The rule “If it ain’t broke, don’t fix it” is common for many business owners. It can serve to protect your business against unnecessary costs and unneeded downtime. While protecting your business against many types of danger, it poses a large threat when it comes to your IT security.
The start of a new year is a great time to evaluate your IT systems and here are five great resolutions for your business to make. Continue reading
We often tend to be creatures of habit, particularly when it comes to technology and passwords are a prime example. Many people use the same password for multiple websites and applications because we don’t have a photographic memory. Most users though aren’t aware that this is one of the most significant security dangers they can face online and one with an easy fix. Continue reading
In today’s world, companies seem to be having security issues most weeks. These issues relate to 5 main problems. Is your company guilty of any of them?
1. No Backups
A shocking number of businesses do not back up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.
Even with companies that think they are doing their backups correctly they never regularly test those backups. It is a step that businesses miss surprisingly often\ so don’t be that business that only finds out that their backup isn’t working when it is already too late.
2. Being Reactive and Not Proactive
Technology is changing on a daily basis. Attackers are always working on new ways to break into businesses, hardware is evolving faster than most of us can keep up and old systems fail due to wear and tear. A huge number of businesses wait until these issues impact them directly before they respond. This results in higher costs, longer downtime, and harder hitting impacts.
By responding to hardware warnings before it fails, fixing security holes before they’re exploited and upgrading systems before they are out of date: IT can be done right. Being proactive about your IT needs means systems do not have to break before they are fixed. This results in less downtime, fewer losses and lower IT costs for your business.
3. Poor Passwords
A surprising number of people will use weak passwords to secure their accounts. Even more will write down their passwords on a post-it note right next to the computer. In other cases many people have no passwords at all! Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too – when system changes are made it is essential to be able to trace back to the account that made that change.
With an weak or insecure password tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.
4. Little or No Staff Training
People are commonly the weakest link when it comes to IT security. Implementing IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate when staff aren’t trained to use that lock.
Often businesses can justify spending big on security hardware and software but spend zero dollars on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat, stop it at its entry point and avoid any issues that may have occurred if the staff member hadn’t had any training.
5. Weak Data Controls
Some companies take an ad-hoc, fast and loose approach to data storage. Often crucial data is spread across many devices, copied needlessly and even left unsecured. Client data can be found regularly on employee laptops, mobile phones and tablet devices. These devices are prone to being misplaced or stolen along with any data they contain.
Most companies focus on the costs of devices and hardware purchased for the business. The reality is that the data held on those devices is always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since when the firm was first founded. Critical data is often held on single machines that hasn’t been updated because they hold that critical data. Such machines are clearly vulnerable, outdated and of course prone to failure.
Common problems with simple solutions
Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.
If you are in South Australia and need help securing your IT system, give DP Computing a call on 08 8326 4364 or at firstname.lastname@example.org.
Being hacked is the single biggest fear for most computer users. Many people believe the first sign of strange behavior or errors on their PC is a sign of being hacked. But are hackers really inside your machine, roaming around madly and stealing your information? Or should we be on the lookout for other more subtle signs? What does being hacked really look like and what can I do to help prevent it happening?
There is an important distinction to make between being attacked by a hacker and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system and / or steal your data. There are of course ways that we can defeat these processes, but what if we are instead being hacked and what are some of the signs?
Passwords not working
One of the first steps a hacker might take is to change your computers login passwords. By doing so, not only do they ensure future access to the machine, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control. With this in mind, we always want to make sure to keep on top of our own login details and how often we change them.
Security notifications from online services
A lot of online services track which device and location you logged into your account from last. If your account is accessed from a new device or a different country it might trigger an automated email or SMS asking if this new login is from you.
If you have just logged into a service from a new computer, tablet, or phone; receiving an email that asks “hey, is this you?” need not be cause for alarm. If you haven’t, it may be time to investigate further. This feature is a very important part of information security and may be a key first step to identify someone else gaining access to your account.
Bank accounts missing money or strange transactions
The end goal for the majority of today’s hackers is typically to profit from their crimes by taking money from people online. As such, it pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account.
You may see a large sum missing where hackers have attempted to take as much as they can in a single transaction. On the other hand unknown or unusual small transactions may be attackers testing the login details they have, to confirm that they work.
Loss of mobile phone or land line connectivity
Phone interruption is a symptom that few people expect but can occur when hackers attack. Many banks and online services use a security feature known as two-factor or multi factor authentication (2FA or MFA). They do this by sending a code to your phone or app when you log in, you then have to enter this code to confirm who you are.
