Cyber Security in 2019 and Why We Need to Shift Our Thinking

By

 

2019 is well under way with strategies and projects being approved and budgets being allocated. However, it’s important to take note of the current landscape, where we’re heading in 2019 and how we can improve.

Users & Risk

How people work has evolved over the years. Bring your own device (BYOD) initiatives are becoming more common in the workplace, as well as remote workers seeing a significant increase—one studying showing that 70 percent of professionals work remotely at least one day a week, while 53 percent work remotely for at least half of the week. This means sensitive company data is potentially being exposed to insecure networks and other potential threats.

As a result, we need to shift our thinking toward managing risk based on specific users, user behaviour and the devices being used. Take, for example, two employees attempting to connect to the organisation’s network. The first employee has a trusted work device and is connecting from within the company network. The second is an employee connecting via their home network using a personal mobile device.

In this particular case, the first employee presents far less of a risk and should be granted access easily. However the second user, connecting from their own mobile device from home, might have a multifactor authentication safeguard added to minimise potential risks.

Likewise, we might use this approach to help businesses identify specific users whose roles or activities pose more of a risk. The example Solarwind’s Cybersecurity Predictions uses is the head of human resources who has access to confidential employee data. Someone in this role would require more rigorous security coverage than a graphic designer who might only have access to design files.

You could then require the head of human resources always connect via a VPN in order to guarantee that their device is safe and clean.

Enterprise Approach

Forbes lists industries like healthcare, finance and law as being especially vulnerable to attack, due to their storage and management of large amounts of sensitive data.

While large corporate breaches tend to dominate the headlines, cybercriminals are equal opportunists, which means businesses of all sizes are potential targets. This means smaller organisations should begin to think like larger enterprises and enlist the cybersecurity approaches and strategies they use.

The small to medium sized organisations should be looking to enlist ways to detect and monitor threats in real time, as well as develop strategies to respond in an appropriate and timely manor. Forbes claims small to medium businesses and small enterprises should be considering the large enterprise level approach as larger organisations will begin to demand specific security standards of the businesses they work with.

The Rise of Data Leaks

Breaches caused by a hacker exploiting specific vulnerabilities are far less commonplace. However, people are more often their own worst enemy with a lack of security knowledge, human error or just sheer laziness leaving data exposed far more often than we think.

In 2018, spikes in the number of data leaks and exposures where data was not being protected…at all, not even by a password, saw a significant increase.

Many websites and services in 2018 were exposed for various reasons, many of which resulted from unsecured servers exposing customer records and information— FedEx, Amazon and MindBody.

With data exposures showing no clear sign of slowing down in 2019, it’s now more important than ever to review all aspects of your IT infrastructure to not only fill gaps, but to improve overall security and efficiency.

 

 

Sources:

Brown, T 2019, ‘4 Cybersecurity Predictions for 2019’, Solarwinds MSP Blog, https://www.solarwindsmsp.com/blog/4-cybersecurity-predictions-2019

Browne, R 2018, ‘70% of people globally work remotely at least once a week, study says’, CNBC, https://www.cnbc.com/2018/05/30/70-percent-of-people-globally-work-remotely-at-least-once-a-week-iwg-study.html

NeSmith, B 2018, ‘Cybersecurity Predicitions For 2019’, Forbes, https://www.forbes.com/sites/forbestechcouncil/2018/12/28/cybersecurity-predictions-for-2019/#6e9a2fc44a27

Whittaker, Z 2019, ‘Here’s what to expect in cybersecurity in 2019’, Tech Crunch, https://techcrunch.com/2018/12/31/cybersecurity-predictions-2019/

 

How IT Services Are Changing In 2019

By

 

Technology and how we use it to achieve business goals and objectives is constantly changing. However, the majority of IT service providers are still tracking key performance indicators (KPIs) that are outdated.

Measuring the success of IT on things like up time, meeting SLAs, targets of 99.99% availability and number of tickets resolved, while still important to track internally, aren’t necessarily relevant to C-suite goals.

99.99% uptime, often marketed as a unique selling point for most IT companies, isn’t a marker of success in this day and age, it’s just what’s expected. Adam Tallinger, vice president at healthcare IT consulting company Impact Advisors says, “You don’t necessarily cheer your plumber every time water comes out of the faucet. You for sure will call if you turn on the tap and it doesn’t come out.”

Uptime can be very useful, but only if tied to a result of the business. Availability is, of course, very important, but what people care about is how it impacts SLAs, or customer satisfaction when relating to website downtime for example.

