SPEAK TO US TODAY 03 9069 2188 03 9069 2188

Category Archives: MSP

IT Support, Managed IT Services, MSP

How do partnerships between my business and my MSP look?

How do partnerships between my business and my MSP look?

Business partnerships between your team and a Managed Service Provider (MSP) can be a powerful way to enhance your organisation’s IT capabilities. MSPs provide a wide range of IT services, including network management, data backup and recovery, security and software development. They also alleviate some of the IT burdens that small and medium-sized enterprises face and they offer technical expertise, cost savings and the ability to improve the end-user experience, as well as to improve security and to create a better employee experience. Ultimately, a healthy, long-standing partnership is what both parties are aiming for.  

What might this relationship look like?

Here are some insights into what business partnerships between your team and an MSP can look like:

  • Collaboration and Communication: One of the essential elements of a successful partnership between your team and an MSP is collaboration and communication. Your team and the MSP need to work together closely to ensure that the services provided by the MSP align with your business goals and objectives. Communication is critical to ensure that expectations are met and any issues are addressed promptly.
  • Clear Service Level Agreements (SLAs): Service Level Agreements (SLAs) define the services to be provided by the MSP and the performance standards that will be met. Clear SLAs ensure that your team and the MSP have a shared understanding of the services to be provided, the timelines for service delivery and the expectations for service quality. SLAs also provide a framework for measuring the performance of the MSP and ensuring that service delivery meets the agreed-upon standards.
  • Customised Service Offerings: MSPs offer a wide range of services and it’s important to choose an MSP that can tailor their offerings to meet your specific needs. Customised service offerings ensure that you get the services you need, without paying for services that you don’t need. Your team and the MSP should work together to identify the most important services to your organisation and develop a customised service package.
  • Continuous Improvement: Technology is constantly evolving and working with an MSP committed to continuous improvement is essential. The MSP should have a process for identifying new technologies and service offerings that can benefit your organisation. Regular meetings between your team and the MSP can ensure that you are aware of new services and technologies that can improve your IT capabilities.
  • Scalability: As your organisation grows, your IT needs will also grow. The MSP should be able to scale their services to meet your changing needs. A good MSP will have the resources and expertise to provide the services you need, regardless of your organisation’s size or complexity.

Tips for building a strong partnership with your MSP

Choose your Provider Wisely

We have an entire article about how to find a good provider for you — read that here — but essentially, you need to find one that fits your needs. Like all businesses, each MSP is different and while one may suit next door’s business perfectly, it might not suit yours. An MSP should drastically impact the efficacy and performance of your IT systems, so make sure you choose one that has the right services, expertise and reputation that is important to you.

Prioritise Communication

Communication is crucial to any relationship so make sure both parties are transparent about challenges, goals and progress going forward. Your MSP needs to know everything it can about your business so it can provide you with appropriate recommendations tailored to your business. You should also outline the type of relationship you expect from the provider, such as great service, timeliness and expert opinions.

Set Goals and Responsibilities

As a business, you also need to know the capabilities of your MSP, which should have been detailed to you at the beginning of the partnership. They should have also outlined a range of goals that both they and your business need to achieve to see your business technologically advancing. Ensure you are also aware of the MSP’s role within your team, as they do have one, but you need to understand where their duties and roles stand. This should have been communicated to you in the contract stage.

Be able to Adapt

One of the reasons you hire an MSP, other than for them to manage your IT systems, is so you have access to IT professionals who can provide you with recommendations on improvements to your network, hardware and software. Sometimes, they would also have standards that they informed your business had to meet for them to work with you, so make sure your business is considering these so that your business can achieve its goals.

Monitor the Relationship

Like any relationship, make sure to check in regularly, whether that be in-person, via a phone call or video call, to make sure everything is running smoothly and everyone is on the same page. Meetings for updates and evaluations allow for open communication and strengthen your long-term relationship with the MSP. Relationships also change and evolve over time, and they can also potentially sour if a disagreement arises. Keeping up with communications and informing each other of issues should be a regular occurrence.

Look Long-Term

Working with an MSP is a long-term partnership. Unless you are not receiving the level of service required, you should aim to stick with the MSP rather than changing it every few years. This saves you time, stress and money and allows you to establish trust with the provider, where you can openly discuss each other’s shortcomings and where each party can improve. This allows you both to grow and prevail as businesses. This also encompasses the MSP understanding your business goals so that it can work with you long-term in achieving these and improving your business’ IT level. It might help to create a roadmap for this.

A business partnership between your team and an MSP can be an effective way to enhance your organisation’s IT capabilities. Collaboration and communication, clear SLAs, customised service offerings, continuous improvement and scalability are essential elements of a successful partnership. Choosing the right MSP and building a strong relationship with them can help your organisation achieve its IT goals and objectives.

Cybersecurity, MSP, Technology

How does encryption work?

How does encryption work?

Did you know that by 2025, globally, the amount of data generated in the cloud or connected servers will reach around 463 exabytes, each day? One exabyte is one billion gigabytes!

This figure from SeedScientific highlights just how much data businesses collect and store and is the reason why data must be kept safe from breaches and other cyberattacks. One of the ways to do this is through encryption which is already used in many of our daily online activities without you thinking about it, like in our online banking, shopping and browsing.

Encryption is the digital equivalent of an unsolvable jigsaw puzzle. It’s a way of scrambling information so that only the intended recipient can understand it. Encryption is an essential part of modern communication and commerce, allowing us to send sensitive, confidential or personal information over the internet without fear of it falling into the wrong hands.

With businesses storing their information in the cloud or on servers with an ongoing connection to the Internet, your data is most likely going to end up on another organisation’s systems, so it’s important to keep this data private.

What is encryption?

At its most basic level, encryption involves taking a message or piece of data and scrambling it using a mathematical algorithm. This algorithm is designed to be extremely difficult to reverse, meaning that anyone who intercepts the message will not be able to read it without the encryption key, which the recipient has, which then unscrambles it back into plain, readable text.

Encryption protects the data you send, receive and store on devices, whether it be text messages, running logs saved on your Apple Watch or banking information sent through your online account.

How does encryption work?

Think of encryption as a secret language between two people, the language being called, cipher text. Imagine you and a friend agree to use a secret code where each letter of the alphabet is represented by a number. You can use this code to send messages back and forth without anyone else being able to read them, as long as they don’t know the code.

In the digital world, encryption works in much the same way. When you send a message or data over the internet, it’s first encrypted using an algorithm that generates a unique key. This key is a long string of random numbers and letters that is used to scramble and unscramble the data in a process called decryption. Without the key, the encrypted data is unreadable.

This key can be generated through a couple of methods. Through Bit Sequence, or key space, where it specifies the units for the number of possible key combinations, with the bigger the key space, the stronger the encryption; as well as through Password-Based Key Derivation Function 2 (PBKDF2) which creates keys from a random string of passwords which then goes through Bit Sequence.

Types of encryption

There are two main types of encryption:

Symmetric encryption: where the same key is used to encrypt and decrypt the data. With symmetric, both the sender and receiver must have access to the same key.

Asymmetric encryption: this uses a pair of keys, one public key and one private key. The public key can be shared with anyone, while the private key is kept secret. When someone wants to send a message to you, they encrypt it using your public key. Only you can decrypt the message using your private key.

Encryption is used in a wide range of applications, from online banking and shopping to secure messaging and file storage. It’s also used by governments and military organisations to protect sensitive information.

There are different types of encryption algorithms, such as the now-obsolete Data Encryption Standard (DES) established by the U.S. government in 1977; Triple DES strengthens the DES through encryption, decryption and another round of encryption; RSA is popular for its key length; Advanced Encryption Standard (AES) was developed as the U.S. government standard in 2002 and is used worldwide; TwoFish is one of the fastest algorithms used both in hardware and software and is free to use.

One of the most common encryption protocols used on the internet by reputable websites is SSL or Secure Sockets Layer. This protocol is used to secure connections between web browsers and servers, allowing you to safely enter sensitive information like credit card numbers and passwords. SSL works by establishing a secure connection between your browser and the server using a combination of symmetric and asymmetric encryption. You can tell a website is using this technology by looking for the padlock icon in the URL bar and the ‘s’ in the ‘https://.’

Ensure you and your staff are only using sites using SSL when you’re storing or sending sensitive data, like purchasing something, filing taxes or doing other business-related tasks. Most email clients also come with an encryption option in the setting menu, so check that this is available so that your emails are being sent over an encrypted connection and that each email is then encrypted.

Encryption and Cybercrime

Encryption can also be used by cybercriminals to attack you, such as in ransomware attacks. Other than ransomware breaches that steal your organisation’s data and demand a ransom to prevent them from releasing that data, another attack involves hackers encrypting computers and servers of businesses and then demanding a ransom to provide the key to decrypt the data.

To protect yourself and your business from ransomware attacks, install and use security software on all your devices and make sure these are up to date. Update your operating system and other software you use as these often patch vulnerabilities found by the vendor. Be incredibly wary about email attachments, never opening any you’re not specifically waiting for. If an email tells you to enable macro settings to open attachments, doing so can cause macro malware to infect your files. Make sure your data is backed up in multiple locations, such as on the cloud, so that you can simply go back to the unencrypted form if in a ransom attack and above all else, don’t pay the ransom. The Australian Government states not to as there is no guarantee the criminal will release your data back to you.  

Why is encryption important?

In our digital age, encryption matters. The internet comes with a magnitude of privacy concerns, both nationally and globally, and encryption is another layer of online privacy you can use to send your personal information securely. Government regulations also require industries to implement security measures that protect customers’ information, such as healthcare providers protecting patients’ sensitive information that is stored online and higher education institutions protecting student records. Any breach can cause an organisation to violate The Privacy Act 1988 and can see businesses facing hefty fines, data loss and loss of trust and reputation.  

Encryption is an essential part of modern communication and commerce. It allows us to send sensitive information over the internet without fear of it falling into the wrong hands. Whether you’re shopping online, sending emails or storing files in the cloud, encryption is there to keep your data safe. So, the next time you use the internet, take a moment to appreciate the technology that’s working behind the scenes to protect your privacy and security.

Cybersecurity, Essential Eight, MSP, Strategy

Which Essential Eight maturity level should my business be at?

Which Essential Eight maturity level should my business be at?

You know what Essential Eight is and that the Australian Government highly recommends implementing it, but does that mean your business must be at the highest maturity level?

As cyberattacks continue to rise in frequency and sophistication, businesses of all sizes must take proactive steps to protect their sensitive information and assets. Australian Cyber Security Centre (ACSC) has developed the Essential Eight, a set of mitigation strategies that businesses can implement to significantly reduce the risk of a successful cyberattack.

The ACSC has defined four maturity levels to help organisations identify where exactly they’re at when it comes to their Cyber Security. These maturity levels aim to help businesses implement Essential Eight, originally introduced in 2017 and updated in 2023 after the increase in cyberattacks on Australian organisations. However, many business owners may wonder which maturity level they should be at when implementing the Essential Eight.

What are the maturity levels?

Maturity Level Zero: Indicates that your business has significant weaknesses in its overall Cyber Security and would be easy to exploit by attackers. If you’re at this level, any potentially confidential data or the availability of your systems and data are at risk of being compromised.

Maturity Level One: Organisations sitting in this level have some sort of processes to protect themselves from opportunistic attackers looking to infiltrate the masses, rather than individual businesses.

Maturity Level Two: These businesses have reasonable defences in place to defend themselves against cybercriminals specifically targeting their organisation. Criminals attacking these businesses are happy to invest more time and effort into bypassing security controls, such as by using targeted social engineering techniques when using phishing, but are also wary of spending too much time and money trying to compromise their victims. Businesses at this level introduce shorter timelines for action, ensure high-risk activities are logged and start thinking more broadly about potential threats.

Maturity Level Three: This is the highest level a business can be at where businesses are actively mitigating threats from adversaries that are constantly adapting their techniques and who are very focused on targeting specific, high-value organisations. These adversaries exploit any opportunities in weaknesses in the Cyber Security of the organisation and are willing to invest time and effort into understanding the organisation, their security control and their staff to gain access and evade detection.  

What maturity level should my business be at?

Businesses start off being at level zero, but it’s time to understand that this must be changed and you need to increase the Cyber Security strategies in your business.

The first four of the Essential Eight strategies, known as the baseline maturity level, are considered to be the minimum requirement for all businesses. The remaining four strategies are part of the advanced maturity level and offer additional protection against cyber threats.

While implementing Essential Eight can help significantly reduce your risk of a cyberattack, it’s important to remember that it’s not a one-size-fits-all solution. Your business may require additional mitigation strategies beyond Essential Eight, and your business must conduct a comprehensive risk assessment to identify any gaps in your security. That is the first step in implementing Essential Eight. Focus on achieving a maturity level that makes sense for your business as the nature of your data might not be as sensitive as another business’ and Maturity Level Three might not correlate to your risk management evaluation.

So, which maturity level should your business be at? It ultimately depends on the size and complexity of your business, as well as the level of risk you are willing to tolerate. However, the baseline maturity level should be the starting point for all businesses, regardless of size or industry.

The baseline strategies include:

  • Application control: This involves only allowing approved applications to run on your systems, which can help prevent malware and other malicious software from executing.
  • Patching applications: Regularly updating applications with the latest security patches can help prevent cyber attackers from exploiting vulnerabilities in your systems.
  • Patching operating systems: Like patching applications, regularly updating your operating systems with the latest security patches can help prevent cyber attackers from exploiting vulnerabilities.
  • Restricting administrative privileges: Limiting the number of people who have administrative access to your systems can help reduce the risk of a successful cyberattack.
  • Configure Microsoft Office macro settings: Cybercriminals often use Microsoft Office macros to deliver malware, so configuring the macro settings in Microsoft Office can help your business prevent this type of attack.

Once this level has been achieved, for businesses with higher risk levels, implementing the advanced maturity level strategies can provide additional protection. These strategies include:

  • Multi-factor authentication: Requiring more than one form of authentication, such as a password and a security token, can help prevent unauthorised access to your systems.
  • User application hardening: Configuring user applications to prevent malicious content from executing can help reduce the risk of a successful cyberattack.
  • Daily backups: Regularly backing up your data can help ensure that you can recover quickly in the event of a successful cyberattack.
  • Incident response: Developing and implementing an incident response plan can help minimise the impact of a successful cyberattack on your business.

Each mitigation strategy needs to be lifted to a higher level until the target maturity level is achieved as your business’ overall maturity is based on the lowest score of any of the strategies. This will not change unless all eight mitigation strategies are lifted to the specific target level. In the original iteration of Essential Eight, it aimed for all organisations to reach Maturity Level Three, but with the latest release, it aims for organisations to reach a homogenous maturity level across the strategies before then moving up to the next level.

Improving your business’ Cyber Security strategies can be an expensive process and achieving any maturity level of the Essential Eight strategies requires time. Start with the baseline, then work your way up to help reduce the costs in the beginning. While it can be a slow process, your business must ensure it’s beginning to improve its maturity level as cyberattacks become increasingly common, especially so among small to medium-sized businesses. What’s more, there’s a high chance that Essential Eight will be mandated in the near future for some, if not all, industries due to just how common these cyberattacks are occurring.

In summary, all businesses should start with the baseline maturity level of Essential Eight, regardless of size or industry. From there, businesses with higher risk levels may need to implement advanced maturity-level strategies for additional protection. It’s important to conduct a comprehensive risk assessment to identify any additional mitigation strategies that may be necessary for your business.

Cybersecurity, Data Recovery, MSP

Is my company’s data recovery system fail-proof?

Is my company’s data recovery system fail-proof?

Have you ever lost important data due to a system failure and wondered if your data recovery system is fail-proof? Losing valuable data can be a frustrating and emotional experience, so it’s important to ensure that your data recovery system is reliable and effective.

When a company loses data that can be recreated or easily regathered, then data loss might not be a major issue for your business, but when data critical to your business is lost and unable to be reobtained quickly, this can cause devastating problems for your business, including possible fines.

Some business owners have the idea that they live in an area safe from disasters, or they’ve never had a disaster, so they don’t need to invest in a disaster recovery plan for their business. For those business owners or stakeholders, it’s time to start rethinking what disaster recovery means.

When something goes wrong on one of your or your employees’ devices, or even in your IT system infrastructure, a strong recovery plan can mean the difference between getting back up and running in minutes or struggling to recover your information for days, weeks or ever. 

What Constitutes a Disaster?

A disaster doesn’t just have to be natural, like a fire, flood, cyclone or earthquake. In business, disaster also includes ones caused by human error, like an employee failing to save a document or clicking a phishing link. Data backups and recovery in your business means protecting your business from human error, corrupted files, fraud, ransomware, Cyber Security breaches, IT system failures and power outages.

Importance of a Disaster Recovery Plan

Other than protecting your business and its long-term operations, having a disaster recovery plan is important for many other reasons, including:

  • Protecting your business’ data
  • Protecting sensitive information of customers
  • Protecting your business’ reputation
  • Removing longevity worries and allowing your business to focus on more important matters
  • Cost-effective as it reduces possible financial loss and business disruption

The 3-2-1 Backup Rule

If you are not relying on an external provider to look after your systems and data recovery, businesses should use the 3-2-1 rule. All precious data should be stored 3 times, once on the original data storage place, like your computer, and then on two other different technologies, like on disks and the cloud.

Why do backups fail?

  • Your backup software didn’t work
  • There’s not enough space on the storage device for the backup
  • The backup didn’t cover the entire device
  • Backups are done manually, not automatically
  • The computer or storage device was not on when the automatic backup was scheduled
  • Files were lost before the backup was created

Backup tips

Here are some tips to determine whether your data recovery system is fail-proof.

Firstly, consider the type of data recovery system you have in place. If you’re relying on a basic backup system like an external hard drive or USB drive, it may not be enough to protect against all types of data loss. These systems can also fail, so it’s important to have a backup of your backup or consider using a more sophisticated data recovery system.

Secondly, consider how often you’re backing up. If you’re only backing up your data occasionally, such as once a week or once a month, you may be at risk of losing important data that was created or modified since your last backup, so if you received a large amount of customer data or analytics during that time, it’s all gone. Ensure your backup system runs automatically regularly so you don’t have to worry about forgetting to back up your data.

Thirdly, test your data recovery system regularly. It’s important to ensure that your data recovery system is actually working and can recover your data in the event of a system failure. Test your backup and recovery processes regularly and ensure you can restore all of your important data.

Fourthly, consider using cloud-based backup and recovery systems. These systems are designed to be highly reliable and secure and can protect against all types of data loss, including natural disasters, theft and cyberattacks. They also allow you to access your data from anywhere, at any time, making it easy to recover your data in the event of a system failure.

How an MSP helps

Your managed service provider should offer data continuity as a service and it is a service you should most certainly be using. The MSP will regularly back up your data and test these backups to ensure your business will be back up and running no matter what happens.

Pronet Technology’s disaster recovery solution provides several layers of redundancy to ensure that your essential data is backed up and recoverable. Our backup systems are also regularly ‘stress tested’ so that we can ensure your backups are ready and able to function in a real situation.

Ensuring that your data recovery system is fail-proof is essential for protecting your valuable data. Consider the type of backup system you’re using, the frequency and reliability of your backups, regularly test your data recovery system and consider using a cloud-based backup and recovery system. By taking these steps, you can ensure that your data is safe and secure and that you won’t have to worry about losing important data due to a system failure.

Businesses are full of data and while this data may not be 100 per cent safe from threats and losses, as long as you’re prepared for such emergencies, you will be able to pick up and keep business moving.

Like anything in the IT industry, risks and solutions are constantly changing, so keep up to date with different strategies to incorporate into your data recovery plan. Contact your MSP to see how they are adequately keeping your data safe and to see if there is anything else your business can do to keep itself safe.

Cybersecurity, Essential Eight, MSP, Technology

Essential Eight and why your business needs to Integrate Cyber Security

Essential Eight and why your business needs to Integrate Cyber Security

In today’s world, IT systems are an essential part of any organisation. They help in improving efficiency, communication and productivity. However, with the increasing use of technology, the risks associated with IT systems have also increased.

You must know what Essential Eight is if you’re an Australian organisation. It’s a cyber self-assessment security maturity tool to help organisations reduce Cyber Security incidents caused by cyber threats

The government currently recommends that organisations implement the eight essential mitigations as a baseline but we believe this will change in the future to be mandated so it is something we advise our clients and prospects to implement.

Developed by the Australian Cyber Security Centre (ACSC) to protect Microsoft Windows-based internet-connected networks, the framework has four maturity levels for each business’ risk category.

  • Level Zero: not aligned with strategic objectives.
  • Level One: partially aligned with the objectives.
  • Level Two: mostly aligned with the mitigation strategy objectives.
  • Level Three: fully aligned with objectives.

The levels depend on your business’ risk status and data sensitivity. Level One businesses, for example, are not commonly targeted specifically, so they just receive the typical mass scam emails. Level Two has the potential to be targeted but criminals will often move on if they find the security systems to be too hard to breach. Level Three are where attackers primarily focus as they have high dollar value data, such as banks and telecommunication companies.

Why should your business measure against Essential Eight?

Essentially, Essential Eight is all about Cyber Security and can be seen as a baseline for businesses to measure their maturity against, but it should be just one part of a wider framework that you should have in place. Cyber threats are constantly evolving, so businesses need to adapt to disruptions caused by Cyber Security incidents so that they can maintain business operations. This includes detecting, managing and recovering from incidents. We have other articles on our blog relating to these, so please read those to understand what your business should be doing to protect itself.

By measuring your business against the framework, your business can increase its knowledge of Cyber Security in business and identify company risks and how to control them. It allows your business to create a roadmap going forward that you can tick off to know that your company is becoming secure, and it gives you something to assess your service provider with to ensure they are integrating the Cyber Security processes within your business.

Limitations of Essential Eight

As mentioned, Essential Eight should not be used in isolation to protect your organisation. It’s not a fully-fledged Cyber Security framework and will not protect you from ever having cyber threats. For example, if you’re at Maturity level Three, this will not stop adversaries with the time, money and effort to compromise your business.

The Essential Eight is currently just a loose framework for your business to get started with implementing Cyber Security strategies to protect your businesses. When data leaks can cause your business to be in breach of laws such as The Privacy Act, you need to ensure that you are adequately covered.

The framework is also primarily designed for Microsoft Windows-based businesses, which represent the majority of public sector organisations’ corporate environments, hence why it was introduced by the government. So, while it’s not specifically designed for other operating systems like Mac, Cloud, Operational Technology (OT) or Linux, you can still use it to support your organisation’s Cyber Security development.

So, what are the Essential Eight strategies?

The Essential Eight strategies are designed to address the most common types of cyberattacks that businesses face. They are practical, actionable and cost-effective. Here’s a brief overview of each of the Essential Eight strategies:

  1. Application control: This strategy involves creating a list of approved applications that can be executed on a system. By doing this, organisations can prevent malicious software from running on their systems.
  2. Patch applications: Regularly patching applications can help businesses fix vulnerabilities in their software. This reduces the likelihood of cyberattacks that exploit these vulnerabilities.
  3. Configure Microsoft Office macro settings: Cybercriminals often use Microsoft Office macros to deliver malware. Configuring the macro settings in Microsoft Office can help SMEs prevent this type of attack.
  4. User application hardening: Blocks or removes common software used to download or run malicious software and prevents malicious software from running on business’ networks.
  5. Restrict administrative privileges: Limiting administrative privileges can help businesses prevent malicious actors from gaining access to critical systems.
  6. Patch operating systems: Similarly, regularly patching operating systems can help organizations fix vulnerabilities in the underlying software. This reduces the likelihood of cyberattacks that exploit these vulnerabilities.
  7. Multi-factor authentication: Using multi-factor authentication can help organisations prevent unauthorised access to their systems. It involves requiring two or more forms of authentication before granting access.
  8. Daily backups: Regularly backing up data can help businesses recover from cyberattacks. In the event of a ransomware attack, for example, businesses can restore their data from a backup rather than paying the ransom.

While you might not understand the technical processes of each of the Essential Eight, your IT service provider should be implementing these strategies to help your organisation protect itself against cyber threats. Talk with your MSP to see how and if they’re implementing these into your business.

Does my business need to implement Essential Eight?

While it is not mandated to do so, the framework is highly recommended by the government for Australian businesses to follow. At Pronet Technology, we recommend your company start integrating the framework as soon as possible. Even though we’re an MSP, over the last five so years, we’ve been doing all we can to learn more about and specialise in Cyber Security as we believe it plays an integral role in the longevity of businesses.

While ACSC recommends all businesses be at maturity level 3, each organisation’s Cyber Security level depends on its business need, size and complexity. As a business, conduct a risk assessment alongside your IT service provider to determine, analyse and prioritise the gaps in your business that can be strengthened and then act on those.

There are always going to be some challenges to improving Cyber Security within your business. It could be that you lack the staff and funding or that you don’t have the knowledge to successfully implement Cyber Security. You could have other organisational priorities or believe ad-hoc security is enough. Some people in the business might not yet be on board or you just don’t know how to improve. Cyber Security runs throughout the business so it’s something that everyone needs to understand and come on board with.

Most companies these days outsource their IT systems to service providers. Make sure you know the cyber maturity of your MSP in relation to Essential Eight so that you can build a strong working relationship with the MSP to ensure your business is protected.

By implementing these strategies, SMEs can significantly reduce their risk of cyberattacks. Essential Eight is not a silver bullet, but it’s a great starting point for any organisation looking to improve its Cyber Security posture. It’s important to note that Cyber Security is an ongoing process, and businesses should continually assess and improve their security measures.

IT Support, Managed IT Services, MSP

The difference between small and large MSPs

The difference between small and large MSPs

Small and medium-sized enterprises (SMEs) often face the challenge of managing their IT systems and infrastructure without specific in-house resources. This can result in IT issues that disrupt business operations and impact productivity. To address these challenges, SMEs can choose from a variety of IT support options, including ad-hoc support, small managed service providers (MSPs) and large MSPs to improve their IT system optimisation. Each option has its advantages and drawbacks, and the choice depends on the specific needs and budget of the SME.

A separate post will detail what ad-hoc IT services are and why, for a company reliant on its computers and that has more than five computers, this should not be how they manage their IT. This post will focus on the difference between smaller, established MSPSs and larger, enterprise-level MSPs.

Established MSPs

Established MSPs are on par with large MSPs in terms of their services, resources, expertise and cost. They just have a smaller team (under 30 staff) and typically work with small and medium-sized businesses rather than larger ones. This is where Pronet Technology falls. We are not a large MSP but we’re established with immense managed service experience as well as Cyber Security experience, the latter being something many larger MSPs don’t even specialise in. In terms of cost, we go in and evaluate the needs of your business and base your package around that. If you don’t need all the services we provide, we don’t offer those, so the price will be different than what our other clients are paying. This means the price could also be more, or less, than what other MSPs are charging, it just depends on the needs of your business.

Enterprise MSPs

Large, enterprise MSPs, like Brennan IT and Powernet IT Support, typically have a broader range of services, resources and expertise than smaller MSPs, and may offer 24/7 support and specialist solutions. Large MSPs can provide SMEs with comprehensive IT solutions and greater scalability, but may also have higher costs due to overheads and less personalised service. SMEs may have to navigate complex service contracts and may not have direct access to the same technicians or engineers each time they require support.

The differences between the two

Personalisation

One of the big drawbacks of working with a large, enterprise-level managed service provider is that they offer less personalisation for their clients. A smaller MSP can look at your company and systems and tailor a plan that works for you, ensuring you’re receiving adequate security and service while also not trying to ‘over-service’ you with technology you don’t need. They can offer customised service plans that meet each client’s specific needs, rather than offering a one-size-fits-all solution.

With a larger MSP, your point of contact is often an account manager whose service depends on how many other clients they manage. If they leave, you’re then stuck in limbo until another account manager is assigned to you, who may or may not offer the same level of service as the previous one. Larger MSPs may have a larger client base, which can make it more challenging to provide individualised attention to each client.

Flexibility

Due to the large size of enterprise-level MSPs, escalations are often slower as they have to go through the channels to get to the right person. You will find that smaller MSPs generally have more flexible arrangements and can come out to your business when there’s an issue relatively quickly and within your timeframe. While not always, larger MSPs are more rigid and you have to wait on them for when they’re free.

A key difference between established and enterprise-level MSPs is that they utilise different technical standards for their clients. While the cost of the managed services between the two is on par, many enterprise-level MSPs require their clients, no matter their size, to utilise higher grade hardware, such as CISCO, for their security, which may cost about $30,000, compared to an established MSP, like Pronet Technology, requiring their clients to use Sophos, which is about $3,000.

Our technology stack, that is, the software, hardware and applications we use, are more focused on small to medium-sized businesses as they’re the clients we take on, whereas a larger MSP will often require all their clients to use enterprise-level technology, regardless of their size and whether the tech is right for their business. Working with a larger MSP isn’t always beneficial, even though they may seem better and more experienced since they’re larger. You have to work out whether the MSP is right for your business.

Expertise

Large MSPs have the advantage of high-level, specific expertise in certain fields, so they have more experts and engineers within their company than smaller MSPs, so they’re fantastic for specific technologies and projects. This raises the question though, of whether those experts also know other areas of managed services. In a smaller MSP, while they might not have the in-depth expertise about a specific technology you’re after, they have general knowledge of the whole managed service industry to help give you recommendations and look after your systems. Due to the scale of the larger MSP, it may take your business longer to get access to those experts though, as your call goes to the help desk who have to ask you a range of questions before you can ever gain access to that specialist. Kind of like calling your telco or bank. Established MSPs like Pronet are smaller but with a broader knowledge span. Bigger, more specific MSPs might not be what you need unless you have a specific project or problem.

For example, an enterprise MSP might have an SAP specialist, whereas a smaller MSP, who takes accountability for your systems, takes over the issue and contacts the SAP vendor themselves. The pros and cons of this depend on the problem your business is facing. By the time the larger MSP gets onto the problem, if it’s a less complicated issue, they can deal with it right away. If it’s a complicated issue, they then have to escalate the issue further and contact SAP directly, which, by that time, the smaller MSP could already have worked the issue out with the vendor. This hierarchy system, while organised and beneficial for a larger company to manage, doesn’t always work for the client as with smaller MSPs, where all tech staff, no matter their level, are working together, then can just turn to another tech employee and ask for help.

Smaller, established MSPs are generally more invested in your business and longevity as they take on the responsibility to fix the problem even though they may not be direct experts on the issue.

24/7 Support

Most large, enterprise-level MSPs provide 24/7 support, compared to smaller MSPs who may only offer extended work hours support, such as between 6am and 11pm. This might be necessary when you run an international business, but bear in mind that this support is outsourced overseas and the help desk associates generally only have Level-one knowledge to help you. If you need more expert support, you will have to wait until normal trading hours to get the help. These days, even some trading hours help-desk support is also being handled overseas. You will find that this is not the situation with smaller established MSPs as most believe in local service and, while outsourced service is cheap to provide, we have found that most clients don’t want it. At Pronet, even though we provide extended-hour support, we have found that we rarely get called anyway, with a lot of the after-hours work driven by us when our systems inform us that there is an issue in your business, which we then fix remotely.

Geographic Coverage

Another difference between the two, due to their size, is their physical reach. A large, enterprise MSP will often have more than one office across Australia and can handle large-scale projects and clients. This means that if a client in Perth needs a hardware upgrade, such as a router, someone from their Perth office can head out to install it. For smaller MSPs, while they may have clients in other cities, many will rely on strategic local partners to fix on-site issues. This is beneficial for smaller MSPs as they can work with more clients, but since the staff are not from the MSP, they cannot control the level of service provided to the tee. If it’s a large-scale issue that needs on-site fixing, the client will often fly the MSP’s employee/s out. Since most problems can be fixed remotely, this is not often an issue, and you will find that enterprise-sized MSPs will often use partners for regional work too.

Buying Power

Enterprise-level MSPs have more buying power to purchase computers and hardware at lower costs, and larger clients are often happy to bulk buy computers to receive those discounts, which they then have stored at the MSP. Enterprise MSPs don’t have any buying power when it comes to licences and services, like Microsoft 365 and internet service, as those prices are outside their control. Keep in mind that just because the MSP can receive a discount on hardware, that doesn’t necessarily mean those savings will be passed down to the client, and definitely not for their smaller clients.

Business Structure

Larger, enterprise MSPs take longer to plan and get started on projects due to their size and hierarchy of operations, whereas smaller ones, due to having less staff and formal procedures, have shorter lead times. Having more processes and procedures to follow does make operations smoother for both the MSP and your business though, so that is an advantage. It can also, however, be a disadvantage as these processes mean the MSP is more rigid and won’t change, whereas a smaller MSP can offer more flexibility and use their judgement on projects and issues. Large MSPs may be slower to adapt to changes in the IT industry or changes in a client’s needs. They may have a larger management system and processes in place that can make it difficult to respond quickly to changes.

When MSPs begin to get incredibly large, they tend to start becoming more sales focused, which is where you find differences in cost between them and smaller providers. A smaller provider, while on par with a larger provider in terms of managed service costs, tends to be more affordable due to them not trying to sell you all their services and new technology which your business might not need. Most established MSPs are technical but operational-focused as, due to being in the trade for many years, understand business and risk management for business longevity. Newer MSPs maybe not as business inclined and are quite technical in their work and communication with your business, while larger, enterprise-level MSPs are often technical but with a sales focus where they try to push more services on you to get you to spend more.

Writing this post, we understand it might be skewed more towards the positives of smaller, established MSPs and that’s because we are one. At Pronet, we used to work with larger clients but then scaled back as we knew that SMEs were being left behind and, ultimately, we enjoy the level of service we can provide these businesses. We understand the frustrations of SMEs as we’ve had clients who have come to us who were left behind as their previous MSP grew and were, essentially, forgotten. Due to this, we’ve tailored our services and technology stack to suit small and medium-sized businesses.

That’s not to say enterprise-level MSPs are bad or unneeded, because they are certainly needed for larger businesses with 200 to 300 computers and up as they’re too large for smaller MSPs to handle. The same thing goes for small businesses with one to five computers. Unfortunately, while you might need the services of an MSP, you might struggle to find one who finds it worthwhile to take you on as a client.

Ultimately, SMEs should carefully evaluate their IT needs, budget and goals when choosing between smaller but established MSPs or large, enterprise-level MSPs. Smaller MSPs can provide ongoing support and personalised service for SMEs with more modest needs. Large MSPs can offer comprehensive IT solutions and scalability for SMEs with more complex requirements but may come with higher costs and less personalised service. Seeking advice from an IT advisor or consultant can help SMEs evaluate their options and find a provider that can deliver the right level of service and support for their unique needs. When gathering proposals from IT providers, ask them questions relevant to your business to ensure they’re the right fit for you.

Overall, SMEs need to understand that just because an MSP is larger, doesn’t mean they’re better for your business. You need to determine the needs of your business to see what is best for you.

Managed IT Services, MSP

Problems you might find working with Pronet Technology

Problems you might find working with Pronet Technology

While a strange topic to discuss as a business, ensuring your SME is properly informed about our services is crucial to our interests.

Problems

Size

Pronet Technology is an established Managed Service Provider, not a one-man or enterprise-level MSP. This may or may not suit your business needs so it is essential to understand how each size works and what you will be receiving with each.

  • Ad-hoc IT Support: Involves hiring a technician or consultant on an as-needed basis to address specific IT issues. This can be a cost-effective option for SMEs with limited IT needs, but it may not provide the support or expertise required for more complex systems or ongoing maintenance.
  • Established MSP: Larger than one-man ad-hoc IT support service but not as large as ones dealing with over 200 or 300 computers, established MSPs typically provide a range of IT services and support such as help desk support, network management and security services. Established MSPs are on par with large MSPs in terms of their services, resources, expertise and cost, they just have a smaller team and typically work with small and medium-sized businesses rather than larger ones.
  • Enterprise-level MSP: Large MSPs typically have broader resources and expertise than smaller MSPs and may offer 24/7 support, comprehensive IT solutions due to hiring niche employees — an SAP expert, for example — and greater scalability, however, they may also have higher long-term costs due to their industry technology standards and sales-focused approach, and less personalised service.

Working with Tech Staff

When dealing with IT problems in your business, one concern you might have is that the tech staff you’re dealing with might not answer your questions in ways you completely understand. Tech staff are very technologically minded and are not as eloquent with their words when speaking with those who are not so. You may have faced situations in the past where you have felt as though you were being talked down to with all the technical jargon and have left the conversation feeling even more confused than you entered it. While this is quite stereotypical, many tech staff are often quite introverted also, meaning when you do talk to them, you find you’re not quite getting all the answers you need. While not the case with Pronet, if your IT support is outsourced overseas, you also might come across heavy accents and different explanations due to colloquialisms and cultural words used.

For this reason, Pronet Technology hires by motivation, eagerness to learn and positivity. We believe that, while a technical education is essential, skills can be learned but it is the attitude of the individual that makes an employee valuable. This is our way of ensuring our IT staff can work effectively with clients while also fixing the issues you need fixing.

24/7 Support

In our over 20 years of working in the industry, we have found that most small and medium-sized businesses don’t need 24/7 support. Even clients with busy Christmas periods rarely need emergency support, but that’s not to say it’s not for you.

Even then, after-hours support is usually outsourced overseas, such as in the Philippines. MSP tech staff are either Level 2 or 3 trained whereas outsourced are mostly Level 1, so when you have an after-hours emergency, they don’t have the training required to help. This means they then need to call a local Level 2 or 3 trained staff member to come out who they may not be able to get in contact with as they’re asleep.

For that reason, Pronet Technology offers after-hours emergency support over the weekend and between 6:45am and 10:30pm to cover the early start by manufacturers and the occasional after-hours work by staff. As long as the issue gets solved quickly the following day, it’s generally not a big deal.

As one of our clients said:

“If you’re a manufacturing facility, in reality, does 24 hours really matter?”

If your current provider offers 24/7 support, it is worth asking what level those support staff are trained to see if you’re getting value from the service.

Website Security

A question to ask your MSP is ‘Do you deal with website security.’ While on our Platinum Plan, we offer website hosting and website management services, Pronet Technology doesn’t directly deal with website publishing and design. Passwords and network security are areas we work with, so this is often looked after, but website design and copywriting are often outsourced so the onus is on those working on the site to have secure networks. As a website is a function of marketing and sales, it’s best to leave this to professionals who know what they are doing

As a business owner or executive in charge of growing the company and its IT systems, it is necessary to know the pros and cons of IT providers before signing contracts. We hope this has answered any questions or lingering fears you had about our services, but if not, contact us at the number above to have a chat to see how we can help.

Cybersecurity, Essential Eight, MSP, Technology

Using Two-Factor Authentication in your business

Using Two-Factor Authentication in your business

Multi or Two-Factor Authentication (2FA) is an incredibly effective way to prevent cybercriminals from accessing your business’ systems, services or applications. We’re all accustomed to the standard username and password model, but 2FA requires users to present two or more different pieces of evidence when logging into their accounts.

These can be things like a username and password (something you know), authorisation through a multi-factor authentication application (something you have) or a fingerprint (something you are). In an everyday scenario, while PayPass has made it obsolete, except for withdrawing money, when making a purchase, you used to need a bank card (something you have) and a pin (something you know).

While there is some highly advanced new tech that can overcome 2FA, by requiring two factors for authentication, 2FA makes it much more difficult for cybercriminals to gain unauthorised access to sensitive data and systems, even if they have obtained the user’s password through a phishing attack or other means.

Other than 2FA software that your business can use on your network, like Windows Hello, oftentimes, third-party vendors also have an option for this service to be used. Make sure to go into settings to set this up or contact the vendor to ask how.

When should Multi-Factor Authentication be implemented?

As an SME, you may not think that you have valuable data or assets that are worth protecting. However, any business that collects customer data, such as names, addresses and credit card information, is at risk of a data breach. In addition, if your business has any proprietary information or trade secrets, such as manufacturing processes or customer lists, you could be at risk of industrial espionage. Even if you don’t believe your data is worth protecting, the mere risk of a cyberattack interrupting your business operations is worth considering.

Some older, legacy systems may not support multi-factor authentication and even though it adds another step for employees and therefore, an added inconvenience, 2FA must be added to your business’ operations, even more so since it’s one of the Essential Eight Cyber Security strategies. It becomes important when performing work-related activities like remote access solutions, users performing privileged actions and when staff access important data. As mentioned, it provides a way to securely authenticate the user. If the first form of defence is breached, like a PIN (personal identification number), password or passphrase, then the attacker is unable to progress further as they don’t have the second.

Depending on what maturity level of Essential Eight your business is aiming for, how you implement two-factor authentication can differ.

At Maturity Level One, the authentication methods used must not be of the same class — something staff know, something they have or something they are — and one doesn’t have to be a memorised secret. If you’re only now implementing multi-factor authentication and need to be at a higher maturity level, it might be easier to simply use a higher form of 2FA as mentioned below.

At Maturity Level Two, the authentication methods that can be used, and in what combination, are restricted. Some acceptable multi-factor authentication implementations can include something users have (like a single-factor one-time PIN device or a single-factor cryptographic (a way of protecting information and communications through codes) software/device) or something staff have that is unlocked by something they know or are (multi-factor OTP device or multi-factor cryptographic software/device). Biometrics, like fingerprint or retina scanning, are not acceptable at this level. At this level, event logs for multi-factor authentication should also be collected and stored to help with incident response.

At Maturity Level Three, all staff accessing important data must be using multi-factor authentication. The types and combinations of 2FA are restricted, such as through cryptographically verifying what they are authenticating. Cybercriminals try to get around multi-factor authentication by stealing authentication requirements to impersonate staff, so organisations are to use multi-factor authentication solutions that are resistant to phishing, like security keys, smartcards or a Trusted Platform Module. Businesses are not to use push notifications or SMS codes as authentication methods as these are often used by adversaries.

How to Implement Two-Factor Authentication for SMEs

Implementing 2FA may sound complicated, but it is actually a straightforward process. Here are the steps you can take to implement 2FA for your SME:

  1. Choose a 2FA solution: There are many 2FA solutions available, including hardware tokens, mobile apps, and SMS-based solutions. Choose a solution that fits your budget and needs.
  2. Configure your 2FA solution: Once you have chosen a solution, you will need to configure it for your business. This typically involves setting up user accounts and configuring the authentication factors.
  3. Train your employees: It is important to train your employees on how to use the 2FA solution and why it is important. This will help ensure that they understand the process and are more likely to use it consistently.
  4. Test your 2FA solution: Before deploying 2FA to all users, it is important to test the solution to ensure that it is working correctly and does not cause any compatibility issues with your existing systems.
  5. Roll out 2FA to all users: Once you have tested the solution, you can roll it out to all users. This typically involves providing instructions on how to use the solution and ensuring that all users are using it correctly.

To test if these measures are working, try logging on to a system or software that has the authentication set up and see if the request for two or more authentication factors, such as a password or a one-time PIN, is shown. For high levels, watch as an employee that has administrative privileges authenticates to log into a system or software to see if they are required to use multi-factor authentication. Make sure to monitor the log-ins of multiple services, as, for example, a cloud service may have a different implementation of 2FA than an on-premise service. Also, for Level Three, ask staff members to send through lists of the important data repositories in the business’ network as well as screenshots of attempting to log in to these, including the multiple forms of authentication it should be requesting. Ensure event logs of multi-factor authentication are also protected and monitored for signs of compromise and modification.

Some tips

If you’re not aiming for Maturity Level Three, then select a multi-factor authentication solution that impedes less on user functionality. Make sure to also turn off and replace old and redundant authentication systems. If you’re receiving pushback for 2FA methods, introduce policies or implement the authentication in stages across the company, starting with high-risk users. Also, have a support plan to handle failed logins and account lockouts.

Keep in mind though that Cyber Security should be a part of your business’ culture. Everyone must be on board with implementing security measures, as multi-factor authentication is just one of the eight strategies and businesses need to implement them all to a certain degree.

Types of Two-Factor Authentication

SMS Token: Sends the user a unique token, usually a 5–10-digit code, via text message after entering their username and password, and this pin is then entered to allow them access. While user-friendly and available to pretty much everyone, text messages can easily get intercepted by 3rd parties and this method relies on people having a charged phone.

Email Token: Similar to SMS Token, this method sends a 5–10 alpha-numeric token or asks you to click a link provided in the email. Once again, these are user-friendly, cheap to set up and maintain and offer both a link or token if one doesn’t work. Sometimes, emails can go to spam or fail to be delivered and these can be intercepted by criminals.

Hardware Token: A user is given a physical device, such as a key fob, USB dongle or another device that generates a token for the staff member. These tokens are usually valid for only a short time. Hardware tokens don’t require reception or internet connectivity and is reliable and secure. They can be a bit expensive to set up though, and can be misplaced and can be a bit user-unfriendly when having one for service. Examples include:

  • Yubico YubiKey 5
  • Kensington VeriMark USB
  • Google Titan Security Key

Software Token: Where users download and install an application on their computer or device that generates tokens for the user. These are only available for short periods before changing. These are more user-friendly, updates when needed and can be customised with different features. Some can be expensive, though, and requires users to download and install software that might be compromised without knowledge. Two-Factor Authentication is available on most applications today for no additional cost and should be enforced across these applications. A firewall can also help by enforcing 2FA for remote connections. Examples of 2FA software include:

  • Google Authenticator
  • Microsoft Authenticator
  • LastPass Authenticator
  • andOTP
  • Authy

Phone Call: The employee receives a phone call once logged in, which provides them with the token. This method is both easy and inconvenient but is cheap and reliable due to requiring less bandwidth than data. Some negatives of this service are that phone calls can be intercepted or your voicemails can be hacked, and reception is required, as well as actually needing a phone.

Biometric Verification: Relies on the user being the token through fingerprints, retina scans and voice and facial recognition. It’s also user-friendly. This does, however, raise questions about the storage of biometric data and privacy concerns, and storage locations can be compromised. It also requires specific hardware, like cameras and scanners.

Implementing two-factor authentication is a simple and effective way to improve your SME’s Cyber Security posture. By requiring two authentication factors, 2FA makes it much more difficult for cybercriminals to gain unauthorised access to your sensitive data and systems.

If you have any questions or would like help implementing 2FA for your SME, please don’t hesitate to contact us. Our team of expert technicians specialising in Cyber Security can help you choose the right solution and ensure that it is configured correctly for your business.

Cybersecurity, Essential Eight, MSP

10 Benefits of Performing a Cyber Security Risk Assessment

10 Benefits of Performing a Cyber Security Risk Assessment

You’re not alone if you feel concerned about the security of your business. In today’s digital age, cyber threats are a constant concern for businesses of all sizes. One way to protect your business is by performing a Cyber Security risk assessment. While it may seem like a chore, especially when you have plenty of other business issues or projects to work on, there are many benefits of conducting a risk assessment, and completing one can actually save your business.

What is a Cyber Security Risk Assessment?

Before we delve into the benefits of a Cyber Security risk assessment, let’s define what it is. A Cyber Security risk assessment is the process of identifying, evaluating and prioritising potential security risks to your business’ technology systems, networks and data. This assessment is crucial in understanding the vulnerabilities of your business’s digital assets and how they could be exploited by malicious actors.

The Benefits of Performing a Cyber Security Risk Assessment

Performing a Cyber Security risk assessment can provide many benefits to your business. Here are 10 of the most significant advantages of conducting a risk assessment:

Identifying Vulnerabilities

A risk assessment can help identify vulnerabilities in your business’s technology systems, networks and data. By identifying these vulnerabilities, you can take proactive steps to mitigate them before they’re exploited by cybercriminals. This also allows you to improve the Cyber Security stance of the business and create a Cyber Security culture within your company.

Prioritising Risks

Conducting a risk assessment can help prioritise risks to your business’s technology systems, networks and data, and allows your business to introduce the appropriate response strategies to the vulnerabilities you have identified. By doing so, you can allocate resources to address the most significant risks first, ensuring that your business is protected where it matters most.

Complying with Regulations

Many industries have regulations that require businesses to perform Cyber Security risk assessments regularly. By complying with these regulations, you can avoid hefty fines and penalties, and safeguard your business from legal troubles. In Australia, all businesses need to comply with The Privacy Act 1988, meaning they need to have some sort of measures in place to protect consumers’ information. For public sector organisations, the Australian Government has also brought in Essential Eight, a Cyber Security framework that they must implement. This is highly recommended for all other businesses in Australia too, and we predict it will be mandated for everyone soon.

Reducing Downtime

Cyberattacks can cause significant downtime for your business, resulting in lost productivity and revenue. Downtime can cause customers to go elsewhere and can cause staff to halt projects or start working manually which they will then have to fix later on when IT issues are resolved. By performing a risk assessment, you can identify potential threats and implement preventative measures to reduce the likelihood of a cyberattack and minimise downtime.

Protecting Your Reputation

A data breach can damage your business’s reputation and erode customer trust. When customers lose trust in your business’ ability to protect their information or even just in your ability to protect yourself, they will stop using your business or bypass your services altogether even if they’ve never used them before. As for stakeholders like suppliers, they may be hesitant to work with an organisation that has suffered a security breach, especially as this will disrupt the rest of the supply chain. By performing a Cyber Security risk assessment and implementing preventative measures, you can safeguard your business’ reputation and show customers that you take their data security seriously.

Improving Security Posture

A risk assessment can help you understand your business’ security position and identify areas for improvement. By addressing these areas, you can improve your business’ overall security posture and better protect against cyber threats in the future. You may find your position is actually better than you thought, giving you the reassurance that your IT team or managed service provider is doing their job and looking after the interests of your business. Overall, a risk assessment allows you to ease your fears about cyberattacks as well as the potential loss of your business.

Keeps Stakeholders Informed

A comprehensive Cyber Security Risk Assessment allows you to keep your stakeholders informed and educated on vulnerabilities as well as allows you to inform them of how you’re going about protecting the business and their interests. It also allows you to provide an executive summary to help executives and directors make informed security decisions.

Reduces Long-Term Costs

A Cyber Security risk assessment allows you to fully understand the justification behind costs being made around security, which, as a business owner or decision-maker, you need to fully comprehend just how important this additional expense is. By knowing the vulnerabilities in your IT systems, you can then spend the proper amount of time and money in fixing these issues and mitigating risks, which will ultimately save your business the costs of downtime and of dealing with cyberattacks when they occur. That’s not to say that they won’t occur even with a fantastic Cyber Security posture, but the majority will be able to be prevented and you should be able to stop the worst of the attack in its tracks when one does. You will also be able to get your business back up and running quickly and seamlessly with data recovery responses.

Prevents Data Loss

Data loss can and has destroyed businesses. It has both financial and emotional impacts on businesses of all sizes, not just large enterprises. This includes stress and anxiety due to losing customer records, financial information and key documents; financial impact surrounding the cost of lost business, lost reputation with customers and suppliers as well as with data recovery and breach response; the impacts surrounding legal consequences of not complying with data protection laws.

Improves Communication

This benefit comes from different avenues. First, a risk assessment requires information from different parts of an organisation, so this improves communication between both leaders and departments. It also breaks down barriers between management and IT staff, whether that be internal and/or external, as it allows the two groups to come together to make decisions that relate to the implementation of security requirements for systems, data and access, while also thinking about the security of the organisation as a whole.

Performing a Cyber Security risk assessment is a crucial step in protecting your business from cyber threats. It allows you to safeguard your business’ digital assets and ensure its long-term success. So, don’t wait until it’s too late. Invest in a Cyber Security risk assessment today and reap the benefits of a secure and successful business.

Frequently Asked Questions

  • How often should I perform a Cyber Security risk assessment?

It’s recommended that businesses perform a Cyber Security risk assessment at least once a year or whenever there’s a significant change to their technology systems or infrastructure.

  • What are the key components of a Cyber Security risk assessment?

A Cyber Security risk assessment typically includes identifying assets, threats, vulnerabilities and controls. It also involves assessing the likelihood and impact of potential threats and prioritising risks.

  • Who should perform a Cyber Security risk assessment?

All businesses need to conduct a Cyber Security risk assessment, not just large enterprises. It’s also recommended that businesses hire a qualified Cyber Security professional to perform this assessment as it ensures the assessment is thorough and accurate and that all potential risks are identified and addressed.

  • How long does a Cyber Security risk assessment take?

The length of a risk assessment depends on the size and complexity of the business’s technology systems and infrastructure. Typically, it can take anywhere from a few weeks to a few months to complete a comprehensive risk assessment.

  • What happens after a Cyber Security risk assessment?

After a risk assessment is completed, a report is generated that outlines potential risks and recommended actions to mitigate them. The business can then take these actions to improve its overall security posture and protect against cyber threats.

  • Is a Cyber Security risk assessment worth the investment?

Absolutely. The benefits of performing a cyber security risk assessment far outweigh the cost. By identifying vulnerabilities and implementing preventative measures, you can protect your business from cyberattacks, reduce downtime, comply with regulations and safeguard your reputation.

IT Support, MSP, Technology

What are Tech Warranties?

What are Tech Warranties?

All genuine Australian-certified products sold by a genuine Australian online or physical store have implied warranties under Australian Consumer Law.

According to the Australian Competition and Consumer Commission (ACCC):

“Warranties are extra promises that a business makes about the quality of a product or how it will fix any problems with a product or service.”

These are on top of consumer rights to a repair, replacement, refund or cancellation when there’s a problem with a product or service. Warranties must be honoured by businesses and staff must not pressure or mislead consumers to purchase extended warranties.

That doesn’t mean they don’t ask if you want to purchase an extension though, and nearly every time you purchase some new tech, there’s an option to add an extended warranty. You’ve probably found yourself asking, is it worth it? Would I even need it? Am I crazy not to purchase it?

Honestly, the answer is usually no for personal electronics.

Most of the time, the only people that benefit from tech warranties are retailers as they translate into serious profit margins. If people knew the actual statistics for how long their products last, they probably wouldn’t purchase extended warranties. According to Cyber Shack, a quality smartphone has less than a two per cent failure rate while a good laptop is under five.

Under the ACCC, your product has a warranty for however long it is reasonably expected to last. No one purchases a computer with the expectation it’s going to last only one year, but years, so that’s how long you can legally claim a refund, replacement or repair — your choice — as long as you provide proof of purchase and the fault is a manufacturing one. You may also be able to claim compensation if you can prove loss due to the item and companies cannot deny a claim or refer you to the manufacturer unless you agree. Make sure you also register the standard warranty after purchase so there is no hassle when you do need repairs.

Rather than spending money on extended warranties which can cost between 10 to 20 per cent of the retail price, consider spending that money on backup devices.

Extended tech warranties for businesses are different

When considering warranties for your business, you have different factors to consider, such as risk reduction, business longevity and employee productivity, which means extended warranties for business are needed and are usually part of the cost of doing business.

Pronet only sells our clients servers with 3-year warranties and then just before the end of those 3 years, we highly recommend clients purchase an extra 2 years, which we find most businesses are willing to do. Replacing servers are not as simple as replacing workstations as they take longer to install, test and get up and running as they have to be reconfigured around other network components which can cause delays to your business. If you have the warranty, manufacturers will then keep components available to honour the warranty so if you have older equipment without one, you may no longer be able to find the parts to fix them.

Businesses relying heavily on their computers should only be purchasing business-grade computers which have a base 3-year warranty period rather than the 1-year that personal, domestic computers offer. Our clients are then recommended to purchase an extra 2 years to push this up to 5 years, after which business computers are usually replaced.

Businesses that rely on their computers and technology should be using a managed service provider to look after their systems. It saves you the stress and time of dealing with having to contact and wait for manufacturers to come out and fix or replace the device. Experienced MSPs usually carry spare parts for common devices and systems they set up in your business, so if you have an issue, they can fix it for you promptly. Some MSPs would even carry ‘spares’ of critical equipment which they can loan you while your equipment is being fixed.

As a business owner or decision-maker, you’re constantly evaluating how to lower your risk, and using an MSP is the way to do this. We hope that answered some of your questions regarding tech warranties, but if you have any further questions, feel free to give us a call!

  • Get A Full IT System Assessment

    Call 03 9069 2188

    Or fill out the form below and we'll call you back straight away!

      [recaptcha size:compact]

    • gtee-arrow-3

      All our services are underpinned by our 100% Service Level Guarantee, so the onus is on us to perform and provide you with better service and support for a lower total cost. If we don’t perform well, it’s us who pays, not you!

      • 99.9% Guaranteed system uptime
      • Fast, 15-minute response
      • All your IT needs under one roof
      • ebook-graphic-2

      Download our FREE eBook:

      "8 Common Mistakes When Switching IT Provider" (and how you can avoid making the same mistakes)


      DOWNLOAD NOW

      WARNING: Telemarketers have been posing as Pronet & calling individuals/organisations to sell
      website and domain hosting services.
      Pronet Technology ensures that we DO NOT contact businesses or individuals to offer these products.                                  
      If this has happened to you we apologise and encourage you to email info@pronet.com.au so we can prevent the issue.

      Got it!
      X