We use technology to help organizations increase efficiency, grow profitably and manage risk.
Our practice areas include automation, app development, infrastructure management, cost reduction and more. We are particularly strong in risk management, internal control and regulatory compliance.
Focused services designed to help organizations recover from the impact of COVID-19, with an emphasis on lower cost and increased security.
Our modular approach to service delivery lets you match IT services to your exact requirements, and to change those over time as your organization grows.
Everything we do is based on policies, standards, automation and control so we can provide reliably high levels of service quality.
We don't email quarterly reports. We provide our clients with real-time access to performance management information about their IT estate.
We're obsessive about helping our clients use IT to deliver value and avoid being limited or restricted by it's operation.
While a level of technical complexity is inevitable, we deliver solutions only as complex as required for successful operation.
Our clients tell us they like our ability to explain and educate about information technology in clear, jargon-free language.
Talk to us if you're looking for an information technology partner you can rely on to make practical, business-oriented recommendations.
The $1.3tn cybercrime industry has gone into overdrive as a result of changes in business behavior. Previous IT security measures will need review and likely reinforcement.
Smaller organizations tend to buy systems based on functionality alone. A structured set of policies and standards leads to lower cost of ownership and enhanced security overall.
Our work addresses mitigation of operation risks in IT management as well as the use of IT to improve risk management across the business.
We have a significant track record in planning, delivering and remediating IT-specific aspects of compliance with a range of regulations across multiple industry sectors.
We build and maintain standard sets of evidence that our clients can use to demonstrate compliance with government, professional, and contractual requirements.
Well-designed internal control systems comprise a range of detective and preventive measures, with a focus on automated responses rather than error-prone manual corrections.
Human behavior causes 95% of IT security breaches. If you're not providing training for your employees, you're basically waiting to be a victim of a determined cyber criminal.
43% of cyber attacks target smaller organizations, yet 77% of organizations don't have a cyber security response plan as part of their business continuity plans. Talk to us to get started.
We help clients use Microsoft 365 and other technologies to gather, store, codify and analyze business data to generate actionable, real-time information.
Our clients are increasingly moving away from the old model of historical, static reporting and email overload in favor of more readily understandable visual data.
A knowledge sharing culture is a key strategic enabler for small, agile businesses. Successful KM helps protect intellectual property, retain quality employees and more.
Don't be a data pack rat. If your data management capabilities don't currently address legal hold, retention and disposal policies talk to us about the implications.
Proactive measures including properly managed access control lists and data loss prevention policies help organizations remain compliant and secure.
Joining audio, video and web conferences with people inside and outside of your organization can generate significant savings in time and money.
Where required, we connect clients and their partners using software-delivered wide area networks that provide near-LAN speeds and industry-leading security.
Our US-based service desk provides every client employee with a knowledge base and easy access to support through self-service ticketing and chat options.
Replace manual processes with scalable workflows for everything from individual tasks to large-scale systems.
Transforming business processes so they literally work from the palm of your hand, in the field or office.
Build workflows that keep golden source data connected across multiple repositories with ease.
Replace forms-based activities with line of business apps that run on your smart phone or tablet.
Anywhere you collect data by paper or electronic form, you require approval or want to reduce data entry is a great way to get started. Beyond that, anything goes.
Design, prototype and build working apps in days, not months, for rapid return on investment on the cost of development alone, with greater productivity savings.
Build a can-do, results oriented culture where employees can focus on driving results, not feel stifled by administrative and wasteful activities.
Provide employees with self-service tools, data and analytics so they can access the information they need, when they need it, and wherever they are.
The Coronavirus pandemic has created a wealth of new opportunities for hackers and other cybercriminals.
Aside from a general sense of urgency which the bad actors hope will make people more likely to fall for their scams, part of the game here is that hackers know many people are currently working from home. Home networks tend not to be so well defended as organizational ones, and many people working remotely are using either personal computers or work computers whose security configuration was designed for when they were inside an office, not necessarily elsewhere. Aside from their usual goals, hackers currently hope to compromise and gain control over computers while they are outside the office network, so they can have a "man on the inside" once the pandemic is over and business routine returns to normal.
Their attempts come in many forms. We've highlighted just four of the most common COVID-related phishing emails reported to date for information.
Email purporting to contain details about a vaccine being covered up by governments. Often claiming to be sent from a doctor "in the know". the email is of course a phishing attempt and takes the unwary to a website designed to harvest login details.
Always think twice before clicking any link in an email, no matter how genuine it appears. Also, be wary of any offer which - like this one - appears too good to be true. It generally is.
Another phishing attempt, this time disguised as an email from the government providing access to your tax payout or refund. The email contains a link which is usually labeled "Access your funds now", which takes the user to another scam website requesting financial and login details. The request for financial details clearly increases the risk to the user.
