IT Cyber Security For Our Financial Services Client

Since January 2020, Windows 7 Operating System is not supported by Microsoft anymore. This means any PCs still running the software no longer receive security updates, software updates, or technical support for any issues.
Many small businesses are not aware of the potential impact and implications of not running the latest software releases. Their approach? “If it ain’t broke, don’t fix it”. Unfortunately, this mindset will cause systems to be compromised at some point as there is no further maintenance available to protect their operating system from cyber attacks if they still use Windows 7.
On the upside, this Windows 7 end of life status has incentivised some of Espria’s clients to undertake a review of their IT systems.
Our client’s issue : an IT system vulnerable to threats
One of our clients has used the cessation of the Windows 7 platform to look at their complete IT infrastructure and ensure that it is as secure and reliable as it can be.
The team here at Espria performed an audit of their IT systems.
Several areas in need of improvement were identified, including:
-
- Multiple anti-virus products being used throughout the organisation but also on some machines!
- Different versions of Microsoft Office being utilised, including Windows 2007, and desktops running multiple Windows Operating Systems
- Windows Updates not being applied to all machines
- Large levels of spams received on a daily basis
- Many web browsers in use
- Administrative rights granted to users on their desktops
- Simple passwords used and shared amongst all users
- Remote user laptops only secured by simple passwords
- All users provided with remote access to the server, whether it was actually required by the business or not
Our solutions : new processes
Whilst the above was not causing any problems from an operational perspective, clearly this is not best practice as to how IT systems should be maintained.
Through the introduction of new processes and a small investment in hardware and software products, we were able to address each of these concerns within a short space of time with minimal disruption to the userbase:
-
Whilst the above was not causing any problems from an operational perspective, clearly this was not best IT practice.
Through the introduction of new processes and a small investment in hardware and software products, we were able to address each of these concerns within a short space of time with minimal disruption to users:
- We introduced a modern, anti-virus solution with central management, update services and reporting.
- We migrated all users to Office 365, ensuring that the same version of the Office product was used and automatic updates were carried out.
- We standardised Windows 10 operating system across all machines, performing in-place upgrades where possible or machine replacements where hardware was not suited to the new environment.
- We configured Windows 10 to perform updates automatically in the background to ensure that all users are on the latest security release.
- With the migration to Office 365, this has automatically provided a level of spam protection : only required emails are allowed to go through.
- We agreed with the business that only 2 Web Browsers should be used and removed non-supported products. We configured automated updates to ensure that the latest product versions are always present.
- We removed administrator rights from all users to ensure that their desktop environment cannot change so that no additional software can be installed.
- We introduce complex passwords to ensure a minimum level of characters, as well as password change enforcement every 30 days.
- We enabled encryption services on remote laptops prior to Windows starting so that the data cannot be accessed without an initial key being entered to allow the machine to start.
- We reviewed all remote user access to ensure it was restricted to only those that need it. In addition, a secure Firewall with VPN Services was installed so that remote users have to authenticate against the Firewall before they are given access to the network.
If your business is not up to date with IT security, your systems are at risk of being compromised.
So it’s imperative you remain a step ahead with your cyber security.
The Results
These steps have led to an improved IT offering for the business’ customers while ensuring the company is better protected against cyber attacks.
We will continue to review the installation every 6 months to ensure that the levels of protection and policies used remain adequate.
You may be interested in
Why Businesses Should Invest in ESG: Lessons learned by Espria
In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…
The Importance of Compliance and Security: Complementary Forces in Today’s Business World
In today’s rapidly evolving business landscape, compliance and security have become paramount. These two elements, often perceived as hurdles, are in fact complementary forces that drive business success and sustainability. Understanding their importance and how they work together can transform them from perceived blockers into enablers of growth and innovation. The Role of Compliance Compliance refers to adhering to laws, regulations, standards and ethical practices relevant to an industry. It ensures that a company operates within the legal framework and maintains its reputation. Compliance is not just about avoiding fines and legal issues; it is…
Businesses are losing money and jeopardising security to IT sprawl and quick fixes, says Espria
IT Leaders must take action on unchecked technology sprawl and shadow IT that are draining budgets, increasing cyber risks, and complicating their digital environment. According to a recent study, budgets towards insider risk management have doubled in the past 12 months, with 81% of business leaders looking to secure their internal business infrastructure as geopolitical tensions escalate and remote workforces become the norm. ‘Digital transformation ushered in new possibilities and solutions for computing, but it also introduced a potential for sprawl that burdens IT teams everywhere,’ said Brian Sibley, Virtual CTO at Espria. ‘When faced…
Espria launches Espria Connect, enhancing Microsoft Teams with Advanced Unified Communications
The new product, Espria Connect, isn’t just another telephony solution. It’s a game-changer, offering a cost-effective, scalable, and secure telephony solution for SMBs, mid-market and enterprise customers. Combining the power of Microsoft Teams with Cloud-Based Unified Communications, Espria, the leading managed services provider, is excited to introduce Espria Connect. This powerful solution streamlines business communication infrastructure and addresses the growing demand for a unified communication solution that supports hybrid work environments. Designed for businesses of all sizes, Espria Connect allows users to manage voicemail, make and receive calls, and access a diverse range of other…
Reimagining education: How AI is changing the way we teach, learn, and collaborate in schools
Technology has long been used by educators to support teaching and operations, facilitating staff with a wide range of platforms and resources. A particular tool that has sparked both controversy and curiosity is the inclusion of artificial intelligence (AI). A study by BCS, the Chartered Institute for IT, found that most teachers are reluctant to use AI for pupil learning with 84% of educators not changing the way they assess their students’ work. This comes after Ofsted recently launched an independent review on the use of AI in schools and how to develop the understanding of…
Espria launches CSP renewal assessment service
Leading managed service provider launches new service to address the costs associated with software sprawl, helping to drive down OpEx as businesses increasingly feel the financial squeeze. Espria, a leading digital solutions provider, has launched a free M365 Licence Assessment programme to help businesses save costs by reviewing existing licence estates and identifying those licences not in use or no longer being utilised. With Microsoft recently changing how they sell and structure licenses, businesses must now reassess their current M365 licenses, looking for ways to reduce costs and keep the capabilities they need as they…