0131 510 1234

Archive for category: Business IT

Network ROI enters MSP501 list of top global MSPs

Network ROI enters MSP501 list of top global MSPs

Network ROI is delighted to announce our inclusion in the prestigious MSP501 list for 2018.  MSP501 ranks the top MSPs from around the World. Network ROI debuted at number 280 in the global standings, positioning us as one of the top 20 MSPs in the UK and the number 1 MSP in Scotland!

MSP501 2018 Winners badge


Now in its 11th year, MSP501 recognises the best and brightest Managed Services Providers. At Network ROI, we work to continually improve our service levels, helping our valued clients thrive.

Network ROI Managing Director, Adam Johnson said “I am incredibly proud of the effort the team put in every single day when they come to work. Everyone at Network ROI is encouraged to develop their skills and take ownership of their career and being part of such an exclusive club proves the effort is worthwhile.

We aim to use this incredible achievement as a springboard to further success, growth and innovation. We aren’t competing with other MSPs; we are competing with ourselves to deliver a sterling service to a growing list of clients.”

Network ROI approaches a new milestone as we reach our first anniversary as a wholly employee-owned business. Winning industry awards and recognition is an essential part of generating buzz around the company and maintaining the feel-good factor, we are always aiming to achieve bigger and better things.

Top ten remote working security tips

Top ten remote working security tips

Severe snow and icy wind have hit the UK  with devastating effect this week. The adverse weather has made conditions treacherous, forcing schools to close as well as having a negative impact on transport infrastructure. A result of the extreme weather is an increase in people taking advantage of remote working.

Fortunately, at Network ROI, we spend a lot of time and effort planning for precisely this type of event. Acting as the IT department for growing businesses in Scotland, England and Wales, it’s important we are able to provide support in all conditions.

We host our critical services and applications in the cloud which provides our team with remote access 24/7. We have equipped our engineers with encrypted laptops for when they need to work remotely, and we use Gamma Horizon, a cloud-hosted telephony system, giving every member of our team the same direct dial number and extension – wherever we are working. Our team use Microsoft Office365, delivering further cloud-based collaboration and communication capabilities.

When working remotely, it is essential to remain secure, especially when dealing with private company information. Follow the tips below to stay secure when working remotely.

If it can be moved, encrypt it!

Before working remotely, ensure your devices and any external hard drives or USB sticks are encrypted. USB sticks, mobile phones, tablets and laptops are easy targets for criminals and are also easy to lose. Losing unencrypted data increases the risk of personal information falling into the wrong hands.  Encrypt all your mobile devices and hardware.

Enable remote wipe

Protecting mobile devices within your business doesn’t need to be taxing. Investing in a mobile device management solution such as Microsoft Intune allows users to wipe devices remotely should the device be lost or stolen, checks devices are encrypted, enforces PIN protection and can allow you to locate lost or stolen devices quickly protecting your company and personal data.

Use a VPN

A Virtual Private Network (VPN) creates an additional layer of security when using private or public networks. It does so by creating an encrypted tunnel between the location you are working from and your company network.  This ensures your data remains private as well as giving you access to your company applications and servers.  VPN technology is no longer the chore it used to be, and seamless VPN technologies make this technology transparent to your users.

Limit the use of public Wi-Fi

Public Wi-Fi is fraught with danger.  You may recall the vulnerability affecting the WPA2 security protocol known as Krack in late 2017. Be wary of connecting to public hotspots, especially those in coffee shops, train stations and airports and use only as a last resort – use your mobile data hotspot on your phone or use a VPN (as above) if using public Wi-Fi as this keeps your data safe.

Limit the use of public computers

In cases where you have no access to a company device or are fresh out of battery, you may need to resort to using a public computer. Although we strongly recommend not using public computers, here are some useful tips:

  • limit the information you send on public computers;
  • never send business-critical information, and;
  • never store passwords in browsers.

If you log into web apps such as Outlook, make sure you log out once finished. Finally, clear browser history and cache before closing down the machine.

Keep passwords strong

We can’t emphasise the importance of strong passwords enough. Cracking a weak password is perhaps the easiest and most common method used by criminals to enter company networks illegally. If you need further assistance to create strong, memorable passwords, see below to download our free password guide.


Make weak passwords a thing of the past

Have a clear remote working policy

The current weather crisis should act as a catalyst to implement a remote working policy if you don’t already have one in place. When considering a remote working policy, base it on the needs of the business and identify what resources and processes you will need to implement to enable a secure remote working policy.  Plan, document and most importantly, communicate the policy clearly to all members of staff.

Secure your network

Remote working provides criminals with further opportunities to enter the company network. A dispersed workforce accessing the company network from multiple locations can be a headache to manage and secure. Use only secure remote access methods with 2-factor authentications and consider insider threat detection software such as Zonefox to let you see who is on your system, where they are based and what information they are accessing or downloading. The software also sends alerts whenever unusual behaviour is detected.

Keep passwords and PINs secret

Never email or send password across insecure systems. If you do need to send a password, ideally use an encrypted messaging service such as WhatsApp or a text message.   Make sure never to send username and password using the same service. If you are in a public place such as a busy coffee shop – or even your office – we suggest you don’t divulge personal information such as name, address, date of birth or password information over the phone – always do this privately.

Educate your team

Our tenth and final tip is to make sure your team are well versed in remote working and include training as part of your overall information security strategy. As we have said in previous posts, your people are your main strength, but they can also be a significant weakness if they don’t know how to work remotely in a secure manner.

Need help with business continuity planning?

Business continuity planning takes a lot of hard work, but as we can testify, it is entirely worth it. Our service delivery team hasn’t missed a beat throughout the so-called Beast from the East, and we are proud of our team for delivering superb service in challenging circumstances.

When designing a business continuity strategy, consider core products and services you deliver and think about the infrastructure and training your team will need to perform their duties if and when catastrophic situations arise.

Get in touch with us if you need help planning for business uncertainties.

GDPR – Four small letters. One massive impact.

GDPR – Four small letters. One massive impact.

What is the GDPR?

The EU General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998 (the 1998 Act) when it comes into effect on May 25th this year.  The GDPR has been designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.

Consideration has been given to new technologies, business processes and data usage that have become part of the digital economy in recent years.

Principles of the GPDR

Under the GDPR, the data protection principles set out the primary responsibilities for organisations. Personal data must be:

“processed lawfully, fairly and in a transparent manner in relation to individuals.”

“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”

“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.”

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”


Download your free copy of our GDPR e-book

Lawful basis for processing under the GDPR

Although not new, the lawful basis for processing under the GDPR places more emphasis on accountability and transparency relating to how your organisation processes data.

The six lawful bases are similar to the old conditions for processing, although there are some differences – the ICO website contains more information on lawful processing.

Individual rights

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right of rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights related to automated decision making and profiling

You can read more about individuals rights on the ICO website.

Time to report a data breach

Under the 1998 Act, organisations have one month to report a data breach but once GDPR is enforceable, this period will reduce dramatically. Once a data breach has been detected, organisations will have 72 hours to investigate the violation, let the regulator know what’s happened, figure out if personally identifiable information (pii) has been compromised and have a plan to manage the threat.

Unless there are technical controls and a robust information security policy in place to mitigate the threat of a data breach, many organisations will struggle to meet these demands.

Data Protection Officer

In some circumstances, organisations must appoint a Data Protection Office (DPO). You must appoint a DPO if you:

  • are a public authority (except courts acting in a judicial capacity)
  • carry out large-scale systematic monitoring of individuals (e.g. behaviour tracking)
  • carry our large-scale processing of special categories of data or data relating to criminal convictions or offences – at this time, there is no numerical definition of “large-scale processing.”

You may appoint a data protection officer to act for a group of companies or a group of public authorities – depending upon size and data processing requirements.

Any organisation can appoint a DPO. Our Technical Director, Neil Douglas is a qualified GDPR Data Protection Officer and is always free to chat regarding your DPO or GDPR requirements.


The maximum penalty for suffering a severe data breach under the Data Protection Act 1988 is £500,000. Mobile telecoms company, Talk Talk received a £400,000 fine for failing to prevent a serious data breach back in 2015. –

Penalties under the GDPR are far more severe. A maximum fine of €20 million or 4% of global annual turnover for the most severe data breaches is on the cards. However, we don’t expect the Information Commissioners Office (ICO), the UK’s governing body to impose the maximum fine as it hasn’t done so under the existing regulations – that’s not to say they won’t impose sizeable penalties.

Subscribe to the Network ROI blog

  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.
Network ROI Christmas and New Year 2017/18 opening hours

Network ROI Christmas and New Year 2017/18 opening hours

We would like to wish all our clients a Merry Christmas and a happy, healthy and prosperous New Year. We are gearing up for an exciting 2018 and we look forward to working with you in the new year and beyond.

Over the festive period out office will be open as usual on normal working days, closing on the 25th & 26th December as well as the 1st January.

Festive opening 2017/18


From 5pm on Fri 22nd Dec
Mon 25th Dec
Tue 26th Dec


Wed 27th, Thu 28th, Fri 29th
Tue 2nd Jan onwards

Out of hours support

We can offer emergency technical support between 8.30am and 5.30pm on the 25th and 26th December, as well as January 1st.

There will be a standby rate charge of £300 for the three days, irrespective of whether you require support (equating to £100.00 per day). Calls or call-outs on these days will incur additional charges at the hourly rate detailed in your contract.

Contact us on 0131 510 1234 or email before Wednesday, 20th December if you would like to arrange out of hours support over the festive period.

BAnk Holiday Disaster

BAnk Holiday Disaster

British Airways experienced a massive bout of business turbulence over the busy bank holiday weekend when a power shutdown caused their entire IT estate to go offline. Global online systems including company websites, booking systems and call centres were crippled – leaving thousands of customers stranded in different airports across the world. It took the company almost three days to clear the backlog of travellers, many of whom have yet to be reunited with their luggage.

The fallout has been dramatic, with some reports stating the company share price shed almost £500m over a few short days. Then, of course, there’s the compensation bill that’s expected to exceed £100m and the millions of tweets and column inches of negative press that have accompanied such a high-profile situation.

Make Disaster Recovery part of your  ongoing strategy

Regardless of what went wrong and who is responsible, the key takeaway is; disasters are never planned.

The BA crisis illustrates the need for you, as a business owner or decision maker, to have a look at this unfortunate incident in greater detail:

  • Read the papers to get an idea of the scale of the impact
  • Listen to the testimonies of the angry customers
  • Think about the brand and reputational damage
  • Check the share price in the press
  • Think about how much BA relies on the internet and computing infrastructure to make money

These examples aren’t exclusive to BA; they apply to every kind of avoidable business disaster and impact every type of organisation.

Get in touch with Network ROI

If your business relies on secure, reliable and well-maintained IT to achieve growth and prosperity and you would like to have a conversation about your Disaster Recovery strategy, please fill out the form below.

Thanks for reading,


  • We'd love to keep in touch with you by email with offers, news and new product information. We treat all personal data with respect, and we promise NEVER to sell your details to third parties for marketing purposes.