Needless to say, this is not how a legitimate tax office would advise you of any potential refund.
Hackers pretending to represent the World Health Organization are emailing people and enclosing an attachment which is said to contain important safety information. The sense of urgency is generated by the line "This little measure can save you".
The attachment is actually malicious software called AgentTesla Keylogger, which records every keystroke on your computer and sends it to the attackers, allowing them to monitor 100% of your online activity.
The subject usually reads "Covid-19 - now airborne, increased community transmission". It looks like it's from the Centers for Disease Control and Prevention, and it's convincing because it actually uses spoofing to appear as if it was sent from a legitimate CDC address.
Furthermore, the email's link sends the user to a convincing but fake Microsoft login page, and anyone who does will then be redirected to the real CDC's website - but the hackers now have control of their email.
Security is fundamentally a people issue. Human nature can be unpredictable, so from an IT perspective the risk posture changes every day. Furthermore, a lot of the things required to improve IT security can be inherently unpopular with users. This means successful security requires dialog, understanding and solutions that limit the inconvenience factor.
On the IT side, there is an acknowledged lack of sufficiently skilled security professionals in today's market. Organizations, particularly those on a tight budget, have a resourcing problem.
Of the most common threat vectors in 2020, many rely on user action, however unwitting. An estimated 94% of malware is delivered by email. Phishing remains one of the most popular attack types and accounts for one in three breaches. 34% of data breaches involve internal actors. And 43% of breach victims are small and midsize organizations, even though the show-stopping headlines tend to report attacks on large companies.
Here are some of the key things you can do in your organization to keep your users safe. We're here to assist in these and all other IT security issues, so don't hesitate to get in touch.
Sadly, in 2020, the password "123456" is still used by approximately 23m account holders worldwide. More than half of all users rely on memory or scribbled notes for their passwords. People often use the same passwords for both work and personal accounts. Those accounts have been scammed but the user is unaware. The list goes on.
Prevent employees from using short, simple passwords. Provide password management software and use multi-factor authentication on business systems wherever possible.
Train your users on common exploit techniques like phishing, spear-phishing, whale phishing and more.
Now, train them again. Make it a regular requirement and track completion and scores. Maybe have everyone in the organization complete training once a year, with higher risk data owners completing training more frequently.
Use periodic tests to make sure the training was successful. Send simulated phishing emails to your team to see if how many click the link - you may be surprised at the results.
According to a recent surveys, as many as one in five central document folders in an organization is open to everyone. Furthermore, many organizations fail to disable, archive or delete unused user accounts and their data, leaving hackers with excess targets for stealing your information for profit.
Every organization needs to classify its data, restrict access to it based on need and manage the lifecycles of both data and user accounts in an effective manner. Failure to do so leaves you wide open, with the goal posts widening over time.
Nearly 70% of attacks - malware, ransomware, phishing and more - rely on email as the initial vector. So it makes sense to stop as many bad emails as possible before they can be clicked by users (even the ones you have trained.)
Platforms like Gmail and Microsoft 365 are getting better at spam filtering, but solutions exist to do so much more to protect you.
We provide email security that filters messages for spoofing, malware, phishing and other threats. As the saying goes, prevention is better than cure.
Did you know a hacker can earn over $650,000 a year?
With that sort of incentive, it's little wonder cybercriminals are so determined. Unfortunately, surveys indicate that over two-thirds of small and medium organizations rely purely on basic, threat signature-based antivirus products. The truth is that's just not good enough to keep you safe today.
A modern approach to IT security is multifaceted, and establishes multiple lines of defense. If you're just using whatever antivirus your current managed service provider offers right now, you need to do much more to remain secure. Talk to us - we'll even show you a real life hacker so you know who you're up against.
Take ransomware for example. It remains the most prominent malware threat. In 2019 alone, on average one in five small and midsize organizations have fallen victim to a ransomware attack.
The average ransom demand is ~$5,900 and rising at an annual rate of over 30%. That's ignoring the other recovery costs. And even if you're one of the 24% who pay the ransom there's no guarantee you will get your data back - these are criminals, after all. For ransomware alone, the cost of protection is often lower than the cost of a breach.
Modern IT security relies on multiple factors, not just one piece of software on the endpoint. It makes sense to manage your security posture within a defined framework.
First, analyze and understand your risk profile by assessing the likely threats to your business, the nature of your existing and planned IT systems, and your appetite for risk. Next, based on the risk profile, implement and maintain defensive measures, including infrastructure, software, processes, controls, training and education.
Once you understand your risk profile, including your technology footprint, degree of standardization, training quality, nature of data at risk and likelihood of a breach, you're in good shape to start protecting your organization.
