On 3/1/2018 (last week) news broke in the media of two security vulnerabilities which will impact almost every computing device in active use today. Named “Spectre” and “Meltdown”, the vulnerabilities arise because of design flaws in CPUs from Intel, AMD, Qualcomm and ARM which have existed for decades – and they’re important because they allow access to information in memory that should be out of reach, whether that’s passwords, keys or other data.

The vulnerabilities themselves were discovered last Summer, but have been kept under wraps whilst the vendors concerned could find a solution for them. It was believed that no-one was actively exploiting them, but early last week sample code emerged on the Internet which increased the risk of non-disclosure to a level that couldn’t be justified and the issues became public knowledge.

As the root cause of both flaws is hardware design, it’s quite possible that the true solution for them will end up requiring new CPU hardware – but that’s a long, far-reaching change to achieve (think new computers/servers/devices), and a faster remedy is essential. In response key vendors such as Microsoft, Apple & Google have worked to provide software patches in order to mitigate the exploits on their platforms (where they can), and other software vendors (whether operating system or application/browser vendors) are coming forward with patches for their products.

The result is a patchwork of approaches which is only now emerging. And because the focus of those patches is to mitigate a low-level hardware problem, issues with performance (described as anything from ‘neglible’ to ‘30%’ overhead) and compatibility are also beginning to emerge.

Whilst the industry’s response to these vulnerabilities is robust, it’s not yet coherent – it’s going to be a difficult few weeks while these issues are ironed out.

In order to get you started, here’s some additional information along with guidance from the key players you’re likely already working with:-

The Exploits

Meltdown – (CVE-2017-5754 – rogue data cache load) – this is an exploit specific to Intel CPUs going back to 2011 (and possibly to 1995) which allows user applications to reach into kernel memory (or ‘protected’ memory, a design feature which is relied on for data security and system stability) and collect information to which those applications have no right.

It’s relatively straightforward to exploit and sample exploit code is (as of 4/1/18) available on the web. However it’s reported that the hacker must have local access to the machine in order to use the exploit

Spectre – (CVE-2017-5753 -bounds check bypass, CVE-2017-5715 – branch target injection) – these exploits are so-named because they rely on a CPU queuing feature titled ‘speculative execution’ which can be abused to grant arbitrary collection of data from virtual memory which should be out of reach (principally because they are intended to be beyond security boundaries and into other apps, the kernel or an underlying hypervisor).

Spectre can be exploited by visiting a website with which includes malicious code, however it’s a vulnerability that’s described as much harder to exploit (plus also much harder patch/resolve).

It applies to Intel, AMD, Qualcomm and ARM CPUs going back up to 20 years – effectively every computing device on the planet (including smartphones) is vulnerable.

Vendor Guidance


Microsoft have provided patches for many (but not all) of their operating system platforms – but note that automatic updates won’t be installed unless you (or your antivirus product) create a ‘compatibility flag’ in the registry for each device
Windows Client:
o Windows 10 released (4/1/18) for RTM, 1511, 1607, 1703, 1709, requires “compatible antivirus” and registry key change to enable automatic update
o Windows 8.1
o Windows 7 SP1
NOTE: Some indications that patching devices with AMD Athlon X2 CPU (end-of-life in 2008) is failing and rendering those devices unusable
Windows Server:
o Windows Server 2016 released (1607, 1709 (core))
o Windows 2012 R2 – released
o Windows 2012 – not yet available
o Windows 2008 R2 – released
o Windows 2008 – not yet available
NOTE: A list of compatible antivirus is available in a community managed list here (Trend is compatible but requires a manual registry key for auto update)
Further information from Microsoft is available here

Apple released patches for their affected product ranges during December, so customers should be covered by keeping up to date
Apple Devices: All devices except Apple Watch are vulnerable (specifically Mac and iOS)
o iOS: patched included in v11.2
o macOS: patch included in v10.13.2
o tvOS: patch included in v11.2
Apple suggest only downloading apps from trusted sources such as the App Store

Google have confirmed that they have released patches, access to them will depend on whether you have a Google-branded device (i.e. Nexus, Pixel) or one from a partner using Googles operating systems
• Android: Patches released 5/1/2018 for ARM, Google-supported Android devices should be set to accept monthly updates for January 2018 to benefit, partner-supported devices subject to partners own scheduling
• ChromeOS: Upgrade to v63 when available

