Tag Archives: cyber security

4 Ways to Avoid IT Downtime

Posted on by
Reply

Avoid computer downtime

Technology is a wonderful thing, but what happens when the IT stops working? In today’s world IT is a necessity. Unfortunately, this means when downtime inevitably hits, you have a BIG problem.

Maybe it’s from a malware or virus attack, a bug in the system, hardware failure or something else… Whatever the cause, the impact is real and measurable and you need it fixed ASAP. Research firm Gartner, reports that 43% of small businesses close their doors right after a major data loss, and only a tiny 6% survive long term. The financial cost of each hour can be in the thousands, and the damage to your brand could be irreparable. While downtime will occasionally strike every business, there are things you can do to minimize the duration, frequency and interruption to your business.

Taking a few simple actions now may result in your business staying open while your competitor gives up.

1. Use monitored antivirus and firewalls

While most businesses have these protections, not all have embraced the idea of monitored antivirus and firewalls. Instead most small business setups have more in common with a home network than a robust professional system. Given that SMB are a primary target for malware and cyber-attack, you should seriously consider moving to the monitored versions. Our experts set up custom protection to block all attacks, both known and emerging. All updates are taken care of and company-wide protections applied.

2. Have backups you can count on

A backup can not only protect you from digital threats like viruses and ransomware, they also protect you against physical threats like robbery, fire or natural disasters. The last thing you want is for your business to be crippled by data loss. A robust backup system can be as simple as asking our team to take care of it, or if you have an on-site technician, using the rule of 3: one backup on the server, one unplugged from the server, and one off-site. If anything ever goes wrong, you’ll be able to pull up the most recent backup and continue as normal. Businesses without good backups tend to be down for days, if not weeks. You also need to regularly test your backups to confirm they are working and also backing up the correct data.

3. Planning

Nobody likes to think about their business flooding or being hit with ransomware, but do you and your employees know what to do if the worst happens? Having a comprehensive Disaster Recovery Plan helps you get up and running quicker and  minimises downtime. Everyone knows what their role is, what steps they need to take, who to tell and which systems take priority.

4. Monitor hardware for early signs of problems

Computer hardware is like any piece of equipment – when it’s getting old it will let you know! This could be anything from making noises, being louder or slower than normal or even system crashes. Each symptom is your early warning sign that allows you to take action before a crash that sends everything into downtime. We can even implement hardware monitoring to look for signs of impending issues. If the signs point to imminent failure, we can let you know and often repair or replace the affected hardware with little or no downtime.

Downtime is an unavoidable part of all modern businesses but your preparation can dictate whether it goes for one minute or one week and how often it happens. According to one study, most firms experience 43 hours average downtime per year, a number much too high for most peoples comfort. While scheduled downtime can sometimes be unavoidable, your business will appreciate being able to skip the panic of surprise downtime events. Reducing your risk is the best action you can take, making downtime a truly rare occasion. Even better, our Proactive or Managed Services can take care of this for you, stopping many downtime events before they occur.

Talk to us about ways to reduce your downtime. Contact us today on 08 8326 4364 or at support@dpcomputing.com.au.

Think Before Clicking – 5 Red Flags of Phishing Emails

Posted on by
Reply

Just one click can be the difference between maintaining computer security and suffering massive financial losses. All it takes is just one employee to click on a link in an email for your business to be vulnerable.

Here are a list of 5 red flags that point out a potential phishing email:

1. Poor spelling and grammar

The occasional typo happens to even the best of us, an email filled with errors (both in grammar and spelling) is a clear warning sign of a phishing attempt. Most companies push their email campaigns through multiple reviews where errors are fixed and the language is refined. Errors throughout the entire message indicate that the same level of care was not taken and therefore the message is more than likely fraudulent.

2. An offer too good to be true

Free items or a lottery win sound great, but does the offer comes out of nowhere and with no catch? Then there is definitely cause for concern. Take care not to get carried away with the message and don’t click without investigating further.

3. Random sender who knows too much

Spear phishing is when an email or offer is designed and crafted especially for your business. Culprits take personal details from your public channels (Facebook, Twitter, Linkedin and even offline documents such as annual company reports etc) and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. Even check the email address of the sender to confirm that it is correct and not just a similar sounding or looking address (see #4 below).

4. The URL or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text then delete the email.

5. It asks for personal, financial or business details

Alarms should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels (ie phone the person on their known number not one contained within the email).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.

