8 cyber-security considerations you won’t have thought about

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.


Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

When it comes to protecting your SME against lurking cyber-security threats, there are a number of obvious steps you’ll have probably taken already – for instance, setting strong passwords, encrypting sensitive files, installing anti-virus software and warning employees not to click links in dodgy-looking emails.

But it’s also likely that there are some key vulnerabilities that you’ve overlooked in your preparations. However hard you try, the truth is that there’s always more that can be done to safeguard your company against a cyber-attack. So, whilst it might seem like you’re fighting a losing battle, don’t be disheartened! Getting the small things right does make a difference and helps to bolster your defences.

We’ve identified some of the key hotspots for cyber-threats that tend to be ignored or forgotten about – so make sure these are on your radar!

·         Old equipment – Outdated computers and other legacy machines that are connected to the internet may still seem to function as well as you need them to, but many are no longer supported by their manufacturers. Keeping hardware and software up-to-date is vital for warding off the latest cyber-threats. So, if any tech that you’re using within your business no longer has security updates available, it’s a good idea to look at replacing it with newer versions.

·         Third-party software – The way in which software and apps are developed has evolved in recent times – third-party programmes have become favoured over those created by the vendor, and are often created using open-source tools. Whilst this method can provide greater freedom and scope for creativity, the security and testing procedures are often far from rigorous. This can open the door to cyber-attacks and leave users’ sensitive information exposed.

·         Remote workers – Flexible and remote working has indisputable benefits, but it can also be the root of some serious cyber-security issues. It’s crucial to ensure that any WiFi network used to access company files or sensitive information – including emails – is secure, and you should encourage the use of a Virtual Private Network (VPN) if public internet is unavoidable. Introducing a BYOD (bring your own device) policy – covering things like password protection, encryption and updates – is also a good idea, if employees use their own phones/tablets/laptops for work.

·         Outdated training – If high security standards are to be retained, employee training needs to keep up with evolving technology – and threats. Outdated knowledge and lapsed awareness of the security risks out there can pose a significant danger to businesses, so keep an eye on trusted sources – such as the National Cyber Security Centre website – for updates on the latest cyber-threats and advice on how to prepare your team.

·         Social media hacks/scams – It might not have even crossed your mind, but the hijacking of your company’s social media accounts could have some serious real-world impact on your wider business – most notably sales and reputation. It’s therefore a good idea to limit the number of employees with access to your accounts – ideally just one or two – to minimise the chance of a password leak or a phone being lost. You should also consider implementing a company-wide policy, to ensure that staff know never to send sensitive details via these channels, to be wary of any offers and to be careful about how much information is shared relating to internal business operations.

·         IoT – The Internet of Things encompasses a huge number of different connected devices. Appliances as seemingly innocent as printers, speakers and refrigerators now have the potential to be hacked, so being aware of precisely what items you have connected to your business WiFi network – and your home internet, if you work remotely – is essential. Many IoT devices don’t come with guaranteed long-term system support from the manufacturer, so be sure to do your research before investing in such tech.

·         Human error – At the end of the day, we’re all human, and sometimes mistakes are made. However, it’s precisely this vulnerability that many cyber-attacks rely upon directly – phishing attacks work by lulling email recipients into a false sense of security or urgency, for instance. So, it’s crucial to be aware of such social engineering tactics, and ensure your workforce is equipped with enough knowledge and understanding to remain vigilant in the face of such threats. Where cyber-security is concerned, employees can either be your most effective line of defence or your biggest weakness – it largely comes down to the training and resources they’re given.

·         Limited resources – Although there are a number of steps you can take to enhance your cyber-defences that don’t cost a thing, some investments will need to be made. Looking at the bigger picture, the benefits of paying out for a system update, some in-house cyber-security training for staff or vital software upgrades vastly outweigh the potential financial consequences of a cyber-attack. Aside from the possibility of payment details being stolen, failure to secure sensitive information relating to clients, customers, employees or anyone else could lead to some hefty penalties under the GDPR. So, be sure to prioritise cyber-security within your IT and wider business budgeting.

And remember – you don’t have to go it alone! For smaller companies and those with minimal in-house technical expertise, outsourcing IT support can be a brilliant – and cost-effective – solution. Whilst it’s important to have a good understanding of cyber-security, enlisting specialist help – instead of trying to become an expert yourself – can free up valuable time for you to focus on doing what you do best.

Our 12-step cyber-security guide is a great free resource to help boost your SME’s defences! Why not get in touch today to discover more about how we could help support your company?

8 cyber-security considerations you won’t have thought about