Category Archives: Security

WHO is Endangering Your Business Data? (And How do you Protect Information?)

clint patterson dYEuFB8KQJk unsplash

Your sensitive business information is pivotal to running a successful business. Do you have proper security measures in place? Hackers can steal data easily – they’re experts! Please don’t allow them to put you out of business.
At the moment, Cybercriminals might not be the biggest risk for companies in our local area of Burnley. Spiralling costs are a concern for every local company throughout Lancashire and beyond. However, please do take a look at the threat from hackers. They have many carefully crafted ways to gain access to your money and accounts. They can take over critical software if you let them. They disrupt businesses and may prevent you from working with your customers.
Many organisations fall victim to hacks. Here at Cirrus IT Services, we understand why small and medium businesses seem to be particularly at risk.

So why?

All too often, business owners don’t address cybersecurity fully. Integrating digital security into their company from launch might be seen as non-essential. Sometimes, IT service providers are hired without much thought. Some tech-savvy people don’t guard themselves against online attackers. Therefore hackers generally regard small to medium-sized companies as low-risk targets.
Can you risk going under due to the loss of sensitive data? Is it a risk that you are prepared to take?
To help, continue to read this introduction to the potential hacks so that you can start to protect your business.




Personal information hackers target the information about your customers and staff. This also includes birthdays, financial details and national security numbers.
National security numbers seem to be the most valuable asset. Cybercriminals can use them to open new accounts, and make significant identity theft breaches such as claiming benefits. Financial data – such as bank account details – can be used to commit fraud. When your customer or staff member becomes a victim of crime, it’s their relationship with you that starts to suffer.


Data storage servers are expensive – and hackers want to use yours!
Hackers cut their costs by storing their data and applications on your server infrastructure. Cybercriminals are likely to target good equipment infrastructures. The resulting strains on network limits has devastating effects on businesses ability to work efficiently.
As tech companies are common victims of this subtle attack, choose your IT services company wisely.
The digital infrastructure that frequently runs out of storage, or suffers slowdowns may have unknown devices on their network.


If your business is growing, your products and services likely make you stand out from your competition. When you know how to engage your target audience, you want to think carefully about how you protect your confidential business details.
Imagine a hacker gains access to new deals and steals upcoming business relationships or products before you launch or submit a patent. When hackers offer your competitors your trade secrets, will they tell you? They may obtain information to undercut your sales without your knowledge.


Are you sure that your employee accounts are secure?
Hackers who use scams to gain information that disrupts your operations are likely to try to use an employee account.
For example, losing the login details of key staff can be devastating. Using management login details and accounts provides access to emails and systems to impersonate, request information, target employees, target customers and ruin your business credibility.
Data breaches lead to a lack of confidence in your reputation.


Some savvy hackers don’t want data. To launch a ransomware attack, they become full network controllers.
Access to the entire network allows them to lock your systems, making data inaccessible. The ransom demands start to arrive. Ransomware gains access typically through spam emails, and clickable advertisements online.
A ransom amount of £20,000 might be bad enough, but business disruption that brings your sales channels down is usually much more significant.


So, given the many different threats – how do you protect your business data, networks, systems and infrastructure?


Avoid the mistake of thinking that you can’t afford cybersecurity measures. Allocate enough to set up your most solid defences. Investing in reliable IT Services helps you out.
This way, your business data, networks, systems, and infrastructure is more secure.


Security systems do have weaknesses, but employees who don’t know the risks pose the biggest threat.
There are threats in the office and at home. Every phone or laptop used for work can be weak and a point of entry for a hacker. All managers should know about the risks to ensure their staff follows security measures.
Introduce your employees to the best practice. Talk about the steps necessary within your company and how they deter cybercriminals. Consider making security education and training a monthly activity as a reminder.
Suppose you want an example of one way to promote a healthy security culture. We offer more information for you here:


A two-factor authentication is a valuable tool you can use to fend off a hacking scam.
Each user must verify their identity before accessing your systems. Using it on business-related accounts reduces the chances of cybercrime.
Encouraging your team members to authenticate personal accounts at home gets them used to how it works. Anything that helps them to follow appropriate security measures is good. Try to keep up the conversation about reducing the risk of data, network and hardware breaches.


Without antivirus software, your business is open to hacking attack.
Leverage software by making sure that it is up to date. You can consider trusted antivirus software corporate/business versions from Bitdefender, Norton, McAfee or Total AV.
Every machine used to access work systems should rely on antivirus software. Failing to run regular antivirus scans leaves your systems open to virus infection.


Antivirus software is good, and adding a manual scan to your procedures is even better. Check your systems optimal cybersecurity by checking who has accessed your network. Make sure that each point of access is authorised. Don’t ignore the red flags or gut instinct.


Here at Cirrus IT Services we believe in making cybersecurity a part of all digital business processes. Small businesses in Lancashire UK might think that it’s an unnecessary overhead, but scammers know who to target. Put a plan in place to help avoid losing your money, your data, or your business reputation.
A single bulletproof solution would be ideal, however adopting the right tactics is a sound starting point.

Contact us at Cirrus IT Services if you want to discuss your cybersecurity in greater detail and pinpoint potential risks. We can arrange a quick, non-sales chat and figure out ways to help you.


This blog article by Cirrus IT Service is adapted with permission from The Technology Press.

Featured Image Credit: Štefan Štefančík from

The University That Was Hit by a Cybersecurity Attack (and the 6 Cybersecurity Vulnerabilities You Need to Check)

cyber security ge8cb3c780 640


Many enterprises fail to set up defence mechanisms. This means their organisation is more susceptible to cyberattacks, allowing targets to easily access their servers.

Inadequate endpoint defences can turn them into vulnerabilities, including the use of signature-based antivirus platforms. They’re no longer efficient since many tech-savvy criminals can quickly bypass them.

Additionally, many programs don’t monitor unexpected or unusual behaviour. They may also be unable to investigate or respond to endpoints, especially on larger scale.

The best way to address these issues is to invest in cutting-edge endpoint defence tools that involve next-generation antivirus, response, and behavioural analysis capabilities. They provide a comprehensive evaluation of malicious actions and flexible prevention options.

If you’re operating a traditional antivirus platform, consider upgrading it to a version with in-depth behavioural inspections. You could also use detailed compromise indicators, forensic details, and real-time response functionality.


Limiting the access privileges of your software users is the hub of controlling vulnerabilities. The less information they can access, the less harm they can do if they have a compromised account.

The problem comes if your company doesn’t control your user account access, enabling practically any user to have administrator-level privileges. It gets even worse if your configuration allows unprivileged members to set up admin-level accounts.

Therefore, you should grant access only to those team members who can’t carry out their duties without the access.

You also need to ensure new accounts don’t have administrator-level access. This helps prevent less-privileged users from creating additional privileged accounts.


registration g1ba9c5ccd 640

Your password and username may be the most widely used access credential. And cybercriminals can easily compromise them, exposing your user credentials.

This usually happens when an unsuspecting team member falls victim to phishing and enters their login information on a fake website. And with compromised credentials, an intruder gains insider access.

Even though analysing and monitoring can help identify malicious activity, these credentials can bypass security and impede detection. The consequences vary, depending on the access they provide.

For example, privileged credentials offer administrative access to systems and devices, posing a higher risk than consumer accounts.

Keep in mind that humans aren’t the only ones who own credentials.

Security tools, network devices, and servers generally have passwords to enable communication and integration between devices. Intruders can utilise them to activate movements throughout your enterprise – their access is almost unlimited.

To avoid this scenario, you should implement stringent password controls. Another great idea is to include longer and complex passwords, as well as frequent changes. Combining these principles is another effective method to prevent compromised credentials.


