We’re thrilled to announce that Roadmap has achieved ISO 27001 certification, a globally recognised standard for information security management! This milestone underscores our commitment to safeguarding our customers' data and maintaining the highest level of trust and security in all our IT support services. To streamline this rigorous process, we partnered with Vanta, whose automation platform made compliance simpler and faster. Vanta’s real-time monitoring, task automation, and intuitive dashboards allowed us to efficiently prepare for audits and ensure we met every requirement with confidence. Achieving ISO 27001 certification not only enhances our security posture but also provides our customers with added assurance that their data is managed securely and responsibly.
Why every business, regardless of size, must take cybersecurity seriously
All businesses, regardless of size, heavily depend on digital systems and data, making cybersecurity not just a technical concern but a critical business necessity. Yet, many organisations, particularly small and medium-sized businesses (SMBs), often underestimate the importance of robust cybersecurity measures. This article delves into why every business must prioritise cybersecurity and the risks they face if they fail to do so.
A Double-Edged Sword
The digital transformation has unlocked unprecedented opportunities for businesses. AI, cloud computing, and mobile technology have all revolutionised the way companies operate, enabling faster growth and more efficient operations. However, this digital shift also comes with new risks. As businesses become more reliant on technology, they become more vulnerable to cyber threats.
Cybercriminals are becoming increasingly sophisticated, exploiting weaknesses in business systems with alarming precision. No business, regardless of size, is immune. In fact, smaller businesses are often seen as low-hanging fruit by cybercriminals because they typically have less sophisticated security measures in place compared to larger enterprises.
The Myth of "Too Small to be Targeted"
One of the most dangerous misconceptions we hear is the belief that only large corporations are targeted by cyber-attacks. This couldn't be further from the truth. Cybercriminals often target smaller businesses because they assume (often correctly) that these companies have weaker security defenses. According to a report by Verizon, 46% of all data breaches in 2022 involved small businesses. The rationale is simple: while a small business may not yield as much profit as a large corporation, the effort required to breach its systems is often much lower.
The potential impacts following a cyber attack
Failing to secure your business against cyber threats can result in significant financial losses, both immediate and long-term, including costs from ransomware attacks, data breaches, and increased insurance premiums. Additionally, a cyber-attack can result in the loss of confidential data and has the potential to severely damage your reputation. Businesses also face legal and regulatory consequences, including hefty fines for non-compliance with data protection laws and potential lawsuits from affected parties..
Cyber-attacks can disrupt your operations, sometimes for days or even weeks. Whether it’s a ransomware attack that locks you out of critical systems or a denial-of-service attack that makes your website inaccessible, the impact on your ability to conduct business can be profound.
In some cases, cybercriminals are after more than just financial gain; they may seek to steal intellectual property or proprietary information.
A cyber-attack can also affect your employees. If sensitive employee data is compromised, it can lead to a loss of trust within the organisation. Additionally, the stress and extra workload that often follow an attack can lead to lower morale and productivity.
The Evolving Threat Landscape
The cybersecurity threat landscape is constantly evolving. Cybercriminals are always finding new ways to exploit vulnerabilities, and businesses need to stay ahead of these threats. This requires a proactive approach to cybersecurity, which includes regular risk assessments, employee training, and investment in the latest security technologies.
One of the most prevalent threats today is Ransomware, where attackers encrypt your data and demand payment for the decryption key. Small businesses are increasingly targeted because they are often seen as more likely to pay the ransom quickly to resume operations.
Phishing attacks are becoming more sophisticated, using social engineering techniques to trick employees into revealing sensitive information or downloading malicious software. Educating employees about the signs of phishing is crucial.
Cybercriminals are now also targeting the supply chains of businesses. Even if your company has strong cybersecurity measures, a weak link in your supply chain can expose you to risks.
IT security is a business requirement, not an IT decision.
Cybersecurity isn’t just the responsibility of your IT team, it’s a company-wide concern. Creating a culture of security within your organisation is essential. This means educating employees about the importance of cybersecurity, establishing clear policies and procedures, and ensuring that cybersecurity is a regular topic of discussion at a management level.