Hackers can try to work around this by calling your phone provider to report your phone as lost or stolen. During this call, they will request your phone number be transferred to a new sim card or redirected to another number that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who then can log in. From your perspective the phone service will simply stop working, so if this happens contact your provider ASAP.
Another technique that may not even include a technical method is called social engineering. Social engineering is when hackers try to obtain confidential information by manipulating people to freely give them this information. This can be done in many different ways. Some examples are:
- A strangers phones your office and may pretend to be a customer or supplier but asks for personal or confidential information.
- A person claiming to be a supplier contacts you and asks you to change the bank account you send payments to.
- Some one attends your premises for some reason but you have no prior knowledge of who they are or why they are they are requesting access.
- Some one phones and claims to be from the technical department of your ISP or maybe even Microsoft and requests remote access to your computer.
- You receive an email claiming to be from the boss or management asking you to do something which doesn’t seem right – like purchasing iTunes vouchers or asking to authorize payment to a new supplier.
Keeping vigilant and maintaining security
These are only some of the techniques that hackers can try to use to gain access to your systems and accounts. It pays to be extra vigilant and pay close attention to the signs and signals that indicate you may have been hacked. It may als
If you suspect that you might have been hacked, or would like help to prevent hackers in future and are located in South Australia, give us at 08 8326 4364 and we will improve your security.
Losing a mobile phone, tablet or laptop is something that everyone dreads. The expense and inconvenience of buying a new device is unpleasant, but the replacement costs only represents a fraction of the damage done when a device is misplaced. The cost of the data contained within every device can add up to many times more than the total value of the device itself.
Along with any data on the device you may use automatic login to your email and other online services. Each of these services is vulnerable to an attacker having possession of your device.
Saved Usernames and Passwords – Users often click on the link to save the passwords in their browser for sites they regularly visit. While this makes things simpler for the user it also makes it very easy for someone else with access to your device to login to your online accounts.
The problem can multiply where a single password or a combination of similar passwords have been used across several accounts. In these situations an attacker need only gain access to a single one and reuse the same credentials across many sites and services.
Email – Email accounts are a key target for attackers looking for access to your business and / or personal information. It is a service that we all take for granted, setting up the device and using automatic login every time afterwards.
It is a service that also unlocks a great deal more than just the email messages as with email access a malicious user can gain access to many of the most commonly used web services online. Using the “forgot my password” button on many websites triggers an email with a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords. Doing this both grants themselves access to your account and denies you access to it.
Contacts – One of the best features of SMS’s and instant messaging is that your contacts know the message is coming from you. When a message is sent from your device to someone you know it displays along with your name, details and maybe even a photograph. With contact information already programmed into a device an attacker has an opportunity to impersonate you. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.
Social Media – Your social media accounts can often be the face of your brand and are a primary way to reach out and contact customers. They are also extremely vulnerable to being hijacked from a stolen device. Fraudulent social media access allows attackers to harvest both client and business data. Even without profiting directly, posting information on a social media account can cause irreversible damage to a business.
Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer. Remember to always put passwords and security measures on all devices.
We can help you to stay secure and remain in control even when losing a device. Give us a call at 08 8326 4364 or email@example.com and let us help secure your business.
Technology is a wonderful thing, but what happens when the IT stops working? In today’s world IT is a necessity. Unfortunately, this means when downtime inevitably hits, you have a BIG problem.
Maybe it’s from a malware or virus attack, a bug in the system, hardware failure or something else… Whatever the cause, the impact is real and measurable and you need it fixed ASAP. Research firm Gartner, reports that 43% of small businesses close their doors right after a major data loss, and only a tiny 6% survive long term. The financial cost of each hour can be in the thousands, and the damage to your brand could be irreparable. While downtime will occasionally strike every business, there are things you can do to minimize the duration, frequency and interruption to your business.
Taking a few simple actions now may result in your business staying open while your competitor gives up.
1. Use monitored antivirus and firewalls
While most businesses have these protections, not all have embraced the idea of monitored antivirus and firewalls. Instead most small business setups have more in common with a home network than a robust professional system. Given that SMB are a primary target for malware and cyber-attack, you should seriously consider moving to the monitored versions. Our experts set up custom protection to block all attacks, both known and emerging. All updates are taken care of and company-wide protections applied.
2. Have backups you can count on
A backup can not only protect you from digital threats like viruses and ransomware, they also protect you against physical threats like robbery, fire or natural disasters. The last thing you want is for your business to be crippled by data loss. A robust backup system can be as simple as asking our team to take care of it, or if you have an on-site technician, using the rule of 3: one backup on the server, one unplugged from the server, and one off-site. If anything ever goes wrong, you’ll be able to pull up the most recent backup and continue as normal. Businesses without good backups tend to be down for days, if not weeks. You also need to regularly test your backups to confirm they are working and also backing up the correct data.
