GDPR – is it all over?

  • 0

GDPR – is it all over?


Let’s throw it back to the week of May 21st, where we related to this pug on a deep level. It was full of late evenings at the office, manic emails from the boss and worried calls to your trusty IT provider (don’t worry we didn’t mind)!
This was the time of GDPR.

But how about now, have we forgotten all about it?

You probably took the necessary precautions at the time and are a bit more wary when you stumble across a list of data and can’t remember why you have it. But yes, we can all agree that it doesn’t cross our minds as it did a few months ago (which is probably a good thing – balance is key). However, you should most definitely still be thinking about it.

Why?

Well, let me tell you…

You may not have been affected by the regulation yet but many have. Have a look through the recent action that the ICO have taken at http://ico.org.uk/action-weve-taken/enforcement/. After having a look through, you might be more tempted to have a check up on your security. Companies have been fined thousands and thousands of pounds because of many different reasons since May 25th including selling data, nuisance calls, mass emails, spam texts, failing to register with ICO etc…

A couple of examples that we found interesting:

– 07 June 2018: The British & Foreign Bible Society in Swindon, Wiltshire was fined £100,000 after their computer network was compromised as the result of a cyber-attack.

– 18 June 2018: Ainsworth Lord Estates in Darwen, Lancashire were served with an enforcement notice for failing to respond to a subject access request.

These two examples show how easily you can slip up. If you’ve stolen someone’s data or are emailing thousands of people that have opted out of marketing emails – you’d expect some backlash. Yet forgetting to respond to a request for someone’s information or just not getting around to making sure your security is the best it can be – is easily done.

What can you do?

It’s wise to have a regular check up on your security and to make sure you’re doing all you can to stay GDPR compliant.

• Do you know where all your data is?
Someone could send a subject access request (a copy of all the info you have about them). You’ll need to make sure you know where all your data is to fulfil this request. Organise your folders, spreadsheets, filing cabinets – anything that holds personal data so that you’re ready. Remove any old information that you no longer need to keep which will make things a lot easier for yourself. Don’t be in the same situation as Ainsworth Lord Estates.

• Encryption
You should always be taking a backup off-site. If you use a cloud backup solution, check with your provider that it’s encrypted. If you use USB drives/tapes or memory sticks – these should also be encrypted. Contact us to discuss encrypting your devices.

• Cyber Security
Don’t be an easy target for cyber-attacks, as not only could your network be compromised – you could be fined a lot of money. The British & Foreign Bible Society had to learn this the hard way for failing to amp up their security. You need effective, working anti-virus software (not just the free one that came with the computers.) Speak to us about the new generation of anti-virus.

• Consent
Do you use a website like MailChimp for your email marketing? Hopefully, you got consent from all your subscribers to send them emails. If you are to add any new subscribers onto your mailing list manually – make sure you have clear, verifiable consent (like an email requesting to be added.) Also, have a look through your Sage – do you hold emergency contact details for your staff? You need consent to hold this kind of information!

• Your team
A good way of making your staff GDPR compliant is to make them aware of what you expect from them. They need to know where they can save their files, what they can access and the computer use rules of the business. There is an excellent piece of software called Panda Systems Management which monitors your devices to make sure all software is authorised, up to date and in line with GDPR. Contact us to discuss this option.

This is just a handful of things you need to continually check and keep an eye on to stay GDPR compliant. Unfortunately, it’s not going away, so you and your staff need to be working on staying secure every day. You do not want to risk being the next name on the ICO’s website of bad examples. If you have to splash out on getting decent anti-virus software or encrypting devices – it will be worth it when you see the amounts that businesses have been fined.

Thankfully we’re here to help and honestly advise you on what’s best for your business. Give us a bell on 01228 590900 or email us on info@castle-computers.com.


  • 0

Making Tax Digital – The Basics

 

 

 

 

 

 
What is it?
Definitely a good place to start. What is this ‘Making Tax Digital’ and why is it happening? Basically, the government is trying to make it easier for people to get their tax right. Although most businesses try to do their tax return correctly, errors and mistakes mean around £9 billion is lost every year.

