We’ve launched a new online Trust Centre aimed at demonstrating Lineal’s commitment to Cyber Security and data privacy.

We take our role as your trusted IT provider extremely seriously, and we hope the trust centre will show what we’re doing to maintain the highest of industry standards.

Available online to anyone at any time, our trust centre acts as a transparent dashboard showing our current compliance standards, risk profile and cyber security best practices. In addition to reviewing our key policies, we’ve detailed what we do to keep staff, data and systems safe – across numerous areas including endpoint protection, network security, backup, infrastructure, app and information control.

Our intention is that the trust centre gives our customers confidence in our dedication to good cyber hygiene, and acts as a useful reference resource when our clients are dealing with 3rd-party supply-chain assurances, industry frameworks and insurance providers.

Furthermore, we hope that a detailed overview of the cyber security strategy employed by Lineal acts as a model for others, and a useful template for the kind of organisational transition our own team can help your organisation pursue successfully.

Those measures are backed by important standards: Lineal is an ISO 9001 & 27001 accredited organisation, Cyber Essentials and Cyber Essentials Plus Certified – with reviews of our status undertaken by Cybersmart, Microsoft, Alcumus and Huntress.

For Cyber Security expertise and support, please contact our team today.

Windows Server 2012 and R2, will officially reach its end of life on Tuesday 10^th October 2023.

Scary. End of life (EOL) means that Microsoft will no longer provide updates, patches, or security fixes for Windows Server 2012 R2. This termination of support poses several challenges and risks to businesses that continue to use this platform past the EOL date.

We explore the ramifications of this for your business and examine how Lineal can play a role in shaping the future of your server infrastructure.

So, what are the issues now facing clients?

Security Risks: Without regular security updates, Windows Server 2012 becomes vulnerable to new and evolving cyber threats. Hackers often target systems running on unsupported software, as they are more likely to find unpatched vulnerabilities to grant unauthorised access to company data. Using server hardware outside of its product lifecycle hinders the ability to detect and respond to security incidents in real-time, increasing the window of vulnerability to cyber threats.

Compliance Issues: Many industries and regulatory bodies require businesses to maintain up-to-date and secure systems. Using an unsupported operating system like Windows Server 2012 can lead to compliance violations under Cyber Essentials and ISO Accreditations. 

How can Lineal resolve them?

1. Upgrade to a Supported Server: The most straightforward option is to upgrade to a newer and supported Windows Server operating system. Windows Server 2019 or the latest version 2023 offers enhanced security, performance improvements all supported by our technical expert team.
2. Migrate to the Cloud: Many of our clients are adopting cloud solutions like Microsoft Azure. These offers scalable, secure, and managed server solutions that eliminate the need for on-premises hardware alongside reducing the burden of server maintenance costs through pay-as-you-go and reservations payment models.
3. Virtualisation: If a full server upgrade is not feasible immediately, consider virtualisation solutions like VMware. These allow you to run Windows Server 2012 in a controlled and isolated environment while planning your migration strategy meaning each virtual server can run its own operating systems independently.

The end of life of Windows Server 2012 signifies the importance of staying current with technology to ensure security, compliance, and compatibility. Our team is ready to assist your business in transitioning away to a more appropriate solution for securing your company’s data.

The National Cyber Security Centre (NCSC) has released its annual ‘Cyber Security Breaches Survey’.

The survey is used to inform government policy on digital security, educate British businesses, and ensure UK cyber space remains safe.

Data collected across over 2,400 business and 850 charities produced some startling statistics concerning the ever-looming threat of cyber-attacks infiltrating UK businesses’ digital footprint.

The report discovered that 39% of UK businesses detected an incoming cyber-attack during 2021. Phishing attacks made up a fifth of all threats identified – the most frequent type of malicious attack.

Organisations also revealed that ransomware was being recognised as a serious digital threat with 56% of businesses stating they have installed or will be introducing a company policy to not pay ransoms to cyber criminals.

Whilst 58% of small and medium businesses disclosed to outsourcing their IT Support service, only 23% of surveyed businesses had a cybersecurity incident management strategy in place that is more advanced than a basic endpoint antivirus.

NCSC promote a blend of regular cyber security learning and training processes within your business to better inform the deployment of traditional cybersecurity software measures across all the organisation’s IT systems.

This multi-layered approach aims to counteract the report’s discovery that a lack of cyber technical expertise amongst UK businesses is to blame for threats going undetected.

Similarly, a company-wide policy of digital hygiene erodes the false assumption that managed cybersecurity strategies are a cost to the business rather than a strategic, protective investment.

31% of business admitted being attacked at least once a week showing that any weak link in an organisation’s cyber defence can have grievous financial implications.

To mitigate this, we recommend organisations follow the NCSC’s guidance and adopt Cyber Essentials and Cyber Essentials +. The scheme requires businesses to meet or exceed an assured set of security requirements each year to protect against common forms of online crime, technology dangers and digital threats.

It is estimated that a Cyber Essentials certification can reduce your organisation’s risk of a cyberattack by 98.5% – contact Lineal to assist with your organisation’s application and to help you meet the requirements for a successful certification or re-certification today.

This year GCHQ’s National Cyber Security Centre have introduced stricter new rules for businesses and organisations hoping to achieve UK Cyber Essentials (CE) and Cyber Essentials Plus (CE+) Certification.

In addition to promoting the scheme’s key priorities, the new terms for successful assessment are widely believed to be partially a response to recent events – including more widespread remote and home-working via cloud-based web services during Covid-19, and a series of devastating ransomware attacks that disrupted major infrastructure in the US.

Need a taster of what’s to come? Here are our key take-aways:

Cloud Services under the spotlight

In previous years organisations could exclude many cloud-based platforms from the scope of their assessment – but with the wholesale move to the cloud only accelerating under working from home, and web-services containing ever more data, cloud-based systems such as Microsoft 365 and Google Workspace move squarely into the frame.

Multiplying multi-factor

Most critically this year, two-factor authentication will become compulsory for all administrator accounts registered to cloud-based services – as the NCSC tries to stop hackers obtaining credentials and then remote accessing their way to cyber-devastation. Expect user accounts to follow in 2023 – an exemption may be granted under certain circumstances, but it’s clear the days of the old ‘password-only’ login are numbered.

2022 also places new restrictions on passwords: organisations are encouraged to have password managers enforcing random 8-characters or more, or a 12-character pattern, at a minimum. Mobile devices and similar should have minimum 6-figure pin or biometric security – with a recommended lock-out for ten failed password attempts.

Sub-networks under scrutiny

Sub-networks may now only be excluded if they don’t have a connection to main networks or no internet-access – meaning many organisations will now have to detail their satellite and subordinate operations more fully.

Patching-discipline is said to be the most common reason for failing a Cyber Essentials assessment – the 14 day patch window remains, but automated updates should now be enabled if available. Thin client devices are to be included from next year, and unsupported software should be air-gapped on sub-networks that don’t have internet access.

A question of hats

All super-users are now meant to have distinct user and administrator accounts, with stronger security on the latter. This distinction extends to cloud-services, meaning administrators will have to swap between their day-to-day functions completed on user accounts, and their admin roles where they have elevated privileges.

In the wake of the Colonial Pipeline ransomware attack and others, it’s clear rules for admin accounts will only become more stringent.

Greater auditing

Cyber Essentials Plus Certification will increasingly require more in-depth auditing by independent inspectors – including sending malicious test-emails, validating software versions, testing file access, and confirmation of the all-important admin/MFA rules described above.

Lineal are a Cyber Essentials Plus certified organisation, and can help your team achieve certification. Contact our team today.