Ransomware provider LockBit has been taken offline by a joint operation involving law enforcement agencies from eleven countries.
As of the 20th February, a banner on LockBit’s website declares that the site is now under the control of the UK’s National Crime Agency, part of a coordinated operation to take down the group’s ‘command and control’ infrastructure.
Authorities from the NCA, the FBI, Europol and others from around the world swooped on a number of individuals believed to be involved with Lockbit – making arrests in Poland, Ukraine, and in the United States. Two further named individuals are believed to be Russian nationals.
The combined operation (‘Operation Cronos’) also froze more than two hundred cryptocurrency accounts, took down 34 servers and closed 14,000 rogue accounts.
LockBit made headlines as one of the world’s most successful ‘Ransomware-as-a-service’ providers: offering a toolkit any would-be cyber criminal could use to launch their own cyber extortion operation, demanding more than $120m in ransoms for unlocking encrypted data.
The group behind LockBit, which first emerged on Russian forums in 2020, did not respond to Reuters following requests for comment, but published messages on an encrypted messaging app stating it has backup servers not yet ‘touched’ by law enforcement. Investigations by police in numerous countries also revealed copies of stolen data the group claimed to have deleted after negotiating ransom payments.
More than 1,700 organisations are believed to have been compromised by LockBit, many of which are now listed online – and include Royal Mail, the NHS, Boeing and ICBC, China’s largest bank, among many others.
Decryption tools have so far been released to victims of LockBit in 37 languages, as part of the ‘No More Ransom’ project, with UK authorities pledging to reach out to organisations affected by the ransomware.
For Cyber Security expertise and assistance, please contact our team today.
The NHS have updated their ‘secure email standard’ which other organisations are expected to follow.
First published in 2016, the minimum standards for email security are designed to protect NHS staff and systems against supply-chain attacks caused by weaknesses in the cyber security of third-parties.
The standard anticipates that one of the biggest risks to the NHS originates with the rest of us: outside organisations, who need to be trusted not to put the health service in danger via email compromise.
There are two ways to meet the NHS secure email standard:
1. Implement an existing compliant service such as NHSmail, Microsoft 365 or Google Workspace [and follow configuration guidelines for that service.]
2. Demonstrate your own [email] service is compliant with the secure email standard by following the NHS secure email accreditation process.
For those using the biggest platforms – NHSmail, Microsoft 365 or Google Workspace, the to-do list of requirements are simpler and include such steps as ensuring there is a process for notifying the NHS if you have been breached, policies and procedures for using mobile devices, risk assessment, documented policies and universal use within the organisation.
There are also a set of specific configuration settings which the NHS has documented for Microsoft 365 and Google Workspace, which you can learn more about here.
For organisations operating their own mail servers or other email systems, the requirements are more extensive, and require the organisation to manually achieve DCB1596 certification with documented evidence that their setup meets the NHS Secure Email Standard. This applies to organisations hosting their own Exchange, hybrid configurations, and other lesser-known business email platforms.
For cyber security assistance and support, please contact our team today.
As Openreach continues a massive upgrade of the UK’s telecommunications infrastructure from analogue copper to digital fiber-optic, a record 10 million homes and businesses are now switched over.
However, September marks another key milestone – the official ‘Stop Sell’ of older analogue services to the market. From this month, no new copper telephone lines may be ordered*, as Openreach seeks to retire the old-style copper service that goes back to the early 1900s. The stop sell affects a wide range of services – including landlines, traditional broadband, alarms lines and many more.
The £15bn investment represents a great leap forward for the UK – but what does it mean for businesses with existing copper?
Will my existing copper line be turned off?
Not yet! Existing analogue services are expected to be allowed to continue into 2025. However, the lifespan of these is now rapidly reaching its end, and Openreach advises businesses should be preparing to replace these to avoid any risk of loss of service.
What should I be replacing my old copper line with?
For those still on the schedule to be completed, SoGEA broadband options which eliminate the existing line rental in preparation for the fibre switchover are already available for millions of properties. These may remove your old line number, so bear this in mind before you make the important jump to the new service.
What if nothing else is available in my area?
If you’re one of a small proportion of exemptions (sites where no Fibre or SoGEA services are available) ordering a reactivated copper line may still be permitted, at an increased cost.
Alternatively, customers may consider 4G or satellite broadband as an alternative. A new SOTAP (fixed line) option is expected to be available from March 2024, eliminating virtually all new copper service orders nationwide.
What do I do about Service (X) that my business needs?
If you’re unsure about any aspect of your telecoms or connectivity provision, and how it is affected by the stop sell, please contact our team for assistance.
Alternatively, check out Lineal’s recent webinar on the ‘Big Switch Off’:
British intelligence services are actively providing advance warnings to potential ransomware targets in order to thwart impending cyber attacks. On average, every seventy-two hours for the last three months, a team of cyber security experts within GCHQ has been identifying the initial stages of new ransomware attacks targeting British entities, alerting intended victims and preventing attacks from being carried out.
An innovative system known as ‘Early Warning’, overseen by the National Cyber Security Centre (NCSC), is already believed to have thwarted major attacks, and draws on a range of unknown information sources including exclusive intelligence community feeds, public data, commercial inputs, and proprietary resources not available to the public.
This proactive approach, disclosed by several unnamed sources who spoke to Recorded Future News on the condition of anonymity, demonstrates the potential to curtail a significant number of successful cyber breaches. However, it has been noted by insiders that broader participation from organisations is needed to fully capitalise on the benefits of this system.
Currently, the scheme still has its challenges. Only a small fraction of organisations receive alerts – and it is estimated only 2% of those alerted act on the potential threat.
Ironically, a spokesperson from NCSC acknowledged the difficulties faced, stating, “We often struggle to find the correct contact information, or the person believes they’re speaking to a scammer.” The agency has taken steps to provide guidance on distinguishing official communications from criminal attempts to extract money or sensitive data.
In some cases, the delay in notifying potential victims has been so substantial that by the time NCSC establishes contact with the relevant parties, the ransomware attack has already been unleashed.
However, GCHQ clearly has big plans for developing the scheme further, and is encouraging organisations to sign up for Early Warning. As of the close of 2022, a mere 7,819 organisations had registered for the original service, but the NCSC’s annual report reveals that the system alerted over 5,900 user organisations about threats, more than 2,200 about vulnerabilities on their networks, and 56 received early alerts about ransomware attacks.
Learn more about Early Warning here, or speak to our Cyber Security team today.
Vodafone and the owner of Three UK have announced their intention to form the largest mobile phone operator in the UK. The companies intend to merge their operations based in the UK, resulting in a combined customer base of approximately 27 million.