Likewise, a lot of IT services companies take the perspective on a project’s budget and schedule adherence as the sole measure of it’s success. The issue here is that this view gives no insight into whether or not the completion of the project caused any business benefit.

Brent Rasmussen, CIO of Carrington Mortgage Holdings, says the business doesn’t fully benefit from an IT project until it has been fully adopted, business processes have changed, and it’s measurable and transparent.

He views staying within budget, like uptime, as “table stakes” for IT and says all your IT infrastructure layer needs to run all the time while being scalable and dependable so as not to impede the business.

So if these metrics and KPIs no longer prove the success of IT, what exactly should we be measuring as IT leaders? This will likely be different depending on what’s important to the specific business, which not only varies from company to company, but will also vary over time within the same organisation.

Organisational goals always change over time. One year the business’ primary goal is rapid expansion, the next year it could be profit maximisation followed by brand building. The only real way to decide on the relevant KPIs that IT should measure is to talk with business leaders and users about what matters to them.

 

How to discover what businesses really need

Consultation

User satisfaction is a metric that business leaders consider vitally important. Often times IT organisations will send out a mass survey with little preparation to users asking for support to gauge satisfaction.

Adam Tallinger, vice president at healthcare IT consulting company Impact Advisors says this is a mistake as it’s “too much data, too much variability among the people you’re contacting at a specific point in time.”

He suggests, instead of sending out a blanket survey, to build relationships with organisational and departmental leaders and discuss with them ahead of time how we’re going to measure ourselves in the future. This allows them to give direct feedback, as well as prepares them for your survey in the future after a relationship is formed.

 

“Why” your way to more insight

The biggest issues tend to arise when business leaders don’t openly communicate the organisation’s specific goals and objectives to the IT service provider.

For example, a business leader might only convey to IT that external customer user experience needs improvement. The reason behind the emphasis on customer experience might be that the business is attempting to increase its customer base, but frustrated customers tend to leave which causes churn—this isn’t always shared with IT.

The new approach requires digging deeper and asking why this matters, often multiple times to find the real business reason.

You care about availability—why?

Because users are happier

Why does that matter to the bussines?

When they’re happier they spend more time on site and make more purchases.

Having a deeper level of understanding of the goals and motivations behind business decisions can often lead to a better way to achieve specific business goals with IT.

 

Tying metrics to business results

Brent Rasmussen, CIO of Carrington Mortgage Holdings, spends time with clients and departments one on one to determine what projects IT will do for them, along with projected benefits to result from the projects.

This helps IT services to track the relevant time and resources spent on projects to maintain budgets. The new approach to IT partnership also determines whether the desired business results are achieved.

Through bench-marking previous projects we’re able to look at new solutions against baseline metrics to track effectiveness.

 

Choosing the right KPIs are important and IT leaders are ready to take their place as partners to business leaders to help guide their organisations into successful and secure digital futures.

If you’re serious about driving business growth and improving organisational productivity, talk with us today about how a partnership with eStorm can benefit your business.

Email: [email protected]

Phone: (07) 3120 0640

The Ultimate Guide to Office 365 Migration

By

Roughly 80% of Fortune 500 companies have moved their business data to Office 365. But it’s not just the big players who are taking advantage of Microsoft’s powerful suite.

A growing number of start-ups, small and medium sized businesses are following suit—and finding great benefit.

In all fields and industries, organisations of all sizes are moving the needle, driving growth and pushing their industry forward. Yet most businesses continue to use the same outdated technology, underpinning their entire work, even though new solutions have significantly advanced these legacy tools.

Why would businesses continue to limp forward, hamstrung by their own outdated tools? Many site reasons like staff being used to the way they work, or their current tools are good enough even though they’re rough around the edges and a little clunky.

But one of the biggest reasons for failure to upgrade is data migration. Most businesses believe they have too much data to migrate, or it’s too much of a hassle to migrate all their data to a new platform.

Nowadays, that just simply isn’t true. In reality, the risk of continuing to use legacy platforms means significantly reduced support over time. Eventually certain tools and platforms stop receiving vital updates and other related support, which leaves you vulnerable.

Not to mention that when tools are slow or fail to integrate with new or existing solutions, overall productivity takes a nosedive. This creates a serious potential risk for money to be left on the table in terms of failure to optimise staff time and collaborative power, as well as even costing the business money.

One study revealed that for every $13,291 worth of salary, disengaged employees account for a $4,520 cost to their employer.

Why migrate to Office 365

Productivity Gains

Microsoft’s Office 365 is the total package. A state of the art enterprise IT environment that is single handedly altering how organisations of all size do business.

One way Office 365 is improving workplace productivity is through cross-platform support. This allows employees and users to access their documents on all devices (PCs, Macs, iOS and Android). Likewise, users can access their work from anywhere at any time.

Another significant driver of productivity with Office 365 is the collaborative power. Users can share documents and collaborate in real time with the ability to track changes to specific users. This reduces the number of files being created and keeps everyone working on the same page—and not accidentally on old or outdated documents.

Flexibility

One particular benefit of Office 365 that entices people is the flexibility it offers users. Some organisations have driven costs down significantly by allowing bring-your-own-device initiatives as Office 365 lets users sign into accounts from multiple devices.

Business director and co-founder of Imagination Yoga, Jessica McClintic, was drawn to Office 365 for the suite’s flexible per-user pricing structure. After many years, with the addition of a number of franchisees and licensees, the business now uses Office 365 to share and distribute documents—even using the suite’s video conferencing tool to conduct yoga training.

“I have teams in Texas and Ohio and Pennsylvania, so if they have questions when I give them information about a new posture or pose, we can hold a video conference,” McClintic Says. “It’s nice to have everyone rolled into one tool.”

Likewise, Office 365 offers a number of flexible deployment options, depending on the organisation’s migration timeline and security needs. Office 365 can be deployed on-premise, via cloud or as a hybrid deployment.

Significant Cost Savings

While many businesses cite time savings, whether through improvements to productivity and collaboration, as an important element that drove them to migrating to the cloud—cost is still one of the most significant drivers.

The Girl Scouts of Colorado had recently merged all of their individual councils into one, with five offices. The new arrangement required cross-site collaboration, during which time they found themselves paying inflated bills for a 3rd party web conferencing solution and phone calls.

After migrating to the cloud with Office 365, the organisation was able to address several issues in one go:

  • The need for 3rd party solutions were eliminated, as employees were able to call and conference through Office 365
  • The number of servers the organisation required dropped from 10 to 5—two physical servers and 3 virtual servers
  • The Office 365 software suite came with collaborative tools that enabled employees to work together through instant messaging, remote desktop connections and file sharing—all without the need for a costly VPN

The migration came at a time when the organisation’s infrastructure costs were rapidly increasing, due to servers coming to the end of their lifetime.

The organisation explained that, had they not migrated, they were going to have to purchase, build and maintain several servers, which can be very costly.

Always Up-to-date

Regardless of deployment type, Office 365 subscribers enjoy automatic updates and the latest version of Office suite products.

Users gain access to all enhancements upon release as Microsoft handles all the updates in a way that doesn’t inhibit availability.

Predictable Costs

The Office 365 suite gives organisations the freedom and flexibility of scaling up or down as and when you need it.

Previously, organisations purchased Office products as they hired new employees. If that person left, or the business scaled down, Microsoft doesn’t let you return that software.

Office 365 scales with your business by allowing you to pay for what you need when you need it. When your organisation grows you can take on additional services and data storage, or reduce those services if needed.

A Simplified Experience

Office 365 allows you to pick the tools you need (Microsoft also has some great business apps—some of which are free!) and access them all in the one place.

Where technology and business are heading, Office 365 is the future of workplace productivity and collaboration. The question isn’t if an organisation should make the switch, but rather when. Increase productivity and manage costs by contacting us today.

You can learn more about how you can use Office 365 with eStorm.

If you’re interested in Office 365 and Office 365 migration services, eStorm is here to help. Contact us at any time to learn more, or to find out how we can help you. 07 3210 0640 – [email protected]

Why Organisations Need Two-factor Authentication

By

What is Two-factor / Multi-factor Authentication?

Put simply, two-factor authentication (2FA) or multi-factor authentication (MFA) is an additional layer of security that aims to address the vulnerabilities that a standard single password system can have.

With a standard username and password only system, it’s relatively easy to fall prey to cyber criminals and other nefarious parties. Think of the rudimentary username and password combination as having only a single line of defense.

Two-factor Authentication or Multi-factor Authentication adds a second line of defence by introducing an additional step to verify who you are. Instead of immediately gaining access to an account or information after entering a username and password, an MFA requires an additional piece of information.

This second layer of protection comes from one of the following categories:

  • Something you have: Most commonly a user would have something in their possession which can be used to verify their authenticity. This can come in the form of a smartphone, text message or a hardware token.
  • Something you know: This could be an answer to a secret question, a personal identification number (PIN) or even a specific keystroke pattern.
  • Something you are: This is the most advanced form of 2FA and can include voice prints, iris scans and most commonly a fingerprint.