Moreover, businesses must recognise that cybersecurity is not a one-time effort but an ongoing process. Regularly updating software, conducting security audits, and staying informed about the latest threats are all part of maintaining a strong cybersecurity posture.
Frameworks such as Cyber Essentials +, ISO27001 and SOC2 will significantly reduce your risks to a Cyber Attack and should be seen as the foundation of how to manage and protect your IT systems.
In conclusion, cybersecurity is not a technical issue confined to IT professionals, but a critical business issue that affects every aspect of an organisation. The risks of ignoring cybersecurity are too significant to overlook. Financial losses, reputational damage, legal consequences, operational disruption, and the erosion of employee morale are all potential outcomes of a cyber breach.
For businesses of all sizes, cybersecurity should be viewed as an essential investment in their future. Taking cybersecurity seriously is not just about protecting data it’s about protecting the very foundation of your business.
Have you chosen the right technology?
Since we began in 2015, Roadmap has carefully curated a selection of products that we believe are transforming how IT is delivered and managed.
Egnyte and JumpCloud are two of these key products, and they have become central to our portfolio, achieving remarkable success. Now, several years on, we’re seeing many of our competitors start to include these products in their offerings as they come to realise why they are truly best-in-class.
Our ability to anticipate and understand how technology will evolve is one of the key reasons to choose Roadmap IT as your partner. Investing in the wrong technology can be costly, inefficient, and disruptive. Our clients who adopted these technologies several years ago have gained a significant edge over their competitors, seamlessly transitioning to remote working or hybrid office environments without any disruption to their workflows.
It goes without saying that we have a wealth of experience and expertise in migrating businesses to both Egnyte and JumpCloud, and we are ready to support any other businesses that need more from their IT partner or services.
Make a difference, give a laptop
With schools now closed again, there are many pupils without the technology they need to be able to carry out remote schooling from home. The BBC launched a campaign earlier this year asking for laptop donations for students who need them for online learning. Roadmap IT are working with the Copperfield Academy in Gravesend, Kent to try and help ensure every child at their school has the ability to continue their schooling from home. There are 130 families who need our help and we think with your help we can really make a difference.
How can you help.
We need your old laptops, computers or iPads. The one’s that are in your store room, cupboard or at home that you upgraded years ago and have probably forgotten about.
What do we need:
Any Mac or PC that can run MacOS 10.11 or Windows 7 and above or an iOS device running iOS 11 or up. Generally speaking devices from 2007 upwards will most likely qualify.
If you are unsure then please call or send us an email and we will help you identify if the device is suitable or not.
Telephone 0203 327 0001
Email hello@roadmap-it.co.uk
How we will help.
Roadmap IT will ensure all the devices are securely erased and are working before they are supplied to the school. We can provide certifications for businesses who have compliance needs to record the data sanitisation.
Each device we refurbish and supply to the school will make a huge difference to the family who receives it. Recycling your computer equipment is also good for the environment and sustainability.
Thank you from everyone at Roadmap and Copperfield Academy!
Customer satisfaction survey
Thank you to all our customers who took part in our 2020 customer satisfaction survey. We scored an overall rating of 9.2 (out of 10) and managed to improve our scores across all areas of the survey.
The new normal
Overnight businesses have changed how they operate and working remotely, or working from anywhere, has quickly become the new normal. Most businesses by now will have worked with their IT teams to provide remote working solutions for their staff to enable them to work from home.
A common and well documented topic that seems to be consistent across all businesses and people I speak with is that “this new normal” is here to stay in some capacity moving forward and as such planning IT systems in and out of the office should form the basis of all IT roadmaps.
There are many “quick fix” cloud services that enable businesses to overcome a technical challenge that enable their staff to work remotely (eg DropBox for remote file sharing). Often IT security and control of data is overlooked in favour of ease of use and quick deployment. As with any IT system, planning, security, management and reporting should be features that are considered from the outset and that are just as important as the user experience and cost of the product.
Working from home brings new challenges for business owners and IT managers. Securing your IT systems and data within your office environment is easier to manage and lock down. Remote working brings a number of security and device management challenges that I will cover below.
Arguably one of your largest cyber security risks are your employees. Educating your workforce with the basics will go a long way and will help protect your IT systems and data. There are a number of inexpensive online courses that staff can sit to help educate them in the basics. Are staff aware of phishing techniques and do they have a way or reporting any security concerns. Do they understand the importance in using secure passwords and are they using 2FA to access your systems. Do they have the right tools to securely share data across your team and with customers. If you don’t provide your teams with the tools they need, they will quickly and easily find their own solutions which could be highly disruptive to your business and data.
If your remote teams are using their own unmanaged devices to access your systems this could open up a whole number of IT security and data control concerns. It is very likely you will have little to no control over your data if you have adopted this method. If your team are working in this way and handing confidential or sensitive information you should review this urgently.
Who has access to your data? Controlling access to your data in a remote working environment can very quickly spiral out of control. You’ve given your employees the ability to access your files so they can work on them from home. Then what? Do they have the ability to then upload those files to their personal DropBox’s or GDrive, or to external drives. Once this happens you have lost control of your data and possibly worse.
Do your remote teams have adequate network security in place? Do their home computers have access controls in place (eg individual computer accounts that are password protected)? Are drives encrypted? Do other users at their residence have access to the same computer? Are these devices running the latest security patches? Are these devices accessing sites that could be considered high security risks? As you can see there are often many questions to consider if cyber security and controlling your data is important to your business.
Your team may have been working remotely for a few months now. All seems well, they have access to email and files and Zoom has become a daily ritual, but are all your IT systems being managed and maintained as if they were in the office? If you are not using an MDM solution to manage all your remote endpoints its likely that security patches have not been applied and best practise maintenance routines are not being carried out. Are AV and Malware scans being run along with other proactive maintenance and security routines? Neglecting these could quickly become a cyber security risk and in turn a risk to your data.
Now take another scenario where you need to furlough or make a remote member of your team redundant. How do you disable access to all your IT systems efficiently and securely and have the confidence that the remote employee can no longer access your data. This is where having the right cloud platforms and IT team is essential. The same goes for new starters. Having the ability to onboard new members of the team remotely and provide them with preconfigured devices is going to be an essential part of your IT strategy.
There are many more areas for your IT team to consider such as streamlining and integrating cloud and on-premise IT systems, SSO, backup, archive and business continuity. Ask your IT team how they will manage your next round of operating system upgrades across a remote team, if they are not sure its time for a review.
Roadmap have managed solutions for all of the above and more, from zero touch deployments, to detailed reporting and monitoring of your remote assets and users. We empower businesses to work remotely efficiently and securely.
Credits: Image supplied by Freepik.com
Managed cloud IT platforms and COVID-19
Wildcard PR are a well established and successful PR agency based in London, Bristol and Truro.
Last year Roadmap worked with Wildcard PR to transform their IT to meet the changing needs of their business. Our brief, to build and support a platform that would allow their team to work securely from any location, without losing the functionality and security they currently had from working within the same office. The London team would be moving to a WeWork and needed the ability to work from any of the WeWork breakout areas. As staff and teams would be working remotely, Wildcard were aware that there would be an ever greater importance on securing their systems to avoid data loss or leakage.
As Roadmap would be managing Wildcard’s technology we also needed to build a system that would enable us to manage all their systems remotely.
Our solution focused on the clients needs, IT management and data security.
We set about rebuilding and in some instances upgrading all of their computers and mobile devices to ensure all the builds were configured consistently and would meet the needs of the new technology we would be introducing. We used Meraki Systems Manager (MDM) and custom scripting to help deploy systems and software and applied the agreed IT security profiles to all devices. From this point onwards Roadmap now had a secure remote platform for managing system and software patches, remote access, reporting and monitoring tools. In addition Roadmap Protect was installed on all endpoints to help Roadmap proactively monitor for malware, hardware or network issues.
The old on-premise Active Directory server was replaced with JumpCloud and Egnyte. JumpCloud, a cloud based directory enabled Roadmap to manage all the user accounts securely using 2FA across endpoints and cloud based platforms. Egnyte, a secure cloud based file sharing platform revolutionised how the team could now access and share files both within the office and remotely and was integrated with JumpCloud for SSO and centralised user management. Importantly the Egnyte user experience was very similar to how users had worked when accessing files within the finder, this familiarity was very helpful with user adoption.