Cybercriminals can target inadequate network monitoring and segmentation to obtain full access to your system. This is a huge vulnerability as it enables attackers to maintain their access longer.

One of the leading causes of this weakness is the failure to develop subnet monitoring or outbound activity control

Overcoming this obstacle in a large company can be challenging if hundreds of systems send outbound traffic and communicate with each other. Nevertheless, solving the problem is a must.

To do that, you should primarily focus on controlling your network access in systems within your subnets and building robust detection strategies for lateral movements. Plus, make sure to pinpoint strange DNS lookups, behavioural traffic trends, and system-to-system communication.

Also, segmentation, firewalls, and proxies can help create restrictive policies for system communications and traffic.


Misconfiguration refers to errors in your system configuration. For instance, enabled setup pages and default usernames or passwords can result in breaches.

If you don’t disable setup or application server configuration, hackers can recognize hidden vulnerabilities, giving them extra information. It’s because misconfigured apps and devices are an easy gateway for cybercriminals to exploit.

To prevent this, establish systems and procedures to tighten the configuration process and employ automation whenever possible. Monitoring device and application settings and comparing them to the best practices also reveal potential threats across the network.


Ransomware is cyber extortion that prevents users from accessing their data until the attacker receives a ransom. They instruct the victim to pay a certain fee to obtain their decryption key. The costs can reach thousands, but many criminals also opt for Bitcoin payments.

Making sure your system is ready to address a ransomware issue is integral to protecting your data. To do that, keep your system up to date with the latest security standards as it reduces the number of vulnerabilities. Another recommended defence mechanism is to stick to trusted software providers.


Successfully running a company with poor cybersecurity measures is virtually impossible. The risk of losing precious data and reputation is just too high.

To ensure your organisation isn’t a sitting duck for cyberattacks, you must implement reliable defence strategies.

To figure out the problem with your IT, reach out to us for a quick, obligation-free chat. We’ll see if we can help you boost performance and set up an impregnable system for your business. Take a look at our services page here:

This blog article by Cirrus IT Service is adapted with permission from The Technology Press.

Featured Image Credit: Darwin Laganzon from Pixabay


Reducing Human Cyber Risk with an IT Compliance Policy – 7 Things to Consider

christin hume mfB1B1s4sMc unsplash

The business operations digital world is prone to security risks. Reducing human cyber risk is impossible without an IT compliance policy. Here are 7 things to consider.

Reducing human cyber risk in your business is more important now than ever. And it’s because most organisations now depend on digital services.

Companies rely on taking orders and receiving payments online. Even brick-and-mortar organisations utilise software for order management and back-office accounting.

In such tech-driven environments, a lack of proper security measures jeopardises the business position. If their IT systems get abused, their technology often becomes a source of negative publicity and damaging brand scandal.

At Cirrus IT Services we understand that the only way to avoid this possibility is to create a strong IT compliance policy – with a focus on training staff – to reduce human cyber risk.

This article will cover key considerations when developing your IT compliance policy.



IT compliance is more than just digital technology. It involves your people and processes. The reality is that many organisations focus too heavily on tech, resulting in failed audits due to their failure to consider the human cyber risk and the processes. This makes the compliance world more complex.

Follow the correct approach to help ensure the necessary standards.


There are the relevant laws and regulations that govern IT compliance requirements.

You can’t start your compliance process without understanding the laws and regulations applicable to your organisation.

You should also look at the controls that apply to these laws and regulations. They are the process-oriented means to adhere to your policies.

There are various industry and government standards that specify control objectives for information and related IT, standards, and payments.

These can have a massive bearing on your sector. Therefore, make sure to familiarise yourself with all relevant controls.


jason goodman bzqU01v G54 unsplash scaled

At Cirrus ITS we focus on the biggest threat to your data security by offering training for employees. Their actions can not only have a huge impact on cybersecurity, but also they can act as your first line of defence. For instance, proper software upload, controlled sharing, policies on downloads, and correct storing can all help to control critical information.

