Author Archives: Admin

Patch Management – why your business needs it

What is it?
Let’s take this step by step. A patch is a piece of computer code or some files that patch up a problem by updating, fixing or improving it. Windows Updates are often referred to as patches. You will get a Windows Update because Microsoft has found a security issue that needs fixing. In other words, they have found a hole and need to patch it! The update/patch copies new files to your computer or adds some new coding and voila the issue is dealt with and your computer is no longer at risk. Patch Management is the process of managing these patches/updates on your network.

Why do I need Patch Management?
As you can imagine, because of the number of security threats – there is a lot of updates to cope with. Microsoft is not the only manufacturer to release updates. All good software houses will release updates for their products.

As soon as a patch/update is released, the security hole becomes public knowledge. Public knowledge means very bad, but very clever attackers can rush to exploit it. You should apply updates as soon as you can to mitigate this opportunity for cyber criminals. You should also be aware that to be fully GDPR compliant, you need to do your best to protect your data. One way to help with this is to put in place a good Patch Management policy/procedure.

A good way to picture it: if you’re a visual person like myself, imagine yourself maintaining a car. Without regular services, changing your tyres etc… you can still drive your car. If you keep avoiding the mechanic, eventually the car will break down or cause an accident. It’s the same with Patch Management – you can go on without doing all your updates for a while and you’ll still be able to use your computer. However, without regular updates/maintenance, your device will become unprotected and potentially dangerous.

Patch Management Software
Because of how many malicious attacks that software companies face on a regular basis – there is lots of patches to deal with on one device, no matter a full office worth. Thankfully, there are some wonderful people out there that recognised this and developed software to deal with all of the patches/updates for you. Meaning that you can get on with all the other important things on your to-do list.

We recommend Panda Patch Management which has the ability to manage your network from one device, which can be a chosen person at your office or we can manage it for you here at Castle Computers.

Contact us on 01228 590900 or email info@castle-computers.com for more information on this software. We’re happy to answer any questions you have!

Is your website secure enough for Google Chrome?

Google Chrome has over 2 billion installs and 61.4% share of the worldwide internet browser market on desktop. It’s the most popular browser out there. I use it, you probably use it and apparently most the world does, so it’s very important to make sure your website looks right on it.

When people access your website, you want them to be greeted by a welcoming home page and a trustworthy site that they feel secure buying from. You don’t want anything putting them off from using your services.

Google Chrome 68 was released some months ago with lots of great features. One of its features is that Google Chrome now marks ‘non-secure’ pages with a security warning to visitors. Now I’m sure you do your best to make sure your website is secure. However, if you don’t secure your site with HTTPS security encryption then in Chromes new standards – it’s not secure.

What to do
It’s pretty simple to find out whether your website is ‘secure’ or not. Go to google chrome and type in your website. At the top of the page, on the left of the website URL – there will be one of the following symbols.
Padlock – meaning it is safe and secure (woo congrats!!)
Circle with an ‘i’ – meaning it’s not secure or there is more information
Triangle with an explanation mark – meaning it’s not secure or dangerous

Your site hopefully has a padlock but if not, it’s something to look into. It’s not worth losing potential customers because your page isn’t ‘secure’.

HTTP… what?
So what’s the difference between http and https? Well, the ‘s’ stands for, yes you guessed it… secure. Some other positives of having your website secured with HTTPS is:

– It means information being transferred from your device to the website you’re on is encrypted and therefore far more difficult to intercept
– It can be faster
– It can prevent malware being injected into the code on your website
– It can help SEO by improving your sites ranking on search engine results as Google will promote those using HTTPS

What’s next…
If you have any queries, we’ll do our best to help but unfortunately, we aren’t web developers. If your site is ‘not secure’, your best bet would be to contact your web developers (the people that made your website!) and they’ll give you a hand.

Raise the bar for your business security

Protecting your network in a business is vital. Organisations of all sizes and in all sectors are constantly being targeted. Anti-Virus needs to proactively detect and prevent security attacks.

The answer? Panda Adaptive Defense 360 (Panda AD360) – the only solution to guarantee the security of all running applications.
Limitless visibility, absolute control.

Seeing what the others can’t
Nasty malware is getting far more sneaky and sophisticated with over 200,000 new viruses every day. This means traditional Anti-Virus just doesn’t do the job anymore. Whilst traditional Anti-Virus only takes action if it thinks a process is malicious; Panda AD360 monitors, records and classifies 100% of running applications.
It processes absolutely everything.