• Redhat – patches available, described here, customers encouraged to upgrade to latest kernel
• SUSE – patches available, described here
• Ubuntu – patches available 9/1/2018, described here

App-Specific patching:
• Chrome – Google suggest enabling site isolation to improve security, patch due on 23/01/18 (v63)
• SQL Server – guidance provided here

Public Cloud:
• AWS: Patch rollout on EC2 was already in progress when news broke, believed to have completed on 4/1/18. Customers directed now to patch their EC2 instances.
• Azure: Patch rollout was already in progress, now accelerating. Customer VMs now being forced into automatic reboots wef 3/1/18. Microsoft say performance impact should not be ‘noticeable’ from patch, however it is present. Further information here
• Google Cloud Platform: patched, declared secure


As mentioned above, patching for Spectre is more difficult – this is borne out by the limited range of patches available. However, it’s also more difficult to ‘productively’ exploit Spectre, so you may accept that the resultant risk is lower.

• Windows Client: not yet available
• Window Server: not yet available
• Apple Devices: not yet available
• Android: not yet available
• ChromeOS: not yet available
• Redhat: not yet available
• VMware: patch information available

App-Specific patching:-
• Firefox – specific mitigations released to Beta/Dev channels –
• Safari – patch planned

And what about responses from the chip-vendors themselves?

Update – 9/1/2018: Intel CEO Brian Krzanich made statements in his speech at CES 2018 overnight that patches for 90% of its products would be available ‘within a week’

Our Recommendations

Meltdown and Spectre are significant vulnerabilities and we highly recommend that you patch for them as soon as you’re able. However, the inter-dependencies across products warrant care and testing, so consider applying the patches in a test group (with all your apps) first and then moving forward as quickly as you can whilst containing any risks.

And if you need support, we’re ready to help.

5 Steps to get your business GDPR ready

Like it or not, General Data Protection Regulation (GDPR) is coming, and it will affect your business. Make sure your business is ready before the May 2018 deadline.

The EU’s GDPR is coming in May 2018 and it will affect all sorts of organisations in the UK, even despite Brexit. In our last article, we discussed the fines that face businesses that fail to comply with GDPR when it comes into force next year. Based on the size of the figures, it is so important that you ensure your business is ready to comply with GDPR. Being unaware is not an excuse.
To help you out, we at entrustIT have put together this handy guide of five important steps your business can take to get yourself ready for next May.

1. Review and plan

This seems like an obvious one, but many organisations will not adequately plan for the GDPR changes.
Have a detailed review of the methods you have in place to protect your data. Keep in mind that GDPR fines are imposed in the event of a data breach. Is your business data secure? Is it backed up regularly? Are the servers holding your data constantly monitored against threats? Do your consent processes meet GDPR standards?
These are just a handful of the really important questions you will need to ask yourself as you prepare for GDPR. Asking, and indeed answering, these questions is the first step to developing a plan for what needs to be changed before May 2018.
It may be prudent to work with a partner with a strong tech security focus. Your partner will be able to advise you on the best ways you can get yourself GDPR ready. In some cases, your partner will be able to bring your data into their ecosystem, therefore storing your data to the standards required in GDPR. Most Managed Service Providers (MSPs), such as entrustIT, will be able to do this for you.
The process of planning and implementing data protection changes is likely to take plenty of time. At time of writing, there is just over a year until GDPR takes effect. It is therefore crucial that you begin planning immediately.

2. Test your defences

Since GDPR fines are in place to punish organisations with weak cyber defences, making sure your cyber defences are strong should be a top priority. You may wish to perform penetration testing, which is a test that outlines where the vulnerabilities in your organisation lie. If you have the resources to do this internally then do, but if not, it would be a good idea to find a company to do this for you externally.
An organisation with strong cyber defences will have strong backup and disaster-recovery methods built in to their cyber infrastructure. Their servers will have monitoring tools in place to ensure that any intrusions are stopped before they can spread and cause real damage.
For larger organisations with more financial clout, this is something that can be done in-house. However, small or mid-sized organisations may benefit from seeking the advice of a cloud services provider, such as entrustIT. At entrustIT, security is built in to all our systems and we can help you get your data stores to a GDPR ready state.