This second layer makes gaining access to accounts and information incredibly difficult as a compromise of one of the factors won’t be enough to unlock an account.

Why use Two-factor Authentication / Multi-factor Authentication?

With more of our business happening online, through mobile devices and computers, it’s easy to see why our digital accounts and information have become a target for criminals and other parties.

Malicious attacks, data breaches, hacks and other cybercrimes are becoming more common with massive increases in the number of sites and organisations losing the personal data of their users.

As cybercriminals develop more sophisticated and advanced ways for gaining access to information and data, it’s clear to see that old security systems are simply no match.

These issues aren’t reserved for the Facebooks and Googles of the business landscape, but for global companies, start-ups, small businesses, nonprofits and organisations of all sizes. Data breaches, often times even caused by simple human error, result in severe reputational and financial losses.

A recent study revealed that in 2016 over $16 billion was taken from 15.4 million U.S. consumers as a result of data breaches and an additional $107 billion from identity theft.

Who uses Two-factor Authentication / Multi-factor Authentication?

One of the most common users of two-factor authentication are businesses of all sizes. Organisations are able to significantly reduce the likelihood of phishing scams, as criminals are unable to gain access to login information and other secure data with usernames and passwords alone.

Likewise, we see organisations who aim to keep their own data and information confidential and secure, as well as that of their customers and clients, use MFA to reduce their risk of data breaches and as a form of value add for their clients.

Why Multi-factor Authentication is important for your business

Attempts to steal legitimate user or administrative credentials happens frequently when a party is able to compromise a network. These credentials allow them to easily propagate on a network and conduct malicious activities without the need for additional exploits, which significantly reduces the likelihood of them being detected.

When two-factor or multi-factor authentication is properly implemented throughout an organisation, the ability to steal a complete set of credentials becomes much more difficult. The user has to prove they are allowed access using something they have (physical token), something they know (PIN) or something they are (fingerprint scan).

It is vitally important that multi-factor authentication be implemented correctly in order to actually reduce security vulnerabilities and not simply create a false sense of network security.

An example of this would be when MFA is used for remote access solutions within an organisation, but not for corporate workstations. An unknown party could compromise the username and password from a device used for remote access and then use it to authenticate locally to a workstation or to propagate within a network after compromising the initial workstation on the network. In this case, multi-factor authentication for remote access is better than just a username and password, but doesn’t negate the requirement for properly defended devices to be used as part of a comprehensive remote access solution.

If you’d like to learn more about how we can help you with two-factor authentication / multi-factor authentication, please call us at any time on 07 3120 0640 or email us at [email protected]

3 Quick Windows 10 Features You Might Not Know About

By

 

We’re showing Windows 10 users some love in our latest video on Windows 10 tips and tricks! We’ve put together a quick guide to turning any article into a PDF, how to use window snapping and how to automatically create step-by-step guides with a little-known Windows application that’s on your computer right now! Let us know what programs, applications or OS you’d like a deeper insight into for future videos.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider, IT Support and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

Organising and Automating Your Outlook Calendar

By

 

Research shows that we interpret colour far more quickly and effectively than rows and columns of data and information. In our new video we show you how to create colour coded categories in Microsoft Outlook for specific events, appointments and contacts. We then cover how to automate the entire calendar organisation process in Outlook so you can set it and forget it while continuing to keep your calendar organised. You can learn more about our Microsoft Office 365 support, migration and solutions.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

Get more out of Outlook with these simple tips

By

 

We all spend countless hours in Outlook every day writing (sometimes dodging) and replying to emails. And sure, we know how to send and reply to emails, attach documents and CC people into email threads — but there’s so much more we could be doing in Outlook to make our lives easier. So in this video we put together a few simple tips and tricks to improve your productivity with Outlook.

You can also learn more about our Office 365 support, migration and services for business and enterprise.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

Australian Government Security Audit Shows Why Your Business Needs A Password Manager

By

 

Released earlier this week by the state’s auditor general, a Western Australian government security audit revealed that 26% of its officials had incredibly weak and easily guessable passwords. More than 5,000  of the 234,000 passwords across 17 government agencies included the word “password”.

Western Australian Government Password Audit

This included 1,464 people using “Password123”, 812 using “password1” and 176 using “abcd1234”. Close to 13,000 people used different variations of the season and date, with a staggering 7,000 including “123”.

While this can seem ridiculous and in some cases even funny, there were very serious potential outcomes as a result of this. The report found that a significant amount of these accounts are used to access very important information, as well as vital government systems. One such case showed that auditors were able to gain access to a government agency’s network with full administrative privileges by guessing the password “Summer123.”

