Tag Archives: cybersecurity

Cybersecurity, IT Support, Managed IT Services

What should I look for when replacing my IT service provider?

What should I look for when replacing my IT service provider?

Choosing the right Managed Service Provider (MSP) is critical for businesses to ensure that their IT systems are managed effectively and efficiently.

Do you find yourself asking, ‘How do I keep my IT systems running without any issues?’ Business owners have too many day-to-day tasks to complete and think about to want to then deal with IT issues that they don’t fully comprehend. Hence why they then delegate these tasks to others.

Working with an MSP is just that, delegating the accountability of your IT systems to experts who know what they are doing and who can handle the technical aspects of the job. As decision-makers, we know that a major sentiment is that you want IT systems that work, that the whole team is happy with, and, most importantly, systems that look after themselves. You need a provider to manage the whole system and ensure it’s running smoothly so that your staff don’t stress and waste time trying to work around it.

Ideally, unless your service provider grows and you now feel as though they don’t care about you anymore due to your business being too small, or you simply aren’t receiving the service you require for your business, you don’t want to have to change MSPs. The time and effort of researching new providers or people to help fix system issues is a hassle, which is the primary reason business owners simply stay with their provider, even though they are receiving poor service. You may feel guilty for wanting to move on or have built ties with the provider and its staff, but your IT provider should be looking out for your best interest and if they’re not, you need to start looking elsewhere.

After talking to our new clients, especially within a month of working with them, we’ve learned that many of them wish they’d changed providers years before something happened that triggered the change. So, if you’re in a similar situation, on the search for a new MSP or your business has simply grown in size that you now require one to handle your IT systems, here are some factors that separate a good MSP from a bad one.

Responsiveness

A good MSP should be responsive to their client’s needs and provide timely support when issues arise. They should have a dedicated help desk and clear escalation processes to ensure that issues are resolved quickly and that they address them in a way that reduces your business’ downtime while keeping the business running and your staff working. The MSP should have a Service Level Agreement (SLA) in place which outlines the services provided to you, response times, support constraints and your business responsibilities.

Proactivity

A good MSP should take a proactive approach to IT management, monitoring systems for potential issues and implementing preventive measures to avoid downtime and security breaches. This behind-the-scenes work from the MSP is essential for your business’ success as your company should not be reaching out when it has a problem, which is what happens with Ad-hoc support; it’s about prevention and responsiveness when an issue does end up occurring. 

Expertise

The MSP you’re changing to should have a team of skilled and experienced IT professionals with specialised knowledge in a variety of areas, including your server platform, network management and cabling, firewall, Sophos, Cisco networking and cloud computing integration, and they should be Microsoft Certified.

Expertise in Line–of–Business (LoB) Application

Line of Business applications refers to the set of critical programs that are vital to the day-to-day running of your business. These are usually large programs that contain a vast amount of capabilities integrated into them that then tie into the rest of your databases and management systems. Some examples of these are SAP, Sage and Microsoft Dynamics and each of these vendors has support systems that are separate from your IT service provider. Unfortunately, a LoB support doesn’t necessarily care about your business, just their base software, and when all your systems need to work in conjunction, you need to ensure you choose an IT provider that has exposure to your LoB. Keep in mind that most won’t have expertise in the LoB, as it’s not their field, but they should have exposure and they should be willing to take on the technical jargon and be the middleman between your business and the LoB support team. As a business, you don’t want to be the trouble-shooter, so if, for example, you have a printer problem in SAP, your IT support will then work with SAP with the technical how-tos and fix the issue. Make sure your MSP is willing to take this on.

Communication

MSPs should maintain open and transparent communication with their clients, providing regular updates on system performance, service level agreements and other important metrics. While as a business owner or manager, you’re looking to outsource your IT systems and management so that you don’t have the added stress of understanding how to fix or prevent problems, it’s still essential that you know what is happening, especially considering IT is such a crucial element of your business. You should be communicating with your MSP in a broader sense and their recommendations should be used in the long-term planning of your business.

Flexibility

You don’t want to go into partnership with a rigid MSP that have you stuck in a fixed price plan. An MSP should be able to customise its services to meet its clients’ unique needs and requirements. Every business is different and a one-size-fits-all approach won’t cut it, so the MSP should be willing to work collaboratively with you to develop customised solutions that fit your budgets and objectives.

Reliability

A good MSP should have a track record of reliability and stability, with a strong reputation and positive reviews from clients. Oftentimes, you will find this listed on their website or socials, such as testimonial quotes or videos, but make sure to check out review sites like Google and CloudTango, or even read through the comments on their socials, as well as through forums like Reddit and Quora. You might even want to read through employee reviews on Seek as this can give you an indication of how the business runs, like whether they are understaffed and taking on too many clients, meaning your company may not receive the level of service you require. 

Cyber Security

More and more companies are realising the importance of Cyber Security, so when looking to switch MSPs, make sure the provider has the practical expertise in Cyber Security and the necessary technology stacks. Traditional security such as antivirus, firewall and monitoring are just not enough when it comes to Cyber Security. If an attack occurs, Cyber Security, such as browser isolation technology, can isolate the threat within half an hour of detection into a secure computer or network, preventing it from accessing the rest of your systems. This technology is incredibly efficient so make sure the IT service provider you’re looking into has this type of technology in its systems.

Questions to ask when contacting MSPs

When searching for a managed service provider, small and medium-sized enterprises should consider asking variations of the following questions, based on the factors listed above, to make sure they are suitable for your business:

  • What services do you offer? It’s important to understand the MSP’s core offerings and whether they align with your business needs. For example, if you need help with Cyber Security or cloud computing, you’ll want to find an MSP with expertise in those areas.
  • What is your pricing structure? Make sure you understand the MSP’s pricing model, including any additional fees or charges that may apply. Ask if there are any discounts or package deals available based on your specific needs.
  • What is your level of experience? Find out how long the MSP has been in business and what types of clients they have worked with in the past. You may also want to ask about their certifications or other credentials that demonstrate their level of expertise. Other than this, ask if they have experience in or exposure to your line of business (LOB) application/s, i.e. SAP, Sage or Microsoft Dynamics.
  • How do you handle security and data privacy? Cyber Security is a major concern for SMEs, so it’s important to ask about the MSP’s approach to security and data privacy. Find out what measures they take to protect your data and what protocols are in place in case of a security breach.
  • What is your response time for support requests? Make sure you understand the MSP’s response time for support requests and whether they offer 24/7 support. Many smaller MSPs don’t offer 24/7 support as it’s often not needed, but if you operate internationally, you might need this. Ask about their escalation procedures in case of an emergency.
  • What is your onboarding process? Ask about the MSP’s onboarding process and what steps they take to get to know your business and its unique IT needs. This can help ensure a smoother transition and better service in the long run. Also, ask them if you will be the middleman between the old and new providers or if they deal directly with the old MSP to get passwords and access to systems.
  • Can you provide references or case studies? You might want to ask the MSP for references or case studies from past clients. This can give you a better sense of their level of service and expertise and help you make a more informed decision. MSPs often have this on their website, but if not, see if they’re willing to give you references.
  • Do you have any service level agreements in place? This will often happen when signing on with the provider and details expectations in your partnership. This allows you to hold the MSP accountable and ensures they take ownership of their work as they’ve agreed to it in advance.
  • Does you outsource your support to overseas call centres? We’ve found speaking that English alone is not enough, the people you are speaking to need to have familiarities with your local culture and local knowledge, such as with nbn and local terminology.
  • Can the technical staff that I will be dealing with speak in layman’s terms? You may have experienced the frustration of dealing with a technical person who speaks technical jargon and with technical terms that go way over your head. Sometimes it can seem as though they are talking down to you, even though they don’t mean to, so double-check that the MSP’s technical staff are approachable and can ‘dumb down’ issues to you.
  • Do you offer any backup and disaster recovery services? Data backup and recovery solutions are critical to ensure your business’ continuity in the event of data loss, hardware failure, natural disaster or cyberattacks. Also ask where they keep the backups, whether it’s a combination of on-premise and cloud backup or just one of the two.
  • What reporting and monitoring capabilities do you have? An MSP has access to your company’s data and should remotely monitor, update and manage your services while reporting on quality and performance of the service. While this is standard among MSPs, double-check with the one you’re receiving a proposal from to see how they are monitoring your data and whether they can proactively stop future problems from happening.

Finally, it’s incredibly important to discuss the list of problems and frustrations you currently have with the provider you’re looking at working with to see what solutions they have for you.

These questions will help you understand the MSP’s capabilities, experience, and approach to customer service. It’s important to choose an MSP that meets your specific needs and can provide the support and services necessary to help your business succeed.

Overall, choosing a good MSP is critical for businesses to ensure that their IT systems are optimised and managed effectively and efficiently. Costing is often one of the last considerations, as long as you see value for your money. Therefore, businesses should evaluate potential MSPs based on these factors to ensure that they choose a provider that meets their needs and expectations.

Cybersecurity, IT Support, Managed IT Services

The 10 Disaster Planning Essentials For Small to Medium-Sized Enterprises

The 10 Disaster Planning Essentials For Small to Medium-Sized Enterprises

If your data is important to your SME and you can’t afford to have your business halted for days, or even weeks, due to data loss or corruption, then you need to read this report and act on the information shared. A disaster can happen at any time and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster occurring before you have a plan in to handle it. This post outlines 10 things you, as a business owner of, say, 20 to 80 computers, should have in place to make sure your business is up and running again in the event of something going wrong.

Have a written plan

As simple as it may sound, just thinking through in advance about what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting your business back up and running fast. At a minimum, the plan should contain details on what risks could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key websites.

Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that you can follow so that you can get back up and running within that time frame. You may want the ability to virtualise your server, essentially allowing the office to run off of the virtualised server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper options. Once written, print out some copies to store in a fireproof safe, off-site at your home and with your IT consultant.

Hire a trusted professional to help you

Trying to recover your data after a disaster without professional help is business suicide; one misstep during the recovery process can result in forever losing your data or result in weeks of downtime. Make sure you work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you can restore your network) and experience in data recovery. If you have a Managed Service Provider, an MSP, ensure they have experience in these areas.

Have a communications plan

If something should happen where employees couldn’t access your office, e-mail or use the phones, how should they communicate with you? Make sure your plan includes this information including multiple communications methods.

Automate your backups

If backing up your data depends on a human being doing something, it’s flawed. The #1 cause of data loss is human error, such as people not swapping out tapes properly, someone not setting up the backup to run properly, etc. Always automate your backups so they run like clockwork.

Have an offsite backup of your data

Always, always, always maintain a recent copy of your data off-site, on a different server or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.

Have remote access and management of your network

Not only will this allow you and your staff to keep working if you can’t go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant like an MSP should be able to access your network remotely in the event of an emergency or for routine maintenance. Make sure they can.

Image your server

Having a copy of your data off-site is good, but keep in mind that all that information has to be restored someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications, like Microsoft Office, your database, accounting software, etc., even though your data may be readily available. Imaging your server is similar to making an exact replica; that replica can then be directly copied to another server saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations or favourites. To find out more about this type of backup, ask your IT professional.

Network documentation

Network documentation is simply a blueprint of the software, data, systems and hardware you have in your company’s network. Your IT manager or IT service provider should put this together for you. This will make the job of restoring your network faster, easier and cheaper. It also speeds up the process of everyday repairs on your network since the technicians don’t have to spend time figuring out where things are located and how they are configured. Finally, should disaster strike, you have documentation for insurance claims of exactly what you lost. Again, have your IT professional document this and keep a printed copy with your disaster recovery plan.

Maintain Your System

One of the most important ways to reduce risk to your business is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.

Test, test, test!

A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 per cent of companies test their disaster recovery plan just once a year, while 14 per cent never test. If you are going to go through the trouble of setting up a plan, then at least hire an IT pro to run a test once a month to make sure your backups are working and your system is secure. After all, the worst time to test your parachute is after you’ve jumped out of the plane.

Want help in implementing these 10 essentials? Call us on the number above to discuss how we can tailor a plan that suits your individual business needs.

Cybersecurity

How Cyber Culture Can Dramatically Boost Your Business & How to Build One

Only 25% of business leaders are confident with their organisation’s cyber security awareness. This is alarming with how large of a risk cyber threats pose in 2023. Business owners like yourself need to understand the importance of Cyber Culture. Not only does generating a healthy Cyber Culture in the workplace strengthen cyber security dramatically. It also can have a positive impact on your profitability, customer retention, and employee productivity. So why wouldn’t you take this advantage of defending your company in one of the best ways possible?

What Even Is “Cyber Culture”

It can seem quite a substantial term, but it only has one simple meaning. Cyber Culture is about making cyber security an important part of an employee’s job. The end goal is to embed the practice into the staff’s day-to-day actions, something that should be considered before each decision. The best kind of Cyber Culture needs to influence employees’ thinking to better develop resilience against cyber threats.

To stay relevant and confront new security challenges, businesses must continually adapt to the changing digital environment. As an owner, fostering a strong cyber culture enables staff to stay vigilant and respond quickly to new threats. We will talk about the benefits for your business and how you can easily begin implementing a strong Cyber Culture today.

Benefits of Developing Cyber Culture

Improved Profitability 💰

Cyber threats are costing Australian businesses millions each year and attacks on SMEs average out at $60,000. More than half of data breaches constitute a significant portion of the costs that companies incur. Your company won’t only suffer direct financial loss, but also indirect losses, such as a damaged reputation and lost customer trust.

Investing in a strong cyber culture can help prevent a wide range of potential threats in the future, including costly financial ones. Such investments should therefore be viewed as worthwhile in protecting a company’s long-term security and success.

Increased Customer Retention 📈

Customer trust is a key factor in whether or not people will conduct business with you. Customers are far more likely to do business with a company that hasn’t previously been exposed to multiple breaches. Data safety is a must, did you know 88% of consumers are only willing to give out their information if they trust the company? Also, an identity survey found that consumers are abandoning brands after they find out about data breaches.

By building customer trust through strong cybersecurity measures, you can easily boost profits through improved customer retention. Additionally, showcasing robust cybersecurity at your business can also help enhance its image and make it more appealing to potential customers.

Increased Retention of Employees and Boost in Productivity 📝

Just like helping organisations retain and attract customers, strong Cyber Culture can also benefit employees by reducing stress and increasing productivity. A well-trained workforce that is equipped to effectively handle cybersecurity threats will be better able to perform their tasks and contribute to the organisation’s overall success.

It’s found that when a data breach occurs, 33% of employees feel highly stressed at work. On top of that, about 24% of leaked data is always personal employee information.

I bet you’d want your employees to feel secure and know their personal information won’t be compromised when working for you. By fostering a strong Cyber Culture and effectively communicating with employees, companies can earn their trust, improve employee loyalty and increase their productivity.

How Can You Start Building A Cyber Culture?

It’s crucial to understand that creating a Cyber Culture is a team effort, in which everyone from executives to employees plays a role. A strong cybersecurity culture must be led by example, starting with leadership and spreading throughout the organisation.

While cybersecurity experts may spearhead the technical strategies and efforts, it’s essential that all leaders, including the board of directors, are aware of the importance of cybersecurity, aligned with its purpose and demonstrate appropriate behaviour.

Focus on the Fundamentals 💡

A secure cyber plan can start with the basics, such as strong passwords. It seems trivial but owners still fail to implement policies that ensure the basics happen.

Companies should implement protocols for creating and maintaining strong passwords using a combination of characters that are difficult to guess. Additional layers of security such as Two-Factor Authentication or Single-Sign-On can further enhance protection against attacks.

Educate Employees 🎓

Cyber attacks are not a matter of “if” but “when” will it happen. It’s impossible to achieve 100% protection, and with human error accounting for over 85% of attacks, a Cyber Culture will go a long way in boosting your defence. Therefore, employee education through formal cybersecurity training would help them respond better to attacks and prevent future errors.

There is an abundance of online resources to help you achieve this, from articles to quizzes, and even entire simulated activities for teams to complete. The choice is yours, but some level of training needs to be completed on regular basis.

Share the Responsibility 👬

We touched on this before, but just to reiterate, creating an effective cybersecurity program requires a shared effort across all levels of the company. Your organisation’s cybersecurity goals and vision must be communicated to all employees. Doing so ensures that everyone understands and contributes to its implementation, benefitting the organisation as a whole.

Keep a Feedback Loop 🔁

To maintain a healthy Cyber Culture, it is important that all employees feel comfortable reporting any issues or concerns related to IT and cybersecurity. Creating an open channel of communication, where employees can easily report their worries or ask questions, can help ensure that any vulnerabilities are identified and addressed quickly.

If staff report something that they unknowingly did wrong, make sure you and your IT people (MSP) don’t blame them. Staff must feel comfortable reporting it, so they can learn for next time. A key component in suppressing further mistakes and healthy Cyber Culture. 

Conduct Drills 🚨

What happens if a threat occurs? It’s important employees know what to do if an attack happens, this will greatly reduce further damages and extra costs. Drills on real-life scenarios should be conducted to prepare staff and teach them how to handle cyber threats.

Help Employees to Realise Cybersecurity Impact Them Personally 👷‍♂️

Helping employees understand the personal impact of cybersecurity can be a powerful motivator. It has the ability to increase engagement and participation in a company’s cybersecurity efforts. 

Helping employees understand the very real consequences of poor cybersecurity practices, maybe a harsh reality but nonetheless true. Highlighting real-life examples of similar attacks and their effects on other companies and individuals is important. 
Here are some examples of real-life effects on employees 

  • If the company is compromised it may incur losses so great, that the only solution is to lay off employees due to restricted funds 
  • Employees will ultimately be the ones dealing with upset customers due to a data breach 
  • If systems are down due to a comprise, it will push employees’ work schedules back and may lead to extra hours in the office 
  • Employees’ details are on the line, if a data breach occurs, it could be their personal information getting leaked  

Not That Hard, Right?

Now you know everything you need to start generating a healthy Cyber Culture at your company.

This culture must be embedded into the core values of the organisation and practised by all employees at all levels. This includes regular training and education on cybersecurity best practices, creating open lines of communication for reporting concerns and establishing clear protocols for incident response.

In addition, cybersecurity should be considered in all business decisions, and not as an afterthought. Without a strong cybersecurity culture, organisations risk significant financial, reputational and operational damage if a cyber attack occurs. Therefore, companies must take proactive measures, and create a strong cybersecurity culture to protect against threats.

Cybersecurity, IT Support, Managed IT Services

How to Protect Company Data & Safely Dispose of Old Devices

Entering the new year, I bet there are lots of exciting new changes for you and your business. One of them might be the luxury of new devices around the office space. New work mobiles, laptops, computers or even tablets. We can easily get wrapped up in the excitement of using new tech but we mustn’t forget our old devices gathering dust.

Your old devices will most likely contain personal or confidential company data. Before you decide to clear up some office space and chuck out the old work computers, it’s important that you erase the data to prevent it from falling into the hands of criminals.

61% of all data breaches involve stolen credentials, so you need to dispose of your old devices properly to prevent potential attacks on your business down the road. Here is how you can make sure.

The Simple (but not 100%) Method

Factory resetting the device will do the trick for casual smart device users or businesses with no confidential data. This is a procedure that restores the device to its original settings and removes all data at face value. This can be completed on any smart device and computer, with the feature being found in the settings, it can be performed in a matter of minutes. A quick google search should quickly reveal how to factory reset your specific device. This method is the easiest way to guarantee your data has been somewhat erased before parting ways.

I say somewhat because this method doesn’t entirely erase a device’s data. While data seems to have disappeared, it can still be recovered by various software that can retrieve “deleted” files.

The Nail in The Coffin

If your business handles a lot of confidential data, such as payment information, customer details etc. you need to take things a step further. While there is software to restore “deleted” files, there is also software to entirely wipe your device’s hard drive (for good).  This specific software rewrites the entirety of the hard drive to ensure no trace is left and the previous data is irretrievable. It’s vital to do this because if not, anyone who performs a google search will learn how to recover your supposedly deleted files. You’ll find plenty of various products online that can do the job and are all reasonably affordable.

Once that has been done the next step is to physically damage the device for 100% certainty. An example is drilling multiple holes through a hard drive. This sounds extreme but must be done to get complete assurance confidential data cannot be retrieved and used against your business.

*If you’re in the government sector your data might need to be sent off to official sites to get verification of its proper destruction*

These extra steps can seem excessive, but lucky for you there’s an easy way. If your business is partnered with an IT Provider, they handle this for you. They will thoroughly perform each step so you can rest easy knowing company data won’t fall into the hands of criminals.

Not Safe Just Yet

In addition, any online accounts created with the device must also be deleted. This is important if you no longer have the device in your possession and want to ensure that no one else can access your data linked to those accounts. Closing online accounts associated with a smart device will help prevent security breaches or unauthorised use of personal data.

Summary

This post provides guidelines for properly disposing of old smart devices to safeguard your data and privacy. These steps include properly wiping the device’s data and closing any associated online accounts. These precautions can help prevent company security breaches and protect your personal information from being accessed without your permission.

Cybersecurity, IT Support, Managed IT Services

Keep Your Business Reputation Intact in Wake of a Security Breach 

Cyber attacks are outright devastating for Australian businesses. Not only causing extreme financial loss but potentially long-lasting reputation damage. With customers’ lack of trust, this could make it incredibly hard for your business to get back on its two feet. 

So how do you protect your reputation in wake of a cyber attack? 

The key is to be transparent and open to all stakeholders. No longer can businesses hide behind their office doors and customers kept in the dark until the situation blows over. People will ask questions and it’s your responsibility to answer them as truthfully as possible. When a cyber attack strikes you’ll most likely be hit by a barrage of enquiries and addressing the public may be forgotten about. That’s why your business needs to be prepared and plan ahead. 

We have created some guidelines that MUST be followed at minimum to prevent this from happening. We will outline what you need to have in place before, during, and after a data breach, to help prevent lasting reputation damage.  

Before an Attack: Not IF but WHEN

Before we begin, let’s establish why it’s best to prepare now, and there are two key reasons. Firstly, cyber attacks are so frequent that it’s no longer a matter of “if” it will happen, but “when” it will happen. The second reason is when systems are compromised, people panic, emotions run high, confusion sets in, and mistakes will get made. If the preparation has been done, when disaster strikes it will greatly reduce the chance of mistakes.  

One of the first things to do is assemble a team of in-house incident responders and equip them with the necessary tools for the job. Make sure to provide proper training on evidence collection and storage processes. When disaster strikes, they’ll know what to do and will be the ones to ensure all procedures are being followed. 

Establish a communication channel that is available around the clock. Focus on informing internal stakeholders in the event of an attack. It’s important to keep communication open to ensure trust and transparency. 

Set up a notification process that involves relevant departments, such as marketing and legal. Decide on a plan for informing customers, regulators, and law enforcement. Having this in place prior helps streamline the process of notifying parties immediately. 

Consider offering unique services to affected clients. This depends on the nature of your company and the assets at risk. One example is identity protection for customers whose information has leaked. These are a gesture to show your commitment to continuing the customer relationship. 

During The Attack: Be Strategic

Keep internal stakeholders updated on developments. As well as the steps your company has taken to ease the situation. Keep phone lines open, although sending email updates has proven to be more efficient. Be sure to create a timeline of events as you go along. 

Identify and document the following information and evidence as much as you can. These are needed when the time comes to notify clients and the public about the breach: 

  • Compromised systems, assets, and networks 
  • Patient zero, or how the breach happened 
  • Information in affected machines that has been disclosed, taken, deleted, or corrupted. 

If your company has a blog or a page where you can post company news, draft up an account of the events from start to finish.  It’s also good to include what you plan to do in the next few weeks following the breach. Be transparent and effective. This is a good opportunity to show clients the company’s initiative to rectify the problem. The Chief Marketing Officer should take the lead on this. 

After an Incident: Keep the Momentum

Notify your clients and anyone else that may have been affected by the breach. 

  • Put out company news or blog posts the company has drafted about the cybersecurity incident. 
  • Send emails linking back to the blog and social media. 

You must prepare to receive questions from clients and anyone interested in learning more about what happened. Expect to have uncomfortable conversations and receive criticism, some people will always be less understanding than others. 

Offer those extra services to clients, which you have already thought out and prepared for in the first phase. Even if they don’t wish to receive the offer, the gesture will show your commitment to amending customer relationships. 

Regain stakeholders’ confidence and trust by focusing on breach preparedness & containment strategies. Based on post-incident discussions, implement new processes. This will help prove the company’s commitment to its clients. This can turn the stigma of data breaches on its head.  

Audit the information your company collects from customers to see if any is not a necessity to do business. The logic behind this is the less data you keep on customers, the less data at risk. Make sure that all your stakeholders know which information you will not be collecting and storing anymore. 

Last, be sure to recognise the hard work of your employees and reward them for it. Yes, they’re your stakeholders and shouldn’t be forgotten. Especially after the event of a cybersecurity incident. 

Conclusion

Knowing how to manage your business’s reputation is seen as a competitive advantage. It’s one thing to know how to recover from a cybersecurity incident. It’s another to know how to keep the brand’s image intact despite the negative attention.  

Remember that a breach can happen to any company from any industry. How your company acts before, during, and after the incident is what will be remembered. Use that to your advantage. 

We hope you’ve been able to take something away from this. With cyberattacks continuing to wreak havoc for Australian businesses, it’s best to be prepared. These key steps are vital to preventing lasting reputation damage at your organisation. 

Cybersecurity, Managed IT Services

5 Crucial Cyber Security New Year’s Resolutions For 2023

We’ve all had those new year’s resolutions, we start strong for the first couple of weeks. Then quickly reminded by how busy being in business is and our priorities shift. Our good intentions slowly get forgotten about and never picked back up.

If you’re here, it’s because you want to do the most crucial thing you can for your business. Make sure your cyber security is up to snuff.

Whether you’re starting from scratch or want a fresh perspective, we’ve listed key goals you must work towards so that your cyber security resolutions will not die in spirit. Here is everything you need to get the ball rolling with your cyber security today.

Let’s be clear, this might be daunting, but let me remind you this isn’t a solo effort, cyber security is a collaborative process. Work with your IT provider, HR, and the entire team to discuss, brainstorm, and implement these tactics. Rome wasn’t built in a day and neither will your cyber security. Take your time and get each step right from the start.

Here are 5 cyber security resolutions to prepare your business for online threats in 2023.

Perfect Your Password Policy

I get it, passwords, how boring. Listen though, I’m going to tell you something you probably haven’t heard before.

You’ve always been told for staff to change their passwords frequently, let’s scrap that. It’s obvious to both of us that getting staff to constantly change their passwords is nearly impossible, time-consuming, and annoying. Requiring frequent password changes only leads to users making small adjustments to their already simple, previous password, resulting in weaker security.

Users should have strong and unique passwords for each account. To help achieve this, only enforce password changes when there is suspicion that passwords may be compromised. Now, staff can focus on creating a stronger password, knowing it won’t need to be changed anytime soon.

A simple way to implement this? Promote the use of unique passwords by using a password manager, it will do all the hard work for you. They can create and store an unlimited amount of passwords for all staff, it’s a tool that will save your team loads of time.

If you’re a micro business there are lots of free password managers. If you have 10+ staff, you’ll need to pay for a business-based password manager. Our top business password manager recommendations are Keeper, Password Boss and LastPass. At Pronet we use Keeper for ourselves and all clients. Its extensive sweep of security features makes it one of the best options for cyber security.

Top it off with the security measure in our next resolution.

Enforce Multi-Factor Authentication (MFA)

Do you know how you get a text asking to enter a 6-digit code after your login details? Yeah, that’s a form of MFA and it’s extremely important now.

So important that enabling MFA reduces the chance of your account being hacked by 99.9%. Hackers will not be able to access your account unless they are physically able to get your MFA-enabled device. Let’s be honest that won’t happen because I don’t think they’re leaving their bedroom anytime soon.

Making sure all your staff and all their accounts are set up with MFA is a MUST this year. It may not be something you can directly implement yourself, so make sure your IT team put it as a top priority. It’s on you to make it happen!

And a little bonus. Some of the current password manager apps allow you to use MFA within them. The same application can be used to enable strong passwords and implement MFA. Talk about cost-effectiveness.

Remove Old Users from Your Systems

One big cybersecurity resolution for the new year is to clean up all those old user accounts.

If your company has active accounts from old employees, it dramatically increases the potential vulnerabilities in your organisation. An attacker only needs to find one set of login details to gain access to your systems.

Let’s not waste any time with this one, start removing unnecessary accounts to reduce the risk of hackers infiltrating your network. That’s not all. If you want to stop this issue from coming back up there’s one more thing to do.

It’s even more important to change your policies to ensure the principle of least privilege is followed. What this means is that users should only have access to the resources they need to do their job. When that access is no longer needed it should be revoked.

This becomes especially important when employees change roles, leave the company, or are terminated. They may attempt to abuse their access and cause harm to your organisation through actions such as stealing or destroying data, planting malware, or other malicious actions.

Let’s get rid of those old accounts and get new policies in place to prevent the issue going forward.

Conduct A Risk Assessment

I do not doubt your business has experienced some kind of change over the year. Whether that means changes to your systems, structural arrangements, technology or more, your business is in a state of flux.

Due to that, a yearly risk assessment is so important. It gives your company a chance to take note of all of these changes and analyse the threats to your security.

Once your organisation has an updated view of the challenges it faces, it can plan successfully for the future. This may include adjusting security plans and policies to stay safe in the coming year.

Without conducting a risk assessment based on all the changes, it could cause you to focus in the completely wrong areas. Not only wasting time and resources but also leaving your business vulnerable in to threats.

Get that new year risk assessment done ASAP.

Quarterly Employee Training

This might seem daunting, but one, it’s the most important, and two, it’s not as hard as it seems.88% of data breaches are caused by employee mistakes. Human error is still the driving force for cyber security issues, you’re asking for problems by ignoring staff training.

When it comes to training staff, there are already so many resources online where the work is practically done for you! Videos, articles, and interactive quizzes are readily available and can be accessed at staff members’ own pace. All you need to do is point them in the right direction.

Be sure to make it relevant. Relate training materials to your staff’s job responsibilities and the types of threats your organisation is most likely to face. Of course, you’ll know exactly what kind of threats your business will face from that risk assessment. This will help ensure that the training sticks and that staff are more likely to use the skills they learn on the job.

Training provides a good opportunity to remind your staff of policies, but they also allow you to update them on the latest threats. Your employees are often the first line of defence in a cyberattack, so don’t underestimate their role when it comes to protecting your company.

Conclusion:

There you have it, our 5 cyber security New Year’s resolutions. 5 things that we believe are a must to implement to have the best chance of being protected this year. With cyber crimes predicted to soar in 2023, you don’t want to take any chances, especially with your business.

Remember what I said initially: cyber security is a collaborative effort. Work with others in your organisation to ensure this gets done, otherwise I can guarantee you will fall short. Tackle one at a time and get them right from the start. Good luck and I wish you a successful year ahead!

Cybersecurity, Managed IT Services

Christmas Crackdown: Why Business Owners Are Tightening the Rules for Online Shopping at Work 

It’s alarming to know that nearly half of social media users have fallen victim to shopping scams.  

It may seem like a good idea to avoid the shops at this time of year. If your employees are doing some last-minute Christmas shopping at work, it’s important to ensure that your business is protected. Online shopping scams are on the rise, especially this time of year. With the damages for business owners being so high, it’s not a risk you want to be taking. 

The Dangers of Online Shopping at Work 

Unfortunately, new research shows that 47% of people click on dangerous links. They think they’re getting a great deal, but instead, give up financial & personal details to cyber criminals. I know it’s the season of giving, but let’s not get too carried away.  

Your employees don’t only risk giving up their personal information, but risk your device and potentially exposing your company’s entire network to criminals.  

It’s not just shopping scams employees need to look out for. Phishing scams also manage to trick 36% of people into revealing personal data. Phishing scams are where you get an email that seems to be from someone or somewhere you trust, but it’s not. 

Remember that account you never made, emailing and asking you to update your payment details? You probably don’t remember it because good chance you never actually made the account. It’s just a scam.  

The same 36% have also fallen for gift card scams. Where criminals gain the trust of victims and try to persuade them to buy gift cards or online vouchers. Not in the Christmas spirit at all. 

See, with all the benefits online Christmas shopping can bring, there are a lot of nasties you and your staff need to be aware of.  Especially this time of year. 

The Damage It Can Bring to Your Company 

Let’s talk about what kind of damage you can expect, and it’s not pretty. If employees do happen to click on malicious links or download an infected file, the results for your business can be devastating.  

Cyber attacks are now so harmful that the risk goes beyond the loss of data and reputation. Once victim to attack, criminals can force you to cease your business operations altogether. The cost of downtime has proven to be enough to put people out of business for good. An astounding 60% of SMEs that fall victim to cyber attacks go out of business after the first 6 months. 

Yeah, not the kind of Christmas present you’d want, so let’s talk about how we can avoid this happening at your company. 

How You Can Lower the Risk Today  

Here are some ways to help you protect your employees, and more importantly your business this holiday season. 

While technical protections such as firewalls, antivirus, and strong password management are important, the focus needs to be on training your team. It should be known that the most effective defence is a team that can recognise a threat when they see one. Investing in your team’s training and education will help them stay vigilant and protect your organisation against potential attacks. 

Make sure your staff are aware of the latest scams and know what warning signs to look out for. At a minimum make sure all staff are  

  • Check website links are genuine 
  • Making sure websites are the real deal  
  • Being suspicious of offers that look too good to be true 

It is also important to have a plan in place that can be implemented as soon as a security breach is detected. All staff should know how to report incidents immediately and who to notify. The faster your team can respond, the more damage you can prevent and the associated costs that follow. In some cases, it may be possible to stop the breach before it negatively impacts your business altogether. By being prepared and having a clear plan of action, you can minimise the risks and protect your organisation. 

If you’re after the quickest way to make sure your team is keeping an eye out for scams, send a quick email reminder. Take the points from this article and forward them to your staff. Even better, forward the entire article! The best thing you can do is make them aware. 

There you have it, some easy ways to protect your business from online shopping scams. We hope you’ve been able to take something away or give you something to think about. 

Cybersecurity, Managed IT Services

Quick Tips for Employees to be Cyber Safe

Among all the components that a business needs to operate successfully, cybersecurity has now become one of those essential components. In the wake of COVID outbreak, businesses have stepped up their digital adoption, and threat actors are ready to grab the moment by going after companies of all sizes and industries. The year 2021 will go down in history as one of the most successful in terms of both security breaches and cyberattacks.

No matter what industry you’re in, attackers have no limits on what they may do. They just care about the data they can get their hands on and the money they can get for it. Even now, the attacks are getting more aggressive and smarter. If you are an employee of the company, then you must understand that you are on the front line of information security. Therefore, it’s important to stay on guard to help assure your company’s data is safe and secure. This article will focus on the best practices that employees should try to follow as human factors remains the primary reason for most of the cyberattacks happening in the world. Silly mistakes can bring devastating results and even complete closure of businesses in many cases. So, it is the duty of the employer and the employee too to be aware of cybersafe practices and follow them to remain safe. Let us start with these quick things:

Credit: Pronet Technology

Never Use the Company Email Outside of Work
For the sake of having all the updates in one single email, it is commonly seen that people use their work email for personal use, like for shopping, dining, etc. While it makes life easier, it’s also one of the riskiest things a person can do. Doing so unintentionally can put a business or corporation at risk. Your email can reveal confidential information about your company, which could cause the business to fail.

For instance, Australia’s one of the big universities, i.e., Deakin University was also a victim of cyberattack recently when an attacker used a staff member’s username and password to access student information via one of Deakin’s third-party providers. So, if you’re going to use your business email for personal purposes, think again about it.

Mind Your Clicks
It is human nature to click on pop-ups, links, and ads if we personally receive them to know what value they offer. And, hackers savagely target this weak point of humans, and just with one click, they get access to your company data in a matter of seconds. These can be delivery emails pretending to be from DHL or Amazon, amazing offers, and so on, all designed to entice the reader to click the link. So, if you ever get an email with a link in it that doesn’t pertain to you, I suggest avoiding forwarding or clicking on it, and only notifying your company’s security staff. This would allow your company to put a halt to the attack and prevent it from spreading further at the time it occurs.

For instance, this is the phishing email we received a few days ago where the hacker portrayed himself as the shipment company DHL, but our employees are well-educated about the cyber safe practices and no one clicked on the link. The catch here was that the email i.d. that was used to send did not belong to the DHL company and all our employees realised the same.

Credit: Pronet Technology

Educate Yourself About Phishing Scams
Phishing scams are the most common scams that result in a security breach. Hackers or phishers lure employees to click on links that ask you to enter personal or company information, and once the information is entered, the whole network of the business is exposed to the hackers. It is very crucial to understand the difference between a genuine link and a corrupted one. If you are unsure of the link or email you have received to fill in the details, I suggest you immediately consult your I.T. department to verify. This will help prevent any cyberattacks.

Use Strong Passwords
So, again, to make our lives easy, we all use the same passwords or common passwords at work and in our personal lives. It simplifies our lives and even the lives of hackers too. Keeping common passwords gives an open invitation for hackers to compromise all the accounts using that password and, through them, give access to your company’s or business data. The last thing anyone would want is to be held responsible for such a devastating setback for a firm. So, just be mindful when creating passwords for the tools and software you use at work.

Never Share Passwords
So, another human trait is to have passwords written somewhere or to share them with someone trustworthy (according to you), which is not at all a good practice. Being humans, you never know when a person’s intention changes and it might be too late before that person misuses the information you have shared. It is a good practice for both personal and professional life not to share passwords with anyone. 

Use 2FA While Logging into Devices, Software, etc.
An extremely safe option to use for staying safe in the present unsafe digital environment. You can try using different apps to have the authentication turned on for all of the logins. This will keep everything safe and even alert you instantly when there is an attempt to hack the accounts.

Make Sure all the Updates are Followed
Another thing that most of us ignore is the pop-up messages that come on our screen to update certain software, applications, etc. Usually, we all ignore or delay updating the installed software or applications, and this opens the gate for hackers to compromise the system from your machine, using your identity passwords, and have access to all your company’s sensitive data. If your company sends out instructions for any security updates, it is wise to install them all right away. Cyberthreats often take aim at your data. I am sure no one would want to be the reason for a cyberattack at their workplace, so next time when you see the update message on your screen, take the necessary action immediately.

Talk to Your I.T. Department
It is a good idea to learn more about the best practices to follow to be safe from cyberattacks online without any hesitation. Your I.T. department or I.T. partners will always advise you the best when it comes to cybersecurity. Reaching out to the I.T. department or person to alert them of any possible warnings is also advised to keep away any threats.

Use the Latest & Relevant Technology
Another major thing to keep in mind is to use the latest versions of tools, software, and technology in the workplace. If the licence of the software, applications, etc. you are using has expired or needs an update, do take the necessary action immediately as these outdated versions are most commonly used by hackers to attack. It is usually the duty of the I.T. department or external I.T. partner to suggest the best technology, but the employees should also be aware of putting forward any demand or need they have when it comes to technology they are using.

You Can Avoid a Data Breach

Having the right knowledge about how to identify spoofed content, links, emails, etc. is very crucial for strengthening your company’s defence against cyberattacks. Always remember: one corrupt click by you could let in a hacker and a single delay or failure to fix a flaw in time could become the primary reason for a cyberattack. So, take it as a part of your job to engage in safe online behaviour.

IT should be the backbone of every business and to help businesses leverage the same, Pronet Technology has been offering the best IT solutions along with cybersecurity tailored to your business needs and budget for more than 25 years now.

CALL US today at 03 9069 2188 to get a free consultation for your business IT requirements.

Stay tuned to our blogs to know interesting IT-related tips and facts.

References:

Graham, J. and Carey, A., 2022. Deakin University cyberattack: Hackers get details for 47,000 current and former students. [online] Theage.com.au. Available at: <https://www.theage.com.au/national/victoria/hackers-get-details-of-47-000-current-former-students-in-deakin-uni-cyberattack-20220713-p5b16v.html?fbclid=IwAR23ya2lPoU0L7_ZxQhFipMEtbQLzlS8hw0sbhU3OuYtiKYriSNnBJps3w4> [Accessed 24 July 2022].

2018. Silver Magic Keyboard. [image] Available at: <https://www.pexels.com/photo/silver-magic-keyboard-1109543/> [Accessed 25 July 2022].

Cybint. 2020. 15 Alarming Cyber Security Facts and Stats. [online] Available at: <https://www.cybintsolutions.com/cyber-security-facts-stats/> [Accessed 24 July 2022].

Cybersecurity, Managed IT Services, vulnerability scan

The ACSC’s Essential Eight Maturity Model

Essential Eight Maturity Model

In today’s complex cyber landscape, businesses face a new set of challenges every day to keep up with the competition. Among all sorts of challenges, the primary and most common ones are the ones that occur online because of business reliability on internet. And, one category of these challenges that is putting businesses on edge is Cyberattacks. As the technology advances, these threats to businesses have also advanced. There is an unwanted and sharp rise in the occurrence of cyber-attacks all across the world. And, in terms of its victims, there is no exclusion; it could be an individual, a start-up, a small business, a government institution, a tech-giant, or literally anyone and everyone on the internet.

It is a choice of the individuals and businesses to maintain cybersecurity posture but looking at the grim consequences of cyberattacks, the Federal government is focussing on building Australia’s defences. And, as a precautionary advisory for its people, it has introduced the Essential Eight Maturity Model to have cybersecurity measures implemented within the organisations. This model consists of strategies that assesses potential risks like loopholes within a business framework and offers preventive measures against them to keep the business operations running smoothly.

What is the ACSC’s Essential Eight?

Essential Eight are the strategies developed and maintained by ACSC to mitigate or prevent cybersecurity incidents within Australia. These strategies can be applied across a broad spectrum of systems, networks and applications. These strategies rank three key areas: prevention, limitation and recovery by analysing their maturity levels.

Here are all the eight mitigation strategies:

  1. Application Control: Running of only approved and trusted applications on the business network to prevent any exposure to the attackers.

  2. Patch Applications: Regularly apply updates to all the installed applications to fix all the known vulnerabilities.

  3. Configure Microsoft Office macro settings: The user’s ability to create macros should be limited as per the requirement.

  4. User application hardening: User apps can be used to execute malicious malware on corporate systems, thus keep them to a minimum.

  5. Restrict administrative privileges: Privileges of access should be restricted, managed, and constantly monitored as the more admins you have, the more will be chances for attackers to access business system through these accounts.

  6. Patch operating systems: Implement the latest security updates to operating systems, servers, and all the devices to fix known vulnerabilities.

  7. Multi-factor authentication: Ensuring two-level security for all the activities involving accessing emails, systems and third-party applications is the one of the best ways to stop unauthorised access to the business sensitive data.

  8. Regular backups: Performing daily backups of important data, software and settings for at least a couple of months is important for business to continue to operate in the event of a security incident.
ACSC Essential Eight

These are the eight strategies that are measured according to the below-mentioned maturity levels of a business:

Maturity Level 0: This maturity level signifies that there are weaknesses in an organisation’s overall cyber security posture.

Maturity Level 1: The focus of this maturity level is all the cyber attackers who are looking to simply leverage commodity tradecraft that is widely available in order to gain access to, and likely control of, systems of a business.

Maturity Level 2: The focus of this maturity level is attackers operating with a modest step-up in capability from the previous maturity level. These attackers are willing to invest more time in targeting a business and, perhaps more importantly, in the effectiveness of their tools.

Maturity Level 3: The focus of this maturity level is attackers who are more adaptive and much less reliant on public tools and techniques. These attackers are able to exploit the opportunities provided by weaknesses in their target’s cyber security posture, such as the existence of older software or inadequate logging and monitoring.

You can have a detailed look at the Essential Eight here: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model

Although, these are some really helpful risk mitigation strategies that should be implemented, but still they are not sufficient to completely keep a business protected from cyberattacks. It needs continuous and consistent efforts to be protected from any kind of cyber threats. Businesses need to regularly identify the exposed areas that can be attacked by hackers, potential vulnerabilities and much more to stay ahead of the attackers.

Stay tuned to our Blogs to know more about how you can make the best of technology for your business. 

Cybersecurity, vulnerability scan

Vulnerability Scanning: Getting the Fundamentals Right!

Businesses that comprehend the relationship between the dynamic and unique nature of the internet and the global threat scenario are the ones leading the path to win. Internet has become integral to almost all businesses. It has transformed dynamically over the years and has interconnected the world beautifully. It has entwined organisations, industries, people (good & bad) and everyone online in-between, including those who wish to cause harm to the organisations.

Businesses that comprehend the relationship between the dynamic and unique nature of the internet and the global threat scenario are the ones leading the path to win. Internet has become integral to almost all businesses. It has transformed dynamically over the years and has interconnected the world beautifully. It has entwined organisations, industries, people (good & bad) and everyone online in-between, including those who wish to cause harm to the organisations.

We have observed that the consequences of cyberattacks are becoming more severe and, in some cases, devastating, causing big institutions and organisations to completely shut down permanently. According to the report published by The Ponemon Institute on behalf of IBM, it takes businesses on an average 197 days to acknowledge a compromise made and 69 days to contain it (Institute, 2018).

To mitigate the end damage, there are many precautions that are put in place by the organisations, like data backup, data encryption, cybersecurity insurance, vulnerability and penetration testing, etc. All these practices have their own benefits and are best-fit according to the organisation’s demands. But, among all these factors, the first step that we can take towards cybersecurity is to identify the possible exposed areas within the business operations that can be exploited by adversaries. And, to analyse these potential areas of risk, vulnerability scans are conducted regularly.

Vulnerability Scanning

A vulnerability Scan can be defined as an automated process of identifying security vulnerabilities within an organisation across systems, software, and network infrastructure. Or, it can be defined as a scanning activity involving the identification of vulnerabilities of the hosts, operating systems, services, and applications by author Douglas Landoll in his book (Landoll, 2016). It is one of the fundamental parts of a cybersecurity risk assessment plan that can be conducted either in-house using some tools or with the help of a trusted IT partner.  

Now, we can say that a vulnerability scan is the preliminary scan that assesses the IT network of an organisation and generates a report on the weaknesses, misconfigurations, and other flaws within the systems running in an organisation that need to be fixed. Now, the question is how will this scan and report assist me in achieving cybersecurity?

Benefits of Vulnerability Scanning  

As discussed earlier, vulnerability scanning gives insights into the areas that are susceptible to cyberattacks. But, its advantages just do not end here. Here’s the list of benefits a business can experience by conducting regular vulnerability scans:

Acknowledge the risk level within the company’s IT infrastructure
A vulnerability scan generates a report of vulnerable areas that must be patched to prevent a cyberattack. The report outlines the risk level of the company by identifying the effectiveness of their cybersecurity measures, if any.

Proactive approach to acknowledge and close security gaps before they are exploited by cybercriminals
With almost all the vulnerabilities and flaws outlined in the report, these automated scans help discover the weaknesses that have the potential to be discovered by the hackers. As hackers also use automated tools the majority of the time, conducting these scans regularly is useful for identifying the potential exposed areas and taking restorative actions before cybercriminals can exploit them.  

Improve the cybersecurity measures within the organisation
Upon identifying the potential risk areas, these scans bring out the urgency of improving the cybersecurity measures already followed within the organisation.

Enhances credibility with your partners, stakeholders, and clients
Keeping the crucial data and information secured from any kind of external threat will make all your current partners and client’s value and trust you more. Having a comprehensive security plan implemented and followed within the organisation increases its credibility and long-term relationship with the clients.

Now, that we know the first step towards being cybersecure is conducting vulnerability scans and knowing the potential areas of exploitation, should you be stopping just here?

What preventive measures or plans do you have in place to address these identified vulnerabilities?

Vulnerability scans are just the preliminary scans to identify the problems; they do not give us solution to mitigate the risk. To mitigate the risks involved, there are several ways that an organisation can follow that we will share in the next article.

Stay Tuned to our blogs to find out the preventive measures against cybersecurity.  


References

Landoll, D. (2016). The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition. United States: CRC Press.

Ponemon Institute (2018). Cybersecurity Report.