Introduction
How a cloud migration strengthened data compliance at Thompson Taraz
The Client
Thompson Taraz is one of the UK’s leading fund services groups and has been supporting real asset fund managers for over 30 years. Fund services provided by Thompson Taraz include Full Scope Authorised Investment Fund Management and Depositary services as well as Custody and Nominee shareholder services and Fund Administration.
Thompson Taraz’s focus is on being adaptive and flexible to their clients needs and is in a period of growth. There is an increasing focus on new business development within the company and a high level of internal skill has driven specialisations. By drawing on a wealth of accounting, auditing and business advisory specialists, Thompson Taraz not only complies with financial regulations but adds value to their clients’ strategies including Property, Infrastructure, Debt, Venture Capital, Private Equity and Energy.
The Challenge
Thompson Taraz had a robust but aging on-premise infrastructure consisting of two physical host servers and virtualised storage, which was broken into eight virtual servers, each performing a different task (running their line of business applications, storing their files, running their network etc.).
The business is regulated by the UK Financial Conduct Authority (FCA), and information security is a top priority. In recent years, the FCA – and the Financial Services industry in general – has started to recognise cloud hosting as a more secure option to on-premise solutions.
To keep up with industry recommendations, and to enable better collaboration with their employees and customers, a migration to the cloud – including Microsoft 365 Services and Azure Cloud Services – was added to the business’s roadmap as part of our Digital Business Strategy process. However, when the COVID-19 pandemic hit, plans for this migration were fast-tracked because remote working proved difficult on their existing infrastructure.
The Solution
We broke down the migration into three key phases, which allowed for a gradual changeover for the different parts of their infrastructure.
Phase One
The first phase involved the introduction of a hybrid cloud setup to start off the transition. We implemented resilient cloud servers to run the network, which were hosted in Azure and our data centre. We also developed a plan for the deployment of SharePoint, OneDrive and Teams based on Thompson Taraz’s business requirements.
Phase Two
In the second part of the project, we created a SharePoint and Teams environment based on the agreed design. We also deployed and configured the system and information security features of the Microsoft 365 Business Premium license to fit with the industry’s strict requirements. In preparation for the data migration, we implemented a 365 backup solution to protect data.
Phase Three
The final stage of the project involved the migration of their line of business apps to a cloud hosting platform, as well as data migration from the legacy file servers to SharePoint. Backup systems and policies were tested, and a second cloud domain controller was set up.
"The cloud migration project has helped transform our business. Keeping our customer’s data secure is a top priority for us, and with our new Microsoft-powered cloud infrastructure, this has never been easier to manage. Plus, these new foundations have made a whole host of innovative solutions possible, enabling us to grow our business by staying ahead of the technology curve."
Martin Heffernan, Chief Executive Officer - Thompson Taraz
The Outcome
The project has provided significant benefits to many areas of the business, as well as aiding simple remote working – something which was much harder on the old infrastructure.
Cyber Security
Their IT cyber security defences have been improved thanks to Microsoft Defender for 365 – which helps to block to spam and phishing emails, and scans attachments and links to check for anything malicious before giving the user access.
Data Security and Compliance
Data security, which is crucial for their sector, has been solidified by Azure Information Protection and Microsoft Intune – paired together, they are a powerful tool for classifying and protecting data to ensure that the most sensitive information never leaves company devices. Compliance for ISO 27001 re-certification has also been made simpler thanks to the implementation of Azure Information Protection.
Costs
The migration has meant significantly reduced capex. There’s no spending money on replacement parts or warranty renewals for their on-premise servers – everything is covered with a low monthly cost for hosting their data and applications in the cloud.
Innovation
The old on-premise platform made it difficult for the business to innovate and adopt intelligent new solutions. But with the migration to Azure and 365, we have helped them pave the way for growth-enabling innovations. Thompson Taraz are now supercharging their business using SharePoint, Teams, Power Automate and Power Apps.
For example, Emerge Digital are working on a new file management process using SharePoint. This will be a simple system for employees and partners to request access to certain files and folders. Managers can approve or decline these access requests, to make sure data is only ever shared with the people who need it.
Tom Henson, Managing Director of Emerge Digital, highlights 10 ways to keep your remote workforce – and your business – safe from a cyber attack.
Since the start of the pandemic we were encouraged to stay at home and stay safe, but how often did we stop to consider how IT cyber security factored into our new flexible working practices?
It’s understandable that as everybody rushed to enable working from home, concerns over cyber security weren’t always a top priority. While a lot of money and time has been spent protecting the IT inside our office including firewalls, network security, device updates and even physical security to protect server rooms, when staff started working from home a lot of these security measures were gone. Employees are no longer in that security bubble, so they – and your business – became an easier target for cyber criminals.
61% of businesses are estimated to have issued work devices to employees.
65% of those businesses did not deploy any new antivirus solutions for those devices.
We have seen an increased demand for our IT cyber security services, which is unsurprising when you hear that while 61% of businesses are estimated to have issued work devices to employees, amazingly in the rush to distribute them, 65% did not deploy any new antivirus solutions for those devices.
The cyber criminal has seen a weakness and they have targeted it. But with some good cyber security services, there are ways to protect your remote workforce, and your business from this increase in malicious cyber attacks.
1. Create a secure connection
A Virtual Private Network (VPN) is nothing new to many remote workers. It’s almost like connecting a cable from the machine in your house all the way back to the office. Everything going in and out of that machine goes through the office firewall, which is a great way to protect that machine, and your business, from the wider world. As businesses move to a fully hybrid working model they won’t have a physical network to connect back to, but there are a number of cloud IT services and cyber security services that offer an enhanced level of security.
2. Scan and secure email and establish a healthy email practice.
33% of cyber attacks get in via email. Typically, staff members are tricked into clicking links that they shouldn’t, which then either try and extort passwords, or deploy malicious files. The good news is there’s a lot of technology that can help. Microsoft Defender for Office 365 (formerly Advanced Threat Protection) in the suite of Microsoft 365 services, for example, is an easy to use tool that helps scan links or attachments for malicious content or potential viruses. This example of cloud IT services can help reduce the likelihood of threats getting in, but also remind people to watch out for these threats and be mindful of what they’re clicking on.
3. Enabling web filtering
When somebody clicks a link that is designed to do something malicious, like taking them to a malicious website, web filtering can really help reduce the likelihood of that threat executing. It stops staff stumbling upon a site that is going to try and infect their device or network.
4. Protect your company data
Big data allows organisations to capture, store and utilise so much information, while Power BI allows us to visualise it in new ways. But the more we collect, the more we can lose. As companies migrate to the cloud, they can share data through cloud platforms like Office 365 or SharePoint, but without those tools and a secure cloud firewall, remote staff will find alternative ways to share data and information that are potentially unsafe. Providing a way to safely and securely share information and data that is accessible by a remote workforce can prevent these unsafe practices.
5. Don’t use USB sticks
This seems to have dropped off the radar somewhat in recent months, but bringing USB sticks into a business is largely unsafe and something that should never be encouraged. People saving information from a home PC on to a USB is one of the easiest ways to share a virus. They may not know that their home PC is infected with a virus, they put the USB stick into their work machine to copy the files and potentially the virus is in.
6. Keep devices up to date
When a software company like Google or Microsoft release a security update, the criminals can compare the old version with the new version and see where the holes that the security patch is trying to plug are and they can exploit it. They also know that their virus will work for years to come because many people don’t keep their machines up to date. So keeping devices up to date is one of the easiest ways to reduce the likelihood that you will be exposed to threats.
7. Encryption
If a work device is being used at home, it is at greater risk of being stolen, lost or falling into the wrong hands. Encryption makes sure any information or data on that device cannot easily be accessed. This is particularly important if you store personal or identifying data about others.
8. Take greater control of mobile devices
Nowadays, if staff have installed the required software and are connected to your company systems, their mobile devices have access to as much data as a laptop or desktop. Your choices are either not to let people use mobile devices, which is restrictive, or use them but make sure that you keep those devices secured in exactly the same way as you would a business laptop.
9. Look out for shadow IT
Shadow IT is where, without access to the necessary software, staff find alternative platforms to help them complete their work. They think they are working smarter or faster, but these platforms are outside of your control, which means you have no way of knowing if they are secure or not.
10. Reporting security issues
Making sure employees have a way to report security issues – and feel safe doing so – will ensure the impact of a cyber attack is minimised. Often the types of attacks are not particularly sophisticated, but they are designed to trick people into doing things they wouldn’t normally do. But if a cyber breach is reported quickly, normally, it can be stopped before any damage is done or the damage is at least minimised. If people make a mistake but don’t report it and it’s left to run then clearly the, the damage could be far greater.
Introduction
Ready or not, almost overnight, millions of organisations were forced to enable remote or flexible working to keep their businesses going.
In the build up to the first lockdown in March 2020, some businesses were able to seize the moment and prepare for a future workplace that allowed colleagues to continue working seamlessly from their homes. Many, however, were unable to complete their move to a home working business. Millions of businesses weren’t prepared for the initial lockdown, but even a year on, is your business ready to support a long term remote or hybrid working model?
Tom Henson, Managing Director of Emerge Digital, highlights where some businesses came unstuck.
1. Connectivity
Poor internet connection kills home working before it’s even begun. Thankfully, the majority of us do have decent internet connections, but there are still many that don’t. And it’s not just poor connection; during the pandemic, as families all consumed online content from Netflix, TikTok, and games consoles by the terabyte, the bandwidth of many a home connection was stretched like never before.
2. Suitable working spaces
Long term home or flexible working might be a perfect solution for somebody who’s got an office or a dedicated workspace, but for those working on the kitchen table, the bed, their lap or those that are co-habiting with parents, partners or friends all vying for the one decent chair and flat work surface, it was a different story. Not everyone had a suitable, ergonomic chair, with a desk and monitor set at the right height. Not every company was able to think about this when they were scrambling to make working from home possible.
3. Having the right tech and tools in place
Technology has played a key role in enabling continued communication and home working, but we know that poor technology or lack of infrastructure was one of the biggest barriers to effective remote working. Over the last 18 months, cloud-based communication, collaboration and employee-facing technologies have become increasingly prevalent, but this sudden large-scale remote-working migration will definitely surface additional lessons learned — and opportunities for further improvement.
4. Work from home policy
Without precedent, so few employee handbooks had an effective working from home policy. An IT misuse policy was relatively common place, ‘don’t do anything illegal on a computer that your employer gives you’ is pretty standard advice. But during the pandemic, perhaps for the first time, businesses needed a video meeting policy that stipulated whether cameras were on or off and whether employees used a branded company background rather than having their washing in shot. But it also brought into focus the meeting cancellation policies or the route to escalate technical issues to their remote IT support team.
5. Planning for the future
I think the pandemic caught out a lot of organisations that had let their IT infrastructure plans stagnate. IT Business continuity and resilience planning have not always been a priority and many organisations weren’t proactively addressing their future business’s technology strategy. If you had servers on site, hosting business critical applications that were running behind locked doors, then Covid was a nightmare. As an managed IT services provider, we offer cloud-first business solutions, so have migrated the majority or our client’s on premise solutions to the cloud. Cloud IT services provide flexibility and platforms that allow you to work from anywhere, anytime.
6. Train your staff on your tech
There’s no point having all the right technology – giving colleagues access to the right platforms and turning on latest functionality – without enabling your staff to get the most out of them. A lot of organisations may have been able to swiftly migrate to a cloud solution like Microsoft 365 but their staff received no training on what it offered. Having the tools is useless unless you know how to make the most of them.
7. Automate manual tasks
Many organisations took the approach of replicating their office processes as they enabled staff to work from home. They missed a trick by ignoring the opportunity to update or automate some of the older, more manual processes. We use the suite of tools in the Microsoft Power Platform to automate many repetitive tasks for clients but a remote organisation also has a great opportunity to become a paperless environment. Everything is possible online; work can be accessible, colleagues can self-serve and processes can evolve and not be reliant on a paper-based or manual model.
8. Update to cloud telephony systems
Lots of organisations still use traditional phone systems that require physical phone lines running in and out of the building and having phones on desks. How do you deal with that when people are working at home? You can’t take the phone home – it just doesn’t work. We have helped clients migrate to a cloud telephony platform, which uses a standard internet connection and enables the phone system to work without the physical infrastructure. Everything stays the same – nothing changes apart from how you access it.
The office of the future
I think we all expect that the future of work to include some kind of flexible or hybrid working models. Some people will want to return to the office, but the vast majority will prefer to work remotely some of the time, but with opportunities to come together and meet colleagues.
In the workplace of the future, the office may just become another building with an internet connection. It may represent a meeting place rather than a desk space. In this scenario, you may not even need an office firewall because if you set up your portable and mobile devices to be secure, protected and flexible when they’re being used at home, then actually, when you’re in the office, you don’t need anything other than somewhere to sit and somewhere to plug in. It’s irrelevant really whether you have an office, or work at home or in a café, a properly secured device will work from anywhere.
Adapt to a more flexible working model
The Covid-19 pandemic has underlined the importance of business continuity, resilience and recovery planning for large scale events. While productivity needs to be maintained, cyber security threats have increased and the wellbeing of a workforce needs to be closely monitored. Few could have predicted the scale of the impact of Covid-19 but now is the time to review your infrastructure and technology plans and adapt to a more flexible working model.
Flexible Working Solutions for your business
To find out how Emerge Digital can help implement solutions into your business which transform how your hybrid workforce operates, get in touch with us today!
Introduction
At one time, IT cyber security only seemed to be a concern for larger companies. It was most profitable for hackers to target firms with large profits, a huge bank of customer data, and large sums of cash that they could pay in the event of ransomware attacks.
And, while attacks are still common against large businesses, it’s small businesses that are most at threat from cyber security threats in the present day. With less security architecture and smaller IT teams, small business owners urgently need cyber security solutions that cover the entirety of the threat landscape in the 2020s.
Four Reasons Why Small Companies Need Cyber Security
Small businesses need cyber security to protect them in the event of a data breach, a cyber attack, or other security risks. Here, we’ll look at the four most important reasons why small businesses require smart and sustainable security solutions for the long term.
Protect Your Business
If you’re wondering how important is IT cyber security to small business, you’ll just need to look at some of the firms that have suffered with low protection in recent years. Those that have operated without the kind of cyber security protection offered by Emerge Digital have found themselves targeted by hackers and data thieves, leading to a loss of data and use disruption to their firm. Those with adequate IT cyber security measures have avoided these difficult, damaging and sometimes disastrous cyber threat events.
A smart cyber security partnership with a firm that you can trust to look after your data, look out for potential cyber threats, and secure your anti virus software, will help to alleviate the stress of operating a firm online in the digital age. Protection is your number one priority when it comes to your IT infrastructure and it should also be compliant with data protection laws and infrastructure protection to keep your firm going no matter what.
Find out how Emerge Digital can help secure your business
Increasing Need
The problem with cyber threats is that they develop over time. As cyber security becomes more sophisticated, so too do the threats that this security aims to protect against. In this pitched battle between the protectors and the attackers, there are often successful attacks that slip through. This is how businesses increasing need for cyber security remains incredibly important today.
To help you understand and protect against these developing threats, you should look to a managed security provider like Emerge Digital. Our team have worked in this space for years, responding to emerging threats and adjusting our approach so that the firms that we work with are always up to date when it comes to their software protection and the advice that we offer to your digital teams.
Smart Management
Small businesses and individuals often believe that downloading a cyber security software package will be enough to protect their personal computers or their business laptops from security incidents. Unfortunately, this approach is often simply inadequate when it comes to responding to the sheer volume and diversity of threats in the online space, and to protect your business properly, you need a managed approach. UK businesses deserve better from their cyber security, and that’s what Emerge Digital aims to offer: smart, helpful, reliable cyber security services. If you’re wondering how do we manage cyber security in a small business, talk to one of our expert advisors on the phone, email a query, or explore our website for case studies of the fine work we’ve achieved in the past.
Lack of Resources
At Emerge Digital, we’ve worked with small businesses for years. We know what makes firms like yours tick and we know how your resources are balanced finely in your quest to secure high profits year after year. We know, too, that it’s simply impossible for you to pay a full IT team in-house to protect your business from cyber threats. Local businesses simply don’t have the resources and that’s why our IT support business is proud to serve the small business community in the UK.
Our approach is tailored around the digital infrastructure that your business maintains. Whether you’re selling products online, maintaining a digital ordering system, or using customer and company data to refine your sales strategy, our security measures will help you to continue doing business with confidence. Small, local businesses might look like an easy target for hackers who are looking for a quick win through phishing, data acquisitions, or cyber threats, and that means it’s incredibly important that you partner with a managed IT services firm that can help you deal with cyber threats across the digital world.
Conclusions
These four factors should help you to reconsider your firm’s cyber security. At Emerge Digital, we’re happy to talk further with you about the cyber threats we see small businesses falling foul of across the UK, and what we can do to guarantee your firm protection from this disruption in the future.
Introduction
A managed security service provider is a trusted company that protects your valuable business assets from ever-escalating IT security threats.
Offering a robust and resilient cyber defence is critical for any company.
According to the latest UK government research, the average cost of an attack is more than £9,200, with many costing significantly more.
The 2018 Cyber Threat to UK Business Industry report, commissioned by the UK’s National Cyber Security Centre and the National Crime Agency, details how risks to businesses continue to grow.
