Firewalls and encryptions were once the epitome of cybersecurity resilience. But the growing sophistication of attacks means traditional methods will no longer suffice — particularly for the UK’s housing associations, which are responsible for an ever-increasing volume of sensitive tenant data. Sharing why an active, proactive strategy beats reactive every time, our operations director John Blackburn explores the holy grail of cyber crisis simulation…
There are a number of pressures adding to housing associations’ plates right now. Plates that are already spinning at 100 miles per hour.
As well as resourcing constraints and stretched budgets, to name just a few challenges, organisations are plagued by the possibility of falling victim to a cybersecurity breach. Not only more frequent than ever, these threats are becoming more nuanced too. And the sector’s close proximity to government and public sector organisations makes them an even more attractive target too. So what can be done to mitigate the risks?
Today, it’s all about delving deeper than defence. Unless you’re a seasoned cybersecurity professional, working closely with variations of attacks on a daily basis, getting ahead of the curve and knowing which systems threat actors will target next can be difficult.
And with human error posting more risk than ever right now, factors beyond technical vulnerabilities should play a key role in boosting resilience. According to researchers from Stanford University and cybersecurity firm Tessian, approximately 88% of all data breaches occur at the hands of an employee mistake.
What is cyber crisis simulation and how can it help?
Proactive penetration testing methods certainly have their place — pinpointing weaknesses in a company’s IT estate that could be exploited elsewhere. But they not only fail to account for human error, they also only provide a snapshot of cybersecurity defences at the exact time the exercise was conducted.
Here’s why cyber crisis simulation is better:
Keen to simulate a cyberattack of your own? Get in touch, and we’ll help you formulate a robust strategy.
In today's digital age, cybersecurity has become a top priority for companies of all sizes and sectors. The constant threat of cyber attacks looms large over organisations, making it essential to invest in robust IT security measures that demonstrate ongoing commitment to safety, privacy, and compliance. This is especially true for the UK’s housing associations, where ‘cyber liability’ has become a central part of many insurance programmes.
But with so many competing priorities, and a lot of time and expense involved in achieving various accreditations, how can IT leaders ensure they reap the benefits of their investments, and that everything goes as smoothly as possible?
John Blackburn, operations director at Central Networks, shares the significance of Cyber Essentials certification, and highlights how a managed IT services provider can help alleviate the complexities associated with obtaining and maintaining these credentials…
How Cyber Essentials certification can strengthen organisations’ cyber security posture
Cyber Essentials is a government-accredited scheme designed to assess a firm's readiness in defending against common cyber threats. By achieving certification, companies can showcase their dedication to safeguarding their IT systems and sensitive data — demonstrating not only their commitment to cyber security, but also acting as a prerequisite for obtaining cyber insurance coverage.
What is cyber insurance and why is it important?
As organisations combat the increasing sophistication and proliferation of digital attacks, cyber insurance has naturally gained immense importance too — providing financial protection and support in the event of a crisis.
However, many insurance providers now require organisations to have Cyber Essentials certification as a condition for coverage. This requirement ensures that firms have implemented fundamental security measures and reduces the risk of cyber incidents — providing a clear picture of your organisation’s security posture, reassuring customers that you are working to secure your IT systems against threats, and increasing the attractiveness of your firm when attracting new business on a client and stakeholder level.
How a managed IT services provider can help ease the headache
Navigating the complex landscape of cybersecurity and Cyber Essentials certification can feel incredibly time-intensive. With resources already stretched in sectors such as social housing, managed IT services providers like Central Networks can prove a critical piece of the puzzle. Offering a comprehensive service to review your organisation's IT systems and ensure they meet the necessary requirements for the government accreditation, their impartial support can significantly reduce the headache throughout the entire process.
Able to be instructed on an ad-hoc basis, or as part of a larger scale support service, the service includes:
Ultimately, we’re hyper-focused on streamlining the process and making it easier for firms to maximise their security posture and obtain the certification. In rare cases where remedial work is needed, Central also provides the required support — although our thorough assessments make it unlikely that significant issues will arise.
Take proactive steps today to safeguard your company and build a resilient cybersecurity foundation with Cyber Essentials certification. Get in touch, if you’re looking for specialist support to help ease the burden.
Recently in Housing Executive our operations director John Blackburn outlined some of the biggest IT challenges facing the social housing sector and the role that outsourcing could play in resolving them.
When it comes to IT provision, housing associations (HAs) aren’t known for their big budgets, and there is increasing pressure to streamline systems and demonstrate greater return on investment. However, privy to large amounts of sensitive data, they still need access to high-quality, robust tech support.
