Boardish has released a cyber landscape report that summarises the latest changes in the threat landscape. As a tool created for CISOs and cyber professionals who work on quantifying the impact of cyber threats and solutions into financial figures, Boardish has recently moved from beta to production.
The ultimate goal that Boardish wishes to achieve is to simplify the quantification process for CISOs and other cyber professionals, helping them get faster insight into the cybersecurity landscape and impact of new threats and solutions.
Their new cyber landscape report shows that the threat landscape has experienced quite a number of changes at the beginning of the year. One thing that they picked up is that there is a link between the three main threat increases that were registered: unpatched machines, ransomware, and data breaches.
The Boardish cyber report places unpatched machines to the very top of cybersecurity issues. This threat experienced the highest increase of 18% after NSA has discovered there is a vulnerability in the Windows 10 systems. The number of machines affected by this vulnerability goes over 900 million, which is more than enough to raise the risk assessment for unpatched machines from medium to high, as it has the potential to be the next nation-state type of attack.
Eternal Blue, the exploit used for the WannaCry ransomware is still affecting machines around the globe. When combined with the number of machines that could potentially be affected and the impact of previous nation-state attacks, any organisation with unpatched machines should treat the risk as a priority.
This leads us to the next threat highlighted by the cyber report: ransomware. It has increased by 11% across all company size categories.
It’s connected to the number of unpatched machines and also the fact that there are numerous other attack vectors for ransomware infections, with phishing being the most popular attack vector.
Ransomware is so popular because it’s the easiest way to get money quickly, but there has been an increase of instances of the ransom NOT being paid, in which case attackers released the data and caused a data breach.
This brings the impact level to maximum. Another interesting finding is that the level of turnover days increased by 15%, and the reason for this is twofold: business systems are more complex, and ransomware attacks are more sophisticated. Ransomware should, therefore, be treated as a top priority threat.
Data breach threat has also increased by 7%, but unpaid ransomware isn’t the main reason. Instead, increased amounts of data were the primary factor in companies with more than 500 employees, as per our cyber landscape report. The data breach risk factor is serious enough to lose market positioning, and coupled with the high-regulation impact, the risk is raised to high.
User error is becoming a more common reason for data breaches, so companies should make sure they are protected not just from external but also internal threats.
The best way to deal with each of these threats can be thoroughly tested in Boardish so that CISOs and other cybersecurity professionals immediately see the effectiveness of solutions and present these in front of the board in financial terms.
Data protection is more important than ever, but also much harder to achieve. It was fairly simple to previously protect data storage from hacking when it was only saved on-prem and there was limited access.
Today, data storage and access are more dispersed. Remote employees, cloud storage solutions, BYOD policies, and access via multiple devices from anywhere make data protection seem like an impossible goal.
It’s important to understand that a data breach is a business issue, not just an IT issue.
To make sure your company and customer data are safe, you will have to protect data storage from hacking attempts. The following data storage safety practices will help you achieve a high level of data security and compliance.
1. Use strong passwords
The most common way data storage is hacked are weak or shared passwords. You would ever store thousands of dollars behind a simple “0000” or “12345” password? No.
The data you are trying to protect is worth even more than that, so make sure that anyone with access to it has a strong, complex, and unique password.
Weak passwords are present in almost every organisation and can cost corporations millions in damages because of data breaches.
To avoid hacking attempts, have a proper password protocol in place. All passwords that provide access to data should have a minimum of 12 characters and shouldn’t be complete words.
Use a combination of upper- and lowercase letters, numbers, and symbols. The password should not have personal meaning – no names, addresses, dates, or anything that can be unearthed on social media.
Passwords should also be changed every 6 months.
2. Add Two-Factor Authentication
Additional authentication protocols should be a standard practice to protect data storage from hacking.
In case your first authentication layer – the usernames and passwords – end up in the wrong hands due to a successful phishing attack, the second layer of protection in the form of two-factor authentication (or multi-factor) will keep data safe from outside access.
The authentication server will prompt the user to input another security code after authenticating their credentials. The code is usually delivered via SMS, or via a phone authenticator app. Some services will also offer the code via phone call if supported.
3. Include Session Timeouts / Auto Disconnects
To battle forgotten login sessions that could potentially lead to a data breach because somebody else used the device, incorporate session timeout routines onto your data storage servers.
These routines will automatically disconnect the user from all inactive sessions.
For example, if the user accessed your data storage but has been idle for the last 15 minutes, they will be logged out. When they come back, they will be prompted to log back in again.
This security measure is especially valuable if your staff has access to data storage from shared, remote (and potentially unsafe) locations.
4. Use encryption for all documents and emails
Encryption helps protect data storage from hacking because in the event it ever falls into the wrong hands, they won’t be able to read it.
When you encrypt data, the data is translated into ciphertext that is just a string of random characters. The only way to make it readable again is to turn it back to its original form with the right encryption key.
The larger the key size, the more computational power is needed to crack it. The rule of thumb is to use encryption services that offer at least 256-bit encryption protocols.
In order to ensure you have encrypted all sensitive documents, you should use a data protection solution that covers data discovery and sharing. Microsoft’s Azure Information Protection is such a system, and can be used to discover all your data, apply labels that determine how sensitive data is, and then apply rules on data access. The system will find all locations where data is stored and help you migrate it to a safer, centralised location.
Because such systems also include email encryption, it also helps you keep data safe in case of mishaps. For example, if somebody accidentally sends an email with sensitive data to the wrong recipient, the recipient won’t be able to read the data without first having proper authorisation.