Nobody likes to think about their business flooding or being hit with ransomware, but do you and your employees know what to do if the worst happens? Having a comprehensive Disaster Recovery Plan helps you get up and running quicker and minimises downtime. Everyone knows what their role is, what steps they need to take, who to tell and which systems take priority.
4. Monitor hardware for early signs of problems
Computer hardware is like any piece of equipment – when it’s getting old it will let you know! This could be anything from making noises, being louder or slower than normal or even system crashes. Each symptom is your early warning sign that allows you to take action before a crash that sends everything into downtime. We can even implement hardware monitoring to look for signs of impending issues. If the signs point to imminent failure, we can let you know and often repair or replace the affected hardware with little or no downtime.
Downtime is an unavoidable part of all modern businesses but your preparation can dictate whether it goes for one minute or one week and how often it happens. According to one study, most firms experience 43 hours average downtime per year, a number much too high for most peoples comfort. While scheduled downtime can sometimes be unavoidable, your business will appreciate being able to skip the panic of surprise downtime events. Reducing your risk is the best action you can take, making downtime a truly rare occasion. Even better, our Proactive or Managed Services can take care of this for you, stopping many downtime events before they occur.
Talk to us about ways to reduce your downtime. Contact us today on 08 8326 4364 or at firstname.lastname@example.org.
Just one click can be the difference between maintaining computer security and suffering massive financial losses. All it takes is just one employee to click on a link in an email for your business to be vulnerable.
Here are a list of 5 red flags that point out a potential phishing email:
1. Poor spelling and grammar
The occasional typo happens to even the best of us, an email filled with errors (both in grammar and spelling) is a clear warning sign of a phishing attempt. Most companies push their email campaigns through multiple reviews where errors are fixed and the language is refined. Errors throughout the entire message indicate that the same level of care was not taken and therefore the message is more than likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sound great, but does the offer comes out of nowhere and with no catch? Then there is definitely cause for concern. Take care not to get carried away with the message and don’t click without investigating further.
3. Random sender who knows too much
Spear phishing is when an email or offer is designed and crafted especially for your business. Culprits take personal details from your public channels (Facebook, Twitter, Linkedin and even offline documents such as annual company reports etc) and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. Even check the email address of the sender to confirm that it is correct and not just a similar sounding or looking address (see #4 below).
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text then delete the email.
5. It asks for personal, financial or business details
Alarms should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels (ie phone the person on their known number not one contained within the email).
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
DP Computing can help secure your business and can even organise a fake phishing attack to see if further staff training is required. Give us a call to discuss how we can help you on 08 8326 4364 or email@example.com.
You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.
Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.
Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.
As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.
How to Create Easily Remembered Passwords
Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:
<character><word><something about the site><numbers><character>
At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.
What to Do If Your Password Has Been Hacked
You can check to see if any of your accounts have been compromised by entering your email into a site like:
If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)
If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.
By now you know that improving your cyber security is just as important as improving your cash flow – both are essential to your success. While most businesses keep an eye on the financials, they tend to think cyber security is something they can ignore or just set and forget. Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.
Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these issues, you can setup adequate protection before cybercriminals strike. It is best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that you would otherwise miss.
Regulations change – Are you affected?
Many businesses need to comply with strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you are safe.
Security patches and updates are vital
It’s so easy to fall behind on your security patches (both for software and hardware), after all, it seems like there’s a new update every week and each one takes precious time to apply. What we are seeing though, is that cybercriminals are targeting any business running up=patched hardware or software. If you are unpatched, you are an easy target and are inviting the bad guys in. When we conduct your security assessment, we take a look at your history and see if your business has a robust patch plan in place and make sure you are up to date. If there’s an issue that is placing you at risk we will find it.
Viruses are always evolving
Just like the human variety, computer viruses are constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.
Your business may have changed
As your business has grown over the years your entire setup has changed. More employees, expanded remote access, additional vendors, other locations etc. With each change has come a new risk, particularly if your security has been growing around you. It might be your password policies that haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.
What to do with your assessment results
While many experts might present you with a long list of problems and leave you feeling overwhelmed, our team ensures you have a benchmark for progress. You will know exactly what you need to do, what takes priority and how we can help. You will also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which in turn helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.
Book your security assessment today. Call us at 08 8326 4364 or firstname.lastname@example.org.