However, the deal is still pending approval from regulators, and the Competition and Markets Authority will assess the advantages and disadvantages for consumers.
There is widespread expectation that the two companies would pool their available resources, with Three and Vodafone customers benefitting from wider coverage, particularly 5G availability.
With approval pending, both Vodafone and Three are promoting the idea that the merger helps, rather than reduces, competition – creating a third provider with big enough scale to complete with the UK’s two biggest providers, EE and O2.
Margherita Della Valle, Vodafone Group Chief Executive, said: “The merger is great for customers, great for the country and great for competition. It’s transformative as it will create a best-in-class – indeed best in Europe – 5G network, offering customers a superior experience.
Canning Fok, Group Co-Managing Director of CK Hutchison said: “Together, we will have the scale needed to deliver a best-in-class 5G network for the UK, transforming mobile services for our customers and opening up new opportunities for businesses across the length and breadth of the UK.
Upon completion of the Vodafone and Three merger, their combined market share will surpass that of EE and Virgin Media O2. While Virgin Media O2 currently serves around 24 million mobile customers, EE, which is owned by BT Group, has 20 million users. Vodafone and Three UK currently occupy the positions of the third and fourth largest mobile companies in the UK.
Under the terms of the merger, Vodafone will hold a 51% stake in the new company, with CK Hutchison, the owner of Three UK, retaining the remaining share. Vodafone and Three have assured customers that they can expect an enhanced network experience with improved coverage and reliability, without incurring any additional costs from the outset. Furthermore, the companies have committed to investing £11 billion in the development of 5G technology in the UK over the next decade.
Vodafone and CK Hutchison initially confirmed their merger discussions in the UK in October of last year. In May, Vodafone acknowledged the company’s underperformance and announced plans to reduce its workforce by 11,000 employees.
We recently attended a special event about the danger of Russian cyber aggression against the UK: here’s the latest guidance from the UK National Cyber Security Centre.
Be prepared for changes to Russian strategy
A feared ‘firestorm’ of wholesale attacks on the digital infrastructure of the UK and Ukraine’s other Western allies hasn’t arrived, but the NCSC urges Russia remains extremely unpredictable.
Intelligence agencies are now concerned Russia may launch a new cyber attacks on the West this year, partly as compensation for Russian ground war failures.
Rates of cyber attacks on UK organisations remain ‘steady’, with some very serious incidents reported – and the NCSC has emphasised before how Russian cyber attacks on satellite networks and banking systems in Ukraine have spilled over into multiple countries.
We do know that behind the scenes a number of UK organisations have been carefully briefed to prepare for Russian cyber attacks over the past year – and a ‘handful’ of cyber incidents each year are serious enough to require COBRA meetings.
Yes, REALLY unpredictable
Russian strategic aims are often inconsistent. Boldness and risk-taking are known to be favoured in Russian high command – which itself encourages reckless cyber operations, experimental techniques and surprise attacks – but also corners-cut and operational errors.
Much like the Russian ground offensive, many of the most aggressive Russian cyber attacks – such as the widespread use of destructive Wiper malware – appear to have been ‘front-loaded’ during March/April, preparing for a quick victory which did not materialise even as Ukrainian systems have been hardened.
However, the NCSC emphasises that ineptitude or failure is not a barrier to the further attacks by Russia – the individuals behind the attacks are shameless, and cyber attacks remain a convenient way to highlight weaknesses from policy makers in other countries.
Essentially ‘nothing is off-limits’ – an approach that is also exacerbated by the internal competition between Russian service branches, with the FSB, FDR, GRU and others often seeking to outdo each other.
Who is a target in the UK?
Past experience suggest Russian cyber operations often include a key psychological element – following infamous KGB tradition.
As a result, the Russian military likes to target ‘pressure points’ in particular: critical infrastructure, the energy sector, transport, media organisations, senior politicians and especially companies with visible public-facing operations – anything that might generate panic among the public, suggest democratic policy makers are weak, undermine the West’s resolve to support Ukraine, or provoke a widespread feeling of vulnerability.
Ukraine provides some clues as to Russian strategy, but the NCSC emphasises that espionage attacks can often involve gaining access for no specific purpose – and (for example: obtaining privileged administrator access to systems) are simply a contingency for the future.
Organisations that plan ahead suffer less pain
Official advice is clear: organisations that prepare even the most basic disaster-contingency plans recover more quickly and suffer much less financial pain in the event of a cyber attack.
Even very simple crisis management steps like agreeing ‘who is in charge’ in advance, confirming ‘where are the backups’, and keeping printed copies of essential preparations for an emergency, all help radically minimise the damage, disruption and time to recovery.
Forensic engines included in modern Endpoint Detection & Response (EDR) software help provide rapid information about the scale of hacks during incident response – this provides essential time for first responders to mitigate further threats, limit damage, and give the NCSC information about the threat to others.
The NCSC argues that British resilience will rely not just on small organisations across the country remaining vigilant, but gathering a wider pool of information on the centre’s behalf – the grassroots feeds into the ‘bigger picture’ of national security, and defending the UK is a team effort.
NCSC guidance, right from the top of the organisation’s CEO remains the same:
“Even with a war raging in Ukraine, the biggest global cyber threat we still face is ransomware” – Lindy Cameron, NCSC CEO, June 2022.
Useful Links:
NCSC Early Warning System – Early Warning helps organisation investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds
NCSC Exercise in a Box – A free online tool which helps organisation find out how resilience they are to cyber attacks & practice their response in a safe environment.
Incident Management – cyber incident response plan NCSC guidance to create your own cyber incident response plan
Each year GCHQ’s National Cyber Security Centre issue stricter new rules for business and organisations looking to secure UK Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Certification.
Continuing themes from last year, there are now tighter rules on account access, thin clients, device firmware, remote desktops, antivirus/EDR solutions and more. Despite the success of the Cyber Essentials scheme, the past year has seen some notable cyber attacks on British organisations, and renewed calls for cyber security vigilance.
We’ve compiled a summary to help organisations prepare for what revisions are coming down the line in April.
Multi-Factor or Else.
Even sooner than many expected, Cyber Essentials will now require not only Administrators to have Multi-Factor Authentication enabled – but all end-user accounts as well, across all platforms. Previously exemptions were granted for services without this option available, now that gap closes.
Instead, where a service doesn’t support MFA this will now be declared a non-conformity, bringing digital services fully into line with the rules enforced on UK online banking, and even applying to school children – right down to reception-age.
That’s likely to pose a challenge for companies (and particularly schools) using any software or web services which don’t yet offer MFA – so many organisations may need to look at augmenting their IT setups with 3rd-party MFA solutions like Cisco Duo.
Don’t forget the Firmware!
Software version controls now extend to hardware device firmware – with the definition clarified to specifying “firewall and router firmware” in particular – which was always essential, given the perimeter nature of these devices. In a rare step back, firmware on servers, PCs and other devices has been removed from the scope.
Device Clarifications
The NCSC has admitted third-party devices have been a point of confusion – and has published a revised table clarifying which devices are within the scope of Cyber Essentials. Updates will apply only to devices which are not domain-joined, or when unlocked have limited access to data (smartphones, handheld scanners etc.) If the a vendor does not allow configuration to see CE standards, the application may use the vendor defaults without incurring a non-conformity.
Given that the definition partly rests on who owns the device in question, we predict more changes in future years.
Not Just Any Anti-Malware
Antivirus solutions no-longer need to be ‘Signature-based’ – since the best EDR solutions don’t rely on signature-based detection of threats anyway. CE+ audits will include extra tests to verify that anti-malware software is effective (beyond simple EICAR tests) and application allow-listing is being encouraged.
Scoring Changes
Minor/Major non-conformities have been merged with a single Non-Conformity mark. Any applicant receiving three non-conformities will receive an instant failure. Corrective actions must now be completed within two days, despite some exceptions are available for larger organisations.
However, unsupported operating systems become an unfortunate immediate triple-word score: the presence of any unsupported operating system within the scope is an automatic fail.
For Cyber Security and Cyber Essentials expertise, please contact our team today.
By 2025 the UK’s analogue phone network is being switched-off, but that’s not the only major communications technology that is due to be retired imminently.
3G mobile networks are also due to be switched off, with Vodafone leading the charge to retire the older technology. 3G, launched in the UK in 2003, has been replaced in recent years by faster, more reliable 4G and 5G coverage.
According to guidance from Ofcom, the schedules of the UK’s major mobile providers are as follows:
Timescale
Includes
Vodafone
Begins switching off 3G in ‘early 2023’.
Lebara Mobile
Asda Mobile
Talk Mobile
Virgin Mobile
EE
Begins switching off 3G in ‘early 2024’.
BT Mobile
Plusnet Mobile
Co-op Mobile
Utility Warehouse
Three
Begins switching off 3G ‘by the end of 2024’.
Gamma Mobile
ID Mobile
O2
Yet to announce any switch-off timetable.
Tesco Mobile
GiffGaff
Sky Mobile
LycaMobile
The disappearance of 3G will mostly only affect very rural areas but also those customers with older mobile devices that don’t support newer 4G or 5G. In addition, Ofcom advises businesses to check any other kinds of 3G-enabled devices – such as care alarms, payment terminals and security devices, to ensure these don’t become non-functional. Mobile providers are obligated to announce the change to their customers nearer the time.
Traditional 2G voice and text services are expected to remain in place on Vodafone, EE and O2 until at least the 2030s.
For business mobile expertise and support, please contact our team today.
UK & Dutch police have helped lead an international operation with Europol to take down one of the World’s biggest DDoS-for-hire services, webstresser.org.
The UK’s National Crime Agency and their Dutch Police counterparts announced the success of ‘Operation Power Off’ – which saw the seizure of infrastructure believed to be linked with criminal activity based in the UK, Netherlands and Germany, and the arrest of individuals as far afield as the UK, Spain, Canada, Croatia, Italy, Australia and Hong Kong by at least a dozen different law enforcement agencies.
On the other side of the Atlantic, the Department of Justice announced an additional six arrests by the FBI, with a further 48 domains seized as part of a criminal investigation into DDoS-for-hire operations.
According to Europol, Webstresser is estimated to have let over 136,000 customers launch more than four million Distributed Denial of Service (DDoS) attacks on targets for as little as £11, overwhelming websites and online services with traffic and knocking them offline. Although DDoS for hire services often pose as genuine ‘stress-test’ tools, users with very little technical knowledge were able to order attacks on unrelated targets – choosing between ‘Bronze’ ‘Silver’ and ‘Platinum’ packages.
The service was thought to be responsible for cyber attacks on at least seven major UK banks in November 2021, as well as numerous other businesses and government departments around the world. The BBC reports UK police have raided an address in Bradford, in connection with last year’s attacks on UK banks in particular.
Jaap van Oss, the Dutch Chair of the Joint Cybercrime Action Taskforce (J-CAT) praised the joint cooperation by law enforcement agencies to finally take Stresser offline.
This year GCHQ’s National Cyber Security Centre have introduced stricter new rules for businesses and organisations hoping to achieve UK Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Certification.
In addition to promoting the scheme’s key priorities, the new terms for successful assessment are widely believed to be partially a response to recent events – including more widespread remote and home-working via cloud-based web services during Covid-19, and a series of devastating ransomware attacks that disrupted major infrastructure in the US.
Need a taster of what’s to come? Here are our key take-aways:
Cloud Services under the spotlight
In previous years organisations could exclude many cloud-based platforms from the scope of their assessment – but with the wholesale move to the cloud only accelerating under working from home, and web-services containing ever more data, cloud-based systems such as Microsoft 365 and Google Workspace move squarely into the frame.
Multiplying multi-factor
Most critically this year, two-factor authentication will become compulsory for all administrator accounts registered to cloud-based services – as the NCSC tries to stop hackers obtaining credentials and then remote accessing their way to cyber-devastation. Expect user accounts to follow in 2023 – an exemption may be granted under certain circumstances, but it’s clear the days of the old ‘password-only’ login are numbered.
2022 also places new restrictions on passwords: organisations are encouraged to have password managers enforcing random 8-characters or more, or a 12-character pattern, at a minimum. Mobile devices and similar should have minimum 6-figure pin or biometric security – with a recommended lock-out for ten failed password attempts.
Sub-networks under scrutiny
Sub-networks may now only be excluded if they don’t have a connection to main networks or no internet-access – meaning many organisations will now have to detail their satellite and subordinate operations more fully.
Patching-discipline is said to be the most common reason for failing a Cyber Essentials assessment – the 14 day patch window remains, but automated updates should now be enabled if available. Thin client devices are to be included from next year, and unsupported software should be air-gapped on sub-networks that don’t have internet access.
A question of hats
All super-users are now meant to have distinct user and administrator accounts, with stronger security on the latter. This distinction extends to cloud-services, meaning administrators will have to swap between their day-to-day functions completed on user accounts, and their admin roles where they have elevated privileges.
In the wake of the Colonial Pipeline ransomware attack and others, it’s clear rules for admin accounts will only become more stringent.
Greater auditing
Cyber Essentials Plus Certification will increasingly require more in-depth auditing by independent inspectors – including sending malicious test-emails, validating software versions, testing file access, and confirmation of the all-important admin/MFA rules described above.
Lineal are a Cyber Essentials Plus certified organisation, and can help your team achieve certification. Contact our team today.
The NHS COVID-19 app, run by the Department for Health and Social Care (DHSC), has had its latest update blocked due to a breach in the privacy terms outlined by Apple and Google.
NHS Coronavirus app, available on Apple and Android devices, was designed to include a new feature that would allow users (upon showing a positive COVID test result) to upload a list of all locations and establishments they have visited using a phone scan QR code.
The Exposure Notification System built into the app’s software would then alert other users who had entered the same venue to monitor their symptoms or to immediately be tested. This update relies on location tracking for its function – a tracking type heavily reliant on Bluetooth monitoring of surrounding devices with the app installed – outlawed by Apple and Google privacy agreements.
This is the latest in a calamitous string of COVID app mishaps by the UK Government who had only recently scrapped plans for their own rival system to the Apple and Android contact tracing system.
Total development of the UK based rival tracking app cost £12 million over a 3 month period, but was eventually rejected due to battery life issues, privacy concerns over Bluetooth’s potentially invasive interaction with, and data collection from, other apps installed on the device such as Facebook and Twitter. As a consequence, the Apple and Android app was adopted even with the concerns over restrictions of location data.
As the UK returns to a quasi-normal state with Phase 2 of lockdown lifting measures being rolled out today, this news comes as a blow for the Department of Health who have released a statement reassuring the public that the update blockage does not affect the overall functionality of the NHS COVID-19 app and that there are “discussions ongoing with our partners to provide beneficial updates to the app which protect the public”
Instead of the updated version, the previous form of the app will still be obtainable in both the Google Play and iOS App Stores.
The UK National Cyber Security Centre have launched a new online Cyber Aware ‘Cyber Security Self-Assessment Tool’ to help small businesses.
Free to use, and aimed at organisations with fewer than ten staff, the short online questionnaire generates a handy to-do list of actionable cybersecurity recommendations and points to check, with guidance for each – depending on the answers submitted.
Questions are branching depending on the circumstances of each small business, but covers topics including backups, passwords, technology lifecycle management and more. Small business owners are also directed to useful plain-English resources to address each point highlighted.
Cyber Aware is a campaign launched by the UK National Cyber Security Centre (the public-facing arm of GCHQ) designed to provide simple guidance for individuals and small businesses to use technology more safely.
Approximately 50,000 UK customers have had .eu domains suspended, following Brexit.
The .eu domain registrar EURid has formally suspended 81,000 such domains as of 1st January 2021, following the decision that .eu ownership requires the owner to be resident in a country that holds membership of the European Union.
Many internationally trading UK companies hold foreign domain versions of their websites to assist trading overseas, support multiple languages, improve web performance in other territories and develop export markets.
Numerous IT services, including email, websites, directories and more are often also tied to domains which represent a key pillar of many companies’ authentication technology.
Many British domain holders cancelled their domains as the transition period approached – over 200,000 .eu domains held by UK customers were cancelled between 2018 and 2021, with registrars contacting customers multiple times to alert them to the changes.
Although the remaining 81,000 have not been not cancelled outright, UK customers have no way to recover these domains without being able to prove the owner holds citizenship of an EU member state, and provide a suitable registered address.
Britain’s exit from the EU also begins a countdown for these customers – who must either have an EU company representative to renew on their behalf, or face their domains put back up for sale again by 2022.
A number of major UK internet service providers (ISPs) have announced above-inflation broadband price rises for 2021.
Virgin Media says an average customer will face a 4% rise this year – announcing that the increase is part of a plan to invest £1 billion in its network infrastructure.
BT, EE and Plusnet have also amended their terms of service, and are expected to publish above-inflation price rises over 4% shortly. Sky have already raised prices, with some customers seeing increases of up to 10%.
Ofcom figures suggest market rates for broadband have remained broadly consistent over the course of the last decade prior to 2020 – driven in part by more of the UK being brought on-stream under Openreach’s superfast fibre roll-out.
Although network investment is likely to be welcomed, many customers will no doubt suspect ISPs are raising profits at a time that the UK is particularly dependent on home use of connectivity.
Where investment also supports fibre-to-the-premises (FTTP) rollouts, the increase may also represent a regressive step – charging customers in less well-connected parts of the country with slower broadband to fund upgrades in already better-connected areas.
Approximately 41% of broadband customers are not in contract, and the best deals are gained by those who look for options rather than renewing automatically. New Ofcom rules mean that price rises from an ISP allow escape from contract terms, giving customers other options.
Contact Lineal – Placing your connectivity with a trusted IT provider can be both more organised, and sometimes better value. Contact us today!
From December 2021 UK mobile networks will be forbidden from selling network locked mobile handsets.
Communications industry regulator Ofcom believe locked-handsets is anticompetitive, and prevents customers switching mobile providers easily.
Network providers have claimed locked handsets are a deterrent to phone theft, although Three mobile, O2, Sky mobile and Virgin mobile have already ended the practice.
Mobile providers also argue locked handsets help justify better promotional rates (blocking customers exploiting the cheapest handsets deals and then swapping networks) although consumers often claim it is an attempt to hold onto customers who would otherwise have switched provider anyway, such as after the end of their contract.
Unlocking a phone typically costs around £10, but customers must normally find a third-party provider to assist, and face a delay or technical problem during switching – which Ofcom believes is unfairly difficult.
The change to consumer law brings the UK into line with the rest of the EU, although the UK changes have been under consideration since before recent EU rulings on the mobile market.
In addition a number of other changes are planned or June 2022, including more accessibility provisions for disabled customers and greater exit-rights where contract terms change unexpectedly.
Facing an income shortfall of around £2m due to falling visitor numbers during lockdown, the Bletchley Park Trust, which is a registered charity, was facing extensive redundancies – some of which will now be avoided.
In a statement, Facebook said the heritage site was a ‘birthplace of modern computing’, and acknowledged the important strategic role the wartime location played in shortening the war.
Bletchley was home to a number of famous mathematicians, linguists and other intellectuals working in secret on behalf of the war effort, including Alan Turing – now considered the father of modern computing – Gordon Welchman, Hugh Alexander and others. At its peak, almost 10,000 personnel, around 75% of which were women, worked as part of Bletchley’s operation, who remained bound by the Official Secrets Act until at least the 1970s.
Qualifying businesses in many rural parts of the UK are eligible for a Voucher worth up to £3,500 to help get new leased-line fibre broadband installed under the UK Gigabit Voucher scheme.
The Government recently urged SMEs to apply, with Digital Minister Matt Warman MP arguing the £70m pot is “still there for the taking.”
But what is the Gigabit voucher scheme, and how does it work?
How fast is gigabit?
Gigabit broadband is 1,000 megabits/per second (around twenty-times the download speed of a normal domestic FTTC connection) and unlike conventional broadband, supports a ‘symmetrical’ upload rate that is equally as fast as the download.
In most cases however, SMEs will deliberately opt for a more limited connection speed on a gigabit ‘bearer’ (eg: 200Mbit/s up and down) to keep costs manageable, while retaining the capacity and option of regrading up to a maximum of 1,000 Mbit/s at a later date if needed.
What does the voucher get used for?
Most connectivity providers charge an installation cost on new Leased Line installations – normally based on the length of fibre cabling that must be ‘dug in’ to connect the business. The voucher is a refund to help offset this upfront cost. Businesses must pay the ongoing monthly connectivity charges as normal, but the voucher is intended to help firms overcome the initial barrier-to-entry.
I’d like £3,500 please.
Quite! Although the the voucher is paid direct to your chosen supplier. Once your business has applied and been deemed eligible, your supplier will submit your voucher with your details when you place the initial order for your leased line. After your fibre is dug-in and connected, the scheme will check that your service is live before paying your supplier the due amount.
If your install is less than £3,500 you are likely to only be awarded the relevant cost, rather than the full amount. In most cases businesses will be signing a leased-line term with their provider for the ongoing cost of connectivity – normally between one and five years.
Can I use my voucher via Lineal?
Yes! We use Gamma Telecom Ltd for fibre leased-line connectivity, who are an approved supplier under the Gigabit Voucher Scheme.
Why is this funding being offered?
Successive Governments have reasoned that investing in better broadband is good for UK business growth, but the logistics of physically digging in fibre cabling is left to third-parties such as Openreach. Those providers insist ‘hard-to-reach’ properties are not economic to connect under the regional FTTC and FTTP broadband roll-outs because of the upfront cost of this installation work, or that gigabit fibre to the entire country is only achievable over the long term. For the best return on investment, the Government wants to prioritise upgrading businesses that already suffer slow speeds.
Gigabit fibre installations to commercial properties are also a capital project – the physical fibre, once ‘dug-in’ to a business premises, may end up being used for years to come by future businesses who take over the site, allowing more companies to benefit from widespread upgrades to the existing infrastructure.
What are other businesses doing?
To date around £90m worth of vouchers have been awarded so far, and around 29,000 connections have already gone live. The Government’s election pledge during 2019 was for gigabit fibre for the whole of the UK by 2025, a target which is widely expected to be missed.
This leaves rural businesses dependant on inclusion in their regional fibre-to-the-cabinet broadband roll-out as a stopgap, hoping to be included in an early tranche of Openreach’s future FTTP roll-out, or looking to fund the upgrade to a leased lined themselves.
Help! We really are out in the sticks!
If the cost of your install is still too large, there are other options: such as pooling your vouchers with neighbouring eligible businesses, accessing faster connections via 4G or point-to-point link. Speak to us to learn more.
The combined NHS Digital Taskforce, NHSX, recently beta tested the new UK Covid-19 contact tracing app on the Isle of Wight, and have released code to the cyber security community to review.
The app logs interactions with other bluetooth-enabled smartphones each day, and allows the NHS to notify users who have been in contact with self-reporting Covid-19 cases that they should re-enter isolation as a precaution.
A recent blog post by the UK National Cyber Security Centre identified a number of areas for improvement, with the contact tracing app itself expected to be officially released in June 2020.
The Pairing Problem
NHS servers ping the app every 8 seconds to confirm active connections, and the app itself records received signal strength indicators (RSSI) via Bluetooth to gauge where users have been in contact with each other. Users then upload their records if they experience symptoms.
Any attacker with access to this upload traffic, (which does not include the user ID but is unencrypted) could begin comparing submissions via start/end times and signal strength readings, and would theoretically be able to pair these users together.
This problem of uniquely identifiable pairs potentially compromises the identity of the individuals using the app, as well as their location history relative to each other.
The NCSC have confirmed that in the release version, even ‘anonymised’ RSSI data will itself be encrypted, to stop any third-parties attempting to ‘re-identify’ either or both of the users.
Intercepting the Public Key
In beta testing, the Authority’s Public Key was not transferred to the user’s phone via TLS encryption (like a secured web-page) raising the possibility that although the app could be downloaded successfully, this important piece of information used for submitting data could be compromised.
This would be akin to a kind of ‘man-in-the-middle’ attack, where a user’s encrypted uploads could be (even if not unencrypted) sabotaged or withheld during transmission back to NHS systems.
Security researchers have suggested that since this key is not secret, it should be wrapped into the installation of the app itself.
The NCSC have since confirmed that intermediate certificate pinning has been used to reduce the risk of this happening, and that this limitation will be fixed once the Isle of Wight trial ends.
Bluetooth Broadcast Values
The app operates via broadcast values with change every 24 hours to prevent a device being tracked by Bluetooth over longer periods of time. This is significantly longer than the industry standard 15 minutes.
However, more controversially, a predictable ‘KeepAlive’ counter is used to connect old and new broadcast values, raising the potential for an attacker to re-identify the user beyond the 24-hour limit.
The NCSC defends the longer-term tracing as necessary to establish social interactions more accurately, but has resolved to randomise the counter to stop broadcast values being easily matched or the user re-identified endlessly.
Whistleblowing
Under beta testing, the app’s original policy documentation contained the line: “You may not publicly disclose any details of the vulnerability [that you’re reporting] without consent from NHSX.”
This would have run counter to the NCSC’s own vulnerability disclosure policy, which suggests that members of the technology community should be encouraged to highlight system weaknesses (particularly during public consultation beta-tests) for correction.
This line is to be removed from the public release version.
For cybersecurity support & IT expertise, please contact our team today.
In a statement, easyJet says that a “highly sophisticated cyber-attack” discovered in January 2020 compromised email addresses and travel details of roughly nine million travellers. For 2,208 customers, credit card information was also accessed.
No further detail has yet been publicised as to the nature of the breach, although the company stated that it had “closed off unauthorised access”.
The bad news comes at a difficult time for airlines, as air-travel has declined dramatically in the wake of Covid-19 restrictions. When faced with a similar situation in 2018, British Airways received a large financial penalty of £183m from the Information Commissioner’s Office.
The airline are making contact with all affected customers warning extra vigilance towards ‘unsolicited communications’, due to the heightened risk of phishing attempts from criminals masquerading as easyJet who may have gained access to customers’ personal details.
Under new GDPR guidelines introduced in 2019, it is mandatory that breached organisations report to the UK Information Commissioner’s Office (ICO), who are currently investigating.
For cybersecurity and IT Support expertise, please contact Lineal today.
The UK National Cyber Security Centre (NCSC) are officially removing the technical terms ‘Whitelist’ and ‘Blacklist’ from their organisation in an effort to be more inclusive.
The terms ‘Whitelist’ and ‘Blacklist’, which refer to lists of permitted and not-permitted things in the cybersecurity world, will be replaced with the more literal and accurate ‘Allow List’ and ‘Deny List’.
Prolific spam email domains for example are often ‘Blacklisted’ by system administrators – a negative association the NCSC feels should not, even inadvertently, imply a connection to skin colour.
The organisation, a more public extension of GCHQ, acknowledged in a statement on their website that whilst “…it’s not the biggest issue in the world…”, the organisation is acting positively in response to requests from the public, is making an effort to be more inclusive, and that using such terms might otherwise have impaired the recruitment of valued “future colleagues.”
‘Blacklisting’ also has an unfortunate connotation with an illegal practice of barring whistle-blowing employees and trade union members from working across certain sectors, which has a history within the construction industry among others.
Google Chrome, Microsoft Edge and others have made similar terminology decisions – deciding that pejorative references to colour should not be used in cybersecurity terminology.
For IT Support and cybersecurity expertise, please contact Lineal today.
Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’
In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.
In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.
There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.
Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.
Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.
For cybersecurity expertise and assistance, please contact Lineal today.
Lineal SQLWorks company Diamedica (UK) Ltd., who manufacture specialist medical solutions, are providing vital support to the NHS as part of the UK Government’s Ventilator Challenge:
Developed by Lineal’s in-house software development team, SQLWorks integrated business management software, is the core of Diamedica’s accounting, order-processing, stock and production control.
“…Diamedica (UK) Ltd confirmed today they are playing a critical role in the Government’s efforts to accelerate production of ventilators to support the fight against COVID-19. Diamedica’s ventilator designs were shared with the Cabinet Office team leading the challenge, who have been able to match the plans with specialist manufacturers who are able to start ramping up production quickly, and at scale.
Diamedica are now providing consulting services to the matched specialist manufacturers who are contracted to produce ventilators.
Robert Neighbour, Managing Director, commented “We are exceptionally proud to be a part of the effort to deliver ventilators for the NHS. Our product is already the leader within emerging markets and has now been selected to support the UK’s fight against COVID-19. I want to thank our team here at Diamedica for their dedication and efforts thus far, and all the manufacturing partners who are critical to this effort.”
For further information please contact Charlotte Green, Head of Sales and Marketing at Diamedica (UK) Ltd.”
The UK’s biggest telecoms providers have agreed to remove data caps from Home broadband packages during the Coronavirus lockdown.
Although most UK home broadband packages now come with an ‘unlimited’ data allowance (subject to fair usage), many legacy products still enforce a data limit which may incur financial penalties if exceeded. Much like mobile data contracts, historically these were usually set at a specific monthly data usage, eg: 200GB.
The move follows discussions with the Government and telecoms regulator Ofcom, who are seeking to support vulnerable customers during the Coronavirus lockdown.
The Department for Culture, Media and Sport has also stated that the measure will be ‘effective immediately’ and help ‘people to stay connected whilst they stay at home.’
An online crowdfunding campaign has been launched to pay the mobile roaming bill of migrating eagles being tracked the Russian Wild Animal Rehabilitation Team at the Siberian Environmental Centre.
The thirteen tagged Steppe Eagles, being tracked via bi-hourly SMS messages containing GPS coordinates, ran up a hefty data roaming bill after migrating across countries as far afield as Egypt, Georgia and India.
One eagle, named ‘Min’ by researchers, unexpectedly flew from Kazakhstan via Iran, initially losing signal but then sending a backlog of messages at high rates, before crossing into Saudi Arabia and reaching as far South as the Yemen.
At a cost of 7,000 roubles (£85 per day), Min quickly used up the programme’s entire budget for tracking all 13 Eagles, forcing the Russian team of environmentalists to turn to social media for financial support.
Considered endangered by the IUCN, the Steppe Eagle once commonly reached as far afield the Ukraine, but researchers were unprepared for expensive data charges across the Middle East, which can be three-times higher than those in the Russian Federation.
The centre’s crowdfunding campaign has raised more than 250,000 roubles (roughly £3,000), although Russian telecoms provider MegaFon has since agreed to write-off the wayward Eagles’ data roaming bill debt as a gesture of goodwill.
Microsoft are offering an initial ten free Charity Microsoft 365 licenses for Nonprofit organisations.
Microsoft 365 allows users across an organisation to work more flexibly, collaborate on shared work and maintain an ‘always-up-to-date’ software base across a charitable organisation.
The flagship ‘Microsoft 365 Business’ cloud IT bundle, which normally retails at £15.10+VAT per user per month (Or £3.80+VAT per month for NonProfits) includes everyone’s favourite Microsoft Office 365 apps such as Word, Excel, Powerpoint, Outlook and more. 50GB of Exchange Online email hosting per user is also included as standard, with 1TB of cloud OneDrive storage, and Windows 10 Pro licensing for each user’s device, packaged with a host of organisational security features.
Lineal’s Head of Technical Services Matt Norris explained: “This is a super offer which we’re expecting to do some real good in the Charitable sector especially – and hopefully nonprofits will snap up their free Charity Microsoft 365 licensing while it’s available. Office 365 makes flexible working and collaborative projects much easier, advantages that we know are a key concern for many in the voluntary sector.”
With the Government publishing official Brexit guidance, we take a closer look at 4 items likely to be important for the technology of UK businesses:
.eu Domains
For UK businesses using .eu registered domains, it’s expected that these will not be available for purchase or renewal after April 2019.
Official Government guidance is for businesses to purchase .co.uk, .com and/or .uk versions of important domains, and re-direct traffic in case of a ’No Deal’. Such action is likely to be more challenging for domain-linked services such as email.
This is also a difficult prospect for the unprepared: .com domains alone outnumber their .eu counterparts almost 40-1, so UK businesses may find themselves in a race to grab vital digital real-estate. Web developers and marketing teams might also have built significant reputational presence for the .EU versions of their company websites, and won’t relish the prospect of having to start over.
Mobile Roaming
UK Mobile users abroad currently benefit from EU roaming regulations that limit mobile operators to a default data usage cost of €50, with alerts generated as the mobile user approaches the roaming limit.
Official Government guidance states that in the event of a Deal this limit would continue during the ‘implementation period’ so mobile workers abroad would temporarily be protected against high roaming costs after 1st April.
In the event of ’No Deal’ outcome, EU roaming regulations would no longer applies to UK mobile users abroad, and restrictions on how much European mobile operators could charge roaming UK mobile users would be removed.
The Government states UK networks will soon be bound by new UK laws upholding the same financial penalties for their roamers abroad – although these UK-based networks are ultimately responsible for whether roaming services are available via foreign networks. Mobile users working internationally need to be wary when consuming mobile data abroad after 1st April 2019.
Data Sharing
Whether UK businesses can access customers’ (or any) personal data from the EU will be determined by an ‘Adequacy Decision’ taken by the European Commission; deciding whether UK data protection rules are sufficiently close to those of the EU for data transfers to be permitted.
The UK formally adopted the EU’s ‘General Data Protection Regulation’ (GDPR) during 2018 and will retain this beyond April 2019, suggesting that a common framework for a company’s ‘Legal Basis’ to process personal data is likely. However, the EC have stated this decision will not be taken until the UK leaves the EU.
Government guidance suggests companies dealing with any personal data from the EU, or with operations abroad, proactively seek legal advice to ensure they continue to be legally watertight when transferring data internationally after 1st April.
Geo-Blocking
‘Geo-blocking’ certain customers online based on their location is currently not permitted, but this restriction will effectively be lifted after 1st April – for UK trading businesses.
This affects many online retailers: for example those who deliver goods ordered online, online services (such as streaming or cloud hosting) or take bookings for services at physical locations (such as ticketing.)
UK businesses trading to the EU will still be expected to uphold EU rules – for example offering the same service to both French or German customers.
However, the lifting of Geo-blocking restrictions effectively opens the door for UK-based online retailers to offer different services to different UK customers, or UK customers when compared to EU customers. Businesses are still advised to seek independent legal guidance for any variations to their service.
Cisco’s Meraki have announced the release of Meraki Go, a new range of wireless access-point infrastructure designed for small businesses and the service sector.
The move suggests Cisco is seeking to expand their enterprise WI-Fi offering to a wider market, supporting smaller installations and public-access areas such as cafes, shops, hotels and small offices. Pricing is currently only available via certain routes (including Lineal), however many expect Go to represent a more cost-effective way to deploy the premium Wi-Fi features for which Cisco’s Meraki technology has become famous.
New access points have been previewed, for both indoor and outdoor settings. Slightly smaller than the enterprise range, these include a simple 1 Year hardware warranty, suggesting the hardware may be better suited to public-access locations, carry a lower cost of entry, and make more regular replacement a viable option.
Not that Cisco have fallen short on the feature set. In addition to web blocking of unwanted websites and usage limits on traffic, Meraki have included the all-important ability to run multiple Wi-Fi networks in parallel via the same hardware – an important tool for the service sector businesses needing both staff and public access Wi-Fi.
Both indoor and outdoor access-point models can be powered via a single ethernet cable from a POE switch to minimise cabling, include wall mountings as standard, and act as a ‘Mesh’ network; passing connected devices between the access-point with the strongest connection, without the need for the end-user to re-connect to the network as they move location.
Like its big brother, Meraki Go will require a subscription (either 1, 3 or 5 years), which provides support and security updates to Meraki’s supporting cloud-management app. As before, system admins can cloud-manage and configure their whole Meraki Go network via the Meraki management app, on PC/Mac, remotely or via their smartphone.
For Wi-Fi installations and support, contact Lineal today.
Microsoft has announced the release of a new Surface Go tablet, adding to it’s acclaimed Surface lineup.
The new addition to the touchscreen range is designed to be an entry-level offering, offering more basic specifications but far greater portability at just 1.15 lbs and 8.3mm thin.
At around $399, it’s difficult to say exactly what Microsoft is trying to achieve: the new model is less consistent with Surface’s more ‘premium’ brand, and doesn’t stack up particularly well on price against Apple’s entry-level iPad, or against cheaper Windows laptops on technical specification. Limited to Windows 10 S and an Intel Pentium Gold processor, the additional elements which makes the Surface range more interesting, like the keyboard and stylus controls for touchscreen artwork, are also optional extras.
Instead it’s widely believed the tech giant is attempting to win over customers in the education sector, where a budget offering from a reputable manufacturer is likely to appeal to departments looking to provision sets of devices.
As always, Microsoft may also be hoping that the Surface Go owners of today will be the Surface ‘Pro’ owners of tomorrow.
While a 9 hour maximum battery life and a 10-inch screen is likely to prove limiting for business use, Chief Product Officer Panos Panay noted it was the ‘perfect device’ for his youngest daughters – and the internet seems to agree, noting the release timing is suspiciously good for the new term.
Lineal are a Microsoft Gold Partner – IT assistance and expertise, contact us today.
North Devon IT support and software company, Lineal Software Solutions Ltd, has celebrated 30 years’ success in business.
First founded in 1988, our company, which supports businesses and organisations across the UK and beyond with a range of IT services, are preparing to move to larger offices in central Barnstaple in the Spring.
Managing Director Mike Matthews thanked staff past and present for all their hard work over the last 30 years:
“Technology (and hairstyles) have changed considerably since 1988, but for us the best is yet to come. I’m proud that during that time, we’ve played a role in the success of some of North Devon’s best-known companies.”
We have doubled in size in the last two years, now employing over 20 locally-based staff who work in IT support and software development on behalf of other businesses and organisations across the UK and, increasingly, overseas.
Lineal also now includes staff from disability social enterprise Pluss, apprentices and degree apprentices, training in cooperation with Petroc.
The company has been recognised as one of the South West’s few Microsoft Gold Partners, helped to launch the Barnstaple Town Centre Wi-Fi project, and is part of DigitalND – a new group designed to promote digital connectivity and skills in North Devon.
Mike added: “The South West still has important connectivity and IT skills challenges to address, but public internet access didn’t even exist thirty years ago. Now the small company we originally started in my back room supports trusted clients as far afield as Australia. Ten Years from now? Watch this space.”
For IT Support and expertise, get in touch with our team today.
Microsoft is seeking student UK technology developers to enter the 2018 Imagine Cup – with a chance to win $100,000.
The prestigious technology trophy, awarded every year to a team of three young people who develop a groundbreaking technology idea, are currently accepting entries for 2018’s Imagine Cup UK finals.
UK finalists are expected to be chosen in March (top prize $5000) with global finalists travelling to Redmond, Virginia (the home of Microsoft) for 2018’s worldwide finals, and a chance at a grand prize of $100,000.
The winning entry must be an original technology project, created from an initial idea to implementation and run from the Microsoft Azure cloud platform. Entries can be on any theme, although recent competitions have been dominated by inventions designed to not only demonstrate innovation, but contribute to human well-being.
Entries from the UK will be judged by an expert panel, including Clare Barclay Chief Operating Office of Microsoft UK; Haiyan Zhang, Innovation Director at Microsoft Research; Michael Wignall, National Technology Office at Microsoft UK; and Rob Fraser, Commercial Software Engineering Lead at Microsoft UK.