5. Limit Access to Data Storage
In order to protect data storage from hacking, you have to limit access to data to inside actors too.
The more people have access to sensitive and classified data, the higher the risk of data falling into the wrong hands.
Your employees should have access only to data that’s essential to their role in the company.
In case employees would need to access data occasionally, it’s better to have procedures in place that would authorise access to them temporarily rather than giving them unlimited access.
6. Use Safe Cloud Storage Solutions
Cloud storage solutions help you keep your data accessible at all times and is becoming the standard today. With so many employees working from remote locations and accessing data from multiple devices, it’s safe to say that there are many more vectors of attack.
To protect data storage from hacking but keep it accessible and online, try using a decentralised cloud.
It uses blockchain technology to keep data safe and such cloud storage is not controlled by a single entity and data is not stored on a centralised location. Instead, data is spread in tiny fragments across a large global network. When you need to access it, it will be assembled and decrypted as soon as you are authorised (either with an encryption key or password).
7. Educate Employees
You can invest in the best firewall, anti-spam, and antivirus software, but if your employees don’t know how to spot a potential threat, your attempt to protect data storage from hacking will ultimately fail.
Everyone in your company, be it the newest members of the team or senior executives, should go through regular education training. Ideally, they should learn about:
The latest threats and risks, and vectors of attack – Suspicious email attachments, phishing attempts, how to stop a spoofed email address, and more.
Best practices when it comes to data security – Teach them about BYOD policies, unsafe public networks, being safe while accessing data from remote locations, etc.
How to use new security software you implement – Get them on board with new software solutions and teach them how to use them to avoid slowdowns and disruptions.
Your data security is only as strong as the weakest link. What’s your weakest link?
As businesses are undergoing digital transformations, IT is becoming a critical part of their business success. With consumers expecting hospitality to match the digital era with new customer experiences, it’s often one of the things that are left behind!
So whilst basic IT knowledge goes a long way in hospitality, having a dedicated IT expert is still the best solution. Most business owners are now faced with a critical decision: to choose between an IT managed service provider vs in-house IT team. How are they different? Which one is better? How safe is it to let someone else take care of your IT needs?
The choice between an IT managed service provider vs in-house IT teamoften boils down to the size of the company and its specific needs. Here’s a rundown of the pros and cons of each option.
In-House IT Team: Pros and Cons
In-house IT staff usually handle day-to-day IT operations and requirements. Startups and small and medium businesses will often start with a single IT expert who will handle their IT needs. As they grow, however, they will also need more than one IT expert to keep track of everything.
It’s not that in-house teams are without benefits:
They will have intimate knowledge of your operations and know your infrastructure in and out.
They can be immediately available when you need them.
On the other hand, having a full in-house IT team is often limited to large enterprises only. A full IT team when you’re a small or middle-sized business is just not possible financially. Not only would they eat up resources but you need a place to put them day-to-day too!
The cons of in-house teams seem to be more prevalent when it comes to IT requirements of most hospitality businesses:
The costs run high: They will be your full-time employees, meaning you will have to cover their salaries, benefits, training, NI, and other expenses.
The emergencies increase costs even more: The cost of intervention often goes up considerably in case of emergencies that happen overnight, and you have to pay overtime.
Team members are not bound to your company: If they decide to leave for what they think is a better opportunity, they are free to do so. When they leave, they will take all their expertise with them and you’re stuck with tech you don’t know how to run, unless you employ a team – which is even more expensive!
In-house teams can rarely keep up with all the latest IT developments or industry trends, meaning that parts of your IT infrastructure will inadvertently become outdated. It’s their job to keep things running, not constantly innovate!
Often limited to reactive interventions instead of proactive IT strategy development.
Is an IT managed service provider better than in-house IT teams? Let’s see what they can offer.
IT Managed Service Providers: Pros and Cons
Business owners are often wondering how is an IT managed service provider better than in-house IT teams.It seems logical that hiring a third-party provider to take care of your IT needs would be less efficient.
But this is a common misconception.
Managed service providers actually improve efficiency. They deliver higher quality services because IT is their speciality; it’s all they do. They are experts who continuously improve their knowledge by following the latest developments.
When a business hires an IT managed service provider, they will reap the following benefits:
Paying a lower price for hiring them than you would for keeping an in-house team. Their services are available for a flat monthly rate, which makes budgeting for IT super easy. You benefit from economies of scale here, because ultimately, you won’t be the service provider’s only client – but that means they are more affordable!
They are available around the clock and can monitor your systems at all times.
Your operations will rarely be disrupted: Managed service providers have service level agreements (SLAs) that are legally binding. They guarantee to provide the highest possible uptime and service quality. It also means that should you move to someone else, they should provide you with all the procedures and documentation necessary to ‘hand-over’ your day-to-day.
Managed service providers also have access to the latest technological solutions, software, and industry contact. This means that all your IT needs will be up to date as soon as there’s one available.
Of course, there are also some disadvantages of managed service providers:
Finding the right fit for your business needs takes time. Sometimes, trial and error is the only option to find a managed service provider who has everything you need.
Sometimes, service packages can be arranged in such a way that you might need to pay for some services you don’t really need. Still, many managed service providers will happily let you make a fully custom package.
The biggest concern is their on-site availability. Your MSP should always be able to provide some level of physicality! Particularly for 1st line support which often involves users directly.
IT Managed Service Provider vs In-House IT Team: Who Wins?
