On the day the Titanic sank the crew received 7 iceberg warnings, yet such was the competition to make the crossing in 6 days orders were given to maintain the speed of the ship in the mistaken belief they could carry on unaffected.

Now if the crew had heeded the warnings to slow down they would have stood a much better chance of avoiding the icebergs and in particular of course the iceberg that led to their sinking.

That's not to say good security means you need to slow down.

Whilst not wishing to mix metaphors brakes were not added to cars to make them go slower, quite the opposite - brakes were needed to allow cars to go faster.

Just maybe don't ignore the warnings in the belief that somehow you will remain unaffected as you sail you own ships through seas unfortunately filled with icebergs.

Contact us to see how we can help you steer your ships and stay safe as you do business in an increasingly connected world

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about public or insecure Wi-Fi.

Unsecured Public Wi-Fi is a minefield of security risks. If you're connecting to an unsecured access point or a network where the key is publicly available, such as an airport, coffee shop or public event then you're susceptible to a host of different types of attacks from people who want to steal your personal or company data.

Connecting to these networks without considering the security implications will mean that any malicious individual lurking about could have complete and unrestricted access to the data you transmit and receive, including usernames and passwords as well as the data on your device. They could even install malware that could compromise your more secure devices at home or at work when you reconnect to those networks later.

One popular technique to exploit people looking for "free Wi-Fi" is to advertise a free hotspot which is in fact a malicious network to capture data or install malware on the devices that connect to it. The best way to avoid the risks is to only connect to networks that you trust and if you really must connect to an unsecured Wi-Fi hotspot then use a VPN.

A VPN will wrap traffic to and from your device in an encrypted tunnel to prevent it from being intercepted or captured. If you'd like to know more about how you can protect yourself or your company, contact us today.

Surely more security is always better right? Surely you can’t have too much? Maybe not - find out more

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week Tony talks about free advisory sessions for startups and entrepreneurs to help them think about security as they take their first steps with their new businesses.

When setting up a new business there are lots and lots of things to think about, and probably many things will come up that you never knew to think about, but security is not something that should be bolted on afterwards but rather something that should be thought about from the start.

Thinking about security from the start will always put you in a better position after all no business can afford a data breach or significant cyber event and most new businesses and startups won’t survive if they are attacked. A mistake small businesses make is thinking they don’t need to worry about cyber security but nearly half of all attacks hit small businesses so this is not something only larger firms need to think about.

The controls that startups and small business should put in place are often fairly basic and most come with no or little cost attached so are within the reach of all firms no matter how small – and these controls help to protect against the vast majority of attacks. If you’re a new startup or entrepreneur contact us today to arrange a free chat to you on the right track to defending your new business.

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about risks posed by home routers.

A recent study in Germany of 127 home routers from 7 different brands including D-Link, Linksys, TP-Link and Zyxel found that almost 60 percent of models hadn't had a security update in over a year and most were affected by hundreds of known vulnerabilities. On top of that, they found that vendors were shipping updates with no fixes for critical vulnerabilities that have been known about for many years, some are even observed as being actively exploited.

Most routers are based on a Linux operating system which is patched and maintained regularly but the home router manufacturers are choosing to use old and known vulnerable versions of the operating system without sending updates to customers devices.

The lesser of the evils seemed to be Asus and Netgear who both applied more security fixes more frequently but another recent study found that 79 of Netgear's routers have a critical security vulnerability that would allow a remote attacker to take complete control of the device and the network behind which has been present since 2007.

With the increasing popularity of home working it is essential that both individuals and firms take in to account this increase in attack surface and apply appropriate controls and mitigations to prevent their data and their clients data from being captured by malicious third parties.

When approached correctly, home working can provide significant benefits to productivity without compromising security. Speak to us today to find out how you can achieve this.

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week Tony talks about the CIA, or AIC, triad

What is the CIA triad, or AIC triad to distinguish it from one of the US intelligence agencies?

C, I & A relate to Confidentiality, Integrity and Availability.

Confidentiality is the protection of IT assets and data from unauthorised users. Integrity is ensuring that data is accurate, able to be relied upon and has not been changed or modified in an unauthorised manner and availability is ensuring that IT assets, data and networks are available to authorised users when they need it to be.

A loss of any one of these could be catastrophic to your business so you need to make sure you have appropriate controls in place to protect and if necessary recover from any problems.

Talk to us to see how we can help you.

In this week's Tip Tuesday, Bruce looks at the role of HR in Cyber Security.

Cyber Security, and the wider field of Information Security, require a combination of technical controls and people controls to reduce risk. HR has a major role in both.

This is more than education and awareness programmes.

It's about ensuring the leadership team demonstrate consistently good practices, because employees watch what their leaders do and will follow their behaviours more than their words.

HR should also work with managers to drive an appropriate conduct management for employees who deliberately circumvent or disregard cyber security controls.

It am not talking about punishing honest mistakes, because it is important to foster a culture where employees quickly admit mistakes.

I am talking here about employees who do things like repeatedly sharing passwords, or leaving their computer screen unlocked, or leaving confidential papers on their desk overnight. Or worse, an employee who abuses their system access privileges or makes fraudulent transactions.

Contact us to see how people controls and technical controls fit together as part of your defence in depth.

Welcome to this week's cyber tip Tuesday. This week James is talking about diffusion of responsibility and the problems it can cause.

Security is often a casualty of diffusion of responsibility.

This is characterised as the decreased responsibility of action and consequence that individuals feel, when they are part of a group.

As information security is, by definition, the responsibility of everybody within an organisation, the conditions offer a perfect environment for this well-documented psychological phenomenon to emerge.

You can mitigate this by introducing tighter technical controls to support your existing policies but a more effective approach is to work with your people to re-introduce individual responsibility for security.

This can be through frequent training and awareness programs or by incentivising positive behaviours.

If you'd like to know more about how your organisation can protect itself better, please get in touch.

How much security is enough security?
You can never have too much security - right…?!
Maybe not - watch to find out

Welcome to this week's Tip Tuesday, this week Bruce talks about the basics of Ransomware.

Ransomware is malicious software, or malware, that criminals install on your computer to encrypt your data and lock down your computers. The criminal then demands payment in exchange for giving you back your information.

This usually starts with your employee clicking on a link in an email or an attachment. The malware then spreads across your network and corrupts your computers. In some cases, it will also take a copy of your data and send it to the criminal.

One of the classic ways to reduce the risk of successful ransomware is to take a regular back up of your information, so that you can revert to that copy and continue with your business. But now criminals are threatening to publish your confidential information online if you don't pay, which can severally damage your reputation and potentially destroy your business.

So the best thing is to avoid being a victim by implementing a range of controls, including stopping the criminal entering your system.