3. Get acquainted with your Data Protection Commissioner

As I discussed in the previous article, each country in the EU has a Data Protection Commissioner’s Office. In the event of a data breach, it is your responsibility to notify the relevant authority for your country. In the UK, this is the Information Commissioner’s Office. The full list of Data Protection Commissioner’s Offices in the EU can be found here.
Engaging with your relevant commissioner will help you to get valuable advice for GDPR compliance, as well as educating your employees as to who they need to go to in the event of a breach. It would be wise to have the contact details of your relevant Data Protection Commissioner stored in an easy to access folder or on display somewhere in your office.
The reason for doing this is that a data breach is a stressful time. In times of stress, mistakes can be made. Having the commissioner’s details easy to access will help to ensure that you contact the correct commissioner and that you are reminded to do so. Remember, you have a 72-hour deadline with which to do this before incurring fines.
74% of UK SMEs had a data breach in 2015. It can happen. The lesson from Hatton Garden is that a determined intruder is difficult to keep out, but being prepared is key to minimise damage.

4. Prioritise

The process for compliance is a long one. As a result, you may need to prioritise actions that present the highest risk to the business if left unchecked. These priorities will be different for each organisation, since every organisation has a different level of data security and has different strengths and weaknesses.
Take into account how long each process will take to complete. This may affect how you prioritise. Secondly, be realistic and maybe even critical of your current position. It is better to be over prepared than under prepared.
It may not be possible to be completely compliant for GDPR when it comes into effect in May 2018. This is particularly true as the deadline looms. It is therefore crucial that the areas that present the biggest risk to you are addressed first. For example, your organisation may already have strong server monitoring, but not a clear consent process for data processing. In this scenario, it would perhaps be foolish to spend the next 12 months strengthening your server monitoring at the expense of the consent process.

5. Implementation

When you have planned, tested and prioritised the measures you need to take to ensure GDPR compliance, it is time to implement the measures.
Implementation measures may include data mapping exercises, drafting notices and policies and conducting training and audit programmes. For your organisation to be GDPR compliant, it is important that all members of your team are pulling in the same direction. Therefore, ensure that they are aware of GDPR, what it is, what the consequences are, and what policies they need to adopt to prevent falling foul of the regulation.
Your staff must understand why it is important to be GDPR compliant, or else some of the new processes they will need to undertake may feel like an unnecessary burden and be neglected.
If your organisation requires one, you must hire a Data Protection Officer (DPO) [see previous article]. Ensure that your DPO is a GDPR expert and give them all that they need to continually keep your organisation compliant. You’ll thank them for it.
GDPR seems daunting, but with detailed planning and the right information you can ensure you are compliant without too many headaches. Hopefully, these last two articles have helped cut through some of the complexity surrounding GDPR.
If you have found this helpful, please share it among your friends and colleagues, and download our essential GDPR white paper here.

5 Ways GDPR will impact your business

GDPR (General Data Protection Regulation) is coming into effect on 25th May 2018. With it come a number of important changes for all types of businesses.
GDPR is complicated, but it is crucial that businesses in the EU comply with the regulation. Despite the fact that the UK is leaving the EU, GDPR will still affect us as it comes into force before 2019.
GDPR will impact your business in a number of ways. In an effort to make GDPR easier to understand, we at entrustIT have picked out the five most important ways GDPR will impact your business.

1. Larger fines for non-compliance

GDPR replaces the Data Protection Act 1998 in the UK, and with that replacement comes far heavier fines for non-compliance. The fine structure is split into two tiers, Tier 1 and Tier 2.
Under GDPR structure, should your business suffer a data breach, it must be reported to the UK’s Information Commissioner’s Office within 72 hours (more details on what will be required is in our forthcoming whitepaper). Failure to notify the ICO results in fines being imposed.
Depending on the severity of the breach, and how important the data that has been put at risk is, your fine will fit into one of the two tiers.
Tier 2 is the lower of the two, but still commands a fine up to an eye watering €10m (£8.6m), or 2% of the previous year’s global turnover, whichever is greater.
Tier 1, which is reserved for the most damaging breaches, carries a fine of up to €20m (£17.25m), or 4% of global annual turnover, whichever is greater.

2. Changes to ‘consent’

One important change that GDPR brings is the requirement for consent when handling personal data.
In the past, companies could handle personal data as long as the user in question didn’t ‘opt-out’. The process for opting out was often not immediately obvious or complex and resulted in personal data being processed without the end user necessarily realising.
This has been completely changed in GDPR. Now, in order for a company to process personal data for an end user, they are required to have specific consent for that type of use from that user. Not only that, but they must keep records of when that consent was given, and these records should be available to give to the authorities when required.
Furthermore, the end user has the right to withdraw consent at any time. As a business, you will be unable to lawfully process personal data until you receive their consent. Any business found to be improperly processing personal data will be fined at the highest level of the two tier system and will also experience significant reputation damage .

