Cybersecurity Guide: Enabling Secure Home Working

Author:
Jon Collinson
Head of Product Development

Coronavirus is having — and will continue to have — a significant impact on the way businesses operate. With more and more teams moving to remote working set-ups, how you keep your systems safe is going to be increasingly critical for organisations of every size.

Which is why it is essential that all businesses assess how best to mitigate any vulnerabilities that could make the existing challenges of COVID-19 even worse.

When considering how to mitigate the impact of the Coronavirus we need to keep in mind the Cybersecurity fundamentals of Availability, Integrity and Confidentiality.

 



JT’s Cybersecurity Tips: 5 of the most common online scams

Author:
Jon Collinson
Head of Product Development

As is common during times of disruption, we have, unfortunately, seen a sharp increase in the number of cybersecurity threats affecting both individuals and businesses. Fraudsters are succeeding in illegal activity, such as scams and phishing, as people unsuspectingly let their guard down, due to events affecting us all.

To help you and your businesses stay safe, and to raise awareness, we’ve highlighted some of the most common cyber-attacks taking place right now — outlining our top tips for keeping your accounts secure.

 



How to keep family entertained during home working

Author:
Katie Corbett
Director or Enterprise & Business Services

Many of us have recently found ourselves working from home, trying to juggle getting work done while keeping the family entertained.

In this eBook, we have put together plenty of fun activities to help keep your family occupied and engaged, whether you are off work with more free time or trying to schedule home schooling with a busy work schedule.

 



JT’s Small Business Toolkit

Author:
Susan Sproston
Head of Business Sales

Companies can reap numerous rewards from digitisation, including cutting costs, boosting customer engagement, making smarter data-driven decisions, and develop new revenue streams from online audiences.

A successful transition to digital involves leveraging the best digital tools to transform your business.

Digitisation can be a long, complex transition for companies of all sizes, so choosing the right tools will help facilitate a smooth shift.

To help you get started, this guide will explore the fundamentals of taking your business and services into a digital environment, offering insights into the most important elements and tools to help along the way.

What is the very first tool you need to get sorted? The right broadband. Wi-Fi connection fuels a digital business, and is a critical tool for staying connected and available for customers 24/7. We explore more on the following page.

 



5 Key Benefits of JT Cloud PBX

Author:
Pam Pearce
Product Manager

Remote working has quickly become an essential part of everyday life for many businesses. However, not every organisation is prepared for a work-from-home set up, which can make the transition a challenging and daunting task.

Business Landline calling would traditionally be especially difficult to move into the remote workspace. Whether a contact centre of hundreds of agents, or simply an in-office phone system, taking incoming calls and diverting them to the right team members relies on often expensive, interconnected hardware made up of phone lines, switches, routers, and more — all of which become near-impossible from the home.

That's why we've developed JT Cloud PBX, a virtualised phone system built to make the shift from the office, to remote working (and back again) as seamless as possible.

 



JT Appoints New Chief Financial Officer

With more than 25 years’ experience working in senior finance roles, Hélène Narcy has been appointed as JT’s Chief Financial Officer, taking a position on the Group Board and the Executive Committee.

Hélène, who started her career in telecommunications, before working for some of the world’s leading financial institutions, takes over from John Kent who is retiring, after serving in the role since 2012.

She joined JT in July 2019 after ten years working for UBS in Jersey and the US, returning to the island after two years in New York. Hélène has also lived and/or worked in France, China and the UAE, in senior management roles and leading financial transformation projects.

Hélène graduated from the prestigious Grande Ecole ESCP, and holds the French accounting Diploma.

She commented: “Leading the finances of a company with JT’s strong global reputation is a challenge I am really looking forward to, and I have been really impressed with the quality and dedication of the whole team at JT.

“Telecommunications is a fast-moving, dynamic sector and providing innovative products and services is so important to all islanders. It is great to be working in this industry again, and to be able to add value to JT’s operations in the Channel Islands, and across the world.”

Graeme Millar, JT’s Chief Executive Officer, said: “I am delighted to welcome Hélène to JT. Her knowledge, skills and experience will really help us to take the business forward, applying the most exacting international financial standards.

“I would also like to thank John Kent, whose vast experience and strategic thinking has played a significant part in the success of the JT story for nearly a decade.

“JT’s purpose is to enable our customers’ connected lives, and Hélène will help us to achieve that throughout challenging times for individuals and businesses, and to play our part in facilitating the Channel Islands’ recovery.”

For more information please click here.



Cybersecurity: ‘End of Support’ for Software and Systems

Author:
David Salisbury
Product Portfolio Manager - Security

The integration of software into business brings with it many benefits, like more efficient workflows, improved communication, and amazing organisational capabilities. However, it also brings a lot of challenges; primarily, keeping all of your devices updated and secure. In this post, we'll cover the dangers of keeping your devices past the End of Support or Service (EOS) phase of their lifespan.

What is "End of Support"?

The "End of Support" (also known as EOL End of Life) is when an application or operating system is no longer going to be receiving attention from its manufacturer. This means no more patches or updates, likely a loss of manufacture support if the device relies on external servers (such as a gaming console), and possibly a loss of repair support, too.

Essentially, software will always need to be updated to survive. But a company cannot realistically update the same piece of software forever. They've either moved on to a new platform (Windows 7 > Windows 10), no longer produce the product that came with that software, or have simply ceased trading.

EOS can also be the result of outdated hardware; you see this most often with smartphones or old laptops. After it's aged a few years, the hardware in a specific model typically becomes too old and underpowered to handle the latest software updates. When this happens, the manufacturer may stop supporting that particular model, preventing it from getting new software updates.

Log Management

What are the security concerns of EOS?

EOS can pose serious security concerns — it is not just an unfortunate and inevitable inconvenience.

More often than not, the threat comes from hackers uncovering a new vulnerability in the code. When this happens in supported software, the manufacturer is usually quick to patch the issue with an over-the-air update (this is why your computer/smartphone updates somewhat frequently).

But it’s a lot trickier if this happens in outdated software systems.
Not only can hackers discover exploits in legacy versions of software, but as technology progresses, they may develop new hacking methods that didn't exist when the software was last updated. The result is a piece of software that has zero defences to prevent the hacker's intentions.

The WannaCry attack of 2017

Famously in 2017, the U.K. National Health Service was hit by its biggest cyberattack to date from the WannaCry ransomware. This malware encrypted critical files on NHS machines, asking for a ransom of £230 to decrypt each machine. The results affected 19,000 appointments in total and resulted in 6,900 being cancelled.

After an investigation into the incident, it was found that the malware used to execute the attack was relatively simple and extremely preventable. However, the NHS, despite being warned to update their systems, was using EOS software with serious security vulnerabilities.

Since all of these computers were interconnected, it only took one becoming infected for the entire NHS to fall victim. It's an unfortunately clear example of just how serious EOS risks can be.

Compliance, fear of falling behind and costly repairs

EOS software creates other issues as well that can lead to security vulnerabilities. Below are a few of the ways that using outdated software and/or hardware can affect your business.

Compliance issues

IT compliance guidelines are numerous and ever-evolving. Of course, this makes them hard to keep up with. But the rate of change is really intended to help businesses protect themselves and their consumers from the latest security threats.

Oftentimes, these regulations are quickly met in the form of a software update. Keeping EOS software, however, often means falling out of compliance, exposing you to compliance violations and risk of attack.

Limited access to new technology

It might be tempting to let one or two updates slip by without action. But, before you know it, all the latest apps and services are so far away from what you’re operating with right now, that they are indeed beyond your reach.
Not only does this mean you won't be able to participate in new industry work methods and standards, but it also means that new firewalls, security services, and preventative measures will be incompatible with your systems.

Complicated repair processes

Just like with any old machinery, repairing outdated hardware and software is going to become increasingly expensive. This means that in the event your EOS devices are subject to hacking, or even careless human error, recovering your data and systems will be much more difficult and costly.

Security Consultancy

How can businesses avoid the risks of EOS?

Staying up-to-date is the number one way to avoid the risks of EOS. Set all of your devices to automatically update when new software updates are available, and make sure that your IT team notifies you when software or hardware falls out of manufacturer support.

Updating your devices and software can be time-consuming, and purchasing new devices, setting up new networking systems, and training staff on the new devices can be a serious logistical challenge. However, the effort required to keep your systems up to date is nowhere near the damage and cost of a security breach.

Additionally, make sure that your apps (especially those related to security) are always running on the latest app version. These updates are often free and will reduce the chances of you being exposed to a cybersecurity threat.

If your organisation becomes compromised because of an unpatched or EOS system it may be considered that you did not apply due care in maintaining your cybersecurity and any cyber insurance will not apply out and you could be liable for the full fines from the Data Protection Commissioner and legal action from those affected.

For assistance with your business’s stance on Cybersecurity contact our Business Solutions Team on +44 1534 882345 or email business.solutions@jtglobal.com

Find out about our range of cybersecurity products here: 

Other content you might be interested in:



Cybersecurity awareness: businesses’ obligations to provide their people with cybersecurity solutions when remote working

Author:
David Salisbury
Product Portfolio Manager - Security

The trend for remote working has grown steadily in recent years. But now, in the early months of 2020, it has, of course, skyrocketed; suddenly organisations are rushing to equip employees with all they need to work efficiently from home.

But restructuring your business's workflow can be a serious undertaking, resulting in unpredictable changes. While most workers are focusing on communication and collaboration tools, and seamless file sharing (which are all essential), there is another vital consideration to discuss: security.

Put simply: remote work can lead to a swift destabilisation of your business’s network security. In this article, we'll look at how remote work affects your business's network security and explore how you can maintain an optimal cybersecurity position during this time.

More people are working from home than ever before

We’re all eagerly awaiting “normal” work life to begin again. However, according to some reports, office life may never fully return to the way it was before. For example, many workers may choose to continue working remotely; others may be asked to, to help limit overheads.

With this massive change in our working environments comes new ways of thinking about how we view the workplace. Most prominently, what we define as being "company equipment" (where lines were blurred already).

Why do employees use personal devices when working from home?

There are several reasons why employees use personal devices when working from home, the simplest being that they're the only devices they have available. Not all businesses have the means to supply every employee with a laptop and/or smartphone, so if employees already have these devices, then businesses can cut costs by allowing employees to use their own computers.

There’s also lots of incentive for remote teams to use personal devices. They already know these devices' ins and outs, so there's no learning curve. And there's an element of tailoring and comfort when using a personal device as opposed to a company device.

The can cause an blurring of who is responsible for the security and who owns the data.

But benefits aside, the use of personal devices for work does pose an issue: who is responsible for the security of the device?

The short answer? Both employees, and the business.

But if we ask who will get sued the answer is clearly the company.

Corporate security systems are vital when employees are working remotely, as they could be accessing sensitive company files over unsecured Wi-Fi networks. The only way to ensure that this issue is never exploited is to create a secure company-wide, work-from-home system that all employees can use.

How can businesses protect their employees' devices at home?

Implementing a wide-scale, secure remote solution isn't as easy as it sounds. Not only does it require that everyone to use similar layers of security, but it means implementing network-level encryption, which can be difficult for those unfamiliar with such systems.

To help businesses get started, here are three ways to quickly improve the work-from-home security of your company.

1. Apply the corporate approach to the home

The straightforward approach is to treat all of your employees' personal devices the same way you would treat company hardware. This means taking the same security measures, maintaining an IT team for support, and providing your employees with the tools they need to implement strong security.

You should also outline, and distribute, clear security guidelines for your employees to follow. This includes things like:

  • Not using unencrypted/public Wi-Fi networks when dealing with sensitive company information
  • Not leaving devices with access to work-related files unattended (or unlocked), such as in a vehicle, or even at home where there could be multiple users sharing devices
  • Using strong, randomised passwords for work accounts, preferably with a password manager
  • Using firewalls and antivirus software
  • Keeping all devices up to date.

If your business already has support and security systems in place for the office, chances are this could be extended to cover employees’ personal devices too. This method of “piggybacking” a domestic product onto an already-established corporate product will substantially reduce complications with billing, infrastructure, and setup investment. Since you and/or your IT team will already be familiar with the corporate version of your firewalls and security systems, expanding that to your work-from-home staff will be much easier than purchasing and installing an entirely new service.

Plus, it’s an added benefit for staff members and their families — a bonus which, when rolled out appropriately, could boost team morale, engagement and productivity.

2. Use secure authentication

Strong authentication is another important aspect of remote security, and this typically means two-factor authentication, or 2FA. Which means that you need two separate things from something you know a password or pin number, something you have, your mobile phone or token, something you are a fingerprint or eye of face scan. Sometimes ‘somewhere you are’ is considered, but this is normally only used as a third factor. Microsoft Authenticator is one of the most common examples of what this looks like in practice, and it's a great tool to use for your business.

3. Provide corporate-level VPNs for safe remote access

VPNs, or virtual private networks, are used to encrypt ecurity extend your internal network to remote offices or users.

There are several services that offer corporate-level VPNs. Working with these suppliers would allow companies to provide all of their employees with a secure network connection, no matter which network they happen to be connected to. This is vital for employees that have access to sensitive files, accounts, passwords, and emails.

Often a remote desk top solution is delivered across a VPN, offered by companies like Citrix. A remote desktop allows someone to access the same “desktop” on their work computer, even while working on a different PC.

For example, say an employee has a computer at work and a laptop at home. With a remote desktop, they will have access to all of the same files, apps, and features on both devices. This allows the corporate computer to be maintained and updated with security features, which the person’s home laptop indirectly benefits from.

Remote working will be part of our new normal, so now’s the time to make it secure

If current predictions are anything to go by, we’ll see a larger number of employees working from home, at least part of the time, in the future. To protect your organisation, and your staff, from security threats, you need to act now.

If your business is looking to implement strong security measures for its remote employees, consider partnering with JT.

Other content you might be interested in: