03 443 5499

Passwords made simple!

Let’s be honest. Remembering passwords on top of the million other things to do in any given day is a lot.  Are your team’s passwords fairly similar across multiple online accounts? It’s okay, you are not the only business.

Most people reuse their passwords over many different applications, and have one or two passwords only.  With the increased need for security, however, there are now much better ways to protect your accounts and provide additional layers of security.

Nowadays almost all online services, banks, social media, shopping have added a way for your accounts to be more secure.

Here we help you to understand MFA and 2FA plus introduce you to LastPass to manage your passwords.

What is MFA and 2FA?

Maybe you’ve heard of the term MFA or 2FA and are slightly confused. Let us help you break what this is and why you need it.

MFA = Multifactor authentication

2FA = Two factor authentication

In the old days!

In the old way of doing things you signed in to your online accounts in a process called ‘authentication’. That included a basic login and password. For example

  • Login = Matt@olddays.co.nz
  • Password = Matts dog or Matts birthday (something that Matt could remember easily and something that Matt used across all of his accounts)

Multifactor Authentication (MFA), however, works by adding additional layers of security to your online accounts.

This provides a “second” thing – what we call a second “factor” – to prove who you are.

Yes, the first layer remains as your username and password, however now you can add another layer of protection. For example:

  • An additional password, or a PIN.
  • A code accessible through your smartphone, or a secure USB key.
  • A fingerprint, or facial recognition.

How does MFA work?

What this additional level of protection does is helps to ensure that you are who you say you are when logging into your online account.

So even if someone gets your user name and password, and logs in with your credentials, they will be stopped!

You will get an immediate notification on your phone to indicate that someone is trying to login to your account.

You can then decline the authorisation, locking them out. This also tells you that your password has been guessed, so you know to change your password.

How do I get MFA?

Many of your current apps will have an MFA feature that you can turn on. For other things like email, you can enable MFA.

This may mean talking to your ITA provider so that we can assist you to help turn on your Microsoft 365 MFA feature.

Once it is turned on, you and your team will need to use MFA before you can next access you emails/Teams and other applications.

Make sure that everyone is ready for this and knows what to do. It isn’t hard, but like with all changes, its best to ensure that you have support from the rollout.

What about Passwords?

1.Can I re-use Passwords?

Reusing the same passwords across multiple accounts is not a safe idea as it creates an opportunity for credential stuffing attacks.  A credential stuffing attack is one where leaked credentials from one site/service are used on another site/service to see if they work.  It would be like using the same key for your car and your house.

For example, if you use the same password on your online bank account and Facebook, an attacker can easily breach both of your accounts even though you may not have reused the same password on your email account.  This potential harm this practice can cause may be a monetary loss, data loss or loss of sensitive personal details.

Here at the ITA we recommend that you update your password after every three months, unless you have been the victim of a cyber-attack, then you should change your password immediately. This ensures that if your credentials are breached, then they are not able to immediately breach other accounts also.

2. How strong is my password?

Password strength is a big topic of discussion.  You know the drill, you must use lower and uppercase letters, use numbers, use special characters, make sure it is long.  But even after all this effort, your password can still be weak!

You can test your passwords out before you use them at https://www.passwordmonster.com/ or https://password.kaspersky.com/. This information gives you feedback about the strength of your password, which should help you to strengthen your password choices:

(Note:  Your password is not collected or stored at either of these websites.  They are well known secure sources of information that you can trust)

3. Should I use a Password Manager like LastPass?

Yes, it is definitely best practice to use a Password Manager.

Password Managers allows you to keep track of your passwords without having to remember them.

The advantages of a password manager are:

  • A password manager can generate for you long, complex, unique passwords across different sites and services
  • A password manager reduces the need to remember your passwords
  • A password manager is good at spotting fake websites, so they can alert you to a potential phishing attack
  • A password manager can generate new passwords whenever you need to update your credentials
  • A password manager can sync your passwords across all your devices, so you’ll have them with you regardless of what device you are using to login.
  • A good quality password manager is a safe, trustworthy and highly recommended security tool.  Known trustworthy tools such as LastPass can be trusted to protect your account logins.

