Hi everyone, and welcome to episode three of eight weeks of the essential eight. In this episode we’re going to explore Application control. We’re going to learn what it is, why it’s considered essential, and how to implement application control in a way that achieves maturity level one. Let’s begin!

What is application control?

Application control is a security control method designed to protect against malicious code by ensuring only approved applications and software can be executed. The easiest way to implement application control is by creating an ‘allowlist’ (previously called a whitelist).

You may have heard of blacklists, which are lists of known malicious code. Most antivirus and antimalware software are built on blacklists, and work by blocking access to any applications the software deems unsafe or dangerous. The danger with blacklists is that there may be a chance for cyber-attacks to occur when the antivirus software has not been updated to stay ahead of the latest attacks.

Think of an allow-list as the inverse of a blacklist. Instead of blocking known malicious code, an allow-list blocks all applications except for ones you have explicitly allowed to execute. This may seem harsh, and it does severely restrict the freedom of end users, but it really is one of the safest ways to prevent the installation of unauthorised or possibly dangerous code from executing on your systems.

Blacklists:

• Lists of KNOWN malicious code
• Antivirus/antimalware software are built on blacklists
• Block access to applications deemed unsafe
• Antivirus software must stay ahead of latest attacks to work

Allowlists:

• The inverse of blacklists
• Blocks all applications EXCEPT for those explicitly allowed
• May restrict freedom of end users
• Safest way to prevent unauthorised or dangerous code executing

Why application control and allow-listing?

As I mentioned, correctly implementing application control lowers the risk of malicious code wreaking havoc on your system.

If your end users aren’t well versed in cyber security safety, they can unknowingly download applications or fall for phishing scams that execute malware or ransomware. With application control in place, it would be nearly impossible for them to do so.

Another reason for application control is to protect against the download of unauthorised software, which can lead to licensing agreement violations, inappropriate conduct, or vulnerable applications that can be manipulated by attackers.

Why application control?

• Lowers risk of executing
• Protects against successful phishing scams
• Prevents unauthorised download of software

Implementing Application Control: Maturity Level One

So last week we discussed restricting admin privileges, so once you’ve got those restrictions in place you’ve already got a pretty good steppingstone into application control.

Similar to what we discussed in last week’s episode on admin privileges, Maturity level one for application control is really just telling you that standard users (AKA those with non-privileged accounts) should have restrictions in place restricting them from installing or downloading apps and software on their workstations, and only approved applications should be installed on their devices.

Before setting those restrictions you absolutely need to make sure your users can access any approved applications they may need to complete their jobs.

Enter allowlists. Now it’s not a requirement in maturity level one to apply allowlisting software, but you do still need to create an allowlist. Having a list of approved applications will make your life, or your IT team’s life, a whole lot easier because there’s no guesswork involved.

If a user requests the installation of an application on their device, you can first refer to them to your list of approved applications. If the requested application is not on the list, you can either deny the request or, if the application is necessary for their job and it is a trusted application with minimal security risks, you can add it to the allowlist.

Having an allowlist also makes it easy to setup devices when you onboard new users. When you hire a new employee, all you need to do is download and install the approved applications and their device will be pre-configured and they won’t need to annoy your IT team every time they need to install new apps like Microsoft Word, Excel or Adobe Creative Suite.

And finally, having an allowlist is essential if, or when, you move on to the higher maturity levels, which do generally require the implementation of allowlisting software.

How do you create an allowlist?

There are two methods to creating an allowlist. The first method is to request a standard list that is typical for your work environment from an allowlist vendor. This standard list contains applications and software that are known to be trusted. Once you have this list, you can customise it further to fit your company and the roles of your employees.

Alternatively, you can use a device or system that you know is clear of malware, scan the installed apps and software, and use this as a standard for your other devices.

Method 1:

• Request a standard list from an allowlist vendor
• The standard list contains trusted apps/software
• Can be customised to suit the roles of your employees

Method 2:

• Select a device/workstation that is clear of malware
• Scan installed apps and software
• Use as a standard for other devices

When you create your allowlist you should be aware that not every user account will be using the same apps. For instance, your creative team may need software that is not typical for standard users, like Adobe Creative Cloud, so you should make sure you accommodate your list to include the apps they use.

You should also take the time to audit the applications your users currently have installed on their devices and computers. Determine which are essential and remove applications that provide little or no value.

You should also consider creating an Application Control policy for your employees. This policy should include your list of approved applications, and should express that it is not permissible to download unauthorised software on devices and workstations.

Once you’re armed with your list of approved applications, you’re ready to set up application control.

Tips for creating allowlist:

• Not  every account/employee will use the same apps – accommodate your list to include all necessary apps for every job role
• Audit applications currently installed on devices
• Remove apps/software that provide little or no value
• Create an Application Control policy for employees

How to set application control policies

If you don’t have an IT specialist in your organisation, Mobile Device and Desktop Management vendors offer application control solutions that require minimal IT knowledge or capabilities to implement.

Mobile device or desktop management software solutions generally make it quite simple to; apply application control on devices, monitor your user’s app usage, set allowlists, easily deploy new users, and manage your organisation’s devices all within one dashboard or interface.