Is an IT managed service provider better than in-house IT teams?Our verdict is a big fat YES because they can offer everything an in-house IT team does, and more! Ultimately, you pay for a ‘service’ rather than a person when it comes to an IT managed service provider and therefore you know you’re always covered!
Comparing an IT managed service provider to an in-house IT teamshows that you will ultimately save more money by opting for a managed service provider.
Having up-to-date software is also a crucial point – it ensures you are well protected against cybersecurity threats and attacks that are becoming more elaborate over time. Your IT managed service provider will make sure all your security definitions are up to date, that they never expire, and that your business and customer data is secure.
IT managed service providers free up the time you would otherwise spend on the challenging tasks related to your IT. They are not just your IT support, they are the technological catalyst for your business. Working with you to develop the right strategies to acheiveyour your long-term goals.
The best ticketing software helps tech support resolve issues faster and allows managed service providers to offer a better service! Here are seven excellent IT ticketing software solutions that will optimise your IT support:
ManageEngine’s ServiceDesk Plus is a solution that helps an IT managed service provider with advanced automation options of many processes.
The project management module supports tracking of any number of IT projects and helps with planning. Ticket routing, prioritisation, and escalation options make it a favorite of many IT teams. The IT ticketing software automatically informs users about any changes to the status of their tickets and reported issues.
The analytical capabilities help link recurring issues to the root cause and eliminate their occurrence permanently. The knowledge base keeps the ticket inbox decluttered through self-service for end users.
BMC’s Remedy Service Desk is the best option for an IT managed service provider who caters to enterprise users. It provides MSPs with a comprehensive service management suite that can be deployed in the cloud or on-premises.
Their incident management with service impact analysis is their best feature. It helps IT staff see how problems and incidents affect business systems.
Problem management detects recurring incidents and helps trace the cause.
Knowledge management delivers the required information directly to users and staff.
This service desk supports a multichannel report of incidents and issues via email, web service, self-service, social, or chat. Pricing is provided per request.
Freshdesk is a solution that can work for internal IT departments, but it’s actually an IT ticketing software that’s better tailored for an IT managed service provider. Customer tickets are processed in a swift manner thanks to ticket workflow optimisation, routing, ticket response automation options, and service level agreement (SLA) management. The IT team can collaborate on a single ticket and resolve complex issues faster.
There’s a free plan available, while other tiers span from $19 to $89 per agent per month.
Zendesk is one of the best-designed ITSM solutions out there. Asset, problem, and incident management are done via a ticketing system that includes all the tools an IT team needs: ticket priority, tracking, and resolving have powerful automation options.
Everything is available from a central interface: on-premise information and third party apps, as well as self-service options and workflows, which makes it one of the best ticketing software designs available.
There’s a free trial and five price tiers that span from $5 to $199 per agent per month.
Jira Service Desk is available as a cloud-based or on-premise solution that includes problem, change, and incident management, while the self-service feature helps users resolve tickets on their own by accessing a knowledge base.
The most notable feature includes the ability to link the Service Desk IT ticketing software to software issues, so the required IT experts will be notified about the issue faster.
There are two price tiers: $10 for up to three agents, and $20 for four to five agents, and discounts for larger groups.
This is a cloud-based IT ticketing software that offers a wide array of features: from help-desk automation and IT asset management, all the way to performance analysis and monitoring.
Their incident report and service request modules, as well as their remote control capabilities, are their strongest features. They help track and resolve issues quickly. Their ticketing system is extensive and includes incident management, knowledge base, and a self-service portal, and incidents can even be reported via email. The tickets can be assigned automatically to the most appropriate IT professional, while escalation rules ensure all tickets are addressed in a timely manner.
The pricing is available from the vendor per request.
The best ticketing software helps resolve IT issues quickly but also plays a proactive role: by analysing incident reports, problems can be eliminated before they cause large-scale issues by tracing the root cause.
If you need help managing your IT support, contact us to discuss a quote.
In light of the latest data security climate, where a risk of a breach is higher than ever, it is of utmost importance to keep valuable data safe. Microsoft’s Azure Information Protection (AIP) helps in achieving this goal and it’s the solution we recommend.
Particularly when you consider that the UK average cost of a data breach is close to £2.87 million ($3.68 million) according to a recent report from the Ponemon Institute.
Azure Information Protection is a cloud-based data protection solution that keeps data safe through advanced encryption, identity, and authorisation policies.
Adopting AIP isn’t enough – you need to train your staff on how to use it properly. Newly accepted regulations like the EU General Data Protection Regulation (GDPR), combined with concerns about what awaits the UK in terms of free data flow after Brexit, make data security an important aspect to every company, so it makes sense to invest into Azure Information Protection staff training.
Ensuring Your Employees Are ‘On Board’
Change is something many employees are not fond of, so getting them on board with Azure Information Protection Staff Training is the first thing to do before you begin with implementation and actual training.
When your employees are educated on GDPR and data breach consequences, they will become more engaged in Azure Information Protection staff training. Not being compliant and risking a breach could cost them their job because many businesses that suffer a major data breach never recover.
But, how do you do hold Azure Information Protection Staff Training?
Step #1 Educate on the Risks
Start by making your staff aware of the dangers of security breaches and just how little it takes for one to occur if data protection is lacking.
Step #2 Explain Their Role in Compliance & Data Protection
Many employees are not aware of just how important they actually are in keeping data safe. Start by explaining their role in the company security and compliance. Explain that whenever they send data – be it email or access to a folder – to somebody inside or outside of the company, it can be a security risk. The risk here is that often there are no resources that would monitor or restrict misuse of that shared data.
The most recent statistics included in IBM’s Cost of a Data Breach Report show that a staggering 27% of all data breaches that happened was caused by a human error – in other words, employee negligence was the cause.
Think about the following scenario: You are sending sensitive financial data to an outside partner. The partner is negligent and sends this confidential data to parties that should not have access to it. This constitutes a data breach.
Loss of personally identifiable information (PII) from customers and employees
Loss of intellectual property
Loss of financial information
Breach of data protection laws
Legal fines and claims
Step #3 Show Why Azure Information Protection is the Solution
Proper training will help reduce the risk of a data breach as a result of human error. Before you fully implement AIP, ensure your staff become familiar with all the features and that each department knows how to utilise its full potential.
Explain how Azure Information Protection works and how, when integrated, in the organisation it can help on an operational level.
Step #4 Show off Features They Can Use
During Azure Information Protection staff training, the focus should be on providing specific and detailed guidelines to each department. Present all the important features that AIP offers:
You Can Classify Your Data – AIP helps classify and label data based on how sensitive it is through a system of labels that automatically protect it once applied.
24/7 Protection – Once you classify data and protect it, it stays protected. AIP follows data and ensures it’s protected even when shared outside of your organisation or stored on an external device.
Track Data and Revoke Access – AIP helps you track what is happening to data you have shared, and in case it’s needed, you can easily revoke access.
Log and Report Support Compliance – Get access to powerful features that help analyse and monitor usage of data. The reporting feature helps maintain compliance with rules and regulations.
Safe Collaboration – Thanks to labeling and classification, you have complete control over who has access to data and how they can interact with it.
Microsoft Office Integration – AIP is integrated into MS Office so you can secure any document with a single click as well as automatically in the background.
Easy to Manage and Deploy – AIP works in the cloud and on-site equipment too.
Step #5 Make it Specific
Once done, provide each department with detailed guidelines and best practices for using AIP specifically for them. For example, teach your finance department staff on how to use AIP features like the Do Not Forward Button or Sensitivity Bar, or your marketing department on how to apply AIP labels and send data to external partners.
If you want to make your AIP staff training easier, we’ve created an Azure Information Protection Staff Training Course on The TowerWatch Academy.
Did you delete metadata on redacted documents the last time you sent them?
If not, it’s easy to see the original information if you know where to look and then you might as well not have redacted them at all! This doesn’t just apply to ‘Top Secret’ documents anymore, it also poses a problem under GDPR.
For example, it’s easier to redact personally identifiable information (PII) you don’t want to share when sending a document to third parties or externally. Rather than getting consent from each user or changing your document (or database) altogether.
Some people have been making mistakes. The ICO reported that in Q4, failure to redact data was one of the most common types of data security incidents. So, ultimately, if you don’t delete the metadata on redacted documents it can lead to a data breach! To remove the risk, it’s best to remove the metadata. Here’s how it’s done:
Delete Metadata on Redacted Documents in Word
Select and open the Word document you want to remove the data from.
Click on the “File” tab and select “Info” from the menu.
Choose “Check for Issues” and select all the data you want to check the document for:
Comments, revisions, and versions
Properties and personal information
Headers, footers, watermarks
Document server properties
Custom XML data
Click “Inspect” and review the results.
Choose “Remove all” to strip the document of metadata.
Delete Metadata on Redacted Documents in Excel
Select and open the Excel workbook you want to remove metadata from.
Select “File” > “Info” and under “Check for Issues” choose “Inspect document.”
Select the data you want to check:
Comments and annotations
Properties and Personal Information
Hidden rows and columns
Hidden worksheets and names
Custom XML data
External links and embedded files
Choose “Inspect” and review the results.
Select “Remove all” on each type of information you want to remove.
NOTE: If an Excel workbook was saved as a shared file, some information can’t be removed. This includes document properties, personal information, comments, annotations, headers, and footers. To remove these, you first have to unshare the workbook. Should you remove hidden rows and columns with data, this can affect calculations and formulas.
Delete Metadata For PDFs
Unfortunately, in the free version of Adobe, access to metadata is limited. So whilst you can view the properties, you can’t edit or remove them. To remove you’ll need a subscription to Adobe Acrobat XI or a specialist tool. But, here’s how to do it with an Adobe Acrobat XI license.
In Adobe Acrobat XI, locate the Tools panel in the top right corner.
Open the “Protection” tab and locate the “Hidden information” heading.
Select “Sanitize document” and click “OK.”
To choose what to delete, select the “Remove Hidden Information” option.
Name your file and click “Save.”
Delete Metadata on Redacted Documents in PowerPoint
Select and open the Powerpoint presentation you want free from metadata.
Under the “File” tab, go to “Info” > “Check for Issues” > “Inspect document”
Select the data you want to check:
Properties and personal information
Custom XML data
Off slide and invisible content
Click “Inspect” and wait for the results.
Click on “Remove all” on all the information you want gone.
Delete Photo Metadata
Okay, this one might be a bit of a stretch as far as GDPR is concerned, but we figured we might as well show you how to do this as well whilst we were here! Also note that you can access photo metadata if you’re adding it to a document, so you’ll need to remove it before adding to a redacted document.
Right-click the image file and go to “Properties.”
Go to the “Details” tab.
Select “Remove properties and personal information.”
Select which data you want to remove.
Although it might seem like a faff! Incorrectly or failing to redact documents properly will lead to data breaches. Particularly when sending files publicly! so, delete metadata on redacted files and you should reduce your risk significantly.
Everyone talks a lot about different levels of IT support, but what do they actually mean?
Why Do You Have Different Levels of IT Support?
Contrary to popular belief, IT can be a wide-ranging subject, from cyber security all the way to hardware, depending on your industry. This means people have different specialties, but in a corporate capacity, the different levels of IT support basically relate to how difficult something is.
In most cases, each line shows a level of escalation and this helps make sure that surface level tasks are dealt with quickly and in-depth tasks are dealt with by specialists who know what they’re doing.
That way everything runs efficiently.
So, let’s look further at the different levels of IT support and some additional roles you may be considering.
Different IT Support Roles
1st Line: First Contact
First line support consists of generalists that have a broad understanding of products and services and deal with the most common and simple issues. Usually available around the clock, they deal with problems like lost passwords or assist with software setup. They have a lot of interaction with customers, as they are the first line of contact with them.
They refer to a knowledge base when identifying and resolving customer issues and go through possible solutions. If there is an issue they can’t solve, they send it to the 2nd line. Before doing so, their task is to gather as much information as possible and provide a detailed problem description or open a support ticket.
2nd Line: Escalation Point
The 2nd line are technical specialists who have a more in-depth understanding of the issue. Usually, each member specialises in a different area. They investigate issues escalated by 1st line and try to resolve them in a determined time frame. This line also proactively monitors systems and performs regular health checks. Sometimes, they will also handle preparations for system and software upgrades and keep an eye on industry shifts.
3rd Line: Complex Technical Issues
This is the highest level of support that solves the most complex issues. This line is often staffed by personnel that was directly involved in the development, of the solutions so they know the ins and outs of how it works in your organisation specifically. They tend to have the best technical resources and often work hand in hand with third parties to get things fixed if the issue relates to an external matter.
Often for smaller businesses, the 3rd line support and IT manager role can merge with many proactive managers taking on the harder support tasks and fixes.
Involved in the decision making and interdepartmental support, IT managers bring the support team together. They oversee the implementation and maintenance of your IT solutions, as well as all matters that relate to IT operations and resources. They manage other IT specialists, optimise resources and staffing, and enforce best practices across the board.
*They also help with support roles as and when needed
Other IT Support Roles
Also known as a SysAdmin, is in the same realm as a 3rd line support so they have extensive knowledge, but it’s normally specialised. They will often oversee areas like data centres, network operations, backups or web technology. Their aim is to ensure the support systems perform optimally and oversee their area.
Think of them like working in the background to keep things running smoothly.
4th Line: Outsourced Services
Although not commonly used, you may hear the term 4th line support. This relates to external parties for example printer manufacturers or vendor software that help resolve issues from their end. For example, if there is a bug that needs patching, they’ll fix it and roll out an update.
How to Decide Which Level of Support You Need
No two businesses are alike, so their IT support requirements will be vastly different, even within the same industry. While some businesses deal mainly with 1st line issues for simple software, others may need on-site specialists or programmers on call who know the intricacies of the products and software being used.
If you are having a hard time deciding on the level of IT support your business needs, answering the following three questions may help you come to a decision easier:
1. What does your business do?
The level of IT support is different depending on your industry, company size, and your plans for the future. If you are a start-up, you will probably not be able to finance three lines of tech support jobs immediately, but you might find the right combination of lines through managed IT services.
If you already own an established business, you might have in-house IT staff already. You can complement them with outsourced or managed services that will take care of complex issues and help you by proactively monitoring your systems and aligning your IT tech with your long-term goals. Having access to 2nd and 3rd line will help you immensely when choosing and integrating new tech solutions or moving to a new platform.
2. How many resources do you have?
The number of resources to allocate to your IT support also impacts this choice heavily. The prevailing trend is to automate simple issues so that resources can be funnelled toward higher-tiered support. For example, you can have the 1st line automated through AI or chatbots, with 1st line agents responding only when AI/chatbots can’t resolve the issue. The savings from adopting such solutions can then be used to integrate 2nd and 3rd line support services.
3. Do you need reactive, proactive, or strategic support?
This is a tricky one and directly related to your future plans, as well as how you operate. If you need reactive support for lots of small but common issues, 1st line is for you. It’s also common for those that have to provide support to customers as well.
If you need active monitoring or proactive support, 2nd line is for you. For example, in the hospitality industry ensuring your equipment and software is maintained to avoid downtime during peak periods which can affect overall sales.
If you’re looking at growth and expansion or to save money overall, 3rd line support or an IT manager can help streamline and standardise your tech. In addition to proactive support and ensuring your systems are performing optimally, they also work hard on ensuring you reach your business goals. Third line support will choose new technological solutions based on how quickly they can aid you in achieving your goals.
If you want a flexible level of IT support, consider hiring an IT managed service provider like us, give us a call for a free consultation.
The hospitality industry is starting to embrace digital solutions, with hotels being in the forefront of the industry. Still, many hospitality businesses downplay their IT requirements. For instance, they are still reluctant to open their doors for IT managed service providers in hospitality.
Hotels, hostels, resorts, bars, and restaurants assume they will see no benefit from investing into IT. Their main argument being that they don’t have the time or money to hire and keep IT staff. This is where an IT managed service provider (MSP) can help.
So, here are some of the things, we deal with and take off the plate of our hospitality-based clients.
1. Be Your IT Supplier Liaison
Whether it’s an equipment failure that needs repairing or replacing, software and domain licenses that need renewing or simply negotiating the best deal for tech rentals (think printers etc.) we can help.
As a managed service provider, we act as the middleman when it comes to dealing with suppliers and 3rd parties to talk their lingo and get things sorted as quick as possible. It’s a time saver, and chances are we can save you money long-term with supplier agreements.
2. Provide 1st – 3rd Line Support
Many MSPs provide various stages of support, from 1st-3rd line. Whether you need on-site assistance or a dedicated number to call, your MSP should have it covered.
Unsure of the type of support you need?
In the case of minor IT issues, you can access 1st line support and talk to general help desk operators that will guide you through the troubleshooting process. Common 1st line issues are related to email passwords and account access.
For more complicated IT issues, 2nd line support takes over, for example, a non-critical issue with your equipment or tills.
3rd line is your specialists who are trained in your specific systems. They are often the most qualified and certified and deal with complex or emergency issues. For example, your POS system going offline during service.
3. IT Management
If you already have an IT team but are struggling to tie it together in your operations and strategy, an MSP can help here too. A hospitality IT managed service provider can deal with your entire IT infrastructure, or just part of it depending on what you need.
They will proactively monitor your IT operations, assess the current efficiency, and suggest improvements and integration options to ensure the highest uptime and optimal data flow between systems. So that you’re making the most sales and providing the best customer experience possible.
4. Backup Solutions
The hospitality sector handles vast amounts of data, and with the introduction of digitalisation and the internet of things (IoT), the amount of data will steadily increase. It includes everything from sensitive data and credit card information to info gathered from your guests and customers that helps you segment them. This allows you to follow the latest trends, and offer personalised experiences, all the way to complex automation operations.
IT managed service providers in hospitality will take proactive steps to ensure all your data is safe in case of system failure, power outage, or natural disaster by using a cloud-based backup and disaster recovery system. This system ensures you have access to your data at any time, no matter what circumstances. It’s a reliable solution that offers better safety and protection than you could set up in-house. Check with your MSP to see which backup vendors they partner with, for us, it’s Microsoft Azure.
5. Handle Wi-Fi Security
It is very common to find unsecured or badly secured networks in the hospitality sector. Many restaurants and bars have unsecured Wi-Fi or use the same Wi-Fi that they offer to their guests, which leaves them vulnerable to security threats, most notably hacking and data breaches. To ensure the highest security, your MSP will establish a secure Wi-Fi network throughout your entire establishment or chain that only your staff will have access to, with a fully separate POS network solution.
They can also ensure the protection of your customer data and improved experience by setting effective customer Wi-Fi.
6. Ensure Compliance
While compliance in hospitality is traditionally tied to things like food safety, IT systems bring about their own set of compliance regulations to be followed. Your MSP will ensure that your technology and software solutions are compliant with government regulations (like GDPR) by utilising secure systems like Microsoft’s Azure Information Protection. They can also help with PCI DSS (Payment Card Industry Data Security Standard) compliance for your POS systems.
7. Standardise Equipment
A very common practice for medium to large enterprises is to standardise equipment to reduce costs and make maintenance and upkeep easier. But, for smaller businesses, this isn’t often attempted, because people don’t know how.
Your IT managed service provider can standardise current systems as well as oversee purchases to make sure they really are necessary and compatible with your current systems. Having this in place will allow for better monitoring, applying updates and reducing response times.
8. Offer Cost-Effective Solutions For Better Customer Service
Your MSP is more than just IT support. They are IT professionals with specific knowledge of your industry that follow the latest trends. Their goal is to align with your goals and help you offer an amazing service to your customers. In hospitality specifically, your IT managed service provider can advise on ways to improve customer experience through technology, whether that’s free Wi-Fi or even marketing beacons.
9. Facilitate Expansions
When opening a new venue or location, your MSP can help fit in the IT seamlessly with your design plans so you can future proof your venue. From simple tasks like outlets and power supplies to the larger, more intricate technological planning, expanding to meet the same IT standards you have currently has never been easier. For example, we liaise with contractors and project managers during construction to make sure IT specifications and planned equipment are tailored to.
10. On-Site Upgrades
Whether your equipment is due an overhaul or you’re in need of repairs, your IT managed service provider can implement them on-site with minimal effect to your customers. Often they can work out of hours to deal with upgrades at less busy times, but if not, they understand how best to proceed with the least impact. Luckily, when you hire an MSP they normally have notifications and analytics to check to deal with these upgrades ahead of time before anything goes wrong. But, even if issues occur, they are dealt with easily and swiftly.
11. IT Budget Management
All businesses out there have a limited budget, and it can be hard to determine just how big the IT budget of a business in the hospitality sector should be. The industry average suggests around 2.5% of your turnover should be spent on technology, but this will vary depending on the type of business you have.
IT managed service providers in hospitality will assess your current situation and offer a detailed overview of where you can save money and how. This will most commonly include software and hardware standardisation across all your devices and establishments. Additionally, hiring an MSP for your IT requirements means that you will pay them a fixed monthly fee, which is considerably lower than paying for specific IT services when something breaks down, when you need a major overhaul of all systems or emergency fees when you need something done quickly (that could have been prevented.)
12. Meeting and Function Room Setup
Do you make income from function or meeting room rentals? Improve your technological capabilities, become an innovative location for events and not only provide a better experience, but charge more!
Your MSP will inspect your meeting and function rooms in detail and suggest the needed technology and software to implement so they are fully equipped for social gatherings, ceremonies, or conferences. They will also offer their services to the party that booked your meeting/function rooms and help with the setup.
13. On-Site Repair and Maintenance
While traditional IT services offer maintenance and repairs only when you request it, managed service providers conduct proactive monitoring. This helps them spot an issue early on before it becomes a much bigger problem. They will repair and maintain equipment on-site as soon as they detect issues to give faster turnarounds before it breaks completely.
This also means you don’t have to sit on hold to a helpdesk who try to explain how to do the fixes yourself! It just gets done!
14. New Software & Hardware Audits
An MSP will continuously research new software and hardware options to see if they are viable and relevant to your business. An MSP has the required industry and IT knowledge to assess new software and hardware and determine whether they would benefit you. Often times, restaurants and other key players from the hospitality industry opt for solutions that might be a good fit for their needs but are not compatible with their current systems. An MSP will ensure that the tech solution you choose is compatible and won’t cause major disruptions during or after implementation.
15. IT Consultancy
Some IT managed service providers in hospitality won’t include consultancy, but we do. From consulting on IT equipment and device policies, to making innovative improvements to your security or processes that ultimately help you make money!
All of these tasks aim to improve your customer service and ability to sell to customers or maintain that relationship. Technology is overlooked in the IT indsutry, but that doesn’t mean it’s not important.
With our increasing reliance on our phones, computers, and other internet-connected technology and accessories, security is more important than ever. To be able to recognise when our tech might be compromised can save you from potential catastrophic losses. It’s therefore important to be on the lookout for computer malware signs.
How often do you pay for something using your credit card or online wallet? How many passwords do you have saved or “remembered” so you can quickly log in? Hackers can gain access to your devices in numerous ways, but in many instances, it’s not immediately apparent.
In a business environment on a company network, this can give hackers access to the same shared systems and folders that your computer has access to, leading to a data breach with far-reaching consequences. All it takes is for a high-level executive, member of the C-suite, or HR personnel with access to sensitive records to click that infected email and it’s game over for some businesses.
Being aware of the dangers and spotting the computer malware signs is, therefore, more important than ever to prevent the disastrous effects of a successful cyberattack. These are the warning signs of a possible data breach and that your system has been infected.
20 Computer Malware Signs To Be Aware Of
Very often, malware and viruses will be disguised as regular notifications. Your computer will display the notification, often saying that your PC is infected and offering help to remove the threats. If you accept “help,” you will be prompted to visit a website and leave your credit card information to pay for the service of removing the threat. Even though such an attack pattern is not new and has been present for a while, people still fall for it very often. This is the most common of all computer malware signs.
2. Sudden Sluggish Performance
If you notice that your computer is slower than usual, the first thing to do is check the TaskManager. You can access it by simply writing “Task Manager” after hitting the Windows key on your keyboard.
Once there, check the Performance tab to see whether any of your hardware is being used too much: the CPU, memory, disks, or GPU. Chances are, your memory might be compromised by malware.
Some glitches in your system might appear like your computer has a mind of its own – usually a brief glimpse of a registry change or your mouse moving by itself. In most cases, these are just little glitches – a speck of dust on the mousepad, for instance. But this could also be one of the computer malware signs. If mouse movements are deliberate and make sense, like the mouse moves and opens or closes applications, then you are definitely dealing with a far more serious threat than a dusty mouse pad.
To disable this kind of remote access, the first thing you should do is disconnect your PC from the internet, disable network drivers so it can’t connect again, and make sure any connectivity options are disabled, e.g. Bluetooth. Then, you can start dealing with removing the issue.
Your computer might crash for no apparent reason. Often, software and hardware incompatibility are to blame, but if this is excluded, computer malware infection is a real possibility. To see what the crash was caused by, go to Event Viewer by hitting the Windows button on your keyboard and writing “Event” – it should be suggested as the first option. Once opened, go to Windows Logs and go through those that are marked as an error. This will give you more insight into what caused the crash and help you or your IT team find a solution fast.
5. Low storage
If your computer is suddenly running low on storage, it might be that you have not been paying attention to how much you have left. Some malware and viruses, however, are programmed in such a way that they replicate endlessly until they use up all the storage space you have.
Always ensure you know how much space you have left. If you know for sure that your hard drive partitions had more than enough, suspicious activity is to be expected.
6. You Don’t Appear to Have Security Measures Working, e.g. No Antivirus etc.
Your computer might notify you that your security isn’t working – that your antivirus has been disabled. If this is the case, check the status of your antivirus immediately. While this can be a system glitch while your antivirus is updating, it is often a sign that you were infected.
If you can’t get your antivirus software up and running, you will have to either install a new antivirus and antimalware software or, if you’re using a paid version, contact your antivirus manufacturer’s support and let them lead you through the recovery process.
Malware software can also cause pop-up ads, new tabs in browsers, or change homepages, and search engines, without the user’s consent. To get rid of these annoying pop-ups and ads, you will have to find the infected software and remove it from your device.
8. New Icons on Your desktop
If you notice a new icon on your desktop that you don’t know the origin of, suspect foul play right away as new icons are computer malware signs. Malicious software might be installed on your device, threatening to steal your credentials, cause havoc, or even lock you out. If this is your work computer, contact your IT department right away as it could have been installed on the network, not just your own device.
9. Corrupted folders or Missing folders
If you get a prompt your file is corrupt or you realise some folders are missing from where they are supposed to be, it could be an infection. Some malicious software will not be after your credit card data – the intent can simply be to erase all your data from your drives. While this is less of a threat today than it was before thanks to various online storage solutions, not all your data is stored online. If you have lost files, a system restore might be a way of getting them back.
Some malware acts as a simplified version of ransomware by locking you out of your computer until you pay. But, unlike hardcore ransomware, there are some things you can usually do to unlock it.
Using Windows safe mode might do the trick. Once you have booted Windows that way, you can run a virus scan and remove the ransomware. There are also dedicated ransomware removal tools from established antivirus brands, and even Microsoft itself has tools available. Another option is to use System Restore to restore your computer to a version that wasn’t infected yet.
11. Errant Messages
Your system might notify you that an application requires permission to do something, for example an application trying to change something on your computer or connect to the network. This usually happens when you start up, update or install a new application. However, if none of these have happened recently and you’re still getting the messages, your PC might be infected.
12. Redirecting Web Browsers
If you notice that your browser started redirecting you to random sites, you might be dealing with a browser redirect malware, whose aim is to use these redirects to artificially boost traffic to such sites, gather search data, or to try to scam users and steal their personal data. Search for suspicious programs on your device if you suspect this to be the case.
13. New Home Pages
If you open your web browser and your homepage is changed, you need to check which program might have caused this. Usually today, a lot of software will come with additional taskbars or options to change your homepage while you install them. You can opt out of it easily during installation, but many people oversee this. While such changes and additions might not be viruses themselves, they often lack proper security and can easily be used as a point of entry.
14. You’re (Not) Reaching Out
You might find that new conversations are popping up in your email inbox or social media that were started by ‘you’, but you can’t recall starting them.
These spam messages encourage your contacts to click on links that will then infect them. A popular scam is the malware will send an SOS email or message saying you’re stranded and need cab money or a train ticket. It might not seem like a lot but if every one of your friends and every one of their friends become infected, it’s a lot of potential.
15. BSOD – Blue Screen, Will Not Boot
If your computer suddenly becomes unresponsive and you see the dreaded blue screen of death (BSOD), it could be malware.
However, BSOD often happens after you install new software or hardware. Check whether you have the latest drivers installed for all your components and search for possible incompatibility between programs and hardware you are using.
If this is not the case, you will have to consult the Event Viewer again to see what exactly caused the BSOD.
16. Credit or Bank Purchases
If you get notified that there were purchases made with your credit card, or money was taken from your bank account but you didn’t do it, ask your bank to verify how payment was made. If it was done using your card (not in person) it means it was an online transaction. This can mean your device is compromised and they’ve taken the details, particularly if you have them saved e.g. Google online.
Cancel your cards, disconnect from the internet and do a thorough sweep of your devices to make sure that the breach didn’t come from them.
17. You can’t login to your accounts
If you can’t get access to your account because your password suddenly isn’t working, there’s a good chance you’re dealing with a case of account theft. This is already one of the serious computer malware signs. Always have a fallback option for such cases – a way to reset your password via your phone number, for instance. To minimise such a risk, have two-factor authentication that will request a code sent to your phone or a generated code from an app installed on your phone.
If you get a notification from your authenticator, for example, a code on your phone but you’re not trying to log in, check your system for malware and change your passwords immediately. It could be someone with a keystroke logger.
18. Your Hard Drive Appears to Be Constantly Working Even When Doing Nothing
Erratic and sluggish operations can be caused by a lot of software and hardware issues. To see what is happening, you will have to open your Task Manager by hitting your Windows key button and typing “task manager” for it to appear on the list. Once opened, look at the performance of your hardware. If you see that your disk is on ‘100%’ most of the time, you will have to check which processes are running and might have caused this. Note that certain Windows processes might cause this from time to time – recently microsoft.photos.exe, a legit Microsoft application, was causing this issue for some users.
If you find any other applications that are unfamiliar to you and are using your disk fully, terminate the process by right-clicking on it and selecting the “End Task” option. Find which program the task belongs to in order to see whether it’s a real malware or virus issue or just an incompatible program.
19. File Names Change or Are Missing
Any changes to files – either the names or the location of the files – should immediately be attributed to malicious software activity. A deep scan with a dedicated software will be needed to find the infection. Any files that were affected – renamed, deleted, or removed – might be beyond saving, so always make sure you have your data securely backed up online.
20. Unusual login pages
Any changes to login pages you often use – either for work or personal – should be deemed suspicious. Usually, changes like this are announced in advance, so check for news about the changes before you log in. Any pages that require your work, Google, or social media account credentials (both username and password) for login should also be avoided as these might be phishing sites that are trying to steal your credentials.
If you’ve navigated to the page through an email, close the tab and go to the company you’re trying to login to directly. If you don’t recognise the site, NEVER give your credentials away!
It’s important that if you feel there is something wrong with your computer, particularly if you are on a company device or part of a shared network that you report it! Small and subtle changes can lead to big data breaches and catching malware early is key.
We’re constantly looking for ways to use our knowledge and expertise to help others get to grips with their IT. We are offering free IT support for small businesses, particularly with the increased emphasis being placed on cyber security for businesses big and small in the wake of GDPR.
With this in mind, we are offering free IT help and support for small businesses in our Facebook support community. If you’ve purchased a course from the TowerWatch Academy, you’ll already know about the support group, but we’ve decided to open it up to help others too.
As IT consultants and experts with over 10 years’ experience in:
Online data protection solutions
Cloud-based data storage
Cyber Security Training
Complete IT Support
Large Scale Projects
IT Health Checks
Local & Global Hosting: Microsoft Azure/Amazon AWS
Remote Backup Solutions
Hospitality IT support and project installation
We have an idea of the issues that plague the IT of small businesses. Budget (or lack of) being one of them!
So, if you can’t afford an IT team and need some help or advice for your business. Join our support community below and let us help you by answering any questions you may have.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.