IT Centre • IT Support for Business and Home

June 01, 2020

The simple why and how of passwords for Kiwi SMEs.

Small to medium size kiwi businesses are increasingly being targeted by unscrupulous hackers, and cyber-criminals which often leads to loss of confidential data, intellectual property and can result in considerable business disruption. Poor password security is one of the key methods these cyber-criminals use to gain access to your systems. We want to highlight some of the fundamental threats you’re facing and guide you through implementing a strong password policy for your business.

Why kiwi SMEs are vulnerable

According to the 2020 Data Breach Investigations Report, over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. You can see the full report here. The problem is the vast amount of people still using weak or compromised passwords, leaving kiwi SMEs vulnerable.

Why are smaller organisations being targeted these days? Cyber-criminals are not just after big corporations with substantial funds. They are looking for the easiest hack which means focusing on smaller, easier targets is often the strategy. Sometimes smaller enterprises can be identified as not having strict policies in place across all aspects of the business. Larger corporations have entire teams working on policy and procedure or dedicated IT teams consistently managing potential threats. As a Managed Service Provider, we want to help make sure you’re just as covered as these larger businesses. We suggest you establish and implement a strong password policy that employees can refer to.

Password checklist

So, we all know we’re supposed to use “strong” passwords, but what does that mean? We’ve come up with the simple acronym ‘CLOUDS’ to help you remember the most important things to think about when creating passwords:

Characters – Use at least one of each of; lower case, upper case, number and a symbol (e.g. #) or a space
Length – A minimum of 8 characters and ideally 10.
Obvious – Ensure your password is NOT obvious like a birthday or your family and pet names. Hackers can find these details through things like social media.
Unique – Think of something new each time. Do not use a slightly altered version of old passwords. Your old passwords may have been hacked from a website and sold on the dark web.
Different – make sure you use different passwords for different accounts.
Set – The most basic rule; set your own passwords. Leaving the default set up by your IT support is unsafe. You’d be surprised at the huge number of passwords that are simply not set at all.

Remembering your new passwords

Your intentions are good when coming up with the most uncrackable of passwords but now you find yourself continuously hitting the ‘forgot my password’ button and going through the tedious and time-consuming process of a reset. It sounds all too familiar doesn’t it?

We’re moving towards a world where thumb prints and facial recognition technology will alleviate the need to remember a collection of passwords but until we reach that point, we need a reliable solution to remember our passwords. Considering a password manager program is a good option. This gives you the option to store all your passwords in one place and when you’re signed in, they can quickly populate your details when logging into various platforms. There are numerous safe and reliable password managers so ask your local ITA member which one they suggest to suit your needs.

Alternatively, some people use encrypted documents, for example, password protected Excel or Word documents, while others use the ‘remember password’ facility of their web browser. If you use your web browser, make sure it encrypts the passwords and remember you need to log-off if you share computers or leave it unattended. All of these are good options and can help you move away from physically writing down passwords which can be risky and affect business continuity if you lose access to the physical copy.

Is it necessary to regularly change my passwords?

Most experts no longer recommend having to change your password every six months as it hasn’t proved to improve security. However, we do suggest if you have old passwords that you bring them up to date and change these every couple of years. Furthermore, always change your passwords immediately if there are any indications they may have been compromised.

Protecting kiwi SMEs

The best thing you can do is implement a strong password policy for your employees. Have them use the ‘CLOUDS’ checklist when creating passwords and encourage using a password manager. Make it part of your policy that passwords are updated when an employee moves on to ensure your systems remain secure.

The trick to having strong passwords that pass the ‘CLOUDS’ test, is NOT having to remember them. Use one of the techniques above to do the heavy duty remembering for you. Copy and paste as required. Just remember your login password and your password manager password – don’t write those down anywhere!

Recent growth in remote work locally here in Central Otago as well across New Zealand and around the world has seen an increase in the number of these cyber-attacks and has left businesses vulnerable. Across the ITA we continue to see heightened targeting of clients which is why it’s critical to review or implement your password policy immediately. If you have any concerns in this area or want to find out more about keeping your business protected and secure, contact us or your local ITA member.

IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz

Check out the links below for a contact near you.

Let’s Pivot to remote work! But wait… how?

The environment in which we operate has significantly changed over the last few months. Businesses have been driven to embrace remote working. There has been no better time to question the efficiency of your workflows and systems. A business simply needs to have online functionality and the ability for staff to continue to work remotely. The need for increased collaboration and file sharing amongst teams is essential, which is where SharePoint can offer an excellent solution. How? Read on..

Reducing duplicate files

Are your documents and folders in a bit of a mess? Don’t worry, it happens to the best of us! With the change of employees, each individual has different ideas on how to organise filing systems, so yours has likely evolved into a mix of conflicting folders and duplicates. Have you ever collaborated on a document, emailing it back and forth until you eventually find yourself so confused as to which document is the most up to date? Yes! We have all been there. Working remotely means that now, more than ever before, we have a huge need for collaboration. This means that the same mentality needs to be embraced with your document management system. SharePoint allows you to have one central location where your documents are stored, categorised, updated and backed up. You can set up permissions so that others can access and update. No more version 2.1.5.0, saved on everyone’s drive!

Capturing version history

SharePoint gives you the ability to capture version history. You no longer have to spend time hunting for the latest version of the health and safety policy! This not only helps reduce the number of duplicate files but it offers a history of who has last worked on the document. Having access to older versions can sometimes be a lifesaver. This means that if a colleague accidentally deletes some information from an older version when updating, you can still gain access to the previous version with a click of a button.

Access from any device or location

Accessibility is key. You might be working from home, stuck up north or down south, or perhaps on a family outing and work suddenly needs urgent attention. SharePoint allows you to jump on your laptop, tablet or other device and instantly access all of your work files. Quick, easy access has never been so important and can ensure as little downtime as possible.

Collaboration – being able to work on the same doc at the same time

The strong need for collaborative tools has increased, especially with a workforce that is frequently operating online and remotely. SharePoint allows users to collaborate by working on the same document at the same time. Additionally, you can easily create and customise your own intranet. Fancy right? This provides the perfect platform where you can share and manage content, knowledge, and applications to empower teamwork, quickly find information, and seamlessly collaborate across the organisation. Not to mention, bring your team together!

Better Security

One of the most common concerns about embracing cloud platforms is the security of your data. We need to change our perception about having everything stored onsite and having ‘physical’ control. A company like Microsoft has an entire team continually working on the safety of their platforms so perhaps it’s time to embrace cloud options which can give your business the leap forward. You do also have control. Backing up your data, and implementing multifactor authentication are two key steps to helping keep your data safe. What does this really mean? Backups: using a third-party provider to back up your data is essential as Microsoft only manages the security of its platform… not your data!. Multifactor authentication makes it harder for anyone to hack or steal your data. It is a simple system whereby you might, for example, be required to enter a password as well as a text message code using an authorising app.

The way we do business has dramatically shifted. The damaging effects of a worldwide pandemic means we need to embrace technology to help us ride this wave of change. If you’re ready to make the move to more efficient and collaborative and secure document management, we can help get you started. You can pop us an email or give us a ring. We would be more than happy to walk you through the process in plain English!

IT Centre is part the IT Alliance, a group of like minding companies working together around the country to bring better value and services to clients.

IT Alliance members near you!

24 May, 2020

Why back up your Microsoft 365 data

It’s fair to say that within the Central Otago business community, COVID-19 has really pushed our business into the cloud. Whilst Microsoft provides powerful services within Microsoft 365, it is important to note that comprehensive backup of your Microsoft 365 data is not one of them. Of over 1,000 IT Pros surveyed, 81% experienced data loss.[i] This can be from simple user error to major data security threats like ransomware. The misconception that Microsoft fully backs up your data on your behalf is common and could result in damaging repercussions which is why it’s important to know what areas you are responsible for.

Don’t assume your data is backed up

Have you thought about how your Microsoft data is backed up? “The scary reality is that even though sensitive cloud data is stored in Office documents, an estimated 76% is not being backed up[ii]. In fact, IDC states that 6 out of every 10 organisations still don’t have any form of Office 365 data protection[iii].” Microsoft’s core focus is on infrastructure and maintaining uptime to users but when it comes to data protection, this lies with you.

How might this hurt Central Otago business?

Users accidentally deleting files is all too common. If a file or email is accidentally deleted, Microsoft makes this recoverable for a short period of time. If you go looking for something a few months down the track and realise it may have been accidentally deleted, you’re unlikely to recover this. If you do not have your own automatic back up and the recoverable period has passed, your file will be permanently deleted.

An even greater threat, if you are made vulnerable by any hackers or viruses, again your data is at risk of being lost. Malware and viruses can do serious damage to your business. Not only is your company reputation at risk, but the privacy and security of internal and customer data as well. External threats can find their way in through emails and attachments and you can’t control users accidentally opening these. Having a reliable antivirus is essential but having back up is critical in the case of a serious breach. Regular or automated backups will help ensure a separate copy of your data is uninfected and that you can recover documents or emails quickly with limited downtime.

What does shared responsibility really mean?

Microsoft runs under a shared responsibility model. But what does that really mean? Microsoft data backup will protect you from events such as natural disasters that affect their data centres, hardware or software failures on their part, power outages, operating system errors, etc. Their key focus is on availability and uptime, not your data. This means you are responsible for your Microsoft 365 data including email, OneDrive and SharePoint. It is your responsibility to ensure your data is protected from human error, malicious activity, misconfigured workflows, hackers, and viruses. Basically, Microsoft will ensure availability and access but your job is to protect your data with reliable backup systems and multifactor authentication.

A simple solution to protect you

The solution really can be so simple, cost-effective and provide you with ultimate peace of mind. You’ll need to set up a backup solution via a third-party system. With the move of more company data to being stored in cloud platforms like Onedrive and Sharepoint, this data is no longer covered by business local backup systems as they were when data was located on a file server. It is essential when moving to cloud-based storage systems and when investing considerable amounts in the cloud system setup, to have an automated backup.

Having a backup of your Microsoft 365 data mitigates the risk of losing access to important emails, documents and files for all your users. It is critical and will fill the gap between long-term retention and data protection. We can help in getting this set up for you. You send us a quick email here or you can give us a ring. We would me more than happy to chat this through with you in plain English.

Liked this? Check out:
Multifactor Authentication
The Sharepoint Shakedown

References:
[i] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[ii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[iii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019

COVID-19 has created an abrupt shift to remote work, putting pressure on the IT infrastructure of many businesses. Although technology has allowed organisations to adapt quickly, usually this shift would require in-depth planning and risk analysis. The quick change to a virtual environment means potential weaknesses have encouraged cyber-criminals to see this as an opportunity to be out in full force.

Current Protection and Risk

How good is it that in a lot of cases, businesses have been able to continue their operations because of the ability to work remotely? Technology is awesome. But with it, does come risk. It’s great that businesses have embraced remote work, but we can’t stress enough how important it is to make sure your tech and business is protected. Remote workers don’t necessarily have the same firewalls and corporate levels of threat protection at home which means your business’s data is vulnerable at the click of a button. Also, working from home, Joe from IT isn’t one office away to save you when you’ve opened a dodgy email.

“But, … I’m password protected!”

Unfortunately, passwords simply aren’t enough to keep you secure. They are regularly shared and can be easily hacked. You need a second line of defense and this is where multi-factor authentication comes in.

What is multi-factor authentication?

Multi-factor (or two factor) authentication is a security mechanism that requires an individual to provide two or more credentials in order to authenticate your identity. For example, you may be required to enter a password as well as a text message code using an authorising app. Other forms of authentication might be a fingerprint or retinal scan. Yes, it can be a little more time consuming, but it can be a whole lot more time consuming and stress inducing if you end up with a major security breach on your hands.

How much does it cost?

In a lot of cases, it’s actually FREE and just needs to be set up! If you’re unsure if you have multi-factor authentication or you want to enable this function, call us and we can help 03 443 5499. If you’d like to email us, you can find our details on our contact page.

We understand this is a challenging time and you’re having to adjust the way you operate. The good news is that there are some excellent tools available that can help you – some you may already have! You can give us a call here in Wanaka on 03 443 5499 or reach us HERE. We know it’s a lot to take in but we’re here to help and guide you through with all things IT.

Free Contact Tracking Form

Updated Friday 8th May

This Contact Tracking form is made possible by the power of Microsoft Forms which is part of Microsoft 365 (formerly Office 365). You can do similar things with Google forms.

Call us on 03 443 5499, or contact us here, if you want to know what else can be done with your Microsoft 365 subscription, such as using SharePoint for cloud based document management and sharing for remote working, enterprise class email and calendaring or using Teams for collaboration and remote team working.

About Contact Tracking

It’s not clear what the exact requirements for contact tracking will be but this is a simple and cheap way you can start.

There are multiple ways of recording this sort of information and this may only be one way you use for your business for example you may have a manual register you use for people who don’t have a cell phone. Alternatively you could complete the form on their behalf.

Instructions

You may want to print these instructions before starting

Step 1. Create a form

Click this link to go to forms.office.com
Click Get Started and login with your Microsoft 365 or Microsoft personal account credentials if prompted
Click New Form
Click on the form title to edit it, you might want to add your business name. You can also enter a description.

Step 2. Add some questions

Click the Add new button to add questions to get the information you want e.g. Name, phone number and who they are visiting

Step 3. Optional Extras

Add a Health & Safety message
Have customers choose a checkbox to agree to your terms of entry
Add your company logo
Change the theme of the form

Step 4. Click Send

Make sure under Send and collect responses it says “Anyone with link can respond”
Optionally Copy the link and save it somewhere so you can send it to people you know will be visiting
Download a QR code by clicking the small circle with 3 squares, then click Download
Print it and stick it on your door

Step 5. Good to GO!

Your contact tracking register is now good to go
We suggest you test the form your self and get used to using it

How visitors use it

For an iPhone or a newer Android simply open the camera and point it at the QR code then tap the link that pops up
For an older Android phone, open the camera, click on the Google Lens icon (normally a small square with a dot in the middle), point it at the QR code then tap the link that pops up
Complete the form and tap Submit

Checking and downloading contact information

Open Microsoft Forms in your browser – here’s a handy link forms.office.com
You may need to sign in again
Click the Responses tab and you can view submitted forms and see summary data
Click Open in Excel to download an Excel spreadsheet containing all the forms submitted to date

Other Ideas

Create a leaving form with just a name field so visitors can sign out when they leave
Email, text or message a link to the form to people you know will be visiting you so they can just click on the link
Provide temporary wireless network access for visitors who don’t have data on their phones

More Help

If you would like more help with set-up or customisation click here to contact us (our normal charges & Terms and Conditions apply).

What people have been saying about our free form…

Thanks to IT Centre we have been able to make up a registry that requires no paperwork. Customers & Contractors can simply open up the camera on their iPhone or Android and it will redirect them to fill out our Contact Tracing Registry” “… thanks guys that is really cool will save us heaps of paperwork
Chris and Glenys Cowling, Tauranga ITM

Thanks team, that’s really easy. We’ll print it out on vinyl in reverse and stick it to the inside of our window
Sean & Claire O’Connell, Wanaka Signs

Wow, that’s really easy, thank you!
Sarah Burdon, The Camp, Lake Hawea

Preparing Your Business For Contact

Levels two and three are on their way and it is time to prepare for what that might look like for your business. It can feel a little overwhelming, so let’s break down some of the key areas that might help your business to manage all the changes. We will cover contact tracing, what it is and why it’s so important. Two key steps to defining it for your business and lastly some brilliant business IT tools that could save time, money, and possibly even lives.

What Is Contact Tracing?

Contact tracing is the ability to trace what kind of contact you have had with which people, how close you have been to them and how long you were in their presence. There are two types of contact tracing: casual and close. Casual is defined as someone you have been in the vicinity of. Close, is someone you might have shared bodily fluid with, or been closer than 2m to, for 15 min or more. For example, you might have shared a drink with someone, or gone into their home to fix something and stayed for more than 15 min chatting to them at a 1m distance.

Why is this important for my business?

It is possible that we might experience little outbreaks here and there for quite some time to come. We will most likely be required, for health and safety needs, to be able to track our day to day interactions. If this is the case we will need to consider how to manage onsite, offsite, deliveries all sorts of day to day interactions. Protocols and communication will be key moving into this next recovery phase.

Two key Preparation Tips.

The first step is to map out what interactions you are allowed under level 3 and consider how you can mitigate contact.
The next thing is to consider the tech available to you to help ease the pressure. Additional paperwork is going to slow your business in an already stressful time.

Never fear your toolbox is here!

There are lots of tools you can use to keep your business moving forward. For those of us who are lucky enough to be able to work from home, tools like Microsoft 365, Zoom and other online platforms like Hubspot, will be able to provide regular quality communication and transparency with workers. What is very important to remember is that remote work doesn’t always mean your data is safe. Check out our blogs on multi-factor authentication and more on network safety

Tracking Visitors & Deliveries.

Most companies already have access to systems that can put tracking visitors and deliveries in place, they just haven’t discovered it yet. Bundled with your Microsoft 365 or Google Suite subscription is a tool called Forms. This enables you to make simple questionnaires that are available online. Once you have made that form, it automatically generates a QR Code, which you can print out and stick on your entrance way. All available from your laptop or home computer!!
For example, you arrive at your favorite café. On the door there is a QR Code which you scan. It pops up with a form to fill out, and even your order. Once you hit send on the form, it informs the café staff that you have checked in, and what your order is. Once your order is complete, you are sent a message saying you can pop in and pay with payWave. Minimal contact, but all that data is kept for the café owner to use to track you down if there were to be a covid case in your vicinity, keeping you safe.

Non-Contact business.

For those business that are face to face this is a really testing time. However, now is not the time to take your foot off the gas. There are so many tools you can use to transform your business and who knows, possibly even for the better. Once you are online, you are no longer geographically restricted! Talk to your web designer, add a shopping cart or Shopify account. People are in the mode of learning to order from you online means it’s a great time to enrich your database more than ever before. If you are in the wellness, entertainment or education business, consider running live events using Eventbrite or use the paid subscriptions option on Facebook.
For companies needing more sophisticated tracking, Microsoft Power Apps can be used to create custom Apps. You can then track GPS location, time on site, record photos, the sky is the limit. Whatever you do, there will be a way, but never feel like you are on your own.

Need help installing and connecting your employees? We can help so contact us today on 03 443 5499. If you’d like to email us, you can find our details here.