LastPass is a free or paid personal password manager for an individual, however, if you want to protect your business, you need LastPass Business.  We can help you specifically with this.

In conclusion:

Having MFA or 2FA is an essential these days, and so is having decent and unique passwords. For practical reasons you need to have a business password solution in place to ensure your team are password secure.

Here at the IT Centre, we can help you to simplify this process, and provide you with support to easily and effortlessly apply these tips. If you would like to discuss your specific needs, please feel free to reach out to us here.

More then just that flashing box, lighting up like a disco in the corner of the room, routers play a particularly important role in keeping your business safe, and your data secure, as well as creating efficient, and safe remote working conditions.

Here we look at the role of the router, and what you can do to ensure you have the right one for your business.

Think of your router like an important Traffic Officer only allowing approved content in and out of your business.

The difference between an entry level router and a higher quality router, provided by IT Centre is a lot. Sometimes it pays to think outside the box, and not just take the router provided for free in the box.

Top reasons why you need a good quality Router:

  • Determines the speed with which your internet will work.
  • Speed determines the productively of remote workers.
  • A good quality router means that multiple people can work remotely at once.
  • Ensures you can connect to the office remotely.
  • Controls what sites are allowed to be accessed during work hours.
  • Allowing access to other content to protect data loss from staff.
  • Adding additional security features from software such as intrusion protection.
  • Prevention from attacks like denial-of-service attack, designed to cripple your router, or make it just give up and let hackers in.
  • Keeps your business safe from Cyber-attacks
  • Ensures that accidental clicks from staff on content does not cause a security issue.

Security and Routers:

 When it comes to security, it is a good idea to take preventative measures. This is where the best secure routers come in. A router with built-in security controls and services that monitor your network around the clock is going to save you a lot of potential headaches. With your router protecting your area of coverage, your devices and your network safe.

SECURITY TIP

“You must always change the factory default password for the router and ensure that the firewall and other security features are in fact enabled”.

Ever been confused by the codes that come up when you go to log in to your network?

WPA2 and AES are the best settings to secure your Wi-Fi from hackers. Remember that if a hacker is able to breach your network, they could steal important information, like bank details, or even your identity.

We strongly suggest against using an open network. An open network means you won’t have a password, so anyone can have access to your Wi-Fi and all of your devices.

Make sure to apply WPA2 to your router for improved protection of your online information.

In Conclusion:

Routers can be complex and can create harmony or havoc depending on the route you choose to follow. Buying a router with the highest security is crucial to protect your network.

Remote working conditions are the new normal, which means that many of us may need to upgrade our home routers too.

By speaking to The IT Centre, you could find quick connectivity and security gains with an upgraded router.

To save time and money and to make sure that you have done all that you can to make your business feel free to reach out to us here.

With the increased need for security, and rising Cyber Security threats, it is imperative that all businesses have a strong password management system.

80% of data breaches are caused by weak, reused or stolen passwords

A password management system is able to store encrypted passwords online making digital security accessible and simple for businesses to manage the passwords for all employees.

In today’s world, most businesses have dozens or even hundreds of passwords for different employees with different accounts, profiles, and applications.

#1. Generate secure, fool-proof passwords

With 80% of all data breaches happening because of weak passwords, having a password management system is crucial.

If you want to ensure your data safety, you must use complex passwords that include a combination of letters, numbers, symbols, and uppercase/lowercase.

A password management system will automatically generate fool-proof passwords based on your specification. This ensures you always create extremely secure passwords, thus avoiding hacks.

This also prevents your employees using generic and basic passwords such as their dogs name, or date of birth, and lets the password management system create a unique password that has all of the factors required for high security, including symbols, upper and lower case, numbers.

Let’s face it, it is much harder to hack KiUR&*!RTQ then it is Snoopy1222!

#2. Eliminate employee password reuse:

With a password management system, passwords are automatically updated and renewed. This ensures employees practice good password hygiene.

#3. Manage passwords from one place:

There is nothing worse than trying to keep tabs on every employee’s passwords. When a staff member is on leave, the last thing you want to do is try and find the post-it note they left with the login details.