The report found that, in most agencies, no help or support was given to users to store their information securely. As a result, some employees were storing passwords in Word documents and spreadsheets.

It’s understandable why people attempt to simplify their workplace access by using a simple or singular password – the average enterprise uses 91 services (Skype, Slack, OneDrive, Social channels, CRM, Marketing software, Sales automation, Website etc.). However, a staggering 81% of breaches are caused by weak or reused passwords. With more accounts than you can possibly recall, how are you supposed to remember strong, unique passwords for all of them? The simple answer is you can’t – but a password manager can.

What is a Password Manager?

A password manager is an application that creates, remembers and automatically fills in your passwords for you. Log in to an account one time, or manually add log in information to your password manager, and it will automatically store your username and password. All your passwords are stored in an encrypted format, which means they’re safe and protected. A password manager provides fast, secure and easy access to all your stored passwords with the help of a single master password.

A password manager can be incredibly beneficial for any business that wants to boost security, simplify the onboarding and offboarding process, as well as help employees manager their passwords more effectively.

Why is this important?

Simple Onboarding and Offboarding

A simple onboarding and offboarding process helps your organisation save time and money. Likewise, when an employee leaves your company, it is important that your password manager has the ability to revoke their access to work related passwords and data. According to a SailPoint Market Report, more than 2 in 5 employees reported have access to a variety of corporate accounts after leaving their last job.

The report concluded that an efficient onboarding and offboarding process helps prevent some of the internal security risks with provisioning and application usage.

Passwords are essential

No one needs to be told that passwords are important – we all know this. But it’s important to remember that your password is your first line of defence. Put simply, no matter what service it is that you’re using, the security is often times only as good as the password that you’ve set.

Making a very strong password is often complicated. A password manager really takes a lot of the pain out of the process and makes an often complicated and time consuming process simple and easy. A password manager does this by creating and remembering a new, strong and complex password for you that is much stronger than anyone could come up with.

Unique

Creating a solid, complex and secure password is great – but if it’s not unique it’s pointless, which is so often overlooked.

A site or application’s security is only as good as the password you use, which means a site’s security could be worse than your password! If you’re using the same strong password across multiple sites, accounts and applications, then those sites and services with inadequate security could endanger your information in places that are serious about security.

Account volume

Lets face it – you have more accounts than your team can handle, we all do. The average organisation uses 91 services, which means that even if you created unique passwords for all of them, you’d never be able to remember them all.

One study found that people had an average of 37 password reset emails in their inboxes. 37 times someone forgot their password. 37 times someone had to undergo the tedious reset password process and create a brand new unique password.

With an enterprise level password manager, the need to reset passwords is completely removed. Likewise, when one person forgets the password, they aren’t resetting an account password that everyone else then needs to update.

Simplicity

Password managers significantly increase your security while also simplifying your life… how often does that happen!?

A password manager requires you to remember a single password – that’s it – then it does the rest. No more trying to remember if it was a capital letter in this password, or a 3 instead of a capital E – and best of all, no more password resets!

 

You can learn more about why your business needs a password managerhow to create a strong password or how to protect yourself against email threats.

 

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

 

News story source: The Washington Post

 

5 Mac Tricks You’ll Actually Use Everyday!

By

 

The Service Centre is a series that highlights the best Apple tips and tricks that you can start using right now! As a proud member of the Apple Consultant Network, as well as being one of the most accomplished Apple IT Services firms in Australia, a great deal of our time is spent helping organisations integrate Apple Services into their business IT solutions. This is why we want to help you get the most out of your Mac by showcasing some of the best features you might not know about. Learn more about how we introduce Apple into businesses in a strategic and cost-effective way.

In this episode of The Service Centre, we showcase 5 super simple and easy to use tricks that you can use every day that will boost productivity.

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].

The Best Features In macOS’ Preview App

By

 

In this series of Apple Tech Tip videos, we want to show you some of the best features you might be unaware of that Mac has to offer so you can get more out of your Mac. As a proud member of the Apple Consultant Network, as well as being one of the most accomplished Apple IT Services firms in Australia, a great deal of our time is spent helping organisations integrate Apple Services into their business IT solutions. Here you can learn more about how we introduce Apple into businesses in a strategic and cost-effective way.

In this episode we delve into the power of the macOS Preview App where you can edit photos, remove backgrounds, sign documents and so much more!

For over 15 years eStorm Australia has been partnering with business, education and government as their trusted Managed IT Services provider and single source supplier. Our team of specialists deliver superior on-site and remote services tailored to suit your specific requirements.

Call us today on (07) 3120 0640 or email us at [email protected].