The technical bit
Panda Adaptive Defense 360 is the first and only product to combine Endpoint Protection Platform (EPP) and Endpoint Detection & Response (EDR) capabilities. This means it can protect against zero-day and targeted attacks that take advantage of the window of opportunity for malware.

The EDR capabilities relies on a security model based on three principles:
• Continuous monitoring of applications on a company’s computers and servers.
• Automatic classification using machine learning on Panda’s big data platform in the cloud.
• Panda’s technical experts analyse those applications that haven’t been classified automatically to be certain of the behaviour of everything that is run on the company’s systems.

Features and Benefits

Detection & Response

• Protection of intellectual assets against targeted attacks
• Forensic report
• Protection of vulnerable systems
• Continuous monitoring and analysis of running applications
• Data access and transmission monitoring for applications

Protection

• Antivirus antimalware
• Device control
• Web & Mail (Exchange) filtering
• Personal firewall

Productivity and Management

• Light, easy-to-deploy solution
• Daily and on-demand reports
• Simple, centralized administration from a Web console
• Total transparency for the user
• Better service, simpler management

The best protection for the best price
Of course, you want the most indestructible security system for the best value. At the competitive pricing of £35 per pc, per year to be completely covered by the first and only solution to combine EPP and EDR capabilities – its a pretty good deal.

Panda Adaptive Defense 360: Find the answers, solve the problem
Contact us today for more info and to start fully protecting your business now.
Email: info@castle-computers.com
Phone: 01228 590900

Is your Anti-Virus actually working?

We’ve all done it.
Bought a shiny new computer and paid for the Anti-Virus software that comes along with it. Then the lovely IT person has set it all up for us, we log on to our computer and never really think about it again. We’re covered.

…. NO! There is no point having Anti-Virus installed if you don’t check it is working and up to date.

Why do I need Anti-Virus?
Anti-Virus is to a computer what an immune system is to a body. It identifies viruses and nasty software and then protects the device from being infected. It can live without it for a short time but only until someone or something infects it. And then, you’re in trouble.

You need something that is going to defend you at all times. You should invest in good Anti-Virus software. Without protection you are making yourself a flashing target for something or someone to gain access to your computer and data. By data we don’t just mean your word documents. We mean anything you type into a web browser – your bank details, personal information, even your Netflix password!

Why can’t I just use any old Anti-Virus?
Not all Anti-Virus software is created equal. You might be tempted by free software. This could work fine on the surface, however you may find it slows your computer down so much that you get fed up of using it! Anti-Virus Software that works well for the home computer may not be the best solution for work, and vice-versa.

Here at Castle Computers, we have experience with lots of Anti-Virus software. We know exactly what we’re looking for when we choose one for us and what to recommend to our customers. With over 200,000 new viruses appearing every day (yes you heard me – 200,000 every day) networks are more vulnerable than ever. Your Anti-Virus needs to be smarter than ever.

It may be installed, but is it working?
Traditional or Standard Anti-Virus requires 3 things to work correctly. Firstly an internet connection. Secondly definition updates, and finally a valid subscription or licence. Without the above, your Anti-Virus will not be able to update itself and as such you will be unprotected against any newly identified threats.

We recommend you pay some attention to the little Anti-Virus icon which usually resides somewhere near the clock on your PC. Is it working? Is it up to date? Do you know how to check if you are protected? We are here to help, if you don’t know or aren’t sure – give us a ring, we can help you figure it out.

Next Generation Solution – Panda Adaptive Defense 36
Panda AD360 works differently to standard Anti-Virus with minimum impact on the performance of your PC. We recommend Panda AD360 for business use. It provides a service that accurately classifies every application in an organisation and only allows legitimate programs to run. It does not rely on definition updates to protect you.

Sound like something worth taking a look at?
There’s a lot more great features of Panda AD360 that we’d be happy to talk you through. Give us a call on 01228 590900 or email info@castle-computers.com.

GDPR – is it all over?

Let’s throw it back to the week of May 21st, where we related to this pug on a deep level. It was full of late evenings at the office, manic emails from the boss and worried calls to your trusty IT provider (don’t worry we didn’t mind)!
This was the time of GDPR.

But how about now, have we forgotten all about it?

You probably took the necessary precautions at the time and are a bit more wary when you stumble across a list of data and can’t remember why you have it. But yes, we can all agree that it doesn’t cross our minds as it did a few months ago (which is probably a good thing – balance is key). However, you should most definitely still be thinking about it.

Why?