Achieving budgetary and operational efficiency
Managing a range of complex, integrated systems and portals is no easy task for social housing IT professionals. And with an increasing number of daily help desk tickets being raised — comprising login queries, authentication issues, antivirus questions, and more — everything can rapidly feel like a competing priority.
Enlisting the help of an experienced IT partner — whether for help desk requests and security, or larger technology integration and transition projects — can bring significant financial and operational benefits.
Offering the ability to scale up or down as required, it means housing associations have the support they need, and only pay for what they require at that moment in time – with the guarantee that the resource will be readily available.
It is commonly misconceived that outsourcing IT replaces in-house teams. The reality is the two can, and should, complement and enhance one another. With external assistance, internal teams can afford the time and headspace to focus on the core business applications and tactical future of the HA’s tech stack, without getting engrossed in help desk issues.
Overcoming recruitment challenges
The shortage of high-level talent within IT teams and beyond is a growing concern for social housing organisations across the UK. Not having the right personnel in place can greatly impede growth, stifle efficiencies and productivity, and result in spiralling recruitment fees. And this will remain a reality if a solution is not found.
To help avoid skills shortages within technology departments, outsourced teams could hold the answer – whether temporarily or permanently.
As experienced specialists who are highly skilled in their role, they can be engaged at short notice to bring an immediate solution to an urgent project need. Furthermore, outsourced teams regularly work across a spectrum of clients and industries, which means they can use knowledge and learnings from other projects to help quickly solve persistent issues.
Ensuring a strong security posture
The dramatic shift to more flexible, hybrid, and digitally focused ways of working means that effective cyber security strategies are essential — enabling full visibility over software and hardware updates, antivirus technology, firewalls, Virtual Private Networks (VPNs), and more. But it also affords more secure access control – ensuring only authorised personnel within the organisation can gain entry to sensitive data.
Specialist outsourced IT support can also work with housing associations to improve the performance of virtual and physical servers, including when they should be backed up and at what frequency — whilst also devising a robust recovery plan. This details the steps to be taken to regain access and functionality to IT infrastructure — following events such as natural disasters, cyber-attacks, or business disruptions. For example, in the case of a hacking attempt, what data protection measures will the recovery team have in place to respond?
By having processes and procedures for a disaster recovery plan set up, and regularly testing and optimising security and data protection strategies, social housing providers can successfully navigate such challenges.
Obtaining peace of mind
Against the current backdrop of IT-resource challenges and economic uncertainty, having the flexible, specialist support of outsourced IT can not only alleviate some of the burden but boost efficiency too – providing housing associations with the peace of mind that their IT infrastructure is fit for purpose both in the present and for the future.
The shortage of high-level talent in the social housing sector is well documented – with 71% of employers expecting to face recruitment difficulties over the coming year, a third having already experienced a scarcity of projects and change management skills, and half increasingly struggling to find candidates with senior leadership qualities.
But with sector activity continuing apace during economic downturn – as people depend on affordable housing solutions – coupled with nearing government targets to tackle the under-supply of properties, the need for skilled talent has never been so great.
Outsourcing IT services is certainly not a new concept, but it’s one that is often overlooked when finding ways to combat such recruitment challenges.
Here, our operations director and social housing specialist, John Blackburn, explores how re-allocating the help desk function in particular, can deliver significant financial, operational, social, and environmental benefits.
Whilst managed services providers (MSPs) aren’t immune to the skills shortages facing the social housing sector, they remain an excellent way to access a rich and diverse pool of knowledge and expertise.
As specialist organisations with a wide network of industry connections, they’ll often onboard professionals who are both experienced and highly skilled in their role – and don’t require dedicated training. It’s because of this that MSPs can be engaged at short notice, to bring an immediate solution to an urgent project need.
Boasting experience and expertise in a variety of sectors, MSPs are able to tap into intelligence from different customer projects to offer first contact resolution and facilitate a higher quality end-user experience.
With the ability to enter service level agreements (SLAs) with outsourced IT companies, IT teams working within housing associations can also reap the benefits of improved performance. Not only is it easier to turn the dials up when compared with internal teams, but it’s also easier to measure and feedback on process, due to greater oversight.
There’s a common misconception that MSPs act as a direct replacement for your internal teams. The reality is, the two can easily work together effectively.
By outsourcing your help desk function, your managerial and human resources teams won’t need to add handling an IT department to their list. A third-party partner will take care of everything – and often around the clock – leaving your organisation free to focus on the strategic and tactical future of its tech estate.
It’s important to remember that growth doesn’t always come from more business – often, it’s about having more time to concentrate and look at the bigger picture.
With in-house IT help desks requiring multiple, full-time salaries, added operational costs, and ongoing training budget, MSPs bring significant financial benefits to your organisation, too.
Offering the ability to scale up and down as required, organisations can pay for the specific IT services they need, when they need them – with the guarantee that the resources will be readily available. Plus, the MSP will take care of the full project – from technology integration and transition to long-term end-user support – to remove unnecessary headaches and help retain in-house talent.
In recent years, we’ve witnessed a dramatic shift to more flexible, hybrid, and digitally-focused ways of working. And as a result, there’s an ongoing need to keep pace with the wants and needs of today’s employees. To do so, organisations must be able to offer innovative solutions that are user-friendly and efficient, whilst keeping a sharp eye on finances.
With vast expertise in services – spanning cloud consultancy, security-first SD-WANs, IT environment audits, transformation services, and more – MSPs can offer valuable infrastructure and support to help you compete in the talent market and attract skilled workers.
Our team at Central has a collective 250 years’ experience within the technology industry – so not only can we provide the know-how, but cost-effectiveness and a professional service to boot.
We make it our mission to be seen as an extension of our clients’ IT teams, so if you need our help short-term to solve a problem in the long-term, let’s talk.
In today’s cyberwar climate, everyone is a target – not least for malicious phishing emails.
An attack vector used by criminals to gain access to personal information – such as login credentials or banking details – phishing usually manifests in email, SMS, or telephone messaging. By posing as a trusted sender to dupe targets, perpetrators present a significant threat to organisations large and small, with the potential to gain dangerous foothold into corporate networks and compromise sensitive information.
What’s more, with the increasing sophistication of cybersecurity attacks, it can be hard to differentiate genuine digital communications from fraudulent ones. Emails sent from malignant senders may read well and look professional – sharing an acute likeness with examples that have landed in your inbox before – but that doesn’t always mean they’re legitimate.
However, by exercising caution and looking out for the major warning signs, there are ways to arm yourself from these invasive attacks. Although state-of-the-art technology is available to help identify threats, it’s unrealistic not to expect some to slip through the digital net – that’s why humans must be a primary defence, too.
So, without further ado, here are five tell-tale signs that you should bear in mind…
1. Grammatical errors and misspellings
An immediate signal that an email has come from an untrusted source is that it contains grammatical errors and spelling mistakes – whether that’s one or two, or riddled throughout the entire copy.
This is because phishers don’t have access to the same resources that professional writers do, and so their work has seldom been proofed and standardised by another pair of eyes. Because cybercriminals also spend a lot of their time distributing malicious messaging, their attacks are often rushed and therefore more likely to contain errors.
Of course, legitimate emails can sometimes land with minor mistakes, likewise fraudulent ones aren’t always replete with typos, so be sure to consider other factors before jumping to conclusions.
2. Inconsistencies in email addresses, link, and domain names
Looking for discrepancies in email addresses, links, and domains is another way to identify potential phishing attempts. Unless made explicit previously, a sender’s email address should align with prior correspondence – if it doesn’t, this should raise alarm bells.
It’s also worth checking that embedded links throughout a message correlate with the pop-up that appears when a cursor is hovered over the top. For example, if you have received an alleged email from Central Networks, yet the domain of the link doesn’t include ‘centralnetworks.co.uk’, you should flag this as a potential threat. Checking for misspelling is also crucial here, as a sender may pose an almost identical alternative, such as ‘centrallnetworks.co.uk’.
3. Suspicious attachments
Stretched, blurred, or pixelated images – as well as attachments that are unexpected, don’t offer a preview, or have an extension commonly associated with malware downloads (.sys, .exe, etc.) – should arouse suspicion. However, with the right software, recipients can scan these for viruses before choosing how to act.
If an infected attachment is presumed to be benign and opened, it will unleash malware onto the victim’s computer and enable cybercriminals to perform any number of nefarious activities.
Unless you’re entirely confident in the legitimacy of an image or attachment, it’s always best practice to leave them unopened. You could always contact the sender through an alternative method to verify the contents, if you think it might be important.
4. A sense of urgency
Perpetrators have a tendency to create panic in their digital communications, largely because swift decision-making has the ability to cloud judgement and leave errors undetected – ultimately ruining their plans to compromise your data.
While urgency can take shape in various ways – such as suggesting that an account is restricted, that details have expired, or even threatening negative consequences if a demand is not met – the likelihood is, someone who had a genuine need for haste would reach you on a personal contact number to speak directly.
Always be cautious with time-sensitive requests, and make sure they align with something you’d expect. For example, if you’ve just had a failed attempt to log into a Microsoft account and received an email saying that your password must be reset, it’s probably real – though be sure to check for other areas of concern so you can be confident it’s not a cyber-attack.
5. Unusual requests or an unfamiliar tone
Intuition is a real virtue in the digital world. If an email arouses suspicion because it doesn’t seem like something you’d usually be approached for, or how someone would usually communicate with you, it’s a good idea to trust your senses.