Similarly, if a disgruntled employee leaves and takes their passwords, this can create an unnecessary headache.

With a password management system, you can easily give every user their own personalized vault, while maintaining oversight of all passwords with an admin dashboard.

#4. Protect your sensitive data:

Keep everyone’s credentials, notes, and information safe using the password management system.

#5. Admin functions make managing passwords a breeze:

Have multiple employees working on a particular app? No problem. With a good password management system, you can securely share credentials where employees and clients require access and organize shared credentials by Groups.

Admin functions may include (depending on the system you use):

  • Instantly add and remove team members.
  • Safely share passwords with others.
  • Give each employee their own vault for safeguarding passwords.
  • Store digital records: WiFi logins, software licenses, employee IDs, and more.
  • Set security controls and restrictions based on your team’s needs.

#6. Notification of a data breach

A password management system will constantly monitor all of your email addresses and sends instant alerts whenever it suspects that your data has been compromised. This allows you to act promptly and change all the necessary passwords, thereby preventing your information from being used by hackers and identity thieves.

#7. Multifactor authentication for employees

Another feature available in most password systems is multifactor authentication. This provides a second layer of security to verify the user’s login, usually in the form of fingerprint verification, one-tap mobile notifications, SMS codes, etc. This can be used to ensure the highest levels of security in businesses.

Which password management system is right for you?

There are a number of password management systems available. Finding one that is easy for your team to use, economical and with a long track record is imperative.

To find out more information about which system is right for you, please contact us here

The Regional Business Partners Network has more funding available for tourism related businesses in the Queenstown Lakes district.

If you are a tourism business or supply a tourism business you could be eligible for upto $5000 funding for advice and support plus another $5000 for implementation of that business advice.


Have you heard about the tourism communities: support, recovery and re-set plan?

IT Centre is a registered service provider with the Regional Business Partners Network and we are currently supporting clients, funded by the RBP, through the ongoing effects of the pandemic. You too may be eligible for 100% funding towards advice and implementation of this advice.

WHO?

The Tourism Communities: Support, Recovery and Re-set Plan is government funding that targets tourism businesses physically based in the Queenstown Lakes District. Tourism businesses are those where 50% of operational output is/was purchased by tourists (domestic and/or international) or those that supply tourism businesses.
For more details about the fund and eligibility criteria click here.  

WHAT?
The funding is administered by Otago RBP Growth Advisors, and provides a number of initiatives focusing on ensuring tourism is more sustainable and resilient in the future and includes:
Business Advisory Support: (up to $5,000 per business operation) to enable businesses to receive expert advice and support, such as on changing target markets, or scaling their business.  
Implementation Support: Grants for businesses to implement business advice (up to $5,000 per business operation). 

What can you get advice on?

We can supply advice and service related to: –

  • Business Continuity planning – e.g. what you need to consider and put in place to keep your IT Systems and data safe
  • Digital enablement – e.g. advice on moving to cloud based systems and the benefits to your business, identify business systems and processes that could be made more efficient and resilient by the use, or better use, of cloud technologies

If your business is physically located within the Queenstown Lakes District and is a ‘tourism business’, please register with Regional Business Partners here.
If you are already registered, please indicate your interest in the funding by emailing support@otagorbp.co.nz or by contacting your Growth Advisor.

If you want to find out more about how you can take advantage of this funding call us today on +64 3 443 5499 or email us at help@itcentre.nz.

Protecting your business with ESET Security

Written by: Andrew Fergus, IT Alliance

Now, more than ever, it is important to secure your data. Cybersecurity threats to your organisation, your staff and your clients are becoming a regular occurrence here in Otago. As these cybersecurity threats become more significant, it’s really important to understand what they are, and how to do your best to prevent them. So let’s dig in and look at the different types of attacks and one of the most popular options for countering it – ESET Endpoint Security.

So what are the key threats?

Ransomware. This is a type of malware which threatens to publish or block access to your data unless a ransom is paid.

Email Virus Attachments. It’s common for viruses to be sent as email attachments to unsuspecting users, if opened these can potentially infect your whole system with unwanted viruses.

