connexion, where we are working with regulated firms to provide all of the above services on a fully managed basis.

If this article has raised questions or concerns over your firm’s cyber security strategy or you would like more information on Connexion’s services which include security vulnerability scans, patch management solutions, cyber essentials certification, backup solutions and disaster recovery solutions, please do not hesitate to contact me on 0118 920 9600 or email james.stratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Connexion can help.

The post The Cyber Crime Wave: 5 Practical Steps to Protect your regulated Firm appeared first on Connexion IT.