Maintain and update the systems that provide your first line of defense, a protective layer including firewalls, security software and much more. Systematically respond to alerts and incidents, your second line of defense. And for the last line of defense, monitor, report on and improve your performance in the first two.
Successful IT management that provides security is a full-time endeavor. You're highly unlikely to be successful if you view it as a part-time job.
Whether it's advice on setting up, understanding your risk profile or managing the entire solution end-to-end, find a reliable partner who can help. Even if you have an in-house IT team, a good partner can support them with out of hours work, holiday cover and more. Of course, we'd love to help. Give us a call, with no obligation, and let's see if it makes sense to work together.
Cybercrime is an industry. Really. One complete with wholesalers, retailers, customers (both willing and not so willing) and an established range of market prices. Did you know you can buy a stolen credit card's details for $20?
The average cost of cybercrime for an organization of any size has risen during 2019-20 from $1.4m to over $130m. And the average number of security breaches rose over the same period by 11% from 130 to 145. The state of the malware used as just part of this criminal endeavor has morphed dramatically, with detected activity increasing by 61% over the period December 2018 to January 2019 alone. New malware is released every seven seconds, and over 350,000 new malicious programs are registered every day.
If the cybercrime industry was a country, in 2019 it would have been the 13th largest country in the world with a gross domestic product of over $1.5tn.
That's almost as large as the entire GDP of Texas.
And that industry is experiencing double-digit growth rates. It sounds like Big Business - and it really is. But while the tools have changed, the underlying crimes remain the same including theft, fraud, extortion and more.
It's Big Business. And you need to stay protected.
The Hollywood image of a hooded loner sat in a dark basement at his parent's house is very sadly misguided.
Today's cybercrime industry has evolved, and that "lone gun" individual has found better ways to turn a profit. The industry has evolved to what law enforcement sometimes call "crime-as-a-service", with a complex range of sectors and subsectors. The change, as ever in a market, has been driven by basic economics.
Although it is hard to believe, the cybercrime industry has even developed arbitration and regulatory systems.
The industry at first glance looks very much like any other developed market.
Few actors are skilled across all aspects of the business model, because it makes greater economic sense for them to specialize in a particular trade and to engage the services of others when required.
The industry even provides marketplaces where these bad actors can recommend others, rate their previous work and buy their services. Just like some of the online marketplaces you may be familiar with, but for criminals instead.
Here's a good example of how the cybercrime industry breaks down.
Say you want to run a project to develop malware. You need a project lead willing to perform such work, and a team of like-minded programmers with relevant coding experience. Whoever you sell the malware to may hire a team to successfully deploy it. Finally, you need a cashing-out specialist to convert your virtual gains into monetary or physical ones.
It's a growing economy that exists today. And it's targeting your business.
We use technology to help organizations increase efficiency, grow profitably and manage risk.
Established in 2001, we have nearly twenty years' experience of managing all information technology disciplines for large, medium and small organizations. Our experience spans infrastructure, applications, data and security from a technical perspective, and the need to provide users with exceptional service to make their working lives easier.
Our principals have worked for some of the most prestigious companies in the world, including IT giants like IBM, blue chips like JP Morgan and professional services firms like PricewaterhouseCoopers. We now use that knowledge to help small and midsized organizations and provide them with excellent, scalable and secure technology platforms.
We know IT, we know risk, and we speak fluent business. Let's discuss how we can help.
2001
Founded as a management consultancy specializing in IT security and risk management.
2002
Scope of work expanded to address regulatory requirements affecting IT relating to risk and control as a result of the Sarbanes-Oxley Act.
2003
Development of proprietary internal control modeling language to codify controls and enable comparison of relative performance across industries, regions, divisions and subsidiaries.
2006
Further expansion into the use of IT for regulatory and compliance purposes, including anti-money laundering, sanctions and other areas of financial crime compliance.
2008
Decision taken to diversify and leverage enterprise-class experience as the basis of developing a range of IT and risk management services for growing small and midsized companies.
2011
Shift from pure advisory services to providing dedicated managed IT services.
2014
Incorporated knowledge management and data visualization into managed services model.
2017
Managing computers in 56 countries for clients with an average size of 37 employees.
2019
Internal restructuring around a new generation of management and support systems to underpin service delivery enhancements and growth objectives.
2020
Tactical response to help clients address massive increase of hacking and other cybercrime activities as bad actors seek to take advantage of COVID-19's impact on organizations.
2201 Cooperative Way
Suite 600
Herndon, VA 20171
contact@mcleansterling.com
Jactin House
24 Hood Street
Ancoats
Manchester
M4 6WX
contact@mcleansterling.com