Spyware. This is another type of malware which can steal sensitive data such as passwords, credit card details and commercially sensitive data.

ESET Endpoint Security

ESET is used on 110 million devices, each one sends a feed to head office if it detects an unknown potential virus – this means they can examine it and send out a fix if needed. They send out updates every 2 hours and have a team dedicated to threat security. It also has a negligible impact on computer performance. Meaning your computer wont go super slow. Its testing system has no false positives, so if there is a notification, you know it is correct.

With so many businesses moving their files to the cloud there is an additional ESET product helping keep business safe. ESET Cloud Office Security provides advanced preventive protection for Microsoft 365 applications against malware, spam and phishing attacks via an easy-to-use cloud management console. Eliminate spam from Microsoft 365 inboxes and keep your OneDrive files malware-free.

A Word of Warning for Compromised Data!!

One more motivation will be around from 1st December 2020 with a new Bill from the New Zealand Government, which means that if you are compromised and your data gets taken or lost, you have to notify the Office of the Privacy Commissioner and affected individuals. If you don’t then you could be liable for up to $350,000 per EACH MEMBER of a class action.

So what next for your Cybersecurity?

We recommend using ESET Endpoint Security, this protects your files and network, doesn’t hog your resources or waste your time on false positives – it also mitigates your risk against the NZ Privacy Act 2020.

Bonus tip for those using Microsoft 365

For those of you that have moved your files to the Microsoft Cloud. We recommend turning on 2FA (Multi-Factor Authentication) which is included free with your Microsoft 365 subscription. Also add your Office IP address so it only prompts you for a second authentication every few months when using your office, but still prompts to authenticate when adding new devices or visiting new areas.

If you’d like help choosing the best antivirus & firewall software for your business and help with setting it up, contact us today on +64 3 443 5499. If you’d like to visit or email us, you can find our details here.

Security issues you need to be aware of before considering VoIP
By Jim Carroll

Times used to be simpler when phone lines were just that, but today there are more and more companies moving to the more complicated VoIP (Voice over Internet Protocol) system for their phone lines. This is in part due to advances in technology, but also partly enforced by telecoms companies like Spark suggesting they won’t support the legacy phone lines in future.

While VoIP can work well in the right circumstances due to potential cost, flexibility and number portability advantages – you do need good IT support. In circumstances which aren’t optimal it can end up being more expensive, more complicated and come with a range of security issues which need to be well thought out. Let’s take a look at the four main security issues below.

Denial of Service (DoS)

Hackers can use automatic phone dialler software which rapidly calls you and then hangs up, this is called a DoS attack and keeps your line busy so you cannot accept or make calls. Attacks like this can severely impact any businesses ability to communicate and can be extremely difficult to stop.

A very recent example is the attack on the New Zealand Exchange (NZX) which shows how vulnerable businesses can be. One way to help protect your communication infrastructure is by using Session Border Controllers (SBCs) which act like a VoIP firewall. This protects your network by using a secure connection between you and your service provider and gives you more control over your VoIP calls and voice traffic.

The man-in-the-middle attack (MitM)

This is where someone can easily listen, divert or even hijack selected VoIP calls by putting themselves “in the middle” of the VoIP signalling path. This can happen when weak or no encryption mechanism is used on wireless access points, allowing unwanted users to join your network just by being nearby.

This can be one of the most serious threats, especially for those in industries where discussing private information is of the utmost importance, such as in legal or health sectors. Encryption and authentication protocols such as the TLS (Transport Layer Security) protocol can help with this.

Poor security protocols and passwords

Without good security protocols and strong passwords, system and user credentials are vulnerable to theft – making it easy to hack into online VoIP systems or phone hardware. This can lead to many issues, two of which include:

• Phreaking – a type of hack which steals a service from a service provider while passing the cost along to another person. Commonly this is when your VoIP account is hacked and someone uses it to make calls which you pay for.
• Vishing – where a legitimate number is hacked and then used by a party to call you and pretending to be from a trustworthy organisation, such as your bank, and asking for confidential or critical information.

To avoid this from happening, make sure you use 2 factor authentication where possible to access your online systems, never use your VoIP phone number or extension as the voicemail password (common defaults) and always change the default admin passwords on web based phone hardware.

Caller ID Spoofing

Most VoIP providers will only allow you to use the caller ID of the lines you own, but some allow any number to be presented on their network which can cause problems. It is most commonly used where a business doesn’t present their main number but might instead present a tollfree number or their main number for customer callbacks.

However this means it can also be used to emulate another party or business with the intent to defraud, cause harm or wrongfully obtain something of value. This makes it important to have a mechanism in place which only displays numbers which have been authenticated.

Final Word

VoIP can be great in the right circumstances but people often jump in without considering the extra complications and security issues which don’t exist with a traditional phone line.

It’s best to go into VoIP with your eyes open and be aware of the risks, then you can use it effectively for your needs. If you’d like help setting up VoIP or improving the security of your existing setup then contact your nearest IT Alliance member.

The simple why and how of passwords for Kiwi SMEs.

Small to medium size kiwi businesses are increasingly being targeted by unscrupulous hackers, and cyber-criminals which often leads to loss of confidential data, intellectual property and can result in considerable business disruption. Poor password security is one of the key methods these cyber-criminals use to gain access to your systems. We want to highlight some of the fundamental threats you’re facing and guide you through implementing a strong password policy for your business.

Why kiwi SMEs are vulnerable

According to the 2020 Data Breach Investigations Report, over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. You can see the full report here. The problem is the vast amount of people still using weak or compromised passwords, leaving kiwi SMEs vulnerable.

Why are smaller organisations being targeted these days? Cyber-criminals are not just after big corporations with substantial funds. They are looking for the easiest hack which means focusing on smaller, easier targets is often the strategy. Sometimes smaller enterprises can be identified as not having strict policies in place across all aspects of the business. Larger corporations have entire teams working on policy and procedure or dedicated IT teams consistently managing potential threats. As a Managed Service Provider, we want to help make sure you’re just as covered as these larger businesses. We suggest you establish and implement a strong password policy that employees can refer to.

Password checklist

So, we all know we’re supposed to use “strong” passwords, but what does that mean? We’ve come up with the simple acronym ‘CLOUDS’ to help you remember the most important things to think about when creating passwords:

Characters – Use at least one of each of; lower case, upper case, number and a symbol (e.g. #) or a space
Length – A minimum of 8 characters and ideally 10.
Obvious – Ensure your password is NOT obvious like a birthday or your family and pet names. Hackers can find these details through things like social media.
Unique – Think of something new each time. Do not use a slightly altered version of old passwords. Your old passwords may have been hacked from a website and sold on the dark web.
Different – make sure you use different passwords for different accounts.
Set – The most basic rule; set your own passwords. Leaving the default set up by your IT support is unsafe. You’d be surprised at the huge number of passwords that are simply not set at all.

Remembering your new passwords

Your intentions are good when coming up with the most uncrackable of passwords but now you find yourself continuously hitting the ‘forgot my password’ button and going through the tedious and time-consuming process of a reset. It sounds all too familiar doesn’t it?

We’re moving towards a world where thumb prints and facial recognition technology will alleviate the need to remember a collection of passwords but until we reach that point, we need a reliable solution to remember our passwords. Considering a password manager program is a good option. This gives you the option to store all your passwords in one place and when you’re signed in, they can quickly populate your details when logging into various platforms. There are numerous safe and reliable password managers so ask your local ITA member which one they suggest to suit your needs.

Alternatively, some people use encrypted documents, for example, password protected Excel or Word documents, while others use the ‘remember password’ facility of their web browser. If you use your web browser, make sure it encrypts the passwords and remember you need to log-off if you share computers or leave it unattended. All of these are good options and can help you move away from physically writing down passwords which can be risky and affect business continuity if you lose access to the physical copy.

Is it necessary to regularly change my passwords?

Most experts no longer recommend having to change your password every six months as it hasn’t proved to improve security. However, we do suggest if you have old passwords that you bring them up to date and change these every couple of years. Furthermore, always change your passwords immediately if there are any indications they may have been compromised.