Over 40% of UK companies and two in ten charities have suffered a data breach or cyber attack in the last 12 months.
The most common form of attack was fraudulent phishing emails, typically employed by hackers because it is so simple.
If an attacker can spoof your management or customer email addresses then it is relatively easy to tempt your staff into opening an unsafe attachment containing fast-spreading malware or viruses.
The impact of accidentally downloading malware onto your company’s network can be immediate and catastrophic.
Other common attacks include thefts from cloud storage, ransomware and cryptojacking, a browser injection hack where computer power on a network is hijacked to create cryptocurrencies like Bitcoin.
A basic cyber security stance is no longer enough, but most attacks can be repelled by organisations which prioritise their defences with managed security services.
Time to get proactive
If you aren’t proactive about protecting yourself, the government’s own assessment says that it’s only a matter of time before you are targeted.
If we look beyond official government figures, the numbers become even more sobering.
A staggering 92% of 250 UK companies surveyed by Carbon Black in September 2018 admitted they had been breached. 91% said attacks on their IT systems were now more sophisticated. The frequency of attacks is also rising: 44% said they have been attacked between three and five times in the last 12 months.
There is a public crisis of trust in institutions’ ability to keep their data secure. With this in mind, businesses need to shift focus away from reactive observation and towards active defence.
The best managed security service providers will not only monitor incoming threats, but also profile potential attack vectors and weak points in your cyber security systems, minimising potential damage and allowing your business to recover from an attack as swiftly as possible.
Financial pain is just the beginning
In a world where large scale data leaks continue to dominate news headlines, insecure products and businesses will not survive against their competitors.
Looking beyond your balance sheet there is also the embarrassment of explaining to customers how or why their data has been compromised.
Reputational damage can be longer-lasting and wider-reaching than the initial intrusion into your systems.
Supermarket chain Morrisons, for example, will face ‘vast’ compensation costs for a data breach from 2014 in which salary and bank details of 100,000 workers were stolen and leaked to the press.
Morrisons argued they could not be held liable for the criminal misuse of employee payroll data, but in October 2018 lost a High Court bid to dismiss the charges.
The onus is now on companies to take control of employee and customer data.
Managed security services can help by offering proactive cyber defences, employing specialist teams with dedicated account managers feeding back information to you on a daily basis.
Who is at risk?
Hackers continue to find new and innovative ways to bypass traditional security systems, simply because the rewards are so lucrative. Whatever sector you operate in, your business information is extremely valuable.
Personally identifiable information such as credit card or bank account numbers, full names, home addresses, dates of birth can all be sold on to criminals.
There are stiff penalties for companies who do not take threats seriously enough.
Unlawful sharing or storing of this information has become more closely watched with the implementation of GDPR, the General Data Protection Regulation. This EU ruling came into force on 25th May 2018. Businesses that fail to abide by the laws or fail to secure customer data can face fines of up to €20 million or 4% of annual revenue.
The value of data rises in certain industries, too. Credit card information is regularly up for sale for around £5 on the dark web – illegal online marketplaces which buy and sell illicit data, often trading in untraceable cryptocurrencies.
Health data in particular is a goldmine if stolen and sold on, simply because it contains so many data points on an individual. A review by Kennedy’s Law suggests that stolen medical data is often worth 10-20 times more than credit cards on the black market, in the region of £63 per record.
Medical databases taken from healthcare facilities often involve many thousands of unredacted and plaintext patient records which show personally identifiable information including names, National Insurance numbers, phone numbers, gender and age.
One of the largest healthcare data breaches to date saw a single hacker swipe 655,000 patient records from institutions in Missouri and Georgia by exploiting a zero-day vulnerability in a remote desktop protocol, which would normally allow authorised IT technicians to remotely control computers for tech support. This tranche of data was put on sale for 643 Bitcoin (approximately £3.1 million).
How to choose a managed security service provider
The best managed security service provider will work with you to build strong security to protect your business intelligence and customer data.
They should:
- Take a target-hardening approach: criminals will focus on the easy victims first
- Devise and test your cyber resilience strategy
- Promote proactive defence as well as passive monitoring
- Have dedicated account managers offering world-class service
- Offer reliable daily information feeding back to you about the threats facing your business
- Employ elite teams with closely-focused skills in dedicated areas, for example in threat detection or network penetration testing
- Participate in interactive scenario planning
In short, your managed security service provider should be extremely well organised and dedicated to building a deep, fully engaged relationship with your company.
