Success stories

Our customers come in all shapes and sizes.

We work with organisations from all walks of life, with different ambitions and requirements. Explore how we’ve helped them reimagine everyday, and align technology with their culture and business goals.

5 best practices for cloud security

What best practices will help you shore up your cloud security most effectively? In this post we explore 5 to protect your networks, data and people.
View case study >

What the financial services sector needs to know about cyber security

£2.5 billion of financial services revenue is lost every year because of cyber-attacks. Ask yourself these five questions to ensure your firm doesn't become a victim in 2021.
View case study >

Six reasons why cyber crime is increasing, and what you can do about it

Why is cyber crime increasing and what threats do you need to protect your organisation from? Find out here >
View case study >

5 best practices for cloud security

The cloud is a shared responsibility platform. This means that although most cloud technology companies provide excellent cloud security tools, it’s down to you to ensure that what you move to the cloud is secure. 

Follow these 5 best practices to strengthen your cloud security: 

  1. Identity and access control 
  2. Security posture management 
  3. Secure apps and data
  4. Threat protection
  5. Network security 

Cloud security best practices 

1: Identity and access control 

Cloud security practice number one is to “assume breach”. This means behaving as if an attacker has breached the network perimeter and you need to do everything possible to protect your data and systems. 

Identity and access control is where you can prevent attackers already instead your network perimeter from accesses the most sensitive data. Deploy the following: 

Multifactor authentication – two or more of the following authentication methods 

  1. Something you know (typically a password)  
  2. Something you have (a trusted device that is not easily duplicated, like a phone)  
  3. Something you are (biometrics)  

Conditional access – set conditions that only allow sensitive resources to be accessed in certain way. For example, blocking or granting access depending on a specific location. 

Operate a zero trust model – verify everything that wants to authenticate or connect to your IT environment. More on the zero trust model here > 

2: Security posture management 

Get ahead of the curve by prioritising and actioning recommendations to improve your security posture. This helps to get you out of reactive mode where you’re constantly responding to threats. If your IT environment is in 365 and Azure, a free Secure Score Analysis will help you understand what actions to prioritise. 

3: Secure apps and data 

A layered, defense-in-depth strategy across identity, data, hosts, and networks protects your apps and data. Use encryption for data at rest and in transit, make sure your open dependencies don’t have vulnerabilities, and remember the cloud is a shared responsibility model (so you don’t have to do everything.) 

Here’s what you’re responsible for, what’s shared and what’s down to your cloud provider: 

4: Threat protection 

Ensure threat detection is enabled for virtual machines, databases, storage, and IoT. Use a cloud provider that integrates threat intelligence, providing the necessary context, relevance, and prioritisation for you to make faster, better, and more proactive decisions. Consider a cloud-native security information and event management (SIEM) to scale with your needs. 

5: Network security 

You still need to protect your network perimeter but remember a firewall is only as good as the people who deploy and manage it! If you don’t have time to do this work consider a Managed Service that will do it for you. Protect online assets and networks from malicious traffic by deploying Distributed Denial of Service (DDoS) Protection. Use virtual networking, subnet provisioning, and IP addressing to create a micro-segmented network that is harder to penetrate. 

If you need support strengthening your cloud security, get in touch for an informal chat about your IT environment. 

What the financial services sector needs to know about cyber security

Financial services companies contribute £130 billion per year to the UK economy. A significant amount of revenue, but one that is increasingly threatened by cybercriminals. A November 2020 survey revealed that 62% of financial service providers suffered a breach in the twelve months previous, with the Cabinet Office estimating close to £2.5 billion in financial services revenue lost due to security breaches every year.

The financial services industry is an enticing prospect for attackers, and it’s easy to see why. Typically, firms hold vast swathes of customer money and sensitive data. Moreover, the documents they process regarding ongoing deals can be invaluable to competitors or enable share purchases based on ‘insider’ information. Additionally, A Varonis research report indicates that the average employee in the financial sector can access a staggering 11 million files. Almost two-thirds of FS companies additionally have over a thousand sensitive files available to every single employee – without restrictions.

  • London-registered Deloitte suffered a breach after an attacker gained access to an administrator account that sources said required no multi-factor authentication. The bank of Ireland, meanwhile, was fined €1.6m in 2020 for a series of historical breaches.