MDM Solutions:

For Microsoft: Microsoft Intune

For Apple: JAMF

SOPHOS endpoint management

If your organisation is Windows-based and you’re not keen on using an MDM solution, another great (and free) tool is Windows Defender Application Control with Configuration Manager. WDAC with Configuration manager allows you to set application control policies for users on your network. If you want to learn more about WDAC, you can click on the following link:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control=

And that’s it for application control! For further resources on application control you can check out the links at the bottom of this week’s corresponding blog post. And as usual, if you have any questions please feel free to shoot through an email. Until next time!

Implementing Application Control: https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-application-control 

Essential Eight Maturity Model: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model 

JAMF MDM: https://www.jamf.com

MICROSOFT INTUNE MANAGEMENT: https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune

SOPHOS ENDPOINT MANAGEMENT: https://www.sophos.com/en-us.aspx 

Hi everyone, and welcome to this week’s episode of Eight Weeks of the Essential Eight. In this episode we’ll be exploring administrative privileges and why restricting these privileges is vital in protecting your business against cyber-attacks.

The ACSC defines this strategy as: restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.

This strategy is probably the most self-explanatory of the eight, and at a base level, you probably already have some form of admin restrictions in place.

Now you wouldn’t just give the keys to your home to anyone right? Because the more people who have your keys, the more likely it is someone will lose them or leave the house unlocked, which literally leaves the door open for people with ill intent.

Administrative accounts are the keys to your network, data, and systems.

If cyber attackers gain access to these proverbial keys, they can wreak havoc across your network and servers. Attackers use malware and brute force attacks to compromise admin accounts because they are the most powerful in your organisation. As you probably know, users with administrative privileges can make significant changes to their configuration and operation, they can bypass security settings, and they usually have access to sensitive info.

If an adversary succeeds in claiming an admin account through brute force or malware, they can spread malicious code to your entire network, they can avoid detection, access sensitive data, and they can completely resist all efforts of removal.

Referring again to the house keys analogy, you’ve now got a dangerous squatter in your home who is refusing to leave, rifling through your personal belongings, and possibly demanding money. Not an ideal situation you want to be in.

Unfortunately, the solution isn’t as easy as you may think.

First, lets discuss the principle of ‘least privilege’.

The Principle of Least Privilege

In a least privileged environment, most of your users are operating with non-privileged accounts 90-100% of the time. A non-privileged account is a ‘standard user account’, which has a limited set of privileges like web browsing, opening emails, using Office applications, or accessing limited resources or apps that are defined by their role in your organisation.

When you set up a least privilege environment, you review the activities your administrators do and only assign the privileges they absolutely need to complete their jobs.

For instance, a standard user account does not need to install applications, so you should remove those privileges, or someone who only needs access to a database does not need the ability to take backups, and so on. By sharing and assigning certain privileges only to those who need them, you reduce the freedom an adversary may have if they compromise an account.

I promise this will be the last house keys analogy, but basically operating in a least privilege environment means if an attacker gets access to one of your keys they may be able to unlock your gate, but they won’t have the key to open your front door.

So where do you start?

Before you implement the requirements that are outlined in Maturity Level One, you need an inventory or a record of your admin accounts and your organisation’s admin tasks.

How to create a secure admin privileges record:

Step 1:

Every account on your network, and that includes standard user accounts, needs to be checked for their privileges. Users who do not need those privileges should be stripped of them.

Step 2:

Identify the admin tasks your organisation undertakes, like backing up files, resetting passwords, or adding users to new groups.

Step 3:

Each admin task requires only a basic set of privileges, so once you’re armed with a list of your organisations admin tasks you can then create user accounts for your team members and assign ONLY the privileges they need to perform their jobs.

Once you’ve inventoried and set up a record of your admin accounts and privileges, you can move on to implementing the requirements for Maturity Level One.

Maturity Level One Requirements

Requirement 1: Requests for privileged access to systems and applications are validated when first requested

So you’ve determined and documented the privileges for your user accounts, but what happens when you get new users, or the scope of work for one of your current admin users changes?

Anyone who requests certain privileges and has not been previously approved must be evaluated before receiving approval in order to align with this requirement. Do they need administrative privileges? And if so, which privileges do they need? Once this has been evaluated, you can then choose to give those privileges to them.

Remember to document the validated request and add it to your inventory so you can keep track of the allowed privileges.

Requirement 2: Privileged users use separate privileged and unprivileged operating environments

Malware is usually executed through successful phishing attempts, drive-by downloads, or even malware ads on the internet. What this requirement is saying is that users who need admin privileges should have two accounts; one that has privileged access, and one without. That’s so they can use their admin account solely for the tasks that need privileged access, and then use their standard user account for things like web browsing, or checking emails, and opening documents.

Requirement 3: Privileged accounts (excluding privileged service accounts) are prevented from accessing internet, email, and web services

For the same reason as the previous requirement, to completely remove the chances of malware executing on your privileged accounts, you need to set security controls that stop them from reading emails and browsing the web when they are using the admin account.

Requirement 4: Unprivileged accounts cannot logon to privileged operating environments

You shouldn’t log into a system with a user account that has the ability to install new software or make changes to the system. If you go to a website or click on a link in an email that has malware, the malicious software can only run with the privileges of the logged in user account. If that account isn’t an administrator, the malware can’t do much harm.

You should also make sure all default passwords and usernames for admin accounts are updated, and apply multifactor authentication to ensure that even if an adversary gains access to your passwords they won’t be able to get past the second authentication method.

Monitoring Privileged Access Controls

Finally, let’s discuss monitoring and auditing privileged access controls. You should be revalidating all accounts that have privileged access on a yearly basis, or when someone with admin privileges leaves your business.

Your secure inventory/record should include the following information:

• Users who are authorised to access privileged accounts
• The person who provided authorisation for those privileges
• When the privileges were granted
• What privileges were granted
• When privileges were last reviewed
• When the level of privileged access was changed, and to what extent (if applicable)
• When privileged access was withdrawn (if applicable)

Alternatively, you can request the services of an outsourced IT company to assist with auditing your admin accounts and privileges and managing your inventory. A managed service provider can monitor every privileged task that is undertaken on your system, set up or remove admin privileges, revalidate restrictions, and apply policies to your standard user accounts.

And that’s it for restricting admin privileges! Stay tuned for the next episode, where we’ll be discussing application control. If you have any questions about this video please feel free to shoot through an email, and I’ll see you in the next episode.

Hello and welcome to the first episode of Eight Weeks of the Essential Eight.

Topic Areas:

• What is the Essential Eight?
• Do I need to implement the essential eight?
• Why the essential eight?
• The Essential 8 Maturity Model
• Targeting a Maturity Level

History of the Essential Eight:

So lets start with a brief history of the essential eight.

The essential eight was originally developed to promote solid security and operational practices within Australian governmental agencies, departments, local councils, and other businesses in the public sector. Now, many private businesses are now looking at the Essential Eight as a good launching place for measuring security controls and setting a foundation for cyber security. The Australian Cyber Security Centre, or ACSC, are the current custodians of the Essential Eight.

When it comes to the security of your business’ information, there are so many factors that come into play; like the sensitivity of your data or how many employees you have. That’s why there isn’t really a ‘one-size-fits-all’ approach to cyber security. What works for you might be completely disastrous for another business. A direct quote from the ACSC states:

“while no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the essential eight, makes it much harder for adversaries to compromise systems.”

As I mentioned, ACSC initially created the Essential 8 to mandate information security compliance across governmental branches. While it is not mandatory for most businesses in the private sector, it is highly recommended. This is because the suggested strategies are a systematic set of security control methods that provide a framework for businesses to manage IT security risks. It’s crucial now more than ever that businesses focus on their information security and protecting their data, and the Essential Eight is built to do just that.

So in short, the essential eight strategies were chosen specifically to fortify the most important avenues of information security, with their main purpose being to protect businesses against malware, ransomware, and data breaches. The strategies are broken up into three components; prevent attacks, limit the extent of attacks, and data availability.

What are the essential eight strategies?

The Essential Eight Maturity Model

Now I’m not going to go into detail about the strategies as we will be discussing them over the next few weeks. What I am going to discuss in this episode is the Essential 8 maturity model. Before we can get to implementing the Essential 8, the ACSC suggests you first identify a maturity level that is suitable for your organisation. There are currently 4 Maturity levels starting with Maturity Level Zero through to Maturity Level Three.

The maturity levels are focussed on mitigating the increasing levels of a potential adversary’s technique, their tools, their procedures and who they tend to target.

Maturity Level Zero

Let’s start with maturity level zero, which was reintroduced this year. This level signifies that there are weaknesses in an organisations overall cyber security posture. So whether you have none of the strategies in place or if you’ve succeeded in implementing a couple of the strategies, you’re cyber security maturity will be considered level zero because you have those missing control methods in place that leave you open to attack. Adversaries tend to go for the lowest hanging fruit, so even if you have a really solid backup strategy or you use multi-factor authentication, they can and will find other ways to exploit your system. A lot of you will be starting off at level zero, and that’s completely fine because you are attesting to the fact that one or more of your security controls may not be covering your organisation’s cyber risks adequately.

Maturity Level One

Now Maturity Level One focusses on mitigating the risk of a cyber attack from opportunistic adversaries who are looking for any victim rather than a specific target. For instance, they use normal tools that are available online to identify common exploits or vulnerabilities in software or operating systems that are unpatched. So you want to mitigate against common threats, and adversaries out there who are opportunistic rather than targeting organisations with any key objectives to get access to specific information. They’re still a threat, particularly if they manage to affect the availability of your systems.

Maturity Level Two

The focus of Maturity Level Two is to fight against adversaries who are better equipped and employ more advanced techniques, so they may be specifically targeting your organisation and not just spamming you with phishing emails, and they might attempt to impersonate users or accounts in your organisation to gain privileges and access your data. These adversaries are happy to invest more time into their targets and are often better at bypassing security controls and evading detection. Rather than casting a wide net, they are more selective with who they target, but are also wary about the time, money, and effort they invest to compromise their targets’ systems.

