Author: designworks

We are delighted to announce the opening of our new office in Barrow, South Cumbria.   The expansion sees System IT move into premises at the Phoenix Business Centre in Barrow, where we began operating in October. 

System I.T. operates across Cumbria and South West Scotland with offices in Carlisle and Workington supplying and maintaining computer network infrastructures through IT support and maintenance and the supply of IT hardware. 

Managing Director of System I.T. Alan Taggart comments,

“System I T have made a commitment to providing specialist IT Support to existing clients and potential new clients in the area by taking on additional staff and opening an office in the centre of Barrow. Over the last 18 months we have steadily increased the number of customers that we look after in the south of the county to the point where it now makes perfect sense to have a permanent presence in the area. As a service provider it is essential that we have the right geographical coverage and resource going forward for all of our clients.”

Whilst specialising in school support, System I.T. works across many industry sectors and offers a comprehensive range of I.T support packages for commercial businesses throughout the county.

Alan continues, “We’re excited to bring our expertise and experience of dealing with many differing types of industries and providing first class service and products to businesses in Barrow.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the EU intend to strengthen and unify data protection for all individuals within the European Union (EU). It is set to replace the Data Protection Act of 1998. The GDPR will apply in all EU member states from 25 May 2018.

It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their personal data. It also makes data protection rules the same throughout the EU. If a company is found in breach of GDPR they can be fined up to 20million Euros or 4% of their turnover.

The change has been brought about to protect people from how their personal information is stored and shared. The previous legislation came about before the start of digital marketing and the likes of Facebook sharing your information with third parties. There has also been some confusion for businesses about how to use and store data, so implementing GDPR will streamline this across the EU and set out clear guidelines for businesses to follow.

Does it apply to me?

The GDPR regulation will apply to all organisations that stores employee personal data or client/customer information and data.

Organisations will need to identify their own “controllers” and “processors” of data. A controller says how and why data is processed; for example any organisation who collects personal information (email/addresses/date of birth, gender etc.) of its staff or customers. This could be a firm of solicitors, to a builder’s merchant, a school or a charity. A processor is the person who actually processes the data, so an IT firm, a marketing company or an individual.

So, what do I need to do with data going forward?

Article 5 of the GDPR requires that personal data shall be:

  1. Lawfulness: Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Purpose Limitations: collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. Data Minimisation: Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. In other words, no more than the minimum amount of data should be kept for specific processing.
  4. Accuracy: accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Storage Limitations: kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; in summary, data no longer required should be removed.
  6. Integrity and confidentiality: Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

What do I need to do next?

The ICO has outlined 12 steps you need to take now to prepare:

  1. Awareness: You should make sure that decision-makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
  2. The information you hold: You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
  3. Communicating privacy information: You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  4. Individuals’ rights: You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests: You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  6. Lawful basis for processing personal data: You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
  7. Consent: You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
  8. Children: You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity
  9. Data breaches: You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
  10. Data Protection by Design and Data Protection Impact Assessments: You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
  11. Data Protection Officers: You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
  12. International: If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

It is worth reading their full article to help you plan and prepare.

Remember GDPR comes into force on the 25th May 2018. Don’t sit back and think it won’t affect you as it will affect every business that holds data in some way, shape or form.

If you need further guidance, please send your contact details requesting further information on the GDPR regulation to info@system-it.co.uk so that we can get back to you directly.

When it comes to IT and in particular cyber security, you often hear the phrase ‘backup’ being used. But what are computer backups and why are they important? Not everyone knows, so we thought we’d give you a bit of an explanation as to what they are and why you should think about doing them.

So, a backup is copying or archiving one or more files as a spare in case the original data is lost or becomes unusable. Data loss can be caused by a variety of things such as computer viruses, hardware failure, file corruption or theft. A system backup is the process of backing up the operating system, files, and system-specific data.

If you take a moment just to think about all the information you may have on your company computers and servers, important documents, accounts, and records there is a lot of valuable data on there that you wouldn’t want to lose. Imagine if you did? Where would you start? It could have a devastating impact on your business, so it is important to have a robust backup strategy in place.

When thinking about cyber attacks, backups are a key part of the recovery process if your data is lost or held to ransom by a malicious party. At least if you have the information backed up we can recover your systems and restore normal operations as quickly as possible. It is essential that at least one of your backups is off-site or isolated from your network so it too can’t be attacked or deleted.

Check your computer backups! Computer backups tend to run in the background and its often all to easy for an issue to go unnoticed, only to be found when you find you really need your backup. Having a monitoring or testing process in place is an essential part of the backup solution.

So, how do you do a backup? There are several ways you can back up your data and it will depend on the amount of data you have, the systems and network you have, some options are…

  • Use a storage device. This could be data tapes or USB disks but either way, it’s a physical device with a copy of your systems on. Usually, these need to be taken offsite by someone but they are low cost and reliable solutions.
  • Onsite Storage device. An Onsite Storage Device allows for fast access to recent backups without having to locate specific disks/devices. Usually, these can store an even greater history of changes for when you realise a file was deleted weeks ago and need it back. Since this is onsite however it is usually combined with an offsite copy also, using either a device or online option.
  • Online cloud storage. Another good option for doing backups is online via a ‘cloud’ platform. Cloud backups can be fully automated and offer a completely scalable solution however much data you have. By automating this process and removing the need to rely on someone swapping disks to provide your offsite backup, you can be confident your offsite backup really is offsite and available when it’s needed.