The reality is, many employees opt for insecure data transfer methods because they are convenient. They are very familiar with tools that they use for personal emails, consumer-grade collaboration apps, and instant messaging. All of these are targets for cybercriminals.

To control your business data, your employees must learn and understand where various threats originate from. They should especially understand the actions that can give rise to vulnerabilities to reduce the human cyber risk. Becoming the victim that brings down their employer is a real possibility without a mandatory IT compliance policy.

Making correct file sharing a top priority and investing in education training demonstrates the organisation emphasis of IT compliance. Your efforts can help team members to engage and adopt best practices in the field of cyber security.

In your training plan, include several key topics:

  • How insecure file transfer exposes your company to risks
  • Recognising phishing scams
  • Precautions to exercise before downloading or using applications
  • Creating, using and when to change strong passwords


Aligning IT compliance with business operations involves understanding the culture of your organisation. For example, at Cirrus IT Services we have an environment that revolves around processes NOT ad-hoc ways of doing things.

Enterprises are best off issuing in-depth policies to ensure compliance.

By contrast, companies that have ad-hoc ways require detective work to address specific risks. Auditors need to understand why you’ve deployed a particular control or decided to face certain risks.


IT environments are generally a particular type:

  • Homogeneous environments consist of standardised vendors and configurations. They’re largely consistent IT deployments with clear documentation.
  • Heterogeneous environments use a wide range of security and compliance applications, versions, and technologies.

Compliance costs are usually lower in homogeneous environments. Fewer vendors and technology add-ons provide less complexity and fewer policies. As a result, the price of security and compliance per system isn’t as high as with heterogeneous solutions.

Regardless of your environment, your policy needs to appropriately tackle new technologies, including virtualisation and cloud computing.


IT policy compliance doesn’t function without establishing accountability. It entails defining organisational responsibilities and roles that determine the assets individuals need to protect. It also establishes who has the power to make crucial decisions.

Accountability begins with senior management, the best way to guarantee involvement is to cast IT policy compliance programs in terms of organisational departments human risks instead of technology.

As for your IT providers like us, we have two pivotal roles:

  • Data/system owners – The owner is in your management team. They’re accountable for protecting and managing information.
  • Data/system custodians – Custodial roles can entail several duties, including system administration, security analysis, and internal auditing.

These responsibilities are essential for IT policy compliance. For example, auditors need to carefully verify compliance activity execution. Otherwise, there’s no way to ensure the implementation is going according to plan.


As your IT continually evolves and grows, internal auditors can review just a small number of user accounts and system configurations. Automation is the only way to ensure you can evaluate systems regularly.


Setting up your well-designed IT compliance can make a world of difference in terms of business security. It might take a while, but ultimately it keeps your business reputation intact and allows you to avoid penalties and fines.

We’ve mentioned several aspects that need special attention. And one of the most significant is your IT provider.

At Cirrus ITS, we want to live up to the potential of the tech you choose. You’re bound to face compliance issues. This can cause tremendous stress and halt your operations if you don’t get the process of human cyber risk management right..

Luckily, there might be an easy way out of your predicament. Schedule a quick chat with us to discuss your IT problems and find out how to get more from Cirrus ITS.

This blog article by Cirrus IT Service is adapted with permission from The Technology Press.

Featured Image Credit: Photo by Christin Hume on Unsplash

Stay Systems Safe with Patch Management

patch 2328289 640

In the two years since the May 2017 large scale cyber-attack called WannaCry there has been much publicity about the widespread mayhem that cyber attacks can cause across many thousands of organisations worldwide. Since that time, we’ve seen an increase in the number of organisations asking about our Managed Service. With the benefits of multiple layers of security, our customers have accurate spam filters, antivirus, antimalware, filtering, content control, firewalls and more.

