Cobweb, an award-winning managed IT services and consultancy provider, is pleased to announce the acquisition of Coretek, a leading IT managed service and infrastructure company. This strategic move aims to enhance Cobweb’s service offerings and strengthen its position in the IT services market.
With over 25 years of experience, Cobweb has been a leader in delivering cloud solutions, IT consultancy, and fully managed IT services to businesses across the UK. The acquisition of Coretek, a company with more than two decades of expertise, strengthens Cobweb’s capabilities, allowing it to offer an even broader range of solutions to customers of both businesses.
Coretek has built a strong reputation for providing fast and friendly IT support, cloud solutions, IT consultancy and infrastructure services. Their commitment to delivering effective IT systems aligns with Cobweb’s mission to keep businesses productive and secure in any setting.
“We are excited to welcome Coretek into the Cobweb family,” said Clare Satchwell, Managing Director at Cobweb. “This acquisition allows us to combine our strengths and provide an even higher level of service and wider product portfolio to our clients. Together, we will continue to innovate and deliver exceptional IT solutions that meet the evolving needs of businesses.“
Clients can expect a seamless transition and continued access to the high-quality support and services they have come to rely on.
Advisors
Cobweb were advised by Moore Barlow (legal) and Evelyn Partner (tax). Coretek were supported by Prism Corporate Broking (M&A advisors) and TC Group (legal).
For further information contact Richard Meek on richard.meek@cobweb.com.
Microsoft has announced that Skype will be discontinued by May 2025, signalling a shift toward Microsoft Teams as its primary collaboration platform. While a free version of Teams is available, it has significant limitations that may hinder business productivity. Companies looking for seamless communication, enhanced security, and advanced collaboration tools will benefit greatly from upgrading to a paid Teams plan.
Microsoft Teams Free vs. Paid: Key Differences
The free version of Teams offers essential communication features, including chat, file sharing, and group meetings. However, as businesses scale, they often encounter roadblocks that can impact efficiency. Here’s a breakdown of the main limitations of Teams Free and the advantages of a paid subscription:
Meeting Duration & Capacity – Free meetings are capped at 60 minutes with a maximum of 100 participants. Paid plans extend meetings up to 30 hours and allow 300+ participants, making them ideal for webinars and larger teams.
Storage Space – The free plan includes just 5GB of storage per team. Paid plans start at 10GB per user and can go up to 1TB per user with Microsoft 365 subscriptions, ensuring sufficient space for all documents and media.
Meeting Recordings & Transcripts – Teams Free does not support meeting recordings or transcriptions. In contrast, paid plans allow businesses to record meetings, generate automatic transcripts.
Security & Compliance – The free version lacks advanced security features, making it less suitable for businesses handling sensitive data. For companies that take security seriously, paid plans offer multi-factor authentication (MFA), data encryption, compliance tools, and IT admin controls to ensure robust protection against cyber threats and unauthorised access.
Why Businesses Should Upgrade
Investing in a Teams paid plan ensures better collaboration, stronger security, and higher productivity. Businesses gain longer meeting times, increased storage, advanced file sharing, webinar hosting, and seamless integration with third-party applications.
With Skype’s retirement, now is the perfect time for businesses to upgrade to Microsoft Teams Paid to ensure reliable, secure and scalable communication for the future.
AI is evolving fast, and so are the security risks that come with it. Keeping AI systems secure isn’t just a job for developers – it’s a shared responsibility across IT teams, security professionals, and business leaders. That’s why the government has introduced a Code of Practice for the Cyber Security of AI – a practical guide to help organisations protect their AI systems from threats.
Whether you’re setting up AI tools, managing infrastructure, or overseeing compliance, this Code provides clear steps for IT departments to boost security at every stage for your business – from initial planning to monitoring and retirement.
Design your AI system for security as well as functionality and performance
3
Evaluate the threats and manage the risks to your AI system
4
Enable human responsibility for AI systems
5
Identify, track and protect your assets
6
Secure your infrastructure
7
Secure your supply chain
8
Document your data, models and prompts
9
Conduct appropriate testing and evaluation
10
Communication and processes associated with End-users and Affected Entities
11
Maintain regular security updates, patches and mitigations
12
Monitor your system’s behaviour
13
Ensure proper data and model disposal
Secure Design
Principle 1: Raise Awareness of AI Security Threats and Risks
AI security threats are constantly evolving. IT leaders should make AI security a key part of regular cybersecurity training and updates. Whether it’s newsletters, internal briefings, or hands-on workshops, everyone – from security teams to decision-makers – needs to stay in the loop.
Principle 2: Design your AI system for security as well as functionality and performance
Security shouldn’t be an afterthought. Before rolling out AI systems, IT teams need to assess risks, involve key stakeholders, and plan for potential security challenges. If you’re using third-party AI tools, conduct a proper risk assessment before signing off.
Principle 3: Evaluate Threats and Manage Risks
Threats like data manipulation and model poisoning within AI are real. IT security teams should continuously evaluate risks and put safeguards in place. If certain risks fall under external vendors, make sure you have clear security agreements in place.
Principle 4: Enable Human Responsibility for AI Systems
AI can enhance efficiency, but humans should always have the final say in critical decisions. IT teams must ensure AI systems are transparent, with clear (human!) oversight mechanisms in place.
Secure Development
Principle 5: Identify, track and protect your assets
AI-related assets (like models, datasets, and APIs) should be logged, secured, and protected from unauthorised access. IT leaders need to ensure that disaster recovery plans specific to AI are in place as well as backup plans in case of data loss or security breaches.
Principle 6: Secure Your Infrastructure
AI systems are only as secure as the infrastructure they run on. IT teams should enforce strict access controls, separate test and production environments, and have a clear vulnerability disclosure policy and AI-specific incident response plans.
Principle 7: Secure Your Supply Chain
AI systems rely on third-party models, datasets, and software components, so if you’re using external AI models or datasets, do your homework. Vendors should meet your security standards, and IT teams should regularly review third-party tools for risks.
Principle 8: Document Your Data, Models, and Prompts
Maintaining a clear audit trail for AI systems is essential for security and accountability. IT teams should document AI data sources, security measures, and any changes to prompts or configurations to track potential risks.
Principle 9: Conduct Appropriate Testing and Evaluation
Before rolling out an AI system, run it through rigorous security testing. Independent security reviews should be part of the process, and any vulnerabilities found should be addressed before launch. It must be ensured that AI outputs do not unintentionally expose non-public data or allow users to manipulate system behaviour.
Secure Deployment
Principle 10: Communication and Processes for End-Users and Affected Entities
IT teams need to ensure that end-users understand how AI systems work, what data they collect, and how to use them safely. Clear communication helps build trust and ensures security best practices are followed.
Secure Maintenance
Principle 11: Maintain Regular Security Updates, Patches, and Mitigations
AI security doesn’t end at deployment. Regular updates and security patches must be applied, and IT teams should have a plan in place for handling vulnerabilities in legacy systems. Any major changes to your AI system should trigger a new security assessment.
Principle 12: Monitor Your System’s Behaviour
Ongoing monitoring helps detect threats early and so IT teams should track system logs and AI model performance to catch potential security issues before they escalate.
Secure End of Life
Principle 13: Ensure Proper Data and Model Disposal
When an AI system is no longer needed, IT teams must ensure that sensitive data and models are properly disposed of. If the system is being handed over to another team or vendor, security risks must be addressed beforehand.
Final Thoughts
AI security isn’t just an IT issue, it’s a shared responsibility that involves security teams, business leaders, and end-users. The Code of Practice for the Cyber Security of AI offers a solid framework to help organisations stay secure while adopting AI. By taking a proactive approach, IT teams can ensure AI systems are safe, compliant, and trustworthy in the long run.
If you need any help when it comes to implementing AI within your business, please do not hesitate to reach out to us.
In today’s digital landscape, data is the most valuable asset for any organisation. Cyber attacks, hardware failures, and human error pose constant threats, making a robust data backup strategy indispensable. Failing to secure your data – especially by not employing a trusted third-party backup – is widely regarded as a fundamental Data Loss Prevention (DLP) failure.
The Different Types of Backup Solutions
Full Backup
A full backup creates a complete snapshot of all selected data at a specific point in time. It offers a straightforward recovery process since every file is in one location. However, full backups require significant storage space and can be time-consuming to execute regularly.
Incremental Backup
Incremental backups record only the changes made since the last backup – whether that was a full backup or another incremental backup. This method is efficient in both storage and time, though restoring data may involve piecing together multiple backup sets, which can add complexity to the recovery process.
Mirror Backup
Mirror backups maintain an exact replica of your original data in real or near real-time. They provide immediate recovery options, crucial for mission-critical operations. Yet, because they duplicate the entire dataset, they require storage equivalent to the primary data and can be compromised if the original system is breached.
Immutable Backup
Immutable backups are designed so that once data is written, it cannot be altered or deleted—even by administrators. This unchangeable quality is vital for protecting against ransomware and other malicious attacks, ensuring that your backup remains pristine and trustworthy.
Air-Gapped Backup
Air-gapped backups are physically or logically isolated from your primary network. By disconnecting these backups from any network access, they remain impervious to cyber threats, including ransomware and network-based attacks. Although they may be less convenient for immediate restoration, their isolation offers unmatched security.
The DLP Failure of Overlooking Third-Party Backups
A truly effective DLP strategy hinges on more than just internal backup methods. Relying solely on in-house systems is widely regarded as a fundamental DLP failure. When backups are stored internally, any breach or system failure risks compromising both your primary data and your backup copies.
Third-party backups are essential because they provide a secure, external layer of protection. These solutions ensure that even if your internal systems are compromised, you have an isolated, reliable copy of your critical data. Organisations that neglect third-party backup solutions expose themselves to severe risks, including:
Extended Downtime: Without an external backup, recovering from data loss can lead to prolonged operational interruptions.
Financial Losses: The cost of recovering data without a robust, third-party solution can be enormous, both in terms of time and money.
Reputational Damage: In today’s competitive market, the inability to swiftly restore data can severely damage your organisation’s reputation.
Legal and Regulatory Repercussions: Inadequate data protection can lead to breaches of compliance, resulting in regulatory fines and legal challenges.
The Bottom Line
Data backup is far more than an IT chore – it is a critical element of your organisation’s overall DLP strategy. A comprehensive approach that incorporates full, incremental, mirror, immutable, and air-gapped backups is essential. Most importantly, integrating third-party backup solutions is non-negotiable. Ignoring this crucial step is widely viewed as a fundamental DLP failure, leaving your organisation vulnerable to catastrophic data loss.
Investing in a robust, multi-layered backup strategy is investing in your organisation’s future. In a world where data is the lifeblood of every business, ensuring its safety through an uncompromising DLP strategy is paramount. Do not allow the absence of a third-party backup solution to be the weak link in your data protection armour.
In March 2022, Tuckers Solicitors, a well-regarded UK criminal defence law firm, was fined £98,000 by the Information Commissioner’s Office (ICO) following a ransomware attack that exposed sensitive client data. This incident highlighted key areas for improvement in IT security protocols and serves as an important reminder to law firms about the necessity of strong cyber security measures, particularly in relation to patch management and multi-factor authentication (MFA).
Background
In 2020, Tuckers Solicitors experienced a ransomware attack that resulted in 60 court bundles, containing highly sensitive medical and witness statements, being published on the dark web. While the attack itself was a criminal act, the ICO investigation found that certain security gaps contributed to the extent of the breach. Specifically, a delay in patching a critical vulnerability and the absence of MFA were identified as areas where security measures could have been stronger in line with General Data Protection Regulation (GDPR) compliance.
Delayed Patch Implementation
In January 2020, the UK’s National Cyber Security Centre (NCSC) warned about a security flaw in Citrix’s Application Delivery Controller (ADC) and Citrix Gateway. This flaw could allow hackers to take control of affected systems without needing a password. Organisations were urged to update their systems immediately, and Citrix released a fix on January 19, 2020.
However, the update was not applied until June 2020, around five months later. The Information Commissioner’s Office (ICO) saw this delay as a compliance issue, highlighting the importance of fixing security risks quickly—especially for organisations handling sensitive information. While it’s unclear if this specific vulnerability led to a data breach, staying up to date with security updates is a key part of keeping personal data safe and following industry best practices like ISO 27002 and NCSC Cyber Essentials.
Multi-Factor Authentication (MFA) Negligence
In addition to patching delays, the absence of multi-factor authentication (MFA) for remote access was identified as a security gap. The ICO noted that implementing MFA could have reduced the risk of unauthorised access to the firm’s network. Given that cyber attackers often exploit single-factor authentication methods, enforcing MFA is widely recommended as a crucial security measure. The ICO concluded that by not implementing MFA, Tuckers increased the likelihood of unauthorised access, which is an important consideration under GDPR’s requirement for maintaining adequate security.
Encryption and Other Security Failures
The ICO also identified opportunities for strengthening data security, particularly regarding encryption. Personal data stored on the firm’s archive server was not encrypted, which posed a potential risk given the sensitive nature of the information. While encryption might not have prevented the ransomware attack, it could have helped mitigate risks associated with data exposure. The ICO reaffirmed that encryption is a valuable tool in protecting personal data, aligning with best practices outlined by both the ICO’s Security Outcomes and the Solicitors Regulation Authority (SRA).
Failure to Meet Cyber Security Standards
In October 2019, the firm did not pass a Cyber Essentials assessment. Given the sensitive nature of the data it handled, the ICO expected the firm to meet or exceed the required standards. The Commissioner expressed concern that, even 10 months later, the necessary improvements had not been fully implemented, highlighting the importance of addressing security gaps in a timely manner.
Lessons for Law Firms
This case underscores the importance of proactive IT security measures, particularly for legal practices handling sensitive client information. Here are some key steps law firms can take to enhance their cyber security:
Timely Patch Management: Implement security patches as soon as they are released, especially for critical vulnerabilities. If in-house resources are limited, partnering with a managed service provider such as Cobweb can help ensure prompt patching and ongoing cyber security support.
Implement Multi-Factor Authentication (MFA): MFA is a simple yet effective way to add an extra layer of security. Law firms should enforce MFA for all remote access to systems reduce the risk of unauthorised access.
Encryption of Sensitive Data: Data encryption should be a standard security measure for law firms, especially when dealing with personal data. While it might not prevent all types of attacks, it adds an additional layer of protection against data theft or unauthorised processing.
Meet Cyber Essentials Standards: Meeting and exceeding the Cyber Essentials standards can help law firms maintain a robust security framework. Regular security audits further support best practices.
Adhere to Data Retention Guidelines: Ensure that personal data is stored only for as long as necessary to avoid compliance risks.
Conclusion
The ICO’s findings highlight the importance of maintaining strong cyber security practices within the legal sector. As the legal industry continues to digitise, firms must prioritise their IT security to avoid costly penalties, protect their clients, and maintain trust in an increasingly complex regulatory environment.
If your law firm would like to explore cyber security solutions, our team is here to assist in strengthening your IT environment.
Dive into the full Microsoft Copilot product portfolio. From BizChat to Copilot Studio, and expert tips on integration and prompt guidance, this eBook reveals the Copilot tools you may not have explored yet.
What's inside?
The Full Product Portfolio: Discover each individual Copilot product, from Copilot Chat to Copilot Studio.
Prompt Guidance: Learn how to craft effective prompts to get better results.
Integration Guidance: Get step-by-step advice on securely implementing Copilot into your business.
A Day in the Life of a Copilot User: See how Copilot can save you time and streamline your workflow.
The Digital Operational Resilience Act (DORA) is an EU regulation designed to help financial institutions handle IT-related disruptions like cyber attacks and system failures. With digital threats becoming more advanced, DORA sets clear standards for managing risks, reporting incidents, testing resilience, and overseeing third-party IT providers.
If you’re operating in the EU financial sector, complying with DORA isn’t optional—it’s a legal must. But beyond just meeting regulations, following DORA helps protect financial services across Europe from cyber risks and unexpected IT breakdowns.
Who Does DORA Apply To?
DORA covers a wide range of financial organisations, including:
Banks and investment firms
Crypto-asset service providers
Insurance and reinsurance companies
IT service providers working with these financial entities
Now, let’s break down the key areas of DORA and what businesses need to focus on:
DORA Requirements
DORA is built on 5 core pillars that guide financial institutions in achieving operational resilience:
1. ICT Risk Management
Financial institutions must put strong risk management strategies in place to protect against cyber threats and system failures. This includes:
Developing secure networks and encrypted databases.
Performing regular risk assessments to identify weaknesses.
Implementing controls to mitigate risks and enhance security.
Establishing protocols for detecting, protecting, and recovering from ITincidents.
Creating robust backup policies and recovery procedures.
Ensuring clear communication at all levels.
In short, your IT risk management strategy should cover everything—from identifying threats to recovering and learning from incidents. If you’re unsure where to start, our IT strategy toolkit could help with this.
2. ICT Incident Management
When IT issues happen, financial institutions must respond quickly and efficiently. DORA requires businesses to:
Detect, report, and investigate IT-related incidents
Set up a solid incident management process with clear reporting channels
Notify the relevant authorities promptly when incidents occur
Having a structured plan in place ensures quick resolution and minimal disruption. Need a starting point? Our Incident Response Plan Template could help guide you.
3. Testing Digital Operational Resilience
Regular testing is key to making sure IT systems can handle cyber threats. Some of the required tests include:
Vulnerability assessments and scans
Open source analyses
Network security assessments
Gap analyses
Physical security reviews
Questionnaires and scanning software solutions
Source code reviews
Scenario-based tests
Compatibility testing
Performance testing
End-to-end testing
Penetration testing
These tests help you assess the effectiveness of your ICT risk management strategies and identify areas for improvement. Depending on the size and nature of your organisation, DORA’s testing requirements may vary in strictness.
If you handle testing internally, DORA requires you to bring in an external provider at least once every three years.
4. Managing Risks from ICT Third-Party Providers
DORA introduces strict rules for how financial institutions must manage their third-party IT providers to reduce cyber security risks, including:
Develop a clear strategy for using third-party ICT services.
Regularly review and assess third-party risks.
Perform thorough checks on suppliers before signing contracts.
Have an exit strategy in place to reduce reliance on any single provider.
These steps ensure financial institutions stay in control of their IT security, even when outsourcing services.
5. Cyber Threat Information Sharing
DORA encourages financial organisations to share cyber security insights with industry peers to strengthen collective defence. This includes:
Indicators of compromise (IoCs) to detect potential attacks
Cyber security alerts and updates from industry forums
Threat mitigation strategies to proactively defend against cyber risks
By sharing information, financial entities can stay ahead of emerging threats and improve overall security across the sector.
Consequences of Non-Compliance with DORA
Not following DORA can lead to serious consequences, such as:
Being forced to stop certain activities
Facing fines and penalties
Public notices may be issued, disclosing the names of non-compliant entities and the individuals responsible.
Where to Start with DORA Compliance?
The first step is to conduct a Gap Analysis to identify areas in your business that need improvement with regards to DORA compliance. It’s important to get the leadership team onboard and start creating a DORA compliance roadmap which aligns with the 5 pillars, including roles, tasks, deadlines, checklists and future planning.
Where to Get Help
Achieving DORA compliance can be complex, but financial institutions don’t have to navigate it alone. Organisations can seek support from:
Regulatory Bodies – Consult the European Insurance and Occupational Pensions Authority (EIOPA) and other EU financial authorities for guidance.
Industry White Papers & Documentation – Detailed technical guides can help clarify requirements.
Your IT Provider – Work with your IT provider to ensure alignment with DORA requirements.
Many firms struggle with the budget, time, and expertise required for DORA compliance. Implementing all requirements at once can be overwhelming, which is why leveraging external support is often beneficial. As a trusted IT provider, we offer the tools and expertise to help financial institutions navigate DORA compliance efficiently. Whether it’s IT management, risk mitigation, or system testing, we can support you in achieving compliance with confidence.
An essential resource for navigating today’s fast-changing technology landscape, our IT Strategy Toolkit helps align IT initiatives with business goals, ensuring technology drives long-term success.
Receive your IT Security Incident Response Plan Template
Creating an IT incident response plan can feel like a pretty heavy task, given the extensive planning involved. Where do you begin? Our template provides a practical starting point, helping you prepare your business to handle IT incidents in any situation.
What's inside?
Based on NCSC's incident management guide
Easily customisable
Features checklists, tables, and flowcharts for better planning
AI is rapidly transforming the way we work, and generative AI is one of the key technologies driving this change. Microsoft has been at the forefront of this evolution with Microsoft 365 Copilot. Designed to seamlessly integrate into Microsoft 365 applications, Copilot helps businesses boost productivity, streamline workflows, and unlock new possibilities.
But how exactly does Microsoft 365 Copilot add value to your business? In this article, we explore 4 key ways Copilot can make a meaningful difference, with practical examples to show how it can help your team work smarter and faster.
1. Productivity
In any workplace, productivity is critical, yet a significant amount of time is spent on repetitive tasks, such as scheduling meetings, writing emails, or summarising documents. This is where Microsoft 365 Copilot shines. By automating these tasks, Copilot frees up time for your employees to focus on high-value work.
Automated Workflows: Copilot can draft emails, generate reports, send reminders, and more—saving valuable time in your day.
Simplified Communication: Copilot enhances communication with features like language translation, content summarisation, and personalised assistance. This allows teams to access and share information quickly and effectively.
By handling routine tasks, Copilot helps employees be more productive and ensures workflows run smoothly across your organisation.
2. Business Operations
One of the greatest advantages of Microsoft 365 Copilot is its seamless integration with the tools your team already uses, such as Teams, Word, Excel, Outlook, and PowerPoint. This means Copilot works within your existing systems, helping your business improve efficiency without requiring major changes.
Smart Features in Everyday Apps: Summarise Teams meetings, draft PowerPoint presentations, or get an overview of your Outlook inbox with Copilot’s intelligent capabilities.
Cross-Application Insights: Need to pull statistics from an Excel spreadsheet while working in Word? Copilot makes it easy to transfer data across apps, reducing manual effort and minimising errors.
Cost Optimisation: By automating tasks, reducing errors, and offering insights into your business’s spending, Copilot helps cut operational costs.
With these capabilities, Copilot makes everyday processes faster, simpler, and more cost-effective.
3. Creativity
When it comes to brainstorming and creative work, Microsoft 365 Copilot can be a game-changer. By providing intelligent suggestions and ideas, Copilot empowers your team to think outside the box and develop innovative solutions.
Brainstorming Made Easy: Simply type a prompt, and Copilot will generate creative ideas or solutions to get you started.
Marketing Powerhouse: Use Copilot to analyse data and identify trends, then generate data-backed marketing strategies tailored to your business and audience.
Content Creation: Whether it’s social media posts, blog ideas, or creative copy, Copilot helps streamline content creation and ensures it aligns with your goals.
By combining creativity and data, Copilot enables your team to innovate more efficiently and produce better results.
4. Decision-making
Data is at the heart of modern business decisions, and Microsoft 365 Copilot makes it easier to extract insights and identify trends in real time. This helps your team make informed decisions faster and with greater confidence.
Real-Time Data Insights: Copilot can analyse large datasets and highlight key trends or opportunities that might otherwise be missed.
Advanced Data Analysis: Use Copilot to support tasks like data engineering, visualisation, and reporting, enhancing your team’s analytical capabilities.
Code Generation: For advanced users, Copilot can create code for tools like Power BI or lake houses, helping you unlock new ways to use your data.
Whether you’re analysing sales trends or tracking operational performance, Copilot gives you the tools to make smarter, data-driven decisions that keep your business ahead of the competition.
Ready to Get Started with Copilot?
Microsoft 365 Copilot is a powerful tool that can transform the way your business operates. From boosting productivity and creativity to improving efficiency and driving smarter decisions, Copilot adds tangible value to your workflows.
If you’re ready to explore what Copilot can do for your business, we’re here to help. Our team can guide you through the process, ensuring you get the most out of Copilot every step of the way.
Get in touch with us today and start your journey toward a smarter, more efficient workplace.
Recent Comments