Office 365 was already being used but Roadmap integrated this with Jumpcloud for SSO and centralised user management.
Code42 was used to help secure endpoints by backing up data remotely, protecting the business from accidental or purposeful deletion. The backup functionality also doubled up to protect users from Ransomware threats. Code42 also enabled the management teams to monitor and report on endpoint usage, an essential tool for a disparate work force.
On-premise accounting systems were moved to cloud based alternatives.
Telephony and VoIP were moved to a platform that enabled users to communicate over soft phones, or web based video conferencing.
The network equipment within the offices was replaced with Meraki equipment, helping complete the remote management and visibility Roadmap needed to ensure all sites could be managed remotely. This was also tied to JumpCloud for added security and SSO.
Once all the work was complete Roadmap IT organised a Cyber Essentials + audit which Wildcard passed with flying colours.
Roadmap managed the whole transition and implementation. The customer was extremely pleased and user adoption was quick and painless.
Fast forward to March 2020 and due to the Covid 19 Pandemic businesses were quickly realising the importance of having systems in place that enabled their teams to work remotely. In recent days and weeks, we have helped almost all of our customers adapt their technology to enable their teams to work remotely but for some this has been a reactive process and with the obvious time restrictions has only addressed their immediate needs which typically have been around file sharing. Wildcard have been in an enviable position where their teams could simply take computer equipment home and continue to operate their technology securely as normal.
Customer Satisfaction Results
We recently sent out a customer satisfaction survey to all our contract customers. The results are measured against other IT service companies and MSP's. We are very pleased to announce that across Accuracy, Partnership, Promptness and Technical we were ranked inline with the leading businesses in this sector. While all these areas are very important to us we do pride ourselves on our partnership and technical expertise so it was pleasing to see these areas were ranked highly.
Egnyte Tech + Beers
Big thank you to Jase Eskildsen and Michael Townsend for coming over to meet the Roadmap team last week. As early adopters we have been using Egnyte since 2010. Egnyte continues to be our go-to solution for cloud file sharing. Enterprise security, performance along with hybrid capabilities make the product ideal for the customers we support.
Synology 2020
Highlights of Products and Features Announced at Synology 2020
DiskStation Manager 7.0
Storage Manager
New user interface with a unified view of the entire storage structure
Analyses the performance of each hard drive compared with its peers and its own previous records to identify any hard drive that is underperforming and becomes a bottleneck.
Automatically triggers the self-repairing process of a degraded volume as soon as you replace the failed disk with a new on.
Supports mounting/un-mounting of storage pools while the NAS is online.
SSD Cache
SSD Cache Advisor redesigned based on higher granularity, more criteria, and analysis of the I/O patterns of actual workloads, accurately making recommendations on the optimal cache size.
Boosts systems performance for backup, snapshot, file scanning or accessing large databases
Supports mounting/un-mounting SSD cache without disrupting running services
Resource Monitor
Now provides granular visibility into system-level processes and historical performance, helping IT admins pinpoint the root causes and improve ops
Applications
Synology Directory Server (formerly Directory Server Windows Domain)
Centralising user account and management and authentication as well as group policies.
With over a 100% increase in database read performance and over 500% in write performance
Dual domain controller, providing load balancing and fail-over
Synology Drive
Powerful online viewer to open and view all popular file formats directly on the web portal
Dashboard for admins to review connected devices, database usage and files most accessed by external users to help spot potential data leaks
Detailed audit logs
Synology Contacts
Brand new contact management system keeping sensitive personal data on-premise
Flexible sharing options with permission controls
CardDAV support for cross platform
Cloud Services
Active Insight, Synologys first cloud monitoring and predictive analytics platform.
Centralised monitoring for all connected Synology NAS
Real time notifications through email or mobile app
Highlights performance fluctuations and current storage usage
Hybrid Share
Client devices can access data in the cloud as if it is stored locally, frequently accessed files are cached allowing access and LAN speeds.
For cross-site file exchange, individual sites no longer have to sync a full copy of all files. Local space and bandwidth are only consumed when their employees actually start accessing specific files shared by other sites.
End-to-end encryption ensures the same level of data privacy as purely on-premises infrastructures
Products
Synology announced a number of new products:
FS3400 all flash array delivering over 134K IOPS
FS3600 all flash array delivering over 161K IOPS
SA3600 SAS based array with over 2.8PB Capacity
UC3200 active-active dual controller for mission critical iSCSI services
SA3200D active-passive dual controllerAnd as pictured below the HD6400 4U 60 Bay array 1PB in a single chassis
Another exciting announcement was the support for fibre-channel network cards that will become available on selected models.
Our only disappointment of the day was the prize draw as the winning ticket was 380 and despite checking in at the same time we ended up with 379 and 381! Stewards enquiry please..
Meraki Community All Star
Nick was recently nominated for a Cisco Meraki Community All Star award in recognition to his contributions to the Meraki community.
Jumpcloud Tech + Beers
Big thank you to Ben Oren and Scott Reed from JumpCloud (Colorado) for coming over to meet the Roadmap team last week. Roadmap were early JumpCloud advocates, realising the potential and direction Identity Management would take.
Roadmap achieve ISO 27001 & Cyber Essentials + certification for Pollitt and Partners
After many months of consultancy, planning and implementation we have successfully built and implemented an ISMS at Pollitt and Partners and helped them achieve ISO 27001 certification.
As certified ISO 27001 implementers we were able to advise on the process from the outset, agreeing budgets, schedules and resources. After undertaking a Gap Analysis we assigned tasks across Roadmap and P&P’s HR and Management teams.
Using an ISO 27001 kit, we worked through each policy and control as a team to ensure they were relevant and customised for P&P’s needs. A thorough risk assessment created the backbone for much of the improvements that we ultimately implemented across the business.
Roadmap IT lead and managed this project, created and tailored the policies, undertook the risk assessments, implemented the new IT systems and continue to manage, update and improve the ISMS on behalf of P&P. Roadmap IT also represented P&P during the onsite audit to achieve the certification P&P required.
To help meet some of the requirements of ISO 27001 Roadmap also took P&P through the process of achieving Cyber Essentials+ Certification, again managing the whole process and managing all the IT changes and requirements.
Appreciation works both ways
There is an ethos at Roadmap IT that comes naturally. It is to provide genuine, honest and helpful advice and services to our customers that have their best interests at heart. On the whole, this approach is appreciated by our customers and it builds trust and long term relationships. We’ve always said that we are more than a supplier and many of our customers agree that we are team members, essential partners, friends or even extended family. This relationship is an essential part of our business.
IT systems can, and do fail and are often critical to businesses. Any disruption can cause anxiety and pressures for both the customer and the IT supplier. This is where the relationship and trust is essential. If the relationship is good, the customer will know we are doing everything we can to rectify the issue, this in turn generates the best from our team who happily go the extra mile as they know their efforts are being appreciated.
We recently undertook an installation at one of our customers sites in Truro. The project had been planned in detail and kit had been preconfigured and tested to make sure everything was working before attending site. During the project hardware failed in one of the key systems we were installing. It’s a rare scenario but obviously can happen. To make sure there was no disruption to our customer the team at Roadmap worked from 8AM - 3AM for two days in a row. This is a great example of appreciation working both ways, Roadmap went the extra mile to minimise any disruption for the customer and in turn the customer recognised our efforts and remains very grateful for all the hard work that took place. The customer was also impressed that everything was done with a smile, and fun was had by all during the work. This last and very important point was only possible because everyone involved appreciated the efforts and understanding from all sides.
#magentatoo
One of our industry friends DataJar have been issued a "cease and desist" order by T-Mobile's lawyers challenging DataJar's use of Magenta on their logo!
In support of DataJar and their position we have changed our home page to Magenta - #magentatoo
The BBC and The Register have published articles in relation to the order:
BENK + BO
WHAT IS BENK + BO?
A creative eco-system bringing people together from different disciplines to work, make, learn, share ideas and collaborate. An affordable workspace which brings people together from different creative disciplines that includes desk space, event space, yoga studio, meeting room, photographic darkroom and a piano surrounded by books. There is also an onsite bakery and cafe to keep everyone happy.
HOW WE HELPED
A secure, robust and flexible network was required that would work for a 100+ members, guests and events. In addition to this the network needed to support the access control systems, POS, lighting and security systems.
To achieve this we installed structured cabling to all the floors in the building and supplied a 100MB Leased Line with backup FTTC connections for fast and reliable internet access. The wireless network would be used to support the majority of network connections, potentially 200+ across a number of different devices. Security, remote management and performance were key requirements. To achieve this we used Cisco Meraki infrastructure including network switches, firewall and wireless access points throughout. The whole system is managed by Roadmap and we can report and manage all connections remotely. New members, or guest accounts can be added or removed quickly and easily both by the team at Benk + Bo or by Roadmap IT.
We are now also discussing options to provide IT support services to Benk + Bo's members as an added service, along with IT solutions for a new space in Hoxton.
GDPR & ISO27001
General Data Protection Regulation (GDPR) & ISO 27001
Most businesses are now aware that they need to review their internal data protection processes and IT systems and that the deadline for compliance is May 28th 2018.
Roadmap have been applying best practise approaches to all of the IT solutions we provide to our customers for many years. Security and privacy have always been at the forefront of our planning, workflows and advice. If you are an existing customer of ours, then its likely you already have the right technology and framework in place and the majority of the work will focus on creating documentation, processes and IT policies.
Reviewing internal processes, data privacy and IT security opens up a further opportunity to create an ISMS (Information Security Management System) and in particular the option to work towards an ISO 27001 certification. There are a number of key benefits for our customers to do this:
1. GDPR recommends the use certification schemes such as ISO 27001 as a way of providing the necessary assurance that the organisation is effectively managing its information security risks.
2. ISO 27001 will help you put processes in place that protect not only customer information but also all your information assets, including information that is stored electronically and in hard copy format
3. ISO 27001 requires your security regime to be supported by senior management and incorporated into the organisation’s culture and strategy. It also requires the appointment of a senior individual who takes accountability for the ISMS. The GDPR mandates clear accountability for data protection throughout the organisation.
4. ISO 27001 compliance means conducting regular risk assessments to identify threats and vulnerabilities that can affect your information assets, and to take steps to protect that data. The GDPR specifically requires a risk assessment to ensure an organisation has identified risks that can impact personal data.
5. Being GDPR-compliant means an organisation needs to carry out regular testing and audits to prove that its security regime is working effectively. An ISO 27001-compliant ISMS needs to be regularly assessed according to the internal audit guidelines provided by the Standard.
6. The GDPR requires organisations to take the necessary steps to ensure the security controls work as designed. Achieving accredited certification to ISO 27001 delivers an independent, expert assessment of whether you have implemented adequate measures to protect your data.
Working towards ISO 27001 not only addresses the majority of your GDPR requirements, but also improves your internal security and privacy. In addition to this many businesses now insist that their partners or suppliers have ISO27001 certification if they wish to work with them. Achieving certification aids with a much simpler tendering process when agencies are pitching for new business.
Inline with the industry standards and our customers needs Roadmap are also working towards ISO27001 certification.
If you are a Creative Industry business, working with Mac's and need a "Roadmap" to review your GDPR responsibilities, or wish to work towards ISO27001, or simply wish to improve the security of your data then contact us to arrange a free consultation to see how we can help.
New Offices and New Telephony
We have now moved into our new office space (Still within the same building but its a nice upgrade not to be sitting on top of one another!)
In addition to the more obvious benefits such as space, natural light and storage we have a new telephony solution.
We now host and manage our own VoIP solution built on Kerio Operator Cloud PBX, VoIP Unlimited SIP and Yealink T42S Handsets. First impressions are really good. The audio and call quality is far superior than the Polycom handsets we previously used that were hosted on BT's HVX platform.
For any admins used to working with Kerio the familiar interface is a welcome addition in assisting with setup and ongoing management. The Kerio Operator PBX licenses are also free if you already subscribe to Kerio Cloud licensing.
We expect to make a cost saving with the system paying for itself in less than 6 months, so financially it makes sense too.
If you are not familiar with all the benefits of VoIP in comparison to traditional telephony systems, or are not satisfied with your existing VoIP solution drop us a line and we can enlighten you!
High Flyers
After a successful first year of trading and to say thank you we took our team up into the skies above London. It was just like the opening scenes from The Apprentice... thankfully no one was fired!