For instance, if a colleague is overly familiar – despite having only engaged with you once or twice – or a company that you don’t recall having any involvement with requests updated information, this should raise a red flag. It’s always a good idea to look for other indicators that such examples could be illegitimate.
Identification is the first step in any cybersecurity strategy, which is why employee awareness of phishing scams is crucial. The chances are, if one member of the team is on the receiving end of a threat, others are too. By reporting suspected fraudulent emails to the incident and security response team – or your organisational equivalent – employees can enable rapid responses to potential phishing attacks and help mitigate the risks of sabotage.
Falling prey to cybercriminals can be daunting, but with the right knowledge and procedures in place, it’s an avoidable feat that can help protect not only your personal data, but also your reputation, time, and expenses.
For further support on phishing, please don’t hesitate to contact our team. Or if you’re seeking assistance with a wider variety of professional IT services – to help streamline operations and spearhead strategic growth – we’d love to chat about that, too.
You can reach us on 01706 747 474, or by emailing email@example.com.
The cloud is a revolutionary computing paradigm that has completely transformed the way we do business – not least by generating significant efficiencies across the board.
Taking software and data out of local premises and placing them within a secure global network of remote servers, the cloud operates as a single ecosystem to help manage and maintain digital infrastructure. Underpinned by third-party operation, it enables 24/7 access to data whilst eliminating unnecessary expenses and downtime.
The chances are, your firm is already using a handful of applications hosted on the cloud – from social media sites and email platforms, to productivity suites offered by industry giants like Google and Microsoft.
And with an endless selection of options to deploy resources – from public, community, and private, through to hybrid models – organisations of varying scopes and sizes can benefit from a complete computing overhaul.
But proceed with caution! While the benefits of using cloud-based services over outdated, in-house IT models are clear – reliability, scalability, efficiency, and security, to name just a few – it’s not necessarily right for every company.
So, to help inform your decision and formulate the most successful strategy for your organisation, here are some of the key things to consider when determining the suitability of cloud computing…
While the cloud offers a significant range of cost efficiencies – through the elimination of redundant technology and labour requirements, lower power costs, and reduced carbon footprint – it’s important to evaluate the price of switching infrastructure.
Capital expenditure (CapEx) and operational expenditure (OpEx) should be key considerations when weighing up your options – as the financial differences will influence the option you choose.
For most businesses, a pay-as-you-go OpEx plan is the obvious choice, helping to keep financial forecasts stable and predictable, while offering the flexibility to cancel or modify a plan at any given moment, and freeing up internal resources to focus on driving value for your organisation.
However, if companies prefer to take control of cloud services – including costs and maintenance – and generate long-term revenue by improving production facilities and boosting operational efficiency, a private cloud might be a more suitable option.
Security and compliance.
With the increasing sophistication of cyber-attacks, maintaining a strong cloud security posture is key if your organisation is to house highly sensitive business information and intellectual property online – especially if your industry is highly regulated. Luckily, most private and hybrid infrastructures support compliance, but scrutinising this area to ensure your company’s needs are met is crucial.
The off-site nature of cloud storage, in which data is hosted in a separate location from your business, automatically reduces some risks – including the removal of USB sticks, or forwarding of login details – but there are some other key elements to look out for in your security strategy. These include:
Collaboration and flexibility.
Cloud-hosted platforms enable users a greater degree of flexibility, by allowing them to access files anytime, anywhere. It doesn’t matter if your teams are working remotely or in the office, on a laptop or a tablet – as long as each device is connected to the internet, important files can be accessed and updated conveniently.
But that’s not all, cloud-based software suites like Office 365 also unlock contemporary ways of working by empowering creative collaboration. With the ability to share documents both internally and externally, co-author in real time, and attend meetings virtually, cloud computing not only creates a shared understanding across your organisation, but crucially bolsters the team dynamic and encourages fresh ideas into fruition.
But don’t just innovate for innovations’ sake – if your teams are successfully collaborating without needing cloud intervention, don’t feel like you have to make a change.
While the technology industry has become a burgeoning powerhouse in recent years – offering an ever-increasing myriad of benefits to businesses from SMEs through to corporate enterprises – there can often be a mounting pressure to conform.
And while growth often brings an unavoidable need to adapt in some form or another, change can be marginally different from one organisation to the next.
To delve deeper into the topic of cloud with one of our experts, please don’t hesitate to get in touch – let’s discuss your options, together.
Central Networks are a strategic technology partner. Excellent technology is a given, customer service, trust and long-term relationships are what drive our business. We support CEOs, Heads of IT, IT technicians and transformation directors to ensure technology provides an edge to their organisations.