3. Changes to breach notifications

We touched on this in point 1. In order to provide a data protection standard across the European Union, GDPR includes a single breach notification requirement. Currently, all EU member states have their own data protection laws. Some are strong, but some are very weak. Organisations in member states that have weaker data protection may not have had to notify any authority of a data breach. GDPR seeks to bring all member states in line with each other regarding breach notifications.
A personal data breach is defined as the breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.
In the event of a personal data breach, the relevant supervisory authority must be notified within 72 hours of discovery of the breach. Each member state has their own authority. In the UK, it is the Information Commissioner’s Office (ICO).
You must be able to provide the ICO with details on the nature of the breach, the approximate number of people affected and the contact information of the organisation. You must also be able outline measures you will take to reduce further risk to those affected.
Failure to do so can result in a Tier 2 fine.

4. Data Protection Officers (DPOs)

Under GDPR the following businesses must appoint a Data Protection Officer (DPO):
• Public Authorities
• Organisations whose core activities consist of processing operations which by virtue of their nature, scope or purposes require regular and systemic monitoring of data subjects on a large scale
• Organisations whose core activities consist of processing sensitive personal data on a large scale
These DPOs must have “expert knowledge” of data protection law and must report directly to the highest management level – they also cannot be told what to do regarding their tasks and cannot be dismissed or penalised for performing their tasks – a big responsibility indeed!
The DPO will advise its employer on compliance with GDPR and continuously monitor whether the company is complying correctly. The DPO will also act as the main contact with the regulatory authority in event of a data breach.

5. Privacy by Design

GDPR introduces ‘privacy by design’ as a legal requirement. This means that for the designing of all new systems, data privacy measures must be built in from the start, rather than added in at a later date.
Therefore, organisations are required to hold and process only the data they absolutely need, as well as limited access of personal data to those members of the organisation that explicitly need it.
This means that in the development of any new product or service, your organisation must make data protection an integral part of the design of that product/service. The legislation itself is not clear what exact measures you are expected to take, but it is clear that data protection will have to be a focus for all organisations under GDPR.

Did you find this blog post helpful? If so, please like and share it with your friends and colleagues. Look out for the next article in our series on GDPR entitled “5 steps to get GDPR ready” coming soon. | Download our GDPR whitepaper here


As you’ll likely have noted from recent media coverage, on Friday 12th May a new type of ransomware (named variously WannaCrypt/WannaCry/WCry) began appearing on computers running Microsoft Windows worldwide – within a matter of hours this infection spread to tens of thousands of devices across nearly 100 countries, causing significant issues for the affected organisations (including the NHS in the UK).

Whilst Friday’s outbreak was subsequently halted through the actions of security professionals, new variants have already begun to appear which cannot be controlled in the same way and that extend the risk of damage to organisational data.

What Is The Risk?

Ransomware is not new – this malicious software (malware) is designed to strongly encrypt your most important files (by targeting particular file types), at high speed, rendering them inaccessible to you. Once the files have been encrypted the application will move on to making demands for an untraceable payment using Bitcoin (an online currency) in return for the promise of a decryptor for your own data.

In this instance the ransomware has been combined with a technique (details) which allows infections to travel from one machine to another – this means that the malware spreads quickly between connected machines, such as on a company network. It is this combination which has made the outbreak so widespread and the impact so visible.

A number of defences are available – Microsoft began protecting against this combination of vulnerabilities using a security patch which became freely available in March 2017 (details). This family of patches provides cover for all currently supported versions of Windows (Windows Vista/Server 2008 or newer), but Microsoft have taken the uncharacteristic step of also providing patches for Windows XP/Server 2003 as a service to their customers.

Further information on the outbreak, as well as suggestions from the UK National Security Cyber Centre are available here:-
Latest Statement
Briefing – Protecting Your Organisation From Ransomware

What can you do?