Find out more about our computer backup and cloud storage support.

If you need any more help or advice please feel free to call one of our consultants on 01228 516555.

The GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.

With this in mind, System I.T, Burnetts Solicitors, Quality Guild and Harrison and Hetherington Insurance Services have joined forces to host a FREE breakfast seminar on Wednesday 11th October, which aims to assist Cumbrian businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

  • Brian Lightowler from the Quality Guild will start off the event with a presentation to help delegates understand what the GDPR act is and how it will affect businesses after its introduction in May 2018.
  • Vaughan Jones from Burnetts will look at the pro-active measures businesses can take including having the right contracts in place, encryption, compliance with the new General Data Protection Regulations, data breaches and liability if the worst happens.
  • Stephen Ward from H & H Insurance will discuss the need to have adequate insurance cover for data protection should the need to make a claim arise.

Booking Essential

This free event takes place 8.45am – 10.00am on Wednesday 11th October at System I T with bacon sandwiches and coffee being served from 8.15am.

Pre-booking is essential – places can be booked by calling Laura Prudham on 01228 516555 or by emailing events@system-it.co.uk

We are hearing more frequently about the threat of cyber attacks.  Particularly in the last couple of months, there have been two significant attacks on the UK; one on the NHS in May and one on some of the world’s largest organisations at the end of June. 

The very words “Cyber Attack” conjure up all sorts of notions of what they actually are and do.  We get many calls at System I.T. from worried customers making sure they’re going to be OK.  Our answer is generally yes because we know that we have sufficient protection in place for these businesses, but what if you’ve not really addressed this issue before?  What if you’re a sole trader working from home, or running a small business.  How do you know if you’re safe and what steps can you do to protect yourself?

We thought it may be useful to give you some clear information about what cyber attacks actually are and the steps you can take to protect your business no matter how large or small.

 What is a Cyber Attack?

A Cyber Attack is a socially or politically motivated attack, which is carried out via the internet.  These types of attacks can target the general public (you may have heard of data being stolen), public or private organisations.  They are carried out through the spread of malicious programs or viruses, people setting up fake websites or sending scam emails.  The aim is to steal personal data or business information, which can cause detrimental damage.

You may have heard of one of the latest cyber attacks, known as “Ransomware” this is a malicious program that locks a computer’s files until a ransom is paid.

Should you be worried?

Cyber crime and these types of cyber attacks are becoming more commonplace and there is no sign of them going away, but becoming more sophisticated and detrimental to businesses.  Many of the newer cyber attacks target your personal computer as well as networked computers in businesses.  Therefore it something that everyone; not only business owners or IT departments should be aware of and take the necessary precautions to protect your hardware and personal data.

Many small businesses might take the view “it won’t happen to me”, but it poses a real threat; we just don’t hear about all the cyber attacks on small businesses compared to larger organisations.  Hackers are just as likely to attack small businesses, as they know that often there is no cyber security in place, or they won’t think it will happen to them – making them an easier target. 

How you can protect yourself and your business

  1. Updates:  One of the recent cyber attacks infected computers running Windows operating systems.  Updating your system is one of the most important things you can do.  The updates address any security vulnerabilities in their existing software helping you stay safe.  Using a computer that you haven’t updated is like leaving your front door unlocked and inviting intruders in! Your computer will automatically receive updates if you are working with a supported Microsoft operating system such as Windows 7 or later versions.
  2. Firewalls:  A firewall is like a security system for your computer, which controls the data coming in and out to prevent unauthorised access.  Ensure you have one install on your computer to help reduce the chances of a cyber attack.
  3. Anti-virus software:  Alongside your firewall, you should think about installing antivirus software on your computer. The firewall will protect against hackers, but the antivirus software helps protect your computer against viruses and malicious software programs.   
  4. Email Filtering: In addition to your anti-virus software you should also have some form of email filtering in place. This helps remove spam/virus emails before they reach your computer.
  5. Keeping your guard up:  Many ransomware attacks come in the form of emails.  Many of these attacks are reliant on the end user activating it i.e. clicking a link, or opening an infected attachment.  Keep your wits about you when it comes to trusting the content in a document and always question whether it is genuine or not. 
  6. Educate staff:  On that note, it is important to educate staff members about what to look for as well.  Ensure they know the signs to look out for in emails and back up their work as well to prevent any attacks.
  7. Back up your data:  Having effective backups of data on an external hard drive or cloud-based service is advisable.  If you get ‘locked’ out of your system, at least you will still then have access to all your data and business can continue.
  8. Plan:  In the absence of an I.T. team or a company like System I.T. on hand to help it might be a good idea to have a plan in place, should a cyber attack occur.  Think about all of the above and implement them sooner rather than later.
  9. Cyber Essentials: Sign up for the Government backed Cyber Essentials programme that will show you how your Company can protect against Cyber Attacks.

https://www.cyberaware.gov.uk/cyberessentials/