MTD (Making Tax Digital) is exactly what it says in the name. It aims to save time, prevent mistakes and become more accurate & efficient by making everything online.

The main gist of the changes is that businesses:

– Will submit tax every 3 months instead of once a year.

– Are issued with a HMRC digital tax account.

– Don’t have to give information to HMRC that it already has. Electronic data from banks, building societies etc. will go directly to HMRC instead of manually processing this as before.

– Can see what tax they owe as it happens in real time instead of letting it build up and getting a massive bill at the end of the year.

When is it happening?
By April 2019 – VAT reporting by all businesses with a turnover above the VAT threshold (£85,000).

By 2020 – Reporting for other taxes (income and corporation).

What do I need to do?
It really depends what you’re currently doing. A first step is that you must use “digital-record keeping to provide a single, seamless process with quarterly updates generated and sent direct from the software the business/agent uses to keep their records”. (www.gov.uk/government/publications/making-tax-digital/overview-of-making-tax-digital)

If you don’t already use digital accounting software, talk to us. We can offer you a range of packages depending on your needs and work through the journey with you.

If you already use digital software, you need to make sure its updated and compliant with MTD. Get in touch with the providers of your software and find out if the version you use is compatible or if you’ll need to upgrade.

Start planning now, talk to your accountant if you use one and find out what you need to do, to be fully prepared.

You may have to spend money on using digital accounting software, and no one likes spending money. However according to a recent study, using digital accounting software:

– Saves 27.6 days a year in comparison to using manual methods.

– Makes an estimated saving of £17,000 per annum because of efficiency.

– Alerts when payments are due, which can decrease the chance of payments piling up and making errors that incur penalties.


If you want to discuss your options or have any queries, we’re more than happy to help. Contact us on 01228 590900 or info@castle-computers.com.


  • 0

Hacked Routers – What do I need to do?

Recent reports from security researchers show that more than 300,000 routers have been hacked. Many popular internet router vendors were affected by this attack. The hackers changed DNS server address settings, making it possible for web traffic to be intercepted and therefore sensitive information to be stolen.

What do I need to do?

If you feel confident about connecting to your router’s webpage and looking at settings yourself, then, by all means, carry on. If you get stuck – we are only a phone call away. However, if you didn’t know your router had a web page, then stop now as you could potentially make things worse!
Before you begin you need to contact your ISP (Internet Service Provider) to confirm what your DNS settings should be. You then need to compare this information with the settings in your router.
You need to update the firmware on your router (if available) to prevent the same thing from happening again.

How do I prevent this from happening to me?
The only way to guarantee you’re not a target is to use a router that comes with built-in protection against such an attack. We can provide you with such a router, contact us today to discuss this further.
If you are not going to replace your router, you should update the firmware. Check with the manufacturer that a firmware fix is available for this particular issue (DNS hacking).

My router has been compromised – what do I do?
Firstly, fix the problem. Get your router settings back to normal, do the firmware upgrade or replace your router with one which is secure.
Potentially ALL of your internet traffic has been intercepted which means that they could have your passwords, bank details, Netflix login etc. You need to change them all! Do not attempt to change your passwords until you have secured your router.

Please contact us for further help and advice on this issue.


  • 0

How to prevent a Security Threat

Everyone’s worst work nightmare
So, you’ve got a good thing going. You’re getting through your to-do list at the speed that you’re chugging coffee. Suddenly the weekend doesn’t seem like such a distant place. Until the worst thing that could happen, happens. The computer starts slowing down and… crash. Something harmful has wriggled its way onto your system and who knows what data it’s stealing.

Increase in Security Threats
I hope for your sake that the scenario above doesn’t sound familiar. However recently, we’ve noticed a drastic increase in security threat cases (dodgy emails, suspicious phone calls etc) from our clients. And, although we’re sure you love talking to us – you probably have a lot on, without a security breach getting in the way. Let us help you now before you use up your precious time, money and effort to fix any problems.

Protect your information
There are common ways that fraudsters use to steal your information. The reason that they keep using them and we keep knocking on about them is because they work. Percentages of cyber-attacks are just going up according to the ‘Internet Security Threat Report 2018’ by Symantec. Below are some simple precautions you can take to protect yourselves.

  • Emails
    Don’t open attachments if you’re not expecting the email. Don’t trust an email even if it’s come from your sister, boss or it uses your first name. Lots of email scams make the email looks like it’s come from a big company like PayPal, eBay or Microsoft. Before you press any links or open any attachments, have a good look at it. Has it come from the official email address? Does the email look a bit off? Are there spelling/grammar errors? Is the link that they want you to press actually sending you to the verified website? If you’re unsure if it’s a trustworthy email – contact the sender directly. See Lynn’s blog for advice on spotting fake emails https://bit.ly/2t9HKcR
  • Phone Calls
    If you receive a phone call about a problem with your computer or internet – put the phone down. Even if they sound like they know about your computer/device, if you haven’t contacted them first – it’s not true. Huge companies like Microsoft, Apple or BT are not going to call you to tell you about problems on your device. (Even though I’m sure you’re a total laugh and have some great ideas to share with them.) See Lynn’s blog for further tips on dodgy phone calls https://bit.ly/2I2yOdS
  • Public Wi-Fi
    If you’re anything like me, your face lights up when you see your phone connect to public Wi-Fi when you’re in a shopping centre, hotel or coffee shop. Time to check your emails, WhatsApp, Facebook, Instagram etc… However, the risks of people accessing what you’re looking at and stealing your information aren’t worth it. See Lynn’s blog on the dangers of using public Wi-Fi https://bit.ly/2ynRjtX
  • Pop-Ups
    Now, you’re an intelligent human. You know not to claim your million-pound prize when it starts flashing at you on your computer in a red box. But, how about a reliable looking box that politely tells you that your system is infected? That trustworthy-looking button that you need to press to fix the problem is a trap. Do not be fooled. Give us a call if you’re worried about any infections on your system.
  • Updates
    I know I know, they’re a pain. Yet, lots of programmes need to be updated because of security. If you’re not on the latest version of a programme/software, your information is not as secure until you update it.

Trust your gut
We can’t possibly name everything you need to be careful of. Just remember: don’t open, answer, click, tick or submit anything that looks or sounds a bit off. Trust your gut – delete it or hang up. If you’re worried that it’s something important, there’s no harm in asking us and we can check it out for you.

Software Solutions
There are ways to make the risks of you being victim to an online security threat a lot lower, which we use ourselves. Many businesses are ramping up their security to avoid a data breach (especially since GDPR came into force). If you’ve considered using proper anti-virus before but it’s never happened, now is the time to act.

Anti-Virus Protection – Panda Adaptive Defence 360
Panda AD360 guarantees complete protection for devices and servers by classifying 100% of processes. Contact us for more information on using this software.

Panda Systems Management
Systems Management is a tool to manage and monitor all the devices that your company uses. This means you can pinpoint any trouble or updates quickly and effectively. Contact us for more information on using this software.

Some more helpful blogs…
Can you spot the fake? https://bit.ly/2t9HKcR
“Someone’s been on the phone saying there’s a problem with my computer” https://bit.ly/2I2yOdS
Risks of using Public Wi-Fi https://bit.ly/2ynRjtX

 


  • 0

Well hasn’t all this GDPR stuff been exciting….

Well hasn’t all this GDPR stuff been exciting! (Please note, I couldn’t find a font that conveyed quite the right level of sarcasm here.)

If you are just about ready to throw in the towel and go hide in a yurt in Outer Mongolia then fear not mere human… you are not alone!

In big organisations they have people dedicated to data protection. It is their only job. It is the only thing they do when they come to work in the morning (poor souls!) For the rest of us mortals that have to juggle data protection with answering the phone, making the tea and cleaning the loo – things are not so simple. If you are anything like me then all the extra work that GDPR has generated has had a massive impact on your day to day stress levels.

I don’t expect GDPR inspectors to come breaking down doors on the 25th May demanding to see your policies and software audit. However, that doesn’t mean that you don’t need to be prepared. It’s more likely that a member of the public will report a concern to the ICO which will set the inspection ball rolling.

As we have progressed along our own journey to sainthood compliance we have picked up a few hiding places for data and things you may not have considered. Here we go, hold tight and keep calm!

 

  • Spreadsheets, Documents, Filing Cabinets, Archive Boxes etc.

I thought I would start you off with an easy one here. If you don’t need the box of receipts from 1870 – then get rid of them! Make sure everyone knows where they should be saving their work.

 

  • Your Accounting Data i.e. Sage Data you use everyday

Okay this is a bit more complicated. We all know that you have to keep accounts records for seven years, but have you checked your accounts customer list for people with no transactions or transactions that are more than 7 years old? We’ve been trading since 1991 and our customer list in Sage has never had a really good cleanout. As a result, we have customer records for people who bought a printer in 1997. I highly doubt their phone number is still valid and the printer is now well out of warranty so it’s time to say goodbye and remove these inactive/old records from your Sage.

 

  • Your Sage Company Archives

We’re ramping up the pressure a bit now. Do you have archived companies that are handy to dip into now and again? We do! They’re usually created when you do your year-end routine, but can be created at any point; usually if you need to clear down the number of transactions stored in Sage. (Note: Clearing transactions DOES NOT remove the account so this is different to the point above.) You need to think about getting rid of those archived data sets as it’s another place you need to look if you get a Subject Access Request!

 

  • Your Payroll – Delete Old Employees Records

You need to keep payroll records for 3 years from the end of the tax year they relate to. After that, you can delete the employee from payroll. Sage payroll is good at hiding your historical leavers so make sure you click on the criteria button and untick historical leavers!

 

  • Your Payroll – Next of Kin Information

You may not have thought about this one! Do you hold next of kin information or emergency contact numbers for your employees? You need to seek consent from those people to hold their data in your systems.

As we all progress along this journey one thing is certain, you are not alone! If you need help – reach out and we will certainly do all we can to help you.

 


  • 0

Risks of using Public Wi-Fi

We have all done it, sat in a café or hotel and checked our social media, bank balance and emails. It’s free internet, it’s easy and convenient, but have you ever considered the risks?

There are a few problems with using public wi-fi and you should be very careful what you use it for.
Anyone can connect to a public Wi-Fi network. It could be full of compromised machines, devices or the hotspot itself could be malicious.

At home, you can’t see what your neighbour is doing on their wireless internet connection and vice-versa. This is because your wireless traffic is encrypted between your laptop/tablet/phone and your wireless router. It is encrypted with your Wi-Fi password. When you connect to a public network other people can see what web pages you are visiting. More often than not everyone who connects to the network is using the same password. They could see what you are typing into web forms and even see what encrypted websites you are visiting.
Think about having a very private conversation with a friend in a restaurant. You would use hushed tones and pause when the waiting staff approached, you would be aware of people being able to eavesdrop on what you were saying. The difference is you can’t whisper online.

It’s not all bad news. if you are on an encrypted website, for example online banking they can see which bank you are connected too, but they can’t see what you are typing in. If you are on an un-encrypted website i.e. a webpage pretending to be your online bank they can see everything!

Protect yourself. If you really need to access sensitive information over a public Wi-Fi network check that you are connected to an encrypted web page – HTTPS. That said it is still possible to hijack your connection and steal your information – Is it really worth the risk?
Compromised devices (Computers with virus or malware) may also be connected to the public Wi-Fi. If you are using your laptop make sure you chose the “Public Network” option in Windows not “Home” or “Work” option. This helps to lock down the connection and prevents Windows sharing files with other machines on the network.

Be aware of your surroundings. When using your laptop in a public place watch out for “Shoulder Surfers” they might be watching you type in your password.
The other thing to consider – is the Public Hot Spot itself legitimate? It is possible, however improbable (so it must be true) that someone could have created the hotspot with malicious intentions.

 

Our advice – When connected to public Wifi avoid accessing websites where you need to enter usernames and passwords.

If you travel regularly it may be worth investing in a VPN (Virtual Private Network). This basically creates a network within a network and keeps everything you do Private. Speak to us if you need further advice or guidance.

 


  • 0

Mother of Dragons – That use the internet

I have recently been thinking of myself as “Mother of Dragons”. There are only 2 of them and strictly speaking they are teenagers, but sometimes the similarities are too close for comfort!

Trying to keep up with their online shenanigans can be exhausting, worrying and sometimes downright scary!

My daughter was recently offered a large sum of money for some pictures of herself and my son’s world ended when we changed the Wi-Fi password. I would have happily flown off north of the wall for a bit of R&R but instead decided I might be able to help other people understand some of the things our little darlings are doing online.

Here is my little guide to help you understand some of the terms you may hear banded about and the things you need to be aware off (especially for you younger, less worldly wise teens)

Lets start with the apps my dragons use most often.

SnapChat

It’s a mobile app that lets you send pictures and videos to friends which then disappear a few seconds after being viewed.  You can add filters or lenses to your pictures and create a story, which collects all your snaps for 24 hours.

Be Aware  
There is a Chat feature You can direct message other Snapchatters and you don’t need to be “Friends” with them to  send them Direct Messages “DM”

 

There is a Video Chat Feature When video chatting you can chose to watch (You won’t be able to see the watcher, but they can see and hear you) or join (You can see and hear each other)

 

Snap Maps Allows everyone who uses snapchat to see your location – Turn it off by enabling ghost mode!

 

 

Instagram

It’s a mobile app designed for sharing photos and videos on the internet. You can follow people and see their photos and videos and vice versa. You can tag people in photos. You can apply fun filters to photos and editing effects to videos.

Be Aware  
Anyone can follow anyone. All content is public by default You can set your profile to private which means you have to approve anyone who wants to follow you and see your photos.

 

There is a chat feature You can Direct message people and send them pictures via direct message, they don’t have to be your pictures.

 

You can link to other social media sites If you link your Instagram to your facebook, twitter etc any Instagram photos will be automatically be posted to these other sites when you press Share (unless you turn it off)

 

 

Tinder

It’s a social networking and online dating app that uses your location data to help you meet other people in your area.

Be Aware  
If you have a Facebook Account you can have a Tinder Account To create a tinder account you only need your first name, age and location data from your phones GPS. It will automatically use your facebook public photos to show to other people. You can change these photos later.

 

A lot of people browse it for fun. A lot of tinder users “like” every photo they see in an attempt to “match” with as many people as possible. As soon as you match with each other Direct messaging can begin.

 

It is a Location Based social app. It needs to know where you are to match you with people close to you. This means that other people also know they are close to you.

 

 

I have skipped over Facebook as its popularity with teens has reduced in recent years, though many still use it to message their friends and create group chats.

It really is important, especially with the new school term fast approaching and many pre-teens taking that daunting first step into secondary school that you understand what they could be doing so you can help them protect themselves online.

Here is a quick synopsis of other apps your brood might be using.

WhatsApp Text friends, post status updates, send video, share your location, make voice/video calls over the internet.
WeChat Sign up using your phone number. Call phones, talk with friends. Use the Shake feature to find other WeChat users all over the world and start chatting with total strangers immediately.
Tumblr Create blog posts and gain a worldwide following.
Yellow There is a lot of news articles out there about how this app has been slammed by the NSPCC. Basically it turns snapchat into Tinder.
Omegle Social networking website that randomly connects you to another person who is on the site. One-to-One audio or video. You can be anonymous and so can they!

 

There is a lot of good advice out there about how to keep safe online. I hope this little blog post helps  shed some light on the multitude of apps out there and encourages you to investigate further. Call it snooping if you want, but if I saw “DTF” out of the corner of my eye on my kids instant messaging I would not hesitate to step in and ask some seriously awkward questions.

DM – Direct Message

PM – Private Message

SMH – Shake my head

TBH – To be honest

FWB – Friends with benefits

IDK – I don’t know

ASL – Age Sex Location

DTF – Down to F (4 letter Swear word starting with F)


  • 0

Can you spot the fake?

Can you spot the fake? It might be harder than you think.

Once again Cyber Security hits the headlines. The majority of these Ransom Ware attacks get into your systems via email – so I thought we would have a little test to see how confident you would feel about rooting out those “Phishing Emails”. Have a look at the image below and pick the fake, for full marks and a gold star work out why before checking out the answer below.

 

fake1

Ok so they both look pretty innocuous, they don’t want your pin number or inside leg measurement and neither of them have a dreaded attachment.

The top email – the one pretending to be from Paypal is the fake – what you really need to know is why. Did you spot all the problems?

1. You are mentioned by name – This means nothing, phishers are doing this more and more, just having your name on there is not good enough any more.

2. Did you spot the spelling mistake “crdit” second line of the email?

3. Many big companies do provide you with instructions on how to do things, the instructions provided in this email are pretty useless and very vague.

4. The “Click Here to login” link – This is what’s known as a “Click Link” this is the hook line and sinker. You can’t see where this link is going to take you. It could be pointing to “www.myvirus.com” for all you know! More than likely it will point to a website that looks very much like the original, you type your username and password and voila they have your info!.

Ah you say, but the other email had links in it too! Yes it did, but they were “Copy and Paste” links, you could see the website address they were pointing you too. If you were unsure you could type that into your browser and know where on the web you were headed.

The other thing I would point out is the “You don’t need to do anything”. Most phishing emails are designed to instil you with a sense of purpose or urgency, “You need to do something now or everything will stop working!”

If in doubt take no action – delete it – check with the sender

 


  • 0

How to have a happy working relationship with your computer

The hate-hate relationship that can build up between user and computer is a real thing! I have no scientific evidence whatsoever to back me up, just experience. I’ve seen the hate, I’ve heard it and I have also experienced it.

Everyone has had one of those days. The anger doesn’t last that long, it turns into apathy pretty quickly. In other words, the relationship is in trouble and the rot has set in.

My story – The quick version
My computer (Bertie) and I usually get along quite happily, I ask him to do something, he does it and all is well with the world. It transpired that this morning – Bertie wasn’t feeling well. He didn’t say anything, so I just carried on as normal. Outlook repeatedly froze. The internet radio wouldn’t play properly and every time I tried to open Sage, I was categorically denied. (No warning or error message mind you, it just wouldn’t open!).

The rage set in surprisingly quickly (to the horror of my co-workers), profanity littered the air and even soothing cups of tea were cast aside. Cake would have helped, but Kate hasn’t made me a lemon drizzle cake for ages!

The internet radio thing has always been a problem, I just kind of live with it. (Did I mention that the rot sets in quite quickly?) Losing email is a bit like not being able to Google stuff or access Twitter… in other words CRITICAL!!

The First Step – Admit there is a problem
Admitting there is a problem doesn’t mean you are admitting defeat. Quite the opposite, you are starting to take control of the situation. Once the rage had subsided I was able to take a step back. Well I wheeled my chair back a little bit, took a deep breath and explained calmly to Bertie that I could not continue like this anymore.

Define, Diagnose and Debate
Ok, so what is actually wrong? Strangely enough, shouting at the person sitting opposite that “This bloomin thing won’t work!!” didn’t help. I needed to list my issues, all of them! Once I could see clearly (..now the rage has gone), I was able to list what wasn’t working on my computer. This list actually made it easier for me to see that there was, in fact, an underlying problem.

I have been limping along for months with a stuttering internet radio stream. It’s not exactly a high priority, so I have never taken the time to fix it. Looking at my list of all the other problems I was having it suddenly dawned on me that I had just identified the root cause of all this trouble.

Mediation and Resolution
It is at this point, you may want to bring in a third party. Bertie and I had a nice long chat, I was able to fix the underlying problem myself (because, yes even though I’m a girl, I know about computers and stuff). If you don’t have those skills (years of training, blood sweat and tears!) you might want to seek advice. The important thing is to make sure that whoever you bring in to mediate has your full list of issues, not just the most recent one.

You will be pleased to hear that Bertie and I are friends again.

Is your computer is annoying you? Has the rot set in?
Give us a call, we offer a sympathetic ear and no obligation advice.

Lynn


  • 0

Windows 10 – Hidden gems and useful features

So I think it’s fair to say that after Windows 8 we are all grateful to Microsoft for giving us back the Start Menu, but Windows 10 has so much more to offer. Here are some useful features of Windows 10 to help you acclimatise and get the most out of your software.

Read More