Where to start with a “Practicle approach to Data Protection”

Customer Data Protection

When someone says data protection people’s eyes glaze over, it’s understandable that the data protection act of 1998 is important not just to businesses but the public in general.

Don’t worry, this article is not going to depths on the data protection act, instead focus on what you can do to protect your data.

This is about BIG companies isn’t it?

No, definitely not, here are some snippits of recent action taken by the Information Commissioners Office:

Lismore Recruitment Limited

A recruitment company has been prosecuted at Ealing Magistrates Court for failing to notify with the ICO. Lismore Recruitment Limited pleaded guilty and was fined £375 and ordered to pay costs of £774.20 and a victim surcharge of £38.

and here’s another:

Parklife Manchester Ltd

The company behind Manchester’s annual festival, the Parklife Weekender has been fined £70,000 after sending unsolicited marketing text messages.

The text was sent to 70,000 people who had bought tickets to last year’s event, and appeared on the recipients’ mobile phone to have been sent by “Mum”.

Let’s look at the simplest way in which you can protect your data. Education is by far the easiest way to protect data on your computer’s and therefore in your network. This means taking time to educate the staff and updating them on a regular basis.

So who should be trained?

The best way to demonstrate the importance of data protection is to top-down learning session where management is trained first followed by junior management followed by the staff. In this way it’s obvious to management as well as the staff the data protection is not something that one person does it is in fact the duty of every employee within a company.

A data breach will affect everybody within the company not just the person responsible but, those ultimately responsible as well.

The training is not lengthy or difficult, but it should be provided by an expert in the field or a company whose expertise is beyond doubt. In-house training on this subject is never recommended as it is only the outsider you can see the issues.

Information Security Awareness Training

Here’s what should be covered:

  • Provide an easy-to-use online 40 minutes information security awareness training course for your employees to log on and learn best information security practices from.
  • Provide best practice course contents of your compliance requirements.
  • Teacher employees in simple non-technical language, how and why hackers hack.
  • Instructor employees in the best methods of protecting your systems and the sensitive information you process.
  • Explain the employees inherent responsibilities for protecting your business information and identifying and reporting suspicious since.
  • Supply this information efficiently and effectively an information security threats risk assessment should be completed. A good threats and risk assessment should answer the following questions:
  • What do I need to protect and where is it located?
  • What is the value of this information to the business?
  • What other vulnerabilities associated with the systems processing or storing this information?
  • What is the security threats to the systems and the probability of their occurrence?
  • What would be the damage the business if this information were compromised?
  • What should be done to minimise and manage the risks?

Answering the questions above, is the first and most crucial step in information security risk management. It identifies exactly what your business needs protect and where it’s located and why you need to protect it in real cost impact terms that everyone should understand.

Kwik Fix Plumbers Ltd

The Information Commissioner’s Office (ICO) has fined a marketing company based in London £90,000 for continually making nuisance calls targeting vulnerable victims. In several cases, the calls resulted in elderly people being tricked into paying for boiler insurance they didn’t need.

In plain English, it points out to every employee within the company exactly what their responsibilities are to the data that is within their grasp on an everyday basis, it tells how to protect it, it tells us why we need to protect it and it points out the consequences to the business of not doing so.

If you would like to know more about how to protect your data then we have managed to secure a 10% discount on training with one of our partners. To obtain your discount code visit this hidden page Data Security on our website. Complete the instructions and when you click submit the link will appear to download the Info-graphic with the discount code.

Don’t leave Customer Da Protection to chance, get yourself and your staff trained on Data Protection and avoid the pitfalls. It’s easier than you think.

Steve Richards

Steve has been involved with computers since 1974 and runs Computer Technical Solutions, a consultancy, in North Wales.


Getting people back to work

Speaking with many of my customers I know that the credit crunch is a long way from over. Some of my customers and some family friends as well have been struggling to keep their heads above water.

During a recent brain storming session I came across some unusual lines of thought, this took me down a path that I wouldn’t normally have followed.

You see recently a friend had problems getting a replacement car when his old one had to be scrapped. The problem was that like many people in the recent credit crisis the friends credit score was damaged. This meant no finance for a vehicle, that would mean no job because unfortunately with shift work there would be no public transport.

As it happened, this time, his mother helped out, but it got me thinking about other people who might not be so fortunate.

It took a while to research the right solution. I needed to find a company that had a range of quality used cars and a legal and responsible finance solution for people with a poor credit history.


Credit ScoreCan't Get Car Finance

There are several companies in the UK that are used to check someone’s credit status. Equifax and Experian are the better know firms.

One thing that many members of the public don’t understand is that every time they apply for finance that request is recorded on their credit file. If you are refused credit then each subsequent application within a set period of time has a further adverse affect on your credit rating.

As a result some people make life worse by applying time after time with different companies, each of which adds the line “Refused for credit” or similar to their file.

So how can you get transport?

A lot of the work we did during our research to find a company that would of been able to help my friend only highlighted the poor service and unfriendly companies or unprofessional companies that would be willing to lend money with APR rates well above 300% – a disgusting way to treat people who are desperate.

What was most annoying was the fact that the people who could afford vehicles easily got charged very high rates because they had a poor credit rating and were considered a risk based just on that score.

Good News

Eventually we did find a site that could help and because this company like to pre-qualify people with such care we have developed a relationship that allows us to act as a first contact agent to promote their service.

The criteria for being considered for vehicle finance is very simple:-

  • Aged 18 or over
  • Hold a valid UK Driving Licence
  • UK Resident
  • Employed or Self Employed
  • Benefits accepted with proof
  • Must not be currently bankrupt
  • Can prove income with bank statements
  • Minimum Earnings of £8000 per annum for single applicant Minimum Earnings of £12000 per annum for joint applicants
  • Can afford at least £350 deposit

Best of all – NO CREDIT CHECKS

If you are looking for a quality used car with a 12 month warranty and MoT and you have been turned down for car finance then you should visit Can’t Get Car Finance today!



Recent Scams and what to do about them

Cyber CrimeScam_alert-3

The cost of Cyber Crime or its value to the criminals is a totally unknown figure. In 2013 McAfee sponsored a Centre for Strategic and International Studies (CSIS) report that came back with figures of $400 Billion, but some estimates are more than double that.

However, there is one thing that the security industry does recognize; it typically costs 100 times the loss to fix the problem!

Think about that; for every single £1 that is lost in the value of the data or the fraud, you need to spend £100 to fix the original problem.

The Problem

One of the major problems is that groups of talented programmers are working together to identify potential threats and then exploit them. The amount of money these groups of hackers and their organized crime sponsors have to invest in the development of new threats is matched only by the amount they are willing to pay for simple ways to exploit people with those threats.

Once the threat has been developed it needs to be deployed. If the criminals are able, they can get Chinese hosted systems that are difficult to shut down but expensive (in relative terms).

Previously hacked computers known as Zombies are grouped together in what is known as a BotNet.

The going rate among top-of-the-line American machines is 1,000 zombies for $120, 5,000 zombies for $550, and 10,000 zombies for a cool $1,000. ( Source: https://threatpost.com/how-much-does-botnet-cost-022813/77573#sthash.jYTxlF9I.dpuf)

Those BotNets are used to infect other computers with the latest software threat and so it begins.

Phone Calls

Again, it is relatively cheap to set up an Internet Based telephone system, you get all the features of a major phone system for about £10 per user per month plus the cost of calls when they break out from the internet onto the local phone system.

But, as I mentioned, these people have money and setting up a group of 20 or 50 call “centre staff” is not a problem. These are “staff”, who will know exactly what they are doing, could be trafficked humans or are getting paid for their part in the scam.

Biggest Current Threats

CryptoLocker: This is technically something that we term Scareware, but it is a real threat in most cases. Often Scareware is no real threat but CryptoLocker is different.

You should understand that if you are a business then you should get a licensed version and if contact the author of this article as he can arrange better value on these.


Of course you can protect yourself from this threat with the right piece of software, we recommend CryptoPrevent because it works for free (home users) with all versions of Windows.

CryptoLocker works by encrypting your data (maybe your complete disk drive) during the countdown period. To decrypt it you need a unique key, the threat is that if you don’t pay up before the countdown ends then the key will be destroyed and therefore your data will be unrecoverable. This threat is very real.

Prevent CryptoLocker with Computer Technical Solutions

During the Countdown period an IT Engineer should be able to remove the threat without any serious data loss.

ID Fraud

So how can you protect yourself from these types of ID Fraud? Understand and remember the following and you will be on your way to protecting yourself.

The sophisticated fraudster won’t actually empty your account; they may make a small purchase and seemingly do nothing else. In reality they are building a new version of your identity and obtaining other sources of credit. These are then used to obtain goods and before you know it someone is calling you about the debt on an account you never opened.

Again the scam can be performed by sending you a special offer in an email that seems to be from a site you use and by following the link, you end up at a clone of the site, complete the purchase with your credit or debit card and bam! The deed is done and so are you!

Phishing is usually performed by sending mass emails that look legitimate and tempt you into clicking a link that takes you to your Bank or Building Society website…. Except it is not the real website, it is a clone.

You enter your online banking details and suddenly find that the bank is undergoing maintenance of its systems – please come back later. You have just handed your details to the fraudster and they can now order other services, use your funds, create new accounts etc.

This is no small threat, it costs the UK nearly £3 Billion a year and that figure is rising. ID Fraud can be conducted online and offline. From “dumpster diving” to sophisticated malware to simple phone scams and in particular Phishing.

Protecting Yourself

  1. Your Bank or Building Society will NEVER send you an email
  2. Only ever open emails from people you know and trust
  3. If what seems like a legitimate email arrives and you are interested in an offer then if you have to click on the link study the website address when you arrive at the website.
    1. Does the website address match the company’s website exactly?
    2. When you open another tab in your browser and search for the company, click the link in the search results, does the website address match and the site look the same?
  4. During any purchase process is the website data encrypted?
    1. Look at the website address in the browser, usually it would start http:// but if you are in a secure environment it will start https://
    2. Is there a padlock symbol in the address bar?

If the answer to any of these is no, then why not pick up the phone and call the company to check the offer before proceeding?

The Windows or Microsoft Scam

This is a phone scam, the caller will claim to be from Windows or Microsoft and tell you that there is a problem with your computer and that it is affecting the network or the internet.

First of all, Windows is an Operating System not a company; second, Microsoft doesn’t phone people about problems with their computer.

The aim of the scam is to gain remote access to your computer to:-

  1. Infect it and turn it into a Zombie
  2. Sell you some software; usually claiming your Anti-Virus software isn’t good enough and charging you for their Anti-Virus program which is anything but what it claims to be
  3. Claim that your Windows License is not valid and that you have to pay them for a new licence or they will stop Windows from working

All of these will result in you losing access to your computer in one way, shape or form.

Their aim is not just to compromise your computer but to get your credit/debit card details as well.

The caller will become more aggressive as you try to reject their claims, so please be aware of these calls.

Your Phone Bill

Another scam involves a caller claiming to be from your Telephone Provider, they will say that your last bill did not get paid or something similar. They will ask you for a payment by card to prevent you being cut off.

If you push for proof of who they are they will at some point ask you to hang up and then try and make a call to someone.

You will find you don’t get a dialling tone so you can’t make a call. Then your phone will ring and the scammer will explain that they just cut your phone off and then reconnected it.

All sounds legitimate, but in fact when you hung up, they did not, they just muted the call. So when you tried to dial there was no dial tone and you couldn’t dial out because you were still connected. Once you hung up and did nothing for a minute they hang up and call you back.

Please be aware of these and similar scams. If in doubt, ask them for contact details so you can call them back, then look up the proper number for the company concerned and check with the real company to see if there is an issue.

If you become a victim or if someone tries to scam you, then please report them:-

Action Fraud

Business Security

If you run a Business in North Wales, you can also get advice and support from Computer Technical Solutions at http://www.ctsnww.co.uk and also from the eCrimes Unit via their website.

Business owners always want everything for nothing – please don’t be insulted, I’m in business and I begrudge spending money on solutions unless they are really necessary and I can see the benefit.

Business owners always want security fixed for the lowest fee possible, but we have to look at the business and analyse the data and the threats and then do an evaluation of solutions before we recommend the way forward.

Sounds simple but let a colleague and real security expert explain it to you. ‡Rich Hollis is one of the very few Security Guru’s that I follow closely. I have had the fortune to meet after one of his eCrimes Wales talks, interestingly the video below will help any company assess the threat and identify what needs protecting. If you are serious about security then you really need to watch these short videos.

Zen And The Art of e-Business Security Part 1 (Parts 2 & 3 should follow on completion)

Stephen Richards is the Owner of Computer Technical Solutions who provide a full range of IT and Telecomms business support in and around North Wales.


‡Rich Hollis is the Director of Risk Factory based in London https://www.riskfactory.com/


Websites and Search Engine Optimisation

Websites and Search Engine Optimisation

It’s amazing that I get so many emails and phone calls from people who are offering their services in the SEO arena, it is even more amazing when they offer a guarantee that I will appear on the 1st page of Google for my chosen keywords.

As someone who understands SEO more than the average Joe, I know that they will probably get me in page 1 by using a Google Adwords campaign, something that anyone could achieve with the right budget. The thing is; who wants to spend a fortune to get listed on page one of Google for one set of keywords when your business offers so much more?

The other way they might get me on the first page is by using some very Grey Hat techniques or worse still, Black Hat techniques. Whereas the Grey Hat techniques may work for a while, Google is always updating its algorithm and so there is a higher risk of being sandboxed in the future. Black Hat techniques are guaranteed to get you sandboxed or worse still banned completely.

So why do I get these calls and what am I actually doing to improve my position on Google?


White Hat Only

Google has the overwhelming aim of being the number one search engine (which it is) and to provide the customer with the best answer to their searches (or questions):-

If you visit Google and start typing “convert lb to kilograms” before you have finished you will probably see a small conversion table just under your search box. This is Google providing you with the best answer.

For your website to provide the best answer for a search term, the site has to be Trusted by Google, that is your site uses clean White Hat Techniques, the content is of value to someone because you are perceived as an expert on the topic.

So how do you get a good listing on Google?

One of the key Trust Providers is the “Age” of your site. This is the age from the first Google “scan” of your site or more correctly from the date Google first “Spidered” or “Crawled” your site to the present day. You can’t cheat this, the longer your domain name has been in the Google listings without breaking the rules, the more Google trusts you.

There is one way to gain an advantage in this area and that is to buy a domain name that has previously been listed and has ranked and aged well with the search engines. This is not always and option because the cost may be out of your budget range.

So, getting a good listing. First of all, you can get really great results by using only White Hat techniques for your SEO, you just need the right tolls in your SEM toolbox.

Primary in the toolkit for improving your search engine rankings is Google Analytics which provides a totally free solution to analysing your website and the traffic that arrives on your pages.


If you use it in conjunction with Googles Keyword Planner (designed for Google Adwords) then you can start to look at how to generate more traffic to your site.


When you are looking at the results for you keywords you will notice that the popular words cost more if you were to use Google Adwords, this is because they generate more traffic and the competition is highest with these words.

Think about that; you may want to work a bit smarter and optimise your site for less competitive keywords that will be easier to rank well with and therefore drive more traffic to your site because it will be easier to get a great ranking towards the top of the first page on Google.

One of the current trends that Google seems to like, would be to use phrases rather than one or two keywords. As people start to realise that they can be more specific in their searches, then these phrases will become better performing sources of organic traffic to your site.

Another way to help Google to “like” your site is to provide high quality content on a topic relating to your site. This sort of content needs to be produced on a regular basis and as stated needs to be high quality.

Now you may be concerned about giving away information that gives your clients the ability to do something themselves rather than using you for their work, it is true, you could lose some clients, but with more people finding your site the increased traffic will mean there will be more people who are time poor but asset rich who would rather just pay you than have to learn something new.

You could also offer access to the page only after they have signed up to your newsletter or something similar.

Writing articles is time consuming and there is a temptation to pay someone else to write the article, but they will never be as knowledgeable as you, so make time to write for yourself.

Putting the articles onto your own website might seem like the right thing to do, but in fact you should avoid it. If the article is really well written then you should put it on an Authority Site.


Authority Sites

What is an Authority Site? In simple terms this is a website that Google trusts so implicitly that almost anything that appears on the site will be accepted as quality content.

The American website Huffington Post is a great example, there are always articles and stories appearing on Facebook that take you to the Huffington Post or Onion or a similar site.

So how do you get on to Huffington Post? I give in! Much simpler to try some of the other Authority Sites like Blogger.com, Tumblr.com, Slideshare.com and WordPress.com to name just a few.

These high Page ranking sites love when you add content, their Trust high Google Trust ranking means that the link in your signature block will be enough for some of the good stuff to rub off on your site thus helping to promote your site up the Google rankings.

There are dozens of Authority Sites and the temptation to post the same article to each is best avoided, instead write quality articles every chance you get. Research your content to make sure of its value and post to different Authority Sites each time. Once you have been through the list go back to the start and keep on going.

Take your time publishing these articles, don’t release 10 at a time on different sites, trickle the work out there over weeks or Google will think you are spamming them and you will get Sandboxed or Banned!


Social Media

Use your social media to inform the world of the wonderful article you have written and link them to the Authority Site so that they can read it.

Facebook, Twitter, Digg, Reddit etc. are also Authority sites so by linking authority sites to each other and back to your own site will drive a ton of organic traffic and improve your Page Ranking.



All of these things take time, don’t expect to be on page one tomorrow because of all the work you have done following this article, it takes time.

Remember I said you have to build trust with Google; just like in real life, the more you get to know someone and like them, the more you will trust them. You wouldn’t give a total stranger your life savings to look after whilst you went on holiday for a week. But, someone you have known for a few years, someone you have really got to know and like would be more trustworthy. You still not let them look after your life savings, but you might ask them to water your plants and leave them a house key while you are away.


About Stephen Richards

Steve grew up in North Wales with his brother and sisters. He studied Computer Science at school in the days of the mainframe computer. He joined the Royal Air Force in 1976 and worked in electronics on communications and navigational equipment before becoming a member of a specialist team writing programs to test circuit boards. Eventually working on the System Management Team looking after a £3.9 million computer system, Steve got back into IT in a big way. In 2003 Steve created his first website selling e-books and vintage books online and has never looked back.

Stephen Richards owns and runs several websites but you can contact him at http://www.ctsnww.co.uk