Maturity Level Three

And finally, Maturity Level Three is the highest level, and focusses on deterring adversaries who can exploit opportunities they seek in their targets’ cyber security posture, like old software or inadequate monitoring. They are incredibly knowledgeable and use techniques and tools that are not commonly used by less experienced adversaries. They will make swift use of exploits and will find ways to evade detection and solidify their presence. They focus on very particular targets and are willing to invest a lot of time and effort into completely circumventing all the security controls an organisation may have.

When choosing a maturity level to target, you should consider how desirable your company is to an adversary and the type of information your organisation holds and transmits, so if you house a lot of sensitive or confidential data, you should consider targeting level three. Try to take a risk-based approach to the essential eight and consider the implications and the costs to your business if a data breach or a malware attack were to occur.

Now as a side note, to quote the ACSC again,

“organisations are now advised to achieve a consistent maturity level across all mitigation strategies before moving onto a higher maturity level”.

This is because the essential eight strategies are designed to complement each other and provide a blockade against several threats, so it’s important that you plan your implementation to achieve the same maturity level across all eight strategies before moving onto a higher maturity level.

In this series I’ll be giving you tips on how to reach maturity level one. So hopefully once we’ve finished you’ll have a better understanding of the requirements and will be able to independently reach a higher level if need be.

Do I need to implement the essential eight?

If you’re a governmental department, agency or local council then it will be mandatory to implement the E8 and to have a maturity level rating, so I’d suggest you have your E8 implementation assessed by a third party or by your MSP.

If you’re a small to medium sized business, or even a larger organisation who hasn’t begun their journey into cyber security, then I would still suggest you implement the strategies to the best of your ability so you have a maturity level that sets a foundation for further cyber security control.

Slide: Mandatory for governmental agencies and departments.

Not mandatory for most businesses in the private sector.

You don’t have to get your implementation assessed by a third party of course, but I’d still suggest you do because if you’re going to go to all the trouble to implement the E8 you should make sure you’ve done it correctly.

And that’s it for this episode! If you have any questions about the maturity models please feel free to email me, and I’ll see you next week for episode 2!

As the world begins to open up and return to some semblance of normality, businesses are now in a debate over how to proceed with the return of staff into offices.

Over the last 1.5 years, remote desktop access and cloud technology allowed employees to work from the safety of their own homes, but how does one proceed now that the possibility of returning full-time to the office is back on the cards? Whether your business decides to offer hybrid, remote, or full-time opportunities to your employees, there is one question you should be asking: Are your devices protected?

On-Premise Devices

Have your computers, printers, and other devices remained in the office since the beginning of the pandemic? If so, then it’s time to get your microfibre cloths and air dusters out, because we need to do some serious spring cleaning.

But the cleaning doesn’t stop there. With no one around to maintain your devices, many of them will have updates and patches that are severely overdue. 1.5 years is a long time in the digital world, and old versions of software, applications and operating systems can be easily exploited by cyber attackers. This includes PCs, printers, IP cameras, and Smart TVs! You should also ensure that any endpoint cyber security software (such as anti-virus solutions) are updated and run scans to ensure nothing has wormed its way into your systems or devices while your workers have been absent.

Another important step in the spring-cleaning process is to check the overall health of your devices. Do a complete inventory of the devices that were left in the office and check that each device is working as it should be. You wouldn’t want your employees to return to the office only to find the printer (or worse – the coffee machine) is out of action!

Re-Entry of Devices

It is very likely that some, if not all, of your employees chose to take their work devices home when lockdowns first began. If that’s the case, then I’m afraid you’ve got a big task ahead of you, especially if you do not currently have some form of mobile device/desktop management software installed.

Here are a few steps to make the process of re-introducing your devices as painless as possible:

1. Inventory

During the rush to move to remote work last year, you should have created an inventory list so you can track down every computer, laptop, phone, monitor, webcam, desk chair and pen (okay, maybe we can forgive the pens) that was taken from the office. Involve all employees in tracking down equipment and devices to ensure a seamless re-entry into the office.

2. Updates & Patching

Similar to on-premise devices, it’s vitally important that you ensure all devices re-entering the office are adequately patched and updated. Similarly, you should run endpoint detection scans for all personal and corporate devices that will be brought back on to the corporate network.

3. Mandate Password Changes

Having your employees return to the office provides the perfect opportunity to crack down on your cyber security policies. Before workers can access your network and systems, ensure they have updated their user and account passwords. You should also consider enforcing multi-factor authentication (particularly for those with admin privileges) to further protect against cyber attacks.

4. Scan installed apps

In their absence from the office, employees may have installed apps, programs or software that could be a potential vector for malware or other cyber attacks. To ensure network security, scan all computers, laptops, and mobile devices for unauthorised software and either validate or remove them before providing access to your networks.

5. Remind employees of safe cyber security practices and hygiene

There’s a good chance that some employees may have become lax when it comes to appropriate cyber security practices in the workplace. Send out a reminder that includes information about phishing, appropriate website behaviour, unauthorised downloads, and password protection/hygiene.

Alternatively, you can use a service such as Webroot, who offer Security Awareness Training that can be completed online in your employees’ own time.

TIP: PHASE-IN YOUR DEVICES

Imagine this: it’s the first day back in the office and it is complete chaos. Some people are searching for HDMI cords to plug in their monitors, others are connecting to the corporate network before they’ve changed their user passwords, and half of them have probably forgotten to update their operating systems. It’s a recipe for a cyber security disaster!

Instead of overwhelming your IT team and missing important steps in the re-entry process, use a phased approach. Host rolling ‘re-entry days’ where a handful of employees can bring in their devices, setup their workstations, and update their account passwords.

These ‘re-entry days’ will allow your IT team to efficiently check off items in the inventory list, run endpoint scans, and check for patches and unauthorised apps. Plus, you can take the opportunity to explain new policies/procedures and prepare employees for their return into the office.

Need help re-introducing your devices back into the office? eStorm can help! Contact us at [email protected] or 07 3120 0640

In Apple’s September 2021 Keynote ‘California streaming’, the tech giant’s CEO Tim Cook unveiled Apple’s latest product range. The announcement was headlined by the new iteration of the iPhone, and was followed by an introduction of the latest iPads and Apple watches.

Read on for a quick recap of Apple’s biggest announcements.

iPhone 13

 The beloved iPhone doesn’t get a complete makeover this year, but it has plenty of new features to boast about, including an advanced dual-camera system with a new Wide camera with bigger pixels, and sensor-shift optical image stabilisation (OIS) that offers better low-light image quality. Perhaps the coolest the new feature is ‘Cinematic Mode’, which allows you to ‘effortlessly create cinema-grade videos’ even without filmmaking experience!

The iPhone 13 is powered by an A15 Bionic processor, which has four high performance and two high efficiency cores. You can expect 5G support, a super retina XDR display that is 28% brighter in sunlight, and extended battery life in a day (+2.5 hours, and +1.5 hours for the mini compared to its predecessors).

Similar to the iPhone 12, there are two versions of the iPhone 13 – a 6.1 inch model, along with a mini 5.4 inch model. It will come in the following colours; pink, blue, midnight, starlight and red.

With entry-level storage starting at 128GB, you can expect to pay around $1,349 or $1,199 for the mini version.

The iPhone 13 Pro and Pro Max features three new rear cameras, with improved telephoto lenses, MotionPro displays, and a new macro mode that allows you to capture subjects as close as 2cm. The Pro & Pro Max will come in gold, graphite, silver and sierra blue, with prices starting at $1,699 for the Pro (6.1 inch display) and $1,849 for the Max (6.7 inch display).

Apple Watch Series 7

A tad bit larger than its predecessor, the Series 7 Apple Watch will come in 45mm and 31mm sizes, with a slimmer 1.7mm bezel around the display. Apple claims that the increased size of the screen will fit 50% more text and a full keyboard.

The Series 7 focuses highly on durability, with a redesigned crack-resistant front crystal that is 50% thicker than the Series 6.  The Series 7 can still be worn underwater, and the certified IP6X rating means it can withstand dust, beaches, and the desert.

On a single charge with the Magnetic Fast Charger USB-C Cable, the Series 7 can last 18-hours and boasts 33% faster charging compared to Series 6 .

The Series 7 comes in black, blue, red, gold and green, and it is rumoured that prices will start at about $550.

iPad mini 

The new iPad mini gets a performance boost with the A15 bionic chip, with a 5-core GPU that is 80% faster and a 6-core CPU that is 40% faster than the previous generation, allowing users to play graphically rich games or use demanding professional apps.

The larger 8.3 inch Liquid Retina display has advanced technologies like a P3 wide colour gamut, anti-reflecting screen coating, and True Tone, which come together to bring images and videos to life. Plus, the new screen combined with the landscape stereo speakers makes watching movies on the mini a great experience.

Previously only available on iPad Pro, Centre Stage is now also available on iPad mini, so users can enjoy more engaging video calls with the updated Ultra Wide front camera and new 12MP sensor for a larger field of view.

The iPad mini now features a USB-C port for up the 5Gbps data transfer (10x faster than the previous generation) and connects to a vast number of USB-C accessories such as cameras, external storage, and displays up to 4K.

5G is now available on the cellular version of the mini, and the iPad supports Apple Pencil (2^nd gen), which attaches magnetically for wireless charging and pairing.

The cheapest model starts at $749 (or $979 for the cellular model), and comes in the following colours: black, white, dark cherry, English lavender, and electric orange.

iPad 9

The iPad 9 comes equipped with an A13 Bionic processor that delivers a 20% performance boost over its predecessor. Apple claims that the iPad 9 is 3x faster than the best-selling Chromebook and 6x faster than the best-selling Android tablet, making it a solid device for students and professionals alike.

Like the iPad mini, Centre Stage is now available on iPad, and is enabled by the new 12MP Ultra Wide front camera and Neural Engine. True Tone has also been introduced to the iPad’s 10.2-inch Retina display, which adjusts screen content to the colour temperature of a room for a more comfortable viewing experience.

The new iPad starts with 64GB (double the storage of the previous gen) and goes up to 256GB for users who require more storage. Entry-level models will start at $499 for the wi-fi only version or $699 for cellular.