DP Computing can help secure your business and can even organise a fake phishing attack to see if further staff training is required. Give us a call to discuss how we can help you on 08 8326 4364 or support@dpcomputing.com.au.

Do You Have a Bad Case of Password Exhaustion?

Posted on by
Reply

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

Why Regular Security Assessments Should Be Your New Normal

Posted on by
Reply

Security AssesmentsBy now you know that improving your cyber security is just as important as improving your cash flow – both are essential to your success. While most businesses keep an eye on the financials, they tend to think cyber security is something they can ignore or just set and forget. Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.

Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these issues, you can setup adequate protection before cybercriminals strike. It is best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that you would otherwise miss.

Regulations change – Are you affected?

Many businesses need to comply with strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you are safe.

Security patches and updates are vital

It’s so easy to fall behind on your security patches (both for software and hardware), after all, it seems like there’s a new update every week and each one takes precious time to apply. What we are seeing though, is that cybercriminals are targeting any business running up=patched hardware or software. If you are unpatched, you are an easy target and are inviting the bad guys in. When we conduct your security assessment, we take a look at your history and see if your business has a robust patch plan in place and make sure you are up to date. If there’s an issue that is placing you at risk we will find it.

Viruses are always evolving

Just like the human variety, computer viruses are constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed

As your business has grown over the years your entire setup has changed. More employees, expanded remote access, additional vendors, other locations etc. With each change has come a new risk, particularly if your security has been growing around you. It might be your password policies that haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.

What to do with your assessment results

While many experts might present you with a long list of problems and leave you feeling overwhelmed, our team ensures you have a benchmark for progress. You will know exactly what you need to do, what takes priority and how we can help. You will also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which in turn helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

Book your security assessment today. Call us at 08 8326 4364 or support@dpcomputing.com.au.

Should You Pay for a Ransomware Attack?

Posted on by
Reply

RansomwareGetting hit with a ransomware attack is not fun, cybercriminals encrypt your data and you are left having to decide: should we pay to get them back? It is a scene that’s played out across the world with 70% of businesses saying “yes” in 2016 alone. Here are six factors to consider if you are ever in this situation.

1) Do you trust them?

Remember that they are criminals holding your data hostage, how confident are you that they will send you the decryption key and that the key will decrypt all your data? The attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if you never hear from them again. You are also equally trapped if they decide to come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is fixed by experts. Businesses don’t exactly want their breach publicised, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

2) Can you manage the impact?

The best case scenario is that you can wipe the affected drives and restore from a clean backup without paying the ransom. You may even decide that the encrypted files aren’t that important and simply let them go and just wipe the infected machine. On the other hand, if your data management comes under any special regulations, like health or legal, you may find that the attack has a much wider impact. The attacker will also motivate you to pay the ransom quickly with a countdown and a threat of total deletion when it hits zero. Remember that if the data isn’t that valuable, or you have confirmed backups, this urgency should have no effect on your plans. T

3) How much do they want?

Cybercriminals rarely send out attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. Different countries or regions are also charged differing amounts. They may be “bad guys”, but they are smart people who know your financial limits. They also consider how much similar businesses have paid previously and expect you to follow suit.

4) Are your backups any good?

Always check your backup to confirm that they are working, that the correct data is being backed up and that you can recover the data from them. Many businesses are discovering too late that their backup systems are not robust enough. Either the backup has become infected too, they weren’t up-to-date or they backed up the wrong data. It is imperative that you at least do some quick backup checks to ensure you can recover all your data in case the unfortunate happens.

5) What are you policies?

Businesses are now adding ransomware to their disaster recovery plans and have predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly and make the best decisions for the business.

6) Stay safe in the first place

Ransomware is not slowing down and all factors say it will increase. As more businesses pay the ransom the cybercriminals are steadily launching new attacks and making it their full-time job. Most of the attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training staff helps, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your inboxes so that triggering a ransomware attack becomes something that happens to other businesses and not yours.

Secure your data systems and check your backups now. If you need help, contact us on 08 8326 4364 or support@dpcomputing.com.au.

