Resilience 24

Explore the key areas of IT resilience with Air IT

Our team are ready to support you achieving IT resilience in 2024. Contact us now to request your assessment across the 8 critical areas of Resilience 24.

Contact us

• 1. Access Management

  Securing and protecting access to your data and applications is essential. With ever-increasing computational power, passwords are becoming less secure. Therefore, it’s critical that your access management is as secure as possible.

  Multi-Factor Authentication (MFA), which adds an additional layer of security by requiring users to verify their identity through multiple methods, combined with Conditional Access, which dynamically adjusts access based on predefined criteria, can significantly reduce the risk of unauthorised access to sensitive accounts or information.

  Here’s why implementing the latest generation of MFA is essential:

  1. Enhanced Security: MFA provides an additional layer of security beyond just a username and password. By requiring multiple factors to authenticate a user’s identity, it significantly reduces the risk of unauthorised access, even if one factor (such as a password) is compromised.
  2. Protection Against Password Attacks: Traditional authentication systems rely solely on passwords, which can be vulnerable to various attacks such as brute force attacks, dictionary attacks, or phishing. MFA mitigates these risks by requiring additional factors, making it much harder for attackers to gain unauthorised access.
  3. Compliance Requirements: Many industries and regulatory bodies mandate the use of MFA as part of their security standards. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires MFA to protect sensitive data.
  4. User Convenience: While it may seem like an inconvenience to users to provide multiple authentication factors, MFA can often be more convenient than dealing with the fallout of a compromised account. Many MFA methods, such as push notifications or biometric authentication, are quick and easy for users to use.
  5. Risk Management: MFA helps organisations manage the risk associated with unauthorised access to systems and sensitive data. By adding an extra layer of authentication, organisations can reduce the likelihood of successful attacks and mitigate potential damages.

• 2. Email Security

  With phishing attacks becoming more and more sophisticated and targeted, aiming to expose user credentials, it’s critical that your email security is as robust as possible for both receiving and sending emails.
  

  Implementing email security solutions such as anti-spam and anti-phishing measures to protect the emails you receive, in conjunction with email authentication measures such as DMARC, SPF, and DKIM to protect against email spoofing, can reduce the risk of email being the weak point in your security posture..

  Here’s why implementing email security solutions is essential:
  

  1. Data Protection: Email is a primary means of communication for businesses, often containing sensitive information such as financial details, client information, and intellectual property. Email security measures help protect this data from unauthorised access, interception, or leakage.
  2. Phishing and Social Engineering: Emails are commonly used as a vector for phishing attacks and social engineering scams. These attacks attempt to trick users into revealing sensitive information, clicking malicious links, or downloading harmful attachments. Email security solutions can detect and block these threats, safeguarding you from potential breaches.
  3. Malware Protection: Malicious attachments or links in emails can introduce malware such as viruses, ransomware, or spyware onto your network. Email security solutions include mechanisms to detect and block such threats before they can compromise your systems.
  4. Compliance Requirements: Many industries have specific regulatory requirements regarding the protection of sensitive data, including information sent via email. Implementing robust email security measures helps you comply with regulations such as GDPR (General Data Protection Regulation), or PCI DSS (Payment Card Industry Data Security Standard) (DMARC is a requirement of PCI DSS from March 2025).
  5. Brand Reputation: Falling victim to email-based attacks can damage your reputation and erode customer trust. By implementing effective email security measures, you can demonstrate your commitment to protecting customer data and maintaining the integrity of your brand. In addition, email service providers are starting to require DMARC in order to deliver emails to their users, Google and Yahoo! require this from February 2024 for bulk emails and are likely to require for all emails in the future.

   

• 3. Endpoint Security

  Endpoint security, specifically EDR (Endpoint Detection & Response), provides comprehensive protection against cyber threats and offer advantages against legacy antivirus software.

  Here’s why implementing a modern endpoint security solution is essential:

  1. Enhanced Security: Managed EDR solutions offer advanced threat detection capabilities that can help protect against various cyber threats such as malware, ransomware, and zero-day attacks. This is particularly crucial if you do not have dedicated IT security teams to continuously monitor and respond to security incidents.
  2. Proactive Threat Hunting: Managed EDR incorporates threat intelligence and proactive threat hunting techniques to identify potential security risks before they escalate into full-blown attacks. This proactive approach can help you stay ahead of emerging threats and minimise the likelihood of successful cyberattacks.
  3. 24/7 Monitoring and Response: Managed EDR provides round-the-clock monitoring and incident response capabilities. This means that even if a security incident occurs outside of regular business hours, there are dedicated professionals actively monitoring and responding to threats on your behalf.
  4. Compliance Requirements: Depending on your industry, you may be subject to various regulatory compliance requirements regarding data security and privacy such as PCI DSS. Implementing a managed EDR solution can help ensure compliance with these regulations by providing the necessary security controls and reporting capabilities.
  5. Risk Mitigation: Cyberattacks can have devastating consequences, including financial loss, reputational damage, and legal liabilities. By investing in a managed EDR solution, you can significantly reduce your risk exposure and better protect your assets, customers, and intellectual property.

• 4. Data Protection

  Microsoft 365 services unlock enhanced productivity and scalability benefits. However, it’s essential to understand that your data within these services is not backed up. You should implement a robust backup strategy to protect your data, maintain compliance, and ensure business continuity in the face of various threats and challenges.

  While Microsoft 365 provides robust services, it doesn’t guarantee protection against accidental deletion, data corruption, or malicious attacks such as ransomware. Having a backup ensures that critical data can be recovered in case of such incidents, preventing significant losses.

  Here’s why ensuring your Microsoft 365 data is backed up is essential:

  1. Email Protection: Microsoft 365 hosts business emails, which often contain sensitive and valuable information. Backing up emails ensures that even if there’s an issue with the email service or individual accounts, important communication can be restored without significant disruption to business operations.
  2. Compliance Requirements: Many SMBs are subject to industry regulations or legal requirements mandating data retention and protection. Regular backups help ensure compliance with these regulations by providing a means to recover data if needed for audits or legal proceedings.
  3. Accidental Deletion: Employees can accidentally delete files or emails, causing potential data loss. Having backups allows you to restore lost data quickly, minimising downtime and productivity loss.
  4. Ransomware Protection: Ransomware attacks have become increasingly common, and SMBs are often targeted due to their perceived vulnerability. Having backups ensures that even if data is encrypted or held hostage by ransomware, you can recover without paying the ransom.
  5. Long-Term Archiving: Some data, such as historical records or regulatory documents, may need to be retained for an extended period. Backups provide a secure and reliable method for archiving such data, ensuring it remains accessible when needed.

• 5. Disaster Recovery

  Disasters come in various forms, including natural disasters, cyber-attacks, hardware failures, and human errors. Ensuring that your business is prepared to handle and recover from these incidents as quickly as possible, with minimal disruption, is essential in today’s business world.

  Having a disaster recovery plan and utilising services such as Disaster Recovery as a Service (DRaaS) are essential to safeguard your operations, protect critical data, minimise financial losses, preserve reputation, ensure compliance, manage risks effectively, and prioritise the safety and well-being of employees.

  Here’s why ensuring you have a Disaster Recovery Plan (DRP) in place is critical:

  1. Business Continuity: A DRP ensures that essential business operations can continue or resume quickly after a disaster. It outlines procedures and protocols to follow to minimise downtime, enabling you to continue serving customers and generating revenue even in adverse circumstances.
  2. Minimising Financial Loss: Downtime resulting from a disaster can lead to significant financial losses. A well-designed DRP helps minimise these losses by reducing the duration and impact of downtime, allowing you to recover more swiftly and resume normal operations.
  3. Preserving Reputation: Customer trust and reputation are essential for SMBs. Failing to recover from a disaster in a timely and efficient manner can damage your reputation and erode customer confidence. A DRP helps you demonstrate resilience and reliability, preserving your reputation even in challenging circumstances.
  4. Compliance and Legal Obligations: Many SMBs are subject to regulatory requirements or legal obligations regarding data protection, privacy, and business continuity. Implementing a DRP helps ensure compliance with these regulations by outlining procedures for safeguarding data and maintaining business operations in line with legal requirements.
  5. Risk Management: Disasters come in various forms, including natural disasters, cyber-attacks, hardware failures, and human errors. A DRP assesses potential risks to the business and develops strategies to mitigate these risks, reducing the likelihood and impact of disasters on business operations.

• 6. Infrastructure Modernisation

  Ensuring your infrastructure (compute and networking devices and operating systems) are kept up-to-date is a crucial part of maintaining the availability and security of your business. 

  Device manufacturers regularly release updates to address both the functionality and security of their devices, however these are typically only available for devices released in the last 5 years, older devices do not receive security updates and risk exposing your infrastructure to compromise.

  Here’s why having a modern infrastructure estate is essential:

  1. Security: Cyber security threats are a significant concern for businesses of all sizes. Modern infrastructure typically includes robust security measures to protect sensitive data and systems from breaches, malware, and other cyber threats. Investing in modern infrastructure can you mitigate security risks and safeguard your operations, reputation, and customer trust.
  2. Efficiency: Modern infrastructure often incorporates advanced technologies that streamline operations and increase efficiency. This can include cloud-based services for data storage and management, automated systems for production or customer service, and digital communication tools for collaboration. By leveraging these technologies, you can optimise your processes and utilise resources more effectively.
  3. Scalability: Modern infrastructure is often designed to be scalable, allowing you to adapt to changes in demand and business growth more easily. Whether it’s increasing production capacity, expanding into new markets, or accommodating a growing workforce, scalable infrastructure enables you to flexibly adjust your operations without significant disruptions or costs.
  4. Flexibility and mobility: With the rise of remote work and flexible work arrangements, modern infrastructure enables you to support mobile and remote employees effectively. Cloud-based collaboration tools, virtual communication platforms, and mobile-friendly applications empower employees to work from anywhere, increasing productivity and enabling better work-life balance.
  5. Compliance and regulation: Many industries are subject to strict regulatory requirements concerning data protection, privacy, and industry standards. Modern infrastructure often includes features and functionalities to help you ensure compliance with these regulations, reducing the risk of fines, legal issues, and reputational damage.

• 7. End-User Devices

  Upgrading from Windows 10 to Windows 11 will allow you to benefit from enhanced security features, improved performance, and a modern user interface, along with compatibility with newer applications and technologies, ensuring continued productivity and competitiveness in their operations.

  With Windows 10 set for End of Life in October 2025, it’s critical to ensure your end-user device estate is upgraded before this date, either through an OS upgrade or device replacement where the minimum Windows 11 requirements are not met.

  Here’s why upgrading to Windows 11 is essential:

  1. Stay Updated: Once a Microsoft operating system (OS) reaches the end of support, you will no longer receive technical assistance, software updates, or security fixes.
  2. Enhanced Security Features: Windows 11 introduces several security enhancements, including hardware-based security features like TPM 2.0 and Secure Boot, along with improvements to Windows Hello for biometric authentication, helping you protect your data and devices against evolving cyber threats more effectively.
  3. Optimised Performance: Windows 11 is optimised for modern hardware, delivering improved performance and responsiveness compared to Windows 10, which can lead to faster boot times, smoother multitasking, and overall better system performance, enhancing productivity for your users.
  4. Compatibility with New Technologies: As software and hardware vendors continue to develop solutions optimised for Windows 11, upgrading ensures you remain compatible with the latest technologies, applications, and peripherals, allowing you to leverage new features and capabilities to stay competitive in your respective industries.
  5. Improved Productivity and Collaboration: With features like Snap Layouts, Snap Groups, and virtual desktops, Windows 11 offers a more intuitive and productive multitasking experience, enabling your employees to organise their workflow efficiently and collaborate seamlessly across tasks and applications.

• 8. Telecoms Analogue Switch-Off

  The analogue switch-off by BT (British Telecommunications) refers to the discontinuation of analogue voice and broadband services (PSTN, ISDN, ADSL, FTTC) in 2027. This transition involves phasing out traditional analogue phone lines and services, replacing them with digital voice and internet-based technologies.

  The shift towards digital communications offers several benefits, including improved call quality, greater reliability, and increased efficiency in utilising network resources. However, it also requires businesses reliant on analogue services to upgrade their equipment and adapt to digital platforms.

  Here’s why preparing for the analogue switch-off is essential:

  1. Dependence on Analogue Services: If you still rely on traditional analogue telecommunications services for your day-to-day operations, such as landline phones, alarm systems, lift/elevator controls, ADSL/FTTC broadband, etc. then the switch-off means these services will no longer be available, potentially disrupting communication channels if you don’t migrate to digital services.
  2. Transition to Digital Technologies: The switch-off necessitates a transition to digital communication technologies, such as Voice over Internet Protocol (VoIP) systems, with less than 3 years until the switch-off time is running out to schedule and complete the required work with almost all businesses and consumers being impacted.
  3. Improved Efficiency and Cost Savings: While the switch-off may require initial investments in upgrading technology, transitioning to digital communication platforms can ultimately lead to improved efficiency and cost savings. Digital solutions often offer enhanced features, scalability, and flexibility at a lower cost compared to traditional analogue services.
  4. Business Continuity and Resilience: The switch-off presents an opportunity to reassess your communication infrastructure and enhance business continuity and resilience. By investing in reliable, redundant digital communication systems, you can better withstand disruptions and maintain operations during unforeseen events.
  5. Customer Expectations: Customers increasingly expect businesses to offer modern, efficient communication channels. SMBs that fail to adapt to digital communication technologies may risk losing customers to competitors who can provide more convenient and accessible means of communication.