    With the mass shift to home working in the UK, the risks are continuing to rise. Since the increase in remote work, 40% of UK financial services firms say they’ve noticed a rise in cyberattacks. The hurried adoption of new technologies, lack of onsite IT support, and poor security practices are all likely to have contributed to this rise.

    5 cyber security questions to ask your CSO

    While there is no easy fix for the security challenges financial services firms face, they should, at a minimum, ensure they can confidently answer the following questions if and when they may be asked:

    1. How are we protecting our data?

    Firms must have a robust data protection policy in place for both customer and internal information. Financial services companies should have features like email encryption, multi-factor authentication, and conditional access in place, but a wider security strategy, that acts as a company-wide guide, is vital.

    2. What is our response strategy for a customer information breach?

    As well as preventative measures, employees should know how to respond in a worst-case scenario. They should assume a breach will happen at some point and be able to refer to specific incident response protocols in order to quarantine, report, and respond to threats.

    Regardless of the seniority of the employee, they should know who to contact if data is lost, who is responsible for informing clients, and when and how they should take remedial action. A widespread understanding of breach protocol will ultimately lead to less damage and a smoother recovery.

    3. Do we have a robust cyber insurance policy?

    A cyber attack not only damages reputation – it could come with fines, litigation costs, settlements, investigation costs, and more. Firms should have a good quality cybersecurity liability insurance that clearly outlines the situations it covers. If you follow the recommended security philosophy that a breach is inevitable, it only makes sense to know your insurance plan inside out.

    4. Can we prove regulatory compliance?

    Regulatory compliance is naturally essential for the financial industry, and firms should abide by the Financial Services and Markets Act (FSMA) and the Information Commissioners Office (ICO). They may also have to answer to other bodies and institutions such as the DCA, PRA, and FPC, depending on their activities.

    FS firms should be able to prove that they’re compliant with associated regulations – being able to do so makes customer data more secure and strengthens your reputation and reliability.

    5. When was our last penetration test?

    Though having strong answers to the questions above is sure to increase security and resilience, there’s still only so much businesses can do alone. Those in the financial industry should be invested in undergoing regular penetration tests to check the strength of their security and subsequently find and fix any weak areas.

    The financial services sector has historically a key victim of cyber crime, and the shift to a remote workforce is only making the sector a bigger target. Now, more than ever, financial companies must have robust data protection strategies, breach protocols, cyber insurance policies, and regulatory compliance.

    If you struggle to answer any of the above questions or would like to improve your security, give us a call.

Six reasons why cyber crime is increasing, and what you can do about it

There is a disconnect between Security and Operations within many companies, which can lead to a ‘SecOps Gap’.

In turn, this lack of coordination can lead to a loss of revenue, increased costs, and damage to a company’s brand, as well as the failure to meet regulatory requirements and big fines.

Get a free cyber security health check here >

The 6 key reasons that cyber crime is increasing are:

  1. The cost of data breaches continues, which has increased 29% to an average of $4 million per incident.
  2. Breaches caused via mobile devices.
  3. Malware embedded in legitimate applications, targeting poorly secured Wi-fi spots, stealing passwords, and more in their quest to steal information.
  4. Unauthorised products with weak security controls in the corporate cloud.
  5. Zombie servers.
  6. Known vulnerabilities that are not patched in time. 

What can you do to protect your organisation from cyber crime?

We recommend focusing on the following areas:

Security architecture: Do you know where your weak spots are? Penetration testing will help you understand where your vulnerabilities are, then deploy the right solutions to protect your network.

Vulnerability management: In an ever-changing threat landscape you can’t afford to stand still. On going vulnerability management services keep pace with new threats and identify new vulnerabilities so you can deploy appropriate solutions, or modify information security policies and procedures.

Identify & Access Management (IAM): Manage access levels and block hackers & unauthorised login attempts with a robust IAM strategy and the right tools to ensure your users can get on with work, without compromising security.

If you’re concerned about cyber security threats and the impact they could have on your organisation, book a free cyber security health check with our expert team.

Further details can be found here >

Cloud Business Logo - white
Microsoft Gold Partner Logo - Cloud Business
Cloud Business Limited
5 Elmwood
Chineham Business Park
RG24 8WG
Microsoft Gold Partner Logo - Cloud Business

2023 © Cloud Business Limited
Registered Company in England and Wales 06798438