And that’s all Apple has announced for now! If you’re missing an upgrade of your favourite Apple product (such as AirPods or new MacBooks) don’t fret – it’s safe to assume that Apple will release another Keynote by the end of this year that introduces more awesome new products.

eStorm Australia is a certified Apple Reseller. Contact us to purchase your new Apple devices today! 07 3120 0640 or [email protected]

Should you backup Microsoft 365?

With benefits like easy access to files, emails, and documents, plus improved collaboration across teams, it’s no surprise that Microsoft 365 is an essential tool for most businesses across the globe.

But what happens when your Microsoft 365 data is lost? Downtime as a result of lost or corrupt data can cost your business thousands of dollars, and the unfortunate reality is that data loss is a lot more common than you’d think. While Microsoft’s native retention and basic recovery capabilities do provide some form of protection against data loss, is it enough?

The short answer is no.

Don’t believe us? Keep on reading! In this blog post we’ve outlined 3 major reasons why we believe you should be backing up your Microsoft 365 data.

1. Microsoft outages and disruptions

It is not out of the realm of possibility for Microsoft to experience outages and service disruptions. In fact, in September 2020 Microsoft users suffered a massive outage that impacted Teams, Office 365 and Outlook. Users that didn’t have their files backup in Office 365 were left stranded, and Microsoft has made it very clear in their service agreement that they are not liable for the costs associated with downtime experienced during their outages or service disruptions.

In short, if Microsoft is experiencing issues on their side, you won’t be able to continue working or reach your data unless you have a backup. Below is a screenshot of their services agreement which includes a statement in which Microsoft recommends businesses regularly backup data using third-party apps and services.

2. Deleting an Office 365 account

It is standard practice to delete an Office 365 account when an employee leaves so you can save money on unnecessary licenses. However, the deletion of an account in Office 365 results in a complete wipe of that user’s data and content across your network.

Account deletion can also occur as a result from:

• An accidental deletion
• A license agreement ending
• An intentional malicious deletion

No matter the cause, the data associated with the deleted account will be erased forever, unless you have a third-party backup of the data. Microsoft also addresses this in their services agreement:

3. External security threats

Data backup best practices suggest you employ the 3-2-1 rule. According to this rule, you should keep 3 copies of your data, with two backups on different media (such as your computer and an external device) and one offsite – such as in the cloud.

However, if your business is the victim of a malware/ransomware attack, the copy of your data in the Microsoft cloud is vulnerable to the same threats as the data on your corrupted network. Microsoft does not offer point-in-time recovery, meaning if you are the victim of malware you may not be able to go back to a point in time where your data, mailbox, or files were uncorrupted.   

This is why you should use an additional Office 365 backup solution to ensure the safety of your data in the event of a cyber attack. A third-party cloud provider offers a broader scope of retention, making it possible to retrieve files from a point in time where they were not corrupted.

Should you backup your Microsoft 365 data with a third-party cloud provider?

Microsoft themselves suggest users backup their data with a third-party provider, which makes the answer to this question a resounding YES.

Benefits of third-party cloud software:

• You can backup all your data from Teams, Outlook, OneDrive, SharePoint, Exchange and more
• Enhanced retention options allow you to recover data from any point in time
• Automated and continuous backups allow for peace of mind

Planning for data loss isn’t paranoia, it’s good business practice!

Are you thinking about backing up your Microsoft 365 data? eStorm can help! Contact us at 3120 0640 or [email protected].

As the demand for technology increases in classrooms, the Chromebook vs iPad debate has been an ongoing discussion for schools and parents seeking to make the best technological choices for the development of their students and children.

Chromebooks and iPads are currently the forerunners when it comes to portable devices in the classrooms, and each have their advantages and disadvantages. It can be a difficult choice to decide which device is right for your students, so we’ve put together a short comparison to help you with your decision.

Usage: 

iPads:

The technology used in iPads is unparalleled by any other tablets. The touch screen creates an immersive environment that encourages writing, drawing, and playing educational games. The iPad’s built-in applications such as Pages, Numbers, Swift Playgrounds, and Keynote support learning and creativity, and the device can be easily customised to help students overcome challenges with motor skills, eyesight or speech. You can also access traditional applications that have been modified for use on the iPad, such as Microsoft Office and Adobe Creative Cloud.

Chromebooks:

Chromebooks closely resemble traditional laptops, and inbuilt keyboards/touchpads encourage computer literacy, an important skill in today’s marketplace. Furthermore, Chromebooks in the classroom provide an opportunity for low-income students to have access to a computer for assignments and exams if they do not have one at home. Similar to the iPad, Google has it’s own set of applications (Google Sheets, Docs, and Slides), and Microsoft Office apps can be downloaded from the App Store.

Durability:

 iPads:

The glass touchscreen on iPads can be a recipe for disaster in the classroom, and a shattered screen could render the device useless until it’s replaced. Screen protectors and protective cases are a must to ensure they survive the trials and tribulations of daily classroom usage.

Chromebooks:

Many suppliers have designed Chromebooks specifically for durability in the classroom. As such, many of them can survive drops from up to 1.2m, have rubber edges for shock absorbency, and are spill-and-tamper-resistant. However, if students are able to take their devices home, it is recommended that you purchase inserts or sleeves to keep the device safe in backpacks.

Costs:

iPads:

Apple offers discounts for the education sector, making the latest iPad around $469 for 32GB of space. However, additional accessories such as a smart keyboard, Apple pencil, protective case, and screen protector can inflate these costs to $1000+ per iPad.

Chromebooks:

Costs for Chromebooks can start from $250 for very basic models. However, these budget models may not have the long-term usability that Apple products promise. A more durable and long-lasting Chromebook might cost between $400 – $800. The fortunate thing is that in most cases you do not need to worry about purchasing protective accessories as these features are already inbuilt.

Conclusion:

The bottom line is there is not necessarily a right or wrong choice when it comes to deciding between a Chromebook or an iPad for your students. Most of the time, it really depends on your school’s budget and preference, as both devices open the opportunity for creativity and learning, and have a wide range of apps that are vital for students in their journey through years K-12.

eStorm is a certified Apple Education Reseller, and has close partnerships with ASUS, Dell, and HP. Through these partnerships, we aim to provide competitive pricing fit for your school’s budget. Contact us today! [email protected]

Apple recently announced the latest version of operating systems for both iOS and iPadOS, so what new features can we expect?

The new features are set to help user productivity, improve FaceTime experiences, bring more intelligence to photos and searches, apply new privacy controls to protect user information, and much more!

Continue reading for a closer look into iPadOS 15.

iPadOS 15: Best New Features

Multitasking and Keyboard Shortcuts

Multitasking gets a whole lot easier with iPadOS 15. The latest update provides a new multitasking menu that appears at the top of apps, enabling users to easily switch to Split View or Slide Over. The Home Screen can quickly be accessed in Split View, and the new shelf lets users multitask with multiple-windowed apps like Safari and Pages, and quickly preview emails.

Widgets and App Library

With the update, users will be able to place widgets on Home Screen pages for a personalised experience that provides more information at a glance. iPadOS 15 also introduces new widgets for the App Store, Game Centre, Mail and Contacts. Additionally, the App Library will be coming to iPads. The App Library will automatically organise apps into accessible and helpful categories such as ‘Productivity’, ‘Games’ and ‘Recently Added’.

Quick Note and Tags

New features for note taking on the iPad make it easy to capture thoughts and organise notes. Quick Note provides a fast and simple way to jot down notes or add links anywhere within the iPad’s system, including when using Safari or other apps.

New features for collaboration and organisation have also been added to Notes. Using Tags, users can categorise notes and quickly locate them using Tag Browser and Smart Folders that are tag-based. For team collaboration, Mentions can notify other team members and link them back to the Note, and Activity view shows recent updates to notes.

Translate for iPad

The latest iPadOS update introduces Translate for iPad. Translate can now automatically detect when and what language someone is speaking for more natural conversations, thus eliminating the need to press the microphone button. The face-to-face view option allows users to sit across from each other (with the iPad between them) and view translations from the side they are seated on. Plus, with Live Text, you can now translate text found in photos.

App Building with Swift Playgrounds

With Swift Playgrounds 4, users can build apps on their iPad and submit them directly to the App Store. In Live Preview, code is reflected immediately while building apps, and users can run apps in full screen for testing. A new open project format allows for versatile and seamless app development across Xcode for Mac and Swift Playground for iPad.

Universal Control

Use a single mouse and keyboard to seamlessly move between iPad and Mac, and drag and drop content between devices with no setup. Perfect for sketching, drawing and note taking with the Apple Pencil on iPad and placing it into Keynote slides on Mac.

FaceTime and SharePlay

With the addition of SharePlay to FaceTime, users can now share experiences with friends and family, like listening to songs together with Apple Music, watching shows or movies from Apple TV+ or other streaming services, or sharing screens to view apps, browse the web, and play games together. The playback controls allow anyone in the FaceTime call to pause, play, or rewind.

iPadOS 15 also brings voice isolation and Spatial Audio to FaceTime calls, so voices will sound like they are coming from the location of the person on the screen. It will also support portrait mode and a new grid view to see more faces on the screen at once.

New Safari Experience

The redesigned Safari browsing experience will allow users to see more of the page as they browse websites. The tab bar will replicate the colour of the webpage and will combine tabs, the toolbar and the search field into one compact design. Also being introduced is Tab Groups, which offer a way to easily manage tabs when planning trips, researching for essays, or comparing new purchases. Your Tab Groups can sync across Mac and iPhone, so you can pick up from anywhere and share with friends. It will also now support web extensions that are available in the App Store.

Productivity with Focus

iPadOS 15 will deliver tools that help users focus and eliminate distractions. Focus filters notifications based on the task the user is undertaking, such as coding, studying, or winding down for bed. You can create a custom Focus or select one that best suits the task at hand. Users can also create Home Screen pages that only display necessary and relevant apps and widgets to reduce temptation in moments of focus.

A new notification summary can provide an organised collection of notifications delivered at a time the user chooses, such as first thing in the morning or after work in the evening, making it easy to catch up on notifications and activity at your convenience.

