Having been around since the 1970s, there are quite a few software escrow solutions on the market today. They all provide slightly different services in their own slightly different ways. Each is priced individually and independently.

When looking for software escrow, it’s important to choose a provider that meets your needs and complexities at a price that suits you, while providing the level of security that you need.

Firstly, what is software escrow?

Software escrow is a service that helps protect all parties involved in a software license from a loss of service. These parties are usually a software vendor or developer and the software user. Standard software escrow involves a neutral third-party escrow agent, such as us here at LEA&S, having a contractual obligation to hold the source code and documentation for the software in question. We can also hold the data stored on the software but this is complex due to GDPR. We usually encourage end-users to take regular data back-ups and keep control of data themselves.

SaaS escrow works in a very similar way but is in use where there are three parties involved in the SaaS service; a software vendor, a software user and a third-party hosting provider. It protects all parties against the many issues that can arise with SaaS being off-premise.

With both standard software escrow and SaaS escrow, if something unexpected was to happen to the software vendor or the third-party hosting provider, the software user would still be able to access and maintain the software. These unexpected instances cover a number of eventualities, including if the software vendor or third-party hosting provider:

• Ceases to trade
• Becomes insolvent
• Enters into receivership or liquidation
• Fails to support the software as per their support and maintenance agreement

Ultimately, software escrow protects against a loss of service. In these cases, we as the escrow agent would release the source code for the software to the software user so that they may continue to use the software, keeping their business going with little to no disruption.

How much does an escrow agreement cost with LEA&S?

At LEA&S, we pride ourselves on offering affordable escrow services. We believe that protecting your business shouldn’t break the bank.

The pricing for our standard escrow agreement is as follows:
Set up fee
£750*
IP owner/licensor – 100%
Licensee – 0%

Annual fee
£560
IP owner/licensor – 0%
Licensee – 100%

Release fee
£100
IP owner/licensor – 0%
Licensee – 100%
*this may be reduced where there are 2 or more licenses

Our pricing for our SaaS Escrow Agreement with AccessAssure is as follows:
Set up fee
£1250
IP owner/licensor – 100%
Licensee – 0%

Annual fee (REU)
£950
IP owner/licensor – 0%
Licensee – 100%

Release fee
£250
IP owner/licensor – 0%
Licensee – 100%

Is software escrow worth it?

In today’s digital and technological world, having a backup plan in case something happens to your software provider is vital. Cybercrime is at an all-time high and the COVID-19 pandemic has left many businesses feeling unsafe and unprepared. Now is the time to think twice about protecting your business-critical data.

Software escrow agreements are a way for businesses to protect their software provision and are part of any good disaster recovery strategy. By investing in software escrow, you are not only protecting your business but also demonstrating your commitment and investment in the future of your business to investors.

Convinced? We hope so. If you have any more questions about software escrow and our pricing structure, simply get in touch. You can either fill out our online enquiry form or call us on 0800 456 1115.

The post How Much Does Software Escrow Cost? appeared first on LE&AS.

Cybersecurity may be the kind of thing that many businesses brush under the rug and choose to ignore. It doesn’t bring in money or contribute to the business strategy, so there’s no time in the day to focus on it. That could be a huge mistake though, as cyberattacks can cost a business a lot of money if they are unlucky enough to be targeted.

Despite this, many small businesses still believe that it won’t happen to them. Unfortunately, multiple past studies have shown that at least 43% of cyberattacks are aimed at small businesses – and it’s arguably these businesses that it can affect the worst financially. Small businesses are often targeted because they commonly lack the support needed to protect against these attacks.

The average cost of a cyberattack on a small/micro business is £919, increasing to £3,070 for medium/large businesses. But where do these costs come from? Let’s take a look at some of the financial impacts a cyberattack can have on your business.

Revenue due to downtime

The cost of a cyberattack is not only financial. Your business is likely to need some time out to recover. If part of your IT infrastructure is down as a result, chances are it’s going to affect other parts of your business. This may disrupt your services and deliverables, hindering your business for a period of time.

Costs associated with managing exposed customer data

Data protection breaches and fines for non-compliance have become somewhat of a hot topic over the last few years, with the introduction of GDPR. The fines that come with exposing customer data are pretty substantial and can be an enormous blow to a company’s reputation. Companies have a responsibility to ensure that customer data is stored correctly and well protected. Measures such as multi-factor authentication are a good way to try and combat data breaches.

Loss of customer confidence in your company

Trust is a huge part of a customer relationship, and cyberattacks have the potential to wipe this trust out in the blink of an eye. A cyberattack can result in a loss of customers, a loss of sales and a reduction in your profits. It can have a ripple effect throughout the rest of your business, even affecting the relationship you have with your suppliers, partners, investors and other third parties.

Share price or market value drop

Perhaps you are worried about the impact on the share price of your company. This will almost certainly be affected by a cyberattack. In fact, share prices of breached companies hit a low point approximately 14 market days following a breach. Cyberattacks and data breaches can be a PR nightmare, sinking share and stock prices. This can take a while to build back up.

Business security is always worth your investment – whether that’s ensuring you have all the latest malware, training your team or implementing a range of cybersecurity protocols. You should also add investing in SaaS Escrow to your list. Whilst you can tighten up on your own security, if you rely on a third-party software provider to keep your business going, you can’t control how secure their operations are.

With SaaS Escrow, AccessAssure independently monitors your software provider’s financial position, triggering a cascade of events should anomalies rise, leaving your cloud-based software accessible for at least three months of business continuity. It offers you that peace of mind and an extra layer of security against any nasty surprises.

Got more questions? Just give us a call today on 0800 456 1115 to discuss further.

The post What’s the cost of a cyberattack on your business? appeared first on LE&AS.

Even if your employees are predominantly back in the office, you can expect that there will be a desire amongst future workers that remote working is offered as an option.

Why is remote working a security risk?

Remote working presents a challenge for business security because remote work environments don’t often have the same safeguards that an office environment would. Your employees will not be protected by those layers of preventative security controls that you may have put in place previously. When computers are taken away from the office, new risks arise; data encryption, unsecured wireless connections and the potential loss or theft of devices and data.

The good news is that evidence shows that many businesses are aware of this. In fact, UK Google searches for ‘cyber defense’ went up by 126% between January and March 2020. That’s up 116% from March 2019. Additionally, searches for other cybersecurity-related terms such as ‘cybersecurity services’ also increased by 44%.

So, what can business owners enforce to ensure that remote working is as safe as possible – now and in the future?

Avoid public wifi

This is perhaps one to flag with your workforce when the cafes reopen, but this also applies to those who may do a little work on the train whilst commuting, for example. Public wifi introduces a significant security risk and should be avoided where possible. Public wifi is just that – public. Other people can access it and therefore, the risk increases of them being able to also access your computer.

If you or your employees are out and about and need an internet connection, then encourage them to use personal hotspots from their phones instead. Although web traffic will be unencrypted between the hotspot and its destination, using a hotspot does eliminate the risk of getting hacked by those using public wifi.

Stick to using work computers

Where possible, encourage your team to stick to using work computers to complete their work. Accessing work data on personal laptops is a risk unless these personal laptops have a secure wifi connection, a VPN, encrypted drives and anti-virus software. If not, a personal laptop may not be safe for work information, as it could be compromised by a third party much easier.

Even just checking and answering a few work emails on your personal laptop one evening once you’ve returned from work can be a risk – let alone if your team began working on a personal laptop 9-5 once they made the work-from-home switch.

Make use of encryption

When minimising the risk of remote working, encryption will be your business’s best friend. Think about all those emails you send that may contain sensitive data. What happens if that is intercepted by a third party? By encrypting the data attached to an email, it prevents anyone unintended from viewing the information.

You could also ask that your employees encrypt their home wifi network. For example, their wifi router may not have a very strong password to protect the settings and configuration. The default passwords tend to be weak. Could they change this to something stronger?

Password management

And speaking of passwords, if you and your team use simple or identical passwords across different accounts, this also puts your business at risk. Although it makes passwords easier to remember, it also makes passwords easier to guess. Perhaps now is the time to run a password audit?

Alphanumeric codes and the use of two-factor authentication should become mandatory to make passwords as complex as possible and to add an extra layer of protection. It’s also a good idea to use a password manager platform, such as LastPass. LastPass stores your passwords securely and also generates complex and strong new passwords for you. If team members need to share passwords with each other, LastPass allows a way to do this safely as opposed to through an email or instant messaging platform.

Educate your team to be security savvy

It’s no use one or two people on your team being passionate about keeping the business secure – it only takes one person to make a mistake or two and security can become compromised. Your team may have no idea of the risks they face when working outside of the office, so it is up to you as a business owner to educate them.

This should include simple policies around keeping personal use and work use as separate as possible, avoiding letting their friends, family and children use their work system, and educating them on security risks such as phishing scams.

Unfortunately, online scams have dramatically increased since the COVID-19 pandemic. Action Fraud reveals that there have been over 200 reports of coronavirus-related phishing scams. Perhaps you could create a quiz for your team and present them with real and scam emails, and see if they can correctly spot the difference. It’s vital that they understand what legitimate communication looks like, and false communication.

Use secure cloud-based services

Instead of storing confidential and sensitive data locally, use secure cloud-based services where possible. Not only do cloud-based services allow you to run your business more efficiently (particularly when your team is working remotely), but they also offer much better security. A cloud host’s full-time job is to carefully monitor security, making it much safer to keep critical business data offsite.

A staggering 94% of businesses saw an improvement in security after switching to cloud-based services, and 91% said that the cloud makes it easier to meet government compliance requirements. Cloud-based services are hot on encryption, making it as difficult as possible for hackers or anyone unauthorised to view your data.

However, it’s important not to wholeheartedly rely on your cloud-based services. What happens if they become compromised? They are not immune from cyberattacks or going into administration. You rely on their consistent connection and if that is lost, how would you continue to operate? Your data will still exist, but you may not have a contractual right to access it.

That’s where SaaS Escrow comes into play. SaaS Escrow protects your critical cloud-based and off-premise software in the event of your hosting provider going out of business. It allows you to access your data for at least three months of business continuity, so you can continue with business as usual.

Don’t be without this extra layer of protection for your business. Contact us to learn more about SaaS Escrow by calling 0800 456 1115.

The post Business security whilst remote working appeared first on LE&AS.

Phishing explained

Phishing has earned its namesake by ‘luring’ people in with legitimate-looking emails, websites or advertisements and hoping that they will bite by providing the information that the criminals have requested. This is usually credit card numbers, account numbers, passwords, usernames or other valuable information.

This is often done via an email or text message. Commonly, they include a link that will appear to take you to a company’s website to fill in your information, however, it is a very clever fake. That information that you then provide goes straight into the hands of the scammer. From there, they may be able to access your email or bank accounts.

Thousands of these phishing scams are launched day in day out across the globe – but that doesn’t make them any easier to spot. Here are a few scary phishing statistics to put their success into perspective:

• 97% of users cannot identify a sophisticated phishing email
• 85% of organisations have suffered from phishing attacks
• Nearly 1.5 million new phishing websites are created each month
• 78% of people claim to be aware of the risks of unknown links in emails, yet click anyway
• SaaS and webmail services accounted for 34.7% of phishing attacks internationally

How do I spot a phishing scam?

Unfortunately, scammers are always updating their tactics in order to become ever-more convincing. There are some signs that you can look out for to help you recognise a phishing email or text message.

The aim of a phishing scam is to look like they are from a company that you know or trust, such as your bank or credit card company. They often tell a story to trick you into clicking on a link or opening an attachment. This could be:

• Letting you know that they have noticed some suspicious activity or log-in attempts
• Claiming that there is a problem with your account or payment information
• Asking you to confirm personal information
• Sending you a fake invoice
• Claiming that you are eligible for a government refund or tax rebate

Next time you receive an email like this, there are a few things that you could check. Firstly, the email address that the message has come from. No legitimate organisation will be contacting you from an ‘@gmail’ or ‘@hotmail’ account domain, or similar. Instead, they will have their own email domain which will often be the name of the company i.e. @google.com or @nationwide.co.uk. If you are unsure what a company’s domain is, you should be able to find out via a simple Google search.

And don’t be fooled by simply looking at the sender’s name. It might say the name of your bank or another familiar organisation, but if you actually check out the email address then it might not match. If it’s not a match, then you can assume that the email is part of a phishing scam.

Another thing to keep a close eye out for is copy errors within the email/text. This could be spelling errors, grammatical errors such as not including a full stop at the end of a sentence, or something very subtle like including a space before a full stop at the end of a sentence, or a capital letter where it doesn’t belong. A phishing scam may simply be poorly written and worded in a strange way that you wouldn’t expect from a legitimate organisation. This should ring alarm bells.

Examples of phishing scams

Over the years, phishing scams have evolved to take on a few different formats. Here’s a handful of the most common that you may come across:

• Standard email phishing – the most widely known form, this is an attack to attempt to steal sensitive information via an email that appears to be from a legitimate organisation
• Malware phishing – similar to above, this attack encourages the target to click a link or download an attachment. From there, malware can be installed on the device
• Spear phishing – highly-targeted, well-researched attacks generally focused on business executives, public personas and other lucrative targets
• Smishing – refers to short links to smartphone users, often disguised as account notices or prize notifications
• Vishing – involves a malicious caller pretending to be from tech support, a government agency or other organisation, trying to extract personal information such as banking or credit card details
• Pharming – a tricky one to spot, this form of phishing reroutes legitimate web traffic to a spoofed page without the user’s knowledge, often to steal valuable information
• Clone phishing – this is where your email account becomes compromised and the scammer makes changes by swapping a legitimate link, attachment or other element with a malicious one, sending it to your contacts to spread the infection
• Business Email Compromise – involves a fake email pretending to be someone from within a company requesting urgent action. This can be wiring money or purchasing gift cards. This sophisticated tactic has been estimated to have caused nearly half of all cybercrime-related business losses in 2019

How to protect your business from phishing scams

No one wants to get caught out by a phishing scam, whether you are being targeted as an individual or as part of a business. However, there are things that you can be doing – and should be doing – to protect your organisation. It’s not enough to rely on your email spam filter as scammers are always finding ways to outsmart these. Instead, you should apply extra layers of protection to make it harder for scams to reach your network, such as security software, encryption and multi-factor authentication for access.

It may seem obvious but be aware of the red flags – and make sure your employees are too. Perhaps you could offer regular training to your team to give them the responsibility to be on guard for phishing scams. Make sure you keep up to date with any new scams that emerge and how you can combat them. Treat any unexpected emails or texts with suspicion and analyse them carefully before taking any action.

The best thing you can enforce when it comes to security is prevention. Do you have a security plan in place for your business and software? If not, you should seriously consider this. Ask yourself what would happen if one of your employees was to fall for a business email compromise phishing scam. How can you avoid this?

And it’s not only your business you should worry about – what about other businesses that you rely on? Do you have a software provider that you need in order to carry out your service? External threats could break your connection with them and you may not have a contractual right to access it. In this instance, make sure you have extra protection in place with SaaS Escrow. It protects your critical cloud-based and off-premise software in the event of your hosting provider going out of business, meaning you can access what’s yours for at least three months of business continuity.

If you are interested in making SaaS Escrow part of your security business plan, then we can help. Call LE&AS today on 0800 456 1115.

The post What is a phishing scam? appeared first on LE&AS.

Unfortunately, it’s possible that many of our goals and resolutions for 2020 were thrown out of the window by the COVID-19 pandemic – especially in a business sense. After the year we’ve just had, taking back the control in 2021 and setting out some good intentions early is probably high on every business owner’s list.

So, what new year’s resolutions might you make for your business in order to get the best out of 2021?

Review your plans and goals for 2020

A good place to start is to reflect on what you didn’t get round to achieving, or what changed in 2020. Depending on your business, everything you’d planned for the year may have been totally turned upside down. Could you pick up any of these abandoned goals in 2021? Will the way in which your business had to adapt in 2020 influence the way you go into this year?

Do this exercise before planning any resolutions and goals for 2021 to put yourself in the best headspace for creating the perfect strategy for the next 12 months.

Be flexible

That being said, who knows what 2021 will bring? Of course, we all hope that we will begin to see some normality for our businesses, with a future of plain sailing. However, if 2020 has taught us anything, it’s that we cannot solidify how we do business. We can plan ahead all we like but ultimately, in 2021, businesses must be nimble and ready to change tact at the drop of a hat.

Be prepared for the unexpected and make sure your contingency plans are solid. Model as many scenarios that could affect your business as possible and think about how you would buffer the financial impact.

Support other businesses

In 2020, there was certainly a consumer shift to support small/local business. People became much more conscious of where they were spending money and, particularly around Christmas, shopping small became a focus for many in order to try and help soften the blows that many businesses felt throughout the year. As a business owner, you may support and preach the importance of supporting small/local businesses, but it can be hard to remember to practice yourself to your fellow businesses.

Whatever position you are in, set yourself the intention to help others in a similar situation as much as possible. This could be simply buying coffee and cake from your local cafe for your team on a Friday morning, showcasing some of your favourite small businesses to your following on social media, or swapping your large office supplies company for a smaller one. Whatever it may be, make an effort to shop small.

Perfect remote working

Many businesses that had never had to implement remote working before were suddenly forced to in 2020. They may have muddled by, finding their feet along the way, but remote working is unlikely to be going anywhere for a while. We might as well spend some time getting it right in 2021.

Last year shone the spotlight on so many remote working platforms that exist to make it smoother and more efficient. You should make sure that you are nailing the right instant messaging platform for your team to communicate, the perfect schedule of weekly meetings and catch-ups, and making sure your team has what they need to comfortably carry out their day’s work at home. Remote company culture needs to be a priority, so make it work for you.

Implement cybersecurity protocols

If cybersecurity has never really been a focus for your business, make 2021 the year where you begin to care. If your company experiences a breach, it could lead to major losses. That’s the last thing you need if you are getting back on your feet throughout 2021. Protection is paramount, so ensure that you are implementing robust enough protocols.

If you just take one step towards a more secure business in 2021, let it be SaaS Escrow. If you rely on a third-party software provider to keep your business going, then what happens if they go out of business? The pandemic has put thousands of businesses in a vulnerable position. Whilst you may be going into 2021 feeling strong, other businesses you rely on may not. You can never be too careful. With SaaS Escrow, AccessAssure independently monitors your software provider’s financial position, triggering a cascade of events should anomalies arise. It leaves your cloud-based software accessible for at least three months of business continuity.

We’ve had enough of nasty surprises. Make 2021 the year of protecting your business from anymore disruption. We offer favourable terms or deferred payments on escrow provision. Just give us a call today on 0800 456 1115 to discuss further.

The post 5 Business New Year’s Resolutions for 2021 appeared first on LE&AS.

The run-up to Christmas, Christmas Eve, and Boxing Day are all-systems-go in the retail world, whether that’s in a bricks and mortar store or online. With the tier system in full swing in England and lockdown restrictions continuing their hold, we’re unlikely to see streets packed with Christmas shoppers this year. It’s more likely that people will be working through their gifting lists online, from the safety of their own homes, putting a little more pressure on eCommerce stores.

Online retailers invest in eCommerce software to meet the huge demands placed on them, and this has never been so important. But what happens when things go wrong? Here are a few of the top IT-related risks and threats to your business continuity this season and how software security can help you.

Cyber-attacks

Even the safest of companies can still find themselves up against cyber-attacks. It’s often the more modest businesses amongst us that are the ones to suffer, however, with 43% of cyber attacks targetting small businesses. And hackers don’t take a break over Christmas. In fact, Christmas is the ideal time to cause a storm for an eCommerce business.

A cyber-attack could be in the form of ransomware, a phishing attack, or malware – to mention but a few. The aim of the game is to infiltrate and paralyse your system, software, and services. Hackers are becoming more and more sophisticated, and you should never consider yourself to be 100% safe and untouchable. To avoid being hit with a cyber disaster this Christmas, invest in a few things that will proactively detect and prevent threats to your business.

This could be in the form of robust virus protection, encryption encoding to add an extra line of defense between your software and outside threats, multifactor authentication for your access controls, and investing in online security education. Knowing what’s out there and how to be vigilant is not to be overlooked – and that goes for both you and those within your team.

Data breach

Data has become somewhat of a hot topic in recent years, with the introduction of GDPR legislation. GDPR has meant that businesses, governments, and individuals alike can experience huge complications and consequences from having sensitive information exposed. Without the right processes and attention, a small vulnerability can cause a massive data breach.

With Christmas being such a busy and consuming time, hackers can see this as an opportunity to seep through the cracks whilst business owners are distracted. Not only this but as our computers, mobiles, and tablets get more connective features, there are more and more places for data to slip through. New technologies are being created faster than we can protect them.

A data breach can have a devastating effect on a business’s reputation and finances – not to mention its data breach victims. Data leaks can reveal everything from social security numbers to banking information, inviting fraudulent activity. Protect your business and your customers by updating any software as soon as you’re given the option, making use of encryption encoding, enforcing strong passwords for customers, and educating your team on how to avoid these attacks.

Software Access

It’s not only your business you need to worry about. What happens if your SaaS service or software provider goes out of business? The COVID-19 pandemic has put thousands of businesses in a vulnerable position, so you can never be too careful. Losing your cloud-based technology access would be catastrophic at the best of times, let alone at Christmas. It can also result in the loss of access to business-critical data too.

To avoid this, you should implement SaaS Escrow into your business plan this season. AccessAssure independently monitors your software provider’s financial position, triggering a cascade of events should anomalies arise. This means that your cloud-based software will be accessible for at least three months of business continuity. Think of it as the best Christmas gift you could give to your business – and yourself!

Want to know more? Give us a call today on 0800 456 1115 and let us help you get your software security wrapped up in time for Christmas.

The post Is your software security wrapped up?! appeared first on LE&AS.

However, as this demand continues to grow, so too do the opportunities for hackers to steal sensitive information. For this reason, security within the SaaS world is becoming more and more of a focus – and rightly so. Here are a few best security practices that you should follow when creating your SaaS solution…

Take advantage of encryption

Encryption is a great way to encode your data to protect it from unauthorised users, however, the majority of SaaS companies do not use it. Vast amounts of personal information may be stored on your application. GDPR is still a hot topic, and keeping this data private is really important.

Encryption provides integrity, confidentiality, and authentication for you and your users. Even if someone is trying to access your data, they will not be able to decode it without the encryption keys. That’s because encryption scrambles readable text so that it can only be read by the person who has the secret code, or decryption key. It provides a final line of defense that protects data, even when compromised by hackers. But remember – make sure it’s you that has control of the encryption keys, rather than allowing a hosting or cloud solution company to manage them.

Create a security-first culture

There’s no use just one or two members of your team championing security if the rest of the team using the platform aren’t enforcing it at the same level. Everyone who manages, administers, or operates IT infrastructure needs to become security conscious. Infusing security into your organisational culture puts security at the top of the priority list.

Could you offer or outsource regular training to your team on security risks and threats? Hackers are forever becoming more sophisticated, and new cyber risks are emerging all the time, so the learning should never stop. Implementing a solid security training programme within your team is a good way to enforce and remind individuals of their role in business security, and the difference that their efforts to be hyper-aware can make.

Use multifactor authentication & good password security

Focus on your access controls both internally and externally. These are the gateway to your software. For instance, you may usually grant access to your employees if they are connected to the corporate network. What happens if they are working remotely and try to access whilst off-network? Incorporating multifactor authentication means that you can be assured of their identity, and grant access accordingly. This could involve a verification code being sent to a mobile phone or email address. If it’s someone outside of your network who should not be trying to access, the multifactor authentication is sophisticated enough to keep them out.

It’s also a good idea to require two-step authentication or minimum password length and character variety for accessing your software. Insist that your customers use more complex passwords to protect their details. This also serves as an indication to them that you have made the effort to make your platform as secure as possible. Factoring in specific personal questions for password reset – such as the name of your hometown or your first pet’s name – is also wise. These two methods may seem obvious, but they can be easily missed in the haste to launch a product. Who knows – perhaps in the future we’ll be logging in via thumbprint and retina scans instead!

Fail to prepare, prepare to fail

When it comes to security, prevention is key. Always develop a detailed security plan before you launch your product and make sure every member of your team understands it fully. By pinpointing all of the scenarios in which security could be compromised in the future, you can find some sort of a solution to combat each one.

For instance, what happens if your software provider goes into administration? You are relying on their security and consistent connection in order to operate – but external threats could interrupt or break that connection. Your software and data will still exist, but you may not have a contractual right to access it. Make sure you have extra protection in place with SaaS Escrow. It protects your critical cloud-based and off-premise software in the event of your hosting provider going out of business. Instead of being left with a blank screen and inaccessible data, you’ll be able to access what’s yours for at least three months of business continuity. It’s a no-brainer.

Want to know more about SaaS Escrow? We can help. Call LE&AS today on 0800 456 1115.

The post Security best practices for SaaS platforms appeared first on LE&AS.

We’ve picked out three security risks that your SaaS customers are worried about, and what you can do to minimise these risks, keeping your customer’s data – and trust – safe and sound.

Who else has access to their data?

GDPR and keeping data safe is no joke. When you are taking your customer’s data, you need to be security-conscious. Ensure that everyone within your business knows how to handle data and keep it safe. This needs to become a focus within your business culture. Could you offer training to your team on the risks and threats of potential data loss? This is a good way to enforce and remind individuals of their role in business security.

And what about suppliers? External agencies? Your hosting or software provider? Will anyone else be handling your customer’s data, alongside yours? If so, try to take the time to understand the procedures and protocols that these companies have in place to protect it. All providers are required to include this information in the conditions of their Terms of Agreement, so it’s worth familiarising yourself with that. Make sure that you are always communicating to your customers what you and any third-party companies are doing to keep their data safe. Any company can fall victim to cybercriminals – big or small.

Are customers at risk of identity theft?

It’s commonplace for SaaS providers to require payment for their services via credit or debit cards online. It’s easy, it’s quick and it’s simple. But it does open up concerns for your customers about potential risks of identity theft. If your website isn’t secure, then your customers might be at risk of having their card details stolen.

If you can signpost that your website is secure, then customers will know that they are using their card details safely. They should be able to see a padlock symbol in the address bar next to your website address, your website address should start with https:// (the S stands for secure), and your customers should be able to access your valid certificate by clicking the aforementioned padlock symbol.

There are also a few security protocols that you can put in place to prevent problems, such as a firewall or an identity management solution.

How stable is your company?

It goes without saying that all customers want to rest assured that they are putting their money into a SaaS company that is secure and stable. There are so many SaaS software companies out there on the market today, and they are continuing to grow in popularity. This is great for users, as there are a wealth of options out there. But can all SaaS providers keep up with the growing market? If they can’t they might end up shutting down as they can no longer compete.

You might be, and might look to your customers, like a solid, stable company. The numbers add up and business is good and steadily growing. But what about the health of your software provider? To truly make your business safe and secure, make sure that you factor SaaS escrow into your disaster plan. It protects your software in the event of your software or hosting provider going out of business, meaning that you can continue providing your services without a hitch. Your customers won’t have to worry about your business coming into hard times by no fault of your own. If you’d like to know more about SaaS escrow, give us a call today on 0800 456 1115.

The post 3 security risks your SaaS customers are worried about appeared first on LE&AS.

During lockdown number one, the government helped to protect businesses with various grants and the furlough scheme. Whilst the government has announced a number of protections for businesses during this second wave, whether it will be at the same level this time around is not clear. So, how can you protect your business the best you can in the event of a second lockdown?

Remote working

Most businesses experienced remote working in some capacity during the first lockdown, and this is expected to continue with the latest government advice stating to ‘work from home if you can’. With that in mind, ensure that you have sufficient support networks in place for any employees who will be working from home. Even though remote working may not be anything new at this point, mental health risks are still present. Just when many employees thought their office-based working lives were continuing to normal, this may have been taken away again.

Your business is bound to run more smoothly when you have happy and comfortable employees, so never underestimate the importance of prioritising their wellbeing. This could involve ensuring that all IT equipment and systems available to your team are as efficient as possible to make remote working easier, providing extra support and understanding to those who aren’t able to obtain childcare whilst working from home, or simply putting processes in place to keep everyone as connected as possible.

If you do need to keep employees in the office, it is your responsibility to implement all the necessary health and safety procedures to keep them as protected as possible whilst at work. You can find lots of resources on exactly how to do this online, and particularly on the Gov UK website. Be aware, however, that you can take all safety precautions in your office, but under section 44 of the 1996 Employment Rights Act, employees do have the right not to attend work if they reasonably believe that doing so would pose a ‘serious and imminent’ risk to their health and safety.

Be frugal now

If your business struggled during the first lockdown, you need to be thinking about how to maximise profit margins and how to best control your spending. Put the work in now to ensure you’re in the best financial position possible, given the circumstances.

Squirrel away any extra cash and seek deferrals from landlords, banks, and suppliers where possible. Research and make use of any extra funding that might be available to you, or any temporary loans that you can apply for. Now is the time to cut back where possible and give yourself some breathing space if a second wave begins to have a negative impact on your business.

Plan for every eventuality

If COVID-19 has taught us anything, it’s that we just don’t know what is around the corner. To best protect your business’s future, plan for anything and everything. Be aware of your financial position and what effect a second wave could have on this. Model as many scenarios that could affect your business as possible and try and make a plan in advance to buffer the financial impact. When thinking up these scenarios, don’t forget to factor in any third parties that you rely on to keep your business running and providing a service to your customers.

For example, if you rely on a third-party software provider, what would happen if they went into administration? You might be feeling fairly confident about your business’s chances of making it through the second wave, but businesses that you work with and rely on might not be so lucky. It’s something that you can easily miss when simply focusing on your business’s financial health.

With SaaS Escrow, you can be protected against any possible financial fallout should your software provider go into administration. AccessAssure independently monitors your software provider’s financial position, triggering a series of events should anomalies arise to protect and maintain your software’s accessibility for at least three months. If you’d like to know more, give us a call today on 0800 456 1115.

The post Second COVID-19 lockdown? How to protect your business appeared first on LE&AS.

Internet security is a real issue these days, with hackers becoming wiser and wiser to new strategies to get their hands on your data; think data breaches, theft and vulnerability to viruses. It’s particularly worrying for many businesses today who rely on storing their data digitally in the cloud or on a server, or for those who rely on a third party other than their software provider. It’s important to review your data security, and who has access to it.

Assess your data

Start by deciding what data within your business needs to be protected and where this data is located. Think about anything that would lose you sales or customers if it failed, or anything that would impact your customer service processes, damage to your business’s reputation, resources required to perform priority tasks and important reference materials or operating procedures. Generally speaking, any critical business process will equate to critical business data.

Also, if something should happen to your software provider, how easy will it be to retrieve your business critical data? Many SaaS application’s data is stored alongside other End Users data and sometimes on a number of different servers. End Users may consider requesting a regular data download to a server under their control and in a format that is transferable to alternative applications.

It can be expensive to protect every single piece of data within your business, which is why it is important to make an assessment and prioritise what is truly critical. This is usually around 20% of your total business data. Ask key people within your business what data they need to stay afloat and what they could temporarily function without. You may feel like you are managing exceptional circumstances, but it’s something you may wish to consider if you don’t want your business to be a casualty of another business out of your control.

Who can access

Next, ask yourself who has access to your business critical data. Is it your employees? If so, it’s important to ensure that they know how to handle this data and how to keep it safe. Everyone who manages, administers or operates IT infrastructure needs to become security conscious, so make this a focus within your business culture. Could you offer training to your team on the risks and threats of potential data loss? This is a good way to enforce and remind individuals of their role in business security so that it becomes second nature to them.

Ask yourself who has access to your business critical data. Suppliers? External agencies? Your hosting or software provider? Any other third party companies? If something were to happen to these businesses, what would happen to your business critical data? You may not have considered the contractual obligations of third parties.

For example, many of us quite rightly would not expect Amazon AWS or Microsoft Azure to go out of business anytime soon. However, if they are hosting your application and data and the contract with them is through your software provider, they are not obligated, structured or likely to be inclined to deal with you if your software provider goes out of business for whatever reason. Similarly, as an End User, you may have no experience of managing the Azure platform for instance in order to maintain access to your software.

Disaster-proof your data

Using digital and cloud-based solutions boasts so many advantages, but will always come with its risks. You’re relying on their security and a consistent connection with providers and external threats could interrupt or break that connection. What happens if your software provider goes out of business? Your software and data will still exist but you may not have a contractual right to access it. You’ll want to make sure you have some extra protection in place.

Make SaaS escrow part of your disaster plan. It protects your critical cloud-based and off-premise software and data in the event of your software or hosting provider going out of business. Instead of being left with a blank screen and inaccessible data, your cloud-based software and data will be accessible for at least three months of business continuity. If you’d like to know more, give us a call today on 0800 456 1115.

The post Who really has my business critical data and how safe is it? appeared first on LE&AS.