The True and Unexpected Costs of Being Hacked

Posted on by
Reply

Security BreechThere are the normal costs everyone associates with a computer breach, like employee downtime and the costs associated with getting your network and computers fixed. But really, most businesses that haven’t been hit with a security incident view it as more of an inconvenience than a bottom-line cost. For those businesses who have come out the other side though, it’s a very different story. They know from firsthand experience that the hidden and ongoing costs of a data breach can be crippling and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close down after a cyber-attack. Here are a few of the hard, but common cold hard realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack compromises your system, things can get expensive, and the longer the attack goes, the more it costs. Latest statistics reveal most breaches aren’t identified for around 191 days and then it can take on average another 66 days to fix and contain the damage – during this time you are cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fees for IT professionals to fix everything up, the costs for new hardware and software to help prevent future incidents  and all the hours/days/weeks when your business is struggling with downtime, businesses will quickly exhaust any emergency funds they have.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. If medical data or legal files are leaked a particularly messy scenario may occur with fines coming from multiple sources.

New privacy laws also mean businesses are liable for large fines if they don’t disclose a data breach. Where this gets trickier is that the burden is on your business to know exactly what data has been stolen or illegally accessed, so that you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you will still need to hire an expert who can identify exactly data what the hackers took or accessed.

Customer retention measures

In a double crush to your bottom line, not only does your business bear the cost of fixing the hack and your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to spend more on advertising and public relations just to ensure they survive to fight another day.

The data breach disclosure may still come up in search results for many years to come. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have high level secrets to protect, your business does have data that you would like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. While large corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret (databases, client info, financial records etc).

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines and make embarrassing public announcements.

DP Computing can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians implemented a firewall or UTM device to build a virtual fortress around your business that keeps the bad guys out while letting you thrive. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe.

Ready to secure your business against breaches? Give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

3 Internet Habits To Keep Kids Smart and Safe

Posted on by
Reply

How can you make the internet a safer place for your children? It is a common concern for all parents as they want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones but the risks increase greatly as the kids get older and more independent.

You have probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding children to not to talk to strangers. With the evolution of the internet and the way it is now woven seamlessly into all aspects of our lives, the focus needs to be on ingrained habits. This means ensuring that your children have the tools and predefined responses to online events so that no matter what happens, they are not placing themselves (or your family) at risk. Setting up these habits is straight forward and begins with three basic understandings:

Downloads are a no-go

Most kids can not tell the difference between a legitimate download and a scam or malicious link. It is not their fault, the online world is full of things that even trick the most savvy adult. The difference is that children tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They just want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – so it goes away. Unfortunately, that single click may have just opened the doors to malware and viruses that will ruin their computer and your network. Start a family rule that everyone needs to ask permission for all downloads (and an adult will check it first), and to never ever click on a popup. When you are called over to give download permission or check a popup, talk through with them exactly what and why you are checking. As your child matures, get them involved in this process so their safe habits can extend outside the home.

Critical thinking is a must

Most youngsters think the internet is a must have and can not imagine life without it. With that thinking, comes unwavering trust that the internet would never lie, trick or hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and immediately come and see you.

The internet is forever

Kids don’t think twice about recording a video, jumping into a chat room or onto social media. The internet really is their playground! But what they don’t understand is that anything they upload, write or say, stays on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot, send it right back out or save it for some future occasion. Many cyber-bullying cases are based around this exact type of event. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.

If you need further help – give us a call at 08 8326 4634.

Office 365 & Email Security

Posted on by
Reply

Spam email

As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.

To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:

  • First alerts of being attacked.
  • How scammers and hackers try to fool you.
  • How to tell if an email is fake or not.
  • The Do’s and Don’ts.
  • How to tell if you’ve been hacked.
  • What to look for after you have been hacked.
  • How to prevent and protect from hackers.
  • What is 2-step and MFA?
  • What to do after you’ve been hacked.
  • Screenshot examples of phishing emails.

Check out the video below and leave any comments in the fields below.

Protecting Your Ecommerce Platform from Hackers in 2018

Posted on by
Reply

Security

 

2017 saw an increase in cybercrimes in Australia. Back in May, News.com.au reported on the massive ransomware attack across the world, mentioning that at least three private businesses in Australia were hit. While Australia didn’t experience any major attacks, other countries suffered losses. In total, the incident affected around 200,000 people in 150 countries. Countless computer systems were examined in relation to the extortion plot where users would get kicked out unless they sent payment.

2018 brings a clean slate of opportunities for online businesses to strengthen their security systems. Ecommerce platforms are the most at risk, since they involve payments and valuable information. In determining how strong your website’s defense is against hacker threats, consider some of these factors:

Customer data

Identity thefts will not occur if there is nothing to steal. Therefore, you should refrain from saving any customer data that isn’t important to your business. Storing payment card details is against PCI (Payment Card Industry) standards anyway. These details are usually handled by the payment provider. What you can do is use an encrypted checkout tunnel so that your servers won’t save any payment data.

Firewall

For your ecommerce business to have decent security, it should at least be able to withstand common attacks. Business2Community suggests to begin with a firewall, because it weeds out the untrusted networks and controls the website traffic. Firewalls serve as a great first line of defence against the usual hacking threats.

DoS and DDoS Protection

Once in a while, your server may be attacked by malicious queries that intend to keep your website from functioning properly. These Denial of Service or Distributed Denial of Service attacks can keep you out of business for a long time, which is why security measures should be taken to prevent them. DoS and DDoS raids can come from different sources, like applications and traffic flooding.

The best defence is to invest in more bandwidth, since a large amount of space will render it difficult for attackers to flood your site. The downside is that this is also the most expensive solution. However, it’s in your best interests to spend on security. DP Computing previously explained the importance of not being cheap when it comes to security technology, as it serves your business in the long run.

HTTPS

Another DP Computing article advised to pay close attention to the URLs on Google, because hackers would sometimes use phishing scams to acquire sensitive information from customers. These involve links that if accessed, will install malware on your PC that can steal information.

When checking URLs, be wary if the website uses only HTTP. It is more appropriate for ecommerce platforms to use HTTPS, especially on pages where data is created. Unlike in HTTPS, information entered on HTTP is not encrypted. The data is only sent as plain text, making it an easy target for hackers to intercept. Although, remember that not all website pages need to be in HTTPS, or else your website speed will suffer.

Pay attention as well to how your website appears on Google search results, especially if your business is using paid search ads. Ayima noted that Google has improved its algorithm on paid search ads, stating that emphasis is placed on close variants. This means that advertisers will have an easier time of building lists to match user queries. Since paid ads are becoming more rampant now, hackers have taken the opportunity to promote their malicious sites in order to fool thousands of victims. If by any chance, your website’s ad appears shady or seems similar to a malicious ad, take it as a sign to rethink your campaign.

In today’s digital landscape where hackers are getting more creative with their attacks, the importance of cyber security cannot be stressed further. For ecommerce businesses, security investment should be one of the top priorities. Left unchecked, your website could close down at any time, resulting in huge losses in revenue.

 

Keep Your Systems Up to Date

Posted on by
Reply

Computer Updates

Updating your computer systems and associated business software is one of your best protections against cyber-attack, but actually running the updates is a task that businesses often overlook. Either they take too long, they pop up at inconvenient times, don’t know when an update is available or simply don’t know what to do. Do you have a plan in place to ensure all your tech is up-to-date or are you flying by the seat of your pants?

Emergency updates are a killer

Most businesses update their software only when the computer technician comes to fix a different problem. The tech runs the update before they leave but as time goes on the systems sit there with ever-widening security gaps… until another breach happens and the techs are called back for another band-aid solution. Emergency only updates in a break/fix model are a great little earner for those techs but not so good for your uptime and system security.

Finding time for maintenance

To keep your business up and running securely, you need someone who lives and breathes IT. They need to know when and how to apply all the patches and how to make sure all your other tech is playing nice (and may be even do it all after-hours to save you downtime). Businesses that have an in-house IT specialist should be set – and they should already have an update plan. But if you don’t have a qualified IT team, outsourcing to an IT specialist is the perfect solution. You get highly skilled technicians remotely applying your network updates at a time that suits you.

What else needs to be checked?

Beyond running security patches, it’s important to keep your business moving forward. Here are a few areas our techs look at as part of our regular service plans:

Hardware health: The last thing you want is days of downtime after a piece of hardware dies. By not staying on top of your hardware health, you are opening yourself up to lost productivity, lost income and unknown delays. Our services can assess and replace components before they break.

Operating system expiry: Keeping an operating system after the manufacturer ceases support can leave your business wide open for attack. It is simply not a good combination and can cause compliance issues in certain industries. Our managed service technicians will advise you of any changes coming up for your OS and suggest the best upgrade for your needs.

Legacy programs: Updates to your software have the potential to disrupt older program that can result n errors, slow performance or even downtime. With technology advancing so fast, we often find additional requirements are required before updates can be installed. Our technicians always make sure to check for compatibility as a whole before running an update.

Staying on top of your maintenance and upgrades can be a huge challenge for small business. Outsourcing to our regular service plans can help more than your budget – call us today at 08 8326 4364 .