There are 3 courses of action that we strongly recommend – both within an organisation, and for home/consumer users
1) Ensure that Windows Update has installed all recommended patches, or download and install the specific patch which suits your Windows version which closes the vulnerability that the current outbreak takes advantage of (details here, see below)
2) Ensure that your desktop/server antivirus product is up to date, and run a scan
3) Ensure that you have a backup for your data which is not accessible/vulnerable to ransomware, or if you don’t have a backup take steps to make one as soon as possible
4) Remain diligent when opening emails (and particularly attachments) from correspondents that you don’t recognise (fake or ‘phishing’ emails are a regular source of malware, part of a chain of events that can lead to ransomware arriving on your machine)

How can we help?

If you are a customer using our hosted services, please be assured that we are already defending against these vulnerabilities (just as you’d expect).

If you’re a customer who entrusts us with support for your servers and/or workstations, we will in touch with you to discuss your situation as a matter of priority throughout Monday. For many, the necessary steps will already have been taken.

If you are a PAYG customer and/or a customer with machines which you’re managing yourselves, we’d like to provide the following list of links which may be useful to you in finding the correct security patch against the vulnerability being used by the current WannaCrypt outbreak:-

Vulnerability Operating System Download Link
Windows 10

Windows 10 x64

Windows 8.x

Windows 8.x x64

Windows 7

Windows 7 x64

Windows Vista

Windows Vista x64

Windows XP

Windows XP x64

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Windows Server 2008

Windows Server 2008 x64

Windows Server 2003

Windows Server 2003 x64

If you need assistance with any steps recommended above to defend against with this outbreak please get in touch:-
• Email:
• Phone: 0330 002 0046

entrustIT complete acquisition of Tiva IT Solutions

We are pleased to announce that on March 31st 2017, entrustIT completed the majority acquisition of Tiva IT Solutions Ltd, based in Farnham, Surrey.

Tiva are an IT Support business with a strong regional focus and have been trading for 10 years. They focus on contract IT Support to businesses within a 25 mile radius of their base, but with some national presence. Tiva’s ‘proactive’ approach to on-premise IT support has proved particularly popular with local businesses and the company has seen strong growth in the last few years.

“We are really pleased to have Tiva on board” comments Jeff Dodd, Managing Director of entrustIT, “They have a really strong local brand and they will be a great addition to the entrust family.”

Post–acquisition, Tiva will continue providing first class customer service as  normal. and will work with our sister company, entrust Creative Technology to build an even stronger regional focus, including cloud products from the entrustIT range.

If Trump has his way, we’ll all lose some freedom

This article is from Issue 28 of Modern Law Magazine, to read the full issue click here or visit

If you’ve read the news at all recently, it is likely you will have heard about President Trump’s executive orders because in his first week and a half he has signed thirteen. In the hubbub surrounding order number thirteen, the ‘Muslim ban’, another order has slipped past the scrutiny of the mainstream press – and it is an order that could rob EU citizens of their online privacy.

The focus is on Section 14 of the ‘Enhancing Public Safety in the Interior of the United States’ order, which states: “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

The EU-US “privacy shield” provides EU citizens with the promise that their data, should it ever be processed in the U.S, is protected with ‘essentially equivalent’ privacy protection once it gets there. The deal is only six months old but with one stroke of his pen, Trump may have wiped it out.

The European Commission has already responded to the order, stating that the privacy shield “does not rely on the protections under the U.S. Privacy Act” but also that they will “continue to monitor” the situation. Given that Mr. Trump has previously voiced opposition to cyber privacy – most notably when he called on his supporters to boycott Apple after their much publicised case with the FBI – all of us should be concerned that our freedoms could be eroded under the Trump administration.

U.S. based companies dominate our working lives. Microsoft’s Office 365 is expected to surpass 100 million users worldwide in 2017 and Apple’s iCloud has over 782 million users. If President Trump encourages U.S. tech companies to share customer data with law enforcement, the privacy of EU citizens is in real jeopardy.

It’s time to act. Technology, particularly cloud technology, is not going away and it is impractical to suggest we revert to storing data in ring binders and filing cabinets. It is practical, however, to suggest we store our files & data in the UK or EU countries. EU privacy law is far stronger than its U.S. counterpart and will afford the citizen far more protection. Invest some time in studying your technology partners, do they store data overseas? Is your data subject to EU data protection laws?

Are you a legal firm relying on Office 365 email to handle your sensitive communications…?

President Trump has already shown how tough he is prepared to be when cracking down on security and has hinted he has little regard for cyber privacy. It is the responsibility of those who are privy to sensitive information to ensure it is protected. Are you doing all you can to protect your client data?

Grab a tin foil hat, your TV is watching you.

The opinions expressed in this article reflect those of the author, Tom Dodd, and not entrustIT

In the past, if you claimed that the Government was listening into your conversations through your TV, you might be placed in a straitjacket and carted off to the nearest mental health facility. Unfortunately, thanks to a huge data release by WikiLeaks this week, your claims would be entirely justified.

As a consumer, you may have heard of the “internet of things”. Perhaps you scoffed at the thought that your fridge needs an internet connection. The principle is that the internet of things allows us the ability to control aspects of our appliances from our smartphones. Modern appliances are becoming internet enabled and we are each being pushed to embrace a ‘smart home’, whereby our computers, televisions, lights, heating and even door locks can be controlled via apps on our smartphones. The theory sounds great, but the reality may be far darker.

WikiLeaks creates more headaches for the Government

On 7th March, WikiLeaks issued a press release codenamed “Vault 7”. In it are details of the CIA’s cyber-weapons programme, called ‘zero day’. These include malware, viruses and Trojans. The several hundred million lines of code included in zero day give the possessor the entire hacking capacity of the CIA. The leak even reveals a tool to listen in on conversations using smartphone or smart TV microphones. What’s more, the CIA (and GCHQ) appear to have been extremely irresponsible with the handling of these tools.

After the Edward Snowden leaks, the Obama administration promised that security vulnerabilities discovered by intelligence services would be released to the US based tech manufacturers on an ongoing basis. The Vault 7 leak shows that the CIA has instead been hoarding discovered vulnerabilities – presumably since they wanted them to remain open. The trouble is, if US intelligence agencies are aware of these flaws, is it not reasonable to assume that other agencies are too? Or that they will be in the future?

By discovering these flaws (in popular operating systems such as Windows, iOS, MacOS and Android) and opting not to inform the developers, they remain open to exploitation – including by those who seek to do harm. Specific CIA malware revealed in the leak is even able to penetrate both iPhone and Android software running presidential Twitter accounts. Given President Trump’s love affair with Twitter, and that one tweet from his account has the power to send stock prices plummeting, or worse still, potentially start a war, how valuable is that malware to a dangerous hacker?

Edward Snowden has had his say on the leaks

A difficult balancing act

Balancing public safety with public freedom is a difficult process. You may feel entirely relaxed about the intelligence agencies’ ability to hack into your TV if it means that you don’t become a victim of terrorism. However, in an effort to protect the public from violent terrorism, the CIA has left the public open to cyber terrorism. Some would argue that cyber weapons have the potential to deal more damage than conventional weapons. Once malicious code is out there, it is relatively easy to copy and extremely difficult to control. The very fact that this latest leak has been released indicates that the CIA and NSA cannot keep control of their sensitive data.

To be concerned about dangerous hacking tools falling into the wrong hands, or the possibility that you could be spied on in your own home is no longer a paranoid delusion. The threat is very real. The agencies that exist to protect us have left us vulnerable as a result of their recklessness.

The Bottom Line

Vault 7 is a goldmine of information – and it is damning for the agencies involved. Not only have intelligence agencies been working hard to discover vulnerabilities to spy on citizens, they have kept them to themselves – leaving them open to be exploited by hackers and terrorists. Whilst it is entirely justified to monitor terrorists, who determines who is a terrorist? How broad is that definition? We must be careful that we do not let intelligence agencies abuse the threat of terror to justify robbing us of our freedom.

In the short term, we can expect to see major tech companies patching the vulnerabilities exposed in Vault 7. Yet, we now have an idea of the lengths major intelligence agencies will go to in order to harvest information. More vulnerabilities will be found, and likely hoarded, until they are again exposed. The public should not sit by and accept that this a reality of modern life. These agencies must be held accountable for their failings.

The press release of Vault 7 can be found here. If you have an interest in cyber security – it is worth reading.

New entrust CT website launched!

old to new

The old… and the new

Your new home for IT Support and services in Hampshire, Dorset and the South of England.

entrustIT is pleased to announce the release of a completely revamped website for our sister company, entrust Creative Technology. The new website refreshes the dated design of the previous site and brings it a clean, modern feel.

entrust Creative Technology is an IT partner for SMEs in Hampshire, Dorset and the South, providing IT Support, IT Consultancy, Office 365 and Managed Wireless for companies across the South of England, particularly in main towns and cities such as Southampton, Bournemouth, Portsmouth and Winchester – to name a few.

“The new website is the culmination of months of work.” comments Tom Dodd, of the marketing team at entrustIT. “Initial feedback is positive. The aim of the website is to be as clear and concise as possible, and I think it achieves that.”

entrust Creative Technology (formally MLJ Creative Technology) was enquired by entrustIT in 2009 and has over 20 years of experience providing IT support and consulting to businesses in Hampshire and Dorset. Following on from success at the parent company, entrustIT, the team at entrust Creative Technology are looking to increase their presence in the local area. The new website is just one of the many ways in which the team is looking to achieve that goal.

entrust Creative Technology offer IT Support contracts, where a member of the team will fix IT issues whenever they arise – which is perfect for SMEs that can’t justify a full-time IT manager. The team also provides professional IT consultancy from technicians with decades of IT experience, as well as enterprise grade Wireless Networking solutions, which help you get the best possible speeds out of your internet line and Office 365 support and implementation, Microsoft’s own brand cloud solution for business. For the majority of every day IT issues, you’ll find a solution at entrust Creative Technology.

Visit or call 0330 002 0045

Microsoft increase price of Surface tablets by 15%

Mountain View, CA, USA - Sept. 4, 2016: Microsoft Silicon Valley Center. Microsoft SVC is the software giant's presence in the Silicon Valley of California.

Following on from their raising of the price of cloud products on January 1st, Microsoft have announced that the price of their flagship Windows devices, the surface tablets, will also rise by up to 15.1%.

Microsoft cite the cause for this price increase as the falling value of the pound since the EU referendum. Since 23rd June, sterling has fallen by 16% against the dollar.

“In response to a recent review we are adjusting the British pound prices of some of our hardware and consumer software in order to align to market dynamics,” it said in a statement.

“These changes only affect products and services purchased by individuals, or organisations without volume licensing contracts.”

This means that the price of the 1TB Surface Book, the top of the range Surface model, has risen to an eye-watering £3,049.00, while the cheapest Surface Book is now £1,449.00.

Microsoft is not the first tech company to raise prices in the UK, with companies such as Apple, Dell and HP also raising prices since the EU referendum.

Microsoft Calls Time on Windows Vista

Close-up part of young man using his laptop while sitting at his working place

Microsoft has officially announced that it will end support for Windows Vista on April 11, 2017. This follows on from the end of support for the popular Windows XP in 2014. End of support means that from April 11, 2017, Microsoft will no longer release regular updates and security patches for Windows Vista.

What does this mean?

Without any security patches, Windows Vista will be vulnerable to cyber attack and it will therefore be unsafe to use after April 11, particularly if you use your PC for banking or internet shopping. If you own a PC running Windows Vista, now is a good time to think about updating it.

What options are there for me?

Windows 10 is Microsoft’s current Windows platform, and it is here to stay. In fact, Microsoft have a major update in the pipeline. This update will focus more emphasis on animations and visual effects, with the goal of creating a more aesthetically pleasing user experience. The new update, called Project Neon, is set to be debuted in May and released later this year.

If your PC is not currently running Windows 10, unfortunately you have missed the free update offer. However, depending on the hardware specification of your PC, it might be a better option to upgrade the machine entirely. Microsoft cite Windows 10’s minimum requirements as a 1GHz processor or faster, coupled with 2GB of RAM and 16GB of free hard disk space. Remember, these are minimum system requirements. If you would like a PC that runs fairly quickly, my recommendation would be that you at least double the minimum requirements. That means 2GHz processor or faster and 4GB of RAM or more.

How do I check my PC specification?

It’s actually really easy to do. On a Windows 7/Vista PC, click start > control panel > system and your specifications will be listed in the window. If you do own Windows 10 but feel your computer is a bit slow, the process is slightly different. Click Start > settings > system > about.

Your cyber security is so important

As was common around the Windows XP support deadline, some users do not feel the need to update or upgrade a PC that has served them faithfully for a number of years. Vista was a less popular operating system than XP and many of its users moved on to Windows 7 at its release. However, for those that are still running Windows Vista, it is crucial that they upgrade before April 11. A study by PwC in 2013 found that 63 percent of SMEs were attacked by an outsider in that year. Why make it easy for those outsiders to attack you?

Don’t leave yourself vulnerable – upgrade your Vista PC before April 11.