Microsoft’s insistence on the final solution operating via Microsoft Azure no doubt reflects their ‘cloud-first’ business approach, in addition to a recognition that the ‘global’ finalist’s winning idea should be a truly global possibility.
Winning Imagine Cup entries from previous years include a solution to help those with diabetes manage symptoms, a charity donation app that embeds into news articles, and the ‘Emma Watch’ – recently featured on the BBC for assisting those with Parkinson’s in reducing limb tremors.
Teams can learn more, and enter the competition, here.
Lineal are a certified Microsoft Gold Partner – learn more.
Microsoft’s Azure Cloud platform has taken the business world by storm, adding a record 120 thousand customers every month last year, 6 million total users, and holding an estimated 1.4 million SQL databases.
If you’re not technical, you could be forgiven for being unsure of what it actually is or how it works. We can’t hope to cover the over six hundred potential applications, but here’s a crash course guide to understanding Azure.
What is it?
Microsoft Azure is a business ‘cloud computing’ service created by Microsoft for operating IT applications and services from the cloud.
Everything run, tested, built, shared, stored (and more) from Azure exists in one or more of a number of secure Microsoft data centres around the World (or via a local service if you prefer.)
OK, but what is it actually?
Think servers. Lots and lots of servers. Locked down, climate controlled warehouses full of servers humming away running every computing process imaginable from email to databases, virtual desktops to machine learning, file storage to phone apps.
Customers who purchase Microsoft Azure services get access, via the internet, to a tiny fraction of this worldwide supercomputing infrastructure, with the option to run a huge variety of potential services in the cloud.
Azure itself has no-upfront charges, and is instead billed by the minute based on usage and the computing demands of the service purchased.
Why is that good?
This is instant access computing. Need 50 extra virtual servers by this afternoon? Tap a few buttons and they’re available.
The staggering economies of scale means Microsoft always has practically unlimited scalable computing power available, on demand, at subscription pricing.
The ability to spin up temporary services (impossibly impractical if you tried to resort to urgently buying physical hardware) and remove them again, allows businesses to react instantly and cost-effectively to even the most wildly fluctuating IT demands.
Even more mundane computing processes – such as large numbers of hosted desktop sessions can be delivered from Azure, without being such a logistical challenge.
OK, but what if it goes wrong?
Azure is reliable. Crazily reliable. Microsoft’s uptime statistics are as dependable as you would expect from their leading enterprise cloud service – in 2015 achieving a remarkable 99.9936% of annual uptime.
Much as with other Microsoft Cloud services (like Office 365’s OneDrive) an array of backup procedures ensures copies of data stored are protected and duplicates available for recovery. Virtualisation, where everything runs in an isolated software environment kept independent of the physical hardware, means individual drives and servers are expendable – your IT lives on, supported by the rest of the hundreds of remaining server racks.
Microsoft are discrete about their security, but in a data centre empire where every email is tested through a minimum of 3 independent antivirus services, it’s safe to say both physical and digital security is extremely tight. Centralised infrastructure also gives Azure (and every Azure customer) the kind of specialist professional and cybersecurity defences unavailable to all but the very largest enterprise corporations.
Need access to the remaining 0.0064% of the year? Remember that for at least half of the World’s inhabitants, it’s likely these 29 minutes of annual downtime will fall whilst you’re asleep.
Do I need a computing PHD to use it?
Yes and no. Anyone can, in theory, get started with a free account (and $150 of free credits) today from Azure’s website, and test out the service.
The interface is relatively intuitive and, like all Microsoft’s cloud services, works consistently across tablet and mobile devices if you wish to play about with Microsoft’s cloud until your free credits have expired.
However, in reality what you demand of the infrastructure is likely to require a more complex setup. Unless you’re a true enthusiast with some special requirements, Azure’s cloud infrastructure is like a private helicopter: not really optimal for personal use (and there are far more sensible options available)
Cost by the minute also means that, when choosing from the bewildering array of virtual machine specs and other services available, it would be easy to overspend if you’re not careful. Indeed part of Azure’s business model is based on ambitious, technology-hungry companies biting off slightly more than they can chew.
To make sure your Azure deployment is both effective and proportional to your budget, call the experts.
Lineal are a Gold Microsoft Partner – contact us today: 01271 375999
DCMS has published this year’s 2017 UK Government Cyber Security Report, suggesting a staggering 46% of businesses have been hit by a cyber security breach in the past year.
The average cost of a cyber security breach is reported to be £1,570, although larger businesses (of which 68% reported falling victim) show figures of £20,000 or higher.
The polling, conducted by research institute Ipsos Mori, suggests businesses are increasingly seeking external IT or security advice as insurance against potential losses – particularly basic training for non-specialist staff and information on specific threats to their industry.
Certain positives jump out: basic technical standards laid out in the Government’s ‘Cyber Essentials’ scheme have been rolled out by half of all firms (although this was always a low bar, and the report admits that fewer than one in twenty firms have referred to public sector sources for security advice)
More encouragingly, the most common cyber breaches all involve an element of preventable human error: those reporting a breach in cyber security cited the most common cause as staff clicking links in fraudulent emails (72%) with other typical risks including viruses, spyware & ransomware (33%) and impersonation (27%.)
Specific dangers identified included:
Less than 40% of businesses have segregated WiFi networks, or any rules for encrypting personal data.
More than 70% do not have any input from someone responsible for IT security at a senior level.
Only 20% have run any kind of cyber security training in the last 12 months.
With the planned changes next year brought about by the introduction of the General Data Protection Regulations (GDPR), the potential costs associated with a data breach could be set to rise. Having measures in place to mitigate this risk well in advance is sound advice.
For IT Security support and advice, contact Lineal today: 01271 375999
Lineal Software have been certified as a Bitdefender Partner for Bitdefender security software.
Bitdefender’s range of security products are used on millions of devices worldwide and the provider ranks highly in independent Virus Bulleton’s VB100 tests, as well as winning numerous quality awards for software innovation.
A wide variety of both Bitdefender Home and Business security products are available, across platforms including Windows, Mac and Android and more.
Lineal’s Head of Technical Services Matt Norris explained: ‘We’re very pleased to qualify as Bronze Bitdefender partners – this qualification only expands the range of IT security options which Lineal can offer to our customers and we look forward to delivering a high quality service for those interested in using Bitdefender.’
‘There are only a handful of Bitdefender partners in the South West, and Lineal are delighted to be one of them.’
Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.
The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.
Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.
Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.
In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.
For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.
The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.
Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.
Our website uses cookies to improve your browsing experience: you change your consent preferences here, however denying consent may adversely affect certain website functions. Privacy Policy.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