Patch management is the most common type of IT service offered by managed service providers (MSPs). After all, patch management is an effective way to strengthen security. We thought it would be a good time to talk about why patch management is so important. With Microsoft end of support for Windows 7 looming, business owners will be stuck without security patches after January 14th2020.

What is Patch Management?

Put simply for anyone reading this blog who doesn’t manage IT; patch management adds changes to existing software to add up-to-date security functions. Using a patch is used to address a specific bug or cyber attack; it’s often called a fix.

Why Outsource Patch Management?

For any IT managers looking to justify spending a part of their IT budget on keeping track of addressing IT threats, patch management is vital. Depending on the number of workstations and system involved, it can be a full-time job for someone hands-on. Fortunately, a managed services provider can deliver the service remotely.

Our monitoring processes discover latest vulnerabilities every day. We receive releases of critical patches from worldwide security experts and implement patches as soon as they are available.

We know from experience that reserving work related to core business needs and business specific IT issues is best for organisations own in-house IT team.

How to Find the Best MSP for you.

Many MSP providers claim to have excellent patch management programs. We’re happy to provide proof, customer testimonials, industry certificates. And you can see from our track record of growth, that our customers refer other business owners to us.

For an MSP to trust, please do contact us for more information.

How to choose the right size Backup Solution for your Business

one size does not fit all clipart 850 354

When it comes to backups, it’s certainly not a case of one size fits all

There are so many great options available, so how do you know which is best for you and your business?

Should you be using cloud or on-site storage, image or file-based backups?

Here’s my practical, simplified guide about what you need to consider and why.

First, let me explain two critical backup measurements – Restore Point  – Restore Time. Continue reading

What is “The Cloud”?

Cloud Header Image

This phrase “The Cloud” has become so commonplace over recent years that many people are now afraid to ask what it is. As the technology is talked about all the time, most believe that they should already know all about it, so think that asking would make them look silly or uneducated.

Continue reading

Ransomware Cyber-Attack Information

It will not have escaped your attention that Friday 12th May 2017 an unprecedented large scale cyber-attack has been causing widespread mayhem across more than 150 Countries and affecting thousands of organisations, including the NHS.
This attack has been all over the news and there has been lots of differing advice passed on from multiple sources, leaving people confused and concerned.  This information is intended to help clarify the situation and reassure computer users on how they can protect themselves from becoming a victim.

Continue reading

Cirrus IT Services Extend Backup Portfolio with Nakivo Partnership

Cirrus IT Services (UK) Limited are proud to announce our new Partnership with Nakivo that allows us to add to our portfolio and to offer a new choice of backup solutions that can be tailored to your requirements based on what best suits your business infrastructure.

Whether you have a fully virtualised environment or a hybrid mixture of virtual and physical servers and desktops, we now have an option for every eventuality.


What is NAKIVO Backup & Replication?

NAKIVO Backup & Replication is an all-in-one VMware VM backup, replication, and recovery solution designed to protect VMs onsite, offsite, and in the cloud.


Download the Nakivo Backup & Replication v5.7 Product Datasheet here -> : NBR-DS


How many VMs can NAKIVO Backup & Replication protect?

NAKIVO Backup & Replication is a modular solution that can be fully installed on a single machine to protect small and mid-sized environments, as well as scale out horizontally and support large distributed environments with 10,000+ VMs.

Does the product support live applications and databases?

Yes, you can back up, replicate, and recover live VMs running Exchange, Active Directory, MS SQL, Oracle, and other applications and databases. Using the application-aware mode, NAKIVO Backup & Replication ensures that data inside VM backups and VM Replicas is consistent, and that you can recover files, application objects, and entire VMs.

Does the product support large VMs?

Yes, you can back up, replicate, and recover 500+ GB VMs with NAKIVO Backup & Replication.

Can I stage (seed) the initial VM backup or replica?

Yes, you can perform initial backup and replication to a removable media (such as a USB drive), then transfer the media to a remote location, and then run forever-incremental backup and replication jobs to that new location, thus saving time and bandwidth.

Can I exclude VM disks from backup and replication jobs?

Yes, you can choose what disks you would like to back up or replicate in NAKIVO Backup & Replication.

Does the product provide granular recovery?

Yes, you can instantly recover files and Microsoft Exchange objects directly from compressed and deduplicated VM backups without recovering the entire VM first.

How does data deduplication work?

Deduplication significantly reduces storage consumption by saving only unique data blocks to a repository. During backup, NAKIVO Backup & Replication compares each new block of data to ones that are already available in the backup repository. Only unique data blocks are written into the backup repository, while those blocks that are already available in the repository are skipped. This way one block of data can be used to recover several different VMs.

Protect your servers, workstations and laptops against viruses, spyware & other malware

ControlAntivirus provides real-time threat protection against viruses, spyware and other malware in minutes. Optimized to scan for security threats without hogging system resources or slowing down PCs – even during scans and updates.


  • › Doesn’t slow down PCs
  • Centralizes antivirus management
  • Protects against threats in real time
  • Saves time, costs and IT resources

Endpoint protection, central management

ControlAntivirus makes it easy to deploy, manage and automatically address threats on your computers from the cloud;
from scheduling scans and pushing definition updates to identifying infected machines. The small-footprint agent
installs and scans on the endpoint, so no sensitive data leaves your network for scanning.

Advanced threat detection

ControlAntivirus defends against malware threats, including zero-day threats in real–time with Active Protection™ and
other highly sophisticated detection methods: heuristics to identify new viruses and new variants of known viruses,
signatures to search for known malicious patterns in data and MX- Virtualization™ to analyze file behavior in a virtual

Real-time threat data integration

ControlAntivirus integrates with technologies which are backed by malware processing tools which analyze thousands
of threat samples daily, ensuring the definitions are always up to date.

Try it out for yourself free for 30 days and be up and running in just a few minutes:

Want to Increase security and gain control of user web browsing?

ControlWebProtect delivers extensive web security across your distributed infrastructure; protecting computers from websites pushing malware, phishing sites, proxies, spyware and adware, botnets and SPAM. With no dedicated server and no proxies to configure, the easy to use web-based management console allows you to quickly gain control of user web browsing.


  • Up and running AND protected in minutes
  • Users stay safe and productive
  • The business stays protected from legal liability
  • Puts you in control of web browsing – even for laptops on the move
  • Avoids costs or a throttled network, by staying on top of bandwidth usage

Take charge of web security

ControlWebProtect enables IT admins to manage Internet usage on servers, workstations and laptops* to effectively
protect against productivity losses and web-based security risks. This level of protection helps users avoid landing on
sites that can either get them into trouble or break down computers, which IT admins are then expected to clean up
and restore.
Whether you are in the office or on the road, ControlWebProtect you are always in control of web security, URL filtering
and web monitoring.

Increased productivity in the workforce

Time-based restrictions can be applied to limit web browsing during core business hours and Internet usage can easily
be monitored across the network or on individual computers. This helps reduce the time users spend on websites not
needed for work such as social networking sites.

Keep bandwidth usage in check

Stay on top of bandwidth usage with real-time visibility of when devices exceed bandwidth consumption thresholds.
Easily spot excess usage by device, URL or website category and quickly remediate issues to avoid a throttled network.

Simple to set-up and maintain

To simplify web security and save you time everything is controlled through easily configured policies.
Policies contain the settings needed to co-ordinate web security and URL filtering, including:

  • Blocking security categories
  • Block/Allow 80+ categories of URLs
  • Policy-based White and Blacklist URLs
  • Time-based browsing rules

With ControlWebProtect, your configurations can be quickly and easily applied across groups of computers from one central location, while still offering override options on single computers, for more granular control.
Browsing controls can be automatically and intelligently applied from install; ensuring the right protection is in place for each device type across your distributed network.

Try it out for yourself free for 30 days and be up and running in just a few minutes: