June 01, 2020
Small to medium size kiwi businesses are increasingly being targeted by unscrupulous hackers, and cyber-criminals which often leads to loss of confidential data, intellectual property and can result in considerable business disruption. Poor password security is one of the key methods these cyber-criminals use to gain access to your systems. We want to highlight some of the fundamental threats you’re facing and guide you through implementing a strong password policy for your business.
According to the 2020 Data Breach Investigations Report, over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. You can see the full report here. The problem is the vast amount of people still using weak or compromised passwords, leaving kiwi SMEs vulnerable.
Why are smaller organisations being targeted these days? Cyber-criminals are not just after big corporations with substantial funds. They are looking for the easiest hack which means focusing on smaller, easier targets is often the strategy. Sometimes smaller enterprises can be identified as not having strict policies in place across all aspects of the business. Larger corporations have entire teams working on policy and procedure or dedicated IT teams consistently managing potential threats. As a Managed Service Provider, we want to help make sure you’re just as covered as these larger businesses. We suggest you establish and implement a strong password policy that employees can refer to.
So, we all know we’re supposed to use “strong” passwords, but what does that mean? We’ve come up with the simple acronym ‘CLOUDS’ to help you remember the most important things to think about when creating passwords:
Characters – Use at least one of each of; lower case, upper case, number and a symbol (e.g. #) or a space
Length – A minimum of 8 characters and ideally 10.
Obvious – Ensure your password is NOT obvious like a birthday or your family and pet names. Hackers can find these details through things like social media.
Unique – Think of something new each time. Do not use a slightly altered version of old passwords. Your old passwords may have been hacked from a website and sold on the dark web.
Different – make sure you use different passwords for different accounts.
Set – The most basic rule; set your own passwords. Leaving the default set up by your IT support is unsafe. You’d be surprised at the huge number of passwords that are simply not set at all.
Your intentions are good when coming up with the most uncrackable of passwords but now you find yourself continuously hitting the ‘forgot my password’ button and going through the tedious and time-consuming process of a reset. It sounds all too familiar doesn’t it?
We’re moving towards a world where thumb prints and facial recognition technology will alleviate the need to remember a collection of passwords but until we reach that point, we need a reliable solution to remember our passwords. Considering a password manager program is a good option. This gives you the option to store all your passwords in one place and when you’re signed in, they can quickly populate your details when logging into various platforms. There are numerous safe and reliable password managers so ask your local ITA member which one they suggest to suit your needs.
Alternatively, some people use encrypted documents, for example, password protected Excel or Word documents, while others use the ‘remember password’ facility of their web browser. If you use your web browser, make sure it encrypts the passwords and remember you need to log-off if you share computers or leave it unattended. All of these are good options and can help you move away from physically writing down passwords which can be risky and affect business continuity if you lose access to the physical copy.
Most experts no longer recommend having to change your password every six months as it hasn’t proved to improve security. However, we do suggest if you have old passwords that you bring them up to date and change these every couple of years. Furthermore, always change your passwords immediately if there are any indications they may have been compromised.
The best thing you can do is implement a strong password policy for your employees. Have them use the ‘CLOUDS’ checklist when creating passwords and encourage using a password manager. Make it part of your policy that passwords are updated when an employee moves on to ensure your systems remain secure.
The trick to having strong passwords that pass the ‘CLOUDS’ test, is NOT having to remember them. Use one of the techniques above to do the heavy duty remembering for you. Copy and paste as required. Just remember your login password and your password manager password – don’t write those down anywhere!
Recent growth in remote work locally here in Central Otago as well across New Zealand and around the world has seen an increase in the number of these cyber-attacks and has left businesses vulnerable. Across the ITA we continue to see heightened targeting of clients which is why it’s critical to review or implement your password policy immediately. If you have any concerns in this area or want to find out more about keeping your business protected and secure, contact us or your local ITA member.
IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz
Check out the links below for a contact near you.
The environment in which we operate has significantly changed over the last few months. Businesses have been driven to embrace remote working. There has been no better time to question the efficiency of your workflows and systems. A business simply needs to have online functionality and the ability for staff to continue to work remotely. The need for increased collaboration and file sharing amongst teams is essential, which is where SharePoint can offer an excellent solution. How? Read on..
Are your documents and folders in a bit of a mess? Don’t worry, it happens to the best of us! With the change of employees, each individual has different ideas on how to organise filing systems, so yours has likely evolved into a mix of conflicting folders and duplicates. Have you ever collaborated on a document, emailing it back and forth until you eventually find yourself so confused as to which document is the most up to date? Yes! We have all been there. Working remotely means that now, more than ever before, we have a huge need for collaboration. This means that the same mentality needs to be embraced with your document management system. SharePoint allows you to have one central location where your documents are stored, categorised, updated and backed up. You can set up permissions so that others can access and update. No more version 2.1.5.0, saved on everyone’s drive!
SharePoint gives you the ability to capture version history. You no longer have to spend time hunting for the latest version of the health and safety policy! This not only helps reduce the number of duplicate files but it offers a history of who has last worked on the document. Having access to older versions can sometimes be a lifesaver. This means that if a colleague accidentally deletes some information from an older version when updating, you can still gain access to the previous version with a click of a button.
Accessibility is key. You might be working from home, stuck up north or down south, or perhaps on a family outing and work suddenly needs urgent attention. SharePoint allows you to jump on your laptop, tablet or other device and instantly access all of your work files. Quick, easy access has never been so important and can ensure as little downtime as possible.
The strong need for collaborative tools has increased, especially with a workforce that is frequently operating online and remotely. SharePoint allows users to collaborate by working on the same document at the same time. Additionally, you can easily create and customise your own intranet. Fancy right? This provides the perfect platform where you can share and manage content, knowledge, and applications to empower teamwork, quickly find information, and seamlessly collaborate across the organisation. Not to mention, bring your team together!
One of the most common concerns about embracing cloud platforms is the security of your data. We need to change our perception about having everything stored onsite and having ‘physical’ control. A company like Microsoft has an entire team continually working on the safety of their platforms so perhaps it’s time to embrace cloud options which can give your business the leap forward. You do also have control. Backing up your data, and implementing multifactor authentication are two key steps to helping keep your data safe. What does this really mean? Backups: using a third-party provider to back up your data is essential as Microsoft only manages the security of its platform… not your data!. Multifactor authentication makes it harder for anyone to hack or steal your data. It is a simple system whereby you might, for example, be required to enter a password as well as a text message code using an authorising app.
The way we do business has dramatically shifted. The damaging effects of a worldwide pandemic means we need to embrace technology to help us ride this wave of change. If you’re ready to make the move to more efficient and collaborative and secure document management, we can help get you started. You can pop us an email or give us a ring. We would be more than happy to walk you through the process in plain English!
IT Centre is part the IT Alliance, a group of like minding companies working together around the country to bring better value and services to clients.
IT Alliance members near you!
24 May, 2020
It’s fair to say that within the Central Otago business community, COVID-19 has really pushed our business into the cloud. Whilst Microsoft provides powerful services within Microsoft 365, it is important to note that comprehensive backup of your Microsoft 365 data is not one of them. Of over 1,000 IT Pros surveyed, 81% experienced data loss.[i] This can be from simple user error to major data security threats like ransomware. The misconception that Microsoft fully backs up your data on your behalf is common and could result in damaging repercussions which is why it’s important to know what areas you are responsible for.
Have you thought about how your Microsoft data is backed up? “The scary reality is that even though sensitive cloud data is stored in Office documents, an estimated 76% is not being backed up[ii]. In fact, IDC states that 6 out of every 10 organisations still don’t have any form of Office 365 data protection[iii].” Microsoft’s core focus is on infrastructure and maintaining uptime to users but when it comes to data protection, this lies with you.
Users accidentally deleting files is all too common. If a file or email is accidentally deleted, Microsoft makes this recoverable for a short period of time. If you go looking for something a few months down the track and realise it may have been accidentally deleted, you’re unlikely to recover this. If you do not have your own automatic back up and the recoverable period has passed, your file will be permanently deleted.
An even greater threat, if you are made vulnerable by any hackers or viruses, again your data is at risk of being lost. Malware and viruses can do serious damage to your business. Not only is your company reputation at risk, but the privacy and security of internal and customer data as well. External threats can find their way in through emails and attachments and you can’t control users accidentally opening these. Having a reliable antivirus is essential but having back up is critical in the case of a serious breach. Regular or automated backups will help ensure a separate copy of your data is uninfected and that you can recover documents or emails quickly with limited downtime.
Microsoft runs under a shared responsibility model. But what does that really mean? Microsoft data backup will protect you from events such as natural disasters that affect their data centres, hardware or software failures on their part, power outages, operating system errors, etc. Their key focus is on availability and uptime, not your data. This means you are responsible for your Microsoft 365 data including email, OneDrive and SharePoint. It is your responsibility to ensure your data is protected from human error, malicious activity, misconfigured workflows, hackers, and viruses. Basically, Microsoft will ensure availability and access but your job is to protect your data with reliable backup systems and multifactor authentication.
The solution really can be so simple, cost-effective and provide you with ultimate peace of mind. You’ll need to set up a backup solution via a third-party system. With the move of more company data to being stored in cloud platforms like Onedrive and Sharepoint, this data is no longer covered by business local backup systems as they were when data was located on a file server. It is essential when moving to cloud-based storage systems and when investing considerable amounts in the cloud system setup, to have an automated backup.
Having a backup of your Microsoft 365 data mitigates the risk of losing access to important emails, documents and files for all your users. It is critical and will fill the gap between long-term retention and data protection. We can help in getting this set up for you. You send us a quick email here or you can give us a ring. We would me more than happy to chat this through with you in plain English.
Liked this? Check out:
Multifactor Authentication
The Sharepoint Shakedown
References:
[i] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[ii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[iii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
COVID-19 has created an abrupt shift to remote work, putting pressure on the IT infrastructure of many businesses. Although technology has allowed organisations to adapt quickly, usually this shift would require in-depth planning and risk analysis. The quick change to a virtual environment means potential weaknesses have encouraged cyber-criminals to see this as an opportunity to be out in full force.
How good is it that in a lot of cases, businesses have been able to continue their operations because of the ability to work remotely? Technology is awesome. But with it, does come risk. It’s great that businesses have embraced remote work, but we can’t stress enough how important it is to make sure your tech and business is protected. Remote workers don’t necessarily have the same firewalls and corporate levels of threat protection at home which means your business’s data is vulnerable at the click of a button. Also, working from home, Joe from IT isn’t one office away to save you when you’ve opened a dodgy email.
“But, … I’m password protected!”
Unfortunately, passwords simply aren’t enough to keep you secure. They are regularly shared and can be easily hacked. You need a second line of defense and this is where multi-factor authentication comes in.
Multi-factor (or two factor) authentication is a security mechanism that requires an individual to provide two or more credentials in order to authenticate your identity. For example, you may be required to enter a password as well as a text message code using an authorising app. Other forms of authentication might be a fingerprint or retinal scan. Yes, it can be a little more time consuming, but it can be a whole lot more time consuming and stress inducing if you end up with a major security breach on your hands.
In a lot of cases, it’s actually FREE and just needs to be set up! If you’re unsure if you have multi-factor authentication or you want to enable this function, call us and we can help 03 443 5499. If you’d like to email us, you can find our details on our contact page.
We understand this is a challenging time and you’re having to adjust the way you operate. The good news is that there are some excellent tools available that can help you – some you may already have! You can give us a call here in Wanaka on 03 443 5499 or reach us HERE. We know it’s a lot to take in but we’re here to help and guide you through with all things IT.
Updated Friday 8th May
This Contact Tracking form is made possible by the power of Microsoft Forms which is part of Microsoft 365 (formerly Office 365). You can do similar things with Google forms.
Call us on 03 443 5499, or contact us here, if you want to know what else can be done with your Microsoft 365 subscription, such as using SharePoint for cloud based document management and sharing for remote working, enterprise class email and calendaring or using Teams for collaboration and remote team working.
It’s not clear what the exact requirements for contact tracking will be but this is a simple and cheap way you can start.
There are multiple ways of recording this sort of information and this may only be one way you use for your business for example you may have a manual register you use for people who don’t have a cell phone. Alternatively you could complete the form on their behalf.
You may want to print these instructions before starting
Step 1. Create a form
Step 2. Add some questions
Step 3. Optional Extras
Step 4. Click Send
Step 5. Good to GO!
If you would like more help with set-up or customisation click here to contact us (our normal charges & Terms and Conditions apply).
.
Thanks to IT Centre we have been able to make up a registry that requires no paperwork. Customers & Contractors can simply open up the camera on their iPhone or Android and it will redirect them to fill out our Contact Tracing Registry” “… thanks guys that is really cool will save us heaps of paperwork
Chris and Glenys Cowling, Tauranga ITM
Thanks team, that’s really easy. We’ll print it out on vinyl in reverse and stick it to the inside of our window
Sean & Claire O’Connell, Wanaka Signs
Wow, that’s really easy, thank you!
Sarah Burdon, The Camp, Lake Hawea
Levels two and three are on their way and it is time to prepare for what that might look like for your business. It can feel a little overwhelming, so let’s break down some of the key areas that might help your business to manage all the changes. We will cover contact tracing, what it is and why it’s so important. Two key steps to defining it for your business and lastly some brilliant business IT tools that could save time, money, and possibly even lives.
Contact tracing is the ability to trace what kind of contact you have had with which people, how close you have been to them and how long you were in their presence. There are two types of contact tracing: casual and close. Casual is defined as someone you have been in the vicinity of. Close, is someone you might have shared bodily fluid with, or been closer than 2m to, for 15 min or more. For example, you might have shared a drink with someone, or gone into their home to fix something and stayed for more than 15 min chatting to them at a 1m distance.
It is possible that we might experience little outbreaks here and there for quite some time to come. We will most likely be required, for health and safety needs, to be able to track our day to day interactions. If this is the case we will need to consider how to manage onsite, offsite, deliveries all sorts of day to day interactions. Protocols and communication will be key moving into this next recovery phase.
There are lots of tools you can use to keep your business moving forward. For those of us who are lucky enough to be able to work from home, tools like Microsoft 365, Zoom and other online platforms like Hubspot, will be able to provide regular quality communication and transparency with workers. What is very important to remember is that remote work doesn’t always mean your data is safe. Check out our blogs on multi-factor authentication and more on network safety
Most companies already have access to systems that can put tracking visitors and deliveries in place, they just haven’t discovered it yet. Bundled with your Microsoft 365 or Google Suite subscription is a tool called Forms. This enables you to make simple questionnaires that are available online. Once you have made that form, it automatically generates a QR Code, which you can print out and stick on your entrance way. All available from your laptop or home computer!!
For example, you arrive at your favorite café. On the door there is a QR Code which you scan. It pops up with a form to fill out, and even your order. Once you hit send on the form, it informs the café staff that you have checked in, and what your order is. Once your order is complete, you are sent a message saying you can pop in and pay with payWave. Minimal contact, but all that data is kept for the café owner to use to track you down if there were to be a covid case in your vicinity, keeping you safe.
For those business that are face to face this is a really testing time. However, now is not the time to take your foot off the gas. There are so many tools you can use to transform your business and who knows, possibly even for the better. Once you are online, you are no longer geographically restricted! Talk to your web designer, add a shopping cart or Shopify account. People are in the mode of learning to order from you online means it’s a great time to enrich your database more than ever before. If you are in the wellness, entertainment or education business, consider running live events using Eventbrite or use the paid subscriptions option on Facebook.
For companies needing more sophisticated tracking, Microsoft Power Apps can be used to create custom Apps. You can then track GPS location, time on site, record photos, the sky is the limit. Whatever you do, there will be a way, but never feel like you are on your own.
Need help installing and connecting your employees? We can help so contact us today on 03 443 5499. If you’d like to email us, you can find our details here.
IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz