Draytek Security Notification – DNS Web Interface Attacks

Users of Draytek routers are vulnerable to a Zero-Day attack unless updating to the latest firmware release which addresses the security flaw. DrayTek announced that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.

Clients using Draytek routers should get in contact to arrange firmware updates on their equipment – clients on our managed IT service contracts have already had these firmware updates applied and need take no further actions.

Further information can be found at www.draytek.co.uk

EU General Data Protection Regulation (GDPR)

An Introduction to the GDPR

The EU General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. It affects all organisations that hold personal data on EU citizens, regardless of where the organisation is based in the world. Implementing a data protection strategy that includes encryption and anti-malware security is vital. GDPR contains a whole range of new rules that companies may need to enact for proper compliance, as there are strict fines for non-compliance. Your business may be fined up to 4% of global annual turnover for your previous financial year or 20 million, depending on the larger amount.

How will GDPR affect my business?

Whether you’re a family bakery storing a list of local delivery addresses, or a multinational selling globally online, the EU’s General Data Protection Regulation almost certainly applies to you.

Loosely speaking, any organisation that holds data about any resident of the EU is expected to comply.

GDPR was adopted as an EU law in April 2016 but will take effect in May 2018. Amongst other things, GDPR deals with the data you collect in the first place, how you tell people what you are going to do with it, what you actually do with it, how you store it securely, whom you allow to access it, and – the part that seems to attract the most interest and attention – what happens if you fail to comply. Falling foul of GDPR means the possibility of a fine, and GDPR fines can go significantly higher than most laws that existed around Europe before GDPR came in.

GDPR will standardise data protection across the EU; if you do business in Europe you almost certainly need to comply; the law may seem onerous, but in a world with as many breaches as we have had in recent years, GDPR seems like just the sort of regulation we need; and you can expect to end up in hot water if you don’t comply.

GDPR applies and will continue to apply in the UK even post Brexit as the current UK government plans to pass a legislation that will essentially mirror the EU GDPR.

What do I need to do?

    1. Be aware. It’s not enough for CEOs, IT staff and compliance officers to be aware of what GDPR requires. Employees from the top to the bottom of an organization need to be extensively educated on the regulation’s importance and the role they have to play.
    2. Be accountable. Companies must make an inventory of all personal data they hold and ask the following questions: Why are you holding it? How did you obtain it? Why was it originally gathered? How long will you retain it? How secure is it, both in terms of encryption and accessibility? Do you ever share it with third parties and on what basis might you do so?
    3. Communicate with staff and service users. This is an extension of being aware. Review all current data privacy notices alerting individuals to the collection of their data. Identify gaps between the level of data collection and processing the organization does and how aware customers, staff and service users are.
    4. Protect privacy rights. Review procedures to ensure they cover all the rights individuals have, including how one would delete personal data or provide data electronically.
    5. Review how access rights could change. Review and update procedures and plan how requests within new timescales will be handled.
    6. Understand the legal fine print. Companies should look at the various types of data processing they carry out, identify their legal basis for carrying it out and document it.
    7. Ensure customer consent is ironclad. Companies that use customer consent when recording personal data should review how the consent is sought, obtained and recorded.
    8. Process children’s data carefully. Organisations processing data from minors must ensure clear systems are in place to verify individual ages and gather consent from guardians.
    9. Have a plan to report breaches. Companies must ensure the right procedures are in place to detect, report and investigate a personal data breach. Always assume a breach will happen at some point.
    10. Understand Data Protection Impact Assessments (DPIA) and Data Protection by Design and Default. A DPIA is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It will allow organizations to identify potential privacy issues before they arise, and come up with a way to mitigate them.
    11. Hire data protection officers. The important thing is to make sure that someone in the organization or an external data protection advisor takes responsibility for data protection compliance and understands the responsibility from the inside out.
    12. Get educated on the internal organisations managing GDPR. The regulation includes a “one-stop-shop” provision to assist organisations operating in EU member states. Multinational organisations will be entitled to deal with one data protection authority, or Lead Supervisory Authority (LSA) as their single regulating body in the country where they are mainly established.

You can read the full legislation text here – NB 261 page PDF.

Web and email hosting platform upgrades

Web hosting server

We are currently embarking on an upgrade to our existing high performance web hosting and email service. This work, scheduled to be completed over the coming weeks will ultimately improve further our service delivery and commitment to both our new and existing client base.

Our standard web hosting package is being redesigned to offer a range of value added services starting from an amazingly competitive price of only £90.00 + VAT per annum.

Standard features include:

– Unlimited blisteringly fast 100% SSD storage.
– Unlimited bandwidth – no restrictive monthly quotas to worry about.
– Online customer control panel meaning you can administer your services online 24/7 including mailbox password resets etc.
– 1GB MySQL databases on load balanced auto scaling cloud servers.
– Unlimited 10GB mailboxes with outgoing SMTP mail, antivirus and spam protection as standard.
– SSL certificates provided as standard at no additional cost.
– UK based data centre manned 24 x 7 connected by multiple ISP 40Gbps connectivity.
– 30 days backup of your website + MySQL database stored as standard.
– Fanatical support – access to our team of experienced staff.

Your service will automatically be migrated over the coming days and weeks however should you have any questions or concerns please do not hesitate to contact us. We will also be updating our support articles and knowledge-base to reflect these changes.

Our domain registration and management services will also be migrated to this new platform – however clients should notice no impact to services. Renewal fees will be as follows and are charged on an annual basis unless otherwise specified:

– .co.uk, .uk, .org.uk   £20.00 + VAT
– .com, .net, .org, .info, .biz  £25.00 + VAT
– .scot, .co  £40.00 + VAT
– .ws, .property, .ws £45.00 + VAT

Please note as always – we require 45 days written notice prior to any renewal date should you require to cancel a domain registration otherwise renewal will happen automatically.

Microsoft raise pricing following fall in value of pound sterling

microsoft_storefront

Microsoft have this week raised pricing in response to Brexit and the fall in the value of the pound. The new pricing will come into effect on January 1st 2017 and will affect cloud and on premise products and services.

The changes come as a result in the weakened value of the pound which has dropped significantly in the months following June’s Brexit vote result. Microsoft said pricing has been altered to bring its product and service pricing inline with euro levels.

As a result the following pricing will apply to all renewals and new licensing for the following cloud services (annual plan pricing):

Microsoft Exchange Online Plan 1 – 1 year / 1 user license : £39.00 + VAT
Microsoft Office 365 Business Essentials – 1 year / 1 user license : £49.00 + VAT
Microsoft Office 365 Business Premium – 1 year / 1 user license : £119.00 + VAT