New Photo Features

Live Text can recognise text in photos and allow users to take actions such as; taking a photo of a storefront with a phone number and placing a call, or getting directions from a photo of a business card with an address.

Visual Look Up allows users to identify objects in a photo, such as a type of flower, animal breeds, or monuments.

Additional Features:

iPadOS 15 has a host of new features! Some additional features include:

Maps: Enhanced details for cities and neighbourhoods, new road colours and labels, and a nighttime mode with moonlit glow.

Privacy: New protections, app transparency features, and controls.

Accessibility: On-device intelligence enhances the customisation of iPads so devices can work the way users do.

To find out more about iPadOS 15, visit the Apple iPadOS 15 Preview page.

Ransomware attacks are on the rise, so how do organisations lessen the impact in the event of an attack? Wasabi cloud backups is one of the few cloud storage providers offering immutable storage – a way to protect your data against even the most determined cyber attackers. Learn more about ransomware attacks and the best ways to mitigate them in this blog post.

What are ransomware attacks?

Ransomware is a type of malicious malware that employs encryption to hold a victim’s information, data and systems ransom.  It is designed to spread quickly across databases, applications and servers to paralyze an entire organisation, leading to significant downtime, loss of trust and revenue, and sometimes even legal implications.

How is ransomware deployed?

Email Phishing 

The majority of ransomware attacks are deployed via phishing campaigns. Chances are you’ve probably received phishing emails before – these are seemingly legitimate emails that can claim to be your banking institution, subscription or streaming services, PayPal, or even local government. Often these phishing emails will contain seemingly legitimate URLs (including .gov.au or .com.au addresses) that actually direct the victim to a malicious site, triggering the download of ransomware and malware. Alternatively, adversaries may attach what look to be trustworthy files (such as Word, PDF, Excel or ZIP files) that, once opened, immediately deploy malware across the victims network and files. 

With phishing campaigns becoming more and more believable, the best way to combat them is through awareness. Users should know how to distinguish whether or not a URL is genuine – such as by hovering over the URL or expanding shortened URLs. When it comes to attachments, always ensure the sender’s email address is from a legitimate domain, and only open files sent by trusted sources. 

A great way to promote phishing awareness in organisations is through security awareness programs, which often include simulations for users to better distinguish between legitimate and illegitimate emails. eStorm is partnered with Webroot, who can provide comprehensive security awareness training starting from just $20 per user, per year. 

Remote Desktop Protocol (RDP) or other remote access

As more workers have been accessing organisation networks from home, we have seen a rise in RDP ransomware attacks. RDP is a popular protocol for access to Windows machines, with over 4.5 million RDP servers exposed to the internet alone, and many more accessible within internal networks. 

Ransomware can be deployed by an adversary who has logged onto a system via RDP. Adversaries can scan for vulnerable RDP ports, and will then use brute force attacks to crack login credentials in order to sign in as administrators. Alternatively, they may acquire valid credentials via other malicious activity, or purchase established credentials through another threat actor. 

Fortunately, there are ways organisations can secure RDP endpoints. These include changing default ports, enabling multi-factor authentication for remote access, and requiring network-level authentication for new users. 

Drive-by Downloads 

It is possible for adversaries to exploit backend vulnerabilities of legitimate websites, thus delivering malware to those who visit the compromised website. Vulnerabilities in websites allow adversaries to embed malicious code or redirect site visitors to a web page the adversary controls. 

You can prevent drive-by downloads by using ad blockers, keeping up with system and software patches, and deleting unnecessary browser plugins.

How to defend against ransomware

The biggest defense against ransomware is to backup your data. While backups are not completely immune to attacks, a diligent program in which you have multiple backup points (both in the cloud and on-premises), and different recovery points (yearly, monthly, weekly, or daily) can significantly reduce the impact of a ransomware attack. 

An important rule of thumb is the 3-2-1 rule. This means you should keep 3 copies of your data, with two backups on different media (such as your computer and an external device) and one off site – such as in the cloud. 

Fighting ransomware with cloud backups

Many organisations have started using cloud storage as part of their 3-2-1 backup strategy. Not only do cloud backups provide an additional level of protection, but it is also less expensive than on-premises backup solutions. 

Unfortunately, even cloud backups are not immune to ransomware attacks. Adversaries can gain access to cloud backup credentials via exposed remote desktop services, and can then delete previous backups held in the cloud.

Fighting ransomware with immutable buckets

Adversaries can still gain access to your cloud backups, so what can you do to stop them? The latest feature in cloud backups is immutable buckets (a bucket being the basic container that holds your data). Creating an immutable bucket means that any data written into your storage bucket cannot be deleted or altered in any way, by anyone, throughout its storage lifetime. 

Wasabi is one of the few cloud service providers that provide immutability features. When using Wasabi immutable buckets, your files will be 100% safe from deletion or alteration even by a systems administrator (or an adversary who has gained access to system administration privileges).

On top of their immutable storage features, they also provide high speed recovery, predictable pricing, and no charges for egress or API requests. 

To learn more about Wasabi’s cloud storage and backup solutions, visit their website.