Protecting kiwi SMEs

The best thing you can do is implement a strong password policy for your employees. Have them use the ‘CLOUDS’ checklist when creating passwords and encourage using a password manager. Make it part of your policy that passwords are updated when an employee moves on to ensure your systems remain secure.

The trick to having strong passwords that pass the ‘CLOUDS’ test, is NOT having to remember them. Use one of the techniques above to do the heavy duty remembering for you. Copy and paste as required. Just remember your login password and your password manager password – don’t write those down anywhere!

Recent growth in remote work locally here in Central Otago as well across New Zealand and around the world has seen an increase in the number of these cyber-attacks and has left businesses vulnerable. Across the ITA we continue to see heightened targeting of clients which is why it’s critical to review or implement your password policy immediately. If you have any concerns in this area or want to find out more about keeping your business protected and secure, contact us or your local ITA member.

IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz

Check out the links below for a contact near you.

Why back up your Microsoft 365 data

It’s fair to say that within the Central Otago business community, COVID-19 has really pushed our business into the cloud. Whilst Microsoft provides powerful services within Microsoft 365, it is important to note that comprehensive backup of your Microsoft 365 data is not one of them. Of over 1,000 IT Pros surveyed, 81% experienced data loss.[i] This can be from simple user error to major data security threats like ransomware. The misconception that Microsoft fully backs up your data on your behalf is common and could result in damaging repercussions which is why it’s important to know what areas you are responsible for.

Don’t assume your data is backed up

Have you thought about how your Microsoft data is backed up? “The scary reality is that even though sensitive cloud data is stored in Office documents, an estimated 76% is not being backed up[ii]. In fact, IDC states that 6 out of every 10 organisations still don’t have any form of Office 365 data protection[iii].” Microsoft’s core focus is on infrastructure and maintaining uptime to users but when it comes to data protection, this lies with you.

How might this hurt Central Otago business?

Users accidentally deleting files is all too common. If a file or email is accidentally deleted, Microsoft makes this recoverable for a short period of time. If you go looking for something a few months down the track and realise it may have been accidentally deleted, you’re unlikely to recover this. If you do not have your own automatic back up and the recoverable period has passed, your file will be permanently deleted.

An even greater threat, if you are made vulnerable by any hackers or viruses, again your data is at risk of being lost. Malware and viruses can do serious damage to your business. Not only is your company reputation at risk, but the privacy and security of internal and customer data as well. External threats can find their way in through emails and attachments and you can’t control users accidentally opening these. Having a reliable antivirus is essential but having back up is critical in the case of a serious breach. Regular or automated backups will help ensure a separate copy of your data is uninfected and that you can recover documents or emails quickly with limited downtime.

What does shared responsibility really mean?

Microsoft runs under a shared responsibility model. But what does that really mean? Microsoft data backup will protect you from events such as natural disasters that affect their data centres, hardware or software failures on their part, power outages, operating system errors, etc. Their key focus is on availability and uptime, not your data. This means you are responsible for your Microsoft 365 data including email, OneDrive and SharePoint. It is your responsibility to ensure your data is protected from human error, malicious activity, misconfigured workflows, hackers, and viruses. Basically, Microsoft will ensure availability and access but your job is to protect your data with reliable backup systems and multifactor authentication.

A simple solution to protect you

The solution really can be so simple, cost-effective and provide you with ultimate peace of mind. You’ll need to set up a backup solution via a third-party system. With the move of more company data to being stored in cloud platforms like Onedrive and Sharepoint, this data is no longer covered by business local backup systems as they were when data was located on a file server. It is essential when moving to cloud-based storage systems and when investing considerable amounts in the cloud system setup, to have an automated backup.

Having a backup of your Microsoft 365 data mitigates the risk of losing access to important emails, documents and files for all your users. It is critical and will fill the gap between long-term retention and data protection. We can help in getting this set up for you. You send us a quick email here or you can give us a ring. We would me more than happy to chat this through with you in plain English.

Liked this? Check out:
Multifactor Authentication
The Sharepoint Shakedown

References:
[i] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[ii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[iii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019