Well, let me tell you…

You may not have been affected by the regulation yet but many have. Have a look through the recent action that the ICO have taken at http://ico.org.uk/action-weve-taken/enforcement/. After having a look through, you might be more tempted to have a check up on your security. Companies have been fined thousands and thousands of pounds because of many different reasons since May 25th including selling data, nuisance calls, mass emails, spam texts, failing to register with ICO etc…

A couple of examples that we found interesting:

– 07 June 2018: The British & Foreign Bible Society in Swindon, Wiltshire was fined £100,000 after their computer network was compromised as the result of a cyber-attack.

– 18 June 2018: Ainsworth Lord Estates in Darwen, Lancashire were served with an enforcement notice for failing to respond to a subject access request.

These two examples show how easily you can slip up. If you’ve stolen someone’s data or are emailing thousands of people that have opted out of marketing emails – you’d expect some backlash. Yet forgetting to respond to a request for someone’s information or just not getting around to making sure your security is the best it can be – is easily done.

What can you do?

It’s wise to have a regular check up on your security and to make sure you’re doing all you can to stay GDPR compliant.

• Do you know where all your data is?
Someone could send a subject access request (a copy of all the info you have about them). You’ll need to make sure you know where all your data is to fulfil this request. Organise your folders, spreadsheets, filing cabinets – anything that holds personal data so that you’re ready. Remove any old information that you no longer need to keep which will make things a lot easier for yourself. Don’t be in the same situation as Ainsworth Lord Estates.

• Encryption
You should always be taking a backup off-site. If you use a cloud backup solution, check with your provider that it’s encrypted. If you use USB drives/tapes or memory sticks – these should also be encrypted. Contact us to discuss encrypting your devices.

• Cyber Security
Don’t be an easy target for cyber-attacks, as not only could your network be compromised – you could be fined a lot of money. The British & Foreign Bible Society had to learn this the hard way for failing to amp up their security. You need effective, working anti-virus software (not just the free one that came with the computers.) Speak to us about the new generation of anti-virus.

• Consent
Do you use a website like MailChimp for your email marketing? Hopefully, you got consent from all your subscribers to send them emails. If you are to add any new subscribers onto your mailing list manually – make sure you have clear, verifiable consent (like an email requesting to be added.) Also, have a look through your Sage – do you hold emergency contact details for your staff? You need consent to hold this kind of information!

• Your team
A good way of making your staff GDPR compliant is to make them aware of what you expect from them. They need to know where they can save their files, what they can access and the computer use rules of the business. There is an excellent piece of software called Panda Systems Management which monitors your devices to make sure all software is authorised, up to date and in line with GDPR. Contact us to discuss this option.

This is just a handful of things you need to continually check and keep an eye on to stay GDPR compliant. Unfortunately, it’s not going away, so you and your staff need to be working on staying secure every day. You do not want to risk being the next name on the ICO’s website of bad examples. If you have to splash out on getting decent anti-virus software or encrypting devices – it will be worth it when you see the amounts that businesses have been fined.

Thankfully we’re here to help and honestly advise you on what’s best for your business. Give us a bell on 01228 590900 or email us on info@castle-computers.com.

Making Tax Digital – The Basics

 
What is it?
Definitely a good place to start. What is this ‘Making Tax Digital’ and why is it happening? Basically, the government is trying to make it easier for people to get their tax right. Although most businesses try to do their tax return correctly, errors and mistakes mean around £9 billion is lost every year.

MTD (Making Tax Digital) is exactly what it says in the name. It aims to save time, prevent mistakes and become more accurate & efficient by making everything online.

The main gist of the changes is that businesses:

– Will submit tax every 3 months instead of once a year.

– Are issued with a HMRC digital tax account.

– Don’t have to give information to HMRC that it already has. Electronic data from banks, building societies etc. will go directly to HMRC instead of manually processing this as before.

– Can see what tax they owe as it happens in real time instead of letting it build up and getting a massive bill at the end of the year.

When is it happening?
By April 2019 – VAT reporting by all businesses with a turnover above the VAT threshold (£85,000).

By 2020 – Reporting for other taxes (income and corporation).

What do I need to do?
It really depends what you’re currently doing. A first step is that you must use “digital-record keeping to provide a single, seamless process with quarterly updates generated and sent direct from the software the business/agent uses to keep their records”. (www.gov.uk/government/publications/making-tax-digital/overview-of-making-tax-digital)

If you don’t already use digital accounting software, talk to us. We can offer you a range of packages depending on your needs and work through the journey with you.

If you already use digital software, you need to make sure its updated and compliant with MTD. Get in touch with the providers of your software and find out if the version you use is compatible or if you’ll need to upgrade.

Start planning now, talk to your accountant if you use one and find out what you need to do, to be fully prepared.

You may have to spend money on using digital accounting software, and no one likes spending money. However according to a recent study, using digital accounting software:

– Saves 27.6 days a year in comparison to using manual methods.

– Makes an estimated saving of £17,000 per annum because of efficiency.

– Alerts when payments are due, which can decrease the chance of payments piling up and making errors that incur penalties.

If you want to discuss your options or have any queries, we’re more than happy to help. Contact us on 01228 590900 or info@castle-computers.com.

Hacked Routers – What do I need to do?

Recent reports from security researchers show that more than 300,000 routers have been hacked. Many popular internet router vendors were affected by this attack. The hackers changed DNS server address settings, making it possible for web traffic to be intercepted and therefore sensitive information to be stolen.

What do I need to do?
If you feel confident about connecting to your router’s webpage and looking at settings yourself, then, by all means, carry on. If you get stuck – we are only a phone call away. However, if you didn’t know your router had a web page, then stop now as you could potentially make things worse!
Before you begin you need to contact your ISP (Internet Service Provider) to confirm what your DNS settings should be. You then need to compare this information with the settings in your router.
You need to update the firmware on your router (if available) to prevent the same thing from happening again.

How do I prevent this from happening to me?
The only way to guarantee you’re not a target is to use a router that comes with built-in protection against such an attack. We can provide you with such a router, contact us today to discuss this further.
If you are not going to replace your router, you should update the firmware. Check with the manufacturer that a firmware fix is available for this particular issue (DNS hacking).

My router has been compromised – what do I do?
Firstly, fix the problem. Get your router settings back to normal, do the firmware upgrade or replace your router with one which is secure.
Potentially ALL of your internet traffic has been intercepted which means that they could have your passwords, bank details, Netflix login etc. You need to change them all! Do not attempt to change your passwords until you have secured your router.

Please contact us for further help and advice on this issue.

How to prevent a Security Threat

Everyone’s worst work nightmare
So, you’ve got a good thing going. You’re getting through your to-do list at the speed that you’re chugging coffee. Suddenly the weekend doesn’t seem like such a distant place. Until the worst thing that could happen, happens. The computer starts slowing down and… crash. Something harmful has wriggled its way onto your system and who knows what data it’s stealing.

Increase in Security Threats
I hope for your sake that the scenario above doesn’t sound familiar. However recently, we’ve noticed a drastic increase in security threat cases (dodgy emails, suspicious phone calls etc) from our clients. And, although we’re sure you love talking to us – you probably have a lot on, without a security breach getting in the way. Let us help you now before you use up your precious time, money and effort to fix any problems.

Protect your information
There are common ways that fraudsters use to steal your information. The reason that they keep using them and we keep knocking on about them is because they work. Percentages of cyber-attacks are just going up according to the ‘Internet Security Threat Report 2018’ by Symantec. Below are some simple precautions you can take to protect yourselves.

• Emails
  Don’t open attachments if you’re not expecting the email. Don’t trust an email even if it’s come from your sister, boss or it uses your first name. Lots of email scams make the email looks like it’s come from a big company like PayPal, eBay or Microsoft. Before you press any links or open any attachments, have a good look at it. Has it come from the official email address? Does the email look a bit off? Are there spelling/grammar errors? Is the link that they want you to press actually sending you to the verified website? If you’re unsure if it’s a trustworthy email – contact the sender directly. See Lynn’s blog for advice on spotting fake emails https://bit.ly/2t9HKcR

• Phone Calls
  If you receive a phone call about a problem with your computer or internet – put the phone down. Even if they sound like they know about your computer/device, if you haven’t contacted them first – it’s not true. Huge companies like Microsoft, Apple or BT are not going to call you to tell you about problems on your device. (Even though I’m sure you’re a total laugh and have some great ideas to share with them.) See Lynn’s blog for further tips on dodgy phone calls https://bit.ly/2I2yOdS

• Public Wi-Fi
  If you’re anything like me, your face lights up when you see your phone connect to public Wi-Fi when you’re in a shopping centre, hotel or coffee shop. Time to check your emails, WhatsApp, Facebook, Instagram etc… However, the risks of people accessing what you’re looking at and stealing your information aren’t worth it. See Lynn’s blog on the dangers of using public Wi-Fi https://bit.ly/2ynRjtX

• Pop-Ups
  Now, you’re an intelligent human. You know not to claim your million-pound prize when it starts flashing at you on your computer in a red box. But, how about a reliable looking box that politely tells you that your system is infected? That trustworthy-looking button that you need to press to fix the problem is a trap. Do not be fooled. Give us a call if you’re worried about any infections on your system.

• Updates
  I know I know, they’re a pain. Yet, lots of programmes need to be updated because of security. If you’re not on the latest version of a programme/software, your information is not as secure until you update it.

Trust your gut
We can’t possibly name everything you need to be careful of. Just remember: don’t open, answer, click, tick or submit anything that looks or sounds a bit off. Trust your gut – delete it or hang up. If you’re worried that it’s something important, there’s no harm in asking us and we can check it out for you.

Software Solutions
There are ways to make the risks of you being victim to an online security threat a lot lower, which we use ourselves. Many businesses are ramping up their security to avoid a data breach (especially since GDPR came into force). If you’ve considered using proper anti-virus before but it’s never happened, now is the time to act.

Anti-Virus Protection – Panda Adaptive Defence 360
Panda AD360 guarantees complete protection for devices and servers by classifying 100% of processes. Contact us for more information on using this software.

Panda Systems Management
Systems Management is a tool to manage and monitor all the devices that your company uses. This means you can pinpoint any trouble or updates quickly and effectively. Contact us for more information on using this software.

Some more helpful blogs…
Can you spot the fake? https://bit.ly/2t9HKcR
“Someone’s been on the phone saying there’s a problem with my computer” https://bit.ly/2I2yOdS
Risks of using Public Wi-Fi https://bit.ly/2ynRjtX

Well hasn’t all this GDPR stuff been exciting….

Well hasn’t all this GDPR stuff been exciting! (Please note, I couldn’t find a font that conveyed quite the right level of sarcasm here.)

If you are just about ready to throw in the towel and go hide in a yurt in Outer Mongolia then fear not mere human… you are not alone!

In big organisations they have people dedicated to data protection. It is their only job. It is the only thing they do when they come to work in the morning (poor souls!) For the rest of us mortals that have to juggle data protection with answering the phone, making the tea and cleaning the loo – things are not so simple. If you are anything like me then all the extra work that GDPR has generated has had a massive impact on your day to day stress levels.

I don’t expect GDPR inspectors to come breaking down doors on the 25th May demanding to see your policies and software audit. However, that doesn’t mean that you don’t need to be prepared. It’s more likely that a member of the public will report a concern to the ICO which will set the inspection ball rolling.

As we have progressed along our own journey to sainthood compliance we have picked up a few hiding places for data and things you may not have considered. Here we go, hold tight and keep calm!

• Spreadsheets, Documents, Filing Cabinets, Archive Boxes etc.

I thought I would start you off with an easy one here. If you don’t need the box of receipts from 1870 – then get rid of them! Make sure everyone knows where they should be saving their work.

• Your Accounting Data i.e. Sage Data you use everyday

Okay this is a bit more complicated. We all know that you have to keep accounts records for seven years, but have you checked your accounts customer list for people with no transactions or transactions that are more than 7 years old? We’ve been trading since 1991 and our customer list in Sage has never had a really good cleanout. As a result, we have customer records for people who bought a printer in 1997. I highly doubt their phone number is still valid and the printer is now well out of warranty so it’s time to say goodbye and remove these inactive/old records from your Sage.

• Your Sage Company Archives

We’re ramping up the pressure a bit now. Do you have archived companies that are handy to dip into now and again? We do! They’re usually created when you do your year-end routine, but can be created at any point; usually if you need to clear down the number of transactions stored in Sage. (Note: Clearing transactions DOES NOT remove the account so this is different to the point above.) You need to think about getting rid of those archived data sets as it’s another place you need to look if you get a Subject Access Request!

• Your Payroll – Delete Old Employees Records

You need to keep payroll records for 3 years from the end of the tax year they relate to. After that, you can delete the employee from payroll. Sage payroll is good at hiding your historical leavers so make sure you click on the criteria button and untick historical leavers!

• Your Payroll – Next of Kin Information

You may not have thought about this one! Do you hold next of kin information or emergency contact numbers for your employees? You need to seek consent from those people to hold their data in your systems.

As we all progress along this journey one thing is certain, you are not alone! If you need